chore: fix style and comments

fortanix · Sep 6, 2023 · 2efce34 · 2efce34
1 parent cda6c69
commit 2efce34
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 13 deletions.
diff --git a/key-attestation/java-example/.gitignore b/key-attestation/java-example/.gitignore
@@ -16,4 +16,4 @@ buildNumber.properties
 # JDT-specific (Eclipse Java Development Tools)
 .classpath
 
-/.vscode
+/.vscode
diff --git a/key-attestation/java-example/pom.xml b/key-attestation/java-example/pom.xml
@@ -87,4 +87,4 @@
       </plugin>
     </plugins>
   </reporting>
-</project>
+</project>
diff --git a/...ation/java-example/src/main/java/com/fortanix/keyattestationstatementverifier/Common.java b/...ation/java-example/src/main/java/com/fortanix/keyattestationstatementverifier/Common.java
@@ -95,19 +95,15 @@ private static X500Name buildX500Name(String c, String st, String l, String o, S
         if (!c.isEmpty()) {
             builder.addRDN(BCStyle.C, c);
         }
-        ;
         if (!st.isEmpty()) {
             builder.addRDN(BCStyle.ST, st);
         }
-        ;
         if (!l.isEmpty()) {
             builder.addRDN(BCStyle.L, l);
         }
-        ;
         if (!o.isEmpty()) {
             builder.addRDN(BCStyle.O, o);
         }
-        ;
         builder.addRDN(BCStyle.CN, cn);
 
         return builder.build();
@@ -174,10 +170,10 @@ private static boolean checkRDNsMatch(X500Name actual, X500Name expected, ASN1Ob
     public static void isValidCrlUrl(String urlString) throws Exception {
         URL url = new URL(urlString);
         if (!url.getProtocol().equals("https")) {
-            throw new KeyAttestationStatementVerifyException("invalid CRL URL: invalid domain");
+            throw new KeyAttestationStatementVerifyException("invalid CRL URL: should be https");
         }
         if (!url.getHost().equalsIgnoreCase(FORTANIX_PKI_DOMAIN)) {
-            throw new KeyAttestationStatementVerifyException("invalid CRL URL: should be https");
+            throw new KeyAttestationStatementVerifyException("invalid CRL URL: invalid domain");
         }
         if (!url.getPath().endsWith(".crl")) {
             throw new KeyAttestationStatementVerifyException("invalid CRL URL: should be end with '.crl'");

diff --git a/...ation/java-example/src/main/java/com/fortanix/keyattestationstatementverifier/Verify.java b/...ation/java-example/src/main/java/com/fortanix/keyattestationstatementverifier/Verify.java
@@ -69,7 +69,7 @@ public static void verify(KeyAttestationResponse keyAttestationResponse,
     /**
      * Verify given `attestationStatement`, `authorityChain` by using `trustRootCa`
      *
-     * @param authorityChain       Certificate chain of all certificates expect
+     * @param authorityChain       Certificate chain of all certificates except
      *                             `Fortanix Key Attestation Statement` certificate
      * @param attestationStatement `Fortanix Key Attestation Statement` certificate
      * @param trustRootCa          Trusted root CA, you need to get the certificate
@@ -87,10 +87,10 @@ public static void verify(List<X509Certificate> authorityChain, X509Certificate
         // it's parent
         try {
             verify_cert_chain_signature(authorityChain, trustRootCa, verifyCrl);
-            System.out.println("The signature in 'Fortanix DSM Key Attestation' certificate is valid.");
+            System.out.println("The signature in 'Fortanix DSM Key Attestation' certificate is invalid.");
         } catch (Exception e) {
             throw new KeyAttestationStatementVerifyException(
-                    "The signature in 'Fortanix DSM Key Attestation' certificate is valid, " + e.toString());
+                    "The signature in 'Fortanix DSM Key Attestation' certificate is invalid, " + e.toString());
         }
         LOGGER.info(String.format("Checking if '%s' certificate is correctly signed by '%s' certificate",
                 Common.DSM_CLUSTER_KEY_ATTESTATION_AUTHORITY_CN, Common.KEY_ATTESTATION_STATEMENT_CN));

diff --git a/...ava/com/fortanix/keyattestationstatementverifier/certchecker/FortanixRootCertChecker.java b/...ava/com/fortanix/keyattestationstatementverifier/certchecker/FortanixRootCertChecker.java
@@ -59,7 +59,7 @@ private void check_public_key(X509Certificate cert) throws Exception {
         PublicKey rootPk = cert.getPublicKey();
         if (rootPk instanceof RSAPublicKey) {
             RSAPublicKey rootRsaPk = (RSAPublicKey) rootPk;
-            assert (rootRsaPk.getModulus().bitLength() >= 3072);
+            assert (rootRsaPk.getModulus().bitLength() >= 4096);
         } else {
             throw new KeyAttestationStatementVerifyException(
                     Common.FORTANIX_ATTESTATION_AND_PROVISIONING_ROOT_CA_CN

diff --git a/...com/fortanix/keyattestationstatementverifier/certchecker/KeyAttestationCaCertChecker.java b/...com/fortanix/keyattestationstatementverifier/certchecker/KeyAttestationCaCertChecker.java
@@ -62,7 +62,7 @@ private void check_public_key(X509Certificate cert) throws Exception {
         PublicKey caPk = cert.getPublicKey();
         if (caPk instanceof RSAPublicKey) {
             RSAPublicKey caRsaPk = (RSAPublicKey) caPk;
-            assert (caRsaPk.getModulus().bitLength() >= 3072);
+            assert (caRsaPk.getModulus().bitLength() >= 4096);
         } else {
             throw new KeyAttestationStatementVerifyException(
                     Common.FORTANIX_KEY_ATTESTATION_CA_CN + " certificate invalid public key type");