Merge branch 'RM-4813_key_label' into 'SID'

RM-4813: change SID/MID key label format

See merge request cdoc2/cdoc2-java-ref-impl!104

Author: Olesja Aarma

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/AuthenticationIdentifier.java

@@ -21,14 +21,6 @@ public class AuthenticationIdentifier {
 
     private final String identifier;
 
-    /**
-     * Identifiers for Smart ID or Mobile ID.
-     * @param authIdentifier authentication identifier string
-     */
-    public AuthenticationIdentifier(String authIdentifier) {
-        this.identifier = authIdentifier;
-    }
-
     /**
      * Identifiers for Smart ID or Mobile ID.
      * @param authType authentication method
@@ -49,7 +41,11 @@ protected AuthenticationIdentifier(
         SemanticsIdentifier etsiIdentifier,
         String mobileNumber
     ) {
-        this.identifier = authType + ":" + etsiIdentifier.getIdentifier() + ":" + mobileNumber;
+        this.identifier = authType
+            + COLON_SEPARATOR
+            + etsiIdentifier.getIdentifier()
+            + COLON_SEPARATOR
+            + mobileNumber;
     }
 
     public String getIdentifier() {

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/KeyLabelTools.java

@@ -245,14 +245,15 @@ public static KeyLabelParams createSecretKeyLabelParams(String keyLabel) {
 
     /**
      * Create key label parameters of key shares for data section of formatted key label.
-     * @param keyLabel key label as (National) personal number
+     * @param etsiIdentifier ETSI identifier in format 'etsi/PNOEE-30303039914'
      * @return KeyLabelParams key label parameters required for data section
      */
-    public static KeyLabelParams createKeySharesKeyLabelParams(String keyLabel) {
+    public static KeyLabelParams createKeySharesKeyLabelParams(String etsiIdentifier) {
         KeyLabelParams keyLabelParams = createKeyLabelCommonParams(
-            EncryptionKeyOrigin.KEY_SHARE, KeyLabelTools.KeyLabelDataVersion.V_2
+            EncryptionKeyOrigin.KEY_SHARE, KeyLabelTools.KeyLabelDataVersion.V_1
         );
-        keyLabelParams.addParam(KeyLabelDataFields.PNO.name(), keyLabel);
+
+        keyLabelParams.addParam(KeyLabelDataFields.SN.name(), etsiIdentifier);
 
         return keyLabelParams;
     }
@@ -326,7 +327,7 @@ private static String extractKeyLabelByType(
     ) {
         switch (keyLabelType) {
             case AUTH -> {
-                return keyLabelParams.get(KeyLabelDataFields.PNO.name());
+                return keyLabelParams.get(KeyLabelDataFields.SN.name());
             }
             case PW, SECRET -> {
                 return keyLabelParams.get(KeyLabelDataFields.LABEL.name());
@@ -438,7 +439,7 @@ public enum KeyLabelDataFields {
         FIRST_NAME,
         LABEL,
         LAST_NAME,
-        PNO, // for Smart id & Mobile id
+        SN, // for Smart id & Mobile id
         SERIAL_NUMBER,
         TYPE,
         V

cdoc2-lib/src/main/java/ee/cyber/cdoc2/crypto/keymaterial/encrypt/EtsiIdentifierEncKeyMaterialBuilder.java

@@ -1,5 +1,7 @@
 package ee.cyber.cdoc2.crypto.keymaterial.encrypt;
 
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+
 import java.security.cert.CertificateException;
 import java.util.Arrays;
 import java.util.LinkedList;
@@ -89,10 +91,12 @@ private EtsiIdentifierEncKeyMaterialBuilder withKeyShares(
         if (null != idCodes) {
             List<EncryptionKeyMaterial> keyMaterials = Arrays.stream(idCodes)
                 .map(idCode -> {
+                    SemanticsIdentifier semanticsIdentifier = createSemanticsIdentifier(idCode);
                     AuthenticationIdentifier authIdentifier = AuthenticationIdentifier
-                        .forKeyShares(createSemanticsIdentifier(idCode), authType);
-                    KeyLabelParams keyLabelParams
-                        = createKeySharesKeyLabelParams(authIdentifier.getIdentifier());
+                        .forKeyShares(semanticsIdentifier, authType);
+                    KeyLabelParams keyLabelParams = createKeySharesKeyLabelParams(
+                        authIdentifier.getEtsiIdentifier()
+                    );
 
                     return EncryptionKeyMaterial.fromAuthMeans(authIdentifier, keyLabelParams);
                 })

cdoc2-lib/src/test/java/ee/cyber/cdoc2/KeyLabelToolsTest.java

@@ -1,5 +1,8 @@
 package ee.cyber.cdoc2;
 
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+
+import ee.cyber.cdoc2.crypto.AuthenticationIdentifier;
 import ee.cyber.cdoc2.crypto.EncryptionKeyOrigin;
 import ee.cyber.cdoc2.crypto.KeyLabelParams;
 import ee.cyber.cdoc2.crypto.KeyLabelTools;
@@ -14,6 +17,7 @@
 import java.util.TreeMap;
 
 import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.KEY_LABEL_FILE_NAME_PROPERTY;
+import static ee.cyber.cdoc2.crypto.AuthenticationIdentifier.createSemanticsIdentifier;
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.convertKeyLabelParamsMapToString;
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.createCertKeyLabelParams;
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.createEIdKeyLabelParams;
@@ -278,13 +282,17 @@ void testSecretKeyLabelParamsCreation() {
 
     @Test
     void testKeySharesKeyLabelParamsCreation() {
-        KeyLabelParams keyLabelParams = createKeySharesKeyLabelParams("keyLabel");
+        SemanticsIdentifier semanticsIdentifier = createSemanticsIdentifier("30303039914");
+        AuthenticationIdentifier authIdentifier = AuthenticationIdentifier
+            .forKeyShares(semanticsIdentifier, AuthenticationIdentifier.AuthenticationType.SID);
+        KeyLabelParams keyLabelParams
+            = createKeySharesKeyLabelParams(authIdentifier.getEtsiIdentifier());
 
         assertEquals(
-            "keyLabel",
+            "etsi/PNOEE-30303039914",
             getDecodedKeyLabelParamValue(
                 keyLabelParams.keyLabelParams(),
-                KeyLabelTools.KeyLabelDataFields.PNO
+                KeyLabelTools.KeyLabelDataFields.SN
             )
         );
     }

cdoc2-lib/src/test/java/ee/cyber/cdoc2/container/EnvelopeTest.java

@@ -87,11 +87,11 @@
 import static ee.cyber.cdoc2.KeyUtil.createSecretKey;
 import static ee.cyber.cdoc2.KeyUtil.getKeyPairRsaInstance;
 import static ee.cyber.cdoc2.container.EnvelopeTestUtils.checkContainerDecrypt;
+import static ee.cyber.cdoc2.container.EnvelopeTestUtils.createKeyLabelParams;
 import static ee.cyber.cdoc2.container.EnvelopeTestUtils.getPublicKeyLabelParams;
 import static ee.cyber.cdoc2.container.EnvelopeTestUtils.testContainer;
 import static ee.cyber.cdoc2.container.EnvelopeTestUtils.testContainerWithKeyShares;
 import static ee.cyber.cdoc2.crypto.AuthenticationIdentifier.createSemanticsIdentifier;
-import static ee.cyber.cdoc2.crypto.KeyLabelTools.createKeySharesKeyLabelParams;
 import static ee.cyber.cdoc2.fbs.header.Capsule.*;
 import static ee.cyber.cdoc2.fbs.header.Capsule.recipients_PBKDF2Capsule;
 import static ee.cyber.cdoc2.smartid.SmartIdClientTest.getDemoEnvConfiguration;
@@ -438,22 +438,26 @@ void testPasswordKeySerialization(@TempDir Path tempDir) throws Exception {
 
     @Test
     void testKeySharesSerializationWithSmartId(@TempDir Path tempDir) throws Exception {
+        AuthenticationIdentifier.AuthenticationType authType
+            = AuthenticationIdentifier.AuthenticationType.SID;
         AuthenticationIdentifier keyLabel = AuthenticationIdentifier.forKeyShares(
-            createSemanticsIdentifier("30303039914"),
-            AuthenticationIdentifier.AuthenticationType.SID
+            createSemanticsIdentifier("30303039914"), authType
+
         );
 
-        testKeySharesSerialization(tempDir, keyLabel);
+        testKeySharesSerialization(tempDir, keyLabel, authType, "30303039914");
     }
 
     @Test
     void testKeySharesSerializationWithMobileId(@TempDir Path tempDir) throws Exception {
+        AuthenticationIdentifier.AuthenticationType authType
+            = AuthenticationIdentifier.AuthenticationType.MID;
         AuthenticationIdentifier keyLabel = AuthenticationIdentifier.forKeyShares(
-            createSemanticsIdentifier("51307149560"),
-            AuthenticationIdentifier.AuthenticationType.MID
+            createSemanticsIdentifier("51307149560"), authType
+
         );
 
-        testKeySharesSerialization(tempDir, keyLabel);
+        testKeySharesSerialization(tempDir, keyLabel, authType, "51307149560");
     }
 
     @Test
@@ -550,13 +554,22 @@ void testKeySharesScenarioWithSmartId(@TempDir Path tempDir) throws Exception {
         // SID demo env that authenticates automatically
         setupKeyShareClientMocks();
 
+        AuthenticationIdentifier.AuthenticationType authType
+            = AuthenticationIdentifier.AuthenticationType.SID;
+        String idCode = "30303039914";
+
         AuthenticationIdentifier authIdentifier = AuthenticationIdentifier.forKeyShares(
-            createSemanticsIdentifier("30303039914"),
-            AuthenticationIdentifier.AuthenticationType.SID
+            createSemanticsIdentifier(idCode), authType
         );
 
-        EnvelopeTestUtils.DecryptionData decryptionData
-            = testContainerWithKeyShares(tempDir, authIdentifier, authIdentifier, shareClientFactory);
+        EnvelopeTestUtils.DecryptionData decryptionData = testContainerWithKeyShares(
+            tempDir,
+            authIdentifier,
+            authIdentifier,
+            shareClientFactory,
+            authType,
+            idCode
+        );
 
         verifyMockedKeyShareClients();
 
@@ -582,20 +595,23 @@ void testKeySharesScenarioWithSmartId(@TempDir Path tempDir) throws Exception {
     void testKeySharesScenarioWithMobileId(@TempDir Path tempDir) throws Exception {
         // MID demo env that authenticates automatically
         setupKeyShareClientMocks();
+        String idCode = "51307149560";
         AuthenticationIdentifier encAuthIdentifier = AuthenticationIdentifier.forKeyShares(
-            createSemanticsIdentifier("51307149560"),
+            createSemanticsIdentifier(idCode),
             AuthenticationIdentifier.AuthenticationType.MID
         );
         AuthenticationIdentifier decryptAuthIdentifier = AuthenticationIdentifier.forMidDecryption(
-            createSemanticsIdentifier("51307149560"),
+            createSemanticsIdentifier(idCode),
             "+37269930366"
         );
 
         EnvelopeTestUtils.DecryptionData decryptionData = testContainerWithKeyShares(
             tempDir,
             encAuthIdentifier,
             decryptAuthIdentifier,
-            shareClientFactory
+            shareClientFactory,
+            AuthenticationIdentifier.AuthenticationType.MID,
+            idCode
         );
 
         verifyMockedKeyShareClients();
@@ -686,20 +702,23 @@ void testReEncryptionScenario(@TempDir Path tempDir) throws Exception {
     void testReEncryptionScenarioWithMobileId(@TempDir Path tempDir) throws Exception {
         // encrypt initial cdoc2 document
         setupKeyShareClientMocks();
+        String idCode = "60001017869";
         AuthenticationIdentifier encAuthIdentifier = AuthenticationIdentifier.forKeyShares(
-            createSemanticsIdentifier("60001017869"),
+            createSemanticsIdentifier(idCode),
             AuthenticationIdentifier.AuthenticationType.MID
         );
         AuthenticationIdentifier decryptAuthIdentifier = AuthenticationIdentifier.forMidDecryption(
-            createSemanticsIdentifier("60001017869"),
+            createSemanticsIdentifier(idCode),
             "+37268000769"
         );
 
         EnvelopeTestUtils.DecryptionData decryptionData = testContainerWithKeyShares(
             tempDir,
             encAuthIdentifier,
             decryptAuthIdentifier,
-            shareClientFactory
+            shareClientFactory,
+            AuthenticationIdentifier.AuthenticationType.MID,
+            idCode
         );
 
         verify(mockKeySharesClient1).storeKeyShare(keyShareCaptor1.capture());
@@ -1265,7 +1284,9 @@ private void setUpKeyLabelFormat(boolean isFormatted) {
 
     private void testKeySharesSerialization(
         Path tempDir,
-        AuthenticationIdentifier authIdentifier
+        AuthenticationIdentifier authIdentifier,
+        AuthenticationIdentifier.AuthenticationType authType,
+        String idCode
     ) throws Exception {
         setupKeyShareClientMocks();
 
@@ -1280,7 +1301,7 @@ private void testKeySharesSerialization(
 
         Envelope envelope = Envelope.prepare(
             List.of(EncryptionKeyMaterial.fromAuthMeans(
-                authIdentifier, createKeySharesKeyLabelParams(authIdentifier.getIdentifier()))
+                authIdentifier, createKeyLabelParams(idCode, authType))
             ),
             null, shareClientFactory
         );

cdoc2-lib/src/test/java/ee/cyber/cdoc2/container/EnvelopeTestUtils.java

@@ -1,5 +1,7 @@
 package ee.cyber.cdoc2.container;
 
+import ee.sk.smartid.rest.dao.SemanticsIdentifier;
+
 import ee.cyber.cdoc2.client.KeyShareClientFactory;
 import ee.cyber.cdoc2.crypto.Crypto;
 import ee.cyber.cdoc2.crypto.EncryptionKeyOrigin;
@@ -59,6 +61,7 @@
 import java.util.UUID;
 
 import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.isKeyLabelMachineReadableFormatEnabled;
+import static ee.cyber.cdoc2.crypto.AuthenticationIdentifier.createSemanticsIdentifier;
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.createKeySharesKeyLabelParams;
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.createPublicKeyLabelParams;
 import static ee.cyber.cdoc2.crypto.KeyLabelTools.createSymmetricKeyLabelParams;
@@ -256,7 +259,9 @@ public static byte[] createContainerWithKeyShares(
         File payloadFile,
         byte[] payloadData,
         AuthenticationIdentifier authIdentifier,
-        KeyShareClientFactory shareClientFactory
+        KeyShareClientFactory shareClientFactory,
+        AuthenticationIdentifier.AuthenticationType authType,
+        String idCode
     ) throws IOException, GeneralSecurityException, ExtApiException {
 
         try (FileOutputStream payloadFos = new FileOutputStream(payloadFile)) {
@@ -266,8 +271,7 @@ public static byte[] createContainerWithKeyShares(
         List<File> files = new LinkedList<>();
         files.add(payloadFile);
 
-        KeyLabelParams keyLabelParams
-            = createKeySharesKeyLabelParams(authIdentifier.getIdentifier());
+        KeyLabelParams keyLabelParams = createKeyLabelParams(idCode, authType);
 
         EncryptionKeyMaterial encKeyMaterial
             = EncryptionKeyMaterial.fromAuthMeans(authIdentifier, keyLabelParams);
@@ -334,7 +338,9 @@ public static DecryptionData testContainerWithKeyShares(
         Path tempDir,
         AuthenticationIdentifier encryptAuthIdentifier,
         AuthenticationIdentifier decryptAuthIdentifier,
-        KeyShareClientFactory shareClientFactory
+        KeyShareClientFactory shareClientFactory,
+        AuthenticationIdentifier.AuthenticationType authType,
+        String idCode
     ) throws Exception {
 
         UUID uuid = UUID.randomUUID();
@@ -349,7 +355,9 @@ public static DecryptionData testContainerWithKeyShares(
             payloadFile,
             payloadData.getBytes(StandardCharsets.UTF_8),
             encryptAuthIdentifier,
-            shareClientFactory
+            shareClientFactory,
+            authType,
+            idCode
         );
 
         assertTrue(cdocContainerBytes.length > 0);
@@ -496,4 +504,15 @@ record DecryptionData(
     ) {
     }
 
+    static KeyLabelParams createKeyLabelParams(
+        String idCode,
+        AuthenticationIdentifier.AuthenticationType type
+    ) {
+        SemanticsIdentifier semanticsIdentifier = createSemanticsIdentifier(idCode);
+        AuthenticationIdentifier authIdentifier = AuthenticationIdentifier
+            .forKeyShares(semanticsIdentifier, type);
+
+        return createKeySharesKeyLabelParams(authIdentifier.getEtsiIdentifier());
+    }
+
 }