From 7c49ccdb297f90425946ea038200f47c1ad0305d Mon Sep 17 00:00:00 2001
From: Niclas Kjellin <niclas@shifteverywhere.com>
Date: Thu, 2 Feb 2023 13:42:46 +0100
Subject: [PATCH] Changes version and updates CHANGES.md

---
 CHANGES.md                                    | 10 ++++--
 build.gradle                                  |  6 ++--
 .../io/dimeformat/IdentityIssuingRequest.java |  6 +---
 src/test/java/io/dimeformat/DimeTest.java     | 32 ++++++++++++++++++-
 .../IdentityIssuingRequestTest.java           |  8 ++---
 5 files changed, 46 insertions(+), 16 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index 5ef32ab..b43d9d9 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,8 +1,14 @@
 # CHANGES
 
+## Version 1.2.5 - 2023-02-02
+- Removes verification of identity issuing requests when issuing new identity, if required, verify manually first
+- Removes verification of issuer when issuing new identity, if required, issuers need to be verified manually first
+- Fixes an issue with issuing an identity with the same key as the issuing identity
+- Fixes an issue when requesting SELF capability for an identity that is not self-issued
+
 ## Version 1.2.4 - 2022-11-14
 - Fixes an issue with the used crypto suite was not attached to an item link
-- Fixes an issue with legacy keys and making a public copy
+- Fixes an issue with legacy keys and creating a public copy
 
 ## Version 1.2.3 - 2022-11-10
 - Conforms to DiME data format version 1.002
@@ -81,4 +87,4 @@
 ## Version 1.0.0 - 2022-01-24
 - Official version 1.0.0 (**Hurray!**)
 
-**Copyright (c) 2022 Shift Everywhere AB. All rights reserved.**
\ No newline at end of file
+**Copyright (c) 2023 Shift Everywhere AB. All rights reserved.**
\ No newline at end of file
diff --git a/build.gradle b/build.gradle
index c490115..43e593f 100644
--- a/build.gradle
+++ b/build.gradle
@@ -5,7 +5,7 @@
 //  entities in a network.
 //
 //  Released under the MIT licence, see LICENSE for more information.
-//  Copyright (c) 2022 Shift Everywhere AB. All rights reserved.
+//  Copyright (c) 2023 Shift Everywhere AB. All rights reserved.
 //
 plugins {
     id 'java-library'
@@ -15,7 +15,7 @@ plugins {
 }
 
 group 'io.dimeformat'
-version '1.2.4'
+version '1.2.5'
 description 'DiME (Data Integrity Message Envelope). A powerful universal data format that is built for secure, and integrity protected communication between trusted entities in a network using an application-based publik-key infrastructure (APKI).'
 
 repositories {
@@ -63,7 +63,7 @@ publishing {
 
             groupId = 'io.dimeformat'
             artifactId = 'dime-java-ref'
-            version = '1.2.4'
+            version = '1.2.5'
 
             from components.java
 
diff --git a/src/main/java/io/dimeformat/IdentityIssuingRequest.java b/src/main/java/io/dimeformat/IdentityIssuingRequest.java
index 5275f22..ce06adf 100644
--- a/src/main/java/io/dimeformat/IdentityIssuingRequest.java
+++ b/src/main/java/io/dimeformat/IdentityIssuingRequest.java
@@ -309,10 +309,6 @@ protected int getMinNbrOfComponents() {
     private static final int MINIMUM_NBR_COMPONENTS = 3;
 
     private Identity issueNewIdentity(String systemName, UUID subjectId, long validFor, Key issuerKey, Identity issuerIdentity, boolean includeChain, IdentityCapability[] allowedCapabilities, IdentityCapability[] requiredCapabilities, String[] ambit, String[] methods) throws IntegrityStateException, CapabilityException, CryptographyException {
-        IntegrityState state = verify(this.getPublicKey());
-        if (!state.isValid()) {
-            throw new IntegrityStateException(state, "Unable to verify Identity issuing request.");
-        }
         boolean isSelfSign = this.getPublicKey().getPublic().equals(issuerKey.getPublic());
         if (isSelfSign && issuerIdentity != null) {
             throw new IllegalArgumentException("Unable to issue new identity since both issuing public key and issued public key is the same.");
@@ -336,7 +332,7 @@ private Identity issueNewIdentity(String systemName, UUID subjectId, long validF
                     ambitList,
                     methodList);
             if (issuerIdentity != null) {
-                state = issuerIdentity.verifyDates();
+                IntegrityState state = issuerIdentity.verifyDates();
                 if (!state.isValid()) {
                     throw new IntegrityStateException(state, "Unable to verify valid dates of issuer identity.");
                 }
diff --git a/src/test/java/io/dimeformat/DimeTest.java b/src/test/java/io/dimeformat/DimeTest.java
index dcf859f..dbb2729 100644
--- a/src/test/java/io/dimeformat/DimeTest.java
+++ b/src/test/java/io/dimeformat/DimeTest.java
@@ -219,7 +219,7 @@ void legacyIdentityImportTest1() {
             assertTrue(identity.hasCapability(IdentityCapability.GENERIC));
             assertTrue(identity.hasCapability(IdentityCapability.IDENTIFY));
             assertNotNull(identity.getTrustChain());
-            assertEquals(IntegrityState.COMPLETE, identity.verify());
+            assertEquals(IntegrityState.FAILED_USED_AFTER_EXPIRED, identity.verify());
         } catch (Exception e) {
             fail("Unexpected exception thrown: " + e);
         }
@@ -371,6 +371,36 @@ void legacySelfIssueTest1() {
         }
     }
 
+    @Test
+    void legacyIssueTest1() {
+        try {
+            Commons.initializeKeyRing();
+
+            IdentityCapability[] caps = { IdentityCapability.GENERIC };
+
+            Key key = Key.generateKey(KeyCapability.SIGN);
+            key.convertToLegacy();
+            Key signKey = Key.generateKey(KeyCapability.SIGN);
+            key.convertToLegacy();
+            IdentityIssuingRequest iir = IdentityIssuingRequest.generateIIR(key);
+            iir.strip();
+            iir.sign(signKey);
+
+            String iirExported = iir.exportToEncoded();
+            String keyExported = signKey.exportToEncoded();
+
+            Key keyToVerify = Item.importFromEncoded(keyExported);
+            IdentityIssuingRequest iirToIssue = Item.importFromEncoded(iirExported);
+            IntegrityState state = iirToIssue.verify(keyToVerify);
+
+           Identity issuedIdentity = iirToIssue.issueIdentity(UUID.randomUUID(), Dime.VALID_FOR_1_YEAR, Commons.getIntermediateKey(), Commons.getIntermediateIdentity(), true, caps, caps);
+           assertNotNull(issuedIdentity);
+
+        } catch (Exception e) {
+            fail("Unexpected exception thrown: " + e);
+        }
+    }
+
     @Test
     void legacyItemLinkTest1() {
         try {
diff --git a/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java b/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java
index 44dd81a..7765120 100644
--- a/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java
+++ b/src/test/java/io/dimeformat/IdentityIssuingRequestTest.java
@@ -11,7 +11,7 @@
 
 import io.dimeformat.enums.Claim;
 import io.dimeformat.enums.IdentityCapability;
-import io.dimeformat.exceptions.IntegrityStateException;
+import io.dimeformat.keyring.IntegrityState;
 import org.json.JSONObject;
 import org.junit.jupiter.api.Test;
 import io.dimeformat.exceptions.CapabilityException;
@@ -153,10 +153,8 @@ void issueTest1() {
             json.put("pub", key2.getPublic());
             IdentityIssuingRequest iir2 = Item.importFromEncoded(components[0] + "." + Utility.toBase64(json.toString()) + "." + components[2]);
             assertNotNull(iir2);
-            try {
-                iir2.issueIdentity(UUID.randomUUID(), 100, Commons.getIntermediateKey(), Commons.getIntermediateIdentity(), true, caps, caps);
-                fail("Exception not thrown.");
-            } catch (IntegrityStateException e) { /* all is well */ }
+            assertSame(IntegrityState.FAILED_NOT_TRUSTED, iir2.verify(key1));
+            assertSame(IntegrityState.FAILED_KEY_MISMATCH, iir2.verify(key2));
         } catch (Exception e) {
             fail("Unexpected exception thrown: " + e);
         }