Merge branch 'RM-4309_lib_api_changes' into 'SID'

RM-4309: Services interface instead of ExternalService

See merge request cdoc2/cdoc2-java-ref-impl!91

Author: jann0k

.gitlab-ci.yml

@@ -1,3 +1,7 @@
+variables:
+  DOCKER_TLS_CERTDIR: ""
+  DOCKER_HOST: "tcp://docker:2375"
+
 stages:
   - test
   - coverage
@@ -6,6 +10,11 @@ stages:
 test:
   stage: test
   image: maven:3.8.8-eclipse-temurin-17
+#  services:
+#    - name: docker:25.0.3-dind
+#      alias: docker
+#  tags:
+#    - dind
   script:
     - mvn clean verify -s $MAVEN_SETTINGS -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository
     - shopt -s globstar
@@ -14,6 +23,10 @@ test:
     - source install_bats.sh
     - source variables.sh 
     - $BATS_HOME/bats-core/bin/bats --gather-test-outputs-in target/reports -x --report-formatter junit --output target/ cdoc2_tests.bats
+# following will fail because docker-compose-plugin is not available from Jammy repository
+#    - apt-get update && apt-get install -y docker.io docker-compose-plugin
+#    - source ../config/shares-server/export-env.sh ../config/shares-server/.env.cyber
+#    - bash run-shares-server-bats-tests.sh
     - 'for file in target/reports/*; do echo "## $file ##" >> target/bats-test.log; cat "$file" >> target/bats-test.log; done'
   coverage: /Total \d+\.\d+ %/
   artifacts:
@@ -36,6 +49,58 @@ test:
     paths:
       - .m2/repository
 
+test_with_servers:
+  # this will fail as docker image is based on alpine linux and flatc installation fails
+  # use build from previous stage?
+  stage: test
+  image: docker:25.0.3
+  services:
+    - name: docker:25.0.3-dind
+      alias: docker
+  tags:
+    - dind
+  before_script:
+    # Install Java
+    - apk add --no-cache openjdk17
+    # Install Maven
+    - apk add --no-cache maven
+    # Verify installations
+    - java -version
+    - mvn -version
+    - docker compose version
+  script:
+    - mvn clean verify -s $MAVEN_SETTINGS -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository
+    - shopt -s globstar
+    - awk -F"," '{ instructions += $4 + $5; covered += $5 } END { print covered, "/", instructions, " instructions covered"; print "Total", 100*covered/instructions, "% covered" }' /builds/**/target/site/jacoco/jacoco.csv
+    - cd test/bats
+    - source install_bats.sh
+    - source variables.sh
+    - source ../config/shares-server/export-env.sh ../config/shares-server/.env.cyber
+    - BATS_OPTS="--gather-test-outputs-in target/reports -x --report-formatter junit --output target/" bash run-shares-server-bats-tests.sh
+    - 'for file in target/reports/*; do echo "## $file ##" >> target/bats-test.log; cat "$file" >> target/bats-test.log; done'
+  coverage: /Total \d+\.\d+ %/
+  artifacts:
+    when: always
+    reports:
+      junit:
+        - "**/target/surefire-reports/*.xml"
+        - "**/target/report.xml"
+    paths:
+      - "**/target/site/jacoco"
+      - "**/target/bats-test.log"
+  rules:
+# disabled for now
+#    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+#      when: on_success
+#    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+#      when: on_success
+    - when: never
+  cache:
+    key: "$CI_COMMIT_REF_NAME"
+    paths:
+      - .m2/repository
+
+
 coverage:
   stage: coverage
   image: mcr.microsoft.com/dotnet/sdk:8.0

cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocDecryptCmd.java

@@ -1,8 +1,8 @@
 package ee.cyber.cdoc2.cli.commands;
 
 import ee.cyber.cdoc2.cli.DecryptionKeyExclusiveArgument;
-import ee.cyber.cdoc2.client.ExternalService;
 import ee.cyber.cdoc2.crypto.keymaterial.DecryptionKeyMaterial;
+import ee.cyber.cdoc2.services.Cdoc2Services;
 import picocli.CommandLine;
 import picocli.CommandLine.Command;
 import picocli.CommandLine.Option;
@@ -16,11 +16,10 @@
 
 import ee.cyber.cdoc2.CDocDecrypter;
 
-import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.getKeyCapsulesClientFactory;
-import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.addKeySharesIfAny;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getDecrypterWithFilesExtraction;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getDecryptionKeyMaterial;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getSmartCardDecryptionKeyMaterial;
+import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.KEY_CAPSULES_PROPERTIES;
 
 
 //S106 Standard outputs should not be used directly to log anything
@@ -50,12 +49,13 @@ public class CDocDecryptCmd implements Callable<Void> {
             description = "output destination | Default: current-directory")
     private File outputPath = new File(".");
 
-    @Option(names = {"--server"}, paramLabel = "FILE.properties"
-            // commented out until public key server is in live
-            //, arity = "0..1"
-            //,defaultValue = DEFAULT_SERVER_PROPERTIES
-    )
     private String keyServerPropertiesFile;
+    @Option(names = {"--server"}, paramLabel = "FILE.properties")
+    private void setKeyServerPropertiesFile(String server) {
+        keyServerPropertiesFile = server;
+        System.setProperty(KEY_CAPSULES_PROPERTIES, keyServerPropertiesFile);
+    }
+
 
     @CommandLine.Parameters(description = "one or more files to decrypt", paramLabel = "fileToExtract")
     private String[] filesToExtract = new String[0];
@@ -75,11 +75,6 @@ public Void call() throws Exception {
             throw new InvalidPathException(this.cdocFile.getAbsolutePath(), "Input CDOC file does not exist");
         }
 
-        ExternalService keyCapsulesClientFactory = null;
-        if (this.keyServerPropertiesFile != null) {
-            keyCapsulesClientFactory = getKeyCapsulesClientFactory(this.keyServerPropertiesFile);
-        }
-
         DecryptionKeyMaterial decryptionKeyMaterial = (null == this.exclusive)
             ? getSmartCardDecryptionKeyMaterial(this.slot, this.keyAlias)
             : getDecryptionKeyMaterial(this.cdocFile, this.exclusive);
@@ -89,11 +84,9 @@ public Void call() throws Exception {
             this.filesToExtract,
             this.outputPath,
             decryptionKeyMaterial,
-            keyCapsulesClientFactory
+            Cdoc2Services.initFromSystemProperties()
         );
 
-        addKeySharesIfAny(cDocDecrypter, this.exclusive);
-
         System.out.println("Decrypting " + this.cdocFile + " to " + this.outputPath.getAbsolutePath());
         List<String> extractedFileNames = cDocDecrypter.decrypt();
         extractedFileNames.forEach(System.out::println);

cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocListCmd.java

@@ -2,7 +2,6 @@
 
 import ee.cyber.cdoc2.cli.DecryptionKeyExclusiveArgument;
 import ee.cyber.cdoc2.CDocDecrypter;
-import ee.cyber.cdoc2.client.ExternalService;
 import ee.cyber.cdoc2.crypto.keymaterial.DecryptionKeyMaterial;
 import java.io.File;
 import java.nio.file.InvalidPathException;
@@ -12,16 +11,17 @@
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.Callable;
+
+import ee.cyber.cdoc2.services.Cdoc2Services;
 import org.apache.commons.compress.archivers.ArchiveEntry;
 
 import picocli.CommandLine;
 import picocli.CommandLine.Command;
 import picocli.CommandLine.Option;
 
-import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.getKeyCapsulesClientFactory;
-import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.addKeySharesIfAny;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getDecryptionKeyMaterial;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getSmartCardDecryptionKeyMaterial;
+import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.KEY_CAPSULES_PROPERTIES;
 
 
 //S106 Standard outputs should not be used directly to log anything
@@ -44,8 +44,12 @@ public class CDocListCmd implements Callable<Void> {
             description = "Alias of the keystore entry to use for decrypting")
     private String keyAlias;
 
-    @Option(names = {"--server"}, paramLabel = "FILE.properties")
     private String keyServerPropertiesFile;
+    @Option(names = {"--server"}, paramLabel = "FILE.properties")
+    private void setKeyServerPropertiesFile(String server) {
+        keyServerPropertiesFile = server;
+        System.setProperty(KEY_CAPSULES_PROPERTIES, keyServerPropertiesFile);
+    }
 
     // allow -Dkey for setting System properties
     @Option(names = "-D", mapFallbackValue = "", description = "Set Java System property")
@@ -65,22 +69,15 @@ public Void call() throws Exception {
             throw new InvalidPathException(this.cdocFile.getAbsolutePath(), "Input CDOC file does not exist");
         }
 
-        ExternalService keyCapsulesClientFactory = null;
-        if (keyServerPropertiesFile != null) {
-            keyCapsulesClientFactory = getKeyCapsulesClientFactory(this.keyServerPropertiesFile);
-        }
-
         DecryptionKeyMaterial decryptionKeyMaterial = (null == this.exclusive)
             ? getSmartCardDecryptionKeyMaterial(this.slot, this.keyAlias)
             : getDecryptionKeyMaterial(this.cdocFile, this.exclusive);
 
         CDocDecrypter cDocDecrypter = new CDocDecrypter()
                 .withCDoc(cdocFile)
-                .withKeyServers(keyCapsulesClientFactory)
+                .withServices(Cdoc2Services.initFromSystemProperties())
                 .withRecipient(decryptionKeyMaterial);
 
-        addKeySharesIfAny(cDocDecrypter, this.exclusive);
-
         System.out.println("Listing contents of " + cdocFile);
         List<ArchiveEntry> files = cDocDecrypter.list();
         if (!verbose) {

cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/commands/CDocReEncryptCmd.java

@@ -5,15 +5,14 @@
 import ee.cyber.cdoc2.cli.util.LabeledPasswordParamConverter;
 import ee.cyber.cdoc2.cli.util.LabeledPasswordParam;
 import ee.cyber.cdoc2.cli.util.LabeledSecretConverter;
-import ee.cyber.cdoc2.client.ExternalService;
 import ee.cyber.cdoc2.crypto.keymaterial.LabeledPassword;
 import ee.cyber.cdoc2.crypto.keymaterial.LabeledSecret;
+import ee.cyber.cdoc2.services.Cdoc2Services;
 import picocli.CommandLine;
 
 import java.io.File;
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
-import java.security.GeneralSecurityException;
 import java.util.Map;
 
 import java.util.concurrent.Callable;
@@ -26,11 +25,9 @@
 import ee.cyber.cdoc2.crypto.keymaterial.DecryptionKeyMaterial;
 import ee.cyber.cdoc2.crypto.keymaterial.EncryptionKeyMaterial;
 
-import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.getKeyCapsulesClientFactory;
-import static ee.cyber.cdoc2.cli.util.CDocCommonHelper.initKeyShareClientFactory;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getDecryptionKeyMaterial;
 import static ee.cyber.cdoc2.cli.util.CDocDecryptionHelper.getSmartCardDecryptionKeyMaterial;
-
+import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.KEY_CAPSULES_PROPERTIES;
 
 //S106 Standard outputs should not be used directly to log anything
 //CLI needs to interact with standard outputs
@@ -71,12 +68,12 @@ public class CDocReEncryptCmd implements Callable<Void> {
         description = "output destination")
     private File outputPath;
 
-    @CommandLine.Option(names = {"--server"}, paramLabel = "FILE.properties"
-        // commented out until public key server is in live
-        //, arity = "0..1"
-        //,defaultValue = DEFAULT_SERVER_PROPERTIES
-    )
     private String keyServerPropertiesFile;
+    @CommandLine.Option(names = {"--server"}, paramLabel = "FILE.properties")
+    private void setKeyServerPropertiesFile(String server) {
+        keyServerPropertiesFile = server;
+        System.setProperty(KEY_CAPSULES_PROPERTIES, keyServerPropertiesFile);
+    }
 
     @CommandLine.Option(names = { "-h", "--help" }, usageHelp = true, description = "display a help message")
     private boolean helpRequested = false;
@@ -97,22 +94,14 @@ public Void call() throws Exception {
             ? getSmartCardDecryptionKeyMaterial(this.slot, this.keyAlias)
             : getDecryptionKeyMaterial(this.cdocFile, this.exclusive);
 
-        ExternalService keyCapsulesClientFactory = null;
-
-        if (this.keyServerPropertiesFile != null) {
-            keyCapsulesClientFactory = getKeyCapsulesClientFactory(this.keyServerPropertiesFile);
-        }
-
         File destCdocFile = getDestinationFile();
         CDocReEncrypter cDocReEncrypter = new CDocReEncrypter(
             cdocFile,
             decryptionKeyMaterial,
             destCdocFile,
             extractSymmetricKeyEncKeyMaterial(),
-            keyCapsulesClientFactory
+            Cdoc2Services.initFromSystemProperties()
         );
-        // the order must be after assigning keyCapsulesClientFactory to override it
-        addKeySharesIfAny(cDocReEncrypter);
 
         cDocReEncrypter.reEncryptCDocContainer();
 
@@ -150,12 +139,4 @@ private File getDestinationFile() {
         return outDir.toFile();
     }
 
-    private void addKeySharesIfAny(CDocReEncrypter cDocReEncrypter)
-        throws GeneralSecurityException {
-
-        if (null != this.exclusive && (this.exclusive.isWithSid() || this.exclusive.isWithMid())) {
-            cDocReEncrypter.addKeyShareClientFactory(initKeyShareClientFactory());
-        }
-    }
-
 }

cdoc2-cli/src/main/java/ee/cyber/cdoc2/cli/util/CDocCommonHelper.java

@@ -4,22 +4,16 @@
 import java.security.GeneralSecurityException;
 import java.util.Properties;
 
-import ee.cyber.cdoc2.client.ExternalService;
-import ee.cyber.cdoc2.client.ExternalServiceImpl;
+import ee.cyber.cdoc2.client.KeyShareClientFactory;
+import ee.cyber.cdoc2.client.KeySharesClientHelper;
 import ee.cyber.cdoc2.config.CDoc2ConfigurationProvider;
 import ee.cyber.cdoc2.config.Cdoc2Configuration;
-import ee.cyber.cdoc2.config.KeyCapsuleClientConfiguration;
-import ee.cyber.cdoc2.config.KeyCapsuleClientConfigurationImpl;
 import ee.cyber.cdoc2.config.KeySharesConfiguration;
 import ee.cyber.cdoc2.config.KeySharesConfigurationImpl;
-import ee.cyber.cdoc2.config.MobileIdClientConfigurationImpl;
-import ee.cyber.cdoc2.config.SmartIdClientConfigurationImpl;
 import ee.cyber.cdoc2.exceptions.ConfigurationLoadingException;
 import ee.cyber.cdoc2.util.Resources;
 
 import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.KEY_SHARES_PROPERTIES;
-import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.MOBILE_ID_PROPERTIES;
-import static ee.cyber.cdoc2.config.Cdoc2ConfigurationProperties.SMART_ID_PROPERTIES;
 import static ee.cyber.cdoc2.config.PropertiesLoader.loadProperties;
 
 
@@ -36,30 +30,8 @@ public static Properties getServerProperties(String keyServerPropertiesFile) thr
         return p;
     }
 
-    public static ExternalService initKeyShareClientFactory() throws GeneralSecurityException {
-        ExternalServiceImpl clientFactory = new ExternalServiceImpl();
-        return clientFactory.initKeyShareClientFactory(loadKeySharesConfiguration());
-    }
-
-    public static ExternalService getKeyCapsulesClientFactory(
-        String keyServerPropertiesFile
-    ) throws GeneralSecurityException, IOException, ConfigurationLoadingException {
-        Properties p = CDocCommonHelper.getServerProperties(keyServerPropertiesFile);
-
-        return initKeyCapsuleClientFactory(p);
-    }
-
-    private static ExternalService initKeyCapsuleClientFactory(Properties p)
-        throws GeneralSecurityException {
-
-        ExternalServiceImpl clientFactory = new ExternalServiceImpl();
-        return clientFactory.initKeyCapsuleClientFactory(initializeCapsuleConfiguration(p));
-    }
-
-    private static KeyCapsuleClientConfiguration initializeCapsuleConfiguration(Properties p) {
-        Cdoc2Configuration configuration = new KeyCapsuleClientConfigurationImpl(p);
-        CDoc2ConfigurationProvider.initKeyCapsuleClientConfig(configuration);
-        return configuration.keyCapsuleClientConfiguration();
+    public static KeyShareClientFactory initKeyShareClientFactory() throws GeneralSecurityException {
+        return KeySharesClientHelper.createFactory(loadKeySharesConfiguration());
     }
 
     private static KeySharesConfiguration loadKeySharesConfiguration() {
@@ -77,33 +49,4 @@ private static KeySharesConfiguration loadKeySharesConfiguration() {
 
         return configuration.keySharesConfiguration();
     }
-
-    static void loadSmartIdConfiguration() throws ConfigurationLoadingException {
-        String propertiesFilePath = System.getProperty(
-            SMART_ID_PROPERTIES,
-            "config/smart-id/" + SMART_ID_PROPERTIES
-        );
-        if (null == propertiesFilePath) {
-            throw new ConfigurationLoadingException("Smart ID configuration property is missing");
-        }
-        Properties properties = loadProperties(propertiesFilePath);
-        Cdoc2Configuration configuration = new SmartIdClientConfigurationImpl(properties);
-
-        CDoc2ConfigurationProvider.initSmartIdClientConfig(configuration);
-    }
-
-    static void loadMobileIdConfiguration() throws ConfigurationLoadingException {
-        String propertiesFilePath = System.getProperty(
-            MOBILE_ID_PROPERTIES,
-            "config/mobile-id/" + MOBILE_ID_PROPERTIES
-        );
-        if (null == propertiesFilePath) {
-            throw new ConfigurationLoadingException("Mobile ID configuration property is missing");
-        }
-        Properties properties = loadProperties(propertiesFilePath);
-        Cdoc2Configuration configuration = new MobileIdClientConfigurationImpl(properties);
-
-        CDoc2ConfigurationProvider.initMobileIdClientConfig(configuration);
-    }
-
 }