open-eid
diff --git a/‎cdoc2-cli/README.md‎
Lines changed: 5 additions & 0 deletions b/‎cdoc2-cli/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎…li/config/mobile-id/mobile_id.properties‎ ‎…li/config/mobile-id/mobile-id.properties‎cdoc2-cli/config/mobile-id/mobile_id.properties renamed to cdoc2-cli/config/mobile-id/mobile-id.properties b/‎…li/config/mobile-id/mobile_id.properties‎ ‎…li/config/mobile-id/mobile-id.properties‎cdoc2-cli/config/mobile-id/mobile_id.properties renamed to cdoc2-cli/config/mobile-id/mobile-id.properties
diff --git a/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/DecryptionKeyExclusiveArgument.java‎
Lines changed: 14 additions & 5 deletions b/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/DecryptionKeyExclusiveArgument.java‎
Lines changed: 14 additions & 5 deletions
diff --git a/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/MobileIdArguments.java‎
Lines changed: 34 additions & 0 deletions b/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/MobileIdArguments.java‎
Lines changed: 34 additions & 0 deletions
diff --git a/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocDecryptCmd.java‎
Lines changed: 2 additions & 9 deletions b/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocDecryptCmd.java‎
Lines changed: 2 additions & 9 deletions
diff --git a/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocListCmd.java‎
Lines changed: 3 additions & 0 deletions b/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocListCmd.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/util/CDocCommonHelper.java‎
Lines changed: 17 additions & 2 deletions b/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/util/CDocCommonHelper.java‎
Lines changed: 17 additions & 2 deletions
diff --git a/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/util/CDocDecryptionHelper.java‎
Lines changed: 44 additions & 4 deletions b/‎cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/util/CDocDecryptionHelper.java‎
Lines changed: 44 additions & 4 deletions
diff --git a/‎cdoc2-lib/src/main/java/ee/cyber/cdoc2/client/mobileid/MobileIdUserData.java‎
Lines changed: 1 addition & 15 deletions b/‎cdoc2-lib/src/main/java/ee/cyber/cdoc2/client/mobileid/MobileIdUserData.java‎
Lines changed: 1 addition & 15 deletions
diff --git a/‎cdoc2-lib/src/main/java/ee/cyber/cdoc2/container/recipients/RecipientFactory.java‎
Lines changed: 1 addition & 2 deletions b/‎cdoc2-lib/src/main/java/ee/cyber/cdoc2/container/recipients/RecipientFactory.java‎
Lines changed: 1 addition & 2 deletions
@@ -179,6 +179,11 @@ or with Smart-ID:
 java -jar target/cdoc2-cli-*.jar decrypt -sid=38001085718 -f /tmp/smartid.cdoc --output /tmp
 ```
 
+or with Mobile-ID:
+
+```
+java -jar target/cdoc2-cli-*.jar decrypt -mid=51307149560  -mid-phone=+37269930366 -f /tmp/mobileid.cdoc --output /tmp
+```
 
 ### Decrypting with server scenario
 Server must be running, see cdoc2-capsule-server/README.md for starting the server
 
@@ -41,9 +41,8 @@ public class DecryptionKeyExclusiveArgument {
         paramLabel = "SID", description = "ID code for smart-id decryption")
     private String sid;
 
-    @CommandLine.Option(names = {"-mid", "--mobile-id"},
-        paramLabel = "MID", description = "ID code for mobile-id decryption")
-    private String mid;
+    @CommandLine.ArgGroup(exclusive = false)
+    private MobileIdArguments midArguments;
 
     public File getPrivKeyFile() {
         return this.privKeyFile;
@@ -66,15 +65,25 @@ public boolean isWithSid() {
     }
 
     public boolean isWithMid() {
-        return this.mid != null;
+        return this.midArguments != null;
     }
 
     public String getSid() {
         return this.sid;
     }
 
     public String getMid() {
-        return this.mid;
+        if (isWithMid()) {
+            return this.midArguments.getMid();
+        }
+        return null;
+    }
+
+    public String getMidPhone() {
+        if (isWithMid()) {
+            return this.midArguments.getMidPhone();
+        }
+        return null;
     }
 
 }
@@ -0,0 +1,34 @@
+package ee.cyber.cdoc2.cli;
+
+import picocli.CommandLine;
+
+
+/**
+ * Arguments for Mobile ID decryption/re-encryption commands,
+ * used inside {@link DecryptionKeyExclusiveArgument}
+ */
+public class MobileIdArguments {
+
+    @CommandLine.Option(names = {"-mid", "--mobile-id"},
+        paramLabel = "MID", description = "ID code for mobile-id decryption")
+    private String mid;
+
+    @CommandLine.Option(names = {"-mid-phone", "--mobile-id-phone"},
+        paramLabel = "MID", description = "Phone number for mobile-id decryption")
+    private String midPhone;
+
+    public String getMid() {
+        if (null != this.midPhone && null == this.mid) {
+            throw new IllegalArgumentException("Required identity code must be present to process");
+        }
+        return this.mid;
+    }
+
+    public String getMidPhone() {
+        if (null != this.mid && null == this.midPhone) {
+            throw new IllegalArgumentException("Required phone number is missing");
+        }
+        return this.midPhone;
+    }
+
+}
@@ -9,7 +9,6 @@
 
 import java.io.File;
 import java.nio.file.InvalidPathException;
-import java.security.GeneralSecurityException;
 import java.util.List;
 import java.util.Map;
 
@@ -18,7 +17,7 @@
 import ee.cyber.cdoc2.CDocDecrypter;
 
 import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.getKeyCapsulesClientFactory;
-import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.initKeyShareClientFactory;
+import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.addKeySharesIfAny;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getDecrypterWithFilesExtraction;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getDecryptionKeyMaterial;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getSmartCardDecryptionKeyMaterial;
@@ -93,18 +92,12 @@ public Void call() throws Exception {
             keyCapsulesClientFactory
         );
 
-        addKeySharesIfAny(cDocDecrypter);
+        addKeySharesIfAny(cDocDecrypter, this.exclusive);
 
         System.out.println("Decrypting " + this.cdocFile + " to " + this.outputPath.getAbsolutePath());
         List<String> extractedFileNames = cDocDecrypter.decrypt();
         extractedFileNames.forEach(System.out::println);
         return null;
     }
 
-    private void addKeySharesIfAny(CDocDecrypter cDocDecrypter) throws GeneralSecurityException {
-        if (null != this.exclusive && (this.exclusive.isWithSid() || this.exclusive.isWithMid())) {
-            cDocDecrypter.withKeyShares(initKeyShareClientFactory());
-        }
-    }
-
 }
@@ -19,6 +19,7 @@
 import picocli.CommandLine.Option;
 
 import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.getKeyCapsulesClientFactory;
+import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.addKeySharesIfAny;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getDecryptionKeyMaterial;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getSmartCardDecryptionKeyMaterial;
 
@@ -78,6 +79,8 @@ public Void call() throws Exception {
                 .withKeyServers(keyCapsulesClientFactory)
                 .withRecipient(decryptionKeyMaterial);
 
+        addKeySharesIfAny(cDocDecrypter, this.exclusive);
+
         System.out.println("Listing contents of " + cdocFile);
         List<ArchiveEntry> files = cDocDecrypter.list();
         if (!verbose) {
 
@@ -12,11 +12,13 @@
 import ee.cyber.cdoc2.config.KeyCapsuleClientConfigurationImpl;
 import ee.cyber.cdoc2.config.KeySharesConfiguration;
 import ee.cyber.cdoc2.config.KeySharesConfigurationImpl;
+import ee.cyber.cdoc2.config.MobileIdClientConfigurationImpl;
 import ee.cyber.cdoc2.config.SmartIdClientConfigurationImpl;
 import ee.cyber.cdoc2.exceptions.ConfigurationLoadingException;
 import ee.cyber.cdoc2.util.Resources;
 
 import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.KEY_SHARES_PROPERTIES;
+import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.MOBILE_ID_PROPERTIES;
 import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.SMART_ID_PROPERTIES;
 import static ee.cyber.cdoc2.config.PropertiesLoader.loadProperties;
 
@@ -72,12 +74,11 @@ private static KeySharesConfiguration loadKeySharesConfiguration() {
         Properties properties = loadProperties(propertiesFilePath);
         Cdoc2Configuration configuration = new KeySharesConfigurationImpl(properties);
         CDoc2ConfigurationProvider.initKeyShareClientConfig(configuration);
-        loadSmartIdConfiguration();
 
         return configuration.keySharesConfiguration();
     }
 
-    private static void loadSmartIdConfiguration() throws ConfigurationLoadingException {
+    static void loadSmartIdConfiguration() throws ConfigurationLoadingException {
         String propertiesFilePath = System.getProperty(
             SMART_ID_PROPERTIES,
             "config/smart-id/" + SMART_ID_PROPERTIES
@@ -91,4 +92,18 @@ private static void loadSmartIdConfiguration() throws ConfigurationLoadingExcept
         CDoc2ConfigurationProvider.initSmartIdClientConfig(configuration);
     }
 
+    static void loadMobileIdConfiguration() throws ConfigurationLoadingException {
+        String propertiesFilePath = System.getProperty(
+            MOBILE_ID_PROPERTIES,
+            "config/mobile-id/" + MOBILE_ID_PROPERTIES
+        );
+        if (null == propertiesFilePath) {
+            throw new ConfigurationLoadingException("Mobile ID configuration property is missing");
+        }
+        Properties properties = loadProperties(propertiesFilePath);
+        Cdoc2Configuration configuration = new MobileIdClientConfigurationImpl(properties);
+
+        CDoc2ConfigurationProvider.initMobileIdClientConfig(configuration);
+    }
+
 }
@@ -18,7 +18,7 @@
 import ee.cyber.cdoc2.container.recipients.Recipient;
 import ee.cyber.cdoc2.crypto.PemTools;
 import ee.cyber.cdoc2.crypto.Pkcs11Tools;
-import ee.cyber.cdoc2.crypto.SemanticIdentification;
+import ee.cyber.cdoc2.crypto.AuthenticationIdentifier;
 import ee.cyber.cdoc2.crypto.keymaterial.DecryptionKeyMaterial;
 import ee.cyber.cdoc2.crypto.keymaterial.LabeledPassword;
 import ee.cyber.cdoc2.crypto.keymaterial.LabeledSecret;
@@ -29,7 +29,12 @@
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
 
+import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.initKeyShareClientFactory;
+import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.loadMobileIdConfiguration;
+import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.loadSmartIdConfiguration;
 import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.PKCS11_LIBRARY_PROPERTY;
+import static ee.cyber.cdoc2.crypto.AuthenticationIdentifier.createSemanticsIdentifier;
+import static ee.sk.mid.MidInputUtil.getValidatedPhoneNumber;
 
 
 /**
@@ -111,6 +116,12 @@ public static DecryptionKeyMaterial getDecryptionKeyMaterial(
             decryptionKm = getSidDecryptionKeyMaterial(decryptArguments.getSid());
         }
 
+        if (isWithMid && decryptionKm == null) {
+            decryptionKm = getMidDecryptionKeyMaterial(
+                decryptArguments.getMid(), decryptArguments.getMidPhone()
+            );
+        }
+
         // this must be final initialization
         if (decryptionKm == null)  {
             decryptionKm = getKeyPairDecryptionKeyMaterial(p12, privKeyFile);
@@ -120,10 +131,25 @@ public static DecryptionKeyMaterial getDecryptionKeyMaterial(
     }
 
     private static DecryptionKeyMaterial getSidDecryptionKeyMaterial(String idCode) {
-        SemanticIdentification semanticIdentifier = SemanticIdentification
-            .forKeyShares(idCode, SemanticIdentification.AuthenticationType.SID);
+        loadSmartIdConfiguration();
+        AuthenticationIdentifier authIdentifier = AuthenticationIdentifier.forKeyShares(
+            createSemanticsIdentifier(idCode), AuthenticationIdentifier.AuthenticationType.SID
+        );
+
+        return DecryptionKeyMaterial.fromAuthMeans(authIdentifier);
+    }
+
+    private static DecryptionKeyMaterial getMidDecryptionKeyMaterial(
+        String idCode,
+        String phoneNumber
+    ) {
+        loadMobileIdConfiguration();
+        AuthenticationIdentifier authIdentifier = AuthenticationIdentifier.forMidDecryption(
+            createSemanticsIdentifier(idCode),
+            getValidatedPhoneNumber(phoneNumber)
+        );
 
-        return DecryptionKeyMaterial.fromAuthMeans(semanticIdentifier);
+        return DecryptionKeyMaterial.fromAuthMeans(authIdentifier);
     }
 
     private static DecryptionKeyMaterial getPasswordDecryptionKeyMaterial(
@@ -238,6 +264,20 @@ public static LabeledPassword getLabeledPassword(
         return labeledPassword;
     }
 
+    /**
+     * Create Key Shares configuration if decryption is arranged with Smart-ID or Mobile-ID.
+     * @param cDocDecrypter CDOC decrypter builder
+     * @param exclusiveArgs decryption exclusive CLI options
+     */
+    public static void addKeySharesIfAny(
+        CDocDecrypter cDocDecrypter,
+        DecryptionKeyExclusiveArgument exclusiveArgs
+    ) throws GeneralSecurityException {
+        if (null != exclusiveArgs && (exclusiveArgs.isWithSid() || exclusiveArgs.isWithMid())) {
+            cDocDecrypter.withKeyShares(initKeyShareClientFactory());
+        }
+    }
+
     /**
      * When label was not provided and recipients contains only one recipient, then set labeledPassword
      * label value to recipient.label value
 
@@ -1,9 +1,7 @@
 package ee.cyber.cdoc2.client.mobileid;
 
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
-
 import static ee.cyber.cdoc2.util.IdCodeValidationUtil.getValidatedIdentityCode;
+import static ee.sk.mid.MidInputUtil.getValidatedPhoneNumber;
 
 
 /**
@@ -16,21 +14,9 @@ public record MobileIdUserData(
     String identityCode
 ) {
 
-    private static final String PHONE_NUMBER_PATTERN = "\\+37\\d{5,10}";
-    private static final Pattern phoneNrPpattern = Pattern.compile(PHONE_NUMBER_PATTERN);
-
     public MobileIdUserData(String phoneNumber, String identityCode) {
         this.phoneNumber = getValidatedPhoneNumber(phoneNumber);
         this.identityCode = getValidatedIdentityCode(identityCode);
     }
 
-    private String getValidatedPhoneNumber(String phoneNr) {
-        Matcher matcher = phoneNrPpattern.matcher(phoneNr);
-        if (!matcher.matches()) {
-            throw new IllegalArgumentException("Invalid phone number: " + phoneNr);
-        }
-
-        return phoneNr;
-    }
-
 }
@@ -445,8 +445,7 @@ public static KeySharesRecipient buildKeySharesRecipient(
 
         // plain ETSI Identifier is a value 'etsi/PNOEE-48010010101', extracted from the
         // semantics identifier
-        String plainEtsiIdentifier
-            = keyShareMaterial.semanticIdentifier().getEtsiIdentifier();
+        String plainEtsiIdentifier = keyShareMaterial.authIdentifier().getEtsiIdentifier();
         String info = "CDOC2kek" + fmkEncMethod + plainEtsiIdentifier;
         byte[] kek = hkdf.expand(kekPm, info.getBytes(StandardCharsets.UTF_8), Crypto.KEK_LEN_BYTES);