diff --git a/lib/build.gradle b/lib/build.gradle index 91de8f8d..53d47115 100644 --- a/lib/build.gradle +++ b/lib/build.gradle @@ -64,7 +64,7 @@ dependencies { implementation "org.jetbrains.kotlinx:kotlinx-coroutines-core:$kotlinCoroutinesVersion" // Awala - implementation 'tech.relaycorp:awala:1.66.6' + implementation 'tech.relaycorp:awala:1.67.1' implementation 'tech.relaycorp:awala-keystore-file:1.6.13' implementation 'tech.relaycorp:poweb:1.5.35' testImplementation 'tech.relaycorp:awala-testing:1.5.13' diff --git a/lib/src/main/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpoint.kt b/lib/src/main/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpoint.kt index 4e6281e5..75fb8728 100644 --- a/lib/src/main/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpoint.kt +++ b/lib/src/main/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpoint.kt @@ -13,6 +13,7 @@ import tech.relaycorp.awaladroid.common.Logging.logger import tech.relaycorp.awaladroid.common.toKeyPair import tech.relaycorp.awaladroid.messaging.OutgoingMessage import tech.relaycorp.awaladroid.storage.persistence.PersistenceException +import tech.relaycorp.relaynet.PrivateEndpointConnParams import tech.relaycorp.relaynet.issueDeliveryAuthorization import tech.relaycorp.relaynet.keystores.KeyStoreBackendException import tech.relaycorp.relaynet.keystores.MissingKeyException @@ -48,7 +49,7 @@ internal constructor( * Issue a PDA for a third-party endpoint. */ @Throws(CertificateException::class) - public fun issueAuthorization( + public suspend fun issueAuthorization( thirdPartyEndpoint: ThirdPartyEndpoint, expiryDate: ZonedDateTime ): ByteArray = @@ -61,7 +62,7 @@ internal constructor( * Issue a PDA for a third-party endpoint using its public key. */ @Throws(CertificateException::class) - public fun issueAuthorization( + public suspend fun issueAuthorization( thirdPartyEndpointPublicKeySerialized: ByteArray, expiryDate: ZonedDateTime ): ByteArray { @@ -71,7 +72,7 @@ internal constructor( } @Throws(CertificateException::class) - private fun issueAuthorization( + private suspend fun issueAuthorization( thirdPartyEndpointPublicKey: PublicKey, expiryDate: ZonedDateTime ): ByteArray { @@ -81,8 +82,21 @@ internal constructor( validityEndDate = expiryDate, issuerCertificate = identityCertificate ) - val path = CertificationPath(pda, pdaChain) - return path.serialize() + val deliveryAuth = CertificationPath(pda, pdaChain) + + val context = Awala.getContextOrThrow() + val sessionKeyPair = context.endpointManager.generateSessionKeyPair( + nodeId, + thirdPartyEndpointPublicKey.nodeId + ) + + val connParams = PrivateEndpointConnParams( + this.publicKey, + this.internetAddress, + deliveryAuth, + sessionKeyPair.sessionKey, + ) + return connParams.serialize() } /** diff --git a/lib/src/test/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpointTest.kt b/lib/src/test/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpointTest.kt index 281864dd..99c7eb01 100644 --- a/lib/src/test/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpointTest.kt +++ b/lib/src/test/java/tech/relaycorp/awaladroid/endpoint/FirstPartyEndpointTest.kt @@ -32,10 +32,10 @@ import tech.relaycorp.awaladroid.test.RecipientAddressType import tech.relaycorp.awaladroid.test.ThirdPartyEndpointFactory import tech.relaycorp.awaladroid.test.assertSameDateTime import tech.relaycorp.awaladroid.test.setAwalaContext +import tech.relaycorp.relaynet.PrivateEndpointConnParams import tech.relaycorp.relaynet.issueEndpointCertificate import tech.relaycorp.relaynet.keystores.KeyStoreBackendException import tech.relaycorp.relaynet.messages.control.PrivateNodeRegistration -import tech.relaycorp.relaynet.pki.CertificationPath import tech.relaycorp.relaynet.testing.keystores.MockCertificateStore import tech.relaycorp.relaynet.testing.keystores.MockPrivateKeyStore import tech.relaycorp.relaynet.testing.pki.KeyPairSet @@ -312,10 +312,12 @@ internal class FirstPartyEndpointTest : MockContextTestCase() { val expiryDate = ZonedDateTime.now().plusDays(1) val exception = assertThrows(AuthorizationIssuanceException::class.java) { - firstPartyEndpoint.issueAuthorization( - "This is not a key".toByteArray(), - expiryDate - ) + runBlocking { + firstPartyEndpoint.issueAuthorization( + "This is not a key".toByteArray(), + expiryDate + ) + } } assertEquals("PDA grantee public key is not a valid RSA public key", exception.message) @@ -415,7 +417,8 @@ internal class FirstPartyEndpointTest : MockContextTestCase() { val (serviceMessage) = outgoingMessage.parcel.unwrapPayload(channel.thirdPartySessionKeyPair.privateKey) assertEquals("application/vnd+relaycorp.awala.pda-path", serviceMessage.type) - val pdaPath = CertificationPath.deserialize(serviceMessage.content) + val params = PrivateEndpointConnParams.deserialize(serviceMessage.content) + val pdaPath = params.deliveryAuth pdaPath.validate() assertEquals( channel.thirdPartyEndpoint.identityKey, @@ -440,11 +443,23 @@ internal class FirstPartyEndpointTest : MockContextTestCase() { } private fun validateAuthorization( - authorizationSerialized: ByteArray, + paramsSerialized: ByteArray, firstPartyEndpoint: FirstPartyEndpoint, expiryDate: ZonedDateTime ) { - val authorization = CertificationPath.deserialize(authorizationSerialized) + val params = PrivateEndpointConnParams.deserialize(paramsSerialized) + + assertEquals( + firstPartyEndpoint.publicKey, + params.identityKey + ) + + assertEquals( + firstPartyEndpoint.internetAddress, + params.internetGatewayAddress + ) + + val authorization = params.deliveryAuth // PDA val pda = authorization.leafCertificate assertEquals(