Add PublicKeyAlgorithmPolicy to reject weak public keys

BCs PGPPublicKey.getBitStrenght() appears to fail to recognize some elliptic curves.
In such cases, bitStrength is reported as -1.
I added BCUtil.getBitStrength(publicKey) to manually determine the bit strenght by OID.
See https://github.com/bcgit/bc-java/issues/972 for an upstream bug report.

pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java

@@ -41,6 +41,7 @@ import org.pgpainless.key.generation.type.rsa.RsaLength;
 import org.pgpainless.key.generation.type.xdh.XDHSpec;
 import org.pgpainless.key.info.KeyInfo;
 import org.pgpainless.key.util.UserId;
+import org.pgpainless.util.BCUtil;
 import org.pgpainless.util.Passphrase;
 
 public class BrainpoolKeyGenerationTest {
@@ -115,18 +116,22 @@ public class BrainpoolKeyGenerationTest {
         PGPSecretKey ecdsaPrim = iterator.next();
         KeyInfo ecdsaInfo = new KeyInfo(ecdsaPrim);
         assertEquals(EllipticCurve._BRAINPOOLP384R1.getName(), ecdsaInfo.getCurveName());
+        assertEquals(384, BCUtil.getBitStrenght(ecdsaPrim.getPublicKey()));
 
         PGPSecretKey eddsaSub = iterator.next();
         KeyInfo eddsaInfo = new KeyInfo(eddsaSub);
         assertEquals(EdDSACurve._Ed25519.getName(), eddsaInfo.getCurveName());
+        assertEquals(256, BCUtil.getBitStrenght(eddsaSub.getPublicKey()));
 
         PGPSecretKey xdhSub = iterator.next();
         KeyInfo xdhInfo = new KeyInfo(xdhSub);
         assertEquals(XDHSpec._X25519.getCurveName(), xdhInfo.getCurveName());
+        assertEquals(256, BCUtil.getBitStrenght(xdhSub.getPublicKey()));
 
         PGPSecretKey rsaSub = iterator.next();
         KeyInfo rsaInfo = new KeyInfo(rsaSub);
         assertThrows(IllegalArgumentException.class, rsaInfo::getCurveName, "RSA is not a curve-based encryption system");
+        assertEquals(3072, BCUtil.getBitStrenght(rsaSub.getPublicKey()));
     }
 
     public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {

pgpainless-core/src/test/java/org/pgpainless/policy/PolicyTest.java

@@ -25,6 +25,7 @@ import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.algorithm.CompressionAlgorithm;
 import org.pgpainless.algorithm.HashAlgorithm;
+import org.pgpainless.algorithm.PublicKeyAlgorithm;
 import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
 
 public class PolicyTest {
@@ -48,6 +49,8 @@ public class PolicyTest {
 
         policy.setRevocationSignatureHashAlgorithmPolicy(new Policy.HashAlgorithmPolicy(HashAlgorithm.SHA512,
                 Arrays.asList(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256, HashAlgorithm.SHA224, HashAlgorithm.SHA1)));
+
+        policy.setPublicKeyAlgorithmPolicy(Policy.PublicKeyAlgorithmPolicy.defaultPublicKeyAlgorithmPolicy());
     }
 
     @Test
@@ -130,6 +133,17 @@ public class PolicyTest {
         assertEquals(HashAlgorithm.SHA512, policy.getRevocationSignatureHashAlgorithmPolicy().defaultHashAlgorithm());
     }
 
+    @Test
+    public void testAcceptablePublicKeyAlgorithm() {
+        assertTrue(policy.getPublicKeyAlgorithmPolicy().isAcceptable(PublicKeyAlgorithm.ECDSA, 256));
+        assertTrue(policy.getPublicKeyAlgorithmPolicy().isAcceptable(PublicKeyAlgorithm.RSA_GENERAL, 3072));
+    }
+
+    @Test
+    public void testUnacceptablePublicKeyAlgorithm() {
+        assertFalse(policy.getPublicKeyAlgorithmPolicy().isAcceptable(PublicKeyAlgorithm.RSA_GENERAL, 1024));
+    }
+
     @Test
     public void testNotationRegistry() {
         assertFalse(policy.getNotationRegistry().isKnownNotation("notation@pgpainless.org"));