diff --git a/WORKSPACE b/WORKSPACE index 78ae16b803..411280c150 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -580,24 +580,24 @@ maven_jar( # This version must match the version that also appears in # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config -BC_VERS = '1.52' +BC_VERS = '1.55' maven_jar( name = 'bcprov', artifact = 'org.bouncycastle:bcprov-jdk15on:' + BC_VERS, - sha1 = '88a941faf9819d371e3174b5ed56a3f3f7d73269', + sha1 = '935f2e57a00ec2c489cbd2ad830d4a399708f979', ) maven_jar( name = 'bcpg', artifact = 'org.bouncycastle:bcpg-jdk15on:' + BC_VERS, - sha1 = 'ff4665a4b5633ff6894209d5dd10b7e612291858', + sha1 = '54ce841795ecdf10f24e50c48d4fdec59c691699', ) maven_jar( name = 'bcpkix', artifact = 'org.bouncycastle:bcpkix-jdk15on:' + BC_VERS, - sha1 = 'b8ffac2bbc6626f86909589c8cc63637cc936504', + sha1 = '6392d8cba22b722c6570d660ca0b3921ff1bae4f', ) maven_jar( diff --git a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GerritPublicKeyChecker.java b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GerritPublicKeyChecker.java index 0604723c0d..c65b114466 100644 --- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GerritPublicKeyChecker.java +++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/GerritPublicKeyChecker.java @@ -224,7 +224,6 @@ public class GerritPublicKeyChecker extends PublicKeyChecker { return false; } - @SuppressWarnings("unchecked") private Iterator getSignaturesForId(PGPPublicKey key, String userId) { Iterator result = key.getSignaturesForID(userId); diff --git a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/PublicKeyChecker.java b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/PublicKeyChecker.java index e4c81dfd0a..66e810cc33 100644 --- a/gerrit-gpg/src/main/java/com/google/gerrit/gpg/PublicKeyChecker.java +++ b/gerrit-gpg/src/main/java/com/google/gerrit/gpg/PublicKeyChecker.java @@ -291,7 +291,8 @@ public class PublicKeyChecker { return null; } - return new RevocationKey(sub.isCritical(), sub.getData()); + return new RevocationKey(sub.isCritical(), sub.isLongLength(), + sub.getData()); } private void checkRevocations(PGPPublicKey key, @@ -341,7 +342,8 @@ public class PublicKeyChecker { if (sub == null) { return null; } - return new RevocationReason(sub.isCritical(), sub.getData()); + return new RevocationReason(sub.isCritical(), sub.isLongLength(), + sub.getData()); } private static String reasonToString(RevocationReason reason) { @@ -405,7 +407,6 @@ public class PublicKeyChecker { // Don't check the timestamp of these certifications. This allows admins // to correct untrusted keys by signing them with a trusted key, such that // older signatures created by those keys retroactively appear valid. - @SuppressWarnings("unchecked") Iterator sigs = key.getSignaturesForID(userId); while (sigs.hasNext()) { diff --git a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config index 4d9d0f02ca..3bc6ae4ca0 100644 --- a/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config +++ b/gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config @@ -15,24 +15,24 @@ # Version should match lib/bouncycastle/BUCK [library "bouncyCastleProvider"] - name = Bouncy Castle Crypto Provider v152 - url = https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.52/bcprov-jdk15on-1.52.jar - sha1 = 88a941faf9819d371e3174b5ed56a3f3f7d73269 + name = Bouncy Castle Crypto Provider v155 + url = https://repo1.maven.org/maven2/org/bouncycastle/bcprov-jdk15on/1.55/bcprov-jdk15on-1.55.jar + sha1 = 935f2e57a00ec2c489cbd2ad830d4a399708f979 remove = bcprov-.*[.]jar # Version should match lib/bouncycastle/BUCK [library "bouncyCastleSSL"] - name = Bouncy Castle Crypto SSL v152 - url = https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.52/bcpkix-jdk15on-1.52.jar - sha1 = b8ffac2bbc6626f86909589c8cc63637cc936504 + name = Bouncy Castle Crypto SSL v155 + url = https://repo1.maven.org/maven2/org/bouncycastle/bcpkix-jdk15on/1.55/bcpkix-jdk15on-1.55.jar + sha1 = 6392d8cba22b722c6570d660ca0b3921ff1bae4f needs = bouncyCastleProvider remove = bcpkix-.*[.]jar # Version should match lib/bouncycastle/BUCK [library "bouncyCastlePGP"] - name = Bouncy Castle Crypto OpenPGP v152 - url = https://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/1.52/bcpg-jdk15on-1.52.jar - sha1 = ff4665a4b5633ff6894209d5dd10b7e612291858 + name = Bouncy Castle Crypto OpenPGP v155 + url = https://repo1.maven.org/maven2/org/bouncycastle/bcpg-jdk15on/1.55/bcpg-jdk15on-1.55.jar + sha1 = 54ce841795ecdf10f24e50c48d4fdec59c691699 needs = bouncyCastleProvider remove = bcpg-.*[.]jar diff --git a/lib/bouncycastle/BUCK b/lib/bouncycastle/BUCK index 68fa006a76..be8b2f7a3f 100644 --- a/lib/bouncycastle/BUCK +++ b/lib/bouncycastle/BUCK @@ -2,19 +2,19 @@ include_defs('//lib/maven.defs') # This version must match the version that also appears in # gerrit-pgm/src/main/resources/com/google/gerrit/pgm/init/libraries.config -VERSION = '1.52' +VERSION = '1.55' maven_jar( name = 'bcprov', id = 'org.bouncycastle:bcprov-jdk15on:' + VERSION, - sha1 = '88a941faf9819d371e3174b5ed56a3f3f7d73269', + sha1 = '935f2e57a00ec2c489cbd2ad830d4a399708f979', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' ) maven_jar( name = 'bcpg', id = 'org.bouncycastle:bcpg-jdk15on:' + VERSION, - sha1 = 'ff4665a4b5633ff6894209d5dd10b7e612291858', + sha1 = '54ce841795ecdf10f24e50c48d4fdec59c691699', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], ) @@ -22,7 +22,7 @@ maven_jar( maven_jar( name = 'bcpkix', id = 'org.bouncycastle:bcpkix-jdk15on:' + VERSION, - sha1 = 'b8ffac2bbc6626f86909589c8cc63637cc936504', + sha1 = '6392d8cba22b722c6570d660ca0b3921ff1bae4f', license = 'DO_NOT_DISTRIBUTE', #'bouncycastle' deps = [':bcprov'], )