chore(deps): Bump org.jlleitschuh.gradle.ktlint from 11.1.0 to 11.2.0 (…

…#20)

Bumps org.jlleitschuh.gradle.ktlint from 11.1.0 to 11.2.0.


[![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=org.jlleitschuh.gradle.ktlint&package-manager=gradle&previous-version=11.1.0&new-version=11.2.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

.editorconfig

@@ -4,8 +4,9 @@ root = true
 [*]
 max_line_length = 100
 
-[*.kt]
-disabled_rules = import-ordering
+[*.{kt,kts}]
+ij_kotlin_allow_trailing_comma = true
+ij_kotlin_allow_trailing_comma_on_call_site = true
 
 [*.md]
 max_line_length = off

build.gradle

@@ -13,7 +13,7 @@ plugins {
   id("org.jetbrains.kotlin.jvm") version "1.8.10"
   id('java-library')
   id("org.jetbrains.dokka") version "1.7.20"
-  id("org.jlleitschuh.gradle.ktlint") version "11.1.0"
+  id("org.jlleitschuh.gradle.ktlint") version "11.2.0"
   id('jacoco')
   id('idea')
 
@@ -90,7 +90,9 @@ tasks.register('integrationTest', Test) {
 
 check.dependsOn integrationTest
 
-// Documentation
+ktlint {
+    version.set("0.48.2")
+}
 
 dokkaHtml.configure {
   dokkaSourceSets {

src/main/kotlin/tech/relaycorp/veraid/KeyAlgorithm.kt

@@ -3,7 +3,8 @@ package tech.relaycorp.veraid
 internal enum class KeyAlgorithm(val typeId: Int) {
     RSA_2048(1),
     RSA_3072(2),
-    RSA_4096(3);
+    RSA_4096(3),
+    ;
 
     companion object {
         private val valueByTypeId = KeyAlgorithm.values().associateBy(KeyAlgorithm::typeId)

src/main/kotlin/tech/relaycorp/veraid/dns/DnssecChain.kt

@@ -1,10 +1,5 @@
 package tech.relaycorp.veraid.dns
 
-import java.io.ByteArrayInputStream
-import java.nio.charset.Charset
-import java.time.Clock
-import java.time.Instant
-import java.time.ZoneOffset
 import kotlinx.coroutines.future.await
 import org.xbill.DNS.DClass
 import org.xbill.DNS.Flags
@@ -17,17 +12,22 @@ import org.xbill.DNS.Type
 import org.xbill.DNS.dnssec.ValidatingResolver
 import tech.relaycorp.veraid.dns.resolvers.OfflineResolver
 import tech.relaycorp.veraid.dns.resolvers.PersistingResolver
+import java.io.ByteArrayInputStream
+import java.nio.charset.Charset
+import java.time.Clock
+import java.time.Instant
+import java.time.ZoneOffset
 
 internal typealias PersistingResolverInitialiser = (resolverHostName: String) -> PersistingResolver
 internal typealias OnlineResolverInitialiser = (headResolver: Resolver) -> ValidatingResolver
 
 internal typealias OfflineResolverInitialiser =
-    (headResolver: OfflineResolver, clock: Clock) -> ValidatingResolver
+(headResolver: OfflineResolver, clock: Clock) -> ValidatingResolver
 
 internal typealias ChainRetriever = suspend (
     domainName: String,
     recordType: String,
-    resolverHostName: String
+    resolverHostName: String,
 ) -> DnssecChain
 
 /**
@@ -36,7 +36,7 @@ internal typealias ChainRetriever = suspend (
 public open class DnssecChain internal constructor(
     internal val domainName: String,
     internal val recordType: String,
-    internal val responses: List<Message>
+    internal val responses: List<Message>,
 ) {
     @Throws(DnsException::class)
     internal suspend fun verify(instant: Instant) {
@@ -62,7 +62,7 @@ public open class DnssecChain internal constructor(
         suspend fun retrieve(
             domainName: String,
             recordType: String,
-            resolverHostName: String
+            resolverHostName: String,
         ): DnssecChain {
             val persistingResolver = persistingResolverInitialiser(resolverHostName)
             val validatingResolver = onlineResolverInitialiser(persistingResolver)
@@ -73,7 +73,7 @@ public open class DnssecChain internal constructor(
         @Throws(DnsException::class)
         private suspend fun ValidatingResolver.resolve(
             domainName: String,
-            recordType: String
+            recordType: String,
         ) {
             this.loadTrustAnchors(ByteArrayInputStream(DNSSEC_ROOT_DS))
 
@@ -84,7 +84,7 @@ public open class DnssecChain internal constructor(
 
             if (!response.header.getFlag(Flags.AD.toInt())) {
                 throw DnsException(
-                    "DNSSEC verification failed: ${response.dnssecFailureDescription}"
+                    "DNSSEC verification failed: ${response.dnssecFailureDescription}",
                 )
             }
             if (response.header.rcode != Rcode.NOERROR) {

src/main/kotlin/tech/relaycorp/veraid/dns/MessageUtils.kt

@@ -2,7 +2,6 @@
 
 package tech.relaycorp.veraid.dns
 
-import java.time.Instant
 import org.xbill.DNS.Message
 import org.xbill.DNS.Name
 import org.xbill.DNS.RRset
@@ -11,6 +10,7 @@ import org.xbill.DNS.Section
 import org.xbill.DNS.TXTRecord
 import org.xbill.DNS.Type
 import org.xbill.DNS.dnssec.ValidatingResolver
+import java.time.Instant
 
 internal fun Message.getRrset(question: Record, section: Int): RRset? {
     val sectionRrsets = getSectionRRsets(section)

src/main/kotlin/tech/relaycorp/veraid/dns/RrSetUtils.kt

@@ -2,9 +2,9 @@
 
 package tech.relaycorp.veraid.dns
 
-import java.time.Instant
 import org.xbill.DNS.RRset
 import org.xbill.DNS.Record
+import java.time.Instant
 
 internal val RRset.question: Record
     get() = Record.newRecord(name, type, dClass)

src/main/kotlin/tech/relaycorp/veraid/dns/VeraDnssecChain.kt

@@ -1,7 +1,5 @@
 package tech.relaycorp.veraid.dns
 
-import java.time.Instant
-import kotlin.time.toJavaDuration
 import org.bouncycastle.asn1.ASN1EncodableVector
 import org.bouncycastle.asn1.ASN1ObjectIdentifier
 import org.bouncycastle.asn1.ASN1Set
@@ -17,6 +15,8 @@ import org.xbill.DNS.Type
 import org.xbill.DNS.WireParseException
 import tech.relaycorp.veraid.OrganisationKeySpec
 import tech.relaycorp.veraid.utils.intersect
+import java.time.Instant
+import kotlin.time.toJavaDuration
 
 /**
  * Vera DNSSEC chain.
@@ -52,7 +52,7 @@ public class VeraDnssecChain internal constructor(
         val chainValidityPeriod = getChainValidityPeriod()
         val intersectingPeriod =
             verificationPeriod.intersect(chainValidityPeriod) ?: throw InvalidChainException(
-                "Chain validity period does not overlap with required period"
+                "Chain validity period does not overlap with required period",
             )
         super.verify(intersectingPeriod.start)
     }
@@ -64,7 +64,7 @@ public class VeraDnssecChain internal constructor(
             }
             .reduce { acc, period ->
                 acc.intersect(period) ?: throw InvalidChainException(
-                    "Chain contains RRSigs whose validity periods do not overlap"
+                    "Chain contains RRSigs whose validity periods do not overlap",
                 )
             }
         return chainValidityPeriod
@@ -73,7 +73,7 @@ public class VeraDnssecChain internal constructor(
     private fun calculateVerificationPeriod(
         datePeriod: ClosedRange<Instant>,
         orgKeySpec: OrganisationKeySpec,
-        serviceOid: ASN1ObjectIdentifier
+        serviceOid: ASN1ObjectIdentifier,
     ): ClosedRange<Instant> {
         val matchingFields = getRdataFields(orgKeySpec, serviceOid)
         val ttlOverride = matchingFields.ttlOverride
@@ -84,12 +84,12 @@ public class VeraDnssecChain internal constructor(
 
     private fun getRdataFields(
         orgKeySpec: OrganisationKeySpec,
-        serviceOid: ASN1ObjectIdentifier
+        serviceOid: ASN1ObjectIdentifier,
     ): VeraRdataFields {
         val answers = getVeraTxtAnswers()
         val fieldSet = answers.map {
             val rdata = it.strings.singleOrNull() ?: throw InvalidChainException(
-                "Vera TXT answer rdata must contain one string (got ${it.strings.size})"
+                "Vera TXT answer rdata must contain one string (got ${it.strings.size})",
             )
             try {
                 VeraRdataFields.parse(rdata)
@@ -109,7 +109,7 @@ public class VeraDnssecChain internal constructor(
         val wildcardFields = matchingSet.filter { it.service == null }
         if (1 < wildcardFields.size) {
             throw InvalidChainException(
-                "Found multiple Vera records for the same key and no service"
+                "Found multiple Vera records for the same key and no service",
             )
         }
         return concreteFields.singleOrNull() ?: wildcardFields.single()
@@ -131,7 +131,9 @@ public class VeraDnssecChain internal constructor(
         val veraTxtResponse = veraTxtResponses.single()
         val rrset = veraTxtResponse.getRrset(veraRecordQuery, Section.ANSWER)
             ?: throw InvalidChainException("Vera TXT response does not contain an answer")
-        @Suppress("UNCHECKED_CAST") return rrset.rrs() as List<TXTRecord>
+
+        @Suppress("UNCHECKED_CAST")
+        return rrset.rrs() as List<TXTRecord>
     }
 
     public companion object {
@@ -151,7 +153,7 @@ public class VeraDnssecChain internal constructor(
         @Throws(DnsException::class)
         public suspend fun retrieve(
             organisationName: String,
-            resolverHost: String = CLOUDFLARE_RESOLVER
+            resolverHost: String = CLOUDFLARE_RESOLVER,
         ): VeraDnssecChain {
             val organisationNameNormalised = organisationName.trimEnd('.')
             val domainName = "_vera.$organisationNameNormalised."
@@ -164,7 +166,7 @@ public class VeraDnssecChain internal constructor(
             val responses = set.map {
                 if (it !is DEROctetString) {
                     throw InvalidChainException(
-                        "Chain SET contains non-OCTET STRING item ($it)"
+                        "Chain SET contains non-OCTET STRING item ($it)",
                     )
                 }
                 try {

src/main/kotlin/tech/relaycorp/veraid/dns/VeraRdataFields.kt

@@ -1,11 +1,11 @@
 package tech.relaycorp.veraid.dns
 
-import kotlin.time.Duration
-import kotlin.time.Duration.Companion.days
-import kotlin.time.Duration.Companion.seconds
 import org.bouncycastle.asn1.ASN1ObjectIdentifier
 import tech.relaycorp.veraid.KeyAlgorithm
 import tech.relaycorp.veraid.OrganisationKeySpec
+import kotlin.time.Duration
+import kotlin.time.Duration.Companion.days
+import kotlin.time.Duration.Companion.seconds
 
 internal data class VeraRdataFields(
     val orgKeySpec: OrganisationKeySpec,
@@ -30,7 +30,7 @@ internal data class VeraRdataFields(
             if (fieldsOrdered.size < 3) {
                 throw InvalidRdataException(
                     "RDATA should have at least 3 space-separated fields " +
-                        "(got ${fieldsOrdered.size})"
+                        "(got ${fieldsOrdered.size})",
                 )
             }
 
@@ -47,14 +47,15 @@ internal data class VeraRdataFields(
             val ttlOverride = ttlOverrideSeconds.toInt().seconds.coerceAtMost(MAX_TTL)
 
             val serviceOidRaw = fieldsOrdered.getOrNull(3)
-            val serviceOid = if (serviceOidRaw != null)
+            val serviceOid = if (serviceOidRaw != null) {
                 try {
                     ASN1ObjectIdentifier(serviceOidRaw)
                 } catch (exc: IllegalArgumentException) {
                     throw InvalidRdataException("Malformed service OID ($serviceOidRaw)")
                 }
-            else
+            } else {
                 null
+            }
 
             return VeraRdataFields(keySpec, ttlOverride, serviceOid)
         }

src/main/kotlin/tech/relaycorp/veraid/dns/resolvers/OfflineResolver.kt

@@ -1,23 +1,24 @@
 package tech.relaycorp.veraid.dns.resolvers
 
-import java.time.Duration
-import java.util.concurrent.CompletableFuture
-import java.util.concurrent.CompletionStage
-import java.util.concurrent.Executor
 import org.xbill.DNS.EDNSOption
 import org.xbill.DNS.Flags
 import org.xbill.DNS.Message
 import org.xbill.DNS.Rcode
 import org.xbill.DNS.Resolver
 import org.xbill.DNS.TSIG
+import java.time.Duration
+import java.util.concurrent.CompletableFuture
+import java.util.concurrent.CompletionStage
+import java.util.concurrent.Executor
 
 internal class OfflineResolver(val responses: List<Message>) : Resolver {
     override fun sendAsync(query: Message, executor: Executor?): CompletionStage<Message> {
         val question = query.question
-        val matchingResponse = if (question != null)
+        val matchingResponse = if (question != null) {
             responses.firstOrNull { it.question == question }
-        else
+        } else {
             null
+        }
         val response = matchingResponse ?: makeNxdomainResponse(query.header.id)
         return CompletableFuture.completedFuture(response)
     }
@@ -40,7 +41,7 @@ internal class OfflineResolver(val responses: List<Message>) : Resolver {
         version: Int,
         payloadSize: Int,
         flags: Int,
-        options: MutableList<EDNSOption>?
+        options: MutableList<EDNSOption>?,
     ) = Unit
 
     override fun setTSIGKey(key: TSIG?) = throw NotImplementedError()

src/main/kotlin/tech/relaycorp/veraid/pki/Keys.kt

@@ -2,6 +2,7 @@
 
 package tech.relaycorp.veraid.pki
 
+import tech.relaycorp.veraid.utils.BC_PROVIDER
 import java.security.KeyFactory
 import java.security.KeyPair
 import java.security.KeyPairGenerator
@@ -13,7 +14,6 @@ import java.security.spec.InvalidKeySpecException
 import java.security.spec.PKCS8EncodedKeySpec
 import java.security.spec.RSAPublicKeySpec
 import java.security.spec.X509EncodedKeySpec
-import tech.relaycorp.veraid.utils.BC_PROVIDER
 
 private const val DEFAULT_RSA_KEY_MODULUS = 2048
 private const val MIN_RSA_KEY_MODULUS = 2048

src/main/kotlin/tech/relaycorp/veraid/pki/MemberCertificate.kt

@@ -1,10 +1,10 @@
 package tech.relaycorp.veraid.pki
 
+import org.bouncycastle.cert.X509CertificateHolder
+import tech.relaycorp.veraid.utils.x509.Certificate
 import java.security.PrivateKey
 import java.security.PublicKey
 import java.time.ZonedDateTime
-import org.bouncycastle.cert.X509CertificateHolder
-import tech.relaycorp.veraid.utils.x509.Certificate
 
 public class MemberCertificate internal constructor(certificateHolder: X509CertificateHolder) :
     Certificate(certificateHolder) {
@@ -18,7 +18,7 @@ public class MemberCertificate internal constructor(certificateHolder: X509Certi
             orgCertificate: OrgCertificate,
             orgPrivateKey: PrivateKey,
             expiryDate: ZonedDateTime,
-            startDate: ZonedDateTime = ZonedDateTime.now()
+            startDate: ZonedDateTime = ZonedDateTime.now(),
         ): MemberCertificate {
             if (userName != null) {
                 validateUserName(userName)
@@ -31,14 +31,14 @@ public class MemberCertificate internal constructor(certificateHolder: X509Certi
                     expiryDate,
                     orgCertificate,
                     validityStartDate = startDate,
-                ).certificateHolder
+                ).certificateHolder,
             )
         }
 
         private fun validateUserName(userName: String) {
             if (FORBIDDEN_USER_NAME_CHARS_REGEX.containsMatchIn(userName)) {
                 throw PKIException(
-                    "User name should not contain at signs or whitespace other than simple spaces"
+                    "User name should not contain at signs or whitespace other than simple spaces",
                 )
             }
         }

src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt

@@ -7,14 +7,14 @@ import tech.relaycorp.veraid.utils.asn1.ASN1Utils
 public class MemberIdBundle(
     private val dnssecChain: VeraDnssecChain,
     private val orgCertificate: OrgCertificate,
-    private val memberCertificate: MemberCertificate
+    private val memberCertificate: MemberCertificate,
 ) {
     public fun serialise(): ByteArray = ASN1Utils.serializeSequence(
         listOf(
             ASN1Integer(0),
             dnssecChain.encode(),
             orgCertificate.encode(),
-            memberCertificate.encode()
+            memberCertificate.encode(),
         ),
         false,
     )