Merge/latst changes from main into release (#1536)

* fix: use correct length attributes for encrypted check in validation (#1535)

* fix: remove spinning up unnecessary web server (#1529)

Author: FelixRottler

services/callback/src/test/java/app/coronawarn/server/services/callback/registration/CallbackRegistrationRunnerIntegrationTest.java

@@ -1,41 +1,39 @@
 package app.coronawarn.server.services.callback.registration;
 
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.get;
-import static com.github.tomakehurst.wiremock.client.WireMock.getRequestedFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.put;
-import static com.github.tomakehurst.wiremock.client.WireMock.putRequestedFor;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
-import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options;
-import static org.mockito.Mockito.verify;
-import static org.mockito.internal.verification.VerificationModeFactory.times;
-import static org.springframework.http.HttpHeaders.CONTENT_TYPE;
-
 import app.coronawarn.server.common.federation.client.callback.RegistrationResponse;
 import app.coronawarn.server.common.shared.util.HashUtils;
 import app.coronawarn.server.services.callback.config.CallbackServiceConfig;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.github.tomakehurst.wiremock.WireMockServer;
 import com.github.tomakehurst.wiremock.http.HttpHeader;
 import com.github.tomakehurst.wiremock.http.HttpHeaders;
-import java.util.List;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.boot.test.mock.mockito.SpyBean;
+import org.springframework.boot.test.web.client.TestRestTemplate;
 import org.springframework.http.HttpStatus;
 import org.springframework.test.annotation.DirtiesContext;
 import org.springframework.test.context.ActiveProfiles;
+import java.util.List;
 
-@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
+import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options;
+import static org.mockito.Mockito.verify;
+import static org.mockito.internal.verification.VerificationModeFactory.times;
+import static org.springframework.http.HttpHeaders.CONTENT_TYPE;
+
+@SpringBootTest
 @ActiveProfiles({"callback-registration"})
 @DirtiesContext
 class CallbackRegistrationRunnerIntegrationTest {
 
-  private static WireMockServer server;
+  private static WireMockServer server = new WireMockServer(options().port(1234));
 
+  @MockBean
+  TestRestTemplate testRestTemplate;
   @SpyBean
   private CallbackServiceConfig callbackServiceConfig;
 
@@ -44,7 +42,7 @@ static void setupWireMock() {
     RegistrationResponse registrationResponse1 = new RegistrationResponse(HashUtils.md5DigestAsHex("url1"), "url1");
     List<RegistrationResponse> responses = List.of(registrationResponse1);
 
-    server = new WireMockServer(options().port(1234));
+
     server.start();
     server.stubFor(
         get(urlEqualTo("/diagnosiskeys/callback"))

services/submission/src/main/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidator.java

@@ -10,6 +10,10 @@
 @Component
 public class EventCheckInProtectedReportsValidator {
 
+  public static final int INIT_VECTOR_LENGTH = 16;
+  public static final int LOCATION_ID_HASH_LENGTH = 32;
+  public static final int ENCRYPTED_CHECK_IN_RECORD_LENGTH = 16;
+
   /**
    * Given the submission payload, it verifies whether user event checkInProtectedReports data is aligned with the
    * application constraints. For each checkInProtectedReports:
@@ -29,7 +33,7 @@ && verifyEncryptedCheckInRecordLength(checkInProtectedReport, validatorContext))
   boolean verifyLocationIdHashLength(CheckInProtectedReport checkInProtectedReport,
       ConstraintValidatorContext validatorContext) {
     if (ObjectUtils.isEmpty(checkInProtectedReport.getLocationIdHash())
-        || checkInProtectedReport.getLocationIdHash().size() != 32) {
+        || checkInProtectedReport.getLocationIdHash().size() != LOCATION_ID_HASH_LENGTH) {
       addViolation(validatorContext, "CheckInProtectedReports locationIdHash must have 32 bytes not "
           + (checkInProtectedReport.getLocationIdHash() == null ? 0
           : checkInProtectedReport.getLocationIdHash().size()));
@@ -41,7 +45,7 @@ boolean verifyLocationIdHashLength(CheckInProtectedReport checkInProtectedReport
   boolean verifyIvLength(CheckInProtectedReport checkInProtectedReport,
       ConstraintValidatorContext validatorContext) {
     if (ObjectUtils.isEmpty(checkInProtectedReport.getIv())
-        || checkInProtectedReport.getIv().size() != 32) {
+        || checkInProtectedReport.getIv().size() != INIT_VECTOR_LENGTH) {
       addViolation(validatorContext, "CheckInProtectedReports iv must have 32 bytes not "
           + (checkInProtectedReport.getIv() == null ? 0 : checkInProtectedReport.getIv().size()));
       return false;
@@ -52,7 +56,7 @@ boolean verifyIvLength(CheckInProtectedReport checkInProtectedReport,
   boolean verifyEncryptedCheckInRecordLength(CheckInProtectedReport checkInProtectedReport,
       ConstraintValidatorContext validatorContext) {
     if (ObjectUtils.isEmpty(checkInProtectedReport.getEncryptedCheckInRecord())
-        || checkInProtectedReport.getEncryptedCheckInRecord().size() != 16) {
+        || checkInProtectedReport.getEncryptedCheckInRecord().size() != ENCRYPTED_CHECK_IN_RECORD_LENGTH) {
       addViolation(validatorContext, "CheckInProtectedReports encryptedCheckInRecord must have 16 bytes not "
           + (checkInProtectedReport.getEncryptedCheckInRecord() == null ? 0
           : checkInProtectedReport.getEncryptedCheckInRecord().size()));

services/submission/src/test/java/app/coronawarn/server/services/submission/checkins/EventCheckInProtectedReportsValidatorTest.java

@@ -48,7 +48,7 @@ void verifyNonEmptyCheckInProtectedReport() {
                 .setEncryptedCheckInRecord(ByteString
                     .copyFrom(generateSecureRandomByteArrayData(16)))
                 .setIv(ByteString
-                    .copyFrom(generateSecureRandomByteArrayData(32)))
+                    .copyFrom(generateSecureRandomByteArrayData(16)))
                 .setLocationIdHash(ByteString
                     .copyFrom(generateSecureRandomByteArrayData(32)))
                 .build()))
@@ -85,7 +85,7 @@ void verifyEncryptedCheckInRecordLengthIsFalse(ByteString e) {
   @Test
   void verifyIvLengthIsTrue() {
     CheckInProtectedReport checkInProtectedReport = CheckInProtectedReport.newBuilder().setIv(
-        ByteString.copyFrom(generateSecureRandomByteArrayData(32))).build();
+        ByteString.copyFrom(generateSecureRandomByteArrayData(16))).build();
 
     boolean result = underTest.verifyIvLength(checkInProtectedReport, mockValidatorContext);
     assertThat(result).isTrue();
@@ -127,7 +127,7 @@ void verifyLocationIdHashLengthIsFalse(ByteString e) {
   private static Stream<Arguments> generateWrongLengthByteStrings() {
     return Stream.of(
         Arguments.of(ByteString.copyFrom(generateSecureRandomByteArrayData(100))),
-        Arguments.of(ByteString.copyFrom(generateSecureRandomByteArrayData(0))),
+        Arguments.of(ByteString.copyFrom(generateSecureRandomByteArrayData(33))),
         Arguments.of(ByteString.EMPTY));
   }
 

services/submission/src/test/java/app/coronawarn/server/services/submission/integration/DataHelpers.java

@@ -57,7 +57,7 @@ public static CheckInProtectedReport buildEncryptedCheckIn(ByteString checkInRec
 
   public static CheckInProtectedReport buildDefaultEncryptedCheckIn() {
     return buildEncryptedCheckIn(ByteString.copyFrom(generateSecureRandomByteArrayData(16)),
-        ByteString.copyFrom(generateSecureRandomByteArrayData(32)),
+        ByteString.copyFrom(generateSecureRandomByteArrayData(16)),
         ByteString.copyFrom(generateSecureRandomByteArrayData(32)));
   }