Jar conflict with Bouncy Castle library

I have been facing this issue when I launch my simulation on Gatling Enterprise controller Version: 1.16.1
Gatling Version: 3.7.4.FL-M1

My Bouncy Castle dependency



I see several issues with this bc-fips library:

  1. The pom published on maven central is broken. It doesn’t declare any dependency while it obviously depends on other bc modules: the org.bouncycastle.crypto.CryptoServicesRegistrar is shipped in the bcprov-jdk15on library. There’s no way to tell which version of bcprov-jdk15on this library depends on.

  2. It was last published on 29-Apr-2021. The last release of bcprov-jdk15on was on 01-Dec-2021, which is the version you have with Gatling Enterprise 1.16.1.

It looks like bc-fips was either released against an old version of core BouncyCastle core modules, or that an incompatible change was introduced in the BouncyCastle core modules.

There’s nothing we can do on our side, that’s something that has to get fixed on the bc-fips side where you need a release that’s compiled against modern versions of the core modules. Ideally, this pom issue should get fixed too.

The project page says they are looking for maintenance sponsorship. If this library is important for you, you might want to consider sponsoring.
Another possibility is to contribute a fix yourself on GitHub: https://github.com/tashiscool/bc-fips


So actually, bc-fips contains classes that are forked from the standard BouncyCastle libs (same Fully Qualified Class Name, different methods, here org.bouncycastle.crypto.CryptoServicesRegistrar) so both can’t properly co-exist in the same classpath.

In 3.8, I think we’ll shadow the BouncyCastle we use in the recorder to avoid this kind of conflicts.

Thanks, Stéphane! I will look for that release.