[mina-sshd] branch master updated: [releng] OSGi: Ensure the BC security provider can be found

[twolf]

This is an automated email from the ASF dual-hosted git repository.

twolf pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git


The following commit(s) were added to refs/heads/master by this push:
     new f06217f62 [releng] OSGi: Ensure the BC security provider can be found
f06217f62 is described below

commit f06217f62651effc1fb38a98c3ff89a667570c33
Author: Thomas Wolf <tw...@apache.org>
AuthorDate: Sat Apr 15 15:10:44 2023 +0200

    [releng] OSGi: Ensure the BC security provider can be found
    
    BouncyCastleSecurityProviderRegistrar references the BC security
    provider only reflectively. It lives in a package that is not
    referenced explicitly anywhere.
    
    To be able to find org.bouncycastle.jce.provider.BouncyCastleProvider,
    the package must be on the bundle classpath in OSGi. It wasn't, since
    there was no "normal" reference to it.
    
    Add an optional dependency explicitly in the generated MANIFEST.MF of
    sshd-osgi.
---
 pom.xml           |  2 ++
 sshd-osgi/pom.xml | 13 +++++++++++++
 2 files changed, 15 insertions(+)

diff --git a/pom.xml b/pom.xml
index 2b4a23ff2..19b8f5495 100644
--- a/pom.xml
+++ b/pom.xml
@@ -134,6 +134,7 @@
         <sshd.tests.rerun.count>2</sshd.tests.rerun.count>
 
         <dependency.download.silent>true</dependency.download.silent>
+        <bnd.extraImports># A comment indicates 'none'</bnd.extraImports>
     </properties>
 
     <profiles>
@@ -1476,6 +1477,7 @@
                                 <Import-Package><![CDATA[
                                   
org.apache.sshd*;version="$<range;[===,=+);$<maven_version;${project.version}>>",
                                   
org.slf4j*;version="$<range;[==,${slf4j.upper.bound})>",
+                                  ${bnd.extraImports}
                                   *
                                 ]]></Import-Package>
                                 
<Export-Package>*;-noimport:=true</Export-Package>
diff --git a/sshd-osgi/pom.xml b/sshd-osgi/pom.xml
index 7cb664109..0e3142656 100644
--- a/sshd-osgi/pom.xml
+++ b/sshd-osgi/pom.xml
@@ -34,6 +34,19 @@
 
     <properties>
         <projectRoot>${project.basedir}/..</projectRoot>
+        <!--
+          The BC security provider class resides in a package that is 
referenced nowhere, except reflectively in the BouncyCastleSecurityRegistrar.
+          The (optional) package import will thus be missing in the generated 
MANIFEST.MF. However, the BouncyCastleSecurityRegistrar expects to find
+          class org.bouncycastle.jce.provider.BouncyCastleProvider on the 
classpath; otherwise its isSupported() returns false and Bouncycastle is
+          considered not available.
+          
+          However, in OSGi the package will not be on the bundle classpath if 
there is no Import-Package for it. (And using a Require-Bundle would restrict
+          bundle wiring too much.)
+          
+          Arguably this is a shortcoming of the BouncyCastleSecurityRegistrar. 
For the EdDSASecurityProviderRegistrar, this problem does not exist
+          since the security provider is in a package that is also referenced 
elsewhere.
+        -->
+        
<bnd.extraImports>org.bouncycastle.jce.provider;version="$$&lt;range;[==,+);${bouncycastle.version}>";resolution:=optional,</bnd.extraImports>
     </properties>
 
     <dependencies>