Merge branch 'RM-4475' into 'SID'

RM-4475: Fix keyLabel EID fields names

See merge request cdoc2/cdoc2-java-ref-impl!84

Author: Olesja Aarma

cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocDecryptCmd.java

@@ -102,7 +102,7 @@ public Void call() throws Exception {
     }
 
     private void addKeySharesIfAny(CDocDecrypter cDocDecrypter) throws GeneralSecurityException {
-        if (this.exclusive.isWithSid() || this.exclusive.isWithMid()) {
+        if (null != this.exclusive && (this.exclusive.isWithSid() || this.exclusive.isWithMid())) {
             cDocDecrypter.withKeyShares(initKeyShareClientFactory());
         }
     }

cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocReEncryptCmd.java

@@ -153,7 +153,7 @@ private File getDestinationFile() {
     private void addKeySharesIfAny(CDocReEncrypter cDocReEncrypter)
         throws GeneralSecurityException {
 
-        if (this.exclusive.isWithSid() || this.exclusive.isWithMid()) {
+        if (null != this.exclusive && (this.exclusive.isWithSid() || this.exclusive.isWithMid())) {
             cDocReEncrypter.addKeyShareClientFactory(initKeyShareClientFactory());
         }
     }

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/KeyLabelTools.java

@@ -167,15 +167,28 @@ public static KeyLabelParams createCertKeyLabelParams(
     /**
      * Create eID key label parameters for data section of formatted key label.
      * @param keyLabel key label as common name from certificate
-     * @param serialNumber serial number from LDAP server
+     * @param serialNumber serial number from certificate
+     * @param keyLabelType key label type from certificate
      * @return KeyLabelParams key label parameters required for data section
      */
     public static KeyLabelParams createEIdKeyLabelParams(
-        String keyLabel, BigInteger serialNumber
+        String keyLabel, BigInteger serialNumber, String keyLabelType
     ) {
-        KeyLabelParams keyLabelParams = createKeyLabelCommonParams(
-            EncryptionKeyOrigin.ID_CARD, KeyLabelDataVersion.V_1
+        Map<String, String> keyLabelParamsMap = createKeyLabelParamsMap();
+        keyLabelParamsMap.put(
+            KeyLabelDataFields.V.name(),
+            urlEncodeValue(toNumbericString(KeyLabelDataVersion.V_1))
+        );
+
+        KeyLabelType klType = KeyLabelType.ofType(keyLabelType);
+        keyLabelParamsMap.put(
+            KeyLabelDataFields.TYPE.name(),
+            urlEncodeValue(null != klType ? klType.getName() : "")
         );
+
+        KeyLabelParams keyLabelParams
+            = new KeyLabelParams(EncryptionKeyOrigin.ID_CARD, keyLabelParamsMap);
+
         keyLabelParams.addParam(KeyLabelDataFields.CN.name(), keyLabel);
         keyLabelParams.addParam(KeyLabelDataFields.SERIAL_NUMBER.name(), String.valueOf(serialNumber));
 
@@ -255,19 +268,23 @@ public static String keyLabelParamsForDisplaying(Map<String, String> keyLabelPar
             .collect(Collectors.joining(", "));
     }
 
+    private static Map<String, String> createKeyLabelParamsMap() {
+        return new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+    }
+
     private static KeyLabelParams createKeyLabelCommonParams(
         EncryptionKeyOrigin encryptionKeyOrigin,
         KeyLabelTools.KeyLabelDataVersion version
     ) {
-        Map<String, String> keyLabelParams = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+        Map<String, String> keyLabelParams = createKeyLabelParamsMap();
         keyLabelParams.put(
             KeyLabelDataFields.V.name(),
             urlEncodeValue(toNumbericString(version))
         );
         KeyLabelType type = getKeyLabelType(encryptionKeyOrigin);
         keyLabelParams.put(
             KeyLabelDataFields.TYPE.name(),
-            urlEncodeValue(KeyLabelType.ofType(type))
+            urlEncodeValue(type.getName())
         );
 
         return new KeyLabelParams(encryptionKeyOrigin, keyLabelParams);
@@ -279,7 +296,7 @@ public static KeyLabelType getKeyLabelType(EncryptionKeyOrigin encryptionKeyOrig
                 return KeyLabelType.CERT;
             }
             case ID_CARD -> {
-                return KeyLabelType.ID_CARD;
+                return KeyLabelType.ID_CARD_DEFAULT;
             }
             case KEY_SHARE -> {
                 return KeyLabelType.AUTH;
@@ -396,7 +413,7 @@ public static String convertKeyLabelParamsMapToString(Map<String, String> map) {
     }
 
     private static Map<String, String> convertStringToKeyLabelParamsMap(String data) {
-        Map<String, String> result = new TreeMap<>(String.CASE_INSENSITIVE_ORDER);
+        Map<String, String> result = createKeyLabelParamsMap();
         if (data.isBlank()) {
             return result;
         }
@@ -431,28 +448,43 @@ public enum KeyLabelDataFields {
      * Key label data types
      */
     public enum KeyLabelType {
-        AUTH,
-        CERT,
-        ID_CARD,
-        PUB_KEY,
-        PW,
-        SECRET;
-
-        public static String ofType(KeyLabelType type) {
-            return type.name().toLowerCase(Locale.ROOT);
+        AUTH("auth"),
+        CERT("cert"),
+        ID_CARD_DEFAULT("ID-card"),
+        ID_CARD_DIGI_ID("Digi-ID"),
+        ID_CARD_E_RESIDENT("Digi-ID E-RESIDENT"),
+        PUB_KEY("pub_key"),
+        PW("pw"),
+        SECRET("secret");
+
+        public final String typeName;
+
+        KeyLabelType(String name) {
+            this.typeName = name;
+        }
+
+        public String getName() {
+            if (typeName.equals("ID-card")
+                || typeName.equals("Digi-ID")
+                || typeName.equals("Digi-ID E-RESIDENT")) {
+                return typeName;
+            }
+            return typeName.toLowerCase(Locale.ROOT);
         }
 
-        public static KeyLabelType fromParams(String type) {
-            return KeyLabelType.getName(type);
+        private static KeyLabelType fromParams(String type) {
+            return KeyLabelType.ofType(type);
         }
 
-        public static KeyLabelType getName(String keyLabelType) {
+        private static KeyLabelType ofType(String keyLabelType) {
             for (var type : KeyLabelType.values()) {
-                if (null != keyLabelType && type.name().compareToIgnoreCase(keyLabelType) == 0) {
+                if (null != keyLabelType && type.getName().compareToIgnoreCase(keyLabelType) == 0) {
                     return type;
                 }
             }
 
+            // key label cannot be missing, but according to the specification
+            // encryption/decryption should not fail
             return null;
         }
     }

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/PemTools.java

@@ -264,13 +264,11 @@ public static SkLdapUtil.CertificateData loadCertKeyWithLabel(InputStream certIs
 
         var cert = loadCertificate(certIs);
         PublicKey publicKey = cert.getPublicKey();
-        String keyLabel = SkLdapUtil.getKeyLabel(cert);
+        SkLdapUtil.CertificateData certificateData = SkLdapUtil.getKeyLabel(cert);
 
         String certFingerprint = getCertFingerprint(cert);
 
-        SkLdapUtil.CertificateData certificateData = new SkLdapUtil.CertificateData();
         certificateData.setPublicKey(publicKey);
-        certificateData.setKeyLabel(keyLabel);
         certificateData.setFingerprint(certFingerprint);
 
         return certificateData;

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/encrypt/EtsiIdentifierEncKeyMaterialBuilder.java

@@ -53,7 +53,7 @@ public EtsiIdentifierEncKeyMaterialBuilder forEId(boolean forEId)
                 .filter(entry -> EllipticCurve.isSupported(entry.getPublicKey()))
                 .map(cd -> {
                     KeyLabelParams keyLabelParams = createEIdKeyLabelParams(
-                        cd.getKeyLabel(), cd.getSerialNumber()
+                        cd.getKeyLabel(), cd.getSerialNumber(), cd.getKeyLabelType()
                     );
                     return EncryptionKeyMaterial.fromPublicKey(cd.getPublicKey(), keyLabelParams);
                 })

cdoc2-lib/src/main/java/ee/cyber/cdoc2/util/SkLdapUtil.java

@@ -28,6 +28,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import ee.cyber.cdoc2.crypto.KeyLabelTools;
+
 
 /**
  * Utility class to downloading and parsing certificates from SK LDAP server
@@ -159,11 +161,8 @@ public static List<SkLdapUtil.CertificateData> getPublicKeysWithLabels(String[]
                 for (var certNameEntry: certs.entrySet()) {
                     X509Certificate cert = certNameEntry.getKey();
                     String distinguishedName = certNameEntry.getValue();
-                    String keyLabel = getKeyLabel(cert, distinguishedName);
-
-                    CertificateData certificateData = new CertificateData();
+                    CertificateData certificateData = getKeyLabel(cert, distinguishedName);
                     certificateData.setPublicKey(cert.getPublicKey());
-                    certificateData.setKeyLabel(keyLabel);
                     certificateData.setSerialNumber(cert.getSerialNumber());
 
                     log.debug("Adding certificate data {}", certificateData);
@@ -178,23 +177,24 @@ public static List<SkLdapUtil.CertificateData> getPublicKeysWithLabels(String[]
     }
 
     /**
-     * Get label value from certificate. Used as KeyLabel value in FBS header. For SK issued certificates,
-     * use CN part of Subject as label, for other certs use x509 Subject
+     * Prepare key label data from certificate. Used as KeyLabel value in FBS header. For SK issued
+     * certificates, use CN part of Subject as label, for other certs use x509 Subject.
      * @param cert certificate to be used for label creation
      * @return label parsed from cert
      */
-    public static String getKeyLabel(X509Certificate cert) {
+    public static CertificateData getKeyLabel(X509Certificate cert) {
         return getKeyLabel(cert, null);
     }
 
     /**
-     * Get label value from certificate. Used as KeyLabel value in FBS header. For SK issued certificates,
-     * use CN part of Subject as label, for other certs use x509 Subject
+     * Prepare key label data from certificate. Used as KeyLabel value in FBS header. For SK
+     * issued certificates, use CN part of Subject as label, for other certs use x509 Subject.
      * @param cert certificate to be used for label creation
      * @param dName the distinguished name (optional) - used to add certificate type to the label
      * @return label parsed from cert
      */
-    private static String getKeyLabel(X509Certificate cert, @Nullable String dName)  {
+    private static CertificateData getKeyLabel(X509Certificate cert, @Nullable String dName)  {
+        CertificateData certificateData = new SkLdapUtil.CertificateData();
         // KeyLabel is UI specific field, so its value is not specified in the Spec.
         // DigiDoc4-Client uses this field to hint user what type of eID was used for encryption
         // https://github.com
@@ -219,19 +219,37 @@ private static String getKeyLabel(X509Certificate cert, @Nullable String dName)
                 if (dName != null) {
                     if (dName.contains(DIGI_ID)) {
                         keyLabel += " (digi-id)";
+                        certificateData.setKeyLabelType(
+                            KeyLabelTools.KeyLabelType.ID_CARD_DIGI_ID.getName()
+                        );
                     } else if (dName.contains(ID_CARD)) {
                         keyLabel += " (id-card)";
+                        certificateData.setKeyLabelType(
+                            KeyLabelTools.KeyLabelType.ID_CARD_DEFAULT.getName()
+                        );
                     } else if (dName.contains(E_RESIDENT_DIGI_ID)) {
                         keyLabel += " (e-resident digi-id)";
+                        certificateData.setKeyLabelType(
+                            KeyLabelTools.KeyLabelType.ID_CARD_E_RESIDENT.getName()
+                        );
                     }
                 }
-                return keyLabel;
+                certificateData.setKeyLabel(keyLabel);
+                return certificateData;
             } else {
                 log.warn("Unexpected certificate cn values {}", cn);
-                return cert.getSubjectX500Principal().getName();
+                certificateData.setKeyLabel(cert.getSubjectX500Principal().getName());
+                certificateData.setKeyLabelType(
+                    KeyLabelTools.KeyLabelType.ID_CARD_DEFAULT.getName()
+                );
+                return certificateData;
             }
         } catch (InvalidNameException e) {
-            return cert.getSubjectX500Principal().getName();
+            certificateData.setKeyLabel(cert.getSubjectX500Principal().getName());
+            certificateData.setKeyLabelType(
+                KeyLabelTools.KeyLabelType.ID_CARD_DEFAULT.getName()
+            );
+            return certificateData;
         }
     }
 
@@ -244,6 +262,7 @@ public static class CertificateData {
         private String fingerprint;
         @Nullable
         private BigInteger serialNumber;
+        private String keyLabelType;
 
         public CertificateData() {
             // utility class
@@ -269,6 +288,10 @@ public BigInteger getSerialNumber() {
             return this.serialNumber;
         }
 
+        public String getKeyLabelType() {
+            return this.keyLabelType;
+        }
+
         public void setPublicKey(PublicKey publicKey) {
             this.publicKey = publicKey;
         }
@@ -288,6 +311,10 @@ public void setFingerprint(String fingerprint) {
         public void setSerialNumber(BigInteger serialNumber) {
             this.serialNumber = serialNumber;
         }
+
+        public void setKeyLabelType(String keyLabelType) {
+            this.keyLabelType = keyLabelType;
+        }
     }
 
 }

cdoc2-lib/src/test/java/ee/cyber/cdoc2/KeyLabelToolsTest.java

@@ -228,7 +228,9 @@ null, null, new File("file_name")
     @Test
     void testEIdLabelParamsCreation() {
         KeyLabelParams keyLabelParams = createEIdKeyLabelParams(
-            "Common,Name,IdentityCode", BigInteger.valueOf(123456)
+            "Common,Name,IdentityCode",
+            BigInteger.valueOf(123456),
+            KeyLabelTools.KeyLabelType.CERT.getName()
         );
 
         assertEquals(