Hi Anthony
Good catch.
A simple workaround is to update bc bundles in the system repo and
update the features (a little painful but do-able).
I will fix that for 4.4.6 (I will create a Jira).
Thanks !
Regards
JB
On Thu, Mar 21, 2024 at 2:45 AM Anthony Wood wrote:
>
> Hi,
>
> There seems to be a mismatch between the requirements of sshd-osgi 2.11.0
> (via the ‘ssh’ feature) and the version of bouncycastle in Karaf 4.4.5, which
> is 1.75:
>
> sshd-osgi 2.11.0 imports:
> org.bouncycastle.asn1.pkcs {version=[1.76,2),
> resolution:=optional}
> org.bouncycastle.crypto.prng {version=[1.76,2),
> resolution:=optional}
> org.bouncycastle.jce.provider {version=[1.76,2),
> resolution:=optional}
> org.bouncycastle.openssl {version=[1.76,2),
> resolution:=optional}
> org.bouncycastle.openssl.jcajce{version=[1.76,2),
> resolution:=optional}
> org.bouncycastle.operator {version=[1.76,2),
> resolution:=optional}
> org.bouncycastle.pkcs {version=[1.76,2),
> resolution:=optional}
> org.bouncycastle.pkcs.jcajce {version=[1.76,2),
> resolution:=optional}
>
> Bouncycastle jars included in karaf 4.4.5:
>
> apache-karaf-4.4.5/system/org/bouncycastle/bcprov-jdk18on/1.75/bcprov-jdk18on-1.75.jar
> apache-karaf-4.4.5/system/org/bouncycastle/bcutil-jdk18on/1.75/bcutil-jdk18on-1.75.jar
> apache-karaf-4.4.5/system/org/bouncycastle/bcpkix-jdk18on/1.75/bcpkix-jdk18on-1.75.jar
>
> The result is that an RSA host key cannot be generated due to:
> NoClassDefFoundError for org/bouncycastle/openssl/jcajce/JcaPEMWriter, even
> when bcpkix-jdk18on 1.75 is installed by the feature.
>
> We have worked around it by overriding the feature, but it would be great for
> this to be addressed in a 4.4.6 release.
>
> Thanks,
> Anthony
