diff --git a/.ci/dev/publish-api-docs/Jenkinsfile b/.ci/dev/publish-api-docs/Jenkinsfile index d99d17ef44..b45aa95e95 100644 --- a/.ci/dev/publish-api-docs/Jenkinsfile +++ b/.ci/dev/publish-api-docs/Jenkinsfile @@ -1,5 +1,15 @@ -@Library('corda-shared-build-pipeline-steps') +#!groovy +/** + * Jenkins pipeline to build Corda OS KDoc & Javadoc archive + */ +/** + * Kill already started job. + * Assume new commit takes precendence and results from previous + * unfinished builds are not required. + * This feature doesn't play well with disableConcurrentBuilds() option + */ +@Library('corda-shared-build-pipeline-steps') import static com.r3.build.BuildControl.killAllExistingBuildsForJob killAllExistingBuildsForJob(env.JOB_NAME, env.BUILD_NUMBER.toInteger()) @@ -10,6 +20,7 @@ pipeline { ansiColor('xterm') timestamps() timeout(time: 3, unit: 'HOURS') + buildDiscarder(logRotator(daysToKeepStr: '14', artifactDaysToKeepStr: '14')) } environment { @@ -20,7 +31,7 @@ pipeline { stages { stage('Publish Archived API Docs to Artifactory') { - when { tag pattern: /^release-os-V(\d+\.\d+)(\.\d+){0,1}(-GA){0,1}(-\d{4}-\d\d-\d\d-\d{4}){0,1}$/, comparator: 'REGEXP' } + when { tag pattern: /^docs-release-os-V(\d+\.\d+)(\.\d+){0,1}(-GA){0,1}(-\d{4}-\d\d-\d\d-\d{4}){0,1}$/, comparator: 'REGEXP' } steps { sh "./gradlew :clean :docs:artifactoryPublish -DpublishApiDocs" } diff --git a/build.gradle b/build.gradle index 1d8c28e160..1b32cbdcf1 100644 --- a/build.gradle +++ b/build.gradle @@ -62,8 +62,8 @@ buildscript { ext.asm_version = '7.1' ext.artemis_version = '2.6.2' - // TODO Upgrade Jackson only when corda is using kotlin 1.3.10 - ext.jackson_version = '2.9.7' + // TODO Upgrade to Jackson 2.10+ only when corda is using kotlin 1.3.10 + ext.jackson_version = '2.9.8' ext.jetty_version = '9.4.19.v20190610' ext.jersey_version = '2.25' ext.servlet_version = '4.0.1' diff --git a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilder.kt b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilder.kt index ac60f55764..bbee9e5d2a 100644 --- a/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilder.kt +++ b/node-api/src/main/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilder.kt @@ -6,6 +6,7 @@ import net.corda.core.crypto.internal.Instances import org.bouncycastle.asn1.x509.AlgorithmIdentifier import org.bouncycastle.operator.ContentSigner import java.io.OutputStream +import java.security.InvalidKeyException import java.security.PrivateKey import java.security.Provider import java.security.SecureRandom @@ -24,14 +25,18 @@ object ContentSignerBuilder { else Signature.getInstance(signatureScheme.signatureName, provider) - val sig = signatureInstance.apply { - // TODO special handling for Sphincs due to a known BouncyCastle's Sphincs bug we reported. - // It is fixed in BC 161b12, so consider updating the below if-statement after updating BouncyCastle. - if (random != null && signatureScheme != SPHINCS256_SHA256) { - initSign(privateKey, random) - } else { - initSign(privateKey) + val sig = try { + signatureInstance.apply { + // TODO special handling for Sphincs due to a known BouncyCastle's Sphincs bug we reported. + // It is fixed in BC 161b12, so consider updating the below if-statement after updating BouncyCastle. + if (random != null && signatureScheme != SPHINCS256_SHA256) { + initSign(privateKey, random) + } else { + initSign(privateKey) + } } + } catch(ex: InvalidKeyException) { + throw InvalidKeyException("Incorrect key type ${privateKey.algorithm} for signature scheme ${signatureInstance.algorithm}", ex) } return object : ContentSigner { private val stream = SignatureOutputStream(sig, optimised) diff --git a/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilderTest.kt b/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilderTest.kt new file mode 100644 index 0000000000..6920c78093 --- /dev/null +++ b/node-api/src/test/kotlin/net/corda/nodeapi/internal/crypto/ContentSignerBuilderTest.kt @@ -0,0 +1,33 @@ +package net.corda.nodeapi.internal.crypto + +import net.corda.core.crypto.Crypto +import org.assertj.core.api.Assertions.assertThatExceptionOfType +import org.junit.Test +import java.math.BigInteger +import java.security.InvalidKeyException + +class ContentSignerBuilderTest { + companion object { + private const val entropy = "20200723" + } + + @Test(timeout = 300_000) + fun `should build content signer for valid eddsa key`() { + val signatureScheme = Crypto.EDDSA_ED25519_SHA512 + val provider = Crypto.findProvider(signatureScheme.providerName) + val issuerKeyPair = Crypto.deriveKeyPairFromEntropy(signatureScheme, BigInteger(entropy)) + ContentSignerBuilder.build(signatureScheme, issuerKeyPair.private, provider) + } + + @Test(timeout = 300_000) + fun `should fail to build content signer for incorrect key type`() { + val signatureScheme = Crypto.EDDSA_ED25519_SHA512 + val provider = Crypto.findProvider(signatureScheme.providerName) + val issuerKeyPair = Crypto.deriveKeyPairFromEntropy(Crypto.ECDSA_SECP256R1_SHA256, BigInteger(entropy)) + assertThatExceptionOfType(InvalidKeyException::class.java) + .isThrownBy { + ContentSignerBuilder.build(signatureScheme, issuerKeyPair.private, provider) + } + .withMessage("Incorrect key type EC for signature scheme NONEwithEdDSA") + } +} \ No newline at end of file