From caea165a7ab9258afb064a2077a71ce8cb6b98b8 Mon Sep 17 00:00:00 2001
From: Joacim Zschimmer <jogit@zschimmer.com>
Date: Sat, 7 Dec 2024 09:20:39 +0100
Subject: [PATCH] update bouncy castle 1.79

---
 .../scala/js7/service/pgp/PgpCommons.scala    |  4 +++-
 .../js7/service/pgp/PgpKeyGenerator.scala     | 22 ++++++++++++++-----
 .../scala/js7/service/pgp/PgpSigner.scala     |  2 ++
 project/Dependencies.scala                    |  2 +-
 4 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/js7-service-pgp/src/main/scala/js7/service/pgp/PgpCommons.scala b/js7-service-pgp/src/main/scala/js7/service/pgp/PgpCommons.scala
index 010f73fc6c..c8d5d0bfa0 100644
--- a/js7-service-pgp/src/main/scala/js7/service/pgp/PgpCommons.scala
+++ b/js7-service-pgp/src/main/scala/js7/service/pgp/PgpCommons.scala
@@ -22,6 +22,7 @@ import org.bouncycastle.openpgp.examples.PubringDump
 import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator
 import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator
 import org.bouncycastle.openpgp.{PGPPublicKey, PGPPublicKeyRing, PGPPublicKeyRingCollection, PGPSecretKey, PGPSecretKeyRing, PGPSecretKeyRingCollection, PGPSignature, PGPUtil}
+import scala.annotation.nowarn
 import scala.jdk.CollectionConverters.*
 import scala.util.control.NonFatal
 
@@ -126,6 +127,7 @@ object PgpCommons:
       case HashAlgorithmTags.TIGER_192 => "TIGER"
       case _ => hashAlgorithm.toString
 
+  @nowarn("cat=deprecation")
   private def publicKeyAlgorithmToString(n: Int) =
     n match
       case PublicKeyAlgorithmTags.RSA_GENERAL => "'RSA general'"
@@ -136,7 +138,7 @@ object PgpCommons:
       case PublicKeyAlgorithmTags.DIFFIE_HELLMAN => "Diffie-Hellman"
       case _ =>
         try PubringDump.getAlgorithm(n)
-        catch { case NonFatal(_) => n.toString }
+        catch case NonFatal(_) => n.toString
 
   private def cipherToString(n: Int) =
     try PGPUtil.getSymmetricCipherName(n)
diff --git a/js7-service-pgp/src/main/scala/js7/service/pgp/PgpKeyGenerator.scala b/js7-service-pgp/src/main/scala/js7/service/pgp/PgpKeyGenerator.scala
index d3567347cc..efe6a431ac 100644
--- a/js7-service-pgp/src/main/scala/js7/service/pgp/PgpKeyGenerator.scala
+++ b/js7-service-pgp/src/main/scala/js7/service/pgp/PgpKeyGenerator.scala
@@ -6,12 +6,13 @@ import js7.base.crypt.SignerId
 import js7.base.generic.SecretString
 import js7.base.log.Logger
 import org.bouncycastle.bcpg.sig.{Features, KeyFlags}
-import org.bouncycastle.bcpg.{HashAlgorithmTags, PublicKeyAlgorithmTags, SymmetricKeyAlgorithmTags}
+import org.bouncycastle.bcpg.{HashAlgorithmTags, PublicKeyAlgorithmTags, PublicKeyPacket, SymmetricKeyAlgorithmTags}
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair
 import org.bouncycastle.crypto.generators.RSAKeyPairGenerator
 import org.bouncycastle.crypto.params.RSAKeyGenerationParameters
 import org.bouncycastle.openpgp.operator.bc.{BcPBESecretKeyEncryptorBuilder, BcPGPContentSignerBuilder, BcPGPDigestCalculatorProvider, BcPGPKeyPair}
 import org.bouncycastle.openpgp.{PGPKeyRingGenerator, PGPSecretKey, PGPSignature, PGPSignatureSubpacketGenerator, PGPSignatureSubpacketVector}
+import org.jetbrains.annotations.TestOnly
 
 /**
   * @author Joacim Zschimmer
@@ -19,12 +20,17 @@ import org.bouncycastle.openpgp.{PGPKeyRingGenerator, PGPSecretKey, PGPSignature
 object PgpKeyGenerator:
   private val logger = Logger[this.type]
 
+  @TestOnly
   def generateSecretKey(id: SignerId, password: SecretString, keySize: Int = 4096): PGPSecretKey =
     // See https://stackoverflow.com/questions/3087049/bouncy-castle-rsa-keypair-generation-using-lightweight-api
     val publicExponent = 0x10001  // Should be a Fermat number
     val certainty = 80
-    val controllerSigningKeyPair = newKeyPair(new RSAKeyGenerationParameters(BigInteger.valueOf(publicExponent), new SecureRandom, keySize, certainty))
-    val shaCalculator = new BcPGPDigestCalculatorProvider().get(HashAlgorithmTags.SHA1)  // "only SHA1 supported for key checksum calculations"
+    val controllerSigningKeyPair = newKeyPair:
+      new RSAKeyGenerationParameters(
+        BigInteger.valueOf(publicExponent),
+        new SecureRandom, keySize, certainty)
+    val shaCalculator = new BcPGPDigestCalculatorProvider()
+      .get(HashAlgorithmTags.SHA1) // "only SHA1 supported for key checksum calculations"
     new PGPKeyRingGenerator(
       PGPSignature.POSITIVE_CERTIFICATION,
       controllerSigningKeyPair,
@@ -32,13 +38,19 @@ object PgpKeyGenerator:
       shaCalculator,
       signatureSubpackets,
       null,
-      new BcPGPContentSignerBuilder(controllerSigningKeyPair.getPublicKey.getAlgorithm, HashAlgorithmTags.SHA512),
+      new BcPGPContentSignerBuilder(
+        controllerSigningKeyPair.getPublicKey.getAlgorithm,
+        HashAlgorithmTags.SHA512),
       new BcPBESecretKeyEncryptorBuilder(SymmetricKeyAlgorithmTags.AES_256, shaCalculator)
         .build(password.string.toArray)
     ).generateSecretKeyRing.getSecretKey
 
   private def newKeyPair(parameters: RSAKeyGenerationParameters): BcPGPKeyPair =
-    new BcPGPKeyPair(PublicKeyAlgorithmTags.RSA_SIGN, newAsymmetricCipherKeyPair(parameters), new java.util.Date)
+    new BcPGPKeyPair(
+      PublicKeyPacket.VERSION_4,
+      PublicKeyAlgorithmTags.RSA_GENERAL,
+      newAsymmetricCipherKeyPair(parameters),
+      new java.util.Date)
 
   private def newAsymmetricCipherKeyPair(parameters: RSAKeyGenerationParameters): AsymmetricCipherKeyPair =
     val generator = new RSAKeyPairGenerator
diff --git a/js7-service-pgp/src/main/scala/js7/service/pgp/PgpSigner.scala b/js7-service-pgp/src/main/scala/js7/service/pgp/PgpSigner.scala
index f611a3b0bc..eefdf6b992 100644
--- a/js7-service-pgp/src/main/scala/js7/service/pgp/PgpSigner.scala
+++ b/js7-service-pgp/src/main/scala/js7/service/pgp/PgpSigner.scala
@@ -15,6 +15,7 @@ import js7.service.pgp.PgpCommons.*
 import org.bouncycastle.bcpg.HashAlgorithmTags
 import org.bouncycastle.openpgp.operator.jcajce.{JcaPGPContentSignerBuilder, JcePBESecretKeyDecryptorBuilder}
 import org.bouncycastle.openpgp.{PGPSecretKey, PGPSecretKeyRingCollection, PGPSignature, PGPSignatureGenerator, PGPSignatureSubpacketGenerator, PGPUtil}
+import org.jetbrains.annotations.TestOnly
 import scala.jdk.CollectionConverters.*
 import scala.util.Random
 
@@ -74,6 +75,7 @@ object PgpSigner extends DocumentSigner.Companion:
     Checked.catchNonFatal(
       new PgpSigner(pgpSecretKey, password))
 
+  @TestOnly
   def forTest(): (PgpSigner, PgpSignatureVerifier) =
     val pgpPassword = SecretString(Vector.fill(10)('a' + Random.nextInt('z' - 'a' + 1)).mkString)
     val pgpSecretKey = PgpKeyGenerator.generateSecretKey(SignerId("TEST"), pgpPassword, keySize = 1024/*fast for test*/)
diff --git a/project/Dependencies.scala b/project/Dependencies.scala
index ec4b3d61df..700d52112f 100644
--- a/project/Dependencies.scala
+++ b/project/Dependencies.scala
@@ -72,7 +72,7 @@ object Dependencies
   val intelliJAnnotations = "com.intellij" % "annotations" % "12.0"
 
   val findbugs            = "com.google.code.findbugs" % "jsr305" % "3.0.2"
-  val bouncyCastle        = "org.bouncycastle" % "bcpg-jdk18on" % "1.78.1"
+  val bouncyCastle        = "org.bouncycastle" % "bcpg-jdk18on" % "1.79"
   val hamcrest            = "org.hamcrest" % "hamcrest" % "3.0" ::
                             "org.hamcrest" % "hamcrest-library" % "3.0" :: Nil
   val jna                 = "net.java.dev.jna" % "jna-platform" % jnaVersion ::