Add new version 3.3

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/EncryptorFactory.java

@@ -62,7 +62,7 @@ public ClientEncryptor getClientEncryptor(EncryptorId encryptorId, EncryptorPara
         validateParameters(encryptorId, encryptorParameters);
         final ClientEncryptor encryptor;
         switch (encryptorParameters.getProtocolVersion()) {
-            case "3.2", "3.1", "3.0" -> {
+            case "3.3", "3.2", "3.1", "3.0" -> {
                 encryptor = new ClientEciesEncryptor(encryptorId, encryptorParameters);
             }
             default -> {
@@ -106,7 +106,7 @@ public ServerEncryptor getServerEncryptor(EncryptorId encryptorId, EncryptorPara
         validateParameters(encryptorId, encryptorParameters);
         final ServerEncryptor encryptor;
         switch (encryptorParameters.getProtocolVersion()) {
-            case "3.2", "3.1", "3.0" -> {
+            case "3.3", "3.2", "3.1", "3.0" -> {
                 encryptor = new ServerEciesEncryptor(encryptorId, encryptorParameters);
             }
             default -> {
@@ -154,7 +154,7 @@ public RequestResponseValidator getRequestResponseValidator(String protocolVersi
             throw new EncryptorException("Missing protocolVersion parameter");
         }
         switch (protocolVersion) {
-            case "3.2", "3.1", "3.0" -> {
+            case "3.3", "3.2", "3.1", "3.0" -> {
                 return new EciesRequestResponseValidator(protocolVersion);
             }
             default -> {

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesRequestResponseValidator.java

@@ -33,7 +33,7 @@ public class EciesRequestResponseValidator implements RequestResponseValidator {
     /**
      * Protocol versions supported in this validator.
      */
-    private final static Set<String> supportedVersions = Set.of("3.2", "3.1", "3.0");
+    private final static Set<String> supportedVersions = Set.of("3.3", "3.2", "3.1", "3.0");
 
     /**
      * Indicate that request and response must contain timestamp and nonce. This is valid for protocol V3.2+.
@@ -53,8 +53,8 @@ public EciesRequestResponseValidator(String protocolVersion) throws EncryptorExc
         if (!supportedVersions.contains(protocolVersion)) {
             throw new EncryptorException("Unsupported protocol version " + protocolVersion);
         }
-        this.useTimestamp = "3.2".equals(protocolVersion);
-        this.useNonceForRequest = "3.2".equals(protocolVersion) || "3.1".equals(protocolVersion);
+        this.useTimestamp = "3.3".equals(protocolVersion) || "3.2".equals(protocolVersion);
+        this.useNonceForRequest = "3.3".equals(protocolVersion) || "3.2".equals(protocolVersion) || "3.1".equals(protocolVersion);
     }
 
     @Override

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java

@@ -70,28 +70,42 @@ public static byte[] deriveAssociatedData(EncryptorScope scope, String protocolV
         if (protocolVersion == null) {
             throw new EciesException("Protocol version is missing");
         }
-        if ("3.2".equals(protocolVersion)) {
-            if (applicationKey == null) {
-                throw new EciesException("Application key is missing");
+        switch (protocolVersion) {
+            case "3.2": {
+                if (applicationKey == null) {
+                    throw new EciesException("Application key is missing");
+                }
+                if (scope == EncryptorScope.ACTIVATION_SCOPE) {
+                    if (activationId == null) {
+                        throw new EciesException("Activation ID is missing in ACTIVATION_SCOPE");
+                    }
+                    return ByteUtils.concatStrings(protocolVersion, applicationKey, activationId);
+                } else {
+                    return ByteUtils.concatStrings(protocolVersion, applicationKey);
+                }
             }
-            if (scope == EncryptorScope.ACTIVATION_SCOPE) {
-                if (activationId == null) {
-                    throw new EciesException("Activation ID is missing in ACTIVATION_SCOPE");
+            case "3.3": {
+                if (applicationKey == null) {
+                    throw new EciesException("Application key is missing");
                 }
-                if (temporaryKeyId != null) {
+                if (scope == EncryptorScope.ACTIVATION_SCOPE) {
+                    if (activationId == null) {
+                        throw new EciesException("Activation ID is missing in ACTIVATION_SCOPE");
+                    }
+                    if (temporaryKeyId == null) {
+                        throw new EciesException("Missing temporary key identifier");
+                    }
                     return ByteUtils.concatStrings(protocolVersion, applicationKey, activationId, temporaryKeyId);
                 } else {
-                    return ByteUtils.concatStrings(protocolVersion, applicationKey, activationId);
-                }
-            } else {
-                if (temporaryKeyId != null) {
+                    if (temporaryKeyId == null) {
+                        throw new EciesException("Missing temporary key identifier");
+                    }
                     return ByteUtils.concatStrings(protocolVersion, applicationKey, temporaryKeyId);
-                } else {
-                    return ByteUtils.concatStrings(protocolVersion, applicationKey);
                 }
             }
-        } else {
-            return null;
+            default: {
+                return null;
+            }
         }
     }
 
@@ -139,24 +153,28 @@ public static byte[] deriveSharedInfo2(String protocolVersion, byte[] sharedInfo
         if (sharedInfo2Base == null) {
             throw new EciesException("Missing sharedInfo2Base parameter");
         }
-        if ("3.2".equals(protocolVersion)) {
-            if (nonce == null) {
-                throw new EciesException("Missing nonce parameter");
-            }
-            if (timestamp == null) {
-                throw new EciesException("Missing timestamp parameter");
+        switch (protocolVersion) {
+            case "3.3", "3.2": {
+                if (nonce == null) {
+                    throw new EciesException("Missing nonce parameter");
+                }
+                if (timestamp == null) {
+                    throw new EciesException("Missing timestamp parameter");
+                }
+                if (associatedData == null) {
+                    throw new EciesException("Missing associatedData parameter");
+                }
+                return ByteUtils.concatWithSizes(
+                        sharedInfo2Base,
+                        nonce,
+                        ByteBuffer.allocate(Long.BYTES).putLong(timestamp).array(),
+                        ephemeralPublicKey,
+                        associatedData);
             }
-            if (associatedData == null) {
-                throw new EciesException("Missing associatedData parameter");
+            default: {
+                return sharedInfo2Base;
             }
-            return ByteUtils.concatWithSizes(
-                    sharedInfo2Base,
-                    nonce,
-                    ByteBuffer.allocate(Long.BYTES).putLong(timestamp).array(),
-                    ephemeralPublicKey,
-                    associatedData);
         }
-        return sharedInfo2Base;
     }
 
 }

powerauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/TokenUtils.java

@@ -102,7 +102,7 @@ public byte[] computeTokenDigest(byte[] nonce, byte[] timestamp, String version,
         final byte[] amp = "&".getBytes(StandardCharsets.UTF_8);
         final byte[] data;
         switch (version) {
-            case "3.2" -> data = ByteUtils.concat(nonce, amp, timestamp, amp, version.getBytes(StandardCharsets.UTF_8));
+            case "3.3", "3.2" -> data = ByteUtils.concat(nonce, amp, timestamp, amp, version.getBytes(StandardCharsets.UTF_8));
             case "3.0", "3.1" -> data = ByteUtils.concat(nonce, amp, timestamp);
             default -> throw new GenericCryptoException("Unsupported version value was specified: " + version);
         }

powerauth-java-crypto/src/test/java/io/getlime/security/powerauth/crypto/encryption/GeneralEncryptorTest.java

@@ -385,12 +385,12 @@ void testRequestResponseObjectValidation(String version, EncryptorId encryptorId
         request.setEphemeralPublicKey(null);
         assertFalse(validator.validateEncryptedRequest(request));
 
-        if ("3.1".equals(version) || "3.2".equals(version)) {
+        if ("3.1".equals(version) || "3.2".equals(version) || "3.3".equals(version)) {
             request = copyRequest(validRequest);
             request.setNonce(null);
             assertFalse(validator.validateEncryptedRequest(request));
         }
-        if ("3.2".equals(version)) {
+        if ("3.2".equals(version) || "3.3".equals(version)) {
             request = copyRequest(validRequest);
             request.setTimestamp(null);
             assertFalse(validator.validateEncryptedRequest(request));
@@ -420,7 +420,7 @@ void testRequestResponseObjectValidation(String version, EncryptorId encryptorId
         response = copyResponse(validResponse);
         response.setEncryptedData(null);
         assertFalse(validator.validateEncryptedResponse(response));
-        if ("3.2".equals(version)) {
+        if ("3.2".equals(version) || "3.3".equals(version)) {
             response = copyResponse(validResponse);
             response.setTimestamp(null);
             assertFalse(validator.validateEncryptedResponse(response));
@@ -925,7 +925,7 @@ private EncryptorParameters getParametersForEncryptor(EncryptorId encryptorId, S
      */
     private EncryptorSecrets getClientSecrets(EncryptorId encryptorId, String protocolVersion) throws Exception {
         final boolean appScope = encryptorId.scope() == EncryptorScope.APPLICATION_SCOPE;
-        if ("3.0".equals(protocolVersion) || "3.1".equals(protocolVersion) || "3.2".equals(protocolVersion)) {
+        if ("3.0".equals(protocolVersion) || "3.1".equals(protocolVersion) || "3.2".equals(protocolVersion) || "3.3".equals(protocolVersion)) {
             return new ClientEncryptorSecrets(
                     appScope ? configuration.keyMasterServer.getPublic() : configuration.keyServer.getPublic(),
                     configuration.applicationSecret,
@@ -944,7 +944,7 @@ private EncryptorSecrets getClientSecrets(EncryptorId encryptorId, String protoc
      */
     private EncryptorSecrets getServerSecrets(EncryptorId encryptorId, String protocolVersion) throws Exception {
         final boolean appScope = encryptorId.scope() == EncryptorScope.APPLICATION_SCOPE;
-        if ("3.0".equals(protocolVersion) || "3.1".equals(protocolVersion) || "3.2".equals(protocolVersion)) {
+        if ("3.0".equals(protocolVersion) || "3.1".equals(protocolVersion) || "3.2".equals(protocolVersion) || "3.3".equals(protocolVersion)) {
             return new ServerEncryptorSecrets(
                     appScope ? configuration.keyMasterServer.getPrivate() : configuration.keyServer.getPrivate(),
                     configuration.applicationSecret,

powerauth-java-crypto/src/test/java/io/getlime/security/powerauth/crypto/signature/PowerAuthSignatureFormatTest.java

@@ -34,6 +34,7 @@ public void testValidVersions() throws Exception {
         assertEquals(PowerAuthSignatureFormat.DECIMAL, PowerAuthSignatureFormat.getFormatForSignatureVersion("3.0"));
         assertEquals(PowerAuthSignatureFormat.BASE64, PowerAuthSignatureFormat.getFormatForSignatureVersion("3.1"));
         assertEquals(PowerAuthSignatureFormat.BASE64, PowerAuthSignatureFormat.getFormatForSignatureVersion("3.2"));
+        assertEquals(PowerAuthSignatureFormat.BASE64, PowerAuthSignatureFormat.getFormatForSignatureVersion("3.3"));
         assertEquals(PowerAuthSignatureFormat.BASE64, PowerAuthSignatureFormat.getFormatForSignatureVersion("4.0"));
     }
 

powerauth-java-http/src/main/java/io/getlime/security/powerauth/http/validator/ValueTypeValidator.java

@@ -51,7 +51,7 @@ public class ValueTypeValidator {
     /**
      * Admissible protocol versions in the header.
      */
-    private static final Set<String> PROTOCOL_VERSIONS = Set.of("3.2", "3.1", "3.0");
+    private static final Set<String> PROTOCOL_VERSIONS = Set.of("3.3", "3.2", "3.1", "3.0");
 
     /**
      * Admissible signature types in the header.