detekt rules (#5)

SaBie73 · web-flow · commit 4ebf4e52f3fd · 2025-04-14T10:06:00.000+02:00
* enable detekt rules for undocumented public classes and functions, enhance documentation,
fix CryptoScope

* remove pull request trigger from CodeQL workflow
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -3,8 +3,6 @@ name: "CodeQL Analysis"
 on:
   push:
     branches: [ "main" ]
-  pull_request:
-    branches: [ "main" ]
   schedule:
     - cron: '27 0 * * 2'
 
diff --git a/config/detekt/detekt.yml b/config/detekt/detekt.yml
@@ -14,11 +14,10 @@ complexity:
     active: false
 
 comments:
-  # FIXME: Activate before launch
   UndocumentedPublicClass:
-    active: false
+    active: true
   UndocumentedPublicFunction:
-    active: false
+    active: true
 
 naming:
   MatchingDeclarationName:
diff --git a/crypto-jvm-lib/src/main/kotlin/de/gematik/openhealth/crypto/internal/interop/NativeLoader.kt b/crypto-jvm-lib/src/main/kotlin/de/gematik/openhealth/crypto/internal/interop/NativeLoader.kt
@@ -30,6 +30,11 @@ private val hostArch =
         .trim()
         .replace(" ", "")
 
+/**
+ * Loads the native crypto library for the current platform.
+ *
+ * @throws UnsatisfiedLinkError if the library cannot be loaded.
+ */
 @Suppress("UnsafeDynamicallyLoadedCode")
 fun loadNativeLibrary() {
     try {
diff --git a/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/CryptoScope.kt b/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/CryptoScope.kt
@@ -51,6 +51,9 @@ abstract class CryptoScope {
      */
     fun CmacSpec.createCmac(secret: SecretKey): Cmac = nativeCreateCmac(this@CryptoScope, secret)
 
+    /**
+     * Creates a Hash instance.
+     */
     fun HashSpec.createHash(): Hash = nativeCreateHash(this@CryptoScope)
 
     /**
@@ -99,8 +102,8 @@ fun <R : Any?> useCrypto(block: CryptoScope.() -> R): R = nativeUseCrypto(block)
  * ensuring that all resources are properly closed or released afterward.
  */
 suspend fun <R : Any?> useCryptoAsync(block: suspend CryptoScope.() -> R): R =
-    nativeUseCrypto(block)
+    nativeUseCryptoSuspendable(block)
 
 internal expect fun <R : Any?> nativeUseCrypto(block: CryptoScope.() -> R): R
 
-internal expect suspend fun <R : Any?> nativeUseCrypto(block: suspend CryptoScope.() -> R): R
+internal expect suspend fun <R : Any?> nativeUseCryptoSuspendable(block: suspend CryptoScope.() -> R): R
diff --git a/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/kem/Kem.kt b/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/kem/Kem.kt
@@ -89,6 +89,9 @@ data class KemDecapsulationResult(
 interface KemEncapsulation {
     val spec: KemSpec
 
+    /**
+     * Encapsulates a key and returns the shared secret and wrapped key.
+     */
     fun encapsulate(): KemEncapsulationResult
 }
 
@@ -99,8 +102,14 @@ interface KemEncapsulation {
 interface KemDecapsulation {
     val spec: KemSpec
 
+    /**
+     * Returns the encapsulation key.
+     */
     fun encapsulationKey(): ByteArray
 
+    /**
+     * Decapsulates the wrapped key and returns the shared secret.
+     */
     fun decapsulate(wrappedKey: ByteArray): KemDecapsulationResult
 }
 
diff --git a/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/key/EcKey.kt b/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/key/EcKey.kt
@@ -168,6 +168,9 @@ enum class EcCurve(
 
     val g: EcPoint get() = EcPoint(this, x, y)
 
+    /**
+     * Creates a new EC point with the given x and y coordinates.
+     */
     fun point(
         x: BigInteger?,
         y: BigInteger?,
@@ -231,6 +234,7 @@ class EcPublicKey internal constructor(
 
     override fun toString(): String = "EcPublicKey(data=${data.contentToString()}, curve=$curve)"
 
+    @Suppress("UndocumentedPublicClass")
     companion object {
         const val OID: String = "1.2.840.10045.2.1"
     }
@@ -354,6 +358,7 @@ class EcPrivateKey internal constructor(
 
     override fun toString(): String = "EcPrivateKey(data=${data.contentToString()}, curve=$curve)"
 
+    @Suppress("UndocumentedPublicClass")
     companion object
 }
 
@@ -395,6 +400,9 @@ fun EcPrivateKey.encodeToAsn1(): ByteArray =
         }
     }
 
+/**
+ * Encodes the private key as a PEM-encoded string.
+ */
 fun EcPrivateKey.encodeToPem(): String =
     Pem(type = "EC PRIVATE KEY", data = encodeToAsn1()).encodeToString()
 
diff --git a/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/key/EcPoint.kt b/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/key/EcPoint.kt
@@ -92,16 +92,28 @@ data class EcPoint(
      */
     val isInfinity: Boolean get() = x == null && y == null
 
+    /**
+     * Adds this EC point to another EC point.
+     */
     operator fun plus(other: EcPoint): EcPoint = nativePlus(other)
 
+    /**
+     * Multiplies this EC point by a scalar value.
+     */
     operator fun times(k: BigInteger): EcPoint = nativeTimes(k)
 
+    /**
+     * Negates this EC point.
+     */
     fun negate(): EcPoint = if (isInfinity) this else curve.point(x, (curve.p - y!!).mod(curve.p))
 }
 
 internal expect fun EcPoint.nativeTimes(k: BigInteger): EcPoint
 
 internal expect fun EcPoint.nativePlus(other: EcPoint): EcPoint
 
+/**
+ * Converts this [EcPoint] to an [EcPublicKey].
+ */
 @ExperimentalCryptoApi
 fun EcPoint.toEcPublicKey(): EcPublicKey = EcPublicKey(curve, uncompressed)
diff --git a/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/key/Key.kt b/crypto/src/commonMain/kotlin/de/gematik/openhealth/crypto/key/Key.kt
@@ -21,18 +21,24 @@ import de.gematik.openhealth.crypto.ExperimentalCryptoApi
 import de.gematik.openhealth.crypto.bytes
 import kotlin.js.JsExport
 
+/**
+ * Represents a key in the cryptographic system.
+ */
 @JsExport
 @ExperimentalCryptoApi
 interface Key {
     val data: ByteArray
 }
 
+/**
+ * Represents a secret key in the cryptographic system.
+ */
 @JsExport
 @ExperimentalCryptoApi
 class SecretKey(
     override val data: ByteArray,
 ) : Key {
-    val length: ByteUnit = data.size.bytes
+    private val length: ByteUnit = data.size.bytes
 
     override fun equals(other: Any?): Boolean {
         if (this === other) return true
diff --git a/crypto/src/commonTest/kotlin/de/gematik/openhealth/crypto/key/EcPointBrainpoolP384r1Test.kt b/crypto/src/commonTest/kotlin/de/gematik/openhealth/crypto/key/EcPointBrainpoolP384r1Test.kt
@@ -5,7 +5,7 @@ import de.gematik.openhealth.crypto.runTestWithProvider
 import kotlin.test.Test
 import kotlin.test.assertEquals
 
-@Suppress("ktlint:standard:max-line-length", "MaxLineLength", "LongMethod")
+@Suppress("MaxLineLength", "LongMethod")
 class EcPointBrainpoolP384r1Test {
     private val curve = EcCurve.BrainpoolP384r1
 
diff --git a/crypto/src/commonTest/kotlin/de/gematik/openhealth/crypto/key/EcPointBrainpoolP512r1Test.kt b/crypto/src/commonTest/kotlin/de/gematik/openhealth/crypto/key/EcPointBrainpoolP512r1Test.kt
@@ -5,7 +5,7 @@ import de.gematik.openhealth.crypto.runTestWithProvider
 import kotlin.test.Test
 import kotlin.test.assertEquals
 
-@Suppress("ktlint:standard:max-line-length", "MaxLineLength", "LongMethod")
+@Suppress("MaxLineLength", "LongMethod")
 class EcPointBrainpoolP512r1Test {
     private val curve = EcCurve.BrainpoolP512r1
 
diff --git a/crypto/src/jsMain/kotlin/de/gematik/openhealth/crypto/CryptoScope.js.kt b/crypto/src/jsMain/kotlin/de/gematik/openhealth/crypto/CryptoScope.js.kt
@@ -45,5 +45,5 @@ internal actual fun <R : Any?> nativeUseCrypto(block: CryptoScope.() -> R): R =
  * JavaScript-specific implementation for asynchronous cryptographic operations.
  * Executes the given suspend block within a crypto scope.
  */
-internal actual suspend fun <R : Any?> nativeUseCrypto(block: suspend CryptoScope.() -> R): R =
+internal actual suspend fun <R : Any?> nativeUseCryptoSuspendable(block: suspend CryptoScope.() -> R): R =
     block(JsCryptoScope())
diff --git a/crypto/src/jsMain/kotlin/de/gematik/openhealth/crypto/wrapper/WebAssemblyException.kt b/crypto/src/jsMain/kotlin/de/gematik/openhealth/crypto/wrapper/WebAssemblyException.kt
@@ -16,6 +16,6 @@
 
 package de.gematik.openhealth.crypto.wrapper
 
-class WebAssemblyException(
+internal class WebAssemblyException(
     message: String?,
 ) : RuntimeException(message)
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/CryptoScope.jvm.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/CryptoScope.jvm.kt
@@ -41,5 +41,5 @@ internal actual fun <R : Any?> nativeUseCrypto(block: CryptoScope.() -> R): R =
  * JVM-specific implementation for asynchronous cryptographic operations.
  * Executes the given suspend block within a crypto scope.
  */
-internal actual suspend fun <R : Any?> nativeUseCrypto(block: suspend CryptoScope.() -> R): R =
+internal actual suspend fun <R : Any?> nativeUseCryptoSuspendable(block: suspend CryptoScope.() -> R): R =
     block(JvmCryptoScope())
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/Hash.jvm.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/Hash.jvm.kt
@@ -45,4 +45,9 @@ private class JvmHash(
         }
 }
 
+/**
+ * Creates a new instance of the [Hash] class.
+ *
+ * @param scope The [CryptoScope] to use for the hash operation.
+ */
 actual fun HashSpec.nativeCreateHash(scope: CryptoScope): Hash = JvmHash(scope, this)
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/LazySuspend.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/LazySuspend.kt
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/Provider.jvm.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/Provider.jvm.kt
@@ -18,6 +18,14 @@ package de.gematik.openhealth.crypto
 
 import de.gematik.openhealth.crypto.internal.interop.loadNativeLibrary
 
+/**
+ * Initializes the native crypto provider by loading the native library.
+ *
+ * This function should be called before using any cryptographic operations that rely on the
+ * native library.
+ *
+ * @throws RuntimeException if the native library cannot be loaded.
+ */
 actual suspend fun initializeNativeCryptoProvider() {
     loadNativeLibrary()
 }
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/kem/Kem.jvm.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/kem/Kem.jvm.kt
@@ -130,10 +130,16 @@ private fun DeferScope.kyberSharedSecret(
     shake._final().alsoDefer()
 }
 
+/**
+ * JVM-specific implementation for creating KEM encapsulation instances.
+ */
 actual fun KemSpec.nativeCreateEncapsulation(
     scope: CryptoScope,
     encapsulationKey: ByteArray,
 ): KemEncapsulation = JvmKemEncapsulation(this, encapsulationKey, scope)
 
+/**
+ * JVM-specific implementation for creating KEM decapsulation instances.
+ */
 actual fun KemSpec.nativeCreateDecapsulation(scope: CryptoScope): KemDecapsulation =
     JvmKemDecapsulation(this, scope)
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/key/EcKey.jvm.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/key/EcKey.jvm.kt
@@ -26,6 +26,9 @@ internal fun EcCurve.curveName() =
         EcCurve.BrainpoolP512r1 -> "brainpoolP512r1"
     }
 
+/**
+ * Generates a new EC key pair using the specified curve.
+ */
 actual fun EcKeyPairSpec.generateKeyPair(): Pair<EcPublicKey, EcPrivateKey> =
     runWithProvider {
         val keyPair = EcKeypair.generateKeypair(this@generateKeyPair.curve.curveName())
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/wrapper/Provider.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/wrapper/Provider.kt
@@ -16,4 +16,4 @@
 
 package de.gematik.openhealth.crypto.wrapper
 
-fun <T : Any> runWithProvider(block: () -> T): T = block()
+internal fun <T : Any> runWithProvider(block: () -> T): T = block()
diff --git a/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/wrapper/WrapperUtils.kt b/crypto/src/jvm/kotlin/de/gematik/openhealth/crypto/wrapper/WrapperUtils.kt
@@ -18,7 +18,7 @@ package de.gematik.openhealth.crypto.wrapper
 
 import de.gematik.openhealth.crypto.internal.interop.Uint8Vector
 
-fun ByteArray.toUint8Vector(): Uint8Vector =
+internal fun ByteArray.toUint8Vector(): Uint8Vector =
     runWithProvider {
         Uint8Vector().apply { addAll(this@toUint8Vector.toTypedArray()) }
     }

Original file line number	Diff line number	Diff line change
`@@ -168,6 +168,9 @@ enum class EcCurve(`
`168`	`168`
`169`	`169`	`val g: EcPoint get() = EcPoint(this, x, y)`
`170`	`170`
	`171`	`+ /**`
	`172`	`+ * Creates a new EC point with the given x and y coordinates.`
	`173`	`+ */`
`171`	`174`	`fun point(`
`172`	`175`	`x: BigInteger?,`
`173`	`176`	`y: BigInteger?,`
`@@ -231,6 +234,7 @@ class EcPublicKey internal constructor(`
`231`	`234`
`232`	`235`	`override fun toString(): String = "EcPublicKey(data=${data.contentToString()}, curve=$curve)"`
`233`	`236`
	`237`	`+ @Suppress("UndocumentedPublicClass")`
`234`	`238`	`companion object {`
`235`	`239`	`const val OID: String = "1.2.840.10045.2.1"`
`236`	`240`	`}`
`@@ -354,6 +358,7 @@ class EcPrivateKey internal constructor(`
`354`	`358`
`355`	`359`	`override fun toString(): String = "EcPrivateKey(data=${data.contentToString()}, curve=$curve)"`
`356`	`360`
	`361`	`+ @Suppress("UndocumentedPublicClass")`
`357`	`362`	`companion object`
`358`	`363`	`}`
`359`	`364`
`@@ -395,6 +400,9 @@ fun EcPrivateKey.encodeToAsn1(): ByteArray =`
`395`	`400`	`}`
`396`	`401`	`}`
`397`	`402`
	`403`	`+/**`
	`404`	`+ * Encodes the private key as a PEM-encoded string.`
	`405`	`+ */`
`398`	`406`	`fun EcPrivateKey.encodeToPem(): String =`
`399`	`407`	`Pem(type = "EC PRIVATE KEY", data = encodeToAsn1()).encodeToString()`
`400`	`408`