chore: Sync Private Master with Public Master (#73)

imabhichow · josecorella · semantic-release-bot · web-flow · commit 80dc9d0b96ff · 2023-11-16T08:17:31.000-08:00
* chore: update node version in versioning cb step (#1712) * AWS Encryption SDK 2.4.1 Release -- $(date +%Y-%m-%d) ## [2.4.1](v2.4.0...v2.4.1) (2023-08-09) ### Fixes * **ci:** Quote commit statement to prevent errant YAML parsing ([#581](#581)) ([2166f2d](2166f2d)) * Fix errors in the example code in README.md ([#1306](#1306)) ([b3f5b00](b3f5b00)) * NOTICE.txt ([#1617](#1617)) ([6dbf436](6dbf436)) ### Maintenance * **ci:** add missing @test annotation ([#1333](#1333)) ([3f289ac](3f289ac)) * **CommitmentPolicy:** Detail Commitment Policy on Enum ([#913](#913)) ([753bf7d](753bf7d)) * **deps-dev:** bump junit-jupiter-api from 5.8.2 to 5.9.0 ([#1022](#1022)) ([3706959](3706959)) * **deps-dev:** bump junit-jupiter-api from 5.9.0 to 5.9.1 ([#1073](#1073)) ([a85666c](a85666c)) * **deps-dev:** bump junit-jupiter-api from 5.9.1 to 5.9.2 ([#1313](#1313)) ([1466784](1466784)) * **deps-dev:** bump junit-vintage-engine from 5.8.2 to 5.9.0 ([#1050](#1050)) ([4a1222c](4a1222c)) * **deps-dev:** bump junit-vintage-engine from 5.9.0 to 5.9.1 ([#1074](#1074)) ([55746cf](55746cf)) * **deps-dev:** bump junit-vintage-engine from 5.9.1 to 5.9.3 ([#1550](#1550)) ([14b6766](14b6766)) * **deps-dev:** bump mockito-core from 4.10.0 to 4.11.0 ([#1283](#1283)) ([5311392](5311392)) * **deps-dev:** bump mockito-core from 4.3.1 to 4.4.0 ([#625](#625)) ([3e6edf3](3e6edf3)) * **deps-dev:** bump mockito-core from 4.4.0 to 4.6.1 ([#918](#918)) ([bf7978b](bf7978b)) * **deps-dev:** bump mockito-core from 4.6.1 to 4.8.0 ([#1055](#1055)) ([d47e1de](d47e1de)) * **deps-dev:** bump mockito-core from 4.8.0 to 4.8.1 ([#1147](#1147)) ([e2a0f52](e2a0f52)) * **deps-dev:** bump mockito-core from 4.8.1 to 4.9.0 ([#1194](#1194)) ([28c2e71](28c2e71)) * **deps-dev:** bump mockito-core from 4.9.0 to 4.10.0 ([#1254](#1254)) ([07e2ed2](07e2ed2)) * **deps:** bump actions/checkout from 2 to 3 ([#558](#558)) ([6652268](6652268)) * **deps:** bump aws-actions/configure-aws-credentials from 1 to 2 ([#1437](#1437)) ([91a5811](91a5811)) * **deps:** bump aws-java-sdk from 1.12.162 to 1.12.186 ([#629](#629)) ([ec38abe](ec38abe)) * **deps:** bump aws-java-sdk from 1.12.186 to 1.12.256 ([#920](#920)) ([ef4126b](ef4126b)) * **deps:** bump aws-java-sdk from 1.12.256 to 1.12.299 ([#1047](#1047)) ([fdf0a6d](fdf0a6d)) * **deps:** bump aws-java-sdk from 1.12.299 to 1.12.301 ([#1053](#1053)) ([718b3a2](718b3a2)) * **deps:** bump aws-java-sdk from 1.12.301 to 1.12.303 ([#1059](#1059)) ([970e9db](970e9db)) * **deps:** bump aws-java-sdk from 1.12.303 to 1.12.304 ([#1063](#1063)) ([e8471dc](e8471dc)) * **deps:** bump aws-java-sdk from 1.12.304 to 1.12.305 ([#1066](#1066)) ([5bc4b3b](5bc4b3b)) * **deps:** bump aws-java-sdk from 1.12.305 to 1.12.306 ([#1071](#1071)) ([93c8314](93c8314)) * **deps:** bump aws-java-sdk from 1.12.306 to 1.12.307 ([#1076](#1076)) ([88f85f4](88f85f4)) * **deps:** bump aws-java-sdk from 1.12.307 to 1.12.308 ([#1081](#1081)) ([53345b8](53345b8)) * **deps:** bump aws-java-sdk from 1.12.308 to 1.12.309 ([#1085](#1085)) ([658f9e9](658f9e9)) * **deps:** bump aws-java-sdk from 1.12.309 to 1.12.318 ([#1121](#1121)) ([18443d4](18443d4)) * **deps:** bump aws-java-sdk from 1.12.318 to 1.12.319 ([#1124](#1124)) ([624c592](624c592)) * **deps:** bump aws-java-sdk from 1.12.319 to 1.12.323 ([#1138](#1138)) ([74b3dd3](74b3dd3)) * **deps:** bump aws-java-sdk from 1.12.323 to 1.12.335 ([#1173](#1173)) ([b8b0d53](b8b0d53)) * **deps:** bump aws-java-sdk from 1.12.335 to 1.12.337 ([#1176](#1176)) ([fa92676](fa92676)) * **deps:** bump aws-java-sdk from 1.12.337 to 1.12.350 ([#1220](#1220)) ([35235a0](35235a0)) * **deps:** bump aws-java-sdk from 1.12.350 to 1.12.366 ([#1259](#1259)) ([456a4ad](456a4ad)) * **deps:** bump aws-java-sdk from 1.12.366 to 1.12.381 ([#1308](#1308)) ([80ed0a6](80ed0a6)) * **deps:** bump aws-java-sdk from 1.12.381 to 1.12.394 ([#1351](#1351)) ([0445b9e](0445b9e)) * **deps:** bump BouncyCastle from 1.72 to 1.75 ([#1670](#1670)) ([61b6260](61b6260)) * **deps:** bump jacoco-maven-plugin from 0.8.7 to 0.8.8 ([#655](#655)) ([802946a](802946a)) * **deps:** bump kms from 2.17.136 to 2.17.226 ([#916](#916)) ([6a4011e](6a4011e)) * **deps:** bump kms from 2.17.226 to 2.17.259 ([#1020](#1020)) ([6fc33b7](6fc33b7)) * **deps:** bump kms from 2.17.259 to 2.17.273 ([#1054](#1054)) ([d87cf16](d87cf16)) * **deps:** bump kms from 2.17.273 to 2.17.274 ([#1058](#1058)) ([4ab03c4](4ab03c4)) * **deps:** bump kms from 2.17.274 to 2.17.275 ([#1062](#1062)) ([5a70da4](5a70da4)) * **deps:** bump kms from 2.17.275 to 2.17.276 ([#1065](#1065)) ([a3d1fae](a3d1fae)) * **deps:** bump kms from 2.17.276 to 2.17.277 ([#1070](#1070)) ([7ca5c11](7ca5c11)) * **deps:** bump kms from 2.17.277 to 2.17.278 ([#1075](#1075)) ([cbac0a3](cbac0a3)) * **deps:** bump kms from 2.17.278 to 2.17.279 ([#1080](#1080)) ([558b2f4](558b2f4)) * **deps:** bump kms from 2.17.279 to 2.17.280 ([#1086](#1086)) ([29774ad](29774ad)) * **deps:** bump kms from 2.17.280 to 2.17.288 ([#1118](#1118)) ([8d94a69](8d94a69)) * **deps:** bump kms from 2.17.288 to 2.17.289 ([#1122](#1122)) ([d09ff99](d09ff99)) * **deps:** bump kms from 2.17.289 to 2.17.292 ([ff69200](ff69200)) * **deps:** bump kms from 2.17.292 to 2.18.8 ([#1167](#1167)) ([fa16a2d](fa16a2d)) * **deps:** bump kms from 2.18.12 to 2.18.38 ([#1252](#1252)) ([e35cf06](e35cf06)) * **deps:** bump kms from 2.18.8 to 2.18.12 ([#1177](#1177)) ([f514633](f514633)) * **deps:** bump maven-compiler-plugin from 3.9.0 to 3.10.1 ([#582](#582)) ([9e24357](9e24357)) * **deps:** bump maven-javadoc-plugin from 3.3.1 to 3.3.2 ([#525](#525)) ([8489bd6](8489bd6)) * **deps:** bump maven-javadoc-plugin from 3.3.2 to 3.4.1 ([#998](#998)) ([44be313](44be313)) * **deps:** bump maven-surefire-plugin from 2.22.2 to 3.1.2 ([#1632](#1632)) ([ea0a848](ea0a848)) * **deps:** bump nexus-staging-maven-plugin from 1.6.12 to 1.6.13 ([#704](#704)) ([15fab9f](15fab9f)) * **deps:** bump software.amazon.awssdk:bom from 2.17.136 to 2.17.228 ([#925](#925)) ([ae52cef](ae52cef)) * **deps:** bump software.amazon.awssdk:bom from 2.17.228 to 2.17.273 ([#1056](#1056)) ([e40651c](e40651c)) * **deps:** bump software.amazon.awssdk:bom from 2.17.273 to 2.17.274 ([#1057](#1057)) ([35f38bd](35f38bd)) * **deps:** bump software.amazon.awssdk:bom from 2.17.274 to 2.17.275 ([#1061](#1061)) ([18c8172](18c8172)) * **deps:** bump software.amazon.awssdk:bom from 2.17.275 to 2.17.276 ([#1067](#1067)) ([efd340d](efd340d)) * **deps:** bump software.amazon.awssdk:bom from 2.17.276 to 2.17.277 ([#1069](#1069)) ([5721a81](5721a81)) * **deps:** bump software.amazon.awssdk:bom from 2.17.277 to 2.17.278 ([#1077](#1077)) ([49b867e](49b867e)) * **deps:** bump software.amazon.awssdk:bom from 2.17.278 to 2.17.280 ([#1084](#1084)) ([cb2a92f](cb2a92f)) * **deps:** bump software.amazon.awssdk:bom from 2.17.280 to 2.17.288 ([#1116](#1116)) ([7ff4e14](7ff4e14)) * **deps:** bump software.amazon.awssdk:bom from 2.17.288 to 2.17.292 ([98236cd](98236cd)) * **deps:** bump software.amazon.awssdk:bom from 2.17.292 to 2.18.1 ([#1148](#1148)) ([f7f6088](f7f6088)) * **deps:** bump software.amazon.awssdk:bom from 2.18.1 to 2.18.8 ([#1168](#1168)) ([12e5383](12e5383)) * **deps:** bump software.amazon.awssdk:bom from 2.18.12 to 2.18.38 ([#1251](#1251)) ([6593b98](6593b98)) * **deps:** bump software.amazon.awssdk:bom from 2.18.38 to 2.19.11 ([#1299](#1299)) ([cd08a3b](cd08a3b)) * **deps:** bump software.amazon.awssdk:bom from 2.18.8 to 2.18.12 ([#1178](#1178)) ([03bc7bd](03bc7bd)) * **deps:** bump software.amazon.awssdk:bom from 2.19.11 to 2.19.26 ([#1354](#1354)) ([7ee7f55](7ee7f55)) * **deps:** bump software.amazon.awssdk:bom from 2.19.26 to 2.20.91 ([#1667](#1667)) ([2b5f92a](2b5f92a)) * Detail AWS SDK v2 support ([#835](#835)) ([5705e1f](5705e1f)) * Fix re-run CI workflows ([#1219](#1219)) ([3bec521](3bec521)) * remove mainline-1.x from dependabot ([#1120](#1120)) ([3956822](3956822)) * Run CodeBuild CI from Github Actions ([#1213](#1213)) ([ba726b5](ba726b5)) * **SupportPolicy:** Mark 1.x End-of-Support ([#1026](#1026)) ([ff93eab](ff93eab)) * Update `org.bouncycastle` to `bcprov-ext-jdk18on` ([#1572](#1572)) ([c56aff3](c56aff3)) * update node version in versioning cb step ([#1712](#1712)) ([a34e0ad](a34e0ad)) * use correct signing key for release ([#928](#928)) ([86332e4](86332e4)) * use new signing keys for ci ([#840](#840)) ([6043417](6043417)) * chore(deps): bump org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0 (#1717) Bumps org.apache.commons:commons-lang3 from 3.12.0 to 3.13.0. --- updated-dependencies: - dependency-name: org.apache.commons:commons-lang3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: fix release script (#1796) * chore: fix release script * chore(tests): update ESDK tests to replace sun.security.* API (#1852) Update ESDK Java tests to replace sun.security.* API with supported alternate API --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: José Corella <39066999+josecorella@users.noreply.github.com> Co-authored-by: semantic-release-bot <semantic-release-bot@martynus.net> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/.releaserc b/.releaserc
@@ -57,7 +57,7 @@
           }],
           ["@semantic-release/git", {
             "assets": ["./CHANGELOG.md", "./pom.xml", "./README.md"],
-            "message": "AWS Encryption SDK ${nextRelease.version} Release -- $(date +%Y-%m-%d) \n\n${nextRelease.notes}"
+            "message": "AWS Encryption SDK ${nextRelease.version} Release -- ${new Date().toISOString().slice(0, 10)} \n\n${nextRelease.notes}"
           }],
     ],
     "repositoryUrl": "https://github.com/aws/aws-encryption-sdk-java",
diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/README.md b/README.md
@@ -58,7 +58,7 @@ You can get the latest release from Maven:
 <dependency>
   <groupId>com.amazonaws</groupId>
   <artifactId>aws-encryption-sdk-java</artifactId>
-  <version>2.4.0</version>
+  <version>2.4.1</version>
 </dependency>
 ```
 
diff --git a/codebuild/release/upload_artifacts.yml b/codebuild/release/upload_artifacts.yml
@@ -42,4 +42,4 @@ phases:
         mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:get \
           -DrepoUrl=https://aws.oss.sonatype.org \
           -Dartifact=com.amazonaws:aws-encryption-sdk-java:${VERSION}:jar:javadoc
-      - gh release create v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar -d -F CHANGELOG.md -t "AWS Encryption SDK ${VERSION} Release -- $(date +%Y-%m-%d)"
+      - gh release create v${VERSION} ~/.m2/repository/com/amazonaws/aws-encryption-sdk-java/${VERSION}/*.jar -d -F CHANGELOG.md -t "AWS Encryption SDK ${VERSION} Release -- $(date +'%Y-%m-%d')"
diff --git a/codebuild/release/version.yml b/codebuild/release/version.yml
@@ -12,13 +12,13 @@ env:
 phases:
   install:
     commands:
+      - n 18
+      - node -v
       - npm install --save-dev semantic-release
       - npm install @semantic-release/changelog -d
       - npm install @semantic-release/exec -d
       - npm install @semantic-release/git -d
       - npm install --save conventional-changelog
-    runtime-versions:
-      nodejs: 14
   pre_build:
     commands:
       - git config --global user.name "aws-crypto-tools-ci-bot"
diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 
     <groupId>com.amazonaws</groupId>
     <artifactId>aws-encryption-sdk-java</artifactId>
-    <version>2.4.0</version>
+    <version>2.4.1</version>
     <packaging>jar</packaging>
 
     <name>aws-encryption-sdk-java</name>
@@ -115,7 +115,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.12.0</version>
+            <version>3.13.0</version>
         </dependency>
     </dependencies>
 
diff --git a/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java b/src/test/java/com/amazonaws/encryptionsdk/jce/KeyStoreProviderTest.java
@@ -32,26 +32,18 @@
 import java.security.KeyStore.PasswordProtection;
 import java.security.KeyStoreException;
 import java.security.SecureRandom;
+import java.security.Security;
 import java.security.cert.Certificate;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.Date;
 import javax.crypto.spec.SecretKeySpec;
+import javax.security.auth.x500.X500Principal;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.x509.X509V3CertificateGenerator;
 import org.junit.Before;
 import org.junit.Test;
-import sun.security.x509.AlgorithmId;
-import sun.security.x509.CertificateAlgorithmId;
-import sun.security.x509.CertificateSerialNumber;
-import sun.security.x509.CertificateValidity;
-import sun.security.x509.CertificateX509Key;
-import sun.security.x509.X500Name;
-import sun.security.x509.X509CertImpl;
-import sun.security.x509.X509CertInfo;
-
-/* These internal sun classes are included solely for test purposes as
-this test cannot use BouncyCastle cert generation, as there are incompatibilities
-between how standard BC and FIPS BC perform cert generation. */
 
 public class KeyStoreProviderTest {
   private static final SecureRandom RND = new SecureRandom();
@@ -72,6 +64,7 @@ public class KeyStoreProviderTest {
 
   @Before
   public void setup() throws Exception {
+    Security.addProvider(new BouncyCastleProvider());
     ks = KeyStore.getInstance(KeyStore.getDefaultType());
     ks.load(null, PASSWORD);
   }
@@ -286,26 +279,24 @@ private void addPublicEntry(final String alias) throws GeneralSecurityException,
   }
 
   private X509Certificate generateCertificate(final KeyPair pair, final String alias)
-      throws GeneralSecurityException, IOException {
-    final X509CertInfo info = new X509CertInfo();
-    final X500Name name = new X500Name("dc=" + alias);
-    info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(new BigInteger(256, RND)));
-    info.set(X509CertInfo.SUBJECT, name);
-    info.set(X509CertInfo.ISSUER, name);
-    info.set(
-        X509CertInfo.VALIDITY,
-        new CertificateValidity(
-            Date.from(Instant.now().minus(1, ChronoUnit.DAYS)),
-            Date.from(Instant.now().plus(730, ChronoUnit.DAYS))));
-    info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
-    info.set(
-        X509CertInfo.ALGORITHM_ID,
-        new CertificateAlgorithmId(new AlgorithmId(AlgorithmId.sha256WithRSAEncryption_oid)));
-
-    final X509CertImpl cert = new X509CertImpl(info);
-    cert.sign(pair.getPrivate(), AlgorithmId.sha256WithRSAEncryption_oid.toString());
-
-    return cert;
+      throws GeneralSecurityException {
+    final X509Certificate certificate;
+
+    // Generate self-signed certificate
+    final X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
+    final X500Principal dnName = new X500Principal("dc=" + alias);
+
+    certGen.setSerialNumber(new BigInteger(256, new SecureRandom()));
+    certGen.setIssuerDN(dnName);
+    certGen.setNotBefore(Date.from(Instant.now().minus(1, ChronoUnit.DAYS)));
+    certGen.setNotAfter(Date.from(Instant.now().plus(730, ChronoUnit.DAYS)));
+    certGen.setSubjectDN(dnName);
+    certGen.setPublicKey(pair.getPublic());
+    certGen.setSignatureAlgorithm("SHA256WithRSA");
+
+    certificate = certGen.generate(pair.getPrivate());
+
+    return certificate;
   }
 
   private void copyPublicPart(final KeyStore src, final KeyStore dst, final String alias)
