fix: Serialise authorisations with PrivateEndpointConnParams (#317)

* fix: Serialise authorisations with `PrivateEndpointConnParams`

* reformat

* upgrade

lib/build.gradle

@@ -64,7 +64,7 @@ dependencies {
   implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:$kotlinCoroutinesVersion"
 
   // Awala
-  implementation 'tech.relaycorp:awala:1.66.6'
+  implementation 'tech.relaycorp:awala:1.67.1'
   implementation 'tech.relaycorp:awala-keystore-file:1.6.13'
   implementation 'tech.relaycorp:poweb:1.5.35'
   testImplementation 'tech.relaycorp:awala-testing:1.5.13'

lib/src/main/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpoint.kt

@@ -13,6 +13,7 @@ import tech.relaycorp.awaladroid.common.Logging.logger
 import tech.relaycorp.awaladroid.common.toKeyPair
 import tech.relaycorp.awaladroid.messaging.OutgoingMessage
 import tech.relaycorp.awaladroid.storage.persistence.PersistenceException
+import tech.relaycorp.relaynet.PrivateEndpointConnParams
 import tech.relaycorp.relaynet.issueDeliveryAuthorization
 import tech.relaycorp.relaynet.keystores.KeyStoreBackendException
 import tech.relaycorp.relaynet.keystores.MissingKeyException
@@ -48,7 +49,7 @@ internal constructor(
      * Issue a PDA for a third-party endpoint.
      */
     @Throws(CertificateException::class)
-    public fun issueAuthorization(
+    public suspend fun issueAuthorization(
         thirdPartyEndpoint: ThirdPartyEndpoint,
         expiryDate: ZonedDateTime
     ): ByteArray =
@@ -61,7 +62,7 @@ internal constructor(
      * Issue a PDA for a third-party endpoint using its public key.
      */
     @Throws(CertificateException::class)
-    public fun issueAuthorization(
+    public suspend fun issueAuthorization(
         thirdPartyEndpointPublicKeySerialized: ByteArray,
         expiryDate: ZonedDateTime
     ): ByteArray {
@@ -71,7 +72,7 @@ internal constructor(
     }
 
     @Throws(CertificateException::class)
-    private fun issueAuthorization(
+    private suspend fun issueAuthorization(
         thirdPartyEndpointPublicKey: PublicKey,
         expiryDate: ZonedDateTime
     ): ByteArray {
@@ -81,8 +82,21 @@ internal constructor(
             validityEndDate = expiryDate,
             issuerCertificate = identityCertificate
         )
-        val path = CertificationPath(pda, pdaChain)
-        return path.serialize()
+        val deliveryAuth = CertificationPath(pda, pdaChain)
+
+        val context = Awala.getContextOrThrow()
+        val sessionKeyPair = context.endpointManager.generateSessionKeyPair(
+            nodeId,
+            thirdPartyEndpointPublicKey.nodeId
+        )
+
+        val connParams = PrivateEndpointConnParams(
+            this.publicKey,
+            this.internetAddress,
+            deliveryAuth,
+            sessionKeyPair.sessionKey,
+        )
+        return connParams.serialize()
     }
 
     /**

lib/src/test/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpointTest.kt

@@ -32,10 +32,10 @@ import tech.relaycorp.awaladroid.test.RecipientAddressType
 import tech.relaycorp.awaladroid.test.ThirdPartyEndpointFactory
 import tech.relaycorp.awaladroid.test.assertSameDateTime
 import tech.relaycorp.awaladroid.test.setAwalaContext
+import tech.relaycorp.relaynet.PrivateEndpointConnParams
 import tech.relaycorp.relaynet.issueEndpointCertificate
 import tech.relaycorp.relaynet.keystores.KeyStoreBackendException
 import tech.relaycorp.relaynet.messages.control.PrivateNodeRegistration
-import tech.relaycorp.relaynet.pki.CertificationPath
 import tech.relaycorp.relaynet.testing.keystores.MockCertificateStore
 import tech.relaycorp.relaynet.testing.keystores.MockPrivateKeyStore
 import tech.relaycorp.relaynet.testing.pki.KeyPairSet
@@ -312,10 +312,12 @@ internal class FirstPartyEndpointTest : MockContextTestCase() {
         val expiryDate = ZonedDateTime.now().plusDays(1)
 
         val exception = assertThrows(AuthorizationIssuanceException::class.java) {
-            firstPartyEndpoint.issueAuthorization(
-                "This is not a key".toByteArray(),
-                expiryDate
-            )
+            runBlocking {
+                firstPartyEndpoint.issueAuthorization(
+                    "This is not a key".toByteArray(),
+                    expiryDate
+                )
+            }
         }
 
         assertEquals("PDA grantee public key is not a valid RSA public key", exception.message)
@@ -415,7 +417,8 @@ internal class FirstPartyEndpointTest : MockContextTestCase() {
             val (serviceMessage) =
                 outgoingMessage.parcel.unwrapPayload(channel.thirdPartySessionKeyPair.privateKey)
             assertEquals("application/vnd+relaycorp.awala.pda-path", serviceMessage.type)
-            val pdaPath = CertificationPath.deserialize(serviceMessage.content)
+            val params = PrivateEndpointConnParams.deserialize(serviceMessage.content)
+            val pdaPath = params.deliveryAuth
             pdaPath.validate()
             assertEquals(
                 channel.thirdPartyEndpoint.identityKey,
@@ -440,11 +443,23 @@ internal class FirstPartyEndpointTest : MockContextTestCase() {
 }
 
 private fun validateAuthorization(
-    authorizationSerialized: ByteArray,
+    paramsSerialized: ByteArray,
     firstPartyEndpoint: FirstPartyEndpoint,
     expiryDate: ZonedDateTime
 ) {
-    val authorization = CertificationPath.deserialize(authorizationSerialized)
+    val params = PrivateEndpointConnParams.deserialize(paramsSerialized)
+
+    assertEquals(
+        firstPartyEndpoint.publicKey,
+        params.identityKey
+    )
+
+    assertEquals(
+        firstPartyEndpoint.internetAddress,
+        params.internetGatewayAddress
+    )
+
+    val authorization = params.deliveryAuth
     // PDA
     val pda = authorization.leafCertificate
     assertEquals(