Upgrade Bouncy Castle to 1.61

Also now use JcaKeyBoxBuilder constructor in
BouncyCastleGpgKeyLocator.readKeyBoxFile(Path).

CQ: 19868
CQ: 19869
CQ: 19870
Change-Id: I45bd80e158aecd90448b0c7e59615db27aaef892
Signed-off-by: Brandon Weeks <bweeks@google.com>
Signed-off-by: Matthias Sohn <matthias.sohn@sap.com>

3 files changed, 34 insertions, 22 deletions

diff --git a/org.eclipse.jgit/META-INF/MANIFEST.MF b/org.eclipse.jgit/META-INF/MANIFEST.MF
index 95594f29e5..bd3161b438 100644
--- a/org.eclipse.jgit/META-INF/MANIFEST.MF
+++ b/org.eclipse.jgit/META-INF/MANIFEST.MF
@@ -160,16 +160,17 @@ Import-Package: com.googlecode.javaewah;version="[1.1.6,2.0.0)",
  com.jcraft.jsch;version="[0.1.37,0.2.0)",
  javax.crypto,
  javax.net.ssl,
- org.bouncycastle;version="[1.60.0,2.0.0)",
- org.bouncycastle.bcpg;version="[1.60.0,2.0.0)",
- org.bouncycastle.gpg;version="[1.60.0,2.0.0)",
- org.bouncycastle.gpg.keybox;version="[1.60.0,2.0.0)",
- org.bouncycastle.jce.provider;version="[1.60.0,2.0.0)",
- org.bouncycastle.openpgp;version="[1.60.0,2.0.0)",
- org.bouncycastle.openpgp.jcajce;version="[1.60.0,2.0.0)",
- org.bouncycastle.openpgp.operator;version="[1.60.0,2.0.0)",
- org.bouncycastle.openpgp.operator.jcajce;version="[1.60.0,2.0.0)",
- org.bouncycastle.util.encoders;version="[1.60.0,2.0.0)",
+ org.bouncycastle;version="[1.61.0,2.0.0)",
+ org.bouncycastle.bcpg;version="[1.61.0,2.0.0)",
+ org.bouncycastle.gpg;version="[1.61.0,2.0.0)",
+ org.bouncycastle.gpg.keybox;version="[1.61.0,2.0.0)",
+ org.bouncycastle.gpg.keybox.jcajce;version="[1.61.0,2.0.0)",
+ org.bouncycastle.jce.provider;version="[1.61.0,2.0.0)",
+ org.bouncycastle.openpgp;version="[1.61.0,2.0.0)",
+ org.bouncycastle.openpgp.jcajce;version="[1.61.0,2.0.0)",
+ org.bouncycastle.openpgp.operator;version="[1.61.0,2.0.0)",
+ org.bouncycastle.openpgp.operator.jcajce;version="[1.61.0,2.0.0)",
+ org.bouncycastle.util.encoders;version="[1.61.0,2.0.0)",
  org.slf4j;version="[1.7.0,2.0.0)",
  org.xml.sax,
  org.xml.sax.helpers
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java
index df9615fc9d..0d44317658 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgKeyLocator.java
@@ -54,6 +54,8 @@ import java.nio.file.Files;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.text.MessageFormat;
 import java.util.Iterator;
 import java.util.Locale;
@@ -67,6 +69,7 @@ import org.bouncycastle.gpg.keybox.KeyBox;
 import org.bouncycastle.gpg.keybox.KeyInformation;
 import org.bouncycastle.gpg.keybox.PublicKeyRingBlob;
 import org.bouncycastle.gpg.keybox.UserID;
+import org.bouncycastle.gpg.keybox.jcajce.JcaKeyBoxBuilder;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSecretKey;
@@ -210,9 +213,12 @@ class BouncyCastleGpgKeyLocator {
 	 * @return publicKey the public key (maybe <code>null</code>)
 	 * @throws IOException
 	 *             in case of problems reading the file
+	 * @throws NoSuchAlgorithmException
+	 * @throws NoSuchProviderException
 	 */
 	private PGPPublicKey findPublicKeyInKeyBox(Path keyboxFile)
-			throws IOException {
+			throws IOException, NoSuchAlgorithmException,
+			NoSuchProviderException {
 		KeyBox keyBox = readKeyBoxFile(keyboxFile);
 		for (KeyBlob keyBlob : keyBox.getKeyBlobs()) {
 			if (keyBlob.getType() == BlobType.OPEN_PGP_BLOB) {
@@ -236,15 +242,17 @@ class BouncyCastleGpgKeyLocator {
 	 * @return the secret key
 	 * @throws IOException
 	 *             in case of issues reading key files
+	 * @throws NoSuchAlgorithmException
+	 * @throws NoSuchProviderException
 	 * @throws PGPException
 	 *             in case of issues finding a key
 	 * @throws CanceledException
 	 * @throws URISyntaxException
 	 * @throws UnsupportedCredentialItem
 	 */
-	public BouncyCastleGpgKey findSecretKey()
-			throws IOException, PGPException, CanceledException,
-			UnsupportedCredentialItem, URISyntaxException {
+	public BouncyCastleGpgKey findSecretKey() throws IOException,
+			NoSuchAlgorithmException, NoSuchProviderException, PGPException,
+			CanceledException, UnsupportedCredentialItem, URISyntaxException {
 		if (exists(USER_KEYBOX_PATH)) {
 			PGPPublicKey publicKey = //
 					findPublicKeyInKeyBox(USER_KEYBOX_PATH);
@@ -376,14 +384,12 @@ class BouncyCastleGpgKeyLocator {
 				.getPublicKey();
 	}
 
-	private KeyBox readKeyBoxFile(Path keyboxFile) throws IOException {
+	private KeyBox readKeyBoxFile(Path keyboxFile) throws IOException,
+			NoSuchAlgorithmException, NoSuchProviderException {
 		KeyBox keyBox;
 		try (InputStream in = new BufferedInputStream(
 				newInputStream(keyboxFile))) {
-			// note: KeyBox constructor reads in the whole InputStream at once
-			// this code will change in 1.61 to
-			// either 'new BcKeyBox(in)' or 'new JcaKeyBoxBuilder().build(in)'
-			keyBox = new KeyBox(in, new JcaKeyFingerprintCalculator());
+			keyBox = new JcaKeyBoxBuilder().build(in);
 		}
 		return keyBox;
 	}
diff --git a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java
index 4d696dd9e7..cfe0931b47 100644
--- a/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java
+++ b/org.eclipse.jgit/src/org/eclipse/jgit/lib/internal/BouncyCastleGpgSigner.java
@@ -45,6 +45,8 @@ package org.eclipse.jgit.lib.internal;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.net.URISyntaxException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
 import java.security.Security;
 
 import org.bouncycastle.bcpg.ArmoredOutputStream;
@@ -100,7 +102,8 @@ public class BouncyCastleGpgSigner extends GpgSigner {
 			BouncyCastleGpgKey gpgKey = locateSigningKey(gpgSigningKey,
 					committer, passphrasePrompt);
 			return gpgKey != null;
-		} catch (PGPException | IOException | URISyntaxException e) {
+		} catch (PGPException | IOException | NoSuchAlgorithmException
+				| NoSuchProviderException | URISyntaxException e) {
 			return false;
 		}
 	}
@@ -109,7 +112,8 @@ public class BouncyCastleGpgSigner extends GpgSigner {
 			PersonIdent committer,
 			BouncyCastleGpgKeyPassphrasePrompt passphrasePrompt)
 			throws CanceledException, UnsupportedCredentialItem, IOException,
-			PGPException, URISyntaxException {
+			NoSuchAlgorithmException, NoSuchProviderException, PGPException,
+			URISyntaxException {
 		if (gpgSigningKey == null || gpgSigningKey.isEmpty()) {
 			gpgSigningKey = committer.getEmailAddress();
 		}
@@ -153,7 +157,8 @@ public class BouncyCastleGpgSigner extends GpgSigner {
 				signatureGenerator.generate().encode(out);
 			}
 			commit.setGpgSignature(new GpgSignature(buffer.toByteArray()));
-		} catch (PGPException | IOException | URISyntaxException e) {
+		} catch (PGPException | IOException | NoSuchAlgorithmException
+				| NoSuchProviderException | URISyntaxException e) {
 			throw new JGitInternalException(e.getMessage(), e);
 		}
 	}