relaycorp · kodiakhq · Dec 18, 2023 · Dec 17, 2023 · Dec 17, 2023 · Dec 18, 2023
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -16,7 +16,7 @@ plugins {
 
     id("org.jetbrains.dokka") version "1.9.10"
 
-    id("org.jlleitschuh.gradle.ktlint") version "11.6.1"
+    id("org.jlleitschuh.gradle.ktlint") version "12.0.3"
 
     jacoco
 
@@ -106,9 +106,10 @@ tasks.withType<KotlinCompile>().configureEach {
     kotlinOptions {
         jvmTarget = JavaVersion.VERSION_17.toString()
         allWarningsAsErrors = true
-        freeCompilerArgs = freeCompilerArgs + arrayOf(
-            "-opt-in=kotlin.RequiresOptIn"
-        )
+        freeCompilerArgs = freeCompilerArgs +
+            arrayOf(
+                "-opt-in=kotlin.RequiresOptIn",
+            )
     }
 }
 
@@ -175,7 +176,7 @@ nexusPublishing {
         sonatype {
             nexusUrl.set(uri("https://s01.oss.sonatype.org/service/local/"))
             snapshotRepositoryUrl.set(
-                uri("https://s01.oss.sonatype.org/content/repositories/snapshots/")
+                uri("https://s01.oss.sonatype.org/content/repositories/snapshots/"),
             )
             username.set(System.getenv("MAVEN_USERNAME"))
             password.set(System.getenv("MAVEN_PASSWORD"))
@@ -187,5 +188,5 @@ tasks.publish {
 }
 
 configure<org.jlleitschuh.gradle.ktlint.KtlintExtension> {
-    version.set("0.42.1")
+    version.set("1.0.1")
 }
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/CryptoAlgorithms.kt b/src/main/kotlin/tech/relaycorp/relaynet/CryptoAlgorithms.kt
@@ -15,7 +15,7 @@ package tech.relaycorp.relaynet
 enum class HashingAlgorithm {
     SHA256,
     SHA384,
-    SHA512
+    SHA512,
 }
 
 /**
@@ -24,7 +24,7 @@ enum class HashingAlgorithm {
 enum class SymmetricCipher {
     AES_128,
     AES_192,
-    AES_256
+    AES_256,
 }
 
 /**

diff --git a/src/main/kotlin/tech/relaycorp/relaynet/NodeConnectionParams.kt b/src/main/kotlin/tech/relaycorp/relaynet/NodeConnectionParams.kt
@@ -15,86 +15,91 @@ import tech.relaycorp.relaynet.wrappers.deserializeRSAPublicKey
 class NodeConnectionParams(
     val internetAddress: String,
     val identityKey: PublicKey,
-    val sessionKey: SessionKey
+    val sessionKey: SessionKey,
 ) {
     fun serialize(): ByteArray {
-        val sessionKeyASN1 = ASN1Utils.makeSequence(
-            listOf(
-                DEROctetString(sessionKey.keyId),
-                DEROctetString(sessionKey.publicKey.encoded)
-            ),
-            false
-        )
+        val sessionKeyASN1 =
+            ASN1Utils.makeSequence(
+                listOf(
+                    DEROctetString(sessionKey.keyId),
+                    DEROctetString(sessionKey.publicKey.encoded),
+                ),
+                false,
+            )
         return ASN1Utils.serializeSequence(
             listOf(
                 DERVisibleString(internetAddress),
                 DEROctetString(identityKey.encoded),
-                sessionKeyASN1
+                sessionKeyASN1,
             ),
-            false
+            false,
         )
     }
 
     companion object {
         @Throws(InvalidNodeConnectionParams::class)
         fun deserialize(serialization: ByteArray): NodeConnectionParams {
-            val sequence = try {
-                ASN1Utils.deserializeHeterogeneousSequence(serialization)
-            } catch (exc: ASN1Exception) {
-                throw InvalidNodeConnectionParams("Serialization is not a DER sequence", exc)
-            }
+            val sequence =
+                try {
+                    ASN1Utils.deserializeHeterogeneousSequence(serialization)
+                } catch (exc: ASN1Exception) {
+                    throw InvalidNodeConnectionParams("Serialization is not a DER sequence", exc)
+                }
 
             if (sequence.size < 3) {
                 throw InvalidNodeConnectionParams(
                     "Connection params sequence should have at least 3 items " +
-                        "(got ${sequence.size})"
+                        "(got ${sequence.size})",
                 )
             }
 
             val internetAddress = ASN1Utils.getVisibleString(sequence[0]).string
             if (!DNS.isValidDomainName(internetAddress)) {
                 throw InvalidNodeConnectionParams(
-                    "Internet address is syntactically invalid ($internetAddress)"
+                    "Internet address is syntactically invalid ($internetAddress)",
                 )
             }
 
             val identityKeyASN1 = ASN1Utils.getOctetString(sequence[1])
-            val identityKey = try {
-                identityKeyASN1.octets.deserializeRSAPublicKey()
-            } catch (exc: KeyException) {
-                throw InvalidNodeConnectionParams(
-                    "Identity key is not a valid RSA public key",
-                    exc
-                )
-            }
+            val identityKey =
+                try {
+                    identityKeyASN1.octets.deserializeRSAPublicKey()
+                } catch (exc: KeyException) {
+                    throw InvalidNodeConnectionParams(
+                        "Identity key is not a valid RSA public key",
+                        exc,
+                    )
+                }
 
             val sessionKeySequence = DERSequence.getInstance(sequence[2], false)
             if (sessionKeySequence.size() < 2) {
                 throw InvalidNodeConnectionParams(
                     "Session key sequence should have at least 2 items " +
-                        "(got ${sessionKeySequence.size()})"
+                        "(got ${sessionKeySequence.size()})",
                 )
             }
 
-            val sessionKeyId = ASN1Utils.getOctetString(
-                sessionKeySequence.getObjectAt(0) as ASN1TaggedObject,
-            ).octets
+            val sessionKeyId =
+                ASN1Utils.getOctetString(
+                    sessionKeySequence.getObjectAt(0) as ASN1TaggedObject,
+                ).octets
 
             val sessionPublicKeyASN1 =
                 ASN1Utils.getOctetString(sessionKeySequence.getObjectAt(1) as ASN1TaggedObject)
-            val sessionPublicKey = try {
-                sessionPublicKeyASN1.octets.deserializeECPublicKey()
-            } catch (exc: KeyException) {
-                throw InvalidNodeConnectionParams(
-                    "Session key is not a valid EC public key",
-                    exc
-                )
-            }
+            val sessionPublicKey =
+                try {
+                    sessionPublicKeyASN1.octets.deserializeECPublicKey()
+                } catch (exc: KeyException) {
+                    throw InvalidNodeConnectionParams(
+                        "Session key is not a valid EC public key",
+                        exc,
+                    )
+                }
 
             return NodeConnectionParams(
                 internetAddress,
                 identityKey,
-                SessionKey(sessionKeyId, sessionPublicKey)
+                SessionKey(sessionKeyId, sessionPublicKey),
             )
         }
     }

diff --git a/...ain/kotlin/tech/relaycorp/relaynet/pki.kt → ...ain/kotlin/tech/relaycorp/relaynet/Pki.kt b/...ain/kotlin/tech/relaycorp/relaynet/pki.kt → ...ain/kotlin/tech/relaycorp/relaynet/Pki.kt
@@ -22,7 +22,7 @@ fun issueGatewayCertificate(
     issuerPrivateKey: PrivateKey,
     validityEndDate: ZonedDateTime,
     issuerCertificate: Certificate? = null,
-    validityStartDate: ZonedDateTime = ZonedDateTime.now()
+    validityStartDate: ZonedDateTime = ZonedDateTime.now(),
 ): Certificate {
     val isSelfIssued = issuerCertificate == null
     return Certificate.issue(
@@ -33,7 +33,7 @@ fun issueGatewayCertificate(
         issuerCertificate,
         true,
         if (isSelfIssued) 2 else 1,
-        validityStartDate
+        validityStartDate,
     )
 }
 
@@ -51,7 +51,7 @@ fun issueEndpointCertificate(
     issuerPrivateKey: PrivateKey,
     validityEndDate: ZonedDateTime,
     issuerCertificate: Certificate? = null,
-    validityStartDate: ZonedDateTime = ZonedDateTime.now()
+    validityStartDate: ZonedDateTime = ZonedDateTime.now(),
 ): Certificate {
     return Certificate.issue(
         subjectPublicKey.nodeId,
@@ -61,7 +61,7 @@ fun issueEndpointCertificate(
         issuerCertificate,
         true,
         0,
-        validityStartDate
+        validityStartDate,
     )
 }
 
@@ -82,14 +82,15 @@ fun issueDeliveryAuthorization(
     issuerPrivateKey: PrivateKey,
     validityEndDate: ZonedDateTime,
     issuerCertificate: Certificate,
-    validityStartDate: ZonedDateTime = ZonedDateTime.now()
-): Certificate = Certificate.issue(
-    subjectPublicKey.nodeId,
-    subjectPublicKey,
-    issuerPrivateKey,
-    validityEndDate,
-    issuerCertificate,
-    false,
-    0,
-    validityStartDate
-)
+    validityStartDate: ZonedDateTime = ZonedDateTime.now(),
+): Certificate =
+    Certificate.issue(
+        subjectPublicKey.nodeId,
+        subjectPublicKey,
+        issuerPrivateKey,
+        validityEndDate,
+        issuerCertificate,
+        false,
+        0,
+        validityStartDate,
+    )
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/PrivateEndpointConnParams.kt b/src/main/kotlin/tech/relaycorp/relaynet/PrivateEndpointConnParams.kt
@@ -14,64 +14,69 @@ class PrivateEndpointConnParams(
     val identityKey: PublicKey,
     val internetGatewayAddress: String,
     val deliveryAuth: CertificationPath,
-    val sessionKey: SessionKey
+    val sessionKey: SessionKey,
 ) {
-    fun serialize(): ByteArray = ASN1Utils.serializeSequence(
-        listOf(
-            SubjectPublicKeyInfo.getInstance(identityKey.encoded),
-            DERVisibleString(internetGatewayAddress),
-            deliveryAuth.encode(),
-            sessionKey.encode(),
-        ),
-        false
-    )
+    fun serialize(): ByteArray =
+        ASN1Utils.serializeSequence(
+            listOf(
+                SubjectPublicKeyInfo.getInstance(identityKey.encoded),
+                DERVisibleString(internetGatewayAddress),
+                deliveryAuth.encode(),
+                sessionKey.encode(),
+            ),
+            false,
+        )
 
     companion object {
         @Throws(InvalidNodeConnectionParams::class)
         fun deserialize(serialization: ByteArray): PrivateEndpointConnParams {
-            val sequence = try {
-                ASN1Utils.deserializeHeterogeneousSequence(serialization)
-            } catch (exc: ASN1Exception) {
-                throw InvalidNodeConnectionParams("Serialization is not a DER sequence", exc)
-            }
+            val sequence =
+                try {
+                    ASN1Utils.deserializeHeterogeneousSequence(serialization)
+                } catch (exc: ASN1Exception) {
+                    throw InvalidNodeConnectionParams("Serialization is not a DER sequence", exc)
+                }
 
             if (sequence.size < 4) {
                 throw InvalidNodeConnectionParams(
-                    "Connection params should have at least 4 items"
+                    "Connection params should have at least 4 items",
                 )
             }
 
-            val identityKeyInfo = try {
-                SubjectPublicKeyInfo.getInstance(sequence[0], false)
-            } catch (exc: IllegalStateException) {
-                throw InvalidNodeConnectionParams("Invalid identity key", exc)
-            }
+            val identityKeyInfo =
+                try {
+                    SubjectPublicKeyInfo.getInstance(sequence[0], false)
+                } catch (exc: IllegalStateException) {
+                    throw InvalidNodeConnectionParams("Invalid identity key", exc)
+                }
             val identityKey = identityKeyInfo.encoded.deserializeRSAPublicKey()
 
             val internetGatewayAddress = ASN1Utils.getVisibleString(sequence[1]).string
             if (!DNS.isValidDomainName(internetGatewayAddress)) {
                 throw InvalidNodeConnectionParams(
-                    "Internet address is syntactically invalid ($internetGatewayAddress)"
+                    "Internet address is syntactically invalid ($internetGatewayAddress)",
                 )
             }
 
-            val deliveryAuth = try {
-                CertificationPath.decode(sequence[2])
-            } catch (exc: CertificationPathException) {
-                throw InvalidNodeConnectionParams("Invalid delivery auth", exc)
-            }
+            val deliveryAuth =
+                try {
+                    CertificationPath.decode(sequence[2])
+                } catch (exc: CertificationPathException) {
+                    throw InvalidNodeConnectionParams("Invalid delivery auth", exc)
+                }
 
-            val sessionKey = try {
-                SessionKey.decode(sequence[3])
-            } catch (exc: SessionKeyException) {
-                throw InvalidNodeConnectionParams("Invalid session key", exc)
-            }
+            val sessionKey =
+                try {
+                    SessionKey.decode(sequence[3])
+                } catch (exc: SessionKeyException) {
+                    throw InvalidNodeConnectionParams("Invalid session key", exc)
+                }
 
             return PrivateEndpointConnParams(
                 identityKey,
                 internetGatewayAddress,
                 deliveryAuth,
-                sessionKey
+                sessionKey,
             )
         }
     }