[jira] [Comment Edited] (HBASE-21281) Update bouncycastle dependency.

Sun, 14 Oct 2018 14:19:15 -0700 


    [ 
https://issues.apache.org/jira/browse/HBASE-21281?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16648708#comment-16648708
 ] 

Ted Yu edited comment on HBASE-21281 at 10/14/18 9:18 PM:
----------------------------------------------------------

The following dependency tree output against hadoop3 shows that bouncycastle 
dependency was only present for hbase-http module:
{code}
[INFO] org.apache.hbase:hbase-http:jar:3.0.0-SNAPSHOT
...
[INFO] +- org.bouncycastle:bcprov-jdk15on:jar:1.60:test
{code}
Some tests in hbase-server module depend on bouncycastle as well (as the 
failing tests showed).


was (Author: yuzhih...@gmail.com):
The following dependency tree output shows that old bouncycastle dependency was 
pulled in:
{code}
[INFO] +- org.apache.hadoop:hadoop-minikdc:jar:2.7.7:test
[INFO] |  \- 
org.apache.directory.server:apacheds-protocol-ldap:jar:2.0.0-M15:test
[INFO] |     +- org.apache.directory.api:api-asn1-ber:jar:1.0.0-M20:test
[INFO] |     +- 
org.apache.directory.api:api-ldap-extras-codec-api:jar:1.0.0-M20:test
[INFO] |     +- 
org.apache.directory.api:api-ldap-extras-codec:jar:1.0.0-M20:test
[INFO] |     +- org.apache.directory.api:api-ldap-extras-sp:jar:1.0.0-M20:test
[INFO] |     \- bouncycastle:bcprov-jdk15:jar:140:test
{code}
which we should exclude.

> Update bouncycastle dependency.
> -------------------------------
>
>                 Key: HBASE-21281
>                 URL: https://issues.apache.org/jira/browse/HBASE-21281
>             Project: HBase
>          Issue Type: Task
>          Components: dependencies, test
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>            Priority: Major
>             Fix For: 3.0.0, 2.2.0
>
>         Attachments: 21281.addendum.patch, HBASE-21281.001.branch-2.0.patch
>
>
> Looks like we still depend on bcprov-jdk16 for some x509 certificate 
> generation in our tests. Bouncycastle has moved beyond this in 1.47, changing 
> the artifact names.
> [http://www.bouncycastle.org/wiki/display/JA1/Porting+from+earlier+BC+releases+to+1.47+and+later]
> There are some API changes too, but it looks like we don't use any of these.
> It seems like we also have vestiges in the POMs from when we were depending 
> on a specific BC version that came in from Hadoop. We now have a 
> KeyStoreTestUtil class in HBase, which makes me think we can also clean up 
> some dependencies.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to