I am getting a wrong keystore version error on my spring boot application when I attempt to instantiate my keystore that relies on bouncy castle 1.46. I added the right version 1.46 on pom.xml and even on my classpath but when I execute the spring-boot application, a version check on the Bouncy Castle provider at runtime indicates version 1.51.
How do I ensure the spring-boot application runs Bouncy Castle 1.46 defined on my pom.xml.
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.46</version>
</dependency>
private void installJCAProvider() {
BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
System.err.println("Bouncy Catle Provider Version " + bouncyCastleProvider.getVersion() + " \nName " + bouncyCastleProvider.getName() + " | \n" + bouncyCastleProvider.getInfo());
Security.addProvider(bouncyCastleProvider);
Provider[] providers = Security.getProviders();
for (Provider provider : providers) {
System.err.println("Installed security providers" +
provider.getInfo() + "\n");
}
}
Logs
Bouncy Castle Provider Version 1.51
Name SC |
BouncyCastle Security Provider v1.51
Run mvn dependency:tree
to see where version 1.51
came from and exclude it from dependencies.
Also spring-boot has a set of properties declared in its POMs
defining versions of dependencies. So look up into a POM of a spring-boot starter using Bouncy Castle lib for the property defining version and redefine its value in your POM.
According to this https://maven.apache.org/guides/introduction/introduction-to-dependency-mechanism.html You can try to trick Maven with placing your dependency declaration above of the spring-boot starter in dependencies list.