From 0ee1f7d0ee0249e99460cfe73f8176328889fd09 Mon Sep 17 00:00:00 2001
From: "Jain, Nihal" <nihaljain.cs@gmail.com>
Date: Wed, 20 Sep 2023 22:30:28 +0530
Subject: [PATCH 1/3] HBASE-28089 Upgrade BouncyCastle to fix CVE-2023-33201

---
 hbase-asyncfs/pom.xml                         |  2 +-
 hbase-endpoint/pom.xml                        |  2 +-
 hbase-examples/pom.xml                        |  2 +-
 hbase-http/pom.xml                            |  2 +-
 .../main/resources/supplemental-models.xml    |  4 +--
 hbase-rest/pom.xml                            |  2 +-
 hbase-server/pom.xml                          |  2 +-
 pom.xml                                       | 25 +++++++++++++++++--
 8 files changed, 31 insertions(+), 10 deletions(-)

diff --git a/hbase-asyncfs/pom.xml b/hbase-asyncfs/pom.xml
index 6d124854b521..4c24b64a08d2 100644
--- a/hbase-asyncfs/pom.xml
+++ b/hbase-asyncfs/pom.xml
@@ -75,7 +75,7 @@
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15on</artifactId>
+      <artifactId>bcprov-jdk18on</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/hbase-endpoint/pom.xml b/hbase-endpoint/pom.xml
index badd1a36eb8c..e4326049a31c 100644
--- a/hbase-endpoint/pom.xml
+++ b/hbase-endpoint/pom.xml
@@ -111,7 +111,7 @@
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15on</artifactId>
+      <artifactId>bcprov-jdk18on</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/hbase-examples/pom.xml b/hbase-examples/pom.xml
index 5a65fc4a6f0c..6a8dd2d97452 100644
--- a/hbase-examples/pom.xml
+++ b/hbase-examples/pom.xml
@@ -156,7 +156,7 @@
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15on</artifactId>
+      <artifactId>bcprov-jdk18on</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/hbase-http/pom.xml b/hbase-http/pom.xml
index 546ebd69f027..8f8e52d7353d 100644
--- a/hbase-http/pom.xml
+++ b/hbase-http/pom.xml
@@ -94,7 +94,7 @@
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15on</artifactId>
+      <artifactId>bcprov-jdk18on</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/hbase-resource-bundle/src/main/resources/supplemental-models.xml b/hbase-resource-bundle/src/main/resources/supplemental-models.xml
index 21ada4c9d9a4..6a36b86dbc7f 100644
--- a/hbase-resource-bundle/src/main/resources/supplemental-models.xml
+++ b/hbase-resource-bundle/src/main/resources/supplemental-models.xml
@@ -1316,10 +1316,10 @@ under the License.
   <supplement>
     <project>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcpkix-jdk15on</artifactId>
+      <artifactId>bcpkix-jdk18on</artifactId>
 
       <licenses>
-        <!-- bcpkix-jdk15on is licensed under the Bouncy Castle License, which is equivalent to the MIT License -->
+        <!-- bcpkix-jdk18on is licensed under the Bouncy Castle License, which is equivalent to the MIT License -->
         <license>
           <name>MIT License</name>
           <url>http://www.opensource.org/licenses/mit-license.php</url>
diff --git a/hbase-rest/pom.xml b/hbase-rest/pom.xml
index 1cdfba4a0969..2a295d3cd5a7 100644
--- a/hbase-rest/pom.xml
+++ b/hbase-rest/pom.xml
@@ -236,7 +236,7 @@
     <!--Test-->
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15on</artifactId>
+      <artifactId>bcprov-jdk18on</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/hbase-server/pom.xml b/hbase-server/pom.xml
index 4362d002a41f..3487b0b5d106 100644
--- a/hbase-server/pom.xml
+++ b/hbase-server/pom.xml
@@ -251,7 +251,7 @@
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
-      <artifactId>bcprov-jdk15on</artifactId>
+      <artifactId>bcprov-jdk18on</artifactId>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/pom.xml b/pom.xml
index f64e3cd09bb9..d55f099f9e4a 100755
--- a/pom.xml
+++ b/pom.xml
@@ -599,7 +599,7 @@
     <joni.version>2.1.31</joni.version>
     <jcodings.version>1.0.55</jcodings.version>
     <spy.version>2.12.2</spy.version>
-    <bouncycastle.version>1.70</bouncycastle.version>
+    <bouncycastle.version>1.76</bouncycastle.version>
     <skyscreamer.version>1.5.1</skyscreamer.version>
     <kerby.version>1.0.1</kerby.version>
     <commons-crypto.version>1.0.0</commons-crypto.version>
@@ -1301,7 +1301,7 @@
       </dependency>
       <dependency>
         <groupId>org.bouncycastle</groupId>
-        <artifactId>bcprov-jdk15on</artifactId>
+        <artifactId>bcprov-jdk18on</artifactId>
         <version>${bouncycastle.version}</version>
         <scope>test</scope>
       </dependency>
@@ -1968,6 +1968,23 @@
               </rules>
             </configuration>
           </execution>
+          <execution>
+            <id>banned-bouncycastle-jdk15on</id>
+            <goals>
+              <goal>enforce</goal>
+            </goals>
+            <configuration>
+              <rules>
+                <bannedDependencies>
+                  <excludes>
+                    <exclude>org.bouncycastle:*-jdk15on</exclude>
+                  </excludes>
+                  <message>Use org.bouncycastle:*-jdk18on instead</message>
+                  <searchTransitive>true</searchTransitive>
+                </bannedDependencies>
+              </rules>
+            </configuration>
+          </execution>
           <execution>
             <id>check-aggregate-license</id>
             <goals>
@@ -3523,6 +3540,10 @@
                 <groupId>log4j</groupId>
                 <artifactId>log4j</artifactId>
               </exclusion>
+              <exclusion>
+                <groupId>bouncycastle</groupId>
+                <artifactId>bcprov-jdk15</artifactId>
+              </exclusion>
             </exclusions>
           </dependency>
           <dependency>

From 98c9a9a4a1543c60129499034800a453acc5733e Mon Sep 17 00:00:00 2001
From: "Jain, Nihal" <nihaljain.cs@gmail.com>
Date: Thu, 21 Sep 2023 00:37:50 +0530
Subject: [PATCH 2/3] Fix hadoop-3 check

---
 pom.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/pom.xml b/pom.xml
index d55f099f9e4a..002f2f690fd2 100755
--- a/pom.xml
+++ b/pom.xml
@@ -4112,6 +4112,14 @@
                 <groupId>log4j</groupId>
                 <artifactId>log4j</artifactId>
               </exclusion>
+              <exclusion>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcprov-jdk15on</artifactId>
+              </exclusion>
+              <exclusion>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcpkix-jdk15on</artifactId>
+              </exclusion>
             </exclusions>
           </dependency>
           <dependency>

From 6dcbbcc72cc8ce71c7d5810ff8daa93114665d8b Mon Sep 17 00:00:00 2001
From: "Jain, Nihal" <nihaljain.cs@gmail.com>
Date: Thu, 21 Sep 2023 21:25:14 +0530
Subject: [PATCH 3/3] Fix tests by adding required dependency

---
 hbase-mapreduce/pom.xml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/hbase-mapreduce/pom.xml b/hbase-mapreduce/pom.xml
index f3befbe62fe8..deed5f7de361 100644
--- a/hbase-mapreduce/pom.xml
+++ b/hbase-mapreduce/pom.xml
@@ -356,6 +356,11 @@
           <artifactId>javax.ws.rs-api</artifactId>
           <scope>test</scope>
         </dependency>
+        <dependency>
+          <groupId>org.bouncycastle</groupId>
+          <artifactId>bcprov-jdk18on</artifactId>
+          <scope>test</scope>
+        </dependency>
       </dependencies>
 
     </profile>