corda · adelel1 · Mar 5, 2024 · Feb 29, 2024
diff --git a/.ci/api-current.txt b/.ci/api-current.txt
@@ -8290,11 +8290,6 @@ public static final class net.corda.core.utilities.ProgressTracker$UNSTARTED ext
 public interface net.corda.core.utilities.PropertyDelegate
   public abstract T getValue(Object, kotlin.reflect.KProperty)
 ##
-public final class net.corda.core.utilities.SgxSupport extends java.lang.Object
-  public static final boolean isInsideEnclave()
-  @NotNull
-  public static final net.corda.core.utilities.SgxSupport INSTANCE
-##
 public final class net.corda.core.utilities.ThreadDumpUtilsKt extends java.lang.Object
   @NotNull
   public static final String asString(management.ThreadInfo, int)

diff --git a/build.gradle b/build.gradle
@@ -90,7 +90,6 @@ buildscript {
     ext.h2_version = constants.getProperty("h2Version")
     ext.rxjava_version = constants.getProperty("rxjavaVersion")
     ext.dokka_version = constants.getProperty("dokkaVersion")
-    ext.eddsa_version = constants.getProperty("eddsaVersion")
     ext.dependency_checker_version = constants.getProperty("dependencyCheckerVersion")
     ext.commons_collections_version = constants.getProperty("commonsCollectionsVersion")
     ext.beanutils_version = constants.getProperty("beanutilsVersion")
@@ -178,7 +177,6 @@ buildscript {
         classpath "com.guardsquare:proguard-gradle:$proguard_version"
         classpath 'com.github.ben-manes:gradle-versions-plugin:0.15.0'
         classpath "org.jetbrains.dokka:dokka-base:$dokka_version"
-        classpath "net.i2p.crypto:eddsa:$eddsa_version" // Needed for ServiceIdentityGenerator in the build environment.
         classpath "org.owasp:dependency-check-gradle:$dependency_checker_version"
         classpath "org.jfrog.buildinfo:build-info-extractor-gradle:$artifactory_plugin_version"
         // Capsule gradle plugin forked and maintained locally to support Gradle 5.x

diff --git a/constants.properties b/constants.properties
@@ -21,7 +21,7 @@ guavaVersion=28.0-jre
 quasarVersion=0.9.0_r3
 dockerJavaVersion=3.2.5
 proguardVersion=7.3.1
-// bouncy castle version must not be changed on a patch release. Needs a full release test cycle to flush out any issues.
+# Bouncy Castle version must not be changed on a patch release. Needs a full release test cycle to flush out any issues.
 bouncycastleVersion=1.75
 classgraphVersion=4.8.135
 disruptorVersion=3.4.2
@@ -79,7 +79,6 @@ hibernateVersion=5.6.14.Final
 h2Version=2.2.224
 rxjavaVersion=1.3.8
 dokkaVersion=1.8.20
-eddsaVersion=0.3.0
 dependencyCheckerVersion=5.2.0
 commonsCollectionsVersion=4.3
 beanutilsVersion=1.9.4

diff --git a/core-tests/build.gradle b/core-tests/build.gradle
@@ -184,7 +184,6 @@ quasar {
             "io.github.classgraph**",
             "io.netty*",
             "liquibase**",
-            "net.i2p.crypto.**",
             "nonapi.io.github.classgraph.**",
             "org.apiguardian.**",
             "org.bouncycastle**",

@@ -36,8 +36,6 @@ dependencies {
     // For caches rather than guava
     implementation "com.github.ben-manes.caffeine:caffeine:$caffeine_version"
     implementation "org.apache.commons:commons-lang3:$commons_lang3_version"
-    // Java ed25519 implementation. See https://github.com/str4d/ed25519-java/
-    implementation "net.i2p.crypto:eddsa:$eddsa_version"
     // Bouncy castle support needed for X509 certificate manipulation
     implementation "org.bouncycastle:bcprov-jdk18on:${bouncycastle_version}"
     // required to use @Type annotation
@@ -93,19 +91,7 @@ processTestResources {
     }
 }
 
-compileTestJava {
-    options.compilerArgs += [
-            '--add-exports', 'java.base/sun.security.util=ALL-UNNAMED',
-            '--add-exports', 'java.base/sun.security.x509=ALL-UNNAMED'
-    ]
-}
-
 test {
-    // TODO This obscures whether any Corda client APIs need these JVM flags as well (which they shouldn't do)
-    jvmArgs += [
-            '--add-exports', 'java.base/sun.security.util=ALL-UNNAMED',
-            '--add-exports', 'java.base/sun.security.x509=ALL-UNNAMED'
-    ]
     maxParallelForks = (System.env.CORDA_CORE_TESTING_FORKS == null) ? 1 :  "$System.env.CORDA_CORE_TESTING_FORKS".toInteger()
 }
 
@@ -129,7 +115,6 @@ quasar {
             "io.github.classgraph**",
             "io.netty*",
             "liquibase**",
-            "net.i2p.crypto.**",
             "nonapi.io.github.classgraph.**",
             "org.apiguardian.**",
             "org.bouncycastle**",

@@ -5,33 +5,19 @@ import net.corda.core.crypto.CordaObjectIdentifier.COMPOSITE_SIGNATURE
 import net.corda.core.crypto.internal.PlatformSecureRandomService
 import org.bouncycastle.asn1.ASN1ObjectIdentifier
 import java.security.Provider
-import java.util.*
+import java.util.Optional
 import java.util.concurrent.ConcurrentHashMap
 
-@Suppress("DEPRECATION")    // JDK11: should replace with Provider(String name, double version, String info) (since 9)
-class CordaSecurityProvider : Provider(PROVIDER_NAME, 0.1, "$PROVIDER_NAME security provider wrapper") {
+class CordaSecurityProvider : Provider(PROVIDER_NAME, "0.2", "$PROVIDER_NAME security provider") {
     companion object {
         const val PROVIDER_NAME = "Corda"
     }
 
     private val services = ConcurrentHashMap<Pair<String, String>, Optional<Service>>()
 
     init {
-        put("KeyFactory.${CompositeKey.KEY_ALGORITHM}", CompositeKeyFactory::class.java.name)
-        put("Alg.Alias.KeyFactory.$COMPOSITE_KEY", CompositeKey.KEY_ALGORITHM)
-        put("Alg.Alias.KeyFactory.OID.$COMPOSITE_KEY", CompositeKey.KEY_ALGORITHM)
-        put("Signature.${CompositeSignature.SIGNATURE_ALGORITHM}", CompositeSignature::class.java.name)
-        put("Alg.Alias.Signature.$COMPOSITE_SIGNATURE", CompositeSignature.SIGNATURE_ALGORITHM)
-        put("Alg.Alias.Signature.OID.$COMPOSITE_SIGNATURE", CompositeSignature.SIGNATURE_ALGORITHM)
-        putPlatformSecureRandomService()
-
-        // JDK11+ - Hack to set Provider#legacyChanged to false, without this SecureRandom will not
-        //          pickup our random implementation (even if our provider is the first provider in
-        //          the chain).
-        super.getService("UNDEFINED", "UNDEFINED")
-    }
-
-    private fun putPlatformSecureRandomService() {
+        putService(Service(this, "KeyFactory", CompositeKey.KEY_ALGORITHM, CompositeKeyFactory::class.java.name, listOf("$COMPOSITE_KEY", "OID.$COMPOSITE_KEY"), null))
+        putService(Service(this, "Signature", CompositeSignature.SIGNATURE_ALGORITHM, CompositeSignature::class.java.name, listOf("$COMPOSITE_SIGNATURE", "OID.$COMPOSITE_SIGNATURE"), null))
         putService(PlatformSecureRandomService(this))
     }