* ENT-1282: add standalone db migration tool that works with both the node and the doorman
* ENT-1282: remove cmd line args during node startup
* ENT-1282: more clear message
* ENT-1282: fix integration test
* ENT-1282: more fixes and cleanup code
* ENT-1282: address PR comments
* ENT-1282: more fixes and refactoring
* ENT-1282: more classloader fixes
* ENT-1282: changes after demo feedback
* ENT-1282: update API
* ENT-1282: update documentation
* ENT-1282: formatting
* ENT-1282: added CONSOLE option for dry-run and logging
* ENT-1282: documentation changes
* ENT-1282: remove getMigrationResource from the public API
* ENT-1282: removed dependency on network-manager, added release-lock
* ENT-1282: Update documentation
* Initial implementation of the certificate generation tool
* Adding trust store persisting
* Addressing review comments
* Adding certificate type to the certificate generation process.
* Addressing review comments
* Fixing typos
* Changing keyOverride to 0 in examples and tests
* Addressing review comments + rebasing
* Adding CRL information to the certificate generation process
* Generation tool refactoring
* Addressing review comments
* Quick fixes
* Fix SignedNodeInfo
Introduce network-management schema changes to reflect that NodeInfos
can have multiple signatures.
* Address Shams comments
Store SignedNodeInfo as a blob for network management tool.
Copying of the node-info files moved out of Cordform and into NetworkParametersGenerator (which is now called NetworkBootstrapper). This class becomes an external tool to enable deployment of nodes in a test setup on a single filesystem.
* Initial WIP.
* Configure IAS host via system properties.
* Create separate Gretty configurations for testing and for IAS.
* (WIP) Separate configuration values from WAR; Add msg3 -> msg4 handling.
* Check the IAS report's cryptographic signature.
* Accept CertPath from IAS instead of a Certificate.
* Validate the certificate chain for the IAS report.
* Refactor response handling, and add a secret to Message4.
* Append public DH keys to generated shared secret.
* Use DH secret to generate a 256 bit AES key.
* Fix runISV Gradle task so that it creates WAR file.
* Migrate MockIAS service into a separate package.
* Remove unused aesCMAC field from Message3.
* Configure HTTP sessions to expire after 10 idle minutes.
* Ensure we select the "isv" key for MTLS with Intel Attestation Service.
* Set key alias for Intel's public certificate.
* Implement GET /attest/provision endpoint.
* Use elliptic curves for Diffie-Hellman keys.
* Pass public keys as Little Endian byte arrays without ASN.1 encoding.
* Add AES-CMAC signature to Message2.
* Remove signature fields from QUOTE body for sending to IAS.
* Add a dummy AES-CMAC field to Message3 for later validation.
* Generate AEC-CMAC for Message 3, and refactor crypto functionality.
* Calculate AES-CMAC using AES/CBC/PKCS5Padding algorithm.
* Use BouncyCastle's AESCMAC algorithm for MAC calculation.
* Include standard crypto test vectors to the unit tests.
* Encrypt MSG3 secret using AES/GCM/NoPadding with 128 bit key.
* Hash shared key with Little Endian versions of public keys.
* Refactor so that hexToBytes() is a utility.
* Simplify signing of MocKIAS report.
* Separate AES/GCM authentication tag from the encrypted data.
* Create /ias/report endpoint for ISV which proxies IAS.
* Remove unnecessary @Throws from MockIAS handlers.
* Log HTTP error status from IAS.
* Replace runISV task with startISV and stopISV tasks.
* Refactor tests to use CryptoProvider @Rule instead of @Suite.
* Move Web server for integration tests to use non-production ports.
* Add proxy endpoint for IAS revocation list.
* Generate an ECDSA "service key" for signing (gb|ga).
* Generate a persistent key-pair for the ISV to sign with.
* Verify the (Gb|Ga) signature from Message2.
* Add debugging aids.
* Fix Gradle warning.
* Remove TLV header from Platform Info Body for MSG4.
* Small tidy-up.
* Use SPID "as-is" when calculating CMAC for MSG2.
* Add DEBUG messages for MSG2's KDK and SMK values (AES-CMAC).
* Add DEBUG logging for ECDH shared secret.
* More DEBUG logging.
* The ECDH shared secret *is* the x-coordinate: no need to subrange.
* Adjust MockIAS to return an empty revocationList for GID 0000000b.
* Fix ArrayOutOfBoundsException for "small" integer values.
* Test MSG1 with empty revocation list.
* Add extra logging for IAS report request.
* ReportResponse object cannot be null.
* Fix misreading of spec - don't remove quote's signature when requesting report from IAS.
* Log invalid contents of X-IAS-Report-Signing-Certificate HTTP header.
* Build CertPath for IAS from explicit list of Certificates.
* Rename quote fields on IAS ReportResponse to match Intel.
* Log report ID and quote status from IAS.
* Add a revocation list checker to the certificate path validator.
* Tweak revocation list options, depending on IAS vs MockIAS.
* Extract Intel's certificate specifically by alias for PKIX.
* Tune quote body returned by MockIAS.
* Add AES-CMAC field to Message4 for validation.
* Increase GCM authentication tag to 128 bits.
* Receive platformInfoBlob from IAS as hexadecimal string.
* Generate secret encryption key using KDK and SK values.
* Marshall platformInfoBlob between Base16 string and ByteArray.
* Interpret status results from IAS as enums.
* Use lateinit for HttpServletRequest field.
* Refactor ExceptionHandler out of messages package.
* Alias is for ISV, so rename it.
* Refactor classes into more correct packages.
* Use random 96 bit IV for GCM encryption.
* Parameterise HTTP/HTTPS ports via Gradle.
* Do not forward a securityManifest containing only zeros to IAS.
* Address review comments.
* Review comment: Use NativePRNGNonBlocking for SecureRandom.
* Rename isv.pfx to isv-svc.pfx
* Rename keystore to isv.pfx, for clarity.
* Update scripts so that they no longer require user input.
* Generate isv.pfx from the key and certificates.
* Remove private key from repository.
* Declare an empty PSE Manifest to be invalid.
* Generate keystores "on the fly".
* Rename integration tests to end in "IT" instead of "Test".
* Add README
* Turn remote-attestation into a separate Gradle project.
* First working version of RPC & JMeter
* Remote JMeter working from single JAR.
* Some clean up. Remote slave via capsule is working.
* Full config of capsule launched JMeter server (was missing functions previously).
* SSH tunnelling utility. Property files per remote host.
* Rename jar to make easier to deploy with wildcard filters.
* Easy all in one launch of UI + SSH tunnels.
* Comment out parties.
* Work around for notary.
* Clean up, renaming etc
* Add some comments and clean up.
* Add some comments and clean up.
* README and fixes.
* Redirect search_paths into a file since it so long and doesn't work on the command line in Windows.
* First working version of RPC & JMeter
* Remote JMeter working from single JAR.
* Some clean up. Remote slave via capsule is working.
* Full config of capsule launched JMeter server (was missing functions previously).
* SSH tunnelling utility. Property files per remote host.
* Easy all in one launch of UI + SSH tunnels.
* Comment out parties.
* Work around for notary.
* Clean up, renaming etc
* Add some comments and clean up.
* Add some comments and clean up.
* README and fixes.
* Reduce the dependencies of the JMeter project by copying (#118)
one function and listing required explicit dependencies
instead of depending on loadtest
* Tidy up
* Fix ssh for windows (#121)
* Make ssh tunnels work with Pageant on windows and allow specifying explicit
ssh remote user
* Update comments
* Merging signing service and doorman
* Addressing review comments
* Removing redundant package name space from method call
* Adding description field to gradle
* Adding a new service for CSR signing
* Adding a new service for CSR signing
* Removing rejection option
* Adding CSR log and removing rejection option
* Addressing review comments
* Move SwapIdentitiesFlow to confidential-identities module
* Clean up confidential-identities build.gradle
* Change description to include Experimental
* Move confidential-identities to a dependency of node rather than node-api
* Removed Requery object relational mapping usage (and associated schemas including node-schemas module)
* Fixed issues with NodeAttachmentService tests.
Cannot use JPA custom converters with Primary Key fields.
Hibernate entities require explicit call to flush() to persist to disk.
* Removed redundant requery converters (equivalents not even required in Hibernate).
* Removed remaining gradle requery dependency definitions.
* Fixed broken tests.
* Fixes for failing NodeVaultService tests:
- Dynamic SQL updates (in soft locking code)
- Explicit request by session to participate in transaction (causing "TransactionRequiredException" Executing an update/delete query)
- Explicit flush() required to persist to disk
* Updated changelog.
Fixed compiler warning.
* Fixed WHERE clause AND/OR condition.
Enforced immediate data visibility through transaction commit.
* Final fixes to address failing tests.
* Deferred all hibernate session/txn management to DatabaseTransactionManager.
* Fixed transaction boundaries in failing Cash tests.
* Fixes to address failing tests (transaction boundaries, merge detached object, config clean-up).
* Final adjustment to transaction boundaries in JUnit tests.
* Refactored AttachmentSchemaV1 into NodeAttachmentService itself and referenced from NodeServicesV1.
* Refactored HSQL UPDATE statements to use CriteriaUpdate API.
* Updated all criteria API getters to reference attribute names by type.
* Remove redundant VaultSchema entity name (required when previously using HSQL UPDATE syntax)
* Fix compiler warnings.
* Minor changes following rebase from master.
* Fixed suppress warning type.
* POMs generated by publishing are now correct. The publish extension now requires an explicit call to configure the publishing instead of waiting until after evaluation. This prevents evaluation order issues with the artifact renaming code that causes the POM to have the original, incorrect, artifact names.
* Fixed new test compile issues caused by removal of some dependencies in test utils that caused webserver code to be automatically included in any project also compiling test utils.