mirror of
https://github.com/corda/corda.git
synced 2024-12-27 08:22:35 +00:00
2725f53ef5
* Initial WIP. * Configure IAS host via system properties. * Create separate Gretty configurations for testing and for IAS. * (WIP) Separate configuration values from WAR; Add msg3 -> msg4 handling. * Check the IAS report's cryptographic signature. * Accept CertPath from IAS instead of a Certificate. * Validate the certificate chain for the IAS report. * Refactor response handling, and add a secret to Message4. * Append public DH keys to generated shared secret. * Use DH secret to generate a 256 bit AES key. * Fix runISV Gradle task so that it creates WAR file. * Migrate MockIAS service into a separate package. * Remove unused aesCMAC field from Message3. * Configure HTTP sessions to expire after 10 idle minutes. * Ensure we select the "isv" key for MTLS with Intel Attestation Service. * Set key alias for Intel's public certificate. * Implement GET /attest/provision endpoint. * Use elliptic curves for Diffie-Hellman keys. * Pass public keys as Little Endian byte arrays without ASN.1 encoding. * Add AES-CMAC signature to Message2. * Remove signature fields from QUOTE body for sending to IAS. * Add a dummy AES-CMAC field to Message3 for later validation. * Generate AEC-CMAC for Message 3, and refactor crypto functionality. * Calculate AES-CMAC using AES/CBC/PKCS5Padding algorithm. * Use BouncyCastle's AESCMAC algorithm for MAC calculation. * Include standard crypto test vectors to the unit tests. * Encrypt MSG3 secret using AES/GCM/NoPadding with 128 bit key. * Hash shared key with Little Endian versions of public keys. * Refactor so that hexToBytes() is a utility. * Simplify signing of MocKIAS report. * Separate AES/GCM authentication tag from the encrypted data. * Create /ias/report endpoint for ISV which proxies IAS. * Remove unnecessary @Throws from MockIAS handlers. * Log HTTP error status from IAS. * Replace runISV task with startISV and stopISV tasks. * Refactor tests to use CryptoProvider @Rule instead of @Suite. * Move Web server for integration tests to use non-production ports. * Add proxy endpoint for IAS revocation list. * Generate an ECDSA "service key" for signing (gb|ga). * Generate a persistent key-pair for the ISV to sign with. * Verify the (Gb|Ga) signature from Message2. * Add debugging aids. * Fix Gradle warning. * Remove TLV header from Platform Info Body for MSG4. * Small tidy-up. * Use SPID "as-is" when calculating CMAC for MSG2. * Add DEBUG messages for MSG2's KDK and SMK values (AES-CMAC). * Add DEBUG logging for ECDH shared secret. * More DEBUG logging. * The ECDH shared secret *is* the x-coordinate: no need to subrange. * Adjust MockIAS to return an empty revocationList for GID 0000000b. * Fix ArrayOutOfBoundsException for "small" integer values. * Test MSG1 with empty revocation list. * Add extra logging for IAS report request. * ReportResponse object cannot be null. * Fix misreading of spec - don't remove quote's signature when requesting report from IAS. * Log invalid contents of X-IAS-Report-Signing-Certificate HTTP header. * Build CertPath for IAS from explicit list of Certificates. * Rename quote fields on IAS ReportResponse to match Intel. * Log report ID and quote status from IAS. * Add a revocation list checker to the certificate path validator. * Tweak revocation list options, depending on IAS vs MockIAS. * Extract Intel's certificate specifically by alias for PKIX. * Tune quote body returned by MockIAS. * Add AES-CMAC field to Message4 for validation. * Increase GCM authentication tag to 128 bits. * Receive platformInfoBlob from IAS as hexadecimal string. * Generate secret encryption key using KDK and SK values. * Marshall platformInfoBlob between Base16 string and ByteArray. * Interpret status results from IAS as enums. * Use lateinit for HttpServletRequest field. * Refactor ExceptionHandler out of messages package. * Alias is for ISV, so rename it. * Refactor classes into more correct packages. * Use random 96 bit IV for GCM encryption. * Parameterise HTTP/HTTPS ports via Gradle. * Do not forward a securityManifest containing only zeros to IAS. * Address review comments. * Review comment: Use NativePRNGNonBlocking for SecureRandom. * Rename isv.pfx to isv-svc.pfx * Rename keystore to isv.pfx, for clarity. * Update scripts so that they no longer require user input. * Generate isv.pfx from the key and certificates. * Remove private key from repository. * Declare an empty PSE Manifest to be invalid. * Generate keystores "on the fly". * Rename integration tests to end in "IT" instead of "Test". * Add README * Turn remote-attestation into a separate Gradle project.
64 lines
1.7 KiB
Groovy
64 lines
1.7 KiB
Groovy
buildscript {
|
|
// For sharing constants between builds
|
|
Properties constants = new Properties()
|
|
file("../../constants.properties").withInputStream { constants.load(it) }
|
|
|
|
ext.kotlin_version = constants.getProperty("kotlinVersion")
|
|
ext.bouncycastle_version = constants.getProperty("bouncycastleVersion")
|
|
ext.resteasy_version = '3.1.4.Final'
|
|
ext.jackson_version = '2.9.2'
|
|
ext.slf4j_version = '1.7.25'
|
|
ext.log4j_version = '2.9.1'
|
|
ext.junit_version = '4.12'
|
|
|
|
repositories {
|
|
mavenLocal()
|
|
mavenCentral()
|
|
jcenter()
|
|
}
|
|
|
|
dependencies {
|
|
classpath "org.jetbrains.kotlin:kotlin-gradle-plugin:$kotlin_version"
|
|
classpath "org.jetbrains.kotlin:kotlin-noarg:$kotlin_version"
|
|
}
|
|
}
|
|
|
|
import org.jetbrains.kotlin.gradle.tasks.KotlinCompile
|
|
|
|
allprojects {
|
|
tasks.withType(KotlinCompile).all {
|
|
kotlinOptions {
|
|
languageVersion = "1.1"
|
|
apiVersion = "1.1"
|
|
jvmTarget = "1.8"
|
|
javaParameters = true // Useful for reflection.
|
|
}
|
|
}
|
|
|
|
tasks.withType(Test) {
|
|
// Prevent the project from creating temporary files outside of the build directory.
|
|
systemProperties['java.io.tmpdir'] = buildDir
|
|
}
|
|
|
|
group 'com.r3.corda.enterprise'
|
|
version '1.0-SNAPSHOT'
|
|
|
|
repositories {
|
|
mavenLocal()
|
|
mavenCentral()
|
|
jcenter()
|
|
}
|
|
|
|
configurations {
|
|
compile {
|
|
// We want to use SLF4J's version of these bindings: jcl-over-slf4j
|
|
// Remove any transitive dependency on Apache's version.
|
|
exclude group: 'commons-logging', module: 'commons-logging'
|
|
}
|
|
}
|
|
}
|
|
|
|
task wrapper(type: Wrapper) {
|
|
gradleVersion = "4.3.1"
|
|
}
|