Merge branch 'RM-4444_mobile-id_encrypt' into 'SID'

RM-4444: implement encryption using MID in lib

See merge request cdoc2/cdoc2-java-ref-impl!86

Author: Olesja Aarma

cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/util/CDocDecryptionHelper.java

@@ -120,7 +120,8 @@ public static DecryptionKeyMaterial getDecryptionKeyMaterial(
     }
 
     private static DecryptionKeyMaterial getSidDecryptionKeyMaterial(String idCode) {
-        SemanticIdentification semanticIdentifier = SemanticIdentification.forSid(idCode);
+        SemanticIdentification semanticIdentifier = SemanticIdentification
+            .forKeyShares(idCode, SemanticIdentification.AuthenticationType.SID);
 
         return DecryptionKeyMaterial.fromAuthMeans(semanticIdentifier);
     }

cdoc2-lib/src/main/java/ee/cyber/cdoc2/client/mobileid/MobileIdUserData.java

@@ -3,9 +3,11 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
+import static ee.cyber.cdoc2.util.IdCodeValidationUtil.getValidatedIdentityCode;
+
 
 /**
- * Uuser data for Mobile-ID authentication request
+ * User data for Mobile-ID authentication request
  * @param phoneNumber user phone number
  * @param identityCode user national identity number
  */
@@ -15,16 +17,14 @@ public record MobileIdUserData(
 ) {
 
     private static final String PHONE_NUMBER_PATTERN = "\\+37\\d{5,10}";
-    private static final String IDENTITY_CODE_PATTERN = "\\d{11}";
     private static final Pattern phoneNrPpattern = Pattern.compile(PHONE_NUMBER_PATTERN);
-    private static final Pattern idPattern = Pattern.compile(IDENTITY_CODE_PATTERN);
 
     public MobileIdUserData(String phoneNumber, String identityCode) {
-        this.phoneNumber = validatePhoneNumber(phoneNumber);
-        this.identityCode = validateIdentityCode(identityCode);
+        this.phoneNumber = getValidatedPhoneNumber(phoneNumber);
+        this.identityCode = getValidatedIdentityCode(identityCode);
     }
 
-    private String validatePhoneNumber(String phoneNr) {
+    private String getValidatedPhoneNumber(String phoneNr) {
         Matcher matcher = phoneNrPpattern.matcher(phoneNr);
         if (!matcher.matches()) {
             throw new IllegalArgumentException("Invalid phone number: " + phoneNr);
@@ -33,13 +33,4 @@ private String validatePhoneNumber(String phoneNr) {
         return phoneNr;
     }
 
-    private String validateIdentityCode(String idCode) {
-        Matcher matcher = idPattern.matcher(idCode);
-        if (!matcher.matches()) {
-            throw new IllegalArgumentException("Invalid identity number: " + idCode);
-        }
-
-        return idCode;
-    }
-
 }

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/SemanticIdentification.java

@@ -2,38 +2,27 @@
 
 import ee.sk.smartid.rest.dao.SemanticsIdentifier;
 
+import static ee.cyber.cdoc2.util.IdCodeValidationUtil.getValidatedIdentityCode;
+
 
 /**
  * Identification for {@link ee.cyber.cdoc2.crypto.KeyShareRecipientType#SID_MID}
  */
 public class SemanticIdentification {
 
+    private static final String COLON_SEPARATOR = ":";
     public static final String ETSI_IDENTIFIER_PREFIX = "etsi/";
     private static final String ETSI_IDENTIFIER_SEPARATOR = "'";
 
     private final String identifier;
 
     /**
-     * Identifiers for Smart ID.
+     * Identifiers for Smart ID or Mobile ID.
      * @param authType authentication method
      * @param etsiIdentifier for natural person identifier (ETSI identifier)
      */
     protected SemanticIdentification(AuthenticationType authType, SemanticsIdentifier etsiIdentifier) {
-        this.identifier = authType + ":" + etsiIdentifier;
-    }
-
-    /**
-     * Identifiers for Mobile ID.
-     * @param authType authentication method
-     * @param etsiIdentifier for natural person identifier (ETSI identifier)
-     * @param mobileNumber mobile number
-     */
-    protected SemanticIdentification(
-        AuthenticationType authType,
-        SemanticsIdentifier etsiIdentifier,
-        String mobileNumber
-    ) {
-        this.identifier = authType + ":" + etsiIdentifier + ":" + mobileNumber;
+        this.identifier = authType + COLON_SEPARATOR + etsiIdentifier;
     }
 
     public String getIdentifier() {
@@ -51,18 +40,12 @@ public SemanticIdentification fromString(String semanticIdentification) {
         SemanticsIdentifier semanticsIdentifier
             = new SemanticsIdentifier(extractEtsiIdentifier(semanticIdentification));
 
-        switch (authType) {
-            case SID -> {
-                return new SemanticIdentification(authType, semanticsIdentifier);
-            }
-            case MID -> {
-                // ToDo add mobile number here
-                return new SemanticIdentification(authType, semanticsIdentifier, "mobile_number");
-            }
-            default -> throw new IllegalStateException(
-                "Unexpected authentication type: " + authTypeString
-            );
+        if (authType == AuthenticationType.SID || authType == AuthenticationType.MID) {
+            return new SemanticIdentification(authType, semanticsIdentifier);
         }
+        throw new IllegalStateException(
+            "Unexpected authentication type: " + authTypeString
+        );
     }
 
     /**
@@ -98,28 +81,16 @@ public static AuthenticationType of(String type) {
     /**
      * Convert person identification code into semantic identifier format for Smart ID encryption
      * */
-    public static SemanticIdentification forSid(String identificationCode) {
-        SemanticsIdentifier etsiIdentifier = new SemanticsIdentifier(
-            SemanticsIdentifier.IdentityType.PNO,
-            SemanticsIdentifier.CountryCode.EE,
-            identificationCode
-        );
-        return new SemanticIdentification(AuthenticationType.SID, etsiIdentifier);
-    }
-
-    /**
-     * Convert person identification code into semantic identifier format for Mobile ID encryption
-     * */
-    public static SemanticIdentification forMid(String identificationCode) {
+    public static SemanticIdentification forKeyShares(
+        String identificationCode, AuthenticationType authType
+    ) {
+        getValidatedIdentityCode(identificationCode);
         SemanticsIdentifier etsiIdentifier = new SemanticsIdentifier(
             SemanticsIdentifier.IdentityType.PNO,
             SemanticsIdentifier.CountryCode.EE,
             identificationCode
         );
-        return new SemanticIdentification(
-            // ToDo add mobile number here
-            AuthenticationType.MID, etsiIdentifier, "mobile_number"
-        );
+        return new SemanticIdentification(authType, etsiIdentifier);
     }
 
 }

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/encrypt/EtsiIdentifierEncKeyMaterialBuilder.java

@@ -70,20 +70,7 @@ public EtsiIdentifierEncKeyMaterialBuilder forEId(boolean forEId)
      * @return the list of EncryptionKeyMaterial
      */
     public EtsiIdentifierEncKeyMaterialBuilder forSid(String[] sidCodes) {
-        if (null != sidCodes) {
-            List<EncryptionKeyMaterial> keyMaterials = Arrays.stream(sidCodes)
-                .map(idCode -> {
-                    SemanticIdentification semanticIdentifier = SemanticIdentification.forSid(idCode);
-                    KeyLabelParams keyLabelParams
-                        = createKeySharesKeyLabelParams(semanticIdentifier.getIdentifier());
-
-                    return EncryptionKeyMaterial.fromAuthMeans(semanticIdentifier, keyLabelParams);
-                })
-                .toList();
-
-            recipients.addAll(keyMaterials);
-        }
-        return this;
+        return withKeyShares(sidCodes, SemanticIdentification.AuthenticationType.SID);
     }
 
     /**
@@ -92,11 +79,17 @@ public EtsiIdentifierEncKeyMaterialBuilder forSid(String[] sidCodes) {
      * @return the list of EncryptionKeyMaterial
      */
     public EtsiIdentifierEncKeyMaterialBuilder forMid(String[] midCodes) {
-        if (null != midCodes) {
-            List<EncryptionKeyMaterial> keyMaterials = Arrays.stream(midCodes)
+        return withKeyShares(midCodes, SemanticIdentification.AuthenticationType.MID);
+    }
+
+    private EtsiIdentifierEncKeyMaterialBuilder withKeyShares(
+        String[] idCodes, SemanticIdentification.AuthenticationType authType
+    ) {
+        if (null != idCodes) {
+            List<EncryptionKeyMaterial> keyMaterials = Arrays.stream(idCodes)
                 .map(idCode -> {
-                    // ToDo add mobile number here
-                    SemanticIdentification semanticIdentifier = SemanticIdentification.forMid(idCode);
+                    SemanticIdentification semanticIdentifier = SemanticIdentification
+                        .forKeyShares(idCode, authType);
                     KeyLabelParams keyLabelParams
                         = createKeySharesKeyLabelParams(semanticIdentifier.getIdentifier());
 

cdoc2-lib/src/main/java/ee/cyber/cdoc2/util/IdCodeValidationUtil.java

@@ -0,0 +1,70 @@
+package ee.cyber.cdoc2.util;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+
+/**
+ * Utility class for national ID code validation.
+ */
+public final class IdCodeValidationUtil {
+
+    private static final String IDENTITY_CODE_PATTERN = "\\d{11}";
+    private static final Pattern idPattern = Pattern.compile(IDENTITY_CODE_PATTERN);
+
+    private IdCodeValidationUtil() { }
+
+    /**
+     * Validates national identity code.
+     * @param idCode identity code
+     * @return identity code
+     * @throws IllegalArgumentException if identity code validation has failed
+     */
+    public static String getValidatedIdentityCode(String idCode) {
+        Matcher matcher = idPattern.matcher(idCode);
+        if (!matcher.matches()) {
+            throw new IllegalArgumentException("Identity number must be of 11 numbers: " + idCode);
+        }
+
+        int checksum = Integer.parseInt(idCode.substring(10));
+        String idNumberWithoutChecksum = idCode.substring(0, 10);
+
+        int calculatedChecksum = getCalculatedChecksum(idNumberWithoutChecksum);
+
+        if (checksum != calculatedChecksum) {
+            throw new IllegalArgumentException("Invalid identity number: " + idCode);
+        }
+
+        return idCode;
+    }
+
+    private static int getCalculatedChecksum(String idNumberWithoutChecksum) {
+        int[] firstTierMultipliers = {1, 2, 3, 4, 5, 6, 7, 8, 9, 1};
+        int calculatedChecksum = calculateChecksum(idNumberWithoutChecksum, firstTierMultipliers);
+        if (10 == calculatedChecksum) {
+            return getSecondTierCalculatedChecksum(idNumberWithoutChecksum);
+        }
+
+        return calculatedChecksum;
+    }
+
+    private static int getSecondTierCalculatedChecksum(String idNumberWithoutChecksum) {
+        int[] secondTierMultipliers = {3, 4, 5, 6, 7, 8, 9, 1, 2, 3};
+        int calculatedChecksum = calculateChecksum(idNumberWithoutChecksum, secondTierMultipliers);
+        if (10 == calculatedChecksum) {
+            calculatedChecksum = 0;
+        }
+        return calculatedChecksum;
+    }
+
+    private static int calculateChecksum(String idNumberWithoutChecksum, int[] tierMultipliers) {
+        int sum = 0;
+        for (int i = 0; i < tierMultipliers.length; i++) {
+            sum =
+                sum + (tierMultipliers[i]
+                    * Integer.parseInt(idNumberWithoutChecksum.substring(i, i + 1)));
+        }
+        return sum % 11;
+    }
+
+}

cdoc2-lib/src/test/java/ee/cyber/cdoc2/ClientConfigurationUtil.java

@@ -18,6 +18,7 @@
 
 public final class ClientConfigurationUtil {
 
+    public static final String MOBILE_ID_PROPERTIES_PATH = "mobile-id/mobile_id-test.properties";
     public static final String SMART_ID_PROPERTIES_PATH = "smart-id/smart_id-test.properties";
 
     private ClientConfigurationUtil() { }
@@ -39,7 +40,7 @@ public static SmartIdClientConfiguration registerFromProperties(Properties prope
 
     public static MobileIdClientConfiguration getMobileIdConfiguration() throws ConfigurationLoadingException {
         Properties properties = loadProperties(
-            CLASSPATH + "mobile-id/mobile_id-test.properties"
+            CLASSPATH + MOBILE_ID_PROPERTIES_PATH
         );
         Cdoc2Configuration configuration = new MobileIdClientConfigurationImpl(properties);
 

cdoc2-lib/src/test/java/ee/cyber/cdoc2/IdCodeValidationUtilTest.java

@@ -0,0 +1,24 @@
+package ee.cyber.cdoc2;
+
+import org.junit.jupiter.api.Test;
+
+import static ee.cyber.cdoc2.util.IdCodeValidationUtil.getValidatedIdentityCode;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+
+
+class IdCodeValidationUtilTest {
+
+    @Test
+    void testSuccessfulIdCodeValidation() {
+        String validatedIdCode = getValidatedIdentityCode("51307149560");
+        assertEquals("51307149560", validatedIdCode);
+
+        getValidatedIdentityCode("60001019939");
+        getValidatedIdentityCode("60001019983");
+        getValidatedIdentityCode("60001019961");
+        getValidatedIdentityCode("60001019972");
+        getValidatedIdentityCode("50001018908");
+        getValidatedIdentityCode("30303039914");
+    }
+
+}