Skip to content

Commit

Permalink
feat(MemberIdBundle): Expose verify() method (#61)
Browse files Browse the repository at this point in the history
So we can use it in relaycorp/letro-android#43
  • Loading branch information
gnarea authored Sep 18, 2023
1 parent 944de30 commit f9a137a
Show file tree
Hide file tree
Showing 4 changed files with 20 additions and 21 deletions.
2 changes: 1 addition & 1 deletion src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ public class SignatureBundle internal constructor(
}

return try {
memberIdBundle.verify(ASN1ObjectIdentifier(serviceOid), signaturePeriodIntersection)
memberIdBundle.verify(serviceOid, signaturePeriodIntersection)
} catch (exc: PkiException) {
throw SignatureException("Member id bundle is invalid", exc)
}
Expand Down
4 changes: 2 additions & 2 deletions src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public class MemberIdBundle(
)

@Throws(PkiException::class)
internal suspend fun verify(service: ASN1ObjectIdentifier, datePeriod: DatePeriod): Member {
public suspend fun verify(serviceOid: String, datePeriod: DatePeriod): Member {
try {
memberCertificate.getCertificationPath(emptyList(), listOf(orgCertificate))
} catch (exc: CertificateException) {
Expand All @@ -63,7 +63,7 @@ public class MemberIdBundle(
try {
dnssecChain.verify(
orgCertificate.subjectPublicKey.orgKeySpec,
service,
ASN1ObjectIdentifier(serviceOid),
verificationPeriod,
)
} catch (exc: DnsException) {
Expand Down
5 changes: 2 additions & 3 deletions src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,6 @@ import io.kotest.matchers.types.beInstanceOf
import io.kotest.matchers.types.instanceOf
import kotlinx.coroutines.test.runTest
import org.bouncycastle.asn1.ASN1Integer
import org.bouncycastle.asn1.ASN1ObjectIdentifier
import org.bouncycastle.asn1.ASN1Sequence
import org.bouncycastle.asn1.ASN1TaggedObject
import org.bouncycastle.asn1.DERNull
Expand Down Expand Up @@ -676,10 +675,10 @@ class SignatureBundleTest {

bundle.verify(plaintext, SERVICE_OID.id)

argumentCaptor<ASN1ObjectIdentifier>().apply {
argumentCaptor<String>().apply {
verify(mockMemberIdBundle).verify(capture(), any())

firstValue shouldBe SERVICE_OID
firstValue shouldBe SERVICE_OID.id
}
}
}
Expand Down
30 changes: 15 additions & 15 deletions src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ class MemberIdBundleTest {
val bundle = MemberIdBundle(dnssecChain, otherOrgCert, MEMBER_CERT)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)
}

exception.message shouldBe "Member certificate was not issued by organisation"
Expand All @@ -217,7 +217,7 @@ class MemberIdBundleTest {
val period = start..start.plusSeconds(1)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, period)
bundle.verify(SERVICE_OID.id, period)
}

exception.message shouldBe
Expand All @@ -236,7 +236,7 @@ class MemberIdBundleTest {
val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)
}

exception.message shouldBe errorMessage
Expand All @@ -248,7 +248,7 @@ class MemberIdBundleTest {
val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)
}

exception.message shouldBe errorMessage
Expand All @@ -260,7 +260,7 @@ class MemberIdBundleTest {
val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)
}

exception.message shouldBe errorMessage
Expand All @@ -272,7 +272,7 @@ class MemberIdBundleTest {
val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)
}

exception.message shouldBe errorMessage
Expand All @@ -298,7 +298,7 @@ class MemberIdBundleTest {
val chainSpy = mockChain()
val bundle = MemberIdBundle(chainSpy, ORG_CERT, MEMBER_CERT)

bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)

verify(chainSpy).verify(any(), eq(SERVICE_OID), any())
}
Expand All @@ -308,7 +308,7 @@ class MemberIdBundleTest {
val chainSpy = mockChain()
val bundle = MemberIdBundle(chainSpy, ORG_CERT, MEMBER_CERT)

bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)

verify(chainSpy).verify(eq(ORG_KEY_PAIR.public.orgKeySpec), any(), any())
}
Expand All @@ -329,7 +329,7 @@ class MemberIdBundleTest {
val verificationStart = memberCert.validityPeriod.start.minusSeconds(1)
val verificationEnd = ORG_CERT.validityPeriod.endInclusive.minusSeconds(1)

bundle.verify(SERVICE_OID, verificationStart..verificationEnd)
bundle.verify(SERVICE_OID.id, verificationStart..verificationEnd)

verify(chainSpy).verify(any(), any(), eq(memberCertStart..verificationEnd))
}
Expand All @@ -341,7 +341,7 @@ class MemberIdBundleTest {

val exception = shouldThrow<PkiException> {
bundle.verify(
SERVICE_OID,
SERVICE_OID.id,
ORG_CERT.validityPeriod,
)
}
Expand All @@ -356,7 +356,7 @@ class MemberIdBundleTest {
val bundle = MemberIdBundle(mockChain(originalException), ORG_CERT, MEMBER_CERT)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)
}

exception.message shouldBe "DNS/DNSSEC resolution failed"
Expand All @@ -369,7 +369,7 @@ class MemberIdBundleTest {
val bundle = MemberIdBundle(mockChain(originalException), ORG_CERT, MEMBER_CERT)

val exception = shouldThrow<PkiException> {
bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)
}

exception.message shouldBe "VeraId DNSSEC chain verification failed"
Expand All @@ -383,7 +383,7 @@ class MemberIdBundleTest {
fun `Organisation name should be output`() = runTest {
val bundle = MemberIdBundle(mockChain(), ORG_CERT, MEMBER_CERT)

val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)

member.orgName shouldBe ORG_NAME
}
Expand All @@ -392,7 +392,7 @@ class MemberIdBundleTest {
fun `User name should be output if member is a user`() = runTest {
val bundle = MemberIdBundle(mockChain(), ORG_CERT, MEMBER_CERT)

val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)

member.userName shouldBe USER_NAME
}
Expand All @@ -409,7 +409,7 @@ class MemberIdBundleTest {
)
val bundle = MemberIdBundle(mockChain(), ORG_CERT, botCert)

val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod)
val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod)

member.userName shouldBe null
}
Expand Down

0 comments on commit f9a137a

Please sign in to comment.