fix: Public 3rd party endpoints are now looked up by private address (#…

…45) Closes #44
relaycorp · Mar 8, 2021 · c5d661b · c5d661b
1 parent 3799233
commit c5d661b
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 16 deletions.
diff --git a/lib/src/main/java/tech/relaycorp/relaydroid/endpoint/ThirdPartyEndpoint.kt b/lib/src/main/java/tech/relaycorp/relaydroid/endpoint/ThirdPartyEndpoint.kt
@@ -17,13 +17,8 @@ public sealed class ThirdPartyEndpoint(
         internal suspend fun load(
             firstPartyAddress: String, thirdPartyAddress: String
         ): ThirdPartyEndpoint? =
-            if (isPublicAddress(thirdPartyAddress)) {
-                PublicThirdPartyEndpoint.load(thirdPartyAddress)
-            } else {
-                PrivateThirdPartyEndpoint.load(firstPartyAddress, thirdPartyAddress)
-            }
-
-        private fun isPublicAddress(address: String) = address.contains(":")
+            PublicThirdPartyEndpoint.load(thirdPartyAddress)
+                ?: PrivateThirdPartyEndpoint.load(firstPartyAddress, thirdPartyAddress)
     }
 }
 
@@ -91,10 +86,13 @@ public class PublicThirdPartyEndpoint(
                 PublicThirdPartyEndpoint(thirdPartyAddress, it)
             }
 
-        @Throws(PersistenceException::class)
-        public suspend fun import(
-            thirdPartyAddress: String, certificate: Certificate
-        ): PublicThirdPartyEndpoint {
+        @Throws(
+            PersistenceException::class,
+            CertificateException::class
+        )
+        public suspend fun import(certificate: Certificate): PublicThirdPartyEndpoint {
+            certificate.validate()
+            val thirdPartyAddress = certificate.subjectPrivateAddress
             Storage.publicThirdPartyCertificate.set(thirdPartyAddress, certificate)
             return PublicThirdPartyEndpoint(thirdPartyAddress, certificate)
         }

diff --git a/lib/src/test/java/tech/relaycorp/relaydroid/endpoint/PublicThirdPartyEndpointTest.kt b/lib/src/test/java/tech/relaycorp/relaydroid/endpoint/PublicThirdPartyEndpointTest.kt
@@ -11,7 +11,11 @@ import org.junit.Test
 import tech.relaycorp.relaydroid.Relaynet
 import tech.relaycorp.relaydroid.storage.StorageImpl
 import tech.relaycorp.relaydroid.storage.mockStorage
+import tech.relaycorp.relaynet.issueEndpointCertificate
+import tech.relaycorp.relaynet.testing.pki.KeyPairSet
 import tech.relaycorp.relaynet.testing.pki.PDACertPath
+import tech.relaycorp.relaynet.wrappers.x509.CertificateException
+import java.time.ZonedDateTime
 
 internal class PublicThirdPartyEndpointTest {
 
@@ -42,14 +46,26 @@ internal class PublicThirdPartyEndpointTest {
     }
 
     @Test
-    fun import() = runBlockingTest {
-        val address = "example.org"
-
-        with(PublicThirdPartyEndpoint.import(address, PDACertPath.PUBLIC_GW)) {
+    fun import_successful() = runBlockingTest {
+        with(PublicThirdPartyEndpoint.import(PDACertPath.PUBLIC_GW)) {
             assertEquals(address, this.address)
             assertEquals(PDACertPath.PUBLIC_GW, certificate)
         }
 
-        verify(storage.publicThirdPartyCertificate).set(address, PDACertPath.PUBLIC_GW)
+        verify(storage.publicThirdPartyCertificate).set(
+            PDACertPath.PUBLIC_GW.subjectPrivateAddress,
+            PDACertPath.PUBLIC_GW
+        )
+    }
+
+    @Test(expected = CertificateException::class)
+    fun import_invalidCertificate() = runBlockingTest {
+        val cert = issueEndpointCertificate(
+            subjectPublicKey = KeyPairSet.PRIVATE_GW.public,
+            issuerPrivateKey = KeyPairSet.PRIVATE_GW.private,
+            validityEndDate = ZonedDateTime.now().minusDays(1)
+        )
+
+        PublicThirdPartyEndpoint.import(cert)
     }
 }