From d41f608e4e17ee0076d4111cba11a5586e4341d4 Mon Sep 17 00:00:00 2001
From: Nick Dunstone <49945179+nickdunstone13@users.noreply.github.com>
Date: Wed, 17 Feb 2021 12:53:30 +0000
Subject: [PATCH] CORDA-4098 assumption test (#6871) (#6873)

* Upgrade of Bouncy Castle to resolve security issue

* Changed default signature scheme

* Reverted default change in draft

* Key conversion for BC with ed25519

* Initializing BC provider to use X509EdDSAEngine for Signature.Ed25519

* removed unsude imports

Co-authored-by: Nick Dunstone <nick.a.dunstone@gmail.com>

Co-authored-by: Alexey Kadyrov <67952405+alexey-kadyrov-r3@users.noreply.github.com>
---
 constants.properties                                            | 2 +-
 .../main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt   | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/constants.properties b/constants.properties
index c66151f01d..a8f81a6917 100644
--- a/constants.properties
+++ b/constants.properties
@@ -20,7 +20,7 @@ quasarVersion11=0.8.1_r3
 jdkClassifier11=jdk11
 dockerJavaVersion=3.2.5
 proguardVersion=6.1.1
-bouncycastleVersion=1.66
+bouncycastleVersion=1.68
 classgraphVersion=4.8.90
 disruptorVersion=3.4.2
 typesafeConfigVersion=1.3.4
diff --git a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
index d065aa30e1..3b17e644f1 100644
--- a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
+++ b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
@@ -35,6 +35,7 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
     putAll(EdDSASecurityProvider())
     // Override the normal EdDSA engine with one which can handle X509 keys.
     put("Signature.${EdDSAEngine.SIGNATURE_ALGORITHM}", X509EdDSAEngine::class.java.name)
+    put("Signature.Ed25519", X509EdDSAEngine::class.java.name)
     addKeyInfoConverter(`id-Curve25519ph`, object : AsymmetricKeyInfoConverter {
         override fun generatePublic(keyInfo: SubjectPublicKeyInfo) = decodePublicKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
         override fun generatePrivate(keyInfo: PrivateKeyInfo) = decodePrivateKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
@@ -46,6 +47,7 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
     // TODO: Find a way to make JKS work with bouncy castle provider or implement our own provide so we don't have to register bouncy castle provider.
     Security.addProvider(it)
 }
+
 val bouncyCastlePQCProvider = BouncyCastlePQCProvider().apply {
     require(name == "BCPQC") { "Invalid PQCProvider name" }
 }.also {