diff --git a/bcpkix-shaded/pom.xml b/bcpkix-shaded/pom.xml
new file mode 100644
index 0000000000..473e001612
--- /dev/null
+++ b/bcpkix-shaded/pom.xml
@@ -0,0 +1,108 @@
+
+
+
+ 4.0.0
+
+ org.openidentityplatform.openam
+ openam
+ 16.0.0-SNAPSHOT
+
+
+ bcpkix-shaded
+ ${bouncycastle.version}
+
+
+
+ maven-shade-plugin
+ 3.6.1
+
+
+ shade-bouncycastle-classes
+ package
+
+ shade
+
+
+
+
+ org.bouncycastle:bcpkix-jdk18on
+ org.bouncycastle:bcutil-jdk18on
+ org.bouncycastle:bcprov-jdk18on
+
+
+
+
+ org.bouncycastle
+ org.openidentityplatform.bouncycastle
+
+
+
+
+ org.bouncycastle:*
+
+ META-INF/**
+
+
+
+ true
+ true
+
+
+
+
+
+ org.apache.maven.plugins
+ maven-dependency-plugin
+
+
+ unpack
+ process-classes
+
+ unpack
+
+
+
+
+ org.bouncycastle
+ bcpkix-jdk18on
+ ${bouncycastle.version}
+ ${project.build.outputDirectory}
+
+
+ org.bouncycastle
+ bcutil-jdk18on
+ ${bouncycastle.version}
+ ${project.build.outputDirectory}
+
+
+ org.bouncycastle
+ bcprov-jdk18on
+ ${bouncycastle.version}
+ ${project.build.outputDirectory}
+
+
+ META-INF/*.SF,META-INF/*.DSA,META-INF/*.RSA
+
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/openam-authentication/openam-auth-oauth2/pom.xml b/openam-authentication/openam-auth-oauth2/pom.xml
index e0188fe9ac..f1d7b5dc6c 100755
--- a/openam-authentication/openam-auth-oauth2/pom.xml
+++ b/openam-authentication/openam-auth-oauth2/pom.xml
@@ -54,8 +54,8 @@
esapi
- org.bouncycastle
- bcpkix-jdk18on
+ org.openidentityplatform.openam
+ bcpkix-shaded
1.81
diff --git a/openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/service/esia/Signer.java b/openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/service/esia/Signer.java
index 03356c3035..4d752274a0 100644
--- a/openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/service/esia/Signer.java
+++ b/openam-authentication/openam-auth-oauth2/src/main/java/org/forgerock/openam/authentication/modules/oauth2/service/esia/Signer.java
@@ -1,25 +1,41 @@
+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in compliance with the
+ * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
+ * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file and include
+ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
+ * Header, with the fields enclosed by brackets [] replaced by your own identifying
+ * information: "Portions copyright [year] [name of copyright owner]".
+ *
+ * Copyright 2018-2025 3A Systems LLC.
+ */
+
package org.forgerock.openam.authentication.modules.oauth2.service.esia;
import com.google.common.cache.Cache;
import com.google.common.cache.CacheBuilder;
import com.iplanet.am.util.SystemProperties;
import org.apache.commons.codec.binary.Base64;
-import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
-import org.bouncycastle.cert.X509CertificateHolder;
-import org.bouncycastle.cert.jcajce.JcaCertStore;
-import org.bouncycastle.cms.CMSProcessableByteArray;
-import org.bouncycastle.cms.CMSSignedData;
-import org.bouncycastle.cms.CMSSignedDataGenerator;
-import org.bouncycastle.cms.CMSTypedData;
-import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
-import org.bouncycastle.jce.provider.BouncyCastleProvider;
-import org.bouncycastle.openssl.PEMKeyPair;
-import org.bouncycastle.openssl.PEMParser;
-import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
-import org.bouncycastle.operator.ContentSigner;
-import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
-import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
-import org.bouncycastle.util.Store;
+import org.openidentityplatform.bouncycastle.asn1.pkcs.PrivateKeyInfo;
+import org.openidentityplatform.bouncycastle.cert.X509CertificateHolder;
+import org.openidentityplatform.bouncycastle.cert.jcajce.JcaCertStore;
+import org.openidentityplatform.bouncycastle.cms.CMSProcessableByteArray;
+import org.openidentityplatform.bouncycastle.cms.CMSSignedData;
+import org.openidentityplatform.bouncycastle.cms.CMSSignedDataGenerator;
+import org.openidentityplatform.bouncycastle.cms.CMSTypedData;
+import org.openidentityplatform.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
+import org.openidentityplatform.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.openidentityplatform.bouncycastle.openssl.PEMKeyPair;
+import org.openidentityplatform.bouncycastle.openssl.PEMParser;
+import org.openidentityplatform.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
+import org.openidentityplatform.bouncycastle.operator.ContentSigner;
+import org.openidentityplatform.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
+import org.openidentityplatform.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder;
+import org.openidentityplatform.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -35,7 +51,7 @@ public class Signer {
final static Logger logger = LoggerFactory.getLogger(Signer.class);
static {
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
+ Security.addProvider(new org.openidentityplatform.bouncycastle.jce.provider.BouncyCastleProvider());
}
private static final Cache certificateHolderCache = CacheBuilder.newBuilder().maximumSize(10)
diff --git a/openam-authentication/openam-auth-oauth2/src/test/java/org/forgerock/openam/authentication/modules/oauth2/ESIATest.java b/openam-authentication/openam-auth-oauth2/src/test/java/org/forgerock/openam/authentication/modules/oauth2/ESIATest.java
index 5e844b709b..9de4d4875a 100644
--- a/openam-authentication/openam-auth-oauth2/src/test/java/org/forgerock/openam/authentication/modules/oauth2/ESIATest.java
+++ b/openam-authentication/openam-auth-oauth2/src/test/java/org/forgerock/openam/authentication/modules/oauth2/ESIATest.java
@@ -1,6 +1,22 @@
+/*
+ * The contents of this file are subject to the terms of the Common Development and
+ * Distribution License (the License). You may not use this file except in compliance with the
+ * License.
+ *
+ * You can obtain a copy of the License at legal/CDDLv1.0.txt. See the License for the
+ * specific language governing permission and limitations under the License.
+ *
+ * When distributing Covered Software, include this CDDL Header Notice in each file and include
+ * the License file at legal/CDDLv1.0.txt. If applicable, add the following below the CDDL
+ * Header, with the fields enclosed by brackets [] replaced by your own identifying
+ * information: "Portions copyright [year] [name of copyright owner]".
+ *
+ * Copyright 2018-2025 3A Systems LLC.
+ */
+
package org.forgerock.openam.authentication.modules.oauth2;
-import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
+import org.openidentityplatform.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.forgerock.openam.authentication.modules.oauth2.service.ESIAServiceUrlProvider;
import org.forgerock.openam.authentication.modules.oauth2.service.esia.Signer;
import org.mockito.Matchers;
@@ -50,7 +66,7 @@ public void syncOffsetTest() throws Exception {
@Test
public void testSigner() throws Exception {
- Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
+ Security.addProvider(new org.openidentityplatform.bouncycastle.jce.provider.BouncyCastleProvider());
KeyPairGenerator keygen = KeyPairGenerator.getInstance(algorithm, "BC");
keygen.initialize(new ECGenParameterSpec(paramsSpec));
@@ -66,22 +82,22 @@ public void testSigner() throws Exception {
}
private String generateTempCertificateFile(KeyPair keyPair)throws Exception {
- org.bouncycastle.asn1.x500.X500Name subject = new org.bouncycastle.asn1.x500.X500Name("CN=" + alias);
+ org.openidentityplatform.bouncycastle.asn1.x500.X500Name subject = new org.openidentityplatform.bouncycastle.asn1.x500.X500Name("CN=" + alias);
BigInteger serial = BigInteger.ONE;
Date notBefore = new Date();
Date notAfter = new Date(notBefore.getTime() + TimeUnit.DAYS.toMillis(365 * 10));
- org.bouncycastle.cert.X509v3CertificateBuilder certificateBuilder = new org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder(
+ org.openidentityplatform.bouncycastle.cert.X509v3CertificateBuilder certificateBuilder = new org.openidentityplatform.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder(
subject, serial,
notBefore, notAfter,
subject, keyPair.getPublic()
);
- org.bouncycastle.cert.X509CertificateHolder certificateHolder = certificateBuilder.build(
- new org.bouncycastle.operator.jcajce.JcaContentSignerBuilder(signatureAlgorithm)
+ org.openidentityplatform.bouncycastle.cert.X509CertificateHolder certificateHolder = certificateBuilder.build(
+ new org.openidentityplatform.bouncycastle.operator.jcajce.JcaContentSignerBuilder(signatureAlgorithm)
.build(keyPair.getPrivate())
);
- org.bouncycastle.cert.jcajce.JcaX509CertificateConverter certificateConverter
- = new org.bouncycastle.cert.jcajce.JcaX509CertificateConverter();
+ org.openidentityplatform.bouncycastle.cert.jcajce.JcaX509CertificateConverter certificateConverter
+ = new org.openidentityplatform.bouncycastle.cert.jcajce.JcaX509CertificateConverter();
X509Certificate certificate = certificateConverter.getCertificate(certificateHolder);
diff --git a/pom.xml b/pom.xml
index 08975f7389..c0c7c559b2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -139,6 +139,7 @@
1.3.15
4.1.125.Final
2.0.69.Final
+ 1.81
-Xdoclint:none
-Xmx1g
@@ -241,6 +242,7 @@
org.restlet.ext.json
org.restlet.ext.servlet
org.restlet.ext.xml
+ bcpkix-shaded
@@ -253,6 +255,7 @@
jato-shaded
+ bcpkix-shaded
openam-http
openam-ldap-utils
openam-datastore
@@ -405,16 +408,6 @@
org.openidentityplatform.opendj
opendj-core
${opendj.version}
-
-
- org.bouncycastle
- bc-fips
-
-
- org.bouncycastle
- bctls-fips
-
-
org.mockito