[PRODSEC-7274] bump bouncycastle version, add enforce rule for old bouncycastle versions

amps/ags/rm-automation/rm-automation-community-rest-api/pom.xml

@@ -83,6 +83,24 @@
          <groupId>com.github.docker-java</groupId>
          <artifactId>docker-java</artifactId>
          <version>3.3.2</version>
+         <exclusions>
+            <exclusion>
+               <groupId>org.bouncycastle</groupId>
+               <artifactId>bcprov-jdk15on</artifactId>
+            </exclusion>
+            <exclusion>
+               <groupId>org.bouncycastle</groupId>
+               <artifactId>bcpkix-jdk15on</artifactId>
+            </exclusion>
+         </exclusions>
+      </dependency>
+      <dependency>
+         <groupId>org.bouncycastle</groupId>
+         <artifactId>bcprov-jdk15to18</artifactId>
+      </dependency>
+      <dependency>
+         <groupId>org.bouncycastle</groupId>
+         <artifactId>bcpkix-jdk15to18</artifactId>
       </dependency>
    </dependencies>
 </project>

data-model/pom.xml

@@ -197,6 +197,10 @@
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>bcprov-jdk15on</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcmail-jdk15on</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>asm</groupId>
                     <artifactId>asm</artifactId>
@@ -220,7 +224,10 @@
                 </exclusion>
             </exclusions>
         </dependency>
-
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcmail-jdk15to18</artifactId>
+        </dependency>
         <dependency>
             <groupId>com.fasterxml.jackson.core</groupId>
             <artifactId>jackson-core</artifactId>

mmt/pom.xml

@@ -20,6 +20,16 @@
             <groupId>de.schlichtherle.truezip</groupId>
             <artifactId>truezip-driver-zip</artifactId>
             <version>${dependency.truezip.version}</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.bouncycastle</groupId>
+                    <artifactId>bcprov-jdk15on</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.bouncycastle</groupId>
+            <artifactId>bcprov-jdk15to18</artifactId>
         </dependency>
         <dependency>
             <groupId>de.schlichtherle.truezip</groupId>

pom.xml

@@ -62,7 +62,7 @@
         <dependency.cxf.version>4.0.2</dependency.cxf.version>
         <dependency.opencmis.version>1.0.0-jakarta-1</dependency.opencmis.version>
         <dependency.webscripts.version>8.46</dependency.webscripts.version>
-        <dependency.bouncycastle.version>1.70</dependency.bouncycastle.version>
+        <dependency.bouncycastle.version>1.76</dependency.bouncycastle.version>
         <dependency.mockito-core.version>5.4.0</dependency.mockito-core.version>
         <dependency.assertj.version>3.24.2</dependency.assertj.version>
         <dependency.org-json.version>20230618</dependency.org-json.version>
@@ -663,12 +663,17 @@
             <!-- Enforce newer version -->
             <dependency>
                 <groupId>org.bouncycastle</groupId>
-                <artifactId>bcprov-jdk15on</artifactId>
+                <artifactId>bcprov-jdk15to18</artifactId>
                 <version>${dependency.bouncycastle.version}</version>
             </dependency>
             <dependency>
                 <groupId>org.bouncycastle</groupId>
-                <artifactId>bcmail-jdk15on</artifactId>
+                <artifactId>bcmail-jdk15to18</artifactId>
+                <version>${dependency.bouncycastle.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.bouncycastle</groupId>
+                <artifactId>bcpkix-jdk15to18</artifactId>
                 <version>${dependency.bouncycastle.version}</version>
             </dependency>
             <dependency>
@@ -1110,8 +1115,15 @@
                                             <exclude>jakarta.xml.ws:jakarta.xml.ws-api:(, 3.0.1)</exclude>
                                             <exclude>jakarta.xml.soap:jakarta.xml.soap-api:(, 2.0.1)</exclude>
                                             <exclude>jakarta.jws:jakarta.jws-api:(, 3.0.0)</exclude>
-
+<!--                                            Enforce ban bouncycastle dependencies other than specified under <includes> section-->
+                                            <exclude>org.bouncycastle</exclude>
                                         </excludes>
+                                        <includes>
+                                            <include>org.bouncycastle:bcprov-jdk15to18:[1.74,)</include>
+                                            <include>org.bouncycastle:bcmail-jdk15to18:[1.74,)</include>
+                                            <include>org.bouncycastle:bcpkix-jdk15to18:[1.74,)</include>
+                                            <include>org.bouncycastle:bcutil-jdk15to18:[1.74,)</include>
+                                        </includes>
                                     </bannedDependencies>
                                 </rules>
                                 <fail>true</fail>

repository/pom.xml

@@ -252,7 +252,7 @@
         </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
-            <artifactId>bcprov-jdk15on</artifactId>
+            <artifactId>bcprov-jdk15to18</artifactId>
         </dependency>
         <dependency>
             <groupId>net.sf</groupId>