diff --git a/bin/bookkeeper b/bin/bookkeeper
index ddaae2286e8..78f77147e4c 100755
--- a/bin/bookkeeper
+++ b/bin/bookkeeper
@@ -146,6 +146,7 @@ GC_OPTS=$(build_bookie_jvm_opts ${BOOKIE_LOG_DIR} "gc_%p.log")
NETTY_OPTS=$(build_netty_opts)
LOGGING_OPTS=$(build_logging_opts ${BOOKIE_LOG_CONF} ${BOOKIE_LOG_DIR} ${BOOKIE_LOG_FILE} ${BOOKIE_ROOT_LOGGER})
+BOOKIE_EXTRA_OPTS=$(BOOKIE_EXTRA_OPTS) "-Dorg.bouncycastle.fips.approved_only=true"
OPTS="${OPTS} -cp ${BOOKIE_CLASSPATH} ${BOOKIE_OPTS} ${GC_OPTS} ${NETTY_OPTS} ${LOGGING_OPTS} ${BOOKIE_EXTRA_OPTS}"
# Create log dir if it doesn't exist
diff --git a/bookkeeper-dist/src/assemble/bin-all.xml b/bookkeeper-dist/src/assemble/bin-all.xml
index 495702f449b..aa4d58bf9d5 100644
--- a/bookkeeper-dist/src/assemble/bin-all.xml
+++ b/bookkeeper-dist/src/assemble/bin-all.xml
@@ -57,7 +57,7 @@
checker-qual-3.5.0/LICENSE
google-auth-library-credentials-0.20.0/LICENSE
javax.servlet-api-4.0.0/CDDL+GPL-1.1
- bouncycastle-1.60/LICENSE.html
+ bouncycastle-1.0.2/LICENSE.html
jsr-305/LICENSE
netty-4.1.50.Final/*
paranamer-2.8/LICENSE.txt
diff --git a/bookkeeper-dist/src/assemble/bin-server.xml b/bookkeeper-dist/src/assemble/bin-server.xml
index c381b70ef13..f54f1e59ce9 100644
--- a/bookkeeper-dist/src/assemble/bin-server.xml
+++ b/bookkeeper-dist/src/assemble/bin-server.xml
@@ -53,7 +53,7 @@
google-auth-library-credentials-0.20.0/LICENSE
javax.servlet-api-4.0.0/CDDL+GPL-1.1
netty-4.1.50.Final/*
- bouncycastle-1.60/LICENSE.html
+ bouncycastle-1.0.2/LICENSE.html
protobuf-3.14.0/LICENSE
protobuf-3.12.0/LICENSE
slf4j-1.7.25/LICENSE.txt
diff --git a/bookkeeper-dist/src/assemble/bkctl.xml b/bookkeeper-dist/src/assemble/bkctl.xml
index 8cdd408536a..84022e771d9 100644
--- a/bookkeeper-dist/src/assemble/bkctl.xml
+++ b/bookkeeper-dist/src/assemble/bkctl.xml
@@ -67,7 +67,7 @@
checker-qual-3.5.0/LICENSE
google-auth-library-credentials-0.20.0/LICENSE
netty-4.1.50.Final/*
- bouncycastle-1.60/LICENSE.html
+ bouncycastle-1.0.2/LICENSE.html
protobuf-3.14.0/LICENSE
protobuf-3.12.0/LICENSE
slf4j-1.7.25/LICENSE.txt
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
index 44741b2b992..7273c245177 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-all.bin.txt
@@ -657,12 +657,10 @@ Bundled as
Source available at https://github.com/googleapis/google-auth-library-java/releases/tag/v0.20.0
------------------------------------------------------------------------------------
This product bundles the bouncycastle Library.
-For license details, see deps/bouncycastle-1.60/LICENSE.html
+For license details, see deps/bouncycastle-1.0.2/LICENSE.html
Bundled as
- - lib/org.bouncycastle-bcpkix-jdk15on-1.60.jar
- - lib/org.bouncycastle-bcprov-ext-jdk15on-1.60.jar
- - lib/org.bouncycastle-bcprov-jdk15on-1.60.jar
+ - lib/org.bouncycastle-bc-fips-1.0.2.jar
------------------------------------------------------------------------------------
This product uses the annotations from The Checker Framework, which are licensed under
MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
index 73cdc6ff443..9768deb5719 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-bkctl.bin.txt
@@ -585,12 +585,10 @@ Bundled as
Source available at https://github.com/google/google-auth-library-java/tree/0.20.0
------------------------------------------------------------------------------------
This product bundles the bouncycastle Library.
-For license details, see deps/bouncycastle-1.60/LICENSE.html
+For license details, see deps/bouncycastle-1.0.2/LICENSE.html
Bundled as
- - lib/org.bouncycastle-bcpkix-jdk15on-1.60.jar
- - lib/org.bouncycastle-bcprov-ext-jdk15on-1.60.jar
- - lib/org.bouncycastle-bcprov-jdk15on-1.60.jar
+ - lib/org.bouncycastle-bc-fips-1.0.2.jar
------------------------------------------------------------------------------------
This product uses the annotations from The Checker Framework, which are licensed under
diff --git a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
index 199db5c93a7..4311a9498db 100644
--- a/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
+++ b/bookkeeper-dist/src/main/resources/LICENSE-server.bin.txt
@@ -649,12 +649,10 @@ Bundled as
Source available at https://github.com/googleapis/google-auth-library-java/releases/tag/v0.20.0
------------------------------------------------------------------------------------
This product bundles the bouncycastle Library.
-For license details, see deps/bouncycastle-1.60/LICENSE.html
+For license details, see deps/bouncycastle-1.0.2/LICENSE.html
Bundled as
- - lib/org.bouncycastle-bcpkix-jdk15on-1.60.jar
- - lib/org.bouncycastle-bcprov-ext-jdk15on-1.60.jar
- - lib/org.bouncycastle-bcprov-jdk15on-1.60.jar
+ - lib/org.bouncycastle-bc-fips-1.0.2.jar
------------------------------------------------------------------------------------
This product uses the annotations from The Checker Framework, which are licensed under
MIT License. For details, see deps/checker-qual-3.5.0/LICENSE
diff --git a/bookkeeper-dist/src/main/resources/deps/bouncycastle-1.60/LICENSE.html b/bookkeeper-dist/src/main/resources/deps/bouncycastle-1.0.2/LICENSE.html
similarity index 100%
rename from bookkeeper-dist/src/main/resources/deps/bouncycastle-1.60/LICENSE.html
rename to bookkeeper-dist/src/main/resources/deps/bouncycastle-1.0.2/LICENSE.html
diff --git a/bookkeeper-server/pom.xml b/bookkeeper-server/pom.xml
index 5792ff76b62..e618feae2cf 100644
--- a/bookkeeper-server/pom.xml
+++ b/bookkeeper-server/pom.xml
@@ -102,11 +102,7 @@
org.bouncycastle
- bcpkix-jdk15on
-
-
- org.bouncycastle
- bcprov-ext-jdk15on
+ bc-fips
com.beust
diff --git a/bookkeeper-server/src/main/java/org/apache/bookkeeper/tls/TLSContextFactory.java b/bookkeeper-server/src/main/java/org/apache/bookkeeper/tls/TLSContextFactory.java
index a9734862429..29dbd143a53 100644
--- a/bookkeeper-server/src/main/java/org/apache/bookkeeper/tls/TLSContextFactory.java
+++ b/bookkeeper-server/src/main/java/org/apache/bookkeeper/tls/TLSContextFactory.java
@@ -60,7 +60,7 @@ public class TLSContextFactory implements SecurityHandlerFactory {
static {
// Fixes loading PKCS8Key file: https://stackoverflow.com/a/18912362
- java.security.Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
+ java.security.Security.addProvider(new org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider());
}
/**
diff --git a/metadata-drivers/etcd/pom.xml b/metadata-drivers/etcd/pom.xml
index 27430ef5b07..ad6daa51985 100644
--- a/metadata-drivers/etcd/pom.xml
+++ b/metadata-drivers/etcd/pom.xml
@@ -49,6 +49,12 @@
io.grpc
grpc-all
${grpc.version}
+
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
+
diff --git a/pom.xml b/pom.xml
index 389f1715926..33a3d02de35 100644
--- a/pom.xml
+++ b/pom.xml
@@ -123,7 +123,7 @@
2.6
3.6
2.4
- 1.60
+ 1.0.2
5.1.0
3.2.5
0.5.4
@@ -302,12 +302,7 @@
org.bouncycastle
- bcpkix-jdk15on
- ${bouncycastle.version}
-
-
- org.bouncycastle
- bcprov-ext-jdk15on
+ bc-fips
${bouncycastle.version}
diff --git a/stream/common/pom.xml b/stream/common/pom.xml
index 03622200323..2fe3a91c9a8 100644
--- a/stream/common/pom.xml
+++ b/stream/common/pom.xml
@@ -44,6 +44,10 @@
io.grpc
grpc-netty-shaded
+
+ org.bouncycastle
+ bcpkix-jdk15on
+
diff --git a/stream/tests-common/pom.xml b/stream/tests-common/pom.xml
index a0eff7f637a..3abf63dd087 100644
--- a/stream/tests-common/pom.xml
+++ b/stream/tests-common/pom.xml
@@ -36,6 +36,10 @@
io.grpc
grpc-netty-shaded
+
+ org.bouncycastle
+ bcpkix-jdk15on
+