From 75c758cae72c94926e1f7354d0855d491d4fb229 Mon Sep 17 00:00:00 2001 From: Gus Narea Date: Fri, 19 Nov 2021 11:02:26 +0000 Subject: [PATCH] fix(RAMF): Encrypt Cargo Collection Requests inside CCAs (#205) * fix(RAMF): Encrypt Cargo Collection Requests inside CCAs * delete UnencryptedRAMFMessage --- .../messages/CargoCollectionAuthorization.kt | 9 ++-- .../relaynet/ramf/UnencryptedRAMFMessage.kt | 28 ------------ .../CargoCollectionAuthorizationTest.kt | 45 ++++++++++++++++--- 3 files changed, 44 insertions(+), 38 deletions(-) delete mode 100644 src/main/kotlin/tech/relaycorp/relaynet/ramf/UnencryptedRAMFMessage.kt diff --git a/src/main/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorization.kt b/src/main/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorization.kt index 0072dd3a..8bf99e71 100644 --- a/src/main/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorization.kt +++ b/src/main/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorization.kt @@ -2,11 +2,11 @@ package tech.relaycorp.relaynet.messages import java.io.InputStream import java.time.ZonedDateTime -import tech.relaycorp.relaynet.messages.payloads.EmptyPayload +import tech.relaycorp.relaynet.messages.payloads.CargoCollectionRequest +import tech.relaycorp.relaynet.ramf.EncryptedRAMFMessage import tech.relaycorp.relaynet.ramf.RAMFException import tech.relaycorp.relaynet.ramf.RAMFMessageCompanion import tech.relaycorp.relaynet.ramf.RAMFSerializer -import tech.relaycorp.relaynet.ramf.UnencryptedRAMFMessage import tech.relaycorp.relaynet.wrappers.x509.Certificate private val SERIALIZER = RAMFSerializer(0x44, 0x00) @@ -22,7 +22,7 @@ class CargoCollectionAuthorization( creationDate: ZonedDateTime? = null, ttl: Int? = null, senderCertificateChain: Set? = null -) : UnencryptedRAMFMessage( +) : EncryptedRAMFMessage( SERIALIZER, recipientAddress, payload, @@ -32,7 +32,8 @@ class CargoCollectionAuthorization( ttl, senderCertificateChain ) { - override fun deserializePayload() = EmptyPayload.deserialize(payload) + override fun deserializePayload(payloadPlaintext: ByteArray) = + CargoCollectionRequest.deserialize(payloadPlaintext) companion object : RAMFMessageCompanion { /** diff --git a/src/main/kotlin/tech/relaycorp/relaynet/ramf/UnencryptedRAMFMessage.kt b/src/main/kotlin/tech/relaycorp/relaynet/ramf/UnencryptedRAMFMessage.kt deleted file mode 100644 index 49e00633..00000000 --- a/src/main/kotlin/tech/relaycorp/relaynet/ramf/UnencryptedRAMFMessage.kt +++ /dev/null @@ -1,28 +0,0 @@ -package tech.relaycorp.relaynet.ramf - -import java.time.ZonedDateTime -import tech.relaycorp.relaynet.messages.payloads.UnencryptedPayload -import tech.relaycorp.relaynet.wrappers.x509.Certificate - -abstract class UnencryptedRAMFMessage

internal constructor( - serializer: RAMFSerializer, - recipientAddress: String, - payload: ByteArray, - senderCertificate: Certificate, - messageId: String?, - creationDate: ZonedDateTime?, - ttl: Int?, - senderCertificateChain: Set? -) : RAMFMessage

( - serializer, - recipientAddress, - payload, - senderCertificate, - messageId, - creationDate, - ttl, - senderCertificateChain -) { - @Throws(RAMFException::class) - abstract fun deserializePayload(): P -} diff --git a/src/test/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorizationTest.kt b/src/test/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorizationTest.kt index 674f2aaf..2659c886 100644 --- a/src/test/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorizationTest.kt +++ b/src/test/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorizationTest.kt @@ -1,10 +1,19 @@ package tech.relaycorp.relaynet.messages import kotlin.test.Test +import kotlin.test.assertEquals +import kotlinx.coroutines.ExperimentalCoroutinesApi +import kotlinx.coroutines.test.runBlockingTest +import org.junit.jupiter.api.BeforeEach +import tech.relaycorp.relaynet.SessionKeyPair +import tech.relaycorp.relaynet.messages.payloads.CargoCollectionRequest import tech.relaycorp.relaynet.ramf.RAMFSpecializationTestCase +import tech.relaycorp.relaynet.utils.CDACertPath import tech.relaycorp.relaynet.utils.ID_CERTIFICATE +import tech.relaycorp.relaynet.utils.MockPrivateKeyStore import tech.relaycorp.relaynet.wrappers.x509.Certificate +@OptIn(ExperimentalCoroutinesApi::class) internal class CargoCollectionAuthorizationTest : RAMFSpecializationTestCase( ::CargoCollectionAuthorization, @@ -13,12 +22,36 @@ internal class CargoCollectionAuthorizationTest : 0x00, CargoCollectionAuthorization.Companion ) { - @Test - fun `Payload deserialization should be delegated to EmptyPayload`() { - val cca = CargoCollectionAuthorization( - "https://gb.relaycorp.tech", "".toByteArray(), ID_CERTIFICATE - ) + private val recipientSessionKeyPair = SessionKeyPair.generate() + private val senderSessionKeyPair = SessionKeyPair.generate() - cca.deserializePayload() + private val privateKeyStore = MockPrivateKeyStore() + + @BeforeEach + fun registerSessionKey() = runBlockingTest { + privateKeyStore.saveSessionKey( + recipientSessionKeyPair.privateKey, + recipientSessionKeyPair.sessionKey.keyId, + CDACertPath.PRIVATE_GW.subjectPrivateAddress, + CDACertPath.PUBLIC_GW.subjectPrivateAddress, + ) } + + @Test + fun `Payload deserialization should be delegated to CargoCollectionRequest`() = + runBlockingTest { + val ccr = CargoCollectionRequest(CDACertPath.PUBLIC_GW) + val cca = CargoCollectionAuthorization( + CDACertPath.PUBLIC_GW.subjectPrivateAddress, + ccr.encrypt(recipientSessionKeyPair.sessionKey, senderSessionKeyPair), + ID_CERTIFICATE + ) + + val (payloadDeserialized) = cca.unwrapPayload(recipientSessionKeyPair.privateKey) + + assertEquals( + ccr.cargoDeliveryAuthorization, + payloadDeserialized.cargoDeliveryAuthorization + ) + } }