From c4aeb8fb09c1940d208566a0fd97a775b9ea96c2 Mon Sep 17 00:00:00 2001 From: Gus Narea Date: Mon, 18 Sep 2023 17:54:20 +0100 Subject: [PATCH] feat(MemberIdBundle): Expose `verify()` method --- .../tech/relaycorp/veraid/SignatureBundle.kt | 2 +- .../relaycorp/veraid/pki/MemberIdBundle.kt | 4 +-- .../relaycorp/veraid/SignatureBundleTest.kt | 5 ++-- .../veraid/pki/MemberIdBundleTest.kt | 30 +++++++++---------- 4 files changed, 20 insertions(+), 21 deletions(-) diff --git a/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt b/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt index 2449362..9cb70f5 100644 --- a/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt +++ b/src/main/kotlin/tech/relaycorp/veraid/SignatureBundle.kt @@ -91,7 +91,7 @@ public class SignatureBundle internal constructor( } return try { - memberIdBundle.verify(ASN1ObjectIdentifier(serviceOid), signaturePeriodIntersection) + memberIdBundle.verify(serviceOid, signaturePeriodIntersection) } catch (exc: PkiException) { throw SignatureException("Member id bundle is invalid", exc) } diff --git a/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt b/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt index a01bd8f..36163fb 100644 --- a/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt +++ b/src/main/kotlin/tech/relaycorp/veraid/pki/MemberIdBundle.kt @@ -37,7 +37,7 @@ public class MemberIdBundle( ) @Throws(PkiException::class) - internal suspend fun verify(service: ASN1ObjectIdentifier, datePeriod: DatePeriod): Member { + public suspend fun verify(serviceOid: String, datePeriod: DatePeriod): Member { try { memberCertificate.getCertificationPath(emptyList(), listOf(orgCertificate)) } catch (exc: CertificateException) { @@ -63,7 +63,7 @@ public class MemberIdBundle( try { dnssecChain.verify( orgCertificate.subjectPublicKey.orgKeySpec, - service, + ASN1ObjectIdentifier(serviceOid), verificationPeriod, ) } catch (exc: DnsException) { diff --git a/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt b/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt index 5768329..99dfe81 100644 --- a/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt +++ b/src/test/kotlin/tech/relaycorp/veraid/SignatureBundleTest.kt @@ -15,7 +15,6 @@ import io.kotest.matchers.types.beInstanceOf import io.kotest.matchers.types.instanceOf import kotlinx.coroutines.test.runTest import org.bouncycastle.asn1.ASN1Integer -import org.bouncycastle.asn1.ASN1ObjectIdentifier import org.bouncycastle.asn1.ASN1Sequence import org.bouncycastle.asn1.ASN1TaggedObject import org.bouncycastle.asn1.DERNull @@ -676,10 +675,10 @@ class SignatureBundleTest { bundle.verify(plaintext, SERVICE_OID.id) - argumentCaptor().apply { + argumentCaptor().apply { verify(mockMemberIdBundle).verify(capture(), any()) - firstValue shouldBe SERVICE_OID + firstValue shouldBe SERVICE_OID.id } } } diff --git a/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt b/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt index 2e90b89..ba634e6 100644 --- a/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt +++ b/src/test/kotlin/tech/relaycorp/veraid/pki/MemberIdBundleTest.kt @@ -202,7 +202,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, otherOrgCert, MEMBER_CERT) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe "Member certificate was not issued by organisation" @@ -216,7 +216,7 @@ class MemberIdBundleTest { val period = start..start.plusSeconds(1) val exception = shouldThrow { - bundle.verify(SERVICE_OID, period) + bundle.verify(SERVICE_OID.id, period) } exception.message shouldBe @@ -235,7 +235,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -247,7 +247,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -259,7 +259,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -271,7 +271,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(dnssecChain, ORG_CERT, memberCert) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe errorMessage @@ -297,7 +297,7 @@ class MemberIdBundleTest { val chainSpy = mockChain() val bundle = MemberIdBundle(chainSpy, ORG_CERT, MEMBER_CERT) - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) verify(chainSpy).verify(any(), eq(SERVICE_OID), any()) } @@ -307,7 +307,7 @@ class MemberIdBundleTest { val chainSpy = mockChain() val bundle = MemberIdBundle(chainSpy, ORG_CERT, MEMBER_CERT) - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) verify(chainSpy).verify(eq(ORG_KEY_PAIR.public.orgKeySpec), any(), any()) } @@ -328,7 +328,7 @@ class MemberIdBundleTest { val verificationStart = memberCert.validityPeriod.start.minusSeconds(1) val verificationEnd = ORG_CERT.validityPeriod.endInclusive.minusSeconds(1) - bundle.verify(SERVICE_OID, verificationStart..verificationEnd) + bundle.verify(SERVICE_OID.id, verificationStart..verificationEnd) verify(chainSpy).verify(any(), any(), eq(memberCertStart..verificationEnd)) } @@ -340,7 +340,7 @@ class MemberIdBundleTest { val exception = shouldThrow { bundle.verify( - SERVICE_OID, + SERVICE_OID.id, ORG_CERT.validityPeriod, ) } @@ -355,7 +355,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(mockChain(originalException), ORG_CERT, MEMBER_CERT) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe "DNS/DNSSEC resolution failed" @@ -368,7 +368,7 @@ class MemberIdBundleTest { val bundle = MemberIdBundle(mockChain(originalException), ORG_CERT, MEMBER_CERT) val exception = shouldThrow { - bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) } exception.message shouldBe "VeraId DNSSEC chain verification failed" @@ -382,7 +382,7 @@ class MemberIdBundleTest { fun `Organisation name should be output`() = runTest { val bundle = MemberIdBundle(mockChain(), ORG_CERT, MEMBER_CERT) - val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) member.orgName shouldBe ORG_NAME } @@ -391,7 +391,7 @@ class MemberIdBundleTest { fun `User name should be output if member is a user`() = runTest { val bundle = MemberIdBundle(mockChain(), ORG_CERT, MEMBER_CERT) - val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) member.userName shouldBe USER_NAME } @@ -408,7 +408,7 @@ class MemberIdBundleTest { ) val bundle = MemberIdBundle(mockChain(), ORG_CERT, botCert) - val member = bundle.verify(SERVICE_OID, ORG_CERT.validityPeriod) + val member = bundle.verify(SERVICE_OID.id, ORG_CERT.validityPeriod) member.userName shouldBe null }