Skip to content

Commit

Permalink
Merge pull request #6 from minvws/sync/20230811-145130
Browse files Browse the repository at this point in the history
Sync public repo from private repository
  • Loading branch information
Rool authored Aug 11, 2023
2 parents ae5542a + 05ee536 commit c141c94
Show file tree
Hide file tree
Showing 13 changed files with 170 additions and 108 deletions.
17 changes: 8 additions & 9 deletions build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@
*
*/
plugins {
id 'com.android.application' version '7.3.1' apply false
id 'com.android.library' version '7.3.1' apply false
id 'org.jetbrains.kotlin.android' version '1.7.20' apply false
id 'com.diffplug.spotless' version '5.10.1'
id 'com.android.application' version '8.1.0' apply false
id 'com.android.library' version '8.1.0' apply false
id 'org.jetbrains.kotlin.android' version '1.9.0' apply false
id 'com.diffplug.spotless' version '6.20.0'
}

allprojects {
Expand All @@ -18,21 +18,20 @@ allprojects {
afterEvaluate {
tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).configureEach {
kotlinOptions {
jvmTarget = "1.8"
jvmTarget = "11"
freeCompilerArgs += ["-opt-in=kotlinx.coroutines.ExperimentalCoroutinesApi"]
}
}

project.plugins.withId("com.android.base") {
android {
compileSdk 33
compileSdk 34
defaultConfig {
minSdk 23
targetSdk 33
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
sourceCompatibility JavaVersion.VERSION_11
targetCompatibility JavaVersion.VERSION_11
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ object CMSSignatureValidatorBuilder {
fun build(
certificatesPem: List<String>,
cnMatchingString: String? = null,
clock: Clock
clock: Clock,
): CMSSignatureValidatorImpl {
return CMSSignatureValidatorImpl(
signingCertificates = emptyList(),
trustAnchors = trustCertificates(certificatesPem),
matchingString = cnMatchingString,
clock = clock
clock = clock,
)
}

Expand All @@ -25,8 +25,8 @@ object CMSSignatureValidatorBuilder {
return certificatesPem.map { certificatePem ->
val trustedCert = factory.generateCertificate(
ByteArrayInputStream(
certificatePem.toByteArray()
)
certificatePem.toByteArray(),
),
) as X509Certificate
TrustAnchor(trustedCert, null)
}.toSet()
Expand All @@ -35,7 +35,7 @@ object CMSSignatureValidatorBuilder {
fun build(
certificatesPem: List<String> = emptyList(),
signingCertificateBytes: List<ByteArray>,
clock: Clock
clock: Clock,
): CMSSignatureValidatorImpl {
val x509s = signingCertificateBytes.map {
CertificateFactory.getInstance("X509")
Expand All @@ -46,19 +46,19 @@ object CMSSignatureValidatorBuilder {
signingCertificates = x509s,
trustAnchors = trustCertificates(certificatesPem),
matchingString = null,
clock = clock
clock = clock,
)
}

fun build(
certificatesPem: List<String>,
signingCertificates: List<X509Certificate>
signingCertificates: List<X509Certificate>,
): CMSSignatureValidatorImpl {
return CMSSignatureValidatorImpl(
signingCertificates = signingCertificates,
trustAnchors = trustCertificates(certificatesPem),
matchingString = null,
clock = Clock.systemUTC()
clock = Clock.systemUTC(),
)
}
}
Original file line number Diff line number Diff line change
@@ -1,16 +1,5 @@
package nl.rijksoverheid.rdo.modules.httpsecurity.cms

import java.io.BufferedInputStream
import java.io.InputStream
import java.security.cert.CertPathBuilder
import java.security.cert.CertPathBuilderException
import java.security.cert.CertStore
import java.security.cert.PKIXBuilderParameters
import java.security.cert.PKIXCertPathBuilderResult
import java.security.cert.TrustAnchor
import java.security.cert.X509CertSelector
import java.security.cert.X509Certificate
import java.time.Clock
import nl.rijksoverheid.rdo.modules.httpsecurity.SignatureValidationException
import nl.rijksoverheid.rdo.modules.httpsecurity.SignatureValidator
import org.bouncycastle.asn1.x500.style.BCStyle
Expand All @@ -23,6 +12,17 @@ import org.bouncycastle.cms.SignerId
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder
import java.io.BufferedInputStream
import java.io.InputStream
import java.security.cert.CertPathBuilder
import java.security.cert.CertPathBuilderException
import java.security.cert.CertStore
import java.security.cert.PKIXBuilderParameters
import java.security.cert.PKIXCertPathBuilderResult
import java.security.cert.TrustAnchor
import java.security.cert.X509CertSelector
import java.security.cert.X509Certificate
import java.time.Clock

/*
* Copyright (c) 2021 De Staat der Nederlanden, Ministerie van Volksgezondheid, Welzijn en Sport.
Expand All @@ -35,7 +35,7 @@ class CMSSignatureValidatorImpl internal constructor(
private val signingCertificates: List<X509Certificate>,
private val trustAnchors: Set<TrustAnchor>,
private val matchingString: String?,
private val clock: Clock
private val clock: Clock,
) : SignatureValidator {

private val provider = BouncyCastleProvider()
Expand All @@ -46,7 +46,7 @@ class CMSSignatureValidatorImpl internal constructor(
JcaDigestCalculatorProviderBuilder().setProvider(provider)
.build(),
CMSTypedStream(BufferedInputStream(content)),
signature
signature,
)

sp.signedContent.drain()
Expand Down Expand Up @@ -99,7 +99,7 @@ class CMSSignatureValidatorImpl internal constructor(

if (!signer.verify(
JcaSimpleSignerInfoVerifierBuilder().setProvider(provider)
.build(signingCertificate)
.build(signingCertificate),
)
) {
throw SignatureValidationException("The signature does not match")
Expand All @@ -116,7 +116,7 @@ class CMSSignatureValidatorImpl internal constructor(
private fun checkCertPath(
trustAnchors: Set<TrustAnchor>,
signerId: SignerId,
certs: CertStore
certs: CertStore,
): PKIXCertPathBuilderResult {
val pathBuilder: CertPathBuilder =
CertPathBuilder.getInstance("PKIX", provider)
Expand All @@ -130,7 +130,7 @@ class CMSSignatureValidatorImpl internal constructor(

val params = PKIXBuilderParameters(
trustAnchors,
targetConstraints
targetConstraints,
)
params.addCertStore(certs)
params.isRevocationEnabled = false
Expand Down
Loading

0 comments on commit c141c94

Please sign in to comment.