fix: Self-issue certificate when app is used for the first time (#267)

The problem here is that the certificate's start date was always later than the CCA's or the cargo's (whose creation time is 90 mins in the past).

I'm proposing to fix this by creating this certificate upfront, along with its key pair.

Fixes relaycorp/relaynet-courier-android#277

Author: gnarea

app/src/androidTest/java/tech/relaycorp/gateway/background/endpoint/EndpointPreRegistrationServiceTest.kt

@@ -8,19 +8,19 @@ import android.os.Message
 import android.os.Messenger
 import androidx.test.core.app.ApplicationProvider.getApplicationContext
 import androidx.test.rule.ServiceTestRule
-import com.schibsted.spain.barista.rule.cleardata.ClearPreferencesRule
 import kotlinx.coroutines.runBlocking
-import org.junit.After
 import org.junit.Assert.assertEquals
 import org.junit.Assert.assertNotNull
 import org.junit.Assert.assertTrue
 import org.junit.Before
 import org.junit.Rule
 import org.junit.Test
+import tech.relaycorp.gateway.App
 import tech.relaycorp.gateway.data.model.RegistrationState
 import tech.relaycorp.gateway.data.preference.PublicGatewayPreferences
 import tech.relaycorp.gateway.domain.LocalConfig
 import tech.relaycorp.gateway.test.AppTestProvider
+import tech.relaycorp.gateway.test.WaitAssertions.suspendWaitFor
 import tech.relaycorp.gateway.test.WaitAssertions.waitFor
 import tech.relaycorp.relaynet.messages.control.PrivateNodeRegistrationAuthorization
 import java.nio.charset.Charset
@@ -30,29 +30,29 @@ class EndpointPreRegistrationServiceTest {
 
     @get:Rule
     val serviceRule = ServiceTestRule()
-    @get:Rule
-    val clearPreferencesRule = ClearPreferencesRule()
+
+    @Inject
+    lateinit var app: App
 
     @Inject
     lateinit var localConfig: LocalConfig
 
     @Inject
     lateinit var publicGatewayPreferences: PublicGatewayPreferences
 
+    private val coroutineContext get() = app.backgroundScope.coroutineContext
+
     @Before
     fun setUp() {
         AppTestProvider.component.inject(this)
-        runBlocking {
+        runBlocking(coroutineContext) {
+            suspendWaitFor { localConfig.getKeyPair() }
             publicGatewayPreferences.setRegistrationState(RegistrationState.Done)
         }
     }
 
-    @After
-    fun tearDown() {
-    }
-
     @Test
-    fun requestPreRegistration() = runBlocking {
+    fun requestPreRegistration() = runBlocking(coroutineContext) {
         val serviceIntent = Intent(
             getApplicationContext<Context>(),
             EndpointPreRegistrationService::class.java
@@ -109,10 +109,8 @@ class EndpointPreRegistrationServiceTest {
     }
 
     @Test
-    fun errorReturnedWhenGatewayIsNotRegisteredYet() {
-        runBlocking {
-            publicGatewayPreferences.setRegistrationState(RegistrationState.ToDo)
-        }
+    fun errorReturnedWhenGatewayIsNotRegisteredYet() = runBlocking(coroutineContext) {
+        publicGatewayPreferences.setRegistrationState(RegistrationState.ToDo)
 
         val serviceIntent = Intent(
             getApplicationContext<Context>(),

app/src/main/java/tech/relaycorp/gateway/App.kt

@@ -3,6 +3,7 @@ package tech.relaycorp.gateway
 import android.app.Application
 import android.os.Build
 import android.os.StrictMode
+import androidx.annotation.VisibleForTesting
 import androidx.work.Configuration
 import androidx.work.Constraints
 import androidx.work.ExistingPeriodicWorkPolicy
@@ -19,6 +20,7 @@ import tech.relaycorp.gateway.background.publicsync.PublicSyncWorkerFactory
 import tech.relaycorp.gateway.common.Logging
 import tech.relaycorp.gateway.common.di.AppComponent
 import tech.relaycorp.gateway.common.di.DaggerAppComponent
+import tech.relaycorp.gateway.domain.LocalConfig
 import tech.relaycorp.gateway.domain.publicsync.PublicSync
 import tech.relaycorp.gateway.domain.publicsync.RegisterGateway
 import java.security.Security
@@ -44,11 +46,15 @@ open class App : Application() {
         }
     }
 
-    private val ioScope = CoroutineScope(Dispatchers.IO)
+    @VisibleForTesting
+    val backgroundScope = CoroutineScope(Dispatchers.IO)
 
     @Inject
     lateinit var foregroundAppMonitor: ForegroundAppMonitor
 
+    @Inject
+    lateinit var localConfig: LocalConfig
+
     @Inject
     lateinit var registerGateway: RegisterGateway
 
@@ -67,7 +73,7 @@ open class App : Application() {
         enqueuePublicSyncWorker()
 
         setupStrictMode()
-        registerGateway()
+        bootstrapGateway()
         startPublicSyncWhenPossible()
         registerActivityLifecycleCallbacks(foregroundAppMonitor)
     }
@@ -117,15 +123,17 @@ open class App : Application() {
         Security.insertProviderAt(Conscrypt.newProvider(), 1)
     }
 
-    private fun registerGateway() {
-        if (mode == Mode.Test) return
-        ioScope.launch {
-            registerGateway.registerIfNeeded()
+    private fun bootstrapGateway() {
+        backgroundScope.launch {
+            localConfig.bootstrap()
+            if (mode != Mode.Test) {
+                registerGateway.registerIfNeeded()
+            }
         }
     }
 
     protected open fun startPublicSyncWhenPossible() {
-        ioScope.launch {
+        backgroundScope.launch {
             publicSync.sync()
         }
     }

app/src/main/java/tech/relaycorp/gateway/data/disk/SensitiveStore.kt

@@ -22,6 +22,7 @@ class SensitiveStore
             .build()
     }
 
+    @Synchronized
     suspend fun store(location: String, data: ByteArray) {
         withContext(Dispatchers.IO) {
             delete(location)

app/src/main/java/tech/relaycorp/gateway/domain/LocalConfig.kt

@@ -1,8 +1,10 @@
 package tech.relaycorp.gateway.domain
 
+import androidx.annotation.VisibleForTesting
 import tech.relaycorp.gateway.common.CryptoUtils.BC_PROVIDER
 import tech.relaycorp.gateway.common.nowInUtc
 import tech.relaycorp.gateway.data.disk.SensitiveStore
+import tech.relaycorp.gateway.domain.courier.CalculateCRCMessageCreationDate
 import tech.relaycorp.relaynet.issueGatewayCertificate
 import tech.relaycorp.relaynet.wrappers.generateRSAKeyPair
 import tech.relaycorp.relaynet.wrappers.x509.Certificate
@@ -14,6 +16,7 @@ import java.security.spec.EncodedKeySpec
 import java.security.spec.PKCS8EncodedKeySpec
 import java.security.spec.RSAPublicKeySpec
 import javax.inject.Inject
+import kotlin.time.toJavaDuration
 
 class LocalConfig
 @Inject constructor(
@@ -25,8 +28,10 @@ class LocalConfig
         sensitiveStore.read(PRIVATE_KEY_FILE_NAME)
             ?.toPrivateKey()
             ?.toKeyPair()
-            ?: generateKeyPair()
-                .also { setKeyPair(it) }
+            ?: throw RuntimeException("No key pair was found")
+
+    @VisibleForTesting(otherwise = VisibleForTesting.PRIVATE)
+    suspend fun generateKeyPair() = generateRSAKeyPair().also { setKeyPair(it) }
 
     private suspend fun setKeyPair(value: KeyPair) {
         sensitiveStore.store(PRIVATE_KEY_FILE_NAME, value.private.encoded)
@@ -51,11 +56,25 @@ class LocalConfig
     suspend fun getCargoDeliveryAuth() =
         sensitiveStore.read(CDA_CERTIFICATE_FILE_NAME)
             ?.let { Certificate.deserialize(it) }
-            ?: generateCertificate()
-                .also { setCargoDeliveryAuth(it) }
+            ?: throw RuntimeException("No CDA issuer was found")
 
-    private suspend fun setCargoDeliveryAuth(value: Certificate) {
-        sensitiveStore.store(CDA_CERTIFICATE_FILE_NAME, value.serialize())
+    private suspend fun generateCargoDeliveryAuth() = generateCertificate().also {
+        sensitiveStore.store(CDA_CERTIFICATE_FILE_NAME, it.serialize())
+    }
+
+    @Synchronized
+    suspend fun bootstrap() {
+        try {
+            getKeyPair()
+        } catch (_: RuntimeException) {
+            generateKeyPair()
+        }
+
+        try {
+            getCargoDeliveryAuth()
+        } catch (_: RuntimeException) {
+            generateCargoDeliveryAuth()
+        }
     }
 
     // Helpers
@@ -74,13 +93,13 @@ class LocalConfig
         return KeyPair(publicKey, this)
     }
 
-    private fun generateKeyPair() = generateRSAKeyPair()
-
     private suspend fun generateCertificate(): Certificate {
         val keyPair = getKeyPair()
         return issueGatewayCertificate(
             subjectPublicKey = keyPair.public,
             issuerPrivateKey = keyPair.private,
+            validityStartDate = nowInUtc()
+                .minus(CalculateCRCMessageCreationDate.CLOCK_DRIFT_TOLERANCE.toJavaDuration()),
             validityEndDate = nowInUtc().plusYears(1)
         )
     }

app/src/main/java/tech/relaycorp/gateway/domain/courier/CalculateCRCMessageCreationDate.kt

@@ -21,6 +21,6 @@ class CalculateCRCMessageCreationDate
         )
 
     companion object {
-        private val CLOCK_DRIFT_TOLERANCE = 90.minutes
+        val CLOCK_DRIFT_TOLERANCE = 90.minutes
     }
 }

app/src/test/java/tech/relaycorp/gateway/domain/LocalConfigTest.kt

@@ -7,45 +7,124 @@ import kotlinx.coroutines.runBlocking
 import kotlinx.coroutines.test.runBlockingTest
 import org.junit.jupiter.api.Assertions.assertTrue
 import org.junit.jupiter.api.BeforeEach
+import org.junit.jupiter.api.Nested
 import org.junit.jupiter.api.Test
+import org.junit.jupiter.api.assertThrows
 import tech.relaycorp.gateway.data.disk.SensitiveStore
+import kotlin.test.assertEquals
 
-internal class LocalConfigTest {
+class LocalConfigTest {
 
     private val sensitiveStore = mock<SensitiveStore>()
     private val localConfig = LocalConfig(sensitiveStore)
 
     @BeforeEach
-    internal fun setUp() {
+    fun setUp() {
         runBlocking {
-            var stored: ByteArray? = null
+            val memoryStore = mutableMapOf<String, ByteArray>()
             whenever(sensitiveStore.store(any(), any())).then {
-                stored = it.getArgument(1) as ByteArray
+                val key = it.getArgument<String>(0)
+                val value = it.getArgument(1) as ByteArray
+                memoryStore[key] = value
                 Unit
             }
-            whenever(sensitiveStore.read(any())).thenAnswer { stored }
+            whenever(sensitiveStore.read(any())).thenAnswer {
+                val key = it.getArgument<String>(0)
+                memoryStore[key]
+            }
         }
     }
 
-    @Test
-    internal fun `get key pair stores and recovers the same key pair`() = runBlockingTest {
-        val keyPair1 = localConfig.getKeyPair()
-        val keyPair2 = localConfig.getKeyPair()
-        assertTrue(keyPair2.private.encoded!!.contentEquals(keyPair1.private.encoded))
-        assertTrue(keyPair2.public.encoded!!.contentEquals(keyPair1.public.encoded))
+    @Nested
+    inner class GetKeyPair {
+        @Test
+        fun `Key pair should be returned if it exists`() = runBlockingTest {
+            val keyPair = localConfig.generateKeyPair()
+
+            val retrievedKeyPair = localConfig.getKeyPair()
+
+            assertEquals(
+                keyPair.private.encoded.asList(),
+                retrievedKeyPair.private.encoded.asList()
+            )
+        }
+
+        @Test
+        fun `Exception should be thrown if key pair does not exist`() = runBlockingTest {
+            val exception = assertThrows<RuntimeException> {
+                localConfig.getKeyPair()
+            }
+
+            assertEquals("No key pair was found", exception.message)
+        }
     }
 
     @Test
-    internal fun `get certificate stores and recovers the same certificate`() = runBlockingTest {
+    fun `get certificate stores and recovers the same certificate`() = runBlockingTest {
+        localConfig.generateKeyPair()
+
         val certificate1 = localConfig.getCertificate().serialize()
         val certificate2 = localConfig.getCertificate().serialize()
         assertTrue(certificate1.contentEquals(certificate2))
     }
 
-    @Test
-    internal fun `get CDA stores and recovers the same certificate`() = runBlockingTest {
-        val certificate1 = localConfig.getCargoDeliveryAuth().serialize()
-        val certificate2 = localConfig.getCargoDeliveryAuth().serialize()
-        assertTrue(certificate1.contentEquals(certificate2))
+    @Nested
+    inner class GetCargoDeliveryAuth {
+        @Test
+        fun `Certificate should be returned if it exists`() = runBlockingTest {
+            localConfig.bootstrap()
+
+            val certificate1 = localConfig.getCargoDeliveryAuth().serialize()
+            val certificate2 = localConfig.getCargoDeliveryAuth().serialize()
+            assertTrue(certificate1.contentEquals(certificate2))
+        }
+
+        @Test
+        fun `Exception should be thrown if certificate does not exist yet`() = runBlockingTest {
+            val exception = assertThrows<RuntimeException> {
+                localConfig.getCargoDeliveryAuth()
+            }
+
+            assertEquals("No CDA issuer was found", exception.message)
+        }
+    }
+
+    @Nested
+    inner class Bootstrap {
+        @Test
+        fun `Key pair should be created if it doesn't already exist`() = runBlockingTest {
+            localConfig.bootstrap()
+
+            localConfig.getKeyPair()
+        }
+
+        @Test
+        fun `Key pair should not be created if it already exists`() = runBlockingTest {
+            localConfig.bootstrap()
+            val originalKeyPair = localConfig.getKeyPair()
+
+            localConfig.bootstrap()
+            val keyPair = localConfig.getKeyPair()
+
+            assertEquals(originalKeyPair.private.encoded.asList(), keyPair.private.encoded.asList())
+        }
+
+        @Test
+        fun `CDA issuer should be created if it doesn't already exist`() = runBlockingTest {
+            localConfig.bootstrap()
+
+            localConfig.getCargoDeliveryAuth()
+        }
+
+        @Test
+        fun `CDA issuer should not be created if it already exists`() = runBlockingTest {
+            localConfig.bootstrap()
+            val originalCDAIssuer = localConfig.getCargoDeliveryAuth()
+
+            localConfig.bootstrap()
+            val cdaIssuer = localConfig.getCargoDeliveryAuth()
+
+            assertEquals(originalCDAIssuer, cdaIssuer)
+        }
     }
 }