Merge pull request #6523 from corda/wz/merge-os-45-46-2020-07-28

NOTICK: Merging forward updates from OS 4.5 to OS 4.6
2024-12-19 04:57:58 +00:00 · 2020-07-28 16:50:00 +01:00 · 2020-07-28 16:50:00 +01:00 · c91dba83d3
commit c91dba83d3
parent c2fd8253ea e95ff388da
4 changed files with 60 additions and 11 deletions
--- a/.ci/dev/publish-api-docs/Jenkinsfile
+++ b/.ci/dev/publish-api-docs/Jenkinsfile
@ -1,5 +1,15 @@
-@Library('corda-shared-build-pipeline-steps')
+#!groovy
+/**
+ * Jenkins pipeline to build Corda OS KDoc & Javadoc archive
+ */

+/**
+ * Kill already started job.
+ * Assume new commit takes precendence and results from previous
+ * unfinished builds are not required.
+ * This feature doesn't play well with disableConcurrentBuilds() option
+ */
+@Library('corda-shared-build-pipeline-steps')
 import static com.r3.build.BuildControl.killAllExistingBuildsForJob

 killAllExistingBuildsForJob(env.JOB_NAME, env.BUILD_NUMBER.toInteger())
@ -10,6 +20,7 @@ pipeline {
        ansiColor('xterm')
        timestamps()
        timeout(time: 3, unit: 'HOURS')
+        buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14'))
    }

    environment {
@ -20,7 +31,7 @@ pipeline {

    stages {
        stage('Publish Archived API Docs to Artifactory') {
-            when { tag pattern: /^release-os-V(\d+\.\d+)(\.\d+){0,1}(-GA){0,1}(-\d{4}-\d\d-\d\d-\d{4}){0,1}$/, comparator: 'REGEXP' }
+            when { tag pattern: /^docs-release-os-V(\d+\.\d+)(\.\d+){0,1}(-GA){0,1}(-\d{4}-\d\d-\d\d-\d{4}){0,1}$/, comparator: 'REGEXP' }
            steps {
                sh "./gradlew :clean :docs:artifactoryPublish -DpublishApiDocs"
            }
--- a/build.gradle
+++ b/build.gradle
@ -62,8 +62,8 @@ buildscript {

    ext.asm_version = '7.1'
    ext.artemis_version = '2.6.2'
-    // TODO Upgrade Jackson only when corda is using kotlin 1.3.10
-    ext.jackson_version = '2.9.7'
+    // TODO Upgrade to Jackson 2.10+ only when corda is using kotlin 1.3.10
+    ext.jackson_version = '2.9.8'
    ext.jetty_version = '9.4.19.v20190610'
    ext.jersey_version = '2.25'
    ext.servlet_version = '4.0.1'
--- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilder.kt
+++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilder.kt
@ -6,6 +6,7 @@ import net.corda.core.crypto.internal.Instances
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier
 import org.bouncycastle.operator.ContentSigner
 import java.io.OutputStream
+import java.security.InvalidKeyException
 import java.security.PrivateKey
 import java.security.Provider
 import java.security.SecureRandom
@ -24,14 +25,18 @@ object ContentSignerBuilder {
        else
            Signature.getInstance(signatureScheme.signatureName, provider)

-        val sig = signatureInstance.apply {
-            // TODO special handling for Sphincs due to a known BouncyCastle's Sphincs bug we reported.
-            //      It is fixed in BC 161b12, so consider updating the below if-statement after updating BouncyCastle.
-            if (random != null && signatureScheme != SPHINCS256_SHA256) {
-                initSign(privateKey, random)
-            } else {
-                initSign(privateKey)
+        val sig = try {
+            signatureInstance.apply {
+                // TODO special handling for Sphincs due to a known BouncyCastle's Sphincs bug we reported.
+                //      It is fixed in BC 161b12, so consider updating the below if-statement after updating BouncyCastle.
+                if (random != null && signatureScheme != SPHINCS256_SHA256) {
+                    initSign(privateKey, random)
+                } else {
+                    initSign(privateKey)
+                }
            }
+        } catch(ex: InvalidKeyException) {
+            throw InvalidKeyException("Incorrect key type ${privateKey.algorithm} for signature scheme ${signatureInstance.algorithm}", ex)
        }
        return object : ContentSigner {
            private val stream = SignatureOutputStream(sig, optimised)
--- a/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilderTest.kt
+++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilderTest.kt
@ -0,0 +1,33 @@
+package net.corda.nodeapi.internal.crypto
+
+import net.corda.core.crypto.Crypto
+import org.assertj.core.api.Assertions.assertThatExceptionOfType
+import org.junit.Test
+import java.math.BigInteger
+import java.security.InvalidKeyException
+
+class ContentSignerBuilderTest {
+    companion object {
+        private const val entropy = "20200723"
+    }
+
+    @Test(timeout = 300_000)
+    fun `should build content signer for valid eddsa key`() {
+        val signatureScheme = Crypto.EDDSA_ED25519_SHA512
+        val provider = Crypto.findProvider(signatureScheme.providerName)
+        val issuerKeyPair = Crypto.deriveKeyPairFromEntropy(signatureScheme, BigInteger(entropy))
+        ContentSignerBuilder.build(signatureScheme, issuerKeyPair.private, provider)
+    }
+
+    @Test(timeout = 300_000)
+    fun `should fail to build content signer for incorrect key type`() {
+        val signatureScheme = Crypto.EDDSA_ED25519_SHA512
+        val provider = Crypto.findProvider(signatureScheme.providerName)
+        val issuerKeyPair = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger(entropy))
+        assertThatExceptionOfType(InvalidKeyException::class.java)
+                .isThrownBy {
+                    ContentSignerBuilder.build(signatureScheme, issuerKeyPair.private, provider)
+                }
+                .withMessage("Incorrect key type EC for signature scheme NONEwithEdDSA")
+    }
+}