ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-18 20:47:57 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge pull request #6756 from corda/denis/merge-os-4.3-to-4.4

Browse Source 
NOTICK: Merge OS 4.3 to 4.4
This commit is contained in:
Rick Parker 2020-10-05 09:35:36 +01:00 committed by GitHub
commit 3c919f0d69
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/X509Utilities.kt
View File

@ -2,7 +2,7 @@ package net.corda.nodeapi.internal.crypto
import net.corda.core.CordaOID
import net.corda.core.crypto.Crypto
import net.corda.core.crypto.random63BitValue
import net.corda.core.crypto.newSecureRandom
import net.corda.core.internal.*
import net.corda.core.utilities.days
import net.corda.core.utilities.millis
@ -35,6 +35,8 @@ import java.time.Instant
import java.time.temporal.ChronoUnit
import java.util.*
import javax.security.auth.x500.X500Principal
import kotlin.experimental.and
import kotlin.experimental.or
object X509Utilities {
// Note that this default value only applies to BCCryptoService. Other implementations of CryptoService may have to use different
@ -75,6 +77,8 @@ object X509Utilities {
return "Alias '$alias' must contain only lowercase alphanumeric characters and not exceed 100 characters length."
}
private const val CERTIFICATE_SERIAL_NUMBER_LENGTH = 16
val DEFAULT_VALIDITY_WINDOW = Pair(0.millis, 3650.days)
/**
@ -184,7 +188,7 @@ object X509Utilities {
nameConstraints: NameConstraints? = null,
crlDistPoint: String? = null,
crlIssuer: X500Name? = null): X509v3CertificateBuilder {
val serial = BigInteger.valueOf(random63BitValue())
val serial = generateCertificateSerialNumber()
val keyPurposes = DERSequence(ASN1EncodableVector().apply { certificateType.purposes.forEach { add(it) } })
val subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(ASN1Sequence.getInstance(subjectPublicKey.encoded))
val role = certificateType.role
@ -364,6 +368,15 @@ object X509Utilities {
builder.addExtension(Extension.cRLDistributionPoints, false, CRLDistPoint(arrayOf(distPoint)))
}
}
@Suppress("MagicNumber")
private fun generateCertificateSerialNumber(): BigInteger {
val bytes = ByteArray(CERTIFICATE_SERIAL_NUMBER_LENGTH)
newSecureRandom().nextBytes(bytes)
// Set highest byte to 01xxxxxx to ensure positive sign and constant bit length.
bytes[0] = bytes[0].and(0x3F).or(0x40)
return BigInteger(bytes)
}
}
// Assuming cert type to role is 1:1

12
node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/X509UtilitiesTest.kt
View File

@ -553,4 +553,16 @@ class X509UtilitiesTest {
cert.checkValidity({ "Error text" }, { }, Date.from(today.toInstant() + 51.days))
}
}
@Test(timeout = 300_000)
fun `check certificate serial number`() {
val keyPair = generateKeyPair()
val subject = X500Principal("CN=Test,O=R3 Ltd,L=London,C=GB")
val cert = X509Utilities.createSelfSignedCACertificate(subject, keyPair)
assertTrue(cert.serialNumber.signum() > 0)
assertEquals(127, cert.serialNumber.bitLength())
val serialized = X509Utilities.buildCertPath(cert).encoded
val deserialized = X509CertificateFactory().delegate.generateCertPath(serialized.inputStream()).x509Certificates.first()
assertEquals(cert.serialNumber, deserialized.serialNumber)
}
}