(nifi) branch main updated: NIFI-14203 Replaced deprecated Bouncy Castle PGP methods (#9678)

exceptionfactory Sat, 01 Feb 2025 07:26:06 -0800

This is an automated email from the ASF dual-hosted git repository.

exceptionfactory pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git



The following commit(s) were added to refs/heads/main by this push:
     new 60a8a43bf3 NIFI-14203 Replaced deprecated Bouncy Castle PGP methods 
(#9678)
60a8a43bf3 is described below

commit 60a8a43bf3b85f5cf9043cb9f60fb6cf769b8dcf
Author: dan-s1 <[email protected]>
AuthorDate: Sat Feb 1 10:24:26 2025 -0500

    NIFI-14203 Replaced deprecated Bouncy Castle PGP methods (#9678)
    
    Signed-off-by: David Handermann <[email protected]>
---
 .../main/java/org/apache/nifi/processors/pgp/SignContentPGP.java   | 7 ++++++-
 .../src/main/java/org/apache/nifi/pgp/util/PGPOperationUtils.java  | 7 ++++++-
 .../main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java  | 3 ++-
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git 
a/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java
 
b/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java
index 4f3ef7c797..98e2758b2f 100644
--- 
a/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java
+++ 
b/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-processors/src/main/java/org/apache/nifi/processors/pgp/SignContentPGP.java
@@ -44,9 +44,12 @@ import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
 import org.bouncycastle.openpgp.PGPOnePassSignature;
 import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
 import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
+import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
 
 import java.io.IOException;
@@ -290,7 +293,9 @@ public class SignContentPGP extends AbstractProcessor {
             final int keyAlgorithm = 
privateKey.getPublicKeyPacket().getAlgorithm();
             final SecureRandom secureRandom = new SecureRandom();
             final JcaPGPContentSignerBuilder builder = new 
JcaPGPContentSignerBuilder(keyAlgorithm, 
hashAlgorithm.getId()).setSecureRandom(secureRandom);
-            final PGPSignatureGenerator signatureGenerator = new 
PGPSignatureGenerator(builder);
+            final KeyFingerPrintCalculator keyFingerprintCalculator = new 
JcaKeyFingerprintCalculator();
+            final PGPPublicKey pgpPublicKey = new 
PGPPublicKey(privateKey.getPublicKeyPacket(), keyFingerprintCalculator);
+            final PGPSignatureGenerator signatureGenerator = new 
PGPSignatureGenerator(builder, pgpPublicKey);
             signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
             return signatureGenerator;
         }
diff --git 
a/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPOperationUtils.java
 
b/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPOperationUtils.java
index 63e1fe7407..3b95aff63f 100644
--- 
a/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPOperationUtils.java
+++ 
b/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPOperationUtils.java
@@ -21,9 +21,12 @@ import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPLiteralDataGenerator;
 import org.bouncycastle.openpgp.PGPOnePassSignature;
 import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.openpgp.PGPSignatureGenerator;
+import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
 import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
+import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.bouncycastle.openpgp.operator.jcajce.JcaPGPContentSignerBuilder;
 
 import java.io.ByteArrayOutputStream;
@@ -101,7 +104,9 @@ public class PGPOperationUtils {
 
     private static PGPSignatureGenerator getSignatureGenerator(final 
PGPPrivateKey privateKey) throws PGPException {
         final PGPContentSignerBuilder contentSignerBuilder = new 
JcaPGPContentSignerBuilder(privateKey.getPublicKeyPacket().getAlgorithm(), 
HashAlgorithmTags.SHA512);
-        final PGPSignatureGenerator signatureGenerator = new 
PGPSignatureGenerator(contentSignerBuilder);
+        final KeyFingerPrintCalculator keyFingerprintCalculator = new 
JcaKeyFingerprintCalculator();
+        final PGPPublicKey pgpPublicKey = new 
PGPPublicKey(privateKey.getPublicKeyPacket(), keyFingerprintCalculator);
+        final PGPSignatureGenerator signatureGenerator = new 
PGPSignatureGenerator(contentSignerBuilder, pgpPublicKey);
         signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, privateKey);
         return signatureGenerator;
     }
diff --git 
a/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java
 
b/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java
index 25568955d8..6b1df078fc 100644
--- 
a/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java
+++ 
b/nifi-extension-bundles/nifi-pgp-bundle/nifi-pgp-test-utils/src/main/java/org/apache/nifi/pgp/util/PGPSecretKeyGenerator.java
@@ -17,6 +17,7 @@
 package org.apache.nifi.pgp.util;
 
 import org.bouncycastle.bcpg.HashAlgorithmTags;
+import org.bouncycastle.bcpg.PublicKeyPacket;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.openpgp.PGPEncryptedData;
 import org.bouncycastle.openpgp.PGPException;
@@ -112,7 +113,7 @@ public class PGPSecretKeyGenerator {
     }
 
     private static PGPKeyPair getPgpKeyPair(final KeyPair keyPair, final int 
algorithm) throws PGPException {
-        return new JcaPGPKeyPair(algorithm, keyPair, new Date());
+        return new JcaPGPKeyPair(PublicKeyPacket.VERSION_4, algorithm, 
keyPair, new Date());
     }
 
     private static PBESecretKeyEncryptor getSecretKeyEncryptor(final char[] 
password, final PGPDigestCalculator digestCalculator) {

(nifi) branch main updated: NIFI-14203 Replaced deprecated Bouncy Castle PGP methods (#9678)

Reply via email to