Closed
Description
Describe the bug
API incompatible with BouncyCastle in FIPS mode
Client Version
all versions >= 7.0.0
Kubernetes Version
1.19.2
Java Version
Java 11
To Reproduce
Modify JDK11 conf/security/java.security file to use the BC FIPS provider as follows:
security.provider.1=org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider C:DEFRND[CTRAES256];ENABLE{ALL};
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider BCFIPS
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=apple.security.AppleProvider
pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.test.java</groupId>
<artifactId>java-app</artifactId>
<packaging>jar</packaging>
<version>1.0-SNAPSHOT</version>
<name>java-app</name>
<url>http://maven.apache.org</url>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>io.kubernetes</groupId>
<artifactId>client-java</artifactId>
<version>7.0.0</version> <!-- version 6.0.1 works fine -->
</dependency>
</dependencies>
</project>
Java test class:
package com.test.java;
import io.kubernetes.client.openapi.ApiClient;
import io.kubernetes.client.openapi.Configuration;
import io.kubernetes.client.openapi.apis.CoreV1Api;
import io.kubernetes.client.openapi.models.V1Pod;
import io.kubernetes.client.openapi.models.V1PodList;
import io.kubernetes.client.util.Config;
public class KubeTest {
public static void main(String[] args) throws Exception {
ApiClient client = Config.defaultClient();
Configuration.setDefaultApiClient(client);
CoreV1Api api = new CoreV1Api();
V1PodList list = api.listPodForAllNamespaces(null, null, null, null, null, null, null, null, null/*, null*/);
for (V1Pod item : list.getItems()) {
System.out.println(item.getMetadata().getName());
}
}
}
Program Output:
Exception in thread "main" java.lang.NoClassDefFoundError: org/bouncycastle/crypto/CipherParameters
at java.base/java.lang.ClassLoader.defineClass1(Native Method)
at java.base/java.lang.ClassLoader.defineClass(ClassLoader.java:1017)
at java.base/java.security.SecureClassLoader.defineClass(SecureClassLoader.java:174)
at java.base/jdk.internal.loader.BuiltinClassLoader.defineClass(BuiltinClassLoader.java:800)
at java.base/jdk.internal.loader.BuiltinClassLoader.findClassOnClassPathOrNull(BuiltinClassLoader.java:698)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClassOrNull(BuiltinClassLoader.java:621)
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:579)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:178)
at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:522)
at org.bouncycastle.jcajce.provider.asymmetric.DSA$Mappings.configure(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider.loadAlgorithms(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider.setup(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider.access$000(Unknown Source)
at org.bouncycastle.jce.provider.BouncyCastleProvider$1.run(Unknown Source)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at org.bouncycastle.jce.provider.BouncyCastleProvider.<init>(Unknown Source)
at io.kubernetes.client.util.SSLUtils.<clinit>(SSLUtils.java:52)
at io.kubernetes.client.util.credentials.ClientCertificateAuthentication.provide(ClientCertificateAuthentication.java:37)
at io.kubernetes.client.util.credentials.KubeconfigAuthentication.provide(KubeconfigAuthentication.java:39)
at io.kubernetes.client.util.ClientBuilder.build(ClientBuilder.java:307)
at io.kubernetes.client.util.Config.defaultClient(Config.java:113)
at com.journaldev.java.KubeTest.main(KubeTest.java:12)```
**Expected behavior**
The program lists the pods in all namespaces
**KubeConfig**
If applicable, add a KubeConfig file with secrets redacted.
**Server (please complete the following information):**
- OS: MacOS
- Environment: Running directly on the host
- Cloud: None
**Additional context**
The same program with minor modifications for the kubernetes imports and the listPodForAllNamespaces works as expected when using kubernetes client version 6.0.1.