Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sync public repo from private repository #6

Merged
merged 3 commits into from
Aug 11, 2023
Merged

Sync public repo from private repository #6

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
c912c8f
update dependencies
ktiniatros Aug 11, 2023
6da923b
sync public repo script
ktiniatros Aug 11, 2023
05ee536
Merge pull request #9 from minvws/chore/update-deps
ktiniatros Aug 11, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 8 additions & 9 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,10 @@
*
*/
plugins {
id 'com.android.application' version '7.3.1' apply false
id 'com.android.library' version '7.3.1' apply false
id 'org.jetbrains.kotlin.android' version '1.7.20' apply false
id 'com.diffplug.spotless' version '5.10.1'
id 'com.android.application' version '8.1.0' apply false
id 'com.android.library' version '8.1.0' apply false
id 'org.jetbrains.kotlin.android' version '1.9.0' apply false
id 'com.diffplug.spotless' version '6.20.0'
}

allprojects {
Expand All @@ -18,21 +18,20 @@ allprojects {
afterEvaluate {
tasks.withType(org.jetbrains.kotlin.gradle.tasks.KotlinCompile).configureEach {
kotlinOptions {
jvmTarget = "1.8"
jvmTarget = "11"
freeCompilerArgs += ["-opt-in=kotlinx.coroutines.ExperimentalCoroutinesApi"]
}
}

project.plugins.withId("com.android.base") {
android {
compileSdk 33
compileSdk 34
defaultConfig {
minSdk 23
targetSdk 33
}
compileOptions {
sourceCompatibility JavaVersion.VERSION_1_8
targetCompatibility JavaVersion.VERSION_1_8
sourceCompatibility JavaVersion.VERSION_11
targetCompatibility JavaVersion.VERSION_11
}
}
}
Expand Down
16 changes: 8 additions & 8 deletions ...c/main/java/nl/rijksoverheid/rdo/modules/httpsecurity/cms/CMSSignatureValidatorBuilder.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ object CMSSignatureValidatorBuilder {
fun build(
certificatesPem: List<String>,
cnMatchingString: String? = null,
clock: Clock
clock: Clock,
): CMSSignatureValidatorImpl {
return CMSSignatureValidatorImpl(
signingCertificates = emptyList(),
trustAnchors = trustCertificates(certificatesPem),
matchingString = cnMatchingString,
clock = clock
clock = clock,
)
}

Expand All @@ -25,8 +25,8 @@ object CMSSignatureValidatorBuilder {
return certificatesPem.map { certificatePem ->
val trustedCert = factory.generateCertificate(
ByteArrayInputStream(
certificatePem.toByteArray()
)
certificatePem.toByteArray(),
),
) as X509Certificate
TrustAnchor(trustedCert, null)
}.toSet()
Expand All @@ -35,7 +35,7 @@ object CMSSignatureValidatorBuilder {
fun build(
certificatesPem: List<String> = emptyList(),
signingCertificateBytes: List<ByteArray>,
clock: Clock
clock: Clock,
): CMSSignatureValidatorImpl {
val x509s = signingCertificateBytes.map {
CertificateFactory.getInstance("X509")
Expand All @@ -46,19 +46,19 @@ object CMSSignatureValidatorBuilder {
signingCertificates = x509s,
trustAnchors = trustCertificates(certificatesPem),
matchingString = null,
clock = clock
clock = clock,
)
}

fun build(
certificatesPem: List<String>,
signingCertificates: List<X509Certificate>
signingCertificates: List<X509Certificate>,
): CMSSignatureValidatorImpl {
return CMSSignatureValidatorImpl(
signingCertificates = signingCertificates,
trustAnchors = trustCertificates(certificatesPem),
matchingString = null,
clock = Clock.systemUTC()
clock = Clock.systemUTC(),
)
}
}
32 changes: 16 additions & 16 deletions .../src/main/java/nl/rijksoverheid/rdo/modules/httpsecurity/cms/CMSSignatureValidatorImpl.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,5 @@
package nl.rijksoverheid.rdo.modules.httpsecurity.cms

import java.io.BufferedInputStream
import java.io.InputStream
import java.security.cert.CertPathBuilder
import java.security.cert.CertPathBuilderException
import java.security.cert.CertStore
import java.security.cert.PKIXBuilderParameters
import java.security.cert.PKIXCertPathBuilderResult
import java.security.cert.TrustAnchor
import java.security.cert.X509CertSelector
import java.security.cert.X509Certificate
import java.time.Clock
import nl.rijksoverheid.rdo.modules.httpsecurity.SignatureValidationException
import nl.rijksoverheid.rdo.modules.httpsecurity.SignatureValidator
import org.bouncycastle.asn1.x500.style.BCStyle
Expand All @@ -23,6 +12,17 @@ import org.bouncycastle.cms.SignerId
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder
import org.bouncycastle.jce.provider.BouncyCastleProvider
import org.bouncycastle.operator.jcajce.JcaDigestCalculatorProviderBuilder
import java.io.BufferedInputStream
import java.io.InputStream
import java.security.cert.CertPathBuilder
import java.security.cert.CertPathBuilderException
import java.security.cert.CertStore
import java.security.cert.PKIXBuilderParameters
import java.security.cert.PKIXCertPathBuilderResult
import java.security.cert.TrustAnchor
import java.security.cert.X509CertSelector
import java.security.cert.X509Certificate
import java.time.Clock

/*
* Copyright (c) 2021 De Staat der Nederlanden, Ministerie van Volksgezondheid, Welzijn en Sport.
Expand All @@ -35,7 +35,7 @@ class CMSSignatureValidatorImpl internal constructor(
private val signingCertificates: List<X509Certificate>,
private val trustAnchors: Set<TrustAnchor>,
private val matchingString: String?,
private val clock: Clock
private val clock: Clock,
) : SignatureValidator {

private val provider = BouncyCastleProvider()
Expand All @@ -46,7 +46,7 @@ class CMSSignatureValidatorImpl internal constructor(
JcaDigestCalculatorProviderBuilder().setProvider(provider)
.build(),
CMSTypedStream(BufferedInputStream(content)),
signature
signature,
)

sp.signedContent.drain()
Expand Down Expand Up @@ -99,7 +99,7 @@ class CMSSignatureValidatorImpl internal constructor(

if (!signer.verify(
JcaSimpleSignerInfoVerifierBuilder().setProvider(provider)
.build(signingCertificate)
.build(signingCertificate),
)
) {
throw SignatureValidationException("The signature does not match")
Expand All @@ -116,7 +116,7 @@ class CMSSignatureValidatorImpl internal constructor(
private fun checkCertPath(
trustAnchors: Set<TrustAnchor>,
signerId: SignerId,
certs: CertStore
certs: CertStore,
): PKIXCertPathBuilderResult {
val pathBuilder: CertPathBuilder =
CertPathBuilder.getInstance("PKIX", provider)
Expand All @@ -130,7 +130,7 @@ class CMSSignatureValidatorImpl internal constructor(

val params = PKIXBuilderParameters(
trustAnchors,
targetConstraints
targetConstraints,
)
params.addCertStore(certs)
params.isRevocationEnabled = false
Expand Down
0 .../rdo/modules/httpsecurity/certificates.kt → .../rdo/modules/httpsecurity/Certificates.kt
View file
Open in desktop
File renamed without changes.
Loading