Merge branch 'RM-3708' into 'master'

OlesjaAarma · OlesjaAarma · commit ab619f8ca136 · 2024-08-30T15:53:44.000+03:00
RM-3708: extend EncryptionKeyMaterial.fromPublicKey() with allowed key label types

See merge request cdoc2/cdoc2-java-ref-impl!43
diff --git a/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/KeyLabelParams.java b/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/KeyLabelParams.java
@@ -1,5 +1,6 @@
 package ee.cyber.cdoc2.crypto;
 
+import java.util.List;
 import java.util.Map;
 import java.util.Objects;
 
@@ -31,4 +32,13 @@ public boolean isFromOrigin(EncryptionKeyOrigin origin) {
         return this.encryptionKeyOrigin.equals(origin);
     }
 
+    public boolean ofPublicKeyOrigin() {
+        List<EncryptionKeyOrigin> pubKeyOrigins = List.of(
+            EncryptionKeyOrigin.PUBLIC_KEY,
+            EncryptionKeyOrigin.ID_CARD,
+            EncryptionKeyOrigin.CERTIFICATE
+        );
+        return pubKeyOrigins.contains(this.encryptionKeyOrigin);
+    }
+
 }
diff --git a/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/EncryptionKeyMaterial.java b/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/EncryptionKeyMaterial.java
@@ -41,11 +41,12 @@ public interface EncryptionKeyMaterial {
      * For backward compatibility. This method doesn't support correct keylabel generation as there
      * is no info, where pubKey is coming from (pubkey, cert, LDAP)
      * Use {@link #fromPublicKey(PublicKey, KeyLabelParams)} instead.
-     * @param pubKey
-     * @param keyLabel
-     * @return
+     * @deprecated ecryption key
+     * @param pubKey public key
+     * @param keyLabel key label
+     * @return EncryptionKeyMaterial
      */
-    @Deprecated
+    @Deprecated(forRemoval = true)
     static EncryptionKeyMaterial fromPublicKey(
         PublicKey pubKey,
         String keyLabel
@@ -54,7 +55,7 @@ static EncryptionKeyMaterial fromPublicKey(
             KeyLabelParams keyLabelParams = createPublicKeyLabelParams(keyLabel, null);
             return fromPublicKey(pubKey, keyLabelParams);
         } else {
-            return new PublicKeyEncryptionKeyMaterial(pubKey, keyLabel);
+            return new PublicKeyEncryptionKeyMaterial(pubKey, keyLabel, EncryptionKeyOrigin.PUBLIC_KEY);
         }
     }
 
@@ -71,16 +72,18 @@ static EncryptionKeyMaterial fromPublicKey(
         KeyLabelParams keyLabelParams
     ) {
         Objects.requireNonNull(pubKey);
-        EncryptionKeyOrigin origin = EncryptionKeyOrigin.PUBLIC_KEY;
-        if (!keyLabelParams.isFromOrigin(origin)) {
-            throw new IllegalArgumentException("KeyLabelParams must be of type " + origin);
+        if (!keyLabelParams.ofPublicKeyOrigin()) {
+            throw new IllegalArgumentException("Invalid Key Label parameters type: "
+                + keyLabelParams.encryptionKeyOrigin());
         }
 
         KeyLabelParams labelParams = (keyLabelParams == null)
             ? createPublicKeyLabelParams(null, null)
             : keyLabelParams;
 
-        return new PublicKeyEncryptionKeyMaterial(pubKey, formatKeyLabel(labelParams));
+        return new PublicKeyEncryptionKeyMaterial(
+            pubKey, formatKeyLabel(labelParams), labelParams.encryptionKeyOrigin()
+        );
     }
 
     static EncryptionKeyMaterial fromPassword(char[] passwordChars, String keyLabel) {
diff --git a/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/encrypt/EncryptionKeyMaterialCollectionBuilder.java b/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/encrypt/EncryptionKeyMaterialCollectionBuilder.java
@@ -24,7 +24,7 @@
 
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.createCertKeyLabelParams;
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.createPublicKeyLabelParams;
-import static ee.cyber.cdoc2.crypto.KeyLabelTools.formatKeyLabel;
+
 
 /**
  * Class for creating collection of EncryptionKeyMaterial from multiple sources.
@@ -72,12 +72,10 @@ public EncryptionKeyMaterialCollectionBuilder fromX509Certificate(
                     KeyLabelParams keyLabelParams = createCertKeyLabelParams(
                         entry.getKeyLabel(), entry.getFingerprint(), entry.getFile()
                     );
-                    return new PublicKeyEncryptionKeyMaterial(
-                        entry.getPublicKey(), formatKeyLabel(keyLabelParams)
-                    );
+                    return EncryptionKeyMaterial.fromPublicKey(entry.getPublicKey(), keyLabelParams);
                 }
             )
-            .collect(Collectors.toList());
+            .toList();
 
         recipients.addAll(keyMaterials);
         return this;
diff --git a/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/encrypt/PublicKeyEncryptionKeyMaterial.java b/cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/encrypt/PublicKeyEncryptionKeyMaterial.java
@@ -10,11 +10,13 @@
  * Represents key material required for encryption key derived from the public key.
  *
  * @param publicKey public key
- * @param keyLabel  key label
+ * @param keyLabel key label
+ * @param encryptionKeyOrigin encryption key origin
  */
 public record PublicKeyEncryptionKeyMaterial(
     PublicKey publicKey,
-    String keyLabel
+    String keyLabel,
+    EncryptionKeyOrigin encryptionKeyOrigin
 ) implements EncryptionKeyMaterial {
 
     @Override
@@ -24,7 +26,7 @@ public String getLabel() {
 
     @Override
     public EncryptionKeyOrigin getKeyOrigin() {
-        return EncryptionKeyOrigin.PUBLIC_KEY;
+        return encryptionKeyOrigin;
     }
 
     /**
diff --git a/cdoc2-lib/src/test/java/ee/cyber/cdoc2/EncryptionKeyMaterialTest.java b/cdoc2-lib/src/test/java/ee/cyber/cdoc2/EncryptionKeyMaterialTest.java
@@ -30,6 +30,35 @@ void shouldCreateEncryptionKeyMaterialFromPublicKey() throws Exception {
         assertEquals(EncryptionKeyOrigin.PUBLIC_KEY, encryptionKeyMaterial.getKeyOrigin());
     }
 
+    @Test
+    void shouldCreateEncryptionKeyMaterialFromPublicKeyWithIdCard() throws Exception {
+        EncryptionKeyMaterial encryptionKeyMaterial = EncryptionKeyMaterial.fromPublicKey(
+            createPublicKey(),
+            createKeyLabelParams(EncryptionKeyOrigin.ID_CARD)
+        );
+
+        assertEquals(EncryptionKeyOrigin.ID_CARD, encryptionKeyMaterial.getKeyOrigin());
+    }
+
+    @Test
+    void shouldCreateEncryptionKeyMaterialFromPublicKeyWithCertificate() throws Exception {
+        EncryptionKeyMaterial encryptionKeyMaterial = EncryptionKeyMaterial.fromPublicKey(
+            createPublicKey(),
+            createKeyLabelParams(EncryptionKeyOrigin.CERTIFICATE)
+        );
+
+        assertEquals(EncryptionKeyOrigin.CERTIFICATE, encryptionKeyMaterial.getKeyOrigin());
+    }
+
+    @Test
+    void shouldFailToCreateEncryptionKeyMaterialFromPublicKeyWithInvalidKeyOrigin() {
+        assertThrowsIllegalArgumentException(() ->
+            EncryptionKeyMaterial.fromPublicKey(
+                createPublicKey(),
+                createKeyLabelParams(EncryptionKeyOrigin.PASSWORD))
+        );
+    }
+
     @Test
     void shouldCreateEncryptionKeyMaterialFromSecretKey() throws Exception {
         KeyLabelParams keyLabelParams = createKeyLabelParams(
