Merge branch 'RM-4609_MID_JWSSigner' into 'SID'

RM-4032: Support for signing auth-tokens with Mobile-ID, "decrypt" with Mobile-ID
See merge request cdoc2/cdoc2-java-ref-impl!96

Author: jann0k

cdoc2-lib/pom.xml

@@ -32,7 +32,7 @@
         <dependency>
             <groupId>ee.cyber.cdoc2</groupId>
             <artifactId>cdoc2-auth-token</artifactId>
-            <version>0.2.0-SNAPSHOT</version>
+            <version>0.3.1-SNAPSHOT</version>
         </dependency>
 
         <dependency>

cdoc2-lib/src/main/java/ee/cyber/cdoc2/client/mobileid/MobileIdClient.java

@@ -1,8 +1,8 @@
 package ee.cyber.cdoc2.client.mobileid;
 
-import ee.sk.mid.MidAuthenticationHashToSign;
-import ee.sk.mid.MidAuthenticationIdentity;
+import ee.sk.mid.MidAuthentication;
 import ee.sk.mid.MidClient;
+import ee.sk.mid.MidHashToSign;
 import ee.sk.mid.rest.dao.request.MidAuthenticationRequest;
 
 import java.io.IOException;
@@ -45,18 +45,19 @@ public MobileIdClient(MobileIdClientConfiguration conf) {
     }
 
     /**
-     * Authentication request to Mobile ID client.
+     * Authentication request to Mobile ID client. Returns raw MidAuthentication that contains MidSignature and signing
+     * Certificate
      * @param userData user request data
      * @param authenticationHash Base64 encoded hash function output to be signed
-     * @return MidAuthenticationIdentity object
+     * @return MidAuthentication object that contains MidSignature and Certificate
      */
-    public MidAuthenticationIdentity startAuthentication(
+    public MidAuthentication startAuthentication(
         MobileIdUserData userData,
-        MidAuthenticationHashToSign authenticationHash
+        MidHashToSign authenticationHash
     ) throws CdocMobileIdClientException {
 
         // ToDo display verification code and text to the user in RM-4086
-        String verificationCode = authenticationHash.calculateVerificationCode();
+        //String verificationCode = authenticationHash.calculateVerificationCode();
 
         MidAuthenticationRequest request = MidAuthenticationRequest.newBuilder()
             .withPhoneNumber(userData.phoneNumber())
@@ -89,7 +90,7 @@ private MidClient configureMobileIdClient() throws ConfigurationLoadingException
     /**
      * Read trusted certificates for Mobile ID client secure TLS transport
      */
-    private KeyStore readTrustedCertificates() throws ConfigurationLoadingException {
+    public KeyStore readTrustedCertificates() throws ConfigurationLoadingException {
         try (InputStream is = Resources.getResourceAsStream(
             mobileIdClientConfig.getTrustStore(), this.getClass().getClassLoader())
         ) {

cdoc2-lib/src/main/java/ee/cyber/cdoc2/client/mobileid/MobileIdClientWrapper.java

@@ -1,11 +1,10 @@
 package ee.cyber.cdoc2.client.mobileid;
 
 import ee.sk.mid.MidAuthentication;
-import ee.sk.mid.MidAuthenticationHashToSign;
-import ee.sk.mid.MidAuthenticationIdentity;
 import ee.sk.mid.MidAuthenticationResponseValidator;
 import ee.sk.mid.MidAuthenticationResult;
 import ee.sk.mid.MidClient;
+import ee.sk.mid.MidHashToSign;
 import ee.sk.mid.exception.MidDeliveryException;
 import ee.sk.mid.exception.MidInternalErrorException;
 import ee.sk.mid.exception.MidInvalidUserConfigurationException;
@@ -25,7 +24,6 @@
 
 import ee.cyber.cdoc2.exceptions.CdocMobileIdClientException;
 
-
 /**
  * Mobile-ID Client wrapper
  */
@@ -47,12 +45,12 @@ public MobileIdClientWrapper(MidClient midClient) {
      * Authentication request to {@code /authentication}
      * @param request MID authentication request
      * @param authenticationHash Base64 encoded hash function output to be signed
-     * @return MidAuthenticationIdentity object
+     * @return MidAuthentication object that contains MidSignature and Certificate
      * @throws CdocMobileIdClientException if authentication fails
      */
-    public MidAuthenticationIdentity authenticate(
+    public MidAuthentication authenticate(
         MidAuthenticationRequest request,
-        MidAuthenticationHashToSign authenticationHash
+        MidHashToSign authenticationHash
     ) throws CdocMobileIdClientException {
 
         try {
@@ -63,15 +61,18 @@ public MidAuthenticationIdentity authenticate(
                 .getSessionStatusPoller()
                 .fetchFinalAuthenticationSessionStatus(authResponse.getSessionID());
 
-            MidAuthentication authentication = midClient.createMobileIdAuthentication(
-                sessionStatus, authenticationHash
-            );
+            MidAuthentication midAuthentication
+                = midClient.createMobileIdAuthentication(sessionStatus, authenticationHash);
 
-            if (authentication.getResult().equals("OK")) {
-                return validateAuthenticationAndReturnIdentity(authentication);
+            //Other responses beside "OK" https://github.com/SK-EID/MID?tab=readme-ov-file#338-session-end-result-codes
+            if (midAuthentication.getResult().equals("OK")) {
+                validateAuthenticationAndReturnIdentity(midAuthentication); // throws CdocMobileIdClientException
+                return midAuthentication;
             }
 
-            throw new CdocMobileIdClientException("Mobile ID authentication session has failed");
+            throw new CdocMobileIdClientException("Mobile ID authentication session has failed with "
+                + midAuthentication.getResult());
+
         } catch (MidUserCancellationException
                  | MidNotMidClientException
                  | MidSessionTimeoutException
@@ -86,14 +87,14 @@ public MidAuthenticationIdentity authenticate(
         }
     }
 
-    public MidAuthenticationIdentity validateAuthenticationAndReturnIdentity(
+    public void validateAuthenticationAndReturnIdentity(
         MidAuthentication authentication
     ) throws CdocMobileIdClientException {
 
         MidAuthenticationResult authResult = responseValidator.validate(authentication);
         List<String> authErrors = authResult.getErrors();
         if (authResult.isValid() && authErrors.isEmpty()) {
-            return authResult.getAuthenticationIdentity();
+            return;
         }
 
         throw new CdocMobileIdClientException(

cdoc2-lib/src/main/java/ee/cyber/cdoc2/container/Envelope.java

@@ -329,7 +329,7 @@ private static List<ArchiveEntry> processContainer(
         InputStream cdocInputStream,
         DecryptionKeyMaterial keyMaterial,
         TarEntryProcessingDelegate tarProcessingDelegate,
-        @Nullable Services services
+        Services services
     ) throws GeneralSecurityException, IOException, CDocException {
 
         CountingInputStream containerIs = new CountingInputStream(cdocInputStream);

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/AuthenticationIdentifier.java

@@ -180,4 +180,12 @@ public static SemanticsIdentifier createSemanticsIdentifier(String idCode) {
         );
     }
 
+    /**
+     * Smart-ID and Mobile-ID interaction parameters.
+     * @param document document to be decrypted, will be displayed to user when user PIN is required
+     */
+    public record SidMidInteractionParams(
+        String document
+    ) {
+    }
 }

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/KekTools.java

@@ -1,7 +1,9 @@
 package ee.cyber.cdoc2.crypto;
 
+import ee.cyber.cdoc2.auth.EtsiIdentifier;
 import ee.cyber.cdoc2.client.KeyShareClientFactory;
 import ee.cyber.cdoc2.client.KeySharesClient;
+import ee.cyber.cdoc2.client.mobileid.MobileIdClient;
 import ee.cyber.cdoc2.client.model.KeyShare;
 import ee.cyber.cdoc2.client.smartid.SmartIdClient;
 import ee.cyber.cdoc2.container.CDocParseException;
@@ -31,19 +33,22 @@
 import java.security.KeyPair;
 import java.security.interfaces.ECPublicKey;
 import java.security.interfaces.RSAPrivateKey;
-import java.util.ArrayList;
+import java.util.LinkedList;
 import java.util.List;
 import java.util.NoSuchElementException;
+import java.util.Objects;
 import java.util.Optional;
 import javax.crypto.SecretKey;
 
 import ee.cyber.cdoc2.services.Services;
-import ee.cyber.cdoc2.util.SIDAuthTokenCreator;
+import ee.cyber.cdoc2.crypto.jwt.IdentityJWSSigner;
+import ee.cyber.cdoc2.crypto.jwt.MIDAuthJWSSigner;
+import ee.cyber.cdoc2.crypto.jwt.SIDAuthJWSSigner;
+import ee.cyber.cdoc2.crypto.jwt.SidMidAuthTokenCreator;
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import static ee.cyber.cdoc2.crypto.AuthenticationIdentifier.ETSI_IDENTIFIER_PREFIX;
-
 
 /**
  * Functions for deriving KEK in different scenarios
@@ -258,80 +263,115 @@ public static byte[] deriveKekFromShares(
         KeyShareClientFactory keyShareClientFactory,
         Services services //XXX: for now its generic services, in future might be more specific type to use SID/MID
     ) throws GeneralSecurityException, CDocException {
+
+        Objects.requireNonNull(services);
         validateKeyOrigin(
             EncryptionKeyOrigin.KEY_SHARE,
             keyMaterial.getKeyOrigin(),
             "Expected key shares for KeySharesRecipient"
         );
 
-        if (services == null || !services.hasService(SmartIdClient.class)) {
-            throw new CDocException("SmartIdClient not configured");
-        }
+        try {
+            List<byte[]> listOfShares =
+                fetchKeyShares(keyMaterial, keySharesRecipient, keyShareClientFactory, services);
 
-        List<KeyShareUri> shares = keySharesRecipient.getKeyShares();
-        List<byte[]> listOfShares = new ArrayList<>();
+            return Crypto.combineKek(
+                listOfShares,
+                keyShareClientFactory.getKeySharesConfiguration().getKeySharesServersMinNum()
+            );
 
-        try {
-            addKeyShares(listOfShares, keyMaterial, keySharesRecipient, keyShareClientFactory, services);
         } catch (AuthSignatureCreationException asce) {
             throw new GeneralSecurityException(asce);
         }
 
-        return Crypto.combineKek(
-            listOfShares,
-            keyShareClientFactory.getKeySharesConfiguration().getKeySharesServersMinNum()
-        );
     }
 
-    private static void addKeyShares(
-        List<byte[]> listOfShares,
+    private static List<byte[]> fetchKeyShares(
         KeyShareDecryptionKeyMaterial decryptKeyMaterial,
         KeySharesRecipient keySharesRecipient,
         KeyShareClientFactory keyShareClientFactory,
         Services services
-    ) throws GeneralSecurityException, AuthSignatureCreationException {
-
-        //FIXME: write proper implementation with RM-4309, RM-4032, RM-4073
-        String semanticsIdentifier = String.valueOf(keySharesRecipient.getRecipientId()) // etsi/PNOEE-48010010101
-            .substring(ETSI_IDENTIFIER_PREFIX.length()); // PNOEE-48010010101
+    ) throws GeneralSecurityException, AuthSignatureCreationException, CDocException {
 
+        List<byte[]> listOfShares = new LinkedList<>();
         List<KeyShareUri> shares = keySharesRecipient.getKeyShares();
 
-        AuthenticationIdentifier.AuthenticationType authType
-            = decryptKeyMaterial.authIdentifier().getAuthType();
+        SidMidAuthTokenCreator tokenCreator =
+            signShareAccessTokens(shares, decryptKeyMaterial, keyShareClientFactory, services);
+
+        for (KeyShareUri share : shares) {
+            listOfShares.add(getKeyShare(share, keyShareClientFactory, tokenCreator));
+        }
+        return listOfShares;
+    }
+
+    /**
+     * Ask nonce for each share, sign share with nonce using auth means
+     * @param shares
+     * @param decryptKeyMaterial
+     * @param keyShareClientFactory
+     * @param services
+     * @return
+     * @throws CDocException
+     * @throws AuthSignatureCreationException
+     */
+    private static SidMidAuthTokenCreator signShareAccessTokens(
+        List<KeyShareUri> shares,
+        KeyShareDecryptionKeyMaterial decryptKeyMaterial,
+        KeyShareClientFactory keyShareClientFactory,
+        Services services
+
+    ) throws CDocException, AuthSignatureCreationException {
+
+        AuthenticationIdentifier.AuthenticationType authType =
+            decryptKeyMaterial.authIdentifier().getAuthType();
+        SemanticsIdentifier semanticsIdentifier =
+            decryptKeyMaterial.authIdentifier().getSemanticsIdentifier();
+        EtsiIdentifier etsiIdentifier = new EtsiIdentifier(decryptKeyMaterial.authIdentifier().getEtsiIdentifier());
 
         switch (authType) {
             case SID -> {
-                SIDAuthTokenCreator tokenCreator = new SIDAuthTokenCreator(
-                    semanticsIdentifier,
-                    shares,
-                    keyShareClientFactory,
-                    services.get(SmartIdClient.class));
-                for (KeyShareUri share : shares) {
-                    listOfShares.add(extractSharesFromSidRecipient(keyShareClientFactory, tokenCreator, share));
+                if (!services.hasService(SmartIdClient.class)) {
+                    throw new CDocException("SmartIdClient not configured");
                 }
+                SmartIdClient sidClient = services.get(SmartIdClient.class);
+                return new SidMidAuthTokenCreator(
+                    new SIDAuthJWSSigner(sidClient, semanticsIdentifier),
+                    shares,
+                    keyShareClientFactory);
             }
             case MID -> {
-                // ToDo connect authentication here. RM-4609
-//                    MobileIdUserData userData = new MobileIdUserData(
-//                        decryptKeyMaterial.authIdentifier().getMobileNumber(),
-//                        decryptKeyMaterial.authIdentifier().getIdCode()
-//                    );
-//                    MobileIdClient.startAuthentication(userData);
-                for (KeyShareUri share : shares) {
-                    listOfShares.add(extractSharesFromMidRecipient(keyShareClientFactory, share));
+                if (!services.hasService(MobileIdClient.class)) {
+                    throw new CDocException("MobileIdClient not configured");
                 }
+                MobileIdClient midClient = services.get(MobileIdClient.class);
+                String mobileNumber = decryptKeyMaterial.authIdentifier().getMobileNumber();
+                IdentityJWSSigner jwsSigner = new MIDAuthJWSSigner(midClient, etsiIdentifier, mobileNumber);
+
+                // constructor gets nonce for each share from shares-server and signs shareUris and their nonces
+                // with jwsSigner
+                return new SidMidAuthTokenCreator(
+                    jwsSigner,
+                    shares,
+                    keyShareClientFactory);
             }
             default -> throw new IllegalStateException(
                 "Unexpected authentication type: " + authType
             );
         }
     }
 
-    private static byte[] extractSharesFromSidRecipient(
+    /**
+     * @param keyShareClientFactory
+     * @param tokenCreator signed authentication token
+     * @param share share to fetch
+     * @return
+     * @throws GeneralSecurityException
+     */
+    private static byte[] getKeyShare(
+        KeyShareUri share,
         KeyShareClientFactory keyShareClientFactory,
-        SIDAuthTokenCreator tokenCreator,
-        KeyShareUri share
+        SidMidAuthTokenCreator tokenCreator
     ) throws GeneralSecurityException {
         KeySharesClient client
             = keyShareClientFactory.getClientForServerUrl(share.serverBaseUrl());
@@ -341,20 +381,6 @@ private static byte[] extractSharesFromSidRecipient(
         return getKeyShare(share, client, authTicket, authenticatorCertPEM);
     }
 
-    // ToDo add authentication token here. RM-4609
-    private static byte[] extractSharesFromMidRecipient(
-        KeyShareClientFactory keyShareClientFactory,
-//        MIDAuthTokenCreator tokenCreator
-        KeyShareUri share
-    ) throws GeneralSecurityException {
-        KeySharesClient client
-            = keyShareClientFactory.getClientForServerUrl(share.serverBaseUrl());
-//        String authTicket = tokenCreator.getTokenForShareID(share.shareId());
-//        String authenticatorCertPEM = tokenCreator.getAuthenticatorCertPEM();
-
-        return getKeyShare(share, client, null, null);
-    }
-
     private static byte[] getKeyShare(
         KeyShareUri share,
         KeySharesClient client,

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/jwt/IdentityJWSSigner.java

@@ -0,0 +1,29 @@
+package ee.cyber.cdoc2.crypto.jwt;
+
+import com.nimbusds.jose.JWSHeader;
+import com.nimbusds.jose.JWSSigner;
+import ee.cyber.cdoc2.auth.EtsiIdentifier;
+import jakarta.annotation.Nullable;
+
+import java.security.cert.X509Certificate;
+
+/**
+ * JWSSigner that provides methods for getting signer identity and public certificate. Implementations are for
+ * Mobile-ID and Smart-ID. Instead of providing private key,
+ * it's initialized by providing signer identity (and mobile number for Mobile-ID) and signature is created using
+ * remote REST API. Singer certificate is available only after successful signing.
+ */
+public interface IdentityJWSSigner extends JWSSigner {
+
+    /**
+     * Get signer identity, currently supported format is "etsi/SemanticsIdentifier" e.g. "etsi/PNOEE-48010010101"
+     * @return signer identity who is signing the JWT using JWSSigner
+     */
+    EtsiIdentifier getSignerIdentifier(); // XXX: return more generic type?
+
+    /**
+     * After {@link #sign(JWSHeader, byte[])} has succeeded, signer public certificate can be queried
+     * @return signer certificate if {@code sign()} has succeeded, otherwise will be {@code null}
+     */
+    @Nullable X509Certificate getSignerCertificate();
+}