Implement PQ support

pom.xml

@@ -7,12 +7,12 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.siemens.pki</groupId>
 	<artifactId>LightweightCmpRa</artifactId>
-	<version>4.0.3</version>
+	<version>4.2.0_PQ</version>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<parent.basedir>.</parent.basedir>
-		<spotless.version>2.44.2</spotless.version>
-		<jacoco.version>0.8.12</jacoco.version>
+		<spotless.version>2.46.1</spotless.version>
+		<jacoco.version>0.8.13</jacoco.version>
 		<source.version>3.3.1</source.version>
 		<maven.compiler.source>11</maven.compiler.source>
 		<maven.compiler.target>11</maven.compiler.target>
@@ -71,7 +71,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-surefire-plugin</artifactId>
-				<version>3.5.2</version>
+				<version>3.5.3</version>
 				<configuration>
 					<excludes>
 						<exclude>**/local/**</exclude>
@@ -81,7 +81,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-javadoc-plugin</artifactId>
-				<version>3.11.2</version>
+				<version>3.11.3</version>
 			</plugin>
 			<plugin>
 				<groupId>com.diffplug.spotless</groupId>
@@ -172,7 +172,7 @@
 		<dependency>
 			<groupId>com.siemens.pki</groupId>
 			<artifactId>CmpRaComponent</artifactId>
-			<version>4.2.0</version>
+			<version>4.2.0_PQ</version>
 		</dependency>
 		<dependency>
 			<groupId>jakarta.xml.bind</groupId>
@@ -192,32 +192,32 @@
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-api</artifactId>
-			<version>2.0.16</version>
+			<version>2.0.17</version>
 		</dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>slf4j-simple</artifactId>
-			<version>2.0.16</version>
+			<version>2.0.17</version>
 		</dependency>
 		<dependency>
 			<groupId>org.eclipse.californium</groupId>
 			<artifactId>californium-core</artifactId>
-			<version>3.13.0</version>
+			<version>3.14.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.jaxrs</groupId>
 			<artifactId>jackson-jaxrs-yaml-provider</artifactId>
-			<version>2.18.2</version>
+			<version>2.20.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
-			<version>2.18.2</version>
+			<version>2.20.0</version>
 		</dependency>
 		<dependency>
 			<groupId>commons-cli</groupId>
 			<artifactId>commons-cli</artifactId>
-			<version>1.9.0</version>
+			<version>1.10.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.jacoco</groupId>
@@ -231,7 +231,7 @@
 			CVE-2021-26291.-->
 			<groupId>org.apache.maven.shared</groupId>
 			<artifactId>file-management</artifactId>
-			<version>3.1.0</version>
+			<version>3.2.0</version>
 		</dependency>
 
 	</dependencies>

src/main/java/com/siemens/pki/lightweightcmpclient/configuration/EnrollmentContextImpl.java

@@ -66,7 +66,12 @@ private KeyPair createKeyPair(final String upperKeyType) throws NoSuchAlgorithmE
         if (upperKeyType.startsWith("ED")) {
             return KeyPairGeneratorFactory.getEdDsaKeyPairGenerator(keyType).generateKeyPair();
         }
-        return KeyPairGeneratorFactory.getEcKeyPairGenerator(keyType).generateKeyPair();
+        try {
+            return KeyPairGeneratorFactory.getEcKeyPairGenerator(keyType).generateKeyPair();
+        } catch (GeneralSecurityException ex) {
+            return KeyPairGeneratorFactory.getGenericKeyPairGenerator(upperKeyType)
+                    .generateKeyPair();
+        }
     }
 
     @Override

src/main/java/com/siemens/pki/lightweightcmpclient/main/CliCmpClient.java

@@ -47,11 +47,11 @@
 import org.apache.commons.cli.CommandLine;
 import org.apache.commons.cli.CommandLineParser;
 import org.apache.commons.cli.DefaultParser;
-import org.apache.commons.cli.HelpFormatter;
 import org.apache.commons.cli.Option;
 import org.apache.commons.cli.OptionGroup;
 import org.apache.commons.cli.Options;
 import org.apache.commons.cli.ParseException;
+import org.apache.commons.cli.help.HelpFormatter;
 import org.bouncycastle.asn1.cmp.PKIBody;
 
 public class CliCmpClient {
@@ -317,7 +317,7 @@ private static int doGetCertificateRequestTemplate(final CommandLine cmd, final
     }
 
     private static int doGetCrls(final CommandLine cmd, final CmpClient client)
-            throws java.text.ParseException, CRLException, IOException {
+            throws java.text.ParseException, IOException, GeneralSecurityException {
         List<X509CRL> crls = null;
         if (cmd.hasOption(OPTION_oldCRL)) {
             final X509CRL crl = CredentialLoader.loadCRLs(new File(cmd.getOptionValue(OPTION_oldCRL)).toURI())
@@ -376,10 +376,9 @@ public static void main(final String[] args) {
         System.exit(ret);
     }
 
-    private static void printHelp() {
-        final HelpFormatter formatter = new HelpFormatter();
-        formatter.setOptionComparator(null);
-        formatter.printHelp("java -jar path/to/CmpClient.jar", cliOptions);
+    private static void printHelp() throws IOException {
+        final HelpFormatter formatter = HelpFormatter.builder().get();
+        formatter.printHelp("java -jar path/to/CmpClient.jar", null, cliOptions, null, true);
     }
 
     public static int runClient(final String... args) {
@@ -486,7 +485,12 @@ public static int runClient(final String... args) {
             return 2;
         } catch (final ParseException | java.text.ParseException e) {
             System.err.println("Client failed. Reason: " + e.getMessage());
-            printHelp();
+            try {
+                printHelp();
+            } catch (IOException e1) {
+                // TODO Auto-generated catch block
+                e1.printStackTrace();
+            }
             return 3;
         } catch (final Throwable e) {
             System.err.println("Client failed. Reason: " + e.getCause());

src/main/java/com/siemens/pki/lightweightcmpra/main/RA.java

@@ -26,18 +26,26 @@
 import com.siemens.pki.lightweightcmpra.downstream.DownstreamInterfaceFactory;
 import com.siemens.pki.lightweightcmpra.upstream.UpstreamInterface;
 import com.siemens.pki.lightweightcmpra.upstream.UpstreamInterfaceFactory;
+import java.security.Security;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Objects;
 import java.util.function.Supplier;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
 
 /**
  * main class
  *
  */
 public class RA {
 
+    static {
+        Security.addProvider(new BouncyCastleProvider());
+        Security.addProvider(new BouncyCastlePQCProvider());
+    }
+
     private static class CertProfileBodyTypeTupel {
         private final String certProfile;
         private final int bodyType;

src/test/java/com/siemens/pki/lightweightcmpclient/test/DelayedEnrollmentTestcaseBase.java

@@ -32,14 +32,14 @@ public class DelayedEnrollmentTestcaseBase extends EnrollmentTestcaseBase {
 
     @BeforeClass
     public static void setupRas() throws GeneralSecurityException, InterruptedException, Exception {
-        TestUtils.createDirectories("./target/CmpTest/Downstream", "./target/CmpTest/Upstream");
+        TestUtils.createDirectories("./target/CmpTest/Downstream_REV", "./target/CmpTest/Upstream_REV");
         initTestbed("DelayedEnrollmentRaTestConfig.yaml", "DelayedEnrollmentLraTestConfig.yaml");
     }
 
     @AfterClass
     public static void stopAllRas() {
         RA.stopAllRas();
-        TestUtils.removeDirectories("./target/CmpTest/Downstream", "./target/CmpTest/Upstream");
+        TestUtils.removeDirectories("./target/CmpTest/Downstream_REV", "./target/CmpTest/Upstream_REV");
     }
 
     @After

src/test/java/com/siemens/pki/lightweightcmpclient/test/TestEnrollmentForAllKeyTypes.java

@@ -0,0 +1,76 @@
+/*
+ *  Copyright (c) 2020 Siemens AG
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+package com.siemens.pki.lightweightcmpclient.test;
+
+import com.siemens.pki.lightweightcmpra.main.RA;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+
+@RunWith(Parameterized.class)
+public class TestEnrollmentForAllKeyTypes extends EnrollmentTestcaseBase {
+
+    @Parameters(name = "{0}")
+    public static Iterable<Object[]> data() throws GeneralSecurityException {
+        return Arrays.asList(new Object[][] {
+            //
+            {"ML-KEM-512"},
+            {"ML-KEM-1024"},
+            //
+            {"ML-DSA-44"},
+            {"SLH-DSA-SHA2-128S"},
+            {"RSA1024"},
+            {"RSA2048"},
+            {"Ed448"},
+            {"Ed25519"},
+            {"secp256r1"},
+            //
+        });
+    }
+
+    @BeforeClass
+    public static void setUpRas() throws Exception {
+        initTestbed("EnrollmentConfigWithHttpAndSignature.yaml");
+    }
+
+    @AfterClass
+    public static void stopAllRas() {
+        RA.stopAllRas();
+    }
+
+    private final String certProfile;
+
+    /**
+     * certificate from a trusted PKI with signature protection
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testCr() throws Exception {
+        enrollWithConfigAndCertProfile("ClientEnrollmentConfigWithDifferentKeys.yaml", certProfile);
+    }
+
+    public TestEnrollmentForAllKeyTypes(String certProfile) {
+        this.certProfile = certProfile;
+    }
+}

src/test/java/com/siemens/pki/lightweightcmpclient/test/TestKemEnrollmentLight.java

@@ -0,0 +1,67 @@
+/*
+ *  Copyright (c) 2020 Siemens AG
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+package com.siemens.pki.lightweightcmpclient.test;
+
+import com.siemens.pki.lightweightcmpra.main.RA;
+import java.security.GeneralSecurityException;
+import java.util.Arrays;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameters;
+
+@RunWith(Parameterized.class)
+public class TestKemEnrollmentLight extends EnrollmentTestcaseBase {
+
+    @Parameters(name = "{0}")
+    public static Iterable<Object[]> data() throws GeneralSecurityException {
+        return Arrays.asList(new Object[][] {
+            //
+            {"ML-KEM-512"},
+            //
+        });
+    }
+
+    @BeforeClass
+    public static void setUpRas() throws Exception {
+        initTestbed("EnrollmentConfigWithHttpAndSignature.yaml");
+    }
+
+    @AfterClass
+    public static void stopAllRas() {
+        RA.stopAllRas();
+    }
+
+    private final String certProfile;
+
+    /**
+     * certificate from a trusted PKI with signature protection
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testCr() throws Exception {
+        enrollWithConfigAndCertProfile("ClientEnrollmentConfigWithDifferentKeys.yaml", certProfile);
+    }
+
+    public TestKemEnrollmentLight(String certProfile) {
+        this.certProfile = certProfile;
+    }
+}

src/test/java/com/siemens/pki/lightweightcmpclient/test/TestOsslKemlIntegration.java

@@ -0,0 +1,46 @@
+/*
+ *  Copyright (c) 2020 Siemens AG
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *  SPDX-License-Identifier: Apache-2.0
+ */
+package com.siemens.pki.lightweightcmpclient.test;
+
+import com.siemens.pki.lightweightcmpra.main.RA;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class TestOsslKemlIntegration extends EnrollmentTestcaseBase {
+
+    @BeforeClass
+    public static void setUpRas() throws Exception {
+        initTestbed("EnrollmentOsslKem.yaml");
+    }
+
+    @AfterClass
+    public static void stopAllRas() {
+        RA.stopAllRas();
+    }
+
+    /**
+     * certificate from a trusted PKI with signature protection
+     *
+     * @throws Exception
+     */
+    @Test
+    public void testCr() throws Exception {
+        enrollWithConfig("ClientEnrollmentOsslKem.yaml");
+    }
+}