From aa0963bc766235fd5ad3f52e96815bce17dc1296 Mon Sep 17 00:00:00 2001
From: Adel El-Beik <adel.el-beik@r3.com>
Date: Thu, 16 Jun 2022 18:01:32 +0100
Subject: [PATCH 1/5] ENT-6858: In our Corda BC provider add support for
 Signature.Ed25519 using our own X509EdDSAEngine. Needed so that we can
 upgrade BC in ENT.

---
 .../main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
index 0523b00cba..7133ea82fd 100644
--- a/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
+++ b/core/src/main/kotlin/net/corda/core/crypto/internal/ProviderMap.kt
@@ -33,6 +33,7 @@ val cordaBouncyCastleProvider = BouncyCastleProvider().apply {
     putAll(EdDSASecurityProvider())
     // Override the normal EdDSA engine with one which can handle X509 keys.
     put("Signature.${EdDSAEngine.SIGNATURE_ALGORITHM}", X509EdDSAEngine::class.java.name)
+    put("Signature.Ed25519", X509EdDSAEngine::class.java.name)
     addKeyInfoConverter(`id-Curve25519ph`, object : AsymmetricKeyInfoConverter {
         override fun generatePublic(keyInfo: SubjectPublicKeyInfo) = decodePublicKey(EDDSA_ED25519_SHA512, keyInfo.encoded)
         override fun generatePrivate(keyInfo: PrivateKeyInfo) = decodePrivateKey(EDDSA_ED25519_SHA512, keyInfo.encoded)

From 872a81617ae69d68b4b35dc6861b3b23a5f83718 Mon Sep 17 00:00:00 2001
From: Adel El-Beik <adel.el-beik@r3.com>
Date: Wed, 22 Jun 2022 14:35:54 +0100
Subject: [PATCH 2/5] ENT-6858: Updated bouncy castle to 1.68 to match 4.5.

---
 constants.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/constants.properties b/constants.properties
index 2ed3714aec..b762c75822 100644
--- a/constants.properties
+++ b/constants.properties
@@ -20,7 +20,7 @@ quasarClassifier=jdk8
 quasarVersion11=0.8.0_r3
 jdkClassifier11=jdk11
 proguardVersion=6.1.1
-bouncycastleVersion=1.66
+bouncycastleVersion=1.68
 classgraphVersion=4.8.78
 disruptorVersion=3.4.2
 typesafeConfigVersion=1.3.4

From 000019b65cd98d358d51681899f7711756d1ac07 Mon Sep 17 00:00:00 2001
From: Adel El-Beik <adel.el-beik@r3.com>
Date: Tue, 28 Jun 2022 10:48:27 +0100
Subject: [PATCH 3/5] ENT-6865: Bumped quasar version for compatibility with
 ENT.

---
 constants.properties | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/constants.properties b/constants.properties
index b762c75822..9172f545a1 100644
--- a/constants.properties
+++ b/constants.properties
@@ -14,8 +14,7 @@ java8MinUpdateVersion=171
 platformVersion=6
 guavaVersion=28.0-jre
 # Quasar version to use with Java 8:
-quasarVersion=0.7.12_r3
-quasarClassifier=jdk8
+quasarVersion=0.7.15_r3
 # Quasar version to use with Java 11:
 quasarVersion11=0.8.0_r3
 jdkClassifier11=jdk11

From d669d39e6401040d8ce0bc8ee0c5d5a1353fa576 Mon Sep 17 00:00:00 2001
From: ronanbrowne88 <ronan.browne@r3.com>
Date: Sun, 10 Jul 2022 19:33:37 +0100
Subject: [PATCH 4/5] INFRA-1805 add snyk scanning to corda os 4.4

---
 .ci/dev/regression/Jenkinsfile | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile
index 75e6782014..e2c4a4b6ca 100644
--- a/.ci/dev/regression/Jenkinsfile
+++ b/.ci/dev/regression/Jenkinsfile
@@ -81,6 +81,7 @@ pipeline {
         CORDA_ARTIFACTORY_USERNAME = "${env.ARTIFACTORY_CREDENTIALS_USR}"
         DOCKER_URL = "https://index.docker.io/v1/"
         EMAIL_RECIPIENTS = credentials('corda4-email-recipient')
+        SNYK_API_KEY = "c4-os-snyk"
     }
 
     stages {
@@ -189,6 +190,15 @@ pipeline {
             }
         }
 
+        stage('Snyk Security') {
+            when {
+                expression { isReleaseTag || isReleaseCandidate || isReleaseBranch }
+            }
+            steps {
+                snykSecurityScan("${env.SNYK_API_KEY}", "--all-sub-projects --prune-repeated-subdependencies --debug --target-reference='${env.BRANCH_NAME}' --project-tags=Branch='${env.BRANCH_NAME.replaceAll("[^0-9|a-z|A-Z]+","_")}'")
+            }
+        }
+
         stage('All Tests') {
             when {
                 expression { params.DO_TEST }

From e35b755546e10dc070563f99faeafd826a312a2e Mon Sep 17 00:00:00 2001
From: ronanbrowne88 <ronan.browne@r3.com>
Date: Mon, 11 Jul 2022 22:01:25 +0100
Subject: [PATCH 5/5] CORE-4769 add snyk scan open source 4.4

---
 .ci/dev/regression/Jenkinsfile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.ci/dev/regression/Jenkinsfile b/.ci/dev/regression/Jenkinsfile
index e2c4a4b6ca..cdb3a5cc44 100644
--- a/.ci/dev/regression/Jenkinsfile
+++ b/.ci/dev/regression/Jenkinsfile
@@ -442,11 +442,17 @@ pipeline {
         success {
         	script {
         		sendSlackNotifications("good", "BUILD PASSED", false, "#corda-corda4-open-source-build-notifications")
+                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
+                    snykSecurityScan.generateHtmlElements()
+                }
         	}
         }
         unstable {
         	script {
         		sendSlackNotifications("warning", "BUILD UNSTABLE - Unstable Builds are likely a result of Nexus Sonar Scanner violations", false, "#corda-corda4-open-source-build-notifications")
+                if (isReleaseTag || isReleaseCandidate || isReleaseBranch) {
+                    snykSecurityScan.generateHtmlElements()
+                }
         	}
         }
         failure {