Implement unwrapping

relaycorp · Jul 17, 2020 · d949dbf · d949dbf
1 parent 10c8556
commit d949dbf
Show file tree

Hide file tree

Showing 12 changed files with 84 additions and 11 deletions.
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorization.kt b/src/main/kotlin/tech/relaycorp/relaynet/messages/CargoCollectionAuthorization.kt
@@ -1,5 +1,6 @@
 package tech.relaycorp.relaynet.messages
 
+import tech.relaycorp.relaynet.messages.payloads.EmptyPayloadPlaintext
 import tech.relaycorp.relaynet.ramf.RAMFException
 import tech.relaycorp.relaynet.ramf.RAMFMessage
 import tech.relaycorp.relaynet.ramf.RAMFMessageCompanion
@@ -21,7 +22,7 @@ class CargoCollectionAuthorization(
     creationDate: ZonedDateTime? = null,
     ttl: Int? = null,
     senderCertificateChain: Set<Certificate>? = null
-) : RAMFMessage(
+) : RAMFMessage<EmptyPayloadPlaintext>(
     SERIALIZER,
     recipientAddress,
     payload,
@@ -31,6 +32,10 @@ class CargoCollectionAuthorization(
     ttl,
     senderCertificateChain
 ) {
+    override fun deserializePayload(payloadPlaintext: ByteArray): EmptyPayloadPlaintext {
+        TODO("Not yet implemented")
+    }
+
     companion object : RAMFMessageCompanion<CargoCollectionAuthorization> {
         /**
          * Deserialize a CCA

diff --git a/src/main/kotlin/tech/relaycorp/relaynet/messages/Parcel.kt b/src/main/kotlin/tech/relaycorp/relaynet/messages/Parcel.kt
@@ -1,5 +1,6 @@
 package tech.relaycorp.relaynet.messages
 
+import tech.relaycorp.relaynet.messages.payloads.ServiceMessage
 import tech.relaycorp.relaynet.ramf.RAMFException
 import tech.relaycorp.relaynet.ramf.RAMFMessage
 import tech.relaycorp.relaynet.ramf.RAMFMessageCompanion
@@ -21,7 +22,7 @@ class Parcel(
     creationDate: ZonedDateTime? = null,
     ttl: Int? = null,
     senderCertificateChain: Set<Certificate>? = null
-) : RAMFMessage(
+) : RAMFMessage<ServiceMessage>(
     SERIALIZER,
     recipientAddress,
     payload,
@@ -31,6 +32,10 @@ class Parcel(
     ttl,
     senderCertificateChain
 ) {
+    override fun deserializePayload(payloadPlaintext: ByteArray): ServiceMessage {
+        TODO("Not yet implemented")
+    }
+
     companion object : RAMFMessageCompanion<Parcel> {
         /**
          * Deserialize parcel

diff --git a/src/main/kotlin/tech/relaycorp/relaynet/messages/payloads/EmptyPayloadPlaintext.kt b/src/main/kotlin/tech/relaycorp/relaynet/messages/payloads/EmptyPayloadPlaintext.kt
@@ -0,0 +1,7 @@
+package tech.relaycorp.relaynet.messages.payloads
+
+class EmptyPayloadPlaintext : PayloadPlaintext {
+    override fun serialize(): ByteArray {
+        TODO("Not yet implemented")
+    }
+}
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/messages/payloads/ServiceMessage.kt b/src/main/kotlin/tech/relaycorp/relaynet/messages/payloads/ServiceMessage.kt
@@ -0,0 +1,7 @@
+package tech.relaycorp.relaynet.messages.payloads
+
+class ServiceMessage : PayloadPlaintext {
+    override fun serialize(): ByteArray {
+        TODO("Not yet implemented")
+    }
+}
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessage.kt b/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessage.kt
@@ -3,6 +3,9 @@ package tech.relaycorp.relaynet.ramf
 import tech.relaycorp.relaynet.HashingAlgorithm
 import tech.relaycorp.relaynet.dateToZonedDateTime
 import tech.relaycorp.relaynet.messages.payloads.PayloadPlaintext
+import tech.relaycorp.relaynet.wrappers.cms.EnvelopedData
+import tech.relaycorp.relaynet.wrappers.cms.EnvelopedDataException
+import tech.relaycorp.relaynet.wrappers.cms.SessionlessEnvelopedData
 import tech.relaycorp.relaynet.wrappers.x509.Certificate
 import tech.relaycorp.relaynet.wrappers.x509.CertificateException
 import java.net.MalformedURLException
@@ -114,8 +117,6 @@ abstract class RAMFMessage<Payload : PayloadPlaintext> internal constructor(
         return this.serializer.serialize(this, senderPrivateKey, hashingAlgorithm)
     }
 
-    protected abstract fun deserializePayload(payloadPlaintext: ByteArray): Payload
-
     /**
      * Validate the message.
      *
@@ -134,6 +135,23 @@ abstract class RAMFMessage<Payload : PayloadPlaintext> internal constructor(
         validateRecipientAddress()
     }
 
+    /**
+     * Decrypt and deserialize payload.
+     *
+     * @throws EnvelopedDataException if the CMS EnvelopedData value is invalid or the
+     *      `privateKey` is invalid.
+     * @throws RAMFException if the plaintext is invalid.
+     */
+    @Throws(RAMFException::class, EnvelopedDataException::class)
+    fun unwrapPayload(privateKey: PrivateKey): Payload {
+        val envelopedData = EnvelopedData.deserialize(payload) as SessionlessEnvelopedData
+        val plaintext = envelopedData.decrypt(privateKey)
+        return deserializePayload(plaintext)
+    }
+
+    @Throws(RAMFException::class)
+    protected abstract fun deserializePayload(payloadPlaintext: ByteArray): Payload
+
     private fun validateTiming() {
         val now = ZonedDateTime.now(UTC)
         if (now < creationDate) {

diff --git a/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessageCompanion.kt b/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessageCompanion.kt
@@ -2,7 +2,7 @@ package tech.relaycorp.relaynet.ramf
 
 import java.io.InputStream
 
-internal interface RAMFMessageCompanion<Message : RAMFMessage> {
+internal interface RAMFMessageCompanion<Message : RAMFMessage<*>> {
     fun deserialize(serialization: ByteArray): Message
     fun deserialize(serialization: InputStream): Message
 }
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFSerializer.kt b/src/main/kotlin/tech/relaycorp/relaynet/ramf/RAMFSerializer.kt
@@ -47,7 +47,7 @@ private data class FieldSet(
 
 internal class RAMFSerializer(val concreteMessageType: Byte, val concreteMessageVersion: Byte) {
     fun serialize(
-        message: RAMFMessage,
+        message: RAMFMessage<*>,
         signerPrivateKey: PrivateKey,
         hashingAlgorithm: HashingAlgorithm? = null
     ): ByteArray {
@@ -71,7 +71,7 @@ internal class RAMFSerializer(val concreteMessageType: Byte, val concreteMessage
     }
 
     @Throws(IOException::class)
-    private fun serializeMessage(message: RAMFMessage): ByteArray {
+    private fun serializeMessage(message: RAMFMessage<*>): ByteArray {
         val reverseOS = ReverseByteArrayOutputStream(1000, true)
         var codeLength = 0
 

diff --git a/src/main/kotlin/tech/relaycorp/relaynet/wrappers/cms/EnvelopedDataException.kt b/src/main/kotlin/tech/relaycorp/relaynet/wrappers/cms/EnvelopedDataException.kt
@@ -2,5 +2,5 @@ package tech.relaycorp.relaynet.wrappers.cms
 
 import tech.relaycorp.relaynet.RelaynetException
 
-internal class EnvelopedDataException(message: String, cause: Throwable? = null) :
+class EnvelopedDataException internal constructor(message: String, cause: Throwable? = null) :
     RelaynetException(message, cause)
diff --git a/src/test/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessageTest.kt b/src/test/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessageTest.kt
@@ -5,6 +5,7 @@ import org.junit.jupiter.api.assertThrows
 import tech.relaycorp.relaynet.HashingAlgorithm
 import tech.relaycorp.relaynet.issueStubCertificate
 import tech.relaycorp.relaynet.wrappers.cms.HASHING_ALGORITHM_OIDS
+import tech.relaycorp.relaynet.wrappers.cms.SessionlessEnvelopedData
 import tech.relaycorp.relaynet.wrappers.cms.parseCmsSignedData
 import tech.relaycorp.relaynet.wrappers.generateRSAKeyPair
 import tech.relaycorp.relaynet.wrappers.x509.Certificate
@@ -464,6 +465,25 @@ class RAMFMessageTest {
         }
     }
 
+    @Nested
+    inner class UnwrapPayload {
+        @Test
+        fun `SessionlessEnvelopedData payload should be decrypted`() {
+            val payloadPlaintext = StubPayload("the payload")
+            val recipientKeyPair = generateRSAKeyPair()
+            val recipientCertificate =
+                issueStubCertificate(recipientKeyPair.public, recipientKeyPair.private)
+            val payloadCiphertext =
+                SessionlessEnvelopedData.encrypt(payloadPlaintext.serialize(), recipientCertificate)
+            val message =
+                StubRAMFMessage(recipientAddress, payloadCiphertext.serialize(), senderCertificate)
+
+            val plaintextDeserialized = message.unwrapPayload(recipientKeyPair.private)
+
+            assertEquals(payloadPlaintext.payload, plaintextDeserialized.payload)
+        }
+    }
+
     @Nested
     inner class IsRecipientAddressPrivate {
         @Test

diff --git a/src/test/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessageTesting.kt b/src/test/kotlin/tech/relaycorp/relaynet/ramf/RAMFMessageTesting.kt
@@ -14,7 +14,7 @@ private val senderCertificate = issueStubCertificate(keyPair.public, keyPair.pri
 
 typealias MinimalRAMFMessageConstructor<M> = (String, ByteArray, Certificate) -> M
 
-fun <M : RAMFMessage> makeRAMFMessageConstructorTests(
+fun <M : RAMFMessage<*>> makeRAMFMessageConstructorTests(
     messageConstructor: RAMFMessageConstructor<M>,
     requiredParamsConstructor: MinimalRAMFMessageConstructor<M>,
     expectedConcreteMessageType: Byte,
@@ -103,7 +103,7 @@ fun <M : RAMFMessage> makeRAMFMessageConstructorTests(
     )
 }
 
-internal fun <M : RAMFMessage> makeRAMFMessageCompanionTests(
+internal fun <M : RAMFMessage<*>> makeRAMFMessageCompanionTests(
     companion: RAMFMessageCompanion<M>,
     messageConstructor: RAMFMessageConstructor<M>
 ): Collection<DynamicTest> {

diff --git a/src/test/kotlin/tech/relaycorp/relaynet/ramf/StubPayload.kt b/src/test/kotlin/tech/relaycorp/relaynet/ramf/StubPayload.kt
@@ -0,0 +1,7 @@
+package tech.relaycorp.relaynet.ramf
+
+import tech.relaycorp.relaynet.messages.payloads.PayloadPlaintext
+
+class StubPayload(val payload: String) : PayloadPlaintext {
+    override fun serialize() = payload.toByteArray()
+}
diff --git a/src/test/kotlin/tech/relaycorp/relaynet/ramf/StubRAMFMessage.kt b/src/test/kotlin/tech/relaycorp/relaynet/ramf/StubRAMFMessage.kt
@@ -2,6 +2,7 @@ package tech.relaycorp.relaynet.ramf
 
 import tech.relaycorp.relaynet.wrappers.x509.Certificate
 import java.io.InputStream
+import java.nio.charset.Charset
 import java.time.ZonedDateTime
 
 internal val STUB_SERIALIZER = RAMFSerializer(32, 0)
@@ -14,7 +15,7 @@ internal class StubRAMFMessage(
     creationDate: ZonedDateTime? = null,
     ttl: Int? = null,
     senderCertificateChain: Set<Certificate>? = null
-) : RAMFMessage(
+) : RAMFMessage<StubPayload>(
     STUB_SERIALIZER,
     recipientAddress,
     payload,
@@ -24,6 +25,9 @@ internal class StubRAMFMessage(
     ttl,
     senderCertificateChain
 ) {
+    override fun deserializePayload(payloadPlaintext: ByteArray) =
+        StubPayload(payloadPlaintext.toString(Charset.forName("ASCII")))
+
     companion object : RAMFMessageCompanion<StubRAMFMessage> {
         override fun deserialize(serialization: ByteArray) =
             STUB_SERIALIZER.deserialize(serialization, ::StubRAMFMessage)