[releng] OSGi: Ensure the BC security provider can be found

BouncyCastleSecurityProviderRegistrar references the BC security provider only reflectively. It lives in a package that is not referenced explicitly anywhere. To be able to find org.bouncycastle.jce.provider.BouncyCastleProvider, the package must be on the bundle classpath in OSGi. It wasn't, since there was no "normal" reference to it. Add an optional dependency explicitly in the generated MANIFEST.MF of sshd-osgi.
apache · Apr 15, 2023 · f06217f · f06217f
1 parent 5c80258
commit f06217f
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 0 deletions.
diff --git a/pom.xml b/pom.xml
@@ -134,6 +134,7 @@
         <sshd.tests.rerun.count>2</sshd.tests.rerun.count>
 
         <dependency.download.silent>true</dependency.download.silent>
+        <bnd.extraImports># A comment indicates 'none'</bnd.extraImports>
     </properties>
 
     <profiles>
@@ -1476,6 +1477,7 @@
                                 <Import-Package><![CDATA[
                                   org.apache.sshd*;version="$<range;[===,=+);$<maven_version;${project.version}>>",
                                   org.slf4j*;version="$<range;[==,${slf4j.upper.bound})>",
+                                  ${bnd.extraImports}
                                   *
                                 ]]></Import-Package>
                                 <Export-Package>*;-noimport:=true</Export-Package>

diff --git a/sshd-osgi/pom.xml b/sshd-osgi/pom.xml
@@ -34,6 +34,19 @@
 
     <properties>
         <projectRoot>${project.basedir}/..</projectRoot>
+        <!--
+          The BC security provider class resides in a package that is referenced nowhere, except reflectively in the BouncyCastleSecurityRegistrar.
+          The (optional) package import will thus be missing in the generated MANIFEST.MF. However, the BouncyCastleSecurityRegistrar expects to find
+          class org.bouncycastle.jce.provider.BouncyCastleProvider on the classpath; otherwise its isSupported() returns false and Bouncycastle is
+          considered not available.
+          
+          However, in OSGi the package will not be on the bundle classpath if there is no Import-Package for it. (And using a Require-Bundle would restrict
+          bundle wiring too much.)
+          
+          Arguably this is a shortcoming of the BouncyCastleSecurityRegistrar. For the EdDSASecurityProviderRegistrar, this problem does not exist
+          since the security provider is in a package that is also referenced elsewhere.
+        -->
+        <bnd.extraImports>org.bouncycastle.jce.provider;version="$$&lt;range;[==,+);${bouncycastle.version}>";resolution:=optional,</bnd.extraImports>
     </properties>
 
     <dependencies>