From f5de4d7b71d16ed2d5d6bdf0ce2d10aee851549b Mon Sep 17 00:00:00 2001
From: Chris Eager <chris@signal.org>
Date: Fri, 21 Jun 2024 14:03:16 -0500
Subject: [PATCH] Update various library dependencies

---
 pom.xml                                       | 37 +++++++++-------
 service/pom.xml                               |  3 +-
 .../util/IdentityKeyAdapter.java              | 12 ------
 .../auth/CertificateGeneratorTest.java        | 43 +++++++++++--------
 .../util/IdentityKeyAdapterTest.java          | 17 ++++----
 5 files changed, 57 insertions(+), 55 deletions(-)

diff --git a/pom.xml b/pom.xml
index 4cbd8cc07..e10c830d2 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,38 +38,39 @@
 
   <properties>
     <aws.sdk2.version>2.23.8</aws.sdk2.version>
-    <braintree.version>3.27.0</braintree.version>
-    <commons-csv.version>1.10.0</commons-csv.version>
-    <commons-io.version>2.14.0</commons-io.version>
-    <dropwizard.version>3.0.6</dropwizard.version>
+    <braintree.version>3.34.0</braintree.version>
+    <commons-csv.version>1.11.0</commons-csv.version>
+    <commons-io.version>2.16.1</commons-io.version>
+    <dropwizard.version>3.0.7</dropwizard.version>
     <dropwizard-metrics-datadog.version>1.1.13</dropwizard-metrics-datadog.version>
+    <dynamodblocal.version>1.23.0</dynamodblocal.version>
     <google-cloud-libraries.version>26.33.0</google-cloud-libraries.version>
     <grpc.version>1.61.1</grpc.version> <!-- should be kept in sync with the value from Google libraries-bom -->
-    <gson.version>2.10.1</gson.version>
+    <gson.version>2.11.0</gson.version>
     <!-- several libraries (AWS, Google Cloud) use Apache http components transitively, and we need to align them -->
     <httpcore.version>4.4.16</httpcore.version>
     <httpclient.version>4.5.14</httpclient.version>
-    <jackson.version>2.16.0</jackson.version>
+    <jackson.version>2.17.1</jackson.version>
     <jaxb.version>2.3.1</jaxb.version>
-    <junit-pioneer.version>2.1.0</junit-pioneer.version>
+    <junit-pioneer.version>2.2.0</junit-pioneer.version>
     <jsr305.version>3.0.2</jsr305.version>
-    <kotlin.version>1.9.10</kotlin.version>
+    <kotlin.version>1.9.24</kotlin.version>
     <kotlinx-serialization.version>1.5.1</kotlinx-serialization.version>
     <lettuce.version>6.3.2.RELEASE</lettuce.version>
-    <libphonenumber.version>8.13.23</libphonenumber.version>
+    <libphonenumber.version>8.13.39</libphonenumber.version>
     <logstash.logback.version>7.3</logstash.logback.version>
-    <log4j-bom.version>2.21.0</log4j-bom.version>
+    <log4j-bom.version>2.23.1</log4j-bom.version>
     <luajava.version>3.4.0</luajava.version>
-    <micrometer.version>1.12.4</micrometer.version>
-    <netty.version>4.1.108.Final</netty.version>
+    <micrometer.version>1.13.1</micrometer.version>
+    <netty.version>4.1.111.Final</netty.version>
     <opentest4j.version>1.3.0</opentest4j.version>
     <protobuf.version>3.25.2</protobuf.version> <!-- should be kept in sync with the value from Google libraries-bom -->
     <pushy.version>0.15.4</pushy.version>
     <reactive.grpc.version>1.2.4</reactive.grpc.version>
-    <reactor-bom.version>2023.0.4</reactor-bom.version> <!-- 3.6.x, see https://github.com/reactor/reactor#bom-versioning-scheme -->
+    <reactor-bom.version>2023.0.7</reactor-bom.version> <!-- 3.6.x, see https://github.com/reactor/reactor#bom-versioning-scheme -->
     <resilience4j.version>2.2.0</resilience4j.version>
     <semver4j.version>3.1.0</semver4j.version>
-    <slf4j.version>2.0.9</slf4j.version>
+    <slf4j.version>2.0.13</slf4j.version>
     <stripe.version>23.10.0</stripe.version>
     <swagger.version>2.2.17</swagger.version>
 
@@ -278,7 +279,7 @@
       <dependency>
         <groupId>org.signal</groupId>
         <artifactId>libsignal-server</artifactId>
-        <version>0.45.0</version>
+        <version>0.51.1</version>
       </dependency>
       <dependency>
         <groupId>org.signal.forks</groupId>
@@ -302,6 +303,12 @@
         <artifactId>httpclient</artifactId>
         <version>${httpclient.version}</version>
       </dependency>
+      <dependency>
+        <groupId>com.amazonaws</groupId>
+        <artifactId>DynamoDBLocal</artifactId>
+        <version>${dynamodblocal.version}</version>
+        <scope>test</scope>
+      </dependency>
     </dependencies>
   </dependencyManagement>
 
diff --git a/service/pom.xml b/service/pom.xml
index 656c26dc0..514cf82ff 100644
--- a/service/pom.xml
+++ b/service/pom.xml
@@ -12,7 +12,7 @@
 
   <properties>
     <firebase-admin.version>9.2.0</firebase-admin.version>
-    <java-uuid-generator.version>4.3.0</java-uuid-generator.version>
+    <java-uuid-generator.version>5.1.0</java-uuid-generator.version>
     <sqlite4java.version>1.0.392</sqlite4java.version>
   </properties>
 
@@ -463,7 +463,6 @@
     <dependency>
       <groupId>com.amazonaws</groupId>
       <artifactId>DynamoDBLocal</artifactId>
-      <version>1.23.0</version>
       <scope>test</scope>
     </dependency>
     <dependency>
diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapter.java b/service/src/main/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapter.java
index 04bda90f1..619dc84e6 100644
--- a/service/src/main/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapter.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapter.java
@@ -14,18 +14,11 @@ import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import java.io.IOException;
 import java.util.Base64;
-import io.micrometer.core.instrument.Counter;
-import io.micrometer.core.instrument.Metrics;
 import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.InvalidKeyException;
-import org.signal.libsignal.protocol.ecc.ECPublicKey;
-import org.whispersystems.textsecuregcm.metrics.MetricsUtil;
 
 public class IdentityKeyAdapter {
 
-  private static final Counter IDENTITY_KEY_WITHOUT_VERSION_BYTE_COUNTER =
-      Metrics.counter(MetricsUtil.name(IdentityKeyAdapter.class, "identityKeyWithoutVersionByte"));
-
   public static class Serializer extends JsonSerializer<IdentityKey> {
 
     @Override
@@ -56,11 +49,6 @@ public class IdentityKeyAdapter {
       try {
         return new IdentityKey(identityKeyBytes);
       } catch (final InvalidKeyException e) {
-        if (identityKeyBytes.length == ECPublicKey.KEY_SIZE - 1) {
-          IDENTITY_KEY_WITHOUT_VERSION_BYTE_COUNTER.increment();
-          return new IdentityKey(ECPublicKey.fromPublicKeyBytes(identityKeyBytes));
-        }
-
         throw new JsonParseException(parser, "Could not interpret identity key bytes as an EC public key", e);
       }
     }
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/auth/CertificateGeneratorTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/auth/CertificateGeneratorTest.java
index cff6e3c36..9cbd2e350 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/auth/CertificateGeneratorTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/auth/CertificateGeneratorTest.java
@@ -16,29 +16,38 @@ import java.util.UUID;
 import org.junit.jupiter.api.Test;
 import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.ecc.Curve;
-import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.whispersystems.textsecuregcm.identity.IdentityType;
 import org.whispersystems.textsecuregcm.storage.Account;
 import org.whispersystems.textsecuregcm.storage.Device;
 
 class CertificateGeneratorTest {
 
-    private static final String SIGNING_CERTIFICATE = "CiUIDBIhBbTz4h1My+tt+vw+TVscgUe/DeHS0W02tPWAWbTO2xc3EkD+go4bJnU0AcnFfbOLKoiBfCzouZtDYMOVi69rE7r4U9cXREEqOkUmU2WJBjykAxWPCcSTmVTYHDw7hkSp/puG";
-    private static final String SIGNING_KEY = "ABOxG29xrfq4E7IrW11Eg7+HBbtba9iiS0500YoBjn4=";
-    private static final IdentityKey IDENTITY_KEY = new IdentityKey(ECPublicKey.fromPublicKeyBytes(Base64.getDecoder().decode("BcxxDU9FGMda70E7+Uvm7pnQcEdXQ64aJCpPUeRSfcFo")));
+  private static final String SIGNING_CERTIFICATE = "CiUIDBIhBbTz4h1My+tt+vw+TVscgUe/DeHS0W02tPWAWbTO2xc3EkD+go4bJnU0AcnFfbOLKoiBfCzouZtDYMOVi69rE7r4U9cXREEqOkUmU2WJBjykAxWPCcSTmVTYHDw7hkSp/puG";
+  private static final String SIGNING_KEY = "ABOxG29xrfq4E7IrW11Eg7+HBbtba9iiS0500YoBjn4=";
+  private static final IdentityKey IDENTITY_KEY;
 
-    @Test
-    void testCreateFor() throws IOException, InvalidKeyException, org.signal.libsignal.protocol.InvalidKeyException {
-        final Account account = mock(Account.class);
-        final Device device = mock(Device.class);
-        final CertificateGenerator certificateGenerator = new CertificateGenerator(Base64.getDecoder().decode(SIGNING_CERTIFICATE), Curve.decodePrivatePoint(Base64.getDecoder().decode(SIGNING_KEY)), 1);
-
-      when(account.getIdentityKey(IdentityType.ACI)).thenReturn(IDENTITY_KEY);
-      when(account.getUuid()).thenReturn(UUID.randomUUID());
-      when(account.getNumber()).thenReturn("+18005551234");
-      when(device.getId()).thenReturn((byte) 4);
-
-      assertTrue(certificateGenerator.createFor(account, device, true).length > 0);
-      assertTrue(certificateGenerator.createFor(account, device, false).length > 0);
+  static {
+    try {
+      IDENTITY_KEY = new IdentityKey(Base64.getDecoder().decode("BcxxDU9FGMda70E7+Uvm7pnQcEdXQ64aJCpPUeRSfcFo"));
+    } catch (org.signal.libsignal.protocol.InvalidKeyException e) {
+      throw new RuntimeException(e);
     }
+  }
+
+  @Test
+  void testCreateFor() throws IOException, InvalidKeyException, org.signal.libsignal.protocol.InvalidKeyException {
+    final Account account = mock(Account.class);
+    final Device device = mock(Device.class);
+    final CertificateGenerator certificateGenerator = new CertificateGenerator(
+        Base64.getDecoder().decode(SIGNING_CERTIFICATE),
+        Curve.decodePrivatePoint(Base64.getDecoder().decode(SIGNING_KEY)), 1);
+
+    when(account.getIdentityKey(IdentityType.ACI)).thenReturn(IDENTITY_KEY);
+    when(account.getUuid()).thenReturn(UUID.randomUUID());
+    when(account.getNumber()).thenReturn("+18005551234");
+    when(device.getId()).thenReturn((byte) 4);
+
+    assertTrue(certificateGenerator.createFor(account, device, true).length > 0);
+    assertTrue(certificateGenerator.createFor(account, device, false).length > 0);
+  }
 }
diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapterTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapterTest.java
index 9aabddd85..ae9f824f3 100644
--- a/service/src/test/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapterTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/util/IdentityKeyAdapterTest.java
@@ -5,22 +5,20 @@
 
 package org.whispersystems.textsecuregcm.util;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.annotation.JsonDeserialize;
 import com.fasterxml.jackson.databind.annotation.JsonSerialize;
+import java.util.Base64;
+import java.util.stream.Stream;
+import javax.annotation.Nullable;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.Arguments;
 import org.junit.jupiter.params.provider.MethodSource;
 import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.ecc.Curve;
 
-import javax.annotation.Nullable;
-
-import java.util.Base64;
-import java.util.stream.Stream;
-
-import static org.junit.jupiter.api.Assertions.*;
-
 class IdentityKeyAdapterTest {
 
   private static final IdentityKey IDENTITY_KEY = new IdentityKey(Curve.generateKeyPair().getPublicKey());
@@ -49,8 +47,9 @@ class IdentityKeyAdapterTest {
     return Stream.of(
         Arguments.of(String.format(template, "null"), null),
         Arguments.of(String.format(template, "\"\""), null),
-        Arguments.of(String.format(template, "\"" + Base64.getEncoder().encodeToString(IDENTITY_KEY.serialize()) + "\""), IDENTITY_KEY),
-        Arguments.of(String.format(template, "\"" + Base64.getEncoder().encodeToString(IDENTITY_KEY.getPublicKey().getPublicKeyBytes()) + "\""), IDENTITY_KEY)
+        Arguments.of(
+            String.format(template, "\"" + Base64.getEncoder().encodeToString(IDENTITY_KEY.serialize()) + "\""),
+            IDENTITY_KEY)
     );
   }
 }