feat: Bumped org.bouncycastle:bcprov-jdk18on:1.77 and `org.bouncyca…

…stle:bcpkix-jdk18on:1.77` Fixes: #1235
box · Feb 23, 2024 · 34a4445 · 34a4445
1 parent eaea019
commit 34a4445
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -57,10 +57,10 @@ If you are developing application for Android visit our [Android guide](doc/andr
    Maven: `com.eclipsesource.minimal-json:minimal-json:0.9.5`
 2. [jose4j v0.9.4](https://bitbucket.org/b_c/jose4j/wiki/Home)
    Maven: `org.bitbucket.b_c:jose4j:0.9.4`
-3. [bouncycastle bcprov-jdk15on v1.57](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.57)
-   Maven: `org.bouncycastle:bcprov-jdk15on:1.57`
-4. [bouncycastle bcpkix-jdk15on v1.57](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk15on/1.57)
-   Maven: `org.bouncycastle:bcpkix-jdk15on:1.57`
+3. [bouncycastle bcprov-jdk18on v1.77](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.77)
+   Maven: `org.bouncycastle:bcprov-jdk18on:1.77`
+4. [bouncycastle bcpkix-jdk18on v1.77](https://mvnrepository.com/artifact/org.bouncycastle/bcprov-jdk18on/1.77)
+   Maven: `org.bouncycastle:bcpkix-jdk18on:1.77`
 5. [Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7](http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html)
    If you don't install this, you'll get an exception about key length or exception about parsing PKCS private key for Box Developer Edition. This is not a Box thing, this is a U.S. Government requirement concerning strong encryption.
    The listed jar is for Oracle JRE. There might be other similar JARs for different JRE versions like the one below for IBM JDK
@@ -266,7 +266,7 @@ Javadocs are generated when `gradle javadoc` is run and can be found in
 ## FIPS 140-2 Compliance
 
 To generate a Json Web Signature used for retrieving tokens in the JWT authentication method, the Box Java SDK decrypts an encrypted private key.
-For this purpose, Box Java SDK uses libraries (`org.bouncycastle:bcpkix-jdk15on:1.70` and `org.bouncycastle:bcprov-jdk15on:1.70`)
+For this purpose, Box Java SDK uses libraries (`org.bouncycastle:bcpkix-jdk18on:1.77` and `org.bouncycastle:bcprov-jdk18on:1.77`)
 that are NOT compatible with FIPS 140-2 validated cryptographic library (`org.bouncycastle:bc-fips`).
 
 There are two ways of ensuring that decryption operation is FIPS-compiant.

diff --git a/build.gradle b/build.gradle
@@ -51,8 +51,8 @@ configurations {
 dependencies {
     implementation "com.eclipsesource.minimal-json:minimal-json:0.9.5"
     implementation "org.bitbucket.b_c:jose4j:0.9.4"
-    implementation "org.bouncycastle:bcprov-jdk15on:1.70"
-    implementation "org.bouncycastle:bcpkix-jdk15on:1.70"
+    implementation "org.bouncycastle:bcprov-jdk18on:1.77"
+    implementation "org.bouncycastle:bcpkix-jdk18on:1.77"
     implementation "com.squareup.okhttp3:okhttp:4.12.0"
     testsCommonImplementation "junit:junit:4.13.2"
     testsCommonImplementation "org.hamcrest:hamcrest-library:2.2"

diff --git a/src/test/java/com/box/sdk/BoxDeveloperEditionAPIConnectionTest.java b/src/test/java/com/box/sdk/BoxDeveloperEditionAPIConnectionTest.java
@@ -20,7 +20,6 @@
 import com.github.tomakehurst.wiremock.junit.WireMockRule;
 import com.github.tomakehurst.wiremock.matching.MatchResult;
 import com.github.tomakehurst.wiremock.matching.RequestMatcherExtension;
-import org.bouncycastle.util.encoders.Base64;
 import org.jose4j.jwt.JwtClaims;
 import org.jose4j.jwt.consumer.JwtConsumer;
 import org.jose4j.jwt.consumer.JwtConsumerBuilder;