diff --git a/core/gradle/dependency-locks/compile.lockfile b/core/gradle/dependency-locks/compile.lockfile index 70127d6ce..d559cea0c 100644 --- a/core/gradle/dependency-locks/compile.lockfile +++ b/core/gradle/dependency-locks/compile.lockfile @@ -202,6 +202,7 @@ org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.6.2 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/compileClasspath.lockfile b/core/gradle/dependency-locks/compileClasspath.lockfile index 2b92b4893..cb95f0d38 100644 --- a/core/gradle/dependency-locks/compileClasspath.lockfile +++ b/core/gradle/dependency-locks/compileClasspath.lockfile @@ -200,6 +200,7 @@ org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.6.2 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/default.lockfile b/core/gradle/dependency-locks/default.lockfile index 8b0332066..c550c5f3c 100644 --- a/core/gradle/dependency-locks/default.lockfile +++ b/core/gradle/dependency-locks/default.lockfile @@ -204,6 +204,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/deploy_jar.lockfile b/core/gradle/dependency-locks/deploy_jar.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/core/gradle/dependency-locks/deploy_jar.lockfile +++ b/core/gradle/dependency-locks/deploy_jar.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/nonprodCompile.lockfile b/core/gradle/dependency-locks/nonprodCompile.lockfile index 70127d6ce..d559cea0c 100644 --- a/core/gradle/dependency-locks/nonprodCompile.lockfile +++ b/core/gradle/dependency-locks/nonprodCompile.lockfile @@ -202,6 +202,7 @@ org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.6.2 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/nonprodCompileClasspath.lockfile b/core/gradle/dependency-locks/nonprodCompileClasspath.lockfile index cced2025b..6bba372a8 100644 --- a/core/gradle/dependency-locks/nonprodCompileClasspath.lockfile +++ b/core/gradle/dependency-locks/nonprodCompileClasspath.lockfile @@ -201,6 +201,7 @@ org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.6.2 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/nonprodRuntime.lockfile b/core/gradle/dependency-locks/nonprodRuntime.lockfile index f57862830..b5fd3ff42 100644 --- a/core/gradle/dependency-locks/nonprodRuntime.lockfile +++ b/core/gradle/dependency-locks/nonprodRuntime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/nonprodRuntimeClasspath.lockfile b/core/gradle/dependency-locks/nonprodRuntimeClasspath.lockfile index f57862830..b5fd3ff42 100644 --- a/core/gradle/dependency-locks/nonprodRuntimeClasspath.lockfile +++ b/core/gradle/dependency-locks/nonprodRuntimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/runtime.lockfile b/core/gradle/dependency-locks/runtime.lockfile index f57862830..b5fd3ff42 100644 --- a/core/gradle/dependency-locks/runtime.lockfile +++ b/core/gradle/dependency-locks/runtime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/core/gradle/dependency-locks/runtimeClasspath.lockfile b/core/gradle/dependency-locks/runtimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/core/gradle/dependency-locks/runtimeClasspath.lockfile +++ b/core/gradle/dependency-locks/runtimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/compile.lockfile b/docs/gradle/dependency-locks/compile.lockfile index 8b0332066..c550c5f3c 100644 --- a/docs/gradle/dependency-locks/compile.lockfile +++ b/docs/gradle/dependency-locks/compile.lockfile @@ -204,6 +204,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/compileClasspath.lockfile b/docs/gradle/dependency-locks/compileClasspath.lockfile index 1e4f49883..dd6bad368 100644 --- a/docs/gradle/dependency-locks/compileClasspath.lockfile +++ b/docs/gradle/dependency-locks/compileClasspath.lockfile @@ -202,6 +202,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/default.lockfile b/docs/gradle/dependency-locks/default.lockfile index 8b0332066..c550c5f3c 100644 --- a/docs/gradle/dependency-locks/default.lockfile +++ b/docs/gradle/dependency-locks/default.lockfile @@ -204,6 +204,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/deploy_jar.lockfile b/docs/gradle/dependency-locks/deploy_jar.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/docs/gradle/dependency-locks/deploy_jar.lockfile +++ b/docs/gradle/dependency-locks/deploy_jar.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/runtime.lockfile b/docs/gradle/dependency-locks/runtime.lockfile index 8b0332066..c550c5f3c 100644 --- a/docs/gradle/dependency-locks/runtime.lockfile +++ b/docs/gradle/dependency-locks/runtime.lockfile @@ -204,6 +204,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/runtimeClasspath.lockfile b/docs/gradle/dependency-locks/runtimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/docs/gradle/dependency-locks/runtimeClasspath.lockfile +++ b/docs/gradle/dependency-locks/runtimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/testCompile.lockfile b/docs/gradle/dependency-locks/testCompile.lockfile index abd800978..dfa54f0ac 100644 --- a/docs/gradle/dependency-locks/testCompile.lockfile +++ b/docs/gradle/dependency-locks/testCompile.lockfile @@ -208,6 +208,7 @@ org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.apiguardian:apiguardian-api:1.1.0 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/testCompileClasspath.lockfile b/docs/gradle/dependency-locks/testCompileClasspath.lockfile index f4e0a4d97..a67858ea6 100644 --- a/docs/gradle/dependency-locks/testCompileClasspath.lockfile +++ b/docs/gradle/dependency-locks/testCompileClasspath.lockfile @@ -207,6 +207,7 @@ org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.apiguardian:apiguardian-api:1.1.0 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/testRuntime.lockfile b/docs/gradle/dependency-locks/testRuntime.lockfile index abd800978..dfa54f0ac 100644 --- a/docs/gradle/dependency-locks/testRuntime.lockfile +++ b/docs/gradle/dependency-locks/testRuntime.lockfile @@ -208,6 +208,7 @@ org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.apiguardian:apiguardian-api:1.1.0 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/docs/gradle/dependency-locks/testRuntimeClasspath.lockfile b/docs/gradle/dependency-locks/testRuntimeClasspath.lockfile index abd800978..dfa54f0ac 100644 --- a/docs/gradle/dependency-locks/testRuntimeClasspath.lockfile +++ b/docs/gradle/dependency-locks/testRuntimeClasspath.lockfile @@ -208,6 +208,7 @@ org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.apiguardian:apiguardian-api:1.1.0 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java b/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java index 9e5791689..aff49b3c9 100644 --- a/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java +++ b/networking/src/main/java/google/registry/networking/module/CertificateSupplierModule.java @@ -25,7 +25,7 @@ import com.google.common.collect.ImmutableList; import dagger.Lazy; import dagger.Module; import dagger.Provides; -import google.registry.networking.util.SelfSignedCaCertificate; +import google.registry.util.SelfSignedCaCertificate; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStreamReader; diff --git a/networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java b/networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java index 603d53608..3f04ee916 100644 --- a/networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java +++ b/networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java @@ -21,7 +21,7 @@ import static google.registry.networking.handler.SslInitializerTestUtils.signKey import static google.registry.networking.handler.SslInitializerTestUtils.verifySslException; import com.google.common.collect.ImmutableList; -import google.registry.networking.util.SelfSignedCaCertificate; +import google.registry.util.SelfSignedCaCertificate; import io.netty.channel.Channel; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelPipeline; diff --git a/networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java b/networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java index 1f38beb40..ec30fdd52 100644 --- a/networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java +++ b/networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java @@ -18,7 +18,7 @@ import static com.google.common.truth.Truth.assertThat; import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.common.base.Throwables; -import google.registry.networking.util.SelfSignedCaCertificate; +import google.registry.util.SelfSignedCaCertificate; import io.netty.channel.Channel; import io.netty.channel.ChannelFuture; import io.netty.handler.ssl.SslHandler; diff --git a/networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java b/networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java index 77dfa1eef..c38e43505 100644 --- a/networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java +++ b/networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java @@ -23,7 +23,7 @@ import static google.registry.networking.handler.SslServerInitializer.CLIENT_CER import com.google.common.base.Suppliers; import com.google.common.collect.ImmutableList; -import google.registry.networking.util.SelfSignedCaCertificate; +import google.registry.util.SelfSignedCaCertificate; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; diff --git a/networking/src/test/java/google/registry/networking/module/CertificateSupplierModuleTest.java b/networking/src/test/java/google/registry/networking/module/CertificateSupplierModuleTest.java index 9b4a62216..9ccac224b 100644 --- a/networking/src/test/java/google/registry/networking/module/CertificateSupplierModuleTest.java +++ b/networking/src/test/java/google/registry/networking/module/CertificateSupplierModuleTest.java @@ -26,7 +26,7 @@ import dagger.Component; import dagger.Module; import dagger.Provides; import google.registry.networking.module.CertificateSupplierModule.Mode; -import google.registry.networking.util.SelfSignedCaCertificate; +import google.registry.util.SelfSignedCaCertificate; import java.io.ByteArrayOutputStream; import java.io.OutputStreamWriter; import java.security.KeyPair; diff --git a/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java b/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java index 8db36c168..98e52e0f2 100644 --- a/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java +++ b/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java @@ -23,9 +23,9 @@ import static java.nio.charset.StandardCharsets.UTF_8; import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.common.base.Throwables; -import google.registry.networking.util.SelfSignedCaCertificate; import google.registry.proxy.handler.HttpsRelayServiceHandler.NonOkHttpResponseException; import google.registry.testing.FakeClock; +import google.registry.util.SelfSignedCaCertificate; import io.netty.buffer.ByteBuf; import io.netty.buffer.Unpooled; import io.netty.channel.embedded.EmbeddedChannel; diff --git a/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java b/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java index b98b615da..3be90e20f 100644 --- a/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java +++ b/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java @@ -27,10 +27,10 @@ import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyNoMoreInteractions; import com.google.common.base.Throwables; -import google.registry.networking.util.SelfSignedCaCertificate; import google.registry.proxy.TestUtils; import google.registry.proxy.handler.HttpsRelayServiceHandler.NonOkHttpResponseException; import google.registry.proxy.metric.FrontendMetrics; +import google.registry.util.SelfSignedCaCertificate; import io.netty.buffer.ByteBuf; import io.netty.buffer.Unpooled; import io.netty.channel.ChannelInitializer; diff --git a/services/backend/gradle/dependency-locks/compile.lockfile b/services/backend/gradle/dependency-locks/compile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/backend/gradle/dependency-locks/compile.lockfile +++ b/services/backend/gradle/dependency-locks/compile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/compileClasspath.lockfile b/services/backend/gradle/dependency-locks/compileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/backend/gradle/dependency-locks/compileClasspath.lockfile +++ b/services/backend/gradle/dependency-locks/compileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/default.lockfile b/services/backend/gradle/dependency-locks/default.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/backend/gradle/dependency-locks/default.lockfile +++ b/services/backend/gradle/dependency-locks/default.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/runtime.lockfile b/services/backend/gradle/dependency-locks/runtime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/backend/gradle/dependency-locks/runtime.lockfile +++ b/services/backend/gradle/dependency-locks/runtime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/runtimeClasspath.lockfile b/services/backend/gradle/dependency-locks/runtimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/backend/gradle/dependency-locks/runtimeClasspath.lockfile +++ b/services/backend/gradle/dependency-locks/runtimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/testCompile.lockfile b/services/backend/gradle/dependency-locks/testCompile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/backend/gradle/dependency-locks/testCompile.lockfile +++ b/services/backend/gradle/dependency-locks/testCompile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/testCompileClasspath.lockfile b/services/backend/gradle/dependency-locks/testCompileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/backend/gradle/dependency-locks/testCompileClasspath.lockfile +++ b/services/backend/gradle/dependency-locks/testCompileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/testRuntime.lockfile b/services/backend/gradle/dependency-locks/testRuntime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/backend/gradle/dependency-locks/testRuntime.lockfile +++ b/services/backend/gradle/dependency-locks/testRuntime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/backend/gradle/dependency-locks/testRuntimeClasspath.lockfile b/services/backend/gradle/dependency-locks/testRuntimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/backend/gradle/dependency-locks/testRuntimeClasspath.lockfile +++ b/services/backend/gradle/dependency-locks/testRuntimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/compile.lockfile b/services/default/gradle/dependency-locks/compile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/default/gradle/dependency-locks/compile.lockfile +++ b/services/default/gradle/dependency-locks/compile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/compileClasspath.lockfile b/services/default/gradle/dependency-locks/compileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/default/gradle/dependency-locks/compileClasspath.lockfile +++ b/services/default/gradle/dependency-locks/compileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/default.lockfile b/services/default/gradle/dependency-locks/default.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/default/gradle/dependency-locks/default.lockfile +++ b/services/default/gradle/dependency-locks/default.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/runtime.lockfile b/services/default/gradle/dependency-locks/runtime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/default/gradle/dependency-locks/runtime.lockfile +++ b/services/default/gradle/dependency-locks/runtime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/runtimeClasspath.lockfile b/services/default/gradle/dependency-locks/runtimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/default/gradle/dependency-locks/runtimeClasspath.lockfile +++ b/services/default/gradle/dependency-locks/runtimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/testCompile.lockfile b/services/default/gradle/dependency-locks/testCompile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/default/gradle/dependency-locks/testCompile.lockfile +++ b/services/default/gradle/dependency-locks/testCompile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/testCompileClasspath.lockfile b/services/default/gradle/dependency-locks/testCompileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/default/gradle/dependency-locks/testCompileClasspath.lockfile +++ b/services/default/gradle/dependency-locks/testCompileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/testRuntime.lockfile b/services/default/gradle/dependency-locks/testRuntime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/default/gradle/dependency-locks/testRuntime.lockfile +++ b/services/default/gradle/dependency-locks/testRuntime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/default/gradle/dependency-locks/testRuntimeClasspath.lockfile b/services/default/gradle/dependency-locks/testRuntimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/default/gradle/dependency-locks/testRuntimeClasspath.lockfile +++ b/services/default/gradle/dependency-locks/testRuntimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/compile.lockfile b/services/pubapi/gradle/dependency-locks/compile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/pubapi/gradle/dependency-locks/compile.lockfile +++ b/services/pubapi/gradle/dependency-locks/compile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/compileClasspath.lockfile b/services/pubapi/gradle/dependency-locks/compileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/pubapi/gradle/dependency-locks/compileClasspath.lockfile +++ b/services/pubapi/gradle/dependency-locks/compileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/default.lockfile b/services/pubapi/gradle/dependency-locks/default.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/pubapi/gradle/dependency-locks/default.lockfile +++ b/services/pubapi/gradle/dependency-locks/default.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/runtime.lockfile b/services/pubapi/gradle/dependency-locks/runtime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/pubapi/gradle/dependency-locks/runtime.lockfile +++ b/services/pubapi/gradle/dependency-locks/runtime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/runtimeClasspath.lockfile b/services/pubapi/gradle/dependency-locks/runtimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/pubapi/gradle/dependency-locks/runtimeClasspath.lockfile +++ b/services/pubapi/gradle/dependency-locks/runtimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/testCompile.lockfile b/services/pubapi/gradle/dependency-locks/testCompile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/pubapi/gradle/dependency-locks/testCompile.lockfile +++ b/services/pubapi/gradle/dependency-locks/testCompile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/testCompileClasspath.lockfile b/services/pubapi/gradle/dependency-locks/testCompileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/pubapi/gradle/dependency-locks/testCompileClasspath.lockfile +++ b/services/pubapi/gradle/dependency-locks/testCompileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/testRuntime.lockfile b/services/pubapi/gradle/dependency-locks/testRuntime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/pubapi/gradle/dependency-locks/testRuntime.lockfile +++ b/services/pubapi/gradle/dependency-locks/testRuntime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/pubapi/gradle/dependency-locks/testRuntimeClasspath.lockfile b/services/pubapi/gradle/dependency-locks/testRuntimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/pubapi/gradle/dependency-locks/testRuntimeClasspath.lockfile +++ b/services/pubapi/gradle/dependency-locks/testRuntimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/compile.lockfile b/services/tools/gradle/dependency-locks/compile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/tools/gradle/dependency-locks/compile.lockfile +++ b/services/tools/gradle/dependency-locks/compile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/compileClasspath.lockfile b/services/tools/gradle/dependency-locks/compileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/tools/gradle/dependency-locks/compileClasspath.lockfile +++ b/services/tools/gradle/dependency-locks/compileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/default.lockfile b/services/tools/gradle/dependency-locks/default.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/tools/gradle/dependency-locks/default.lockfile +++ b/services/tools/gradle/dependency-locks/default.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/runtime.lockfile b/services/tools/gradle/dependency-locks/runtime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/tools/gradle/dependency-locks/runtime.lockfile +++ b/services/tools/gradle/dependency-locks/runtime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/runtimeClasspath.lockfile b/services/tools/gradle/dependency-locks/runtimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/tools/gradle/dependency-locks/runtimeClasspath.lockfile +++ b/services/tools/gradle/dependency-locks/runtimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/testCompile.lockfile b/services/tools/gradle/dependency-locks/testCompile.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/tools/gradle/dependency-locks/testCompile.lockfile +++ b/services/tools/gradle/dependency-locks/testCompile.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/testCompileClasspath.lockfile b/services/tools/gradle/dependency-locks/testCompileClasspath.lockfile index 8fcf12c70..09012fee2 100644 --- a/services/tools/gradle/dependency-locks/testCompileClasspath.lockfile +++ b/services/tools/gradle/dependency-locks/testCompileClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/testRuntime.lockfile b/services/tools/gradle/dependency-locks/testRuntime.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/tools/gradle/dependency-locks/testRuntime.lockfile +++ b/services/tools/gradle/dependency-locks/testRuntime.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/services/tools/gradle/dependency-locks/testRuntimeClasspath.lockfile b/services/tools/gradle/dependency-locks/testRuntimeClasspath.lockfile index 36449bf2b..17dcbe0bc 100644 --- a/services/tools/gradle/dependency-locks/testRuntimeClasspath.lockfile +++ b/services/tools/gradle/dependency-locks/testRuntimeClasspath.lockfile @@ -203,6 +203,7 @@ org.apache.httpcomponents:httpcore:4.4.13 org.apache.logging.log4j:log4j-api:2.13.3 org.apache.logging.log4j:log4j-core:2.13.3 org.bouncycastle:bcpg-jdk15on:1.61 +org.bouncycastle:bcpkix-jdk15on:1.61 org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 diff --git a/util/build.gradle b/util/build.gradle index a1dbc796e..7ab9b54d1 100644 --- a/util/build.gradle +++ b/util/build.gradle @@ -32,6 +32,8 @@ dependencies { compile deps['javax.xml.bind:jaxb-api'] compile deps['joda-time:joda-time'] compile deps['org.yaml:snakeyaml'] + compile deps['org.bouncycastle:bcpkix-jdk15on'] + compile deps['org.bouncycastle:bcprov-jdk15on'] compile project(':common') runtime deps['com.google.auto.value:auto-value'] testCompile deps['com.google.appengine:appengine-api-stubs'] diff --git a/util/gradle/dependency-locks/compile.lockfile b/util/gradle/dependency-locks/compile.lockfile index 52ee1fefe..a4be45560 100644 --- a/util/gradle/dependency-locks/compile.lockfile +++ b/util/gradle/dependency-locks/compile.lockfile @@ -34,5 +34,7 @@ javax.xml.bind:jaxb-api:2.3.0 joda-time:joda-time:2.9.2 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-qual:2.11.1 org.yaml:snakeyaml:1.17 diff --git a/util/gradle/dependency-locks/compileClasspath.lockfile b/util/gradle/dependency-locks/compileClasspath.lockfile index 52ee1fefe..a4be45560 100644 --- a/util/gradle/dependency-locks/compileClasspath.lockfile +++ b/util/gradle/dependency-locks/compileClasspath.lockfile @@ -34,5 +34,7 @@ javax.xml.bind:jaxb-api:2.3.0 joda-time:joda-time:2.9.2 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-qual:2.11.1 org.yaml:snakeyaml:1.17 diff --git a/util/gradle/dependency-locks/default.lockfile b/util/gradle/dependency-locks/default.lockfile index 9979be0bc..5c5023296 100644 --- a/util/gradle/dependency-locks/default.lockfile +++ b/util/gradle/dependency-locks/default.lockfile @@ -35,5 +35,7 @@ javax.xml.bind:jaxb-api:2.3.0 joda-time:joda-time:2.9.2 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-qual:2.11.1 org.yaml:snakeyaml:1.17 diff --git a/util/gradle/dependency-locks/deploy_jar.lockfile b/util/gradle/dependency-locks/deploy_jar.lockfile index 9979be0bc..5c5023296 100644 --- a/util/gradle/dependency-locks/deploy_jar.lockfile +++ b/util/gradle/dependency-locks/deploy_jar.lockfile @@ -35,5 +35,7 @@ javax.xml.bind:jaxb-api:2.3.0 joda-time:joda-time:2.9.2 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-qual:2.11.1 org.yaml:snakeyaml:1.17 diff --git a/util/gradle/dependency-locks/runtime.lockfile b/util/gradle/dependency-locks/runtime.lockfile index 9979be0bc..5c5023296 100644 --- a/util/gradle/dependency-locks/runtime.lockfile +++ b/util/gradle/dependency-locks/runtime.lockfile @@ -35,5 +35,7 @@ javax.xml.bind:jaxb-api:2.3.0 joda-time:joda-time:2.9.2 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-qual:2.11.1 org.yaml:snakeyaml:1.17 diff --git a/util/gradle/dependency-locks/runtimeClasspath.lockfile b/util/gradle/dependency-locks/runtimeClasspath.lockfile index 9979be0bc..5c5023296 100644 --- a/util/gradle/dependency-locks/runtimeClasspath.lockfile +++ b/util/gradle/dependency-locks/runtimeClasspath.lockfile @@ -35,5 +35,7 @@ javax.xml.bind:jaxb-api:2.3.0 joda-time:joda-time:2.9.2 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-qual:2.11.1 org.yaml:snakeyaml:1.17 diff --git a/util/gradle/dependency-locks/testCompile.lockfile b/util/gradle/dependency-locks/testCompile.lockfile index 88da3b508..d9e791173 100644 --- a/util/gradle/dependency-locks/testCompile.lockfile +++ b/util/gradle/dependency-locks/testCompile.lockfile @@ -42,6 +42,8 @@ net.bytebuddy:byte-buddy:1.10.5 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apiguardian:apiguardian-api:1.1.0 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 org.hamcrest:hamcrest-all:1.3 diff --git a/util/gradle/dependency-locks/testCompileClasspath.lockfile b/util/gradle/dependency-locks/testCompileClasspath.lockfile index 88da3b508..d9e791173 100644 --- a/util/gradle/dependency-locks/testCompileClasspath.lockfile +++ b/util/gradle/dependency-locks/testCompileClasspath.lockfile @@ -42,6 +42,8 @@ net.bytebuddy:byte-buddy:1.10.5 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apiguardian:apiguardian-api:1.1.0 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 org.hamcrest:hamcrest-all:1.3 diff --git a/util/gradle/dependency-locks/testRuntime.lockfile b/util/gradle/dependency-locks/testRuntime.lockfile index de979c3f4..f2c17baaa 100644 --- a/util/gradle/dependency-locks/testRuntime.lockfile +++ b/util/gradle/dependency-locks/testRuntime.lockfile @@ -44,6 +44,8 @@ net.bytebuddy:byte-buddy:1.10.5 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apiguardian:apiguardian-api:1.1.0 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 org.hamcrest:hamcrest-all:1.3 diff --git a/util/gradle/dependency-locks/testRuntimeClasspath.lockfile b/util/gradle/dependency-locks/testRuntimeClasspath.lockfile index de979c3f4..f2c17baaa 100644 --- a/util/gradle/dependency-locks/testRuntimeClasspath.lockfile +++ b/util/gradle/dependency-locks/testRuntimeClasspath.lockfile @@ -44,6 +44,8 @@ net.bytebuddy:byte-buddy:1.10.5 org.apache.httpcomponents:httpclient:4.5.11 org.apache.httpcomponents:httpcore:4.4.13 org.apiguardian:apiguardian-api:1.1.0 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 org.checkerframework:checker-compat-qual:2.5.5 org.checkerframework:checker-qual:2.11.1 org.hamcrest:hamcrest-all:1.3 diff --git a/util/src/main/java/google/registry/util/CertificateChecker.java b/util/src/main/java/google/registry/util/CertificateChecker.java new file mode 100644 index 000000000..155d18e08 --- /dev/null +++ b/util/src/main/java/google/registry/util/CertificateChecker.java @@ -0,0 +1,141 @@ +// Copyright 2020 The Nomulus Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package google.registry.util; + +import com.google.auto.value.AutoValue; +import com.google.common.collect.ImmutableSet; +import java.security.PublicKey; +import java.security.cert.X509Certificate; +import java.security.interfaces.RSAPublicKey; +import java.util.Date; +import org.joda.time.DateTime; +import org.joda.time.Days; + +/** An utility to check that a given certificate meets our requirements */ +public class CertificateChecker { + + private final int maxValidityDays; + private final int daysToExpiration; + private final int minimumRsaKeyLength; + public final CertificateViolation certificateExpiredViolation; + public final CertificateViolation certificateNotYetValidViolation; + public final CertificateViolation certificateValidityLengthViolation; + public final CertificateViolation certificateOldValidityLengthValidViolation; + public final CertificateViolation certificateRsaKeyLengthViolation; + public final CertificateViolation certificateAlgorithmViolation; + + public CertificateChecker(int maxValidityDays, int daysToExpiration, int minimumRsaKeyLength) { + this.maxValidityDays = maxValidityDays; + this.daysToExpiration = daysToExpiration; + this.minimumRsaKeyLength = minimumRsaKeyLength; + this.certificateExpiredViolation = + CertificateViolation.create("Expired Certificate", "This certificate is expired."); + this.certificateNotYetValidViolation = + CertificateViolation.create( + "Not Yet Valid", "This certificate's start date has not yet passed."); + this.certificateOldValidityLengthValidViolation = + CertificateViolation.create( + "Validity Period Too Long", + String.format( + "The certificate's validity length must be less than or equal to %d days, or %d" + + " days if issued prior to 2020-09-01.", + maxValidityDays, 825)); + this.certificateValidityLengthViolation = + CertificateViolation.create( + "Validity Period Too Long", + String.format( + "The certificate must have a validity length of less than %d days.", + maxValidityDays)); + this.certificateRsaKeyLengthViolation = + CertificateViolation.create( + "RSA Key Length Too Long", + String.format("The minimum RSA key length is %d.", minimumRsaKeyLength)); + this.certificateAlgorithmViolation = + CertificateViolation.create( + "Certificate Algorithm Not Allowed", "Only RSA and ECDSA keys are accepted."); + } + + /** + * Checks a certificate for violations and returns a list of all the violations the certificate + * has. + */ + public ImmutableSet checkCertificate( + X509Certificate certificate, Date now) { + ImmutableSet.Builder violations = new ImmutableSet.Builder<>(); + + // Check Expiration + if (certificate.getNotAfter().before(now)) { + violations.add(certificateExpiredViolation); + } else if (certificate.getNotBefore().after(now)) { + violations.add(certificateNotYetValidViolation); + } + int validityLength = getValidityLengthInDays(certificate); + if (validityLength > maxValidityDays) { + if (new DateTime(certificate.getNotBefore()) + .isBefore(DateTime.parse("2020-09-01T00:00:00Z"))) { + if (validityLength > 825) { + violations.add(certificateOldValidityLengthValidViolation); + } + } else { + violations.add(certificateValidityLengthViolation); + } + } + + // Check Key Strengths + PublicKey key = certificate.getPublicKey(); + if (key.getAlgorithm().equals("RSA")) { + RSAPublicKey rsaPublicKey = (RSAPublicKey) key; + if (rsaPublicKey.getModulus().bitLength() < minimumRsaKeyLength) { + violations.add(certificateRsaKeyLengthViolation); + } + } else if (key.getAlgorithm().equals("EC")) { + // TODO(sarahbot): Add verification of ECDSA curves + } else { + violations.add(certificateAlgorithmViolation); + } + return violations.build(); + } + + /** Returns true if the certificate is nearing expiration. */ + public boolean isNearingExpiration(X509Certificate certificate, Date now) { + Date nearingExpirationDate = + DateTime.parse(certificate.getNotAfter().toInstant().toString()) + .minusDays(daysToExpiration) + .toDate(); + return now.after(nearingExpirationDate); + } + + private static int getValidityLengthInDays(X509Certificate certificate) { + DateTime start = DateTime.parse(certificate.getNotBefore().toInstant().toString()); + DateTime end = DateTime.parse(certificate.getNotAfter().toInstant().toString()); + return Days.daysBetween(start.withTimeAtStartOfDay(), end.withTimeAtStartOfDay()).getDays(); + } +} + +/** + * The type of violation a certificate has based on the certificate requirements + * (go/registry-proxy-security). + */ +@AutoValue +abstract class CertificateViolation { + + public abstract String name(); + + public abstract String displayMessage(); + + public static CertificateViolation create(String name, String displayMessage) { + return new AutoValue_CertificateViolation(name, displayMessage); + } +} diff --git a/networking/src/main/java/google/registry/networking/util/SelfSignedCaCertificate.java b/util/src/main/java/google/registry/util/SelfSignedCaCertificate.java similarity index 86% rename from networking/src/main/java/google/registry/networking/util/SelfSignedCaCertificate.java rename to util/src/main/java/google/registry/util/SelfSignedCaCertificate.java index 36b36c76b..cabf67338 100644 --- a/networking/src/main/java/google/registry/networking/util/SelfSignedCaCertificate.java +++ b/util/src/main/java/google/registry/util/SelfSignedCaCertificate.java @@ -12,8 +12,11 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.networking.util; +package google.registry.util; +import static com.google.common.base.Preconditions.checkArgument; + +import com.google.common.collect.ImmutableMap; import java.math.BigInteger; import java.security.KeyPair; import java.security.KeyPairGenerator; @@ -47,6 +50,9 @@ public class SelfSignedCaCertificate { private static final Random RANDOM = new Random(); private static final BouncyCastleProvider PROVIDER = new BouncyCastleProvider(); private static final KeyPairGenerator keyGen = createKeyPairGenerator(); + private static final ImmutableMap KEY_SIGNATURE_ALGS = + ImmutableMap.of( + "EC", "SHA256WithECDSA", "DSA", "SHA256WithDSA", "RSA", "SHA256WithRSAEncryption"); private final PrivateKey privateKey; private final X509Certificate cert; @@ -96,8 +102,11 @@ public class SelfSignedCaCertificate { static X509Certificate createCaCert(KeyPair keyPair, String fqdn, Date from, Date to) throws Exception { X500Name owner = new X500Name("CN=" + fqdn); + String publicKeyAlg = keyPair.getPublic().getAlgorithm(); + checkArgument(KEY_SIGNATURE_ALGS.containsKey(publicKeyAlg), "Unexpected public key algorithm"); + String signatureAlgorithm = KEY_SIGNATURE_ALGS.get(publicKeyAlg); ContentSigner signer = - new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(keyPair.getPrivate()); + new JcaContentSignerBuilder(signatureAlgorithm).build(keyPair.getPrivate()); X509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder( owner, new BigInteger(64, RANDOM), from, to, owner, keyPair.getPublic()); diff --git a/util/src/test/java/google/registry/util/CertificateCheckerTest.java b/util/src/test/java/google/registry/util/CertificateCheckerTest.java new file mode 100644 index 000000000..7d1f060cf --- /dev/null +++ b/util/src/test/java/google/registry/util/CertificateCheckerTest.java @@ -0,0 +1,184 @@ +// Copyright 2020 The Nomulus Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package google.registry.util; + +import static com.google.common.truth.Truth.assertThat; +import static org.joda.time.DateTimeZone.UTC; + +import com.google.common.collect.ImmutableSet; +import java.security.KeyPairGenerator; +import java.security.SecureRandom; +import java.security.cert.X509Certificate; +import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.joda.time.DateTime; +import org.junit.jupiter.api.Test; + +/** Unit tests for {@link CertificateChecker} */ +public class CertificateCheckerTest { + + private static final String SSL_HOST = "www.example.tld"; + + private static CertificateChecker certificateChecker = new CertificateChecker(398, 30, 2048); + + @Test + void test_compliantCertificate() throws Exception { + X509Certificate certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.now(UTC).minusDays(5).toDate(), + DateTime.now(UTC).plusDays(80).toDate()) + .cert(); + assertThat(certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate())) + .isEqualTo(ImmutableSet.of()); + } + + @Test + void test_certificateWithSeveralIssues() throws Exception { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", new BouncyCastleProvider()); + keyGen.initialize(1024, new SecureRandom()); + + X509Certificate certificate = + SelfSignedCaCertificate.create( + keyGen.generateKeyPair(), + SSL_HOST, + DateTime.now(UTC).plusDays(5).toDate(), + DateTime.now(UTC).plusDays(1000).toDate()) + .cert(); + + ImmutableSet violations = + certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate()); + assertThat(violations).hasSize(3); + assertThat(violations) + .isEqualTo( + ImmutableSet.of( + certificateChecker.certificateNotYetValidViolation, + certificateChecker.certificateValidityLengthViolation, + certificateChecker.certificateRsaKeyLengthViolation)); + ; + } + + @Test + void test_expiredCertificate() throws Exception { + X509Certificate certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.now(UTC).minusDays(50).toDate(), + DateTime.now(UTC).minusDays(10).toDate()) + .cert(); + ImmutableSet violations = + certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate()); + assertThat(violations).containsExactly(certificateChecker.certificateExpiredViolation); + } + + @Test + void test_notYetValid() throws Exception { + X509Certificate certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.now(UTC).plusDays(10).toDate(), + DateTime.now(UTC).plusDays(50).toDate()) + .cert(); + ImmutableSet violations = + certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate()); + assertThat(violations).containsExactly(certificateChecker.certificateNotYetValidViolation); + } + + @Test + void test_checkValidityLength() throws Exception { + X509Certificate certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.now(UTC).minusDays(10).toDate(), + DateTime.now(UTC).plusDays(1000).toDate()) + .cert(); + ImmutableSet violations = + certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate()); + assertThat(violations).containsExactly(certificateChecker.certificateValidityLengthViolation); + + certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.parse("2020-08-01T00:00:00Z").toDate(), + DateTime.parse("2023-11-01T00:00:00Z").toDate()) + .cert(); + violations = certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate()); + assertThat(violations) + .containsExactly(certificateChecker.certificateOldValidityLengthValidViolation); + + certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.parse("2020-08-01T00:00:00Z").toDate(), + DateTime.parse("2021-11-01T00:00:00Z").toDate()) + .cert(); + violations = certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate()); + assertThat(violations).isEmpty(); + } + + @Test + void test_nearingExpiration() throws Exception { + X509Certificate certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.now(UTC).minusDays(50).toDate(), + DateTime.now(UTC).plusDays(10).toDate()) + .cert(); + assertThat(certificateChecker.isNearingExpiration(certificate, DateTime.now(UTC).toDate())) + .isTrue(); + + certificate = + SelfSignedCaCertificate.create( + SSL_HOST, + DateTime.now(UTC).minusDays(50).toDate(), + DateTime.now(UTC).plusDays(100).toDate()) + .cert(); + assertThat(certificateChecker.isNearingExpiration(certificate, DateTime.now(UTC).toDate())) + .isFalse(); + } + + @Test + void test_checkRsaKeyLength() throws Exception { + // Key length too low + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", new BouncyCastleProvider()); + keyGen.initialize(1024, new SecureRandom()); + + X509Certificate certificate = + SelfSignedCaCertificate.create( + keyGen.generateKeyPair(), + SSL_HOST, + DateTime.now(UTC).minusDays(5).toDate(), + DateTime.now(UTC).plusDays(100).toDate()) + .cert(); + + ImmutableSet violations = + certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate()); + assertThat(violations).containsExactly(certificateChecker.certificateRsaKeyLengthViolation); + + // Key length higher than required + keyGen = KeyPairGenerator.getInstance("RSA", new BouncyCastleProvider()); + keyGen.initialize(4096, new SecureRandom()); + + certificate = + SelfSignedCaCertificate.create( + keyGen.generateKeyPair(), + SSL_HOST, + DateTime.now(UTC).minusDays(5).toDate(), + DateTime.now(UTC).plusDays(100).toDate()) + .cert(); + + assertThat(certificateChecker.checkCertificate(certificate, DateTime.now(UTC).toDate())) + .isEqualTo(ImmutableSet.of()); + } +}