feat: validate signature algorithm values

mrts · svenzik · commit c456e9e8bd54 · 2025-05-21T09:57:43.000+03:00
WE2-817

Signed-off-by: Mart Somermaa &lt;mrts@users.noreply.github.com&gt;
diff --git a/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java b/example/src/main/java/eu/webeid/example/service/dto/SignatureAlgorithmDTO.java
@@ -22,8 +22,25 @@
 
 package eu.webeid.example.service.dto;
 
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
 public class SignatureAlgorithmDTO {
 
+    // See https://github.com/web-eid/web-eid-app/blob/main/src/controller/command-handlers/signauthutils.cpp#L121-L127
+    private static final Set<String> SUPPORTED_CRYPTO_ALGOS = new HashSet<>(Arrays.asList(
+            "ECC", "RSA"
+    ));
+    private static final Set<String> SUPPORTED_PADDING_SCHEMES = new HashSet<>(Arrays.asList(
+            "NONE", "PKCS1.5", "PSS"
+    ));
+    // See https://github.com/web-eid/libelectronic-id/tree/main/src/electronic-id.cpp#L131
+    private static final Set<String> SUPPORTED_HASH_FUNCTIONS = new HashSet<>(Arrays.asList(
+            "SHA-224", "SHA-256", "SHA-384", "SHA-512",
+            "SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512"
+    ));
+
     private String cryptoAlgorithm;
 
     private String hashFunction;
@@ -35,6 +52,9 @@ public String getCryptoAlgorithm() {
     }
 
     public void setCryptoAlgorithm(String cryptoAlgorithm) {
+        if (!SUPPORTED_CRYPTO_ALGOS.contains(cryptoAlgorithm)) {
+            throw new IllegalArgumentException("The provided crypto algorithm is not supported");
+        }
         this.cryptoAlgorithm = cryptoAlgorithm;
     }
 
@@ -43,6 +63,9 @@ public String getHashFunction() {
     }
 
     public void setHashFunction(String hashFunction) {
+        if (!SUPPORTED_HASH_FUNCTIONS.contains(hashFunction)) {
+            throw new IllegalArgumentException("The provided hash function is not supported");
+        }
         this.hashFunction = hashFunction;
     }
 
@@ -51,6 +74,9 @@ public String getPaddingScheme() {
     }
 
     public void setPaddingScheme(String paddingScheme) {
+        if (!SUPPORTED_PADDING_SCHEMES.contains(paddingScheme)) {
+            throw new IllegalArgumentException("The provided padding scheme is not supported");
+        }
         this.paddingScheme = paddingScheme;
     }
 }
diff --git a/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java b/example/src/test/java/eu/webeid/example/testutil/ObjectMother.java
@@ -97,7 +97,9 @@ public static CertificateDTO mockPrepareRequest() {
         CertificateDTO certificateDTO = new CertificateDTO();
         certificateDTO.setCertificate(mockCertificateInBase64());
         final SignatureAlgorithmDTO signatureAlgorithmDTO = new SignatureAlgorithmDTO();
+        signatureAlgorithmDTO.setCryptoAlgorithm("RSA");
         signatureAlgorithmDTO.setHashFunction("SHA-256");
+        signatureAlgorithmDTO.setPaddingScheme("PKCS1.5");
         certificateDTO.setSupportedSignatureAlgorithms(List.of(signatureAlgorithmDTO));
         return certificateDTO;
     }
