Reinstate Java 11 support which somehow got lost

libp2p/build.gradle.kts

@@ -17,6 +17,7 @@ dependencies {
 
     implementation("org.bouncycastle:bcprov-jdk15on")
     implementation("org.bouncycastle:bcpkix-jdk15on")
+    implementation("org.bouncycastle:bctls-jdk15on")
 
     testImplementation(project(":tools:schedulers"))
 

libp2p/src/main/kotlin/io/libp2p/security/tls/TLSSecureChannel.kt

@@ -31,11 +31,14 @@ import org.bouncycastle.cert.X509CertificateHolder
 import org.bouncycastle.cert.X509v3CertificateBuilder
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter
 import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters
+import org.bouncycastle.jcajce.interfaces.EdDSAPublicKey
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
 import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder
 import java.math.BigInteger
 import java.security.KeyFactory
 import java.security.PrivateKey
 import java.security.PublicKey
+import java.security.Security
 import java.security.cert.Certificate
 import java.security.cert.CertificateException
 import java.security.cert.X509Certificate
@@ -62,6 +65,10 @@ class TlsSecureChannel(private val localKey: PrivKey, private val muxerIds: List
 
     companion object {
         const val announce = "/tls/1.0.0"
+        init {
+            Security.insertProviderAt(Libp2pCrypto.provider, 1)
+            Security.insertProviderAt(BouncyCastleJsseProvider(), 2)
+        }
     }
 
     override val protocolDescriptor = ProtocolDescriptor(announce)
@@ -101,12 +108,13 @@ fun buildTlsHandler(
         .ciphers(listOf("TLS_AES_128_GCM_SHA256", "TLS_AES_256_GCM_SHA384", "TLS_CHACHA20_POLY1305_SHA256"))
         .clientAuth(ClientAuth.REQUIRE)
         .trustManager(Libp2pTrustManager(expectedRemotePeer))
+        .sslContextProvider(BouncyCastleJsseProvider())
         .applicationProtocolConfig(
             ApplicationProtocolConfig(
                 ApplicationProtocolConfig.Protocol.ALPN,
                 ApplicationProtocolConfig.SelectorFailureBehavior.FATAL_ALERT,
                 ApplicationProtocolConfig.SelectedListenerFailureBehavior.FATAL_ALERT,
-                muxerIds.plus("libp2p")
+                muxerIds.plus("libp2p") // early muxer negotiation
             )
         )
         .build()
@@ -194,7 +202,7 @@ class Libp2pTrustManager(private val expectedRemotePeer: Optional<PeerId>) : X50
 
 fun getJavaKey(priv: PrivKey): PrivateKey {
     if (priv.keyType == Crypto.KeyType.Ed25519) {
-        val kf = KeyFactory.getInstance("Ed25519")
+        val kf = KeyFactory.getInstance("Ed25519", Libp2pCrypto.provider)
         val privKeyInfo =
             PrivateKeyInfo(AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), DEROctetString(priv.raw()))
         val pkcs8KeySpec = PKCS8EncodedKeySpec(privKeyInfo.encoded)
@@ -212,39 +220,20 @@ fun getJavaKey(priv: PrivKey): PrivateKey {
     throw IllegalArgumentException("Unsupported TLS key type:" + priv.keyType)
 }
 
-fun getJavaPublicKey(pub: PubKey): PublicKey {
+fun getAsn1EncodedPublicKey(pub: PubKey): ByteArray {
     if (pub.keyType == Crypto.KeyType.Ed25519) {
-        val kf = KeyFactory.getInstance("Ed25519")
-
-        // determine if x was odd.
-        var pk = pub.raw()
-        val lastbyteInt = pk[pk.lastIndex].toInt()
-        var xisodd = lastbyteInt.and(255).shr(7) == 1
-        // make sure most significant bit will be 0 - after reversing.
-        pk[31] = pk[31].and(127)
-        val y = BigInteger(1, pk.reversedArray())
-
-        val paramSpec = NamedParameterSpec("Ed25519")
-        val ep = EdECPoint(xisodd, y)
-        val pubSpec = EdECPublicKeySpec(paramSpec, ep)
-        return kf.generatePublic(pubSpec)
+        return SubjectPublicKeyInfo(AlgorithmIdentifier(EdECObjectIdentifiers.id_Ed25519), pub.raw()).encoded
     }
     if (pub.keyType == Crypto.KeyType.ECDSA) {
-        return (pub as EcdsaPublicKey).javaKey()
+        return (pub as EcdsaPublicKey).javaKey().encoded
     }
     throw IllegalArgumentException("Unsupported TLS key type:" + pub.keyType)
 }
 
 fun getPubKey(pub: PublicKey): PubKey {
     if (pub.algorithm.equals("EdDSA") || pub.algorithm.equals("Ed25519")) {
-        // It seems batshit that we have to do this, but haven't found an equivalent library call
-        val point = (pub as EdECPublicKey).point
-        var pk = point.y.toByteArray().reversedArray()
-        if (pk.size == 31)
-            pk = pk.plus(0)
-        if (point.isXOdd)
-            pk[31] = pk[31].or(0x80.toByte())
-        return Ed25519PublicKey(Ed25519PublicKeyParameters(pk))
+        val raw = (pub as EdDSAPublicKey).pointEncoding
+        return Ed25519PublicKey(Ed25519PublicKeyParameters(raw))
     }
     if (pub.algorithm.equals("EC")) {
         return EcdsaPublicKey(pub as ECPublicKey)
@@ -295,7 +284,7 @@ fun getPublicKeyFromCert(chain: Array<Certificate>): PubKey {
  *
  */
 fun buildCert(hostKey: PrivKey, subjectKey: PrivKey): X509Certificate {
-    val publicKeyAsn1 = getJavaPublicKey(subjectKey.publicKey()).encoded
+    val publicKeyAsn1 = getAsn1EncodedPublicKey(subjectKey.publicKey())
     val subPubKeyInfo = SubjectPublicKeyInfo.getInstance(publicKeyAsn1)
 
     val now = Instant.now()

versions.gradle

@@ -27,7 +27,7 @@ dependencyManagement {
             entry 'protobuf-java'
             entry 'protoc'
         }
-        dependencySet(group: "io.netty", version: "4.1.87.Final") {
+        dependencySet(group: "io.netty", version: "4.1.90.Final") {
             entry 'netty-common'
             entry 'netty-handler'
             entry 'netty-transport'
@@ -40,6 +40,7 @@ dependencyManagement {
         dependencySet(group: "org.bouncycastle", version: "1.70") {
             entry 'bcprov-jdk15on'
             entry 'bcpkix-jdk15on'
+            entry 'bctls-jdk15on'
         }
     }
 }