diff --git a/CHANGES.md b/CHANGES.md index 5ef32ab..b43d9d9 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,8 +1,14 @@ # CHANGES +## Version 1.2.5 - 2023-02-02 +- Removes verification of identity issuing requests when issuing new identity, if required, verify manually first +- Removes verification of issuer when issuing new identity, if required, issuers need to be verified manually first +- Fixes an issue with issuing an identity with the same key as the issuing identity +- Fixes an issue when requesting SELF capability for an identity that is not self-issued + ## Version 1.2.4 - 2022-11-14 - Fixes an issue with the used crypto suite was not attached to an item link -- Fixes an issue with legacy keys and making a public copy +- Fixes an issue with legacy keys and creating a public copy ## Version 1.2.3 - 2022-11-10 - Conforms to DiME data format version 1.002 @@ -81,4 +87,4 @@ ## Version 1.0.0 - 2022-01-24 - Official version 1.0.0 (**Hurray!**) -**Copyright (c) 2022 Shift Everywhere AB. All rights reserved.** \ No newline at end of file +**Copyright (c) 2023 Shift Everywhere AB. All rights reserved.** \ No newline at end of file diff --git a/build.gradle b/build.gradle index c490115..43e593f 100644 --- a/build.gradle +++ b/build.gradle @@ -5,7 +5,7 @@ // entities in a network. // // Released under the MIT licence, see LICENSE for more information. -// Copyright (c) 2022 Shift Everywhere AB. All rights reserved. +// Copyright (c) 2023 Shift Everywhere AB. All rights reserved. // plugins { id 'java-library' @@ -15,7 +15,7 @@ plugins { } group 'io.dimeformat' -version '1.2.4' +version '1.2.5' description 'DiME (Data Integrity Message Envelope). A powerful universal data format that is built for secure, and integrity protected communication between trusted entities in a network using an application-based publik-key infrastructure (APKI).' repositories { @@ -63,7 +63,7 @@ publishing { groupId = 'io.dimeformat' artifactId = 'dime-java-ref' - version = '1.2.4' + version = '1.2.5' from components.java diff --git a/src/main/java/io/dimeformat/IdentityIssuingRequest.java b/src/main/java/io/dimeformat/IdentityIssuingRequest.java index 5275f22..ce06adf 100644 --- a/src/main/java/io/dimeformat/IdentityIssuingRequest.java +++ b/src/main/java/io/dimeformat/IdentityIssuingRequest.java @@ -309,10 +309,6 @@ protected int getMinNbrOfComponents() { private static final int MINIMUM_NBR_COMPONENTS = 3; private Identity issueNewIdentity(String systemName, UUID subjectId, long validFor, Key issuerKey, Identity issuerIdentity, boolean includeChain, IdentityCapability[] allowedCapabilities, IdentityCapability[] requiredCapabilities, String[] ambit, String[] methods) throws IntegrityStateException, CapabilityException, CryptographyException { - IntegrityState state = verify(this.getPublicKey()); - if (!state.isValid()) { - throw new IntegrityStateException(state, "Unable to verify Identity issuing request."); - } boolean isSelfSign = this.getPublicKey().getPublic().equals(issuerKey.getPublic()); if (isSelfSign && issuerIdentity != null) { throw new IllegalArgumentException("Unable to issue new identity since both issuing public key and issued public key is the same."); @@ -336,7 +332,7 @@ private Identity issueNewIdentity(String systemName, UUID subjectId, long validF ambitList, methodList); if (issuerIdentity != null) { - state = issuerIdentity.verifyDates(); + IntegrityState state = issuerIdentity.verifyDates(); if (!state.isValid()) { throw new IntegrityStateException(state, "Unable to verify valid dates of issuer identity."); } diff --git a/src/test/java/io/dimeformat/DimeTest.java b/src/test/java/io/dimeformat/DimeTest.java index dcf859f..dbb2729 100644 --- a/src/test/java/io/dimeformat/DimeTest.java +++ b/src/test/java/io/dimeformat/DimeTest.java @@ -219,7 +219,7 @@ void legacyIdentityImportTest1() { assertTrue(identity.hasCapability(IdentityCapability.GENERIC)); assertTrue(identity.hasCapability(IdentityCapability.IDENTIFY)); assertNotNull(identity.getTrustChain()); - assertEquals(IntegrityState.COMPLETE, identity.verify()); + assertEquals(IntegrityState.FAILED_USED_AFTER_EXPIRED, identity.verify()); } catch (Exception e) { fail("Unexpected exception thrown: " + e); } @@ -371,6 +371,36 @@ void legacySelfIssueTest1() { } } + @Test + void legacyIssueTest1() { + try { + Commons.initializeKeyRing(); + + IdentityCapability[] caps = { IdentityCapability.GENERIC }; + + Key key = Key.generateKey(KeyCapability.SIGN); + key.convertToLegacy(); + Key signKey = Key.generateKey(KeyCapability.SIGN); + key.convertToLegacy(); + IdentityIssuingRequest iir = IdentityIssuingRequest.generateIIR(key); + iir.strip(); + iir.sign(signKey); + + String iirExported = iir.exportToEncoded(); + String keyExported = signKey.exportToEncoded(); + + Key keyToVerify = Item.importFromEncoded(keyExported); + IdentityIssuingRequest iirToIssue = Item.importFromEncoded(iirExported); + IntegrityState state = iirToIssue.verify(keyToVerify); + + Identity issuedIdentity = iirToIssue.issueIdentity(UUID.randomUUID(), Dime.VALID_FOR_1_YEAR, Commons.getIntermediateKey(), Commons.getIntermediateIdentity(), true, caps, caps); + assertNotNull(issuedIdentity); + + } catch (Exception e) { + fail("Unexpected exception thrown: " + e); + } + } + @Test void legacyItemLinkTest1() { try { diff --git a/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java b/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java index 44dd81a..7765120 100644 --- a/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java +++ b/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java @@ -11,7 +11,7 @@ import io.dimeformat.enums.Claim; import io.dimeformat.enums.IdentityCapability; -import io.dimeformat.exceptions.IntegrityStateException; +import io.dimeformat.keyring.IntegrityState; import org.json.JSONObject; import org.junit.jupiter.api.Test; import io.dimeformat.exceptions.CapabilityException; @@ -153,10 +153,8 @@ void issueTest1() { json.put("pub", key2.getPublic()); IdentityIssuingRequest iir2 = Item.importFromEncoded(components[0] + "." + Utility.toBase64(json.toString()) + "." + components[2]); assertNotNull(iir2); - try { - iir2.issueIdentity(UUID.randomUUID(), 100, Commons.getIntermediateKey(), Commons.getIntermediateIdentity(), true, caps, caps); - fail("Exception not thrown."); - } catch (IntegrityStateException e) { /* all is well */ } + assertSame(IntegrityState.FAILED_NOT_TRUSTED, iir2.verify(key1)); + assertSame(IntegrityState.FAILED_KEY_MISMATCH, iir2.verify(key2)); } catch (Exception e) { fail("Unexpected exception thrown: " + e); }