Fixed PAX filenames (open-eid#108)

* Fix tar filenames if only PAX size is used
* Moved parseLabel to Lock, take minimum of expiry time

Author: lauris71

cdoc/CDoc2.h

@@ -43,6 +43,25 @@ std::string getSaltForExpand(const std::string& label);
 // Get salt bitstring for HKDF expand method
 std::string getSaltForExpand(const std::vector<uint8_t>& key_material, const std::vector<uint8_t>& rcpt_key);
 
+/**
+ * @brief Prefix with what starts machine generated Lock's label.
+ */
+constexpr std::string_view LABELPREFIX{"data:"};
+
+/**
+ * @brief String after label prefix indicating, the rest of the label is Base64 encoded.
+ */
+constexpr std::string_view LABELBASE64IND{";base64,"};
+
+/**
+ * @brief EID type values for machine-readable label
+ */
+static constexpr std::string_view eid_strs[] = {
+    "Unknown",
+    "ID-card",
+    "Digi-ID",
+    "Digi-ID E-RESIDENT"
+};
 
 } // namespace CDoc2
 } // namespace libcdoc

cdoc/CDoc2Writer.cpp

@@ -119,6 +119,7 @@ createRSAServerCapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::R
                                                               rsaKeyServer.Union(),
                                                               builder.CreateString(rcpt.server_id),
                                                               builder.CreateString(transaction_id));
+    if (rcpt.expiry_ts) expiry_time = std::min(rcpt.expiry_ts, expiry_time);
     return cdoc20::header::CreateRecipientRecord(builder,
                                                         cdoc20::header::Capsule::recipients_KeyServerCapsule,
                                                         capsule.Union(),
@@ -153,6 +154,7 @@ createECCServerCapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::R
                                                               eccKeyServer.Union(),
                                                               builder.CreateString(rcpt.server_id),
                                                               builder.CreateString(transaction_id));
+    if (rcpt.expiry_ts) expiry_time = std::min(rcpt.expiry_ts, expiry_time);
     return cdoc20::header::CreateRecipientRecord(builder,
                                                         cdoc20::header::Capsule::recipients_KeyServerCapsule,
                                                         capsule.Union(),

cdoc/CDocCipher.cpp

@@ -673,7 +673,7 @@ void CDocCipher::Locks(const char* file) const
 
     int lock_id = 1;
     for (const Lock& lock : rdr->getLocks()) {
-        map<string, string> parsed_label(Recipient::parseLabel(lock.label));
+        map<string, string> parsed_label(Lock::parseLabel(lock.label));
         if (parsed_label.empty()) {
             // Human-readable label
             cout << lock_id << ": " << lock.label << endl;

cdoc/Lock.cpp

@@ -18,6 +18,7 @@
 
 #include "Lock.h"
 
+#include "CDoc2.h"
 #include "Certificate.h"
 #include "Utils.h"
 
@@ -52,5 +53,60 @@ Lock::setInt(Params key, int32_t val)
 	params[key] = std::move(bytes);
 }
 
+std::map<std::string, std::string>
+Lock::parseLabel(const std::string& label)
+{
+    std::map<std::string, std::string> parsed_label;
+    // Check if provided label starts with the machine generated label prefix.
+    if (!label.starts_with(CDoc2::LABELPREFIX))
+    {
+        return parsed_label;
+    }
+
+    std::string label_wo_prefix(label.substr(CDoc2::LABELPREFIX.size()));
+
+    // Label to be processed
+    std::string label_to_prcss;
+
+    // We ignore mediatype part
+
+    // Check, if the label is Base64 encoded
+    auto base64IndPos = label_wo_prefix.find(CDoc2::LABELBASE64IND);
+    if (base64IndPos == std::string::npos)
+    {
+        if (label_wo_prefix.starts_with(",")) {
+            label_to_prcss = label_wo_prefix.substr(1);
+        } else {
+            label_to_prcss = std::move(label_wo_prefix);
+        }
+    }
+    else
+    {
+        std::string base64_label(label_wo_prefix.substr(base64IndPos + CDoc2::LABELBASE64IND.size()));
+        std::vector<uint8_t> decodedLabel(fromBase64(base64_label));
+        label_to_prcss.assign(decodedLabel.cbegin(), decodedLabel.cend());
+    }
+
+    auto label_parts(split(label_to_prcss, '&'));
+    for (auto& part : label_parts)
+    {
+        auto label_data_parts(split(part, '='));
+        if (label_data_parts.size() != 2)
+        {
+            // Invalid label data. We just ignore them.
+            LOG_ERROR("The label '{}' is invalid", label);
+        }
+        else
+        {
+            std::string key = urlDecode(label_data_parts[0]);
+            std::string value = urlDecode(label_data_parts[1]);
+            std::transform(key.begin(), key.end(), key.begin(), [](unsigned char c){ return std::tolower(c); });
+            parsed_label[key] = value;
+        }
+    }
+
+    return parsed_label;
+}
+
 } // namespace libcdoc
 

cdoc/Lock.h

@@ -239,6 +239,13 @@ struct CDOC_EXPORT Lock
      */
     void setInt(Params param, int32_t val);
 
+    /**
+     * @brief parse machine-readable CDoc2 label
+     * @param label the label
+     * @return a map of key-value pairs
+     */
+    static std::map<std::string, std::string> parseLabel(const std::string& label);
+
     bool operator== (const Lock& other) const noexcept = default;
 
 private:

cdoc/Recipient.cpp

@@ -30,26 +30,6 @@ using namespace std;
 
 namespace libcdoc {
 
-/**
- * @brief Prefix with what starts machine generated Lock's label.
- */
-constexpr string_view LABELPREFIX{"data:"};
-
-/**
- * @brief String after label prefix indicating, the rest of the label is Base64 encoded.
- */
-constexpr string_view LABELBASE64IND{";base64,"};
-
-/**
- * @brief EID type values for machine-readable label
- */
-static constexpr std::string_view eid_strs[] = {
-    "Unknown",
-    "ID-card",
-    "Digi-ID",
-    "Digi-ID E-RESIDENT"
-};
-
 Recipient
 Recipient::makeSymmetric(std::string label, int32_t kdf_iter)
 {
@@ -143,7 +123,7 @@ Recipient::isTheSameRecipient(const std::vector<uint8_t>& public_key) const
 static void
 buildLabel(std::ostream& ofs, std::string_view type, std::initializer_list<std::pair<std::string_view, std::string_view>> components)
 {
-    ofs << LABELPREFIX;
+    ofs << CDoc2::LABELPREFIX;
     ofs << "v" << '=' << std::to_string(CDoc2::KEYLABELVERSION) << '&'
         << "type" << '=' << type;
     for (const auto& [key, value] : components) {
@@ -155,7 +135,7 @@ buildLabel(std::ostream& ofs, std::string_view type, std::initializer_list<std::
 static void
 BuildLabelEID(std::ostream& ofs, Certificate::EIDType type, const Certificate& x509)
 {
-    buildLabel(ofs, eid_strs[type], {
+    buildLabel(ofs, CDoc2::eid_strs[type], {
         {"cn", x509.getCommonName()},
         {"serial_number", x509.getSerialNumber()},
         {"last_name", x509.getSurname()},
@@ -238,59 +218,5 @@ Recipient::getLabel(const std::vector<std::pair<std::string_view, std::string_vi
     return ofs.str();
 }
 
-map<string, string> Recipient::parseLabel(const string& label)
-{
-    map<string, string> parsed_label;
-    // Check if provided label starts with the machine generated label prefix.
-    if (!label.starts_with(LABELPREFIX))
-    {
-        return parsed_label;
-    }
-
-    string label_wo_prefix(label.substr(LABELPREFIX.size()));
-
-    // Label to be processed
-    string label_to_prcss;
-
-    // We ignore mediatype part
-
-    // Check, if the label is Base64 encoded
-    string::size_type base64IndPos = label_wo_prefix.find(LABELBASE64IND);
-    if (base64IndPos == string::npos)
-    {
-        if (label_wo_prefix.starts_with(",")) {
-            label_to_prcss = label_wo_prefix.substr(1);
-        } else {
-            label_to_prcss = std::move(label_wo_prefix);
-        }
-    }
-    else
-    {
-        string base64_label(label_wo_prefix.substr(base64IndPos + LABELBASE64IND.size()));
-        vector<uint8_t> decodedLabel(fromBase64(base64_label));
-        label_to_prcss.assign(decodedLabel.cbegin(), decodedLabel.cend());
-    }
-
-    vector<string> label_parts(split(label_to_prcss, '&'));
-    for (vector<string>::const_reference part : label_parts)
-    {
-        vector<string> label_data_parts(split(part, '='));
-        if (label_data_parts.size() != 2)
-        {
-            // Invalid label data. We just ignore them.
-            LOG_ERROR("The label '{}' is invalid", label);
-        }
-        else
-        {
-            std::string key = urlDecode(label_data_parts[0]);
-            std::string value = urlDecode(label_data_parts[1]);
-            std::transform(key.begin(), key.end(), key.begin(), [](unsigned char c){ return std::tolower(c); });
-            parsed_label[key] = value;
-        }
-    }
-
-    return parsed_label;
-}
-
 } // namespace libcdoc
 

cdoc/Recipient.h

@@ -235,13 +235,6 @@ struct CDOC_EXPORT Recipient {
      */
     std::string getLabel(const std::vector<std::pair<std::string_view, std::string_view>> &extra) const;
 
-    /**
-     * @brief parse machine-readable CDoc2 label
-     * @param label the label
-     * @return a map of key-value pairs
-     */
-    static std::map<std::string, std::string> parseLabel(const std::string& label);
-
     bool operator== (const Recipient& other) const = default;
 protected:
 	Recipient(Type _type) : type(_type) {};

cdoc/Tar.cpp

@@ -153,7 +153,9 @@ libcdoc::TarConsumer::writeHeader(const Header &h) noexcept {
 }
 
 libcdoc::result_t
-libcdoc::TarConsumer::writeHeader(Header &h, const std::string& name, int64_t size) noexcept {
+libcdoc::TarConsumer::writeHeader(const std::string& name, int64_t size, char typeflag) noexcept {
+	Header h {};
+	h.typeflag = typeflag;
     h.chksum.fill(' ');
     size_t len = std::min(name.size(), h.name.size());
     std::copy_n(name.cbegin(), len, h.name.begin());
@@ -214,7 +216,6 @@ libcdoc::TarConsumer::open(const std::string& name, int64_t size)
 
     _current_size = size;
 	_current_written = 0;
-	Header h {};
 
 	bool need_pax_name = (name.size() >= 100);
 	for (auto c : name) {
@@ -225,7 +226,6 @@ libcdoc::TarConsumer::open(const std::string& name, int64_t size)
 	}
     if(need_pax_name || size > 07777777) {
 		LOG_DBG("Writing Pax header: name {} size {}", name, size);
-		h.typeflag = 'x';
 		std::string paxData;
         if(need_pax_name)
             paxData += toPaxRecord("path", name);
@@ -238,15 +238,14 @@ libcdoc::TarConsumer::open(const std::string& name, int64_t size)
 			path = std::filesystem::path("./PaxHeaders.X") / path.filename();
 		}
 		LOG_DBG("Pax path: {}", path.string());
-        if (auto rv = writeHeader(h, path.string(), paxData.size()); rv != OK)
+        if (auto rv = writeHeader(path.string(), paxData.size(), 'x'); rv != OK)
             return rv;
         if (auto rv = _dst->write((const uint8_t *) paxData.data(), paxData.size()); rv != paxData.size())
             return rv < OK ? rv : OUTPUT_ERROR;
         if (auto rv = writePadding(paxData.size()); rv != OK)
             return rv;
     }
-	h.typeflag = '0';
-    return writeHeader(h, name, size);
+    return writeHeader(name, size, '0');
 }
 
 libcdoc::TarSource::TarSource(DataSource *src, bool take_ownership)
@@ -297,8 +296,8 @@ libcdoc::result_t
 libcdoc::TarSource::readPaxHeader(const Header& hdr, std::string& name, int64_t& size)
 {
 	int64_t h_size = hdr.getSize();
-	std::string paxData(h_size, 0);
-	result_t result = _src->read((uint8_t *) paxData.data(), paxData.size());
+	std::string paxData(h_size, 0);
+	result_t result = _src->read((uint8_t *) paxData.data(), paxData.size());
 	if (result != h_size) {
 		_error = INPUT_STREAM_ERROR;
 		return _error;

cdoc/Tar.h

@@ -37,7 +37,7 @@ struct TarConsumer final : public MultiDataConsumer
     libcdoc::result_t open(const std::string& name, int64_t size) final;
 private:
     result_t writeHeader(const Header &h) noexcept;
-    result_t writeHeader(Header &h, const std::string& name, int64_t size) noexcept;
+    result_t writeHeader(const std::string& name, int64_t size, char typeflag = '0') noexcept;
     result_t writePadding(int64_t size) noexcept;
 
 	DataConsumer *_dst;

examples/java/src/main/java/ee/ria/cdoc/CDocTool.java

@@ -369,7 +369,7 @@ static void locks(String path) {
     static void test() {
         System.err.println("Testing label generation");
         String label = "data:v=1&type=ID-card&serial_number=PNOEE-38001085718&cn=J%C3%95EORG%2CJAAK-KRISTJAN%2C38001085718";
-        java.util.Map<String,String> map = Recipient.parseLabel(label);
+        java.util.Map<String,String> map = ee.ria.cdoc.Lock.parseLabel(label);
         for (String key : map.keySet()) {
             System.err.format("  %s:%s\n", key, map.get(key));
         }