From 228ebded05957955070bee5bc7269d778a7d4746 Mon Sep 17 00:00:00 2001
From: Stephen Crawford <steecraw@amazon.com>
Date: Wed, 14 Feb 2024 15:57:34 -0500
Subject: [PATCH] Backport Bouncy Castle Upgrade

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
---
 CHANGELOG.md                                       | 14 ++++++++++++++
 buildSrc/version.properties                        |  2 +-
 plugins/identity-shiro/build.gradle                |  2 +-
 .../licenses/bcprov-jdk15to18-1.76.jar.sha1        |  1 -
 .../licenses/bcprov-jdk18on-1.77.jar.sha1          |  1 +
 ...to18-LICENSE.txt => bcprov-jdk18on-LICENSE.txt} |  0
 ...15to18-NOTICE.txt => bcprov-jdk18on-NOTICE.txt} |  0
 plugins/ingest-attachment/build.gradle             |  6 +++---
 .../licenses/bcmail-jdk15to18-1.76.jar.sha1        |  1 -
 .../licenses/bcmail-jdk18on-1.77.jar.sha1          |  1 +
 ...to18-LICENSE.txt => bcmail-jdk18on-LICENSE.txt} |  0
 ...15to18-NOTICE.txt => bcmail-jdk18on-NOTICE.txt} |  0
 .../licenses/bcpkix-jdk15to18-1.76.jar.sha1        |  1 -
 .../licenses/bcpkix-jdk18on-1.77.jar.sha1          |  1 +
 ...to18-LICENSE.txt => bcpkix-jdk18on-LICENSE.txt} |  0
 ...15to18-NOTICE.txt => bcpkix-jdk18on-NOTICE.txt} |  0
 .../licenses/bcprov-jdk15to18-1.76.jar.sha1        |  1 -
 .../licenses/bcprov-jdk18on-1.77.jar.sha1          |  1 +
 ...to18-LICENSE.txt => bcprov-jdk18on-LICENSE.txt} |  0
 ...15to18-NOTICE.txt => bcprov-jdk18on-NOTICE.txt} |  0
 20 files changed, 23 insertions(+), 9 deletions(-)
 delete mode 100644 plugins/identity-shiro/licenses/bcprov-jdk15to18-1.76.jar.sha1
 create mode 100644 plugins/identity-shiro/licenses/bcprov-jdk18on-1.77.jar.sha1
 rename plugins/identity-shiro/licenses/{bcprov-jdk15to18-LICENSE.txt => bcprov-jdk18on-LICENSE.txt} (100%)
 rename plugins/identity-shiro/licenses/{bcprov-jdk15to18-NOTICE.txt => bcprov-jdk18on-NOTICE.txt} (100%)
 delete mode 100644 plugins/ingest-attachment/licenses/bcmail-jdk15to18-1.76.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/bcmail-jdk18on-1.77.jar.sha1
 rename plugins/ingest-attachment/licenses/{bcmail-jdk15to18-LICENSE.txt => bcmail-jdk18on-LICENSE.txt} (100%)
 rename plugins/ingest-attachment/licenses/{bcmail-jdk15to18-NOTICE.txt => bcmail-jdk18on-NOTICE.txt} (100%)
 delete mode 100644 plugins/ingest-attachment/licenses/bcpkix-jdk15to18-1.76.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/bcpkix-jdk18on-1.77.jar.sha1
 rename plugins/ingest-attachment/licenses/{bcpkix-jdk15to18-LICENSE.txt => bcpkix-jdk18on-LICENSE.txt} (100%)
 rename plugins/ingest-attachment/licenses/{bcpkix-jdk15to18-NOTICE.txt => bcpkix-jdk18on-NOTICE.txt} (100%)
 delete mode 100644 plugins/ingest-attachment/licenses/bcprov-jdk15to18-1.76.jar.sha1
 create mode 100644 plugins/ingest-attachment/licenses/bcprov-jdk18on-1.77.jar.sha1
 rename plugins/ingest-attachment/licenses/{bcprov-jdk15to18-LICENSE.txt => bcprov-jdk18on-LICENSE.txt} (100%)
 rename plugins/ingest-attachment/licenses/{bcprov-jdk15to18-NOTICE.txt => bcprov-jdk18on-NOTICE.txt} (100%)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 271995a314cb3..0ad2f0f185360 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,21 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Introduce query level setting `index.query.max_nested_depth` limiting nested queries ([#3268](https://github.com/opensearch-project/OpenSearch/issues/3268)
 
 ### Dependencies
+- Bumps jetty version to 9.4.52.v20230823 to fix GMS-2023-1857 ([#9822](https://github.com/opensearch-project/OpenSearch/pull/9822))
+- Bump `netty` from 4.1.99.Final to 4.1.100.Final ([#10564](https://github.com/opensearch-project/OpenSearch/pull/10564))
+- Bump Lucene from 9.7.0 to 9.8.0 ([10276](https://github.com/opensearch-project/OpenSearch/pull/10276))
+- Bump `commons-io:commons-io` from 2.13.0 to 2.14.0 ([#10294](https://github.com/opensearch-project/OpenSearch/pull/10294))
+- Bump `com.google.api.grpc:proto-google-common-protos` from 2.25.0 to 2.25.1 ([#10298](https://github.com/opensearch-project/OpenSearch/pull/10298))
+- Bump `de.thetaphi:forbiddenapis` from 3.5.1 to 3.6 ([#10508](https://github.com/opensearch-project/OpenSearch/pull/10508))
+- Bump OpenTelemetry from 1.30.1 to 1.31.0 ([#10617](https://github.com/opensearch-project/OpenSearch/pull/10617))
+- Bump `org.codehaus.woodstox:stax2-api` from 4.2.1 to 4.2.2 ([#10639](https://github.com/opensearch-project/OpenSearch/pull/10639))
+- Bump `org.bouncycastle:bc-fips` from 1.0.2.3 to 1.0.2.4 ([#10297](https://github.com/opensearch-project/OpenSearch/pull/10297))
+- Bump `org.apache.logging.log4j:log4j-core` from 2.20.0 to 2.21.1 ([#10858](https://github.com/opensearch-project/OpenSearch/pull/10858), [#11000](https://github.com/opensearch-project/OpenSearch/pull/11000))
+- Bump `aws-actions/configure-aws-credentials` from 2 to 4 ([#10504](https://github.com/opensearch-project/OpenSearch/pull/10504))
 - Bump `com.squareup.okio:okio` from 3.7.0 to 3.8.0 ([#12290](https://github.com/opensearch-project/OpenSearch/pull/12290))
+- Bump `org.bouncycastle:bcprov-jdk15to18` to `org.bouncycastle:bcprov-jdk18on` version 1.77 ([#12317](https://github.com/opensearch-project/OpenSearch/pull/12317))
+- Bump `org.bouncycastle:bcmail-jdk15to18` to `org.bouncycastle:bcmail-jdk18on` version 1.77 ([#12317](https://github.com/opensearch-project/OpenSearch/pull/12317))
+- Bump `org.bouncycastle:bcpkix-jdk15to18` to `org.bouncycastle:bcpkix-jdk18on` version 1.77 ([#12317](https://github.com/opensearch-project/OpenSearch/pull/12317))
 
 ### Changed
 
diff --git a/buildSrc/version.properties b/buildSrc/version.properties
index d7da6b2648896..c469565a1e28f 100644
--- a/buildSrc/version.properties
+++ b/buildSrc/version.properties
@@ -48,7 +48,7 @@ reactivestreams   = 1.0.4
 # when updating this version, you need to ensure compatibility with:
 #  - plugins/ingest-attachment (transitive dependency, check the upstream POM)
 #  - distribution/tools/plugin-cli
-bouncycastle=1.76
+bouncycastle=1.77
 # test dependencies
 randomizedrunner  = 2.7.1
 junit             = 4.13.2
diff --git a/plugins/identity-shiro/build.gradle b/plugins/identity-shiro/build.gradle
index 1548780aaa566..222443efcb214 100644
--- a/plugins/identity-shiro/build.gradle
+++ b/plugins/identity-shiro/build.gradle
@@ -28,7 +28,7 @@ dependencies {
 
   implementation 'org.passay:passay:1.6.3'
 
-  implementation "org.bouncycastle:bcprov-jdk15to18:${versions.bouncycastle}"
+  implementation "org.bouncycastle:bcprov-jdk18on:${versions.bouncycastle}"
 
   testImplementation project(path: ':modules:transport-netty4') // for http
   testImplementation project(path: ':plugins:transport-nio') // for http
diff --git a/plugins/identity-shiro/licenses/bcprov-jdk15to18-1.76.jar.sha1 b/plugins/identity-shiro/licenses/bcprov-jdk15to18-1.76.jar.sha1
deleted file mode 100644
index 2e96c404bef98..0000000000000
--- a/plugins/identity-shiro/licenses/bcprov-jdk15to18-1.76.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-0cb53f10290a634808555bc4b34328fdab1001f2
\ No newline at end of file
diff --git a/plugins/identity-shiro/licenses/bcprov-jdk18on-1.77.jar.sha1 b/plugins/identity-shiro/licenses/bcprov-jdk18on-1.77.jar.sha1
new file mode 100644
index 0000000000000..3e780df9559a9
--- /dev/null
+++ b/plugins/identity-shiro/licenses/bcprov-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+2cc971b6c20949c1ff98d1a4bc741ee848a09523
\ No newline at end of file
diff --git a/plugins/identity-shiro/licenses/bcprov-jdk15to18-LICENSE.txt b/plugins/identity-shiro/licenses/bcprov-jdk18on-LICENSE.txt
similarity index 100%
rename from plugins/identity-shiro/licenses/bcprov-jdk15to18-LICENSE.txt
rename to plugins/identity-shiro/licenses/bcprov-jdk18on-LICENSE.txt
diff --git a/plugins/identity-shiro/licenses/bcprov-jdk15to18-NOTICE.txt b/plugins/identity-shiro/licenses/bcprov-jdk18on-NOTICE.txt
similarity index 100%
rename from plugins/identity-shiro/licenses/bcprov-jdk15to18-NOTICE.txt
rename to plugins/identity-shiro/licenses/bcprov-jdk18on-NOTICE.txt
diff --git a/plugins/ingest-attachment/build.gradle b/plugins/ingest-attachment/build.gradle
index 22db73ad86796..6da34c4c9caf2 100644
--- a/plugins/ingest-attachment/build.gradle
+++ b/plugins/ingest-attachment/build.gradle
@@ -71,9 +71,9 @@ dependencies {
   api "org.apache.pdfbox:fontbox:${versions.pdfbox}"
   api "org.apache.pdfbox:jempbox:1.8.17"
   api "commons-logging:commons-logging:${versions.commonslogging}"
-  api "org.bouncycastle:bcmail-jdk15to18:${versions.bouncycastle}"
-  api "org.bouncycastle:bcprov-jdk15to18:${versions.bouncycastle}"
-  api "org.bouncycastle:bcpkix-jdk15to18:${versions.bouncycastle}"
+  api "org.bouncycastle:bcmail-jdk18on:${versions.bouncycastle}"
+  api "org.bouncycastle:bcprov-jdk18on:${versions.bouncycastle}"
+  api "org.bouncycastle:bcpkix-jdk18on:${versions.bouncycastle}"
   // OpenOffice
   api "org.apache.poi:poi-ooxml:${versions.poi}"
   api "org.apache.poi:poi:${versions.poi}"
diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk15to18-1.76.jar.sha1 b/plugins/ingest-attachment/licenses/bcmail-jdk15to18-1.76.jar.sha1
deleted file mode 100644
index 46010d64015ad..0000000000000
--- a/plugins/ingest-attachment/licenses/bcmail-jdk15to18-1.76.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-23d8bcad6b57912e4633ca9955926ffcdf3c5c71
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk18on-1.77.jar.sha1 b/plugins/ingest-attachment/licenses/bcmail-jdk18on-1.77.jar.sha1
new file mode 100644
index 0000000000000..f71659316b8cd
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/bcmail-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+f2bb8aa55dc901ee8b8aae7d1007c03592d65e03
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk15to18-LICENSE.txt b/plugins/ingest-attachment/licenses/bcmail-jdk18on-LICENSE.txt
similarity index 100%
rename from plugins/ingest-attachment/licenses/bcmail-jdk15to18-LICENSE.txt
rename to plugins/ingest-attachment/licenses/bcmail-jdk18on-LICENSE.txt
diff --git a/plugins/ingest-attachment/licenses/bcmail-jdk15to18-NOTICE.txt b/plugins/ingest-attachment/licenses/bcmail-jdk18on-NOTICE.txt
similarity index 100%
rename from plugins/ingest-attachment/licenses/bcmail-jdk15to18-NOTICE.txt
rename to plugins/ingest-attachment/licenses/bcmail-jdk18on-NOTICE.txt
diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk15to18-1.76.jar.sha1 b/plugins/ingest-attachment/licenses/bcpkix-jdk15to18-1.76.jar.sha1
deleted file mode 100644
index a843d972ac681..0000000000000
--- a/plugins/ingest-attachment/licenses/bcpkix-jdk15to18-1.76.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-3ee440dfa1c557c1cc0c46b5dadf5ef3896ccebb
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk18on-1.77.jar.sha1 b/plugins/ingest-attachment/licenses/bcpkix-jdk18on-1.77.jar.sha1
new file mode 100644
index 0000000000000..05a8b2d5729bd
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/bcpkix-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+ed953791ba0229747dd0fd9911e3d76a462acfd3
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk15to18-LICENSE.txt b/plugins/ingest-attachment/licenses/bcpkix-jdk18on-LICENSE.txt
similarity index 100%
rename from plugins/ingest-attachment/licenses/bcpkix-jdk15to18-LICENSE.txt
rename to plugins/ingest-attachment/licenses/bcpkix-jdk18on-LICENSE.txt
diff --git a/plugins/ingest-attachment/licenses/bcpkix-jdk15to18-NOTICE.txt b/plugins/ingest-attachment/licenses/bcpkix-jdk18on-NOTICE.txt
similarity index 100%
rename from plugins/ingest-attachment/licenses/bcpkix-jdk15to18-NOTICE.txt
rename to plugins/ingest-attachment/licenses/bcpkix-jdk18on-NOTICE.txt
diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk15to18-1.76.jar.sha1 b/plugins/ingest-attachment/licenses/bcprov-jdk15to18-1.76.jar.sha1
deleted file mode 100644
index 2e96c404bef98..0000000000000
--- a/plugins/ingest-attachment/licenses/bcprov-jdk15to18-1.76.jar.sha1
+++ /dev/null
@@ -1 +0,0 @@
-0cb53f10290a634808555bc4b34328fdab1001f2
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk18on-1.77.jar.sha1 b/plugins/ingest-attachment/licenses/bcprov-jdk18on-1.77.jar.sha1
new file mode 100644
index 0000000000000..3e780df9559a9
--- /dev/null
+++ b/plugins/ingest-attachment/licenses/bcprov-jdk18on-1.77.jar.sha1
@@ -0,0 +1 @@
+2cc971b6c20949c1ff98d1a4bc741ee848a09523
\ No newline at end of file
diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk15to18-LICENSE.txt b/plugins/ingest-attachment/licenses/bcprov-jdk18on-LICENSE.txt
similarity index 100%
rename from plugins/ingest-attachment/licenses/bcprov-jdk15to18-LICENSE.txt
rename to plugins/ingest-attachment/licenses/bcprov-jdk18on-LICENSE.txt
diff --git a/plugins/ingest-attachment/licenses/bcprov-jdk15to18-NOTICE.txt b/plugins/ingest-attachment/licenses/bcprov-jdk18on-NOTICE.txt
similarity index 100%
rename from plugins/ingest-attachment/licenses/bcprov-jdk15to18-NOTICE.txt
rename to plugins/ingest-attachment/licenses/bcprov-jdk18on-NOTICE.txt