Commit Graph

10395 Commits

Author SHA1 Message Date
Tommy Lillehagen
83d6a248a8
ENT-970 - SGX remote attestation host (#173)
* ENT-970 - SGX remote attestation host
 * Remote attestation enclave
 * Client for the remote attestation host
    * Communicates with ISV / RA server, which in turn communicates with
      the Intel Attestation Service
    * Native library bridging the client code running on the JVM with
      the native bits controlling and communicating with the enclave

* ENT-970 - Address comments from code review
* ENT-970 - More updates addressing review comments
* ENT-970 - Integrate with root Gradle project for SGX
2017-12-13 17:45:33 +00:00
Joel Dudley
f9f476b4f3
Moves upgrade notes to be more visible. 2017-12-13 17:41:34 +00:00
igor nitto
5720697b0d
[CORDA-827] Improved unit tests coverage and documentation (#2229)
* Extend unit test on RPCSecurityManager
* Fix corner cases in permission parsing and bug in tryAuthenticate
* Rework docsite page
* Add missing ChangeLog entry
2017-12-13 17:09:09 +00:00
Joel Dudley
929341e7ee
Updates tutorials (general fixes, link to solutions repos)
* Updates tutorial to make imports to be added clearer, and to reflect new repo structure.
* Adds links to the solution repos for tut 1.
* Further fixes based on dry-run.
2017-12-13 16:22:40 +00:00
Andrzej Cichocki
d1ea881aef
Inline testNodeConfiguration. (#2238) 2017-12-13 16:18:42 +00:00
josecoll
65ccd2318f
Merge pull request #182 from corda/colljos-os-hc02-merge-121217
OS -> Enterprise merge for HC02
2017-12-13 15:06:40 +00:00
Rick Parker
8bb02c63f0
ENT-1161 Notary load testing flow (#175) 2017-12-13 14:34:01 +00:00
josecoll
24f4c80176 Final final renaming of Integration test that got away. 2017-12-13 13:47:30 +00:00
josecoll
bc56a60d4a Final renaming of invalid constants in Integration tests following rebase from OS master. 2017-12-13 13:10:04 +00:00
josecoll
4e42fff7d4 Fix broken integration test following rebase from OS master (mostly test utils identity constant redefinitions / renaming) 2017-12-13 12:34:06 +00:00
Ross Nicoll
e309095ad4
Add sanity check that unlimited strength policy is installed (#183)
* Add sanity check that unlimited strength policy is installed
* Add HSM keys to ignore list
2017-12-13 11:21:22 +00:00
josecoll
d1998b2c94 Merge remote-tracking branch 'open-hc02/master' into colljos-os-hc02-merge-121217 2017-12-13 11:02:58 +00:00
Alberto Arri
2f610c2361
add noise (#2237) 2017-12-13 10:46:30 +00:00
josecoll
6507f51659 Merge branch 'master' into colljos-os-hc02-merge-121217 2017-12-13 10:43:01 +00:00
josecoll
806ae05781 Fix broken integration test following rebase from OS/ENT master. 2017-12-13 10:31:38 +00:00
Viktor Kolomeyko
4aa2a8ea18
ENT-1240: Only add IOUView when applicable. (#189) 2017-12-13 10:30:26 +00:00
Ross Nicoll
a5ca027d54
Clean up HSM launch (#177)
* Add basedir to HSM configuration
* Add run instructions to the Readme.md
* Correct help messsage display for HSM Doorman
2017-12-13 09:54:34 +00:00
josecoll
f357898e7a Fix compilation error following merge from ENT master 2017-12-13 09:28:54 +00:00
josecoll
1683347431
Clone of equivalent design directory from Enterprise repo. (#2120) 2017-12-13 08:41:43 +00:00
Andrzej Cichocki
d6df251e36
Bypass needless lookup. (#2236) 2017-12-12 21:51:32 +00:00
Konstantinos Chalkias
b58e2b89cd
TLS supports K1 and mixed K1-R1-RSA (#2216) 2017-12-12 20:08:57 +00:00
Andrzej Cichocki
c3b9955344
CORDA-716 Fix split packages in testing (#2232) 2017-12-12 19:37:01 +00:00
josecoll
2842205c30 Fix compilation error following merge from ENT master 2017-12-12 18:21:35 +00:00
Andrzej Cichocki
905c8252a6
CORDA-654 Remaining key constants (#2226) 2017-12-12 18:03:06 +00:00
josecoll
c72b33841b Merge branch 'master' into colljos-os-hc02-merge-121217 2017-12-12 17:42:21 +00:00
Ross Nicoll
96d8ec9640
Dynamically add BouncyCastle provider (#185) 2017-12-12 17:07:35 +00:00
Ross Nicoll
42782f8890
ENT-1151: Rework unicode block validation rules (#2125)
* Redo legal name validation rules so that direction change chars are rejected
* Split name validation into minimal rules that all nodes can require, plus extended rules that the Doorman will apply (and we may need to change, without updating the entire network).
* Break down name validation rule sets to better match expectations
* Add test for nulls in Corda names
2017-12-12 16:52:14 +00:00
josecoll
60b8be5df8 Removed 'perftestcordapp' due to continuous OS merge breakages. 2017-12-12 16:19:36 +00:00
josecoll
898ce8c0aa Removed non-existent import following merge from OS. 2017-12-12 16:09:32 +00:00
Andrzej Cichocki
08bbf9061e
Introduce TestIdentity. (#2217) 2017-12-12 15:52:05 +00:00
josecoll
fe2b76ffd5 Moved "TODO:fix me" comment as per Shams request. 2017-12-12 15:19:02 +00:00
josecoll
2c57165002 Fixed Doorman TEST dependencies and compilation errors following rebase from OS.
Commented out 3 test which require re-coding.
2017-12-12 15:07:58 +00:00
josecoll
7eabee1241 Fixed Doorman dependencies and compilation errors following rebase from OS. 2017-12-12 14:20:59 +00:00
Maksymilian Pawlak
537e304536
IRS demo permissions fix (#2231) 2017-12-12 13:56:12 +00:00
Chris Rankin
2725f53ef5
ENT-1074 - Proof-of-concept ISV for SGX remote attestation (#161)
* Initial WIP.
* Configure IAS host via system properties.
* Create separate Gretty configurations for testing and for IAS.
* (WIP) Separate configuration values from WAR; Add msg3 -> msg4 handling.
* Check the IAS report's cryptographic signature.
* Accept CertPath from IAS instead of a Certificate.
* Validate the certificate chain for the IAS report.
* Refactor response handling, and add a secret to Message4.
* Append public DH keys to generated shared secret.
* Use DH secret to generate a 256 bit AES key.
* Fix runISV Gradle task so that it creates WAR file.
* Migrate MockIAS service into a separate package.
* Remove unused aesCMAC field from Message3.
* Configure HTTP sessions to expire after 10 idle minutes.
* Ensure we select the "isv" key for MTLS with Intel Attestation Service.
* Set key alias for Intel's public certificate.
* Implement GET /attest/provision endpoint.
* Use elliptic curves for Diffie-Hellman keys.
* Pass public keys as Little Endian byte arrays without ASN.1 encoding.
* Add AES-CMAC signature to Message2.
* Remove signature fields from QUOTE body for sending to IAS.
* Add a dummy AES-CMAC field to Message3 for later validation.
* Generate AEC-CMAC for Message 3, and refactor crypto functionality.
* Calculate AES-CMAC using AES/CBC/PKCS5Padding algorithm.
* Use BouncyCastle's AESCMAC algorithm for MAC calculation.
* Include standard crypto test vectors to the unit tests.
* Encrypt MSG3 secret using AES/GCM/NoPadding with 128 bit key.
* Hash shared key with Little Endian versions of public keys.
* Refactor so that hexToBytes() is a utility.
* Simplify signing of MocKIAS report.
* Separate AES/GCM authentication tag from the encrypted data.
* Create /ias/report endpoint for ISV which proxies IAS.
* Remove unnecessary @Throws from MockIAS handlers.
* Log HTTP error status from IAS.
* Replace runISV task with startISV and stopISV tasks.
* Refactor tests to use CryptoProvider @Rule instead of @Suite.
* Move Web server for integration tests to use non-production ports.
* Add proxy endpoint for IAS revocation list.
* Generate an ECDSA "service key" for signing (gb|ga).
* Generate a persistent key-pair for the ISV to sign with.
* Verify the (Gb|Ga) signature from Message2.
* Add debugging aids.
* Fix Gradle warning.
* Remove TLV header from Platform Info Body for MSG4.
* Small tidy-up.
* Use SPID "as-is" when calculating CMAC for MSG2.
* Add DEBUG messages for MSG2's KDK and SMK values (AES-CMAC).
* Add DEBUG logging for ECDH shared secret.
* More DEBUG logging.
* The ECDH shared secret *is* the x-coordinate: no need to subrange.
* Adjust MockIAS to return an empty revocationList for GID 0000000b.
* Fix ArrayOutOfBoundsException for "small" integer values.
* Test MSG1 with empty revocation list.
* Add extra logging for IAS report request.
* ReportResponse object cannot be null.
* Fix misreading of spec - don't remove quote's signature when requesting report from IAS.
* Log invalid contents of X-IAS-Report-Signing-Certificate HTTP header.
* Build CertPath for IAS from explicit list of Certificates.
* Rename quote fields on IAS ReportResponse to match Intel.
* Log report ID and quote status from IAS.
* Add a revocation list checker to the certificate path validator.
* Tweak revocation list options, depending on IAS vs MockIAS.
* Extract Intel's certificate specifically by alias for PKIX.
* Tune quote body returned by MockIAS.
* Add AES-CMAC field to Message4 for validation.
* Increase GCM authentication tag to 128 bits.
* Receive platformInfoBlob from IAS as hexadecimal string.
* Generate secret encryption key using KDK and SK values.
* Marshall platformInfoBlob between Base16 string and ByteArray.
* Interpret status results from IAS as enums.
* Use lateinit for HttpServletRequest field.
* Refactor ExceptionHandler out of messages package.
* Alias is for ISV, so rename it.
* Refactor classes into more correct packages.
* Use random 96 bit IV for GCM encryption.
* Parameterise HTTP/HTTPS ports via Gradle.
* Do not forward a securityManifest containing only zeros to IAS.
* Address review comments.
* Review comment: Use NativePRNGNonBlocking for SecureRandom.
* Rename isv.pfx to isv-svc.pfx
* Rename keystore to isv.pfx, for clarity.
* Update scripts so that they no longer require user input.
* Generate isv.pfx from the key and certificates.
* Remove private key from repository.
* Declare an empty PSE Manifest to be invalid.
* Generate keystores "on the fly".
* Rename integration tests to end in "IT" instead of "Test".
* Add README
* Turn remote-attestation into a separate Gradle project.
2017-12-12 13:34:26 +00:00
Tommy Lillehagen
76728954de
Merge pull request #2230 from corda/tlil/ENT-1237/fix-irs-demo-web
ENT-1237 Fix run script for IRS Demo web apps
2017-12-12 12:41:08 +00:00
Tommy Lillehagen
64c0d41a5d ENT-1237 Fix run script for IRS Demo web apps 2017-12-12 11:47:14 +00:00
josecoll
cc770e1145 Re-enabled Doorman build and removed hard dependency on specific OS branch. 2017-12-12 11:31:52 +00:00
josecoll
499de12620 Merge remote-tracking branch 'open-hc02/master' into colljos-os-hc02-merge-121217 2017-12-12 11:22:57 +00:00
Joel Dudley
91f7dbe658
Removes R3 references from the docs. 2017-12-12 10:42:48 +00:00
Alberto Arri
2dc73ecf3b
Changed logic to check for initial certificate, now using the truststore instead of the .cer file (#2213) 2017-12-12 10:39:52 +00:00
szymonsztuka
1fc200efa7 Add db integration to new tests (#180) 2017-12-12 10:17:07 +00:00
Shams Asari
5b12c5177e Correct version strings 2017-12-11 21:11:29 +00:00
Shams Asari
6d6393d984 Merge branch 'feature-network-parameters' into shams-merge-feature-network-parameters 2017-12-11 21:10:34 +00:00
Katelyn Baker
b102fdeab1
Merge pull request #2228 from corda/kat/bug/nestedGenerics
CORDA-852 - Fix AMQP serialisation of nested generic
2017-12-11 20:55:08 +00:00
Katelyn Baker
1fb1d6fb72 CORDA-852 - Fix AMQP serialisation of nested generic 2017-12-11 20:12:32 +00:00
Viktor Kolomeyko
6dcac410c6
CORDA-822 - Partially revert changes to ExplorerSimulator done by JMX Jolokia instrumentation (#2197) 2017-12-11 17:14:57 +00:00
Andrzej Cichocki
d8c7f0ae23
Inline DUMMY_CASH/OBLIGATION_ISSUER. (#2214) 2017-12-11 16:17:20 +00:00
josecoll
3dd524c6fd
Merge pull request #170 from corda/colljos-os-hc01-merge-111217
Merge OS->Enterprise for HC01
2017-12-11 14:17:36 +00:00
josecoll
bc488cc254 Fix broken integration test in Samples. 2017-12-11 13:27:38 +00:00