Upgrade Bouncy Castle to 1.73 (#41)

WORKSPACE

@@ -31,8 +31,8 @@ maven_install(
         "com.google.errorprone:error_prone_annotations:2.3.1",
         "com.google.guava:guava:32.0.1-jre",
         "com.squareup.okhttp3:okhttp:4.10.0",
-        "org.bouncycastle:bcpkix-jdk15on:1.61",
-        "org.bouncycastle:bcprov-jdk15on:1.61",
+        "org.bouncycastle:bcpkix-jdk18on:1.73",
+        "org.bouncycastle:bcprov-jdk18on:1.73",
         "org.jspecify:jspecify:0.2.0",
 
         "com.google.testparameterinjector:test-parameter-injector:1.11",

server/build.gradle

@@ -29,7 +29,7 @@ dependencies {
     compile 'com.google.errorprone:error_prone_annotations:2.3.1'
     compile 'com.google.guava:guava:32.0.1-jre'
     compile 'com.squareup.okhttp3:okhttp:4.10.0'
-    compile 'org.bouncycastle:bcpkix-jdk15on:1.61'
+    compile 'org.bouncycastle:bcpkix-jdk18on:1.73'
     compile 'org.jspecify:jspecify:0.2.0'
 
     testCompile 'com.google.testparameterinjector:test-parameter-injector:1.11'

server/src/main/java/com/google/android/attestation/AuthorizationList.java

@@ -77,11 +77,12 @@
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Integer;
+import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1OctetString;
-import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.ASN1Sequence;
 import org.bouncycastle.asn1.ASN1Set;
 import org.bouncycastle.asn1.ASN1TaggedObject;
+import org.bouncycastle.asn1.ASN1Util;
 import org.bouncycastle.asn1.DERNull;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERSequence;
@@ -370,7 +371,7 @@ public enum OperationPurpose {
   public final boolean identityCredentialKey;
 
   private AuthorizationList(ASN1Encodable[] authorizationList, int attestationVersion) {
-    Map<Integer, ASN1Primitive> authorizationMap = getAuthorizationMap(authorizationList);
+    Map<Integer, ASN1Object> authorizationMap = getAuthorizationMap(authorizationList);
     this.purpose =
         findIntegerSetAuthorizationListEntry(authorizationMap, KM_TAG_PURPOSE).stream()
             .flatMap(key -> Stream.ofNullable(ASN1_TO_OPERATION_PURPOSE.get(key)))
@@ -523,23 +524,25 @@ static AuthorizationList createAuthorizationList(
     return new AuthorizationList(authorizationList, attestationVersion);
   }
 
-  private static Map<Integer, ASN1Primitive> getAuthorizationMap(
+  private static Map<Integer, ASN1Object> getAuthorizationMap(
       ASN1Encodable[] authorizationList) {
-    Map<Integer, ASN1Primitive> authorizationMap = new HashMap<>();
+    Map<Integer, ASN1Object> authorizationMap = new HashMap<>();
     for (ASN1Encodable entry : authorizationList) {
-      ASN1TaggedObject taggedEntry = (ASN1TaggedObject) entry;
-      authorizationMap.put(taggedEntry.getTagNo(), taggedEntry.getObject());
+      ASN1TaggedObject taggedEntry = ASN1TaggedObject.getInstance(entry);
+      authorizationMap.put(
+          taggedEntry.getTagNo(),
+          ASN1Util.getExplicitContextBaseObject(taggedEntry, taggedEntry.getTagNo()));
     }
     return authorizationMap;
   }
 
-  private static Optional<ASN1Primitive> findAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+  private static Optional<ASN1Object> findAuthorizationListEntry(
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     return Optional.ofNullable(authorizationMap.get(tag));
   }
 
   private static ImmutableSet<Integer> findIntegerSetAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     ASN1Set asn1Set =
         findAuthorizationListEntry(authorizationMap, tag).map(ASN1Set.class::cast).orElse(null);
     if (asn1Set == null) {
@@ -549,45 +552,45 @@ private static ImmutableSet<Integer> findIntegerSetAuthorizationListEntry(
   }
 
   private static Optional<Duration> findOptionalDurationSecondsAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     Optional<Integer> seconds = findOptionalIntegerAuthorizationListEntry(authorizationMap, tag);
     return seconds.map(Duration::ofSeconds);
   }
 
   private static Optional<Integer> findOptionalIntegerAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     return findAuthorizationListEntry(authorizationMap, tag)
         .map(ASN1Integer.class::cast)
         .map(ASN1Parsing::getIntegerFromAsn1);
   }
 
   private static Optional<Instant> findOptionalInstantMillisAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     Optional<Long> millis = findOptionalLongAuthorizationListEntry(authorizationMap, tag);
     return millis.map(Instant::ofEpochMilli);
   }
 
   private static Optional<Long> findOptionalLongAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     return findAuthorizationListEntry(authorizationMap, tag)
         .map(ASN1Integer.class::cast)
         .map(value -> value.getValue().longValue());
   }
 
   private static boolean findBooleanAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     return findAuthorizationListEntry(authorizationMap, tag).isPresent();
   }
 
   private static Optional<byte[]> findOptionalByteArrayAuthorizationListEntry(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     return findAuthorizationListEntry(authorizationMap, tag)
         .map(ASN1OctetString.class::cast)
         .map(ASN1OctetString::getOctets);
   }
 
   private static ImmutableSet<UserAuthType> findUserAuthType(
-      Map<Integer, ASN1Primitive> authorizationMap, int tag) {
+      Map<Integer, ASN1Object> authorizationMap, int tag) {
     Optional<Long> userAuthType = findOptionalLongAuthorizationListEntry(authorizationMap, tag);
     return userAuthType.map(AuthorizationList::userAuthTypeToEnum).orElse(ImmutableSet.of());
   }

server/src/main/java/com/google/android/attestation/BUILD

@@ -16,8 +16,8 @@ java_library(
         "@maven//:com_google_errorprone_error_prone_annotations",
         "@maven//:com_google_guava_guava",
         "@maven//:com_squareup_okhttp3_okhttp",
-        "@maven//:org_bouncycastle_bcpkix_jdk15on",
-        "@maven//:org_bouncycastle_bcprov_jdk15on",
+        "@maven//:org_bouncycastle_bcpkix_jdk18on",
+        "@maven//:org_bouncycastle_bcprov_jdk18on",
         "@maven//:org_jspecify_jspecify",
     ],
 )

server/src/test/java/com/google/android/attestation/BUILD

@@ -6,7 +6,7 @@ java_test(
         "@maven//:com_google_truth_extensions_truth_java8_extension",
         "@maven//:com_google_truth_truth",
         "@maven//:junit_junit",
-        "@maven//:org_bouncycastle_bcprov_jdk15on",
+        "@maven//:org_bouncycastle_bcprov_jdk18on",
     ],
 )
 
@@ -19,7 +19,7 @@ java_test(
         "@maven//:com_google_truth_extensions_truth_java8_extension",
         "@maven//:com_google_truth_truth",
         "@maven//:junit_junit",
-        "@maven//:org_bouncycastle_bcprov_jdk15on",
+        "@maven//:org_bouncycastle_bcprov_jdk18on",
     ],
 )
 
@@ -32,7 +32,7 @@ java_test(
         "@maven//:com_google_truth_extensions_truth_java8_extension",
         "@maven//:com_google_truth_truth",
         "@maven//:junit_junit",
-        "@maven//:org_bouncycastle_bcprov_jdk15on",
+        "@maven//:org_bouncycastle_bcprov_jdk18on",
     ],
 )
 
@@ -44,6 +44,6 @@ java_test(
         "@maven//:com_google_truth_extensions_truth_java8_extension",
         "@maven//:com_google_truth_truth",
         "@maven//:junit_junit",
-        "@maven//:org_bouncycastle_bcprov_jdk15on",
+        "@maven//:org_bouncycastle_bcprov_jdk18on",
     ],
 )