From 80f43a28fa4f20acb93104f0945972765be9db08 Mon Sep 17 00:00:00 2001
From: Patrick Flynn <patrick@chainguard.dev>
Date: Mon, 12 Sep 2022 07:55:15 -0400
Subject: [PATCH 1/3] Remove conditional use of bouncy castle as TUF code
 requires it in all jdk versions

Signed-off-by: Patrick Flynn <patrick@chainguard.dev>
---
 .../java/dev/sigstore/encryption/Keys.java     | 18 +-----------------
 .../java/dev/sigstore/encryption/KeysTest.java | 12 ------------
 2 files changed, 1 insertion(+), 29 deletions(-)

diff --git a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
index ff31dbb0..e166408c 100644
--- a/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
+++ b/sigstore-java/src/main/java/dev/sigstore/encryption/Keys.java
@@ -46,23 +46,7 @@ public class Keys {
   private static final Logger log = Logger.getLogger(Keys.class.getName());
 
   static {
-    // Added for EdDSA support for Java <15
-
-    // This should work as JDK version strings are of the form '1.x.x' up to Java 8, and '9.x..'
-    // afterwards.
-    if (getJavaVersion() < 15) {
-      try {
-        log.info(
-            "Adding BouncyCastleProvider to SecurityManager for EdDSA algorithm support on Java <15.");
-        Security.addProvider(new BouncyCastleProvider());
-      } catch (SecurityException e) {
-        log.warning(
-            "Could not configure BouncyCastleProvider due to SecurityManager restrictions."
-                + " EdDSA algorithms will not be supported. Refer to "
-                + "https://docs.oracle.com/cd/E19830-01/819-4712/ablsc/index.html to configure BouncyCastle "
-                + "for your JVM");
-      }
-    }
+    Security.addProvider(new BouncyCastleProvider());
   }
 
   /**
diff --git a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
index 16026de0..16a43b11 100644
--- a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
+++ b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
@@ -24,8 +24,6 @@
 import java.security.spec.InvalidKeySpecException;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
-import org.junit.jupiter.api.condition.EnabledForJreRange;
-import org.junit.jupiter.api.condition.JRE;
 
 class KeysTest {
 
@@ -58,7 +56,6 @@ void parsePublicKey_ec() throws IOException, InvalidKeySpecException, NoSuchAlgo
   }
 
   @Test
-  @EnabledForJreRange(max = JRE.JAVA_14)
   void parsePublicKey_ed25519_withBouncyCastle()
       throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
     PublicKey result =
@@ -67,15 +64,6 @@ void parsePublicKey_ed25519_withBouncyCastle()
     assertEquals(result.getAlgorithm(), "Ed25519");
   }
 
-  @Test
-  @EnabledForJreRange(min = JRE.JAVA_15)
-  void parsePublicKey_ed25519_withStdLib()
-      throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
-    PublicKey result =
-        Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(ED25519_PUB_PATH)));
-    assertEquals(result.getAlgorithm(), "EdDSA");
-  }
-
   @Test
   void parsePublicKey_dsaShouldFail() {
     Assertions.assertThrows(

From b4e797dc31d01415b75fd2650efe3074aa89774b Mon Sep 17 00:00:00 2001
From: Patrick Flynn <patrick@chainguard.dev>
Date: Mon, 12 Sep 2022 08:16:38 -0400
Subject: [PATCH 2/3] fix multi java version test

Signed-off-by: Patrick Flynn <patrick@chainguard.dev>
---
 .../dev/sigstore/encryption/KeysTest.java     | 20 +++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
index 16a43b11..94e285f0 100644
--- a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
+++ b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
@@ -24,6 +24,8 @@
 import java.security.spec.InvalidKeySpecException;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.condition.EnabledForJreRange;
+import org.junit.jupiter.api.condition.JRE;
 
 class KeysTest {
 
@@ -37,7 +39,7 @@ class KeysTest {
   void parsePublicKey_rsa() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
     PublicKey result =
         Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(RSA_PUB_PATH)));
-    assertEquals(result.getAlgorithm(), "RSA");
+    assertEquals("RSA", result.getAlgorithm());
   }
 
   @Test
@@ -45,23 +47,33 @@ void parsePublicKey_rsaPkcs1()
       throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
     PublicKey result =
         Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(RSA_PUB_PKCS1_PATH)));
-    assertEquals(result.getAlgorithm(), "RSA");
+    assertEquals("RSA", result.getAlgorithm());
   }
 
   @Test
   void parsePublicKey_ec() throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
     PublicKey result =
         Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(EC_PUB_PATH)));
-    assertEquals(result.getAlgorithm(), "EC");
+    assertEquals("EC", result.getAlgorithm());
   }
 
   @Test
+  @EnabledForJreRange(max = JRE.JAVA_14)
   void parsePublicKey_ed25519_withBouncyCastle()
       throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
     PublicKey result =
         Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(ED25519_PUB_PATH)));
     // BouncyCastle names the algorithm differently than the JDK
-    assertEquals(result.getAlgorithm(), "Ed25519");
+    assertEquals("Ed25519", result.getAlgorithm());
+  }
+
+  @Test
+  @EnabledForJreRange(min = JRE.JAVA_15)
+  void parsePublicKey_ed25519_withStdLib()
+    throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
+    PublicKey result =
+      Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(ED25519_PUB_PATH)));
+    assertEquals("EdDSA", result.getAlgorithm());
   }
 
   @Test

From 68b75e9a137259e6d27e427ed96c12acef28741b Mon Sep 17 00:00:00 2001
From: Patrick Flynn <patrick@chainguard.dev>
Date: Mon, 12 Sep 2022 08:25:11 -0400
Subject: [PATCH 3/3] fix formatting

Signed-off-by: Patrick Flynn <patrick@chainguard.dev>
---
 .../src/test/java/dev/sigstore/encryption/KeysTest.java       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
index 94e285f0..71074132 100644
--- a/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
+++ b/sigstore-java/src/test/java/dev/sigstore/encryption/KeysTest.java
@@ -70,9 +70,9 @@ void parsePublicKey_ed25519_withBouncyCastle()
   @Test
   @EnabledForJreRange(min = JRE.JAVA_15)
   void parsePublicKey_ed25519_withStdLib()
-    throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
+      throws IOException, InvalidKeySpecException, NoSuchAlgorithmException {
     PublicKey result =
-      Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(ED25519_PUB_PATH)));
+        Keys.parsePublicKey(Resources.toByteArray(Resources.getResource(ED25519_PUB_PATH)));
     assertEquals("EdDSA", result.getAlgorithm());
   }