Add support for FIPS Bouncy Castle library

[robhafner]

Describe the bug

We are attempting to use version 19.0.1 of the Kubernetes Java Client from a Spring Boot 2.7 application to invoke the Kubernetes API server to validate a service account token. Our Spring Boot application is configured with the FIPS enabled version 1.0.2.4 of the Bouncy Castle library (and does not include the non FIPS version of the Bouncy Castle library). The call to the API with a valid token results in the following status.

class V1TokenReviewStatus {
audiences: null
authenticated: null
error: [invalid bearer token, service account token has been invalidated]
user: class V1UserInfo {
extra: null
groups: null
uid: null
username: null
}
}

Stepping through the debugger the token appears to be consider invalid as a result of the non FIPS enabled bouncy castle class not being available which is defined in src/main/java/io/kubernetes/client/SSLUtils.java

static { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); }

Updating the SSLUtils.java with the following changes allows the token to be verified successfully.

`
static –{
Provider provider;
try {
Class clazz = getProvider();
provider = (Provider) clazz.getDeclaredConstructor(null).newInstance();
} catch (Exception e) {
throw new RuntimeException(e);
}

Security.addProvider(provider);

}

public static Class getProvider() throws ClassNotFoundException {
Class clazz;
try {
clazz = Class.forName("org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider");
} catch(ClassNotFoundException cnf) {
clazz = Class.forName("org.bouncycastle.jce.provider.BouncyCastleProvider");
}
return clazz;
}
`

I'd be happy to put a PR together with this change to resolve this issue. However, I ran across another issue which seemed very similar which was closed without a fix.

#2086

Can you confirm if the Kubernetes Java Client project is willing to support the FIPS version of Bouncy Castle? If not, we will likely be forced to fork the library to meet our needs.

Client Version
1.29.2

Kubernetes Version
1.28.2

Java Version
Java 17

To Reproduce
Steps to reproduce the behavior:

Expected behavior
The call to verify a token works successfully when only the FIPS version of bouncy castle is on the classpath.

KubeConfig
If applicable, add a KubeConfig file with secrets redacted.

Server (please complete the following information):
Linux

[brendandburns]

This looks like a server side error? This SDK is only client side. Can you explain why the FIPS provider is required?

I'm not opposed in principal to supporting both providers, but I need further explanation about why it is causing this specific problem.

[brendandburns]

Closing this via #3595