Commit Graph

10690 Commits

Author SHA1 Message Date
Tommy Lillehagen
f21f8e7142
ENT-1187 - Update Intel SGX SDK (#165)
* Remove diverged copy of 'linux-sgx'

* Squashed 'sgx-jvm/linux-sgx/' content from commit 3699ffd5e

git-subtree-dir: sgx-jvm/linux-sgx
git-subtree-split: 3699ffd5ebd8e79d599301fa2e5814e2386cad2d

* ENT-1194 - Executable heap

* ENT-1194 - Placeholder for passing of enclave context to create_thread
2017-12-14 12:33:15 +00:00
Konstantinos Chalkias
5b33db93fc
Add doc comments on supported TLS schemes and scheme hash functions (#2161) 2017-12-14 12:30:07 +00:00
Katarzyna Streich
0df846148d
SignedNetworkMap verification fix (#2255)
* SignedNetworkMap verification fix

SignedNetworkMap verification should also include cert path validation,
which was probably moved away by accident, because docs say about the
exception CertPathValidatorException.
2017-12-14 12:06:44 +00:00
Christian Sailer
205663d37f
SQL coin selection (#186)
* Copy SQL server cash selection and all other required changes from finance to perftestcordapp

* Copy SQL server cash selection and all other required changes from finance to perftestcordapp

* Add cash selection to manifest
2017-12-14 11:56:48 +00:00
Shams Asari
70b6944c96
Merge pull request #2074 from corda/mkit-add-test-comment
Adding comment to test
2017-12-14 11:40:35 +00:00
Shams Asari
2319bf396c Renamed TestIdentity.key to keyPair and pubkey to publicKey (#2249) 2017-12-14 11:30:55 +00:00
josecoll
2512b29b26
Merge pull request #192 from corda/colljos-doorman-remove-OS-dependencies
Doorman: remove final dependencies on OS.
2017-12-14 10:51:23 +00:00
Michal Kit
f3253b4644 Adding comment to test 2017-12-14 10:48:38 +00:00
Tommy Lillehagen
4ad7b2325e ENT-1249 - Downgrade to Artemis 2.2 to protect against rouge connections causing OOM 2017-12-14 09:47:57 +00:00
Shams Asari
d5f8258bd1 Updated the changelog to incorporate the new network map design as one story. 2017-12-13 20:37:54 +00:00
josecoll
c9bcacd4b4 Remove final dependencies on OS. 2017-12-13 18:39:00 +00:00
Shams Asari
e781d816a8 Removed remaining uses of KRYO_P2P_CONTEXT 2017-12-13 18:24:05 +00:00
Maksymilian Pawlak
7cfe7f2a78
Windows space in path escape (#2246) 2017-12-13 18:21:00 +00:00
Joel Dudley
1b49c50c8e
Clarifies that only the first two tutorials are related and form a sequence. 2017-12-13 17:46:31 +00:00
Tommy Lillehagen
83d6a248a8
ENT-970 - SGX remote attestation host (#173)
* ENT-970 - SGX remote attestation host
 * Remote attestation enclave
 * Client for the remote attestation host
    * Communicates with ISV / RA server, which in turn communicates with
      the Intel Attestation Service
    * Native library bridging the client code running on the JVM with
      the native bits controlling and communicating with the enclave

* ENT-970 - Address comments from code review
* ENT-970 - More updates addressing review comments
* ENT-970 - Integrate with root Gradle project for SGX
2017-12-13 17:45:33 +00:00
Joel Dudley
f9f476b4f3
Moves upgrade notes to be more visible. 2017-12-13 17:41:34 +00:00
igor nitto
5720697b0d
[CORDA-827] Improved unit tests coverage and documentation (#2229)
* Extend unit test on RPCSecurityManager
* Fix corner cases in permission parsing and bug in tryAuthenticate
* Rework docsite page
* Add missing ChangeLog entry
2017-12-13 17:09:09 +00:00
Joel Dudley
929341e7ee
Updates tutorials (general fixes, link to solutions repos)
* Updates tutorial to make imports to be added clearer, and to reflect new repo structure.
* Adds links to the solution repos for tut 1.
* Further fixes based on dry-run.
2017-12-13 16:22:40 +00:00
Andrzej Cichocki
d1ea881aef
Inline testNodeConfiguration. (#2238) 2017-12-13 16:18:42 +00:00
josecoll
65ccd2318f
Merge pull request #182 from corda/colljos-os-hc02-merge-121217
OS -> Enterprise merge for HC02
2017-12-13 15:06:40 +00:00
Rick Parker
8bb02c63f0
ENT-1161 Notary load testing flow (#175) 2017-12-13 14:34:01 +00:00
josecoll
24f4c80176 Final final renaming of Integration test that got away. 2017-12-13 13:47:30 +00:00
josecoll
bc56a60d4a Final renaming of invalid constants in Integration tests following rebase from OS master. 2017-12-13 13:10:04 +00:00
josecoll
4e42fff7d4 Fix broken integration test following rebase from OS master (mostly test utils identity constant redefinitions / renaming) 2017-12-13 12:34:06 +00:00
Ross Nicoll
e309095ad4
Add sanity check that unlimited strength policy is installed (#183)
* Add sanity check that unlimited strength policy is installed
* Add HSM keys to ignore list
2017-12-13 11:21:22 +00:00
josecoll
d1998b2c94 Merge remote-tracking branch 'open-hc02/master' into colljos-os-hc02-merge-121217 2017-12-13 11:02:58 +00:00
Alberto Arri
2f610c2361
add noise (#2237) 2017-12-13 10:46:30 +00:00
josecoll
6507f51659 Merge branch 'master' into colljos-os-hc02-merge-121217 2017-12-13 10:43:01 +00:00
josecoll
806ae05781 Fix broken integration test following rebase from OS/ENT master. 2017-12-13 10:31:38 +00:00
Viktor Kolomeyko
4aa2a8ea18
ENT-1240: Only add IOUView when applicable. (#189) 2017-12-13 10:30:26 +00:00
Ross Nicoll
a5ca027d54
Clean up HSM launch (#177)
* Add basedir to HSM configuration
* Add run instructions to the Readme.md
* Correct help messsage display for HSM Doorman
2017-12-13 09:54:34 +00:00
josecoll
f357898e7a Fix compilation error following merge from ENT master 2017-12-13 09:28:54 +00:00
josecoll
1683347431
Clone of equivalent design directory from Enterprise repo. (#2120) 2017-12-13 08:41:43 +00:00
Andrzej Cichocki
d6df251e36
Bypass needless lookup. (#2236) 2017-12-12 21:51:32 +00:00
Konstantinos Chalkias
b58e2b89cd
TLS supports K1 and mixed K1-R1-RSA (#2216) 2017-12-12 20:08:57 +00:00
Andrzej Cichocki
c3b9955344
CORDA-716 Fix split packages in testing (#2232) 2017-12-12 19:37:01 +00:00
josecoll
2842205c30 Fix compilation error following merge from ENT master 2017-12-12 18:21:35 +00:00
Andrzej Cichocki
905c8252a6
CORDA-654 Remaining key constants (#2226) 2017-12-12 18:03:06 +00:00
josecoll
c72b33841b Merge branch 'master' into colljos-os-hc02-merge-121217 2017-12-12 17:42:21 +00:00
Ross Nicoll
96d8ec9640
Dynamically add BouncyCastle provider (#185) 2017-12-12 17:07:35 +00:00
Ross Nicoll
42782f8890
ENT-1151: Rework unicode block validation rules (#2125)
* Redo legal name validation rules so that direction change chars are rejected
* Split name validation into minimal rules that all nodes can require, plus extended rules that the Doorman will apply (and we may need to change, without updating the entire network).
* Break down name validation rule sets to better match expectations
* Add test for nulls in Corda names
2017-12-12 16:52:14 +00:00
josecoll
60b8be5df8 Removed 'perftestcordapp' due to continuous OS merge breakages. 2017-12-12 16:19:36 +00:00
josecoll
898ce8c0aa Removed non-existent import following merge from OS. 2017-12-12 16:09:32 +00:00
Andrzej Cichocki
08bbf9061e
Introduce TestIdentity. (#2217) 2017-12-12 15:52:05 +00:00
josecoll
fe2b76ffd5 Moved "TODO:fix me" comment as per Shams request. 2017-12-12 15:19:02 +00:00
josecoll
2c57165002 Fixed Doorman TEST dependencies and compilation errors following rebase from OS.
Commented out 3 test which require re-coding.
2017-12-12 15:07:58 +00:00
josecoll
7eabee1241 Fixed Doorman dependencies and compilation errors following rebase from OS. 2017-12-12 14:20:59 +00:00
Maksymilian Pawlak
537e304536
IRS demo permissions fix (#2231) 2017-12-12 13:56:12 +00:00
Chris Rankin
2725f53ef5
ENT-1074 - Proof-of-concept ISV for SGX remote attestation (#161)
* Initial WIP.
* Configure IAS host via system properties.
* Create separate Gretty configurations for testing and for IAS.
* (WIP) Separate configuration values from WAR; Add msg3 -> msg4 handling.
* Check the IAS report's cryptographic signature.
* Accept CertPath from IAS instead of a Certificate.
* Validate the certificate chain for the IAS report.
* Refactor response handling, and add a secret to Message4.
* Append public DH keys to generated shared secret.
* Use DH secret to generate a 256 bit AES key.
* Fix runISV Gradle task so that it creates WAR file.
* Migrate MockIAS service into a separate package.
* Remove unused aesCMAC field from Message3.
* Configure HTTP sessions to expire after 10 idle minutes.
* Ensure we select the "isv" key for MTLS with Intel Attestation Service.
* Set key alias for Intel's public certificate.
* Implement GET /attest/provision endpoint.
* Use elliptic curves for Diffie-Hellman keys.
* Pass public keys as Little Endian byte arrays without ASN.1 encoding.
* Add AES-CMAC signature to Message2.
* Remove signature fields from QUOTE body for sending to IAS.
* Add a dummy AES-CMAC field to Message3 for later validation.
* Generate AEC-CMAC for Message 3, and refactor crypto functionality.
* Calculate AES-CMAC using AES/CBC/PKCS5Padding algorithm.
* Use BouncyCastle's AESCMAC algorithm for MAC calculation.
* Include standard crypto test vectors to the unit tests.
* Encrypt MSG3 secret using AES/GCM/NoPadding with 128 bit key.
* Hash shared key with Little Endian versions of public keys.
* Refactor so that hexToBytes() is a utility.
* Simplify signing of MocKIAS report.
* Separate AES/GCM authentication tag from the encrypted data.
* Create /ias/report endpoint for ISV which proxies IAS.
* Remove unnecessary @Throws from MockIAS handlers.
* Log HTTP error status from IAS.
* Replace runISV task with startISV and stopISV tasks.
* Refactor tests to use CryptoProvider @Rule instead of @Suite.
* Move Web server for integration tests to use non-production ports.
* Add proxy endpoint for IAS revocation list.
* Generate an ECDSA "service key" for signing (gb|ga).
* Generate a persistent key-pair for the ISV to sign with.
* Verify the (Gb|Ga) signature from Message2.
* Add debugging aids.
* Fix Gradle warning.
* Remove TLV header from Platform Info Body for MSG4.
* Small tidy-up.
* Use SPID "as-is" when calculating CMAC for MSG2.
* Add DEBUG messages for MSG2's KDK and SMK values (AES-CMAC).
* Add DEBUG logging for ECDH shared secret.
* More DEBUG logging.
* The ECDH shared secret *is* the x-coordinate: no need to subrange.
* Adjust MockIAS to return an empty revocationList for GID 0000000b.
* Fix ArrayOutOfBoundsException for "small" integer values.
* Test MSG1 with empty revocation list.
* Add extra logging for IAS report request.
* ReportResponse object cannot be null.
* Fix misreading of spec - don't remove quote's signature when requesting report from IAS.
* Log invalid contents of X-IAS-Report-Signing-Certificate HTTP header.
* Build CertPath for IAS from explicit list of Certificates.
* Rename quote fields on IAS ReportResponse to match Intel.
* Log report ID and quote status from IAS.
* Add a revocation list checker to the certificate path validator.
* Tweak revocation list options, depending on IAS vs MockIAS.
* Extract Intel's certificate specifically by alias for PKIX.
* Tune quote body returned by MockIAS.
* Add AES-CMAC field to Message4 for validation.
* Increase GCM authentication tag to 128 bits.
* Receive platformInfoBlob from IAS as hexadecimal string.
* Generate secret encryption key using KDK and SK values.
* Marshall platformInfoBlob between Base16 string and ByteArray.
* Interpret status results from IAS as enums.
* Use lateinit for HttpServletRequest field.
* Refactor ExceptionHandler out of messages package.
* Alias is for ISV, so rename it.
* Refactor classes into more correct packages.
* Use random 96 bit IV for GCM encryption.
* Parameterise HTTP/HTTPS ports via Gradle.
* Do not forward a securityManifest containing only zeros to IAS.
* Address review comments.
* Review comment: Use NativePRNGNonBlocking for SecureRandom.
* Rename isv.pfx to isv-svc.pfx
* Rename keystore to isv.pfx, for clarity.
* Update scripts so that they no longer require user input.
* Generate isv.pfx from the key and certificates.
* Remove private key from repository.
* Declare an empty PSE Manifest to be invalid.
* Generate keystores "on the fly".
* Rename integration tests to end in "IT" instead of "Test".
* Add README
* Turn remote-attestation into a separate Gradle project.
2017-12-12 13:34:26 +00:00
Tommy Lillehagen
76728954de
Merge pull request #2230 from corda/tlil/ENT-1237/fix-irs-demo-web
ENT-1237 Fix run script for IRS Demo web apps
2017-12-12 12:41:08 +00:00