diff --git a/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt b/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt index 2449362..9cb70f5 100644 --- a/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt +++ b/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt @@ -91,7 +91,7 @@ public class SignatureBundle internal constructor( } return try { - memberIdBundle.verify(ASN1ObjectIdentifier(serviceOid), signaturePeriodIntersection) + memberIdBundle.verify(serviceOid, signaturePeriodIntersection) } catch (exc: PkiException) { throw SignatureException("Member id bundle is invalid", exc) } diff --git a/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt b/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt index a01bd8f..36163fb 100644 --- a/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt +++ b/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt @@ -37,7 +37,7 @@ public class MemberIdBundle( ) @Throws(PkiException::class) - internal suspend fun verify(service: ASN1ObjectIdentifier, datePeriod: DatePeriod): Member { + public suspend fun verify(serviceOid: String, datePeriod: DatePeriod): Member { try { memberCertificate.getCertificationPath(emptyList(), listOf(orgCertificate)) } catch (exc: CertificateException) { @@ -63,7 +63,7 @@ public class MemberIdBundle( try { dnssecChain.verify( orgCertificate.subjectPublicKey.orgKeySpec, - service, + ASN1ObjectIdentifier(serviceOid), verificationPeriod, ) } catch (exc: DnsException) { diff --git a/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt b/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt index 5768329..99dfe81 100644 --- a/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt +++ b/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt @@ -15,7 +15,6 @@ import io.kotest.matchers.types.beInstanceOf import io.kotest.matchers.types.instanceOf import kotlinx.coroutines.test.runTest import org.bouncycastle.asn1.ASN1Integer -import org.bouncycastle.asn1.ASN1ObjectIdentifier import org.bouncycastle.asn1.ASN1Sequence import org.bouncycastle.asn1.ASN1TaggedObject import org.bouncycastle.asn1.DERNull @@ -676,10 +675,10 @@ class SignatureBundleTest { bundle.verify(plaintext, SERVICE_OID.id) - argumentCaptor().apply { + argumentCaptor().apply { verify(mockMemberIdBundle).verify(capture(), any()) - firstValue shouldBe SERVICE_OID + firstValue shouldBe SERVICE_OID.id } } } diff --git a/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt b/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt index 71877c5..f859773 100644 --- a/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt +++ b/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt @@ -203,7 +203,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, otherOrgCert, MEMBER_CERT) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe "Member certificate was not issued by organisation" @@ -217,7 +217,7 @@ class MemberIdBundleTest { val period = start..start.plusSeconds(1) val exception = shouldThrow { - bundle.verify(SERVICE_OID, period) + bundle.verify(SERVICE_OID.id, period) } exception.message shouldBe @@ -236,7 +236,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -248,7 +248,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -260,7 +260,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -272,7 +272,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -298,7 +298,7 @@ class MemberIdBundleTest { val chainSpy = mockChain() val bundle = MemberIdBundle(chainSpy, ORG_CERT, MEMBER_CERT) - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) verify(chainSpy).verify(any(), eq(SERVICE_OID), any()) } @@ -308,7 +308,7 @@ class MemberIdBundleTest { val chainSpy = mockChain() val bundle = MemberIdBundle(chainSpy, ORG_CERT, MEMBER_CERT) - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) verify(chainSpy).verify(eq(ORG_KEY_PAIR.public.orgKeySpec), any(), any()) } @@ -329,7 +329,7 @@ class MemberIdBundleTest { val verificationStart = memberCert.validityPeriod.start.minusSeconds(1) val verificationEnd = ORG_CERT.validityPeriod.endInclusive.minusSeconds(1) - bundle.verify(SERVICE_OID, verificationStart..verificationEnd) + bundle.verify(SERVICE_OID.id, verificationStart..verificationEnd) verify(chainSpy).verify(any(), any(), eq(memberCertStart..verificationEnd)) } @@ -341,7 +341,7 @@ class MemberIdBundleTest { val exception = shouldThrow { bundle.verify( - SERVICE_OID, + SERVICE_OID.id, ORG_CERT.validityPeriod, ) } @@ -356,7 +356,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(mockChain(originalException), ORG_CERT, MEMBER_CERT) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe "DNS/DNSSEC resolution failed" @@ -369,7 +369,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(mockChain(originalException), ORG_CERT, MEMBER_CERT) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe "VeraId DNSSEC chain verification failed" @@ -383,7 +383,7 @@ class MemberIdBundleTest { fun `Organisation name should be output`() = runTest { val bundle = MemberIdBundle(mockChain(), ORG_CERT, MEMBER_CERT) - val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) member.orgName shouldBe ORG_NAME } @@ -392,7 +392,7 @@ class MemberIdBundleTest { fun `User name should be output if member is a user`() = runTest { val bundle = MemberIdBundle(mockChain(), ORG_CERT, MEMBER_CERT) - val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) member.userName shouldBe USER_NAME } @@ -409,7 +409,7 @@ class MemberIdBundleTest { ) val bundle = MemberIdBundle(mockChain(), ORG_CERT, botCert) - val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) member.userName shouldBe null }