diff --git a/src/main/java/com/siemens/pki/cmpracomponent/msggeneration/MsgOutputProtector.java b/src/main/java/com/siemens/pki/cmpracomponent/msggeneration/MsgOutputProtector.java index 04c36adb..78dfc274 100644 --- a/src/main/java/com/siemens/pki/cmpracomponent/msggeneration/MsgOutputProtector.java +++ b/src/main/java/com/siemens/pki/cmpracomponent/msggeneration/MsgOutputProtector.java @@ -83,11 +83,11 @@ public MsgOutputProtector( suppressRedundantExtraCerts = config.getSuppressRedundantExtraCerts(); reprotectMode = config.getReprotectMode(); recipient = ifNotNull(config.getRecipient(), rec -> new GeneralName(new X500Name(rec))); - final CredentialContext verificationCredentials = ifNotNull(messageContext, MessageContext::getCredentialContext); + final CredentialContext verificationCredentials = + ifNotNull(messageContext, MessageContext::getCredentialContext); if (verificationCredentials instanceof SharedSecretCredentialContext) { protectionCredentials = verificationCredentials; - } - else { + } else { protectionCredentials = config.getOutputCredentials(); if (reprotectMode == ReprotectMode.reprotect && protectionCredentials == null) { throw new CmpProcessingException( @@ -118,7 +118,6 @@ public MsgOutputProtector(final NestedEndpointContext config, final String inter // new MsgoutputProtector with CredentialContext == VerificationContext.credentials - /** * generate and protect a request * @param headerProvider the header to use diff --git a/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/RaDownstream.java b/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/RaDownstream.java index 7ae8ab6f..e5685c1e 100644 --- a/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/RaDownstream.java +++ b/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/RaDownstream.java @@ -168,8 +168,10 @@ private MsgOutputProtector getOutputProtector(final MessageContext messageContex throws Exception { return new MsgOutputProtector( config.getDownstreamConfiguration( - ifNotNull(ifNotNull(messageContext, MessageContext::getPersistencyContext), - PersistencyContext::getCertProfile), bodyType), + ifNotNull( + ifNotNull(messageContext, MessageContext::getPersistencyContext), + PersistencyContext::getCertProfile), + bodyType), INTERFACE_NAME, messageContext); } @@ -377,7 +379,8 @@ PKIMessage handleInputMessage(final PKIMessage in) { final PKIMessage[] responses = Arrays.stream(embeddedMessages) .map(this::handleInputMessage) .toArray(PKIMessage[]::new); - return getOutputProtector(new MessageContext(persistencyContext, credentialContext), PKIBody.TYPE_NESTED) + return getOutputProtector( + new MessageContext(persistencyContext, credentialContext), PKIBody.TYPE_NESTED) .generateAndProtectResponseTo( in, new PKIBody(PKIBody.TYPE_NESTED, new PKIMessages(responses))); } @@ -401,8 +404,7 @@ PKIMessage handleInputMessage(final PKIMessage in) { issuingChain = persistencyContext.getIssuingChain(); break; case PKIBody.TYPE_POLL_REP: - retryAfterTime = ((PollRepContent) - response.getBody().getContent()) + retryAfterTime = ((PollRepContent) response.getBody().getContent()) .getCheckAfter(0) .intPositiveValueExact(); issuingChain = null; @@ -421,13 +423,11 @@ PKIMessage handleInputMessage(final PKIMessage in) { } catch (final BaseCmpException e) { final PKIBody errorBody = e.asErrorBody(); responseBodyType = errorBody.getType(); - return getOutputProtector(messageContext, responseBodyType) - .generateAndProtectResponseTo(in, errorBody); + return getOutputProtector(messageContext, responseBodyType).generateAndProtectResponseTo(in, errorBody); } catch (final RuntimeException ex) { final PKIBody errorBody = new CmpProcessingException(INTERFACE_NAME, ex).asErrorBody(); responseBodyType = errorBody.getType(); - return getOutputProtector(messageContext, responseBodyType) - .generateAndProtectResponseTo(in, errorBody); + return getOutputProtector(messageContext, responseBodyType).generateAndProtectResponseTo(in, errorBody); } finally { if (persistencyContext != null) { int offset = config.getDownstreamTimeout( @@ -520,8 +520,8 @@ private PKIMessage handleRevocationRequest(PKIMessage incomingRequest, Persisten return incomingRequest; } - private PKIMessage handleValidatedRequest( - final PKIMessage incomingRequest, final MessageContext messageContext) throws Exception { + private PKIMessage handleValidatedRequest(final PKIMessage incomingRequest, final MessageContext messageContext) + throws Exception { // request pre processing // by default there is no pre processing PKIMessage preprocessedRequest = incomingRequest; @@ -551,8 +551,8 @@ private PKIMessage handleValidatedRequest( case PKIBody.TYPE_GEN_MSG: // try to handle locally persistencyContext.setRequestType(incomingRequest.getBody().getType()); - final PKIMessage genmResponse = new ServiceImplementation(config) - .handleValidatedInputMessage(incomingRequest, messageContext); + final PKIMessage genmResponse = + new ServiceImplementation(config).handleValidatedInputMessage(incomingRequest, messageContext); if (genmResponse != null) { return genmResponse; } diff --git a/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/ServiceImplementation.java b/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/ServiceImplementation.java index e76f2e33..73634e5c 100644 --- a/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/ServiceImplementation.java +++ b/src/main/java/com/siemens/pki/cmpracomponent/msgprocessing/ServiceImplementation.java @@ -205,9 +205,8 @@ protected PKIMessage handleValidatedInputMessage(final PKIMessage msg, final Mes final InfoTypeAndValue itav = ((GenMsgContent) msg.getBody().getContent()).toInfoTypeAndValueArray()[0]; final ASN1ObjectIdentifier infoType = itav.getInfoType(); - final SupportMessageHandlerInterface messageHandler = - config.getSupportMessageHandler(messageContext.getPersistencyContext().getCertProfile(), - infoType.getId()); + final SupportMessageHandlerInterface messageHandler = config.getSupportMessageHandler( + messageContext.getPersistencyContext().getCertProfile(), infoType.getId()); if (messageHandler == null) { return null; } diff --git a/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/InputValidator.java b/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/InputValidator.java index 6247269b..aba038be 100644 --- a/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/InputValidator.java +++ b/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/InputValidator.java @@ -23,8 +23,6 @@ import com.siemens.pki.cmpracomponent.util.MessageDumper; import com.siemens.pki.cmpracomponent.util.NullUtil.ExFunction; import java.util.Collection; -import java.util.HashMap; -import java.util.Map; import java.util.function.BiFunction; import java.util.function.BiPredicate; import org.bouncycastle.asn1.cmp.PKIFailureInfo; diff --git a/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PBMAC1ProtectionValidator.java b/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PBMAC1ProtectionValidator.java index db5225d8..e8ca3588 100644 --- a/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PBMAC1ProtectionValidator.java +++ b/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PBMAC1ProtectionValidator.java @@ -22,12 +22,11 @@ import com.siemens.pki.cmpracomponent.cryptoservices.AlgorithmHelper; import com.siemens.pki.cmpracomponent.cryptoservices.WrappedMac; import com.siemens.pki.cmpracomponent.cryptoservices.WrappedMacFactory; +import com.siemens.pki.cmpracomponent.protection.SharedSecretCredentials; import java.util.Arrays; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; import javax.crypto.spec.PBEKeySpec; - -import com.siemens.pki.cmpracomponent.protection.SharedSecretCredentials; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.cmp.PKIFailureInfo; import org.bouncycastle.asn1.cmp.PKIHeader; @@ -84,7 +83,8 @@ public CredentialContext validate(final PKIMessage message) throws BaseCmpExcept throw new CmpValidationException( getInterfaceName(), PKIFailureInfo.badMessageCheck, "PasswordBasedMac protection check failed"); } - return new SharedSecretCredentials(params, + return new SharedSecretCredentials( + params, pbmac1Params.getMessageAuthScheme().getAlgorithm().getId(), header.getSenderKID().getOctets(), passwordAsBytes); diff --git a/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PasswordBasedMacValidator.java b/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PasswordBasedMacValidator.java index 721239e8..b66516f2 100644 --- a/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PasswordBasedMacValidator.java +++ b/src/main/java/com/siemens/pki/cmpracomponent/msgvalidation/PasswordBasedMacValidator.java @@ -20,12 +20,11 @@ import com.siemens.pki.cmpracomponent.configuration.CredentialContext; import com.siemens.pki.cmpracomponent.configuration.VerificationContext; import com.siemens.pki.cmpracomponent.cryptoservices.AlgorithmHelper; +import com.siemens.pki.cmpracomponent.protection.SharedSecretCredentials; import java.security.MessageDigest; import java.util.Arrays; import javax.crypto.Mac; import javax.crypto.spec.SecretKeySpec; - -import com.siemens.pki.cmpracomponent.protection.SharedSecretCredentials; import org.bouncycastle.asn1.ASN1Encoding; import org.bouncycastle.asn1.cmp.PBMParameter; import org.bouncycastle.asn1.cmp.PKIFailureInfo; @@ -82,9 +81,8 @@ public CredentialContext validate(final PKIMessage message) throws BaseCmpExcept throw new CmpValidationException( getInterfaceName(), PKIFailureInfo.badMessageCheck, "PasswordBasedMac protection check failed"); } - return new SharedSecretCredentials(pbmParameter, - header.getSenderKID().getOctets(), - passwordAsBytes); + return new SharedSecretCredentials( + pbmParameter, header.getSenderKID().getOctets(), passwordAsBytes); } catch (final BaseCmpException cex) { throw cex; } catch (final Exception ex) { diff --git a/src/main/java/com/siemens/pki/cmpracomponent/protection/SharedSecretCredentials.java b/src/main/java/com/siemens/pki/cmpracomponent/protection/SharedSecretCredentials.java index 6fdba95a..c483a1b1 100644 --- a/src/main/java/com/siemens/pki/cmpracomponent/protection/SharedSecretCredentials.java +++ b/src/main/java/com/siemens/pki/cmpracomponent/protection/SharedSecretCredentials.java @@ -17,9 +17,7 @@ public class SharedSecretCredentials implements SharedSecretCredentialContext { final byte[] senderKID; final byte[] sharedSecret; - public SharedSecretCredentials(final PBMParameter pbmParameter, - final byte[] senderKID, - final byte[] sharedSecret) { + public SharedSecretCredentials(final PBMParameter pbmParameter, final byte[] senderKID, final byte[] sharedSecret) { this.iterationCount = pbmParameter.getIterationCount().getValue().intValue(); this.macAlgorithm = pbmParameter.getMac().getAlgorithm().getId(); this.passwordBasedMacAlgorithm = CMPObjectIdentifiers.passwordBasedMac.getId(); @@ -31,10 +29,8 @@ public SharedSecretCredentials(final PBMParameter pbmParameter, this.keyLength = 0; } - public SharedSecretCredentials(PBKDF2Params pbkdf2Params, - String macAlgorithm, - byte[] senderKID, - byte[] sharedSecret) { + public SharedSecretCredentials( + PBKDF2Params pbkdf2Params, String macAlgorithm, byte[] senderKID, byte[] sharedSecret) { this.iterationCount = pbkdf2Params.getIterationCount().intValue(); this.macAlgorithm = macAlgorithm; this.keyLength = pbkdf2Params.getKeyLength().intValue(); diff --git a/src/test/java/com/siemens/pki/cmpracomponent/test/MacProtectionTestcasebase.java b/src/test/java/com/siemens/pki/cmpracomponent/test/MacProtectionTestcasebase.java index 0d6ca382..dc005da0 100644 --- a/src/test/java/com/siemens/pki/cmpracomponent/test/MacProtectionTestcasebase.java +++ b/src/test/java/com/siemens/pki/cmpracomponent/test/MacProtectionTestcasebase.java @@ -17,6 +17,8 @@ */ package com.siemens.pki.cmpracomponent.test; +import static org.junit.Assert.assertEquals; + import com.siemens.pki.cmpracomponent.configuration.Configuration; import com.siemens.pki.cmpracomponent.msggeneration.PkiMessageGenerator; import com.siemens.pki.cmpracomponent.protection.MacProtection; @@ -25,6 +27,8 @@ import com.siemens.pki.cmpracomponent.test.framework.EnrollmentResult; import com.siemens.pki.cmpracomponent.test.framework.HeaderProviderForTest; import com.siemens.pki.cmpracomponent.util.MessageDumper; +import java.security.KeyPair; +import java.util.function.Function; import org.bouncycastle.asn1.cmp.CMPCertificate; import org.bouncycastle.asn1.cmp.CertRepMessage; import org.bouncycastle.asn1.cmp.PKIBody; @@ -36,12 +40,6 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; - -import java.security.KeyPair; -import java.util.function.Function; - -import static org.junit.Assert.assertEquals; - public class MacProtectionTestcasebase extends OnlineEnrollmentTestcaseBase { private static final Logger LOGGER = LoggerFactory.getLogger(MacProtectionTestcasebase.class); @@ -93,10 +91,9 @@ public static EnrollmentResult executeCrmfCertificateRequest( if (expectedResponseMessageType == PKIBody.TYPE_ERROR) { return new EnrollmentResult(null, null); - } - else { + } else { final CMPCertificate enrolledCertificate = ((CertRepMessage) - crResponse.getBody().getContent()) + crResponse.getBody().getContent()) .getResponse()[0] .getCertifiedKeyPair() .getCertOrEncCert() diff --git a/src/test/java/com/siemens/pki/cmpracomponent/test/TestMacProtectedIp.java b/src/test/java/com/siemens/pki/cmpracomponent/test/TestMacProtectedIp.java index 76a2b401..d1fc370c 100644 --- a/src/test/java/com/siemens/pki/cmpracomponent/test/TestMacProtectedIp.java +++ b/src/test/java/com/siemens/pki/cmpracomponent/test/TestMacProtectedIp.java @@ -17,7 +17,6 @@ */ package com.siemens.pki.cmpracomponent.test; -import com.siemens.pki.cmpracomponent.protection.ProtectionProvider; import com.siemens.pki.cmpracomponent.test.framework.ConfigurationFactory; import org.bouncycastle.asn1.cmp.PKIBody; import org.junit.Ignore;