ADFA-2564: Remove Bouncy castle provider from KeyPairGenerator

[Daniel-ADFA]

No description provided.

[Daniel-ADFA]

closes #830

[coderabbitai]

📝 Walkthrough

Release Notes: Remove Bouncy Castle Provider from KeyPairGenerator

Changes

• Removed BouncyCastle provider from KeyPairGenerator: Changed from KeyPairGenerator.getInstance("RSA", "BC") to KeyPairGenerator.getInstance("RSA") to use the default system provider for RSA key generation
• Unified keystore and key entry passwords: Modified keyStore.setKeyEntry() to use storePassword instead of separate keyPassword for both keystore and individual key protection
• Updated keystore properties: Both storePassword and keyPassword properties now reference the same generated password value

⚠️ Risks and Best Practice Violations

• Crypto Provider Change Risk: Switching from BouncyCastle to default RSA provider may produce cryptographically different key pairs. Existing keystores or encrypted data generated with BouncyCastle keys may encounter compatibility issues.

• Reduced Cryptographic Separation: Using the same password (storePassword) for both the keystore and individual key entries violates the security principle of defense in depth. Industry best practice recommends using distinct passwords for keystore and key entry protection.

• Confusing Property Naming: The property constant KEYSTORE_PROP_KEYPWD still references "keyPassword" in the properties file but now contains the store password value, which may cause confusion during maintenance and debugging.

• Incomplete BouncyCastle Removal: The BouncyCastleProvider class is still imported and actively used elsewhere in the file for X.509 certificate building operations (X509v3CertificateBuilder, JcaContentSignerBuilder). The change only removes it from KeyPairGenerator, leaving the dependency partially intact.

• Migration Compatibility: Ensure backward compatibility testing with any existing keystores that may have been generated with the previous implementation before deploying to production.

Walkthrough

The ToolsManager.java file has been updated to remove explicit BouncyCastle provider registration and consolidate password handling. The KeyPairGenerator now uses the default provider instead of specifying "BC", and keystore entry creation now consistently uses storePassword instead of the hard-coded keyPassword variable.

Changes

Cohort / File(s)	Summary
Keystore Cryptography Simplification common/src/main/java/com/itsaky/androidide/managers/ToolsManager.java	Removed BouncyCastle provider registration and explicit provider specification in KeyPairGenerator. Consolidated password management by replacing keyPassword with storePassword for keystore entry creation. Updated property storage to use KEYPWD for storePassword consistency.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 Bouncy Castle walls we tear down today,
One provider gone, the default's here to stay,
Password unified, no more the split way,
Simpler keystore magic, hopping through the fray! ✨

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Description check	❓ Inconclusive	No pull request description was provided by the author, making it impossible to assess whether it relates to the changeset.	Add a description explaining why the BouncyCastle provider was removed and any relevant context or benefits of this change.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: removing BouncyCastle provider from KeyPairGenerator, which matches the file modifications in the changeset.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 0

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

common/src/main/java/com/itsaky/androidide/managers/ToolsManager.java (1)

218-219: Add explicit BC provider to JcaContentSignerBuilder or use standard algorithm name.

The code uses "SHA256WithRSAEncryption", a BouncyCastle-specific algorithm name, without registering the BC provider or explicitly specifying it via setProvider(). This will cause NoSuchAlgorithmException at runtime on devices where BC is not the default provider. Either:

1. Register BC globally before building the signer: Security.addProvider(new BouncyCastleProvider());
2. Set the provider explicitly: .setProvider("BC") or .setProvider(new BouncyCastleProvider())
3. Use the standard JCA name instead: "SHA256withRSA"

🧹 Nitpick comments (2)

common/src/main/java/com/itsaky/androidide/managers/ToolsManager.java (2)

61-61: Remove unused import.

BouncyCastleProvider is imported but no longer used since the explicit provider registration was removed.

🧹 Suggested cleanup

-import org.bouncycastle.jce.provider.BouncyCastleProvider;

---

50-50: Remove unused import java.security.Security.

The Security class is not used in this file and can be removed.