commit | d03b046c2526a3b89305da6460b601656ecd0700 | [log] [tgz] |
---|---|---|
author | Jia Zhai <zhaijia@apache.org> | Mon Jul 05 15:22:23 2021 +0800 |
committer | GitHub <noreply@github.com> | Mon Jul 05 15:22:23 2021 +0800 |
tree | 47268a9a7e5ec989cd2c3934146f6b3f50246ef9 | |
parent | a445728a2ab1f6b6805c6904126fb039d71d8faf [diff] |
Fix Bouncy Castle fips incompatible issue (#2740) ### Motivation More details are provided in [Pulsar # 10937](https://github.com/apache/pulsar/issues/10937). In #2631, the default BouncyCastle was changed from non-fips into fips version. But the default version of BouncyCastle in Pulsar is the [non-fips](https://github.com/apache/pulsar/blob/v2.8.0/pulsar-client/pom.xml#L56) one(aimed to make it compatible with the old version of Pulsar). Bouncy Castle provides both FIPS and non-FIPS versions, but in a JVM, it can not include both of the 2 versions(non-Fips and Fips), and we have to exclude the current version before including the other. This makes the backward compatible a little hard, and that's why Pulsar has to involve an individual module for [Bouncy Castle](https://pulsar.apache.org/docs/en/security-bouncy-castle). And if we want to start BookKeeper with TLS enabled through Pulsar's binary, it will meet the following error: ``` Exception in thread "main" java.lang.NoClassDefFoundError: org/bouncycastle/jcajce/provider/BouncyCastleFipsProvider at java.base/java.lang.Class.forName0(Native Method) at java.base/java.lang.Class.forName(Class.java:315) at org.apache.bookkeeper.common.util.ReflectionUtils.forName(ReflectionUtils.java:49) at org.apache.bookkeeper.tls.SecurityProviderFactoryFactory.getSecurityProviderFactory(SecurityProviderFactoryFactory.java:39) at org.apache.bookkeeper.proto.BookieServer.<init>(BookieServer.java:129) at org.apache.bookkeeper.server.service.BookieService.<init>(BookieService.java:52) at org.apache.bookkeeper.server.Main.buildBookieServer(Main.java:304) at org.apache.bookkeeper.server.Main.doMain(Main.java:226) at org.apache.bookkeeper.server.Main.main(Main.java:208) Caused by: java.lang.ClassNotFoundException: org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:581) at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178) at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522) ... 9 more ``` This fix is to use the reflection to get the loaded bc version to avoid the hard-coded bc version. ### Changes Use the reflection to get the loaded bc version to avoid the hard-coded bc version Add backward compatible test for bc-non-fips version
Apache BookKeeper is a scalable, fault tolerant and low latency storage service optimized for append-only workloads.
It is suitable for being used in following scenarios:
Please visit the Documentation from the project website for more information.
For filing bugs, suggesting improvements, or requesting new features, help us out by opening a Github issue or opening an Apache jira.
Subscribe or mail the user@bookkeeper.apache.org list - Ask questions, find answers, and also help other users.
Subscribe or mail the dev@bookkeeper.apache.org list - Join development discussions, propose new ideas and connect with contributors.
Join us on Slack - This is the most immediate way to connect with Apache BookKeeper committers and contributors.
We feel that a welcoming open community is important and welcome contributions.
See Developer Setup to get your local environment setup.
Take a look at our open issues: JIRA Issues Github Issues.
Review our coding style and follow our pull requests to learn about our conventions.
Make your changes according to our contribution guide.