Skip to content

Fix #1822: Update vault unlock for crypto4 #2003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: features/crypto4
Choose a base branch
from

Conversation

romanstrobl
Copy link
Member

Implementation of vault unlock for crypto4.

@romanstrobl romanstrobl requested a review from jnpsk July 8, 2025 10:50
@romanstrobl romanstrobl self-assigned this Jul 8, 2025
Copy link
Collaborator

@jnpsk jnpsk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

* @throws GenericServiceException Thrown in case vault unlock reason format is invalid.
*/
private void checkVaultUnlockReason(String reason) throws GenericServiceException {
if (reason != null && !reason.matches("[A-Za-z0-9_\\-.]{3,255}")) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will compile the regex into Pattern object every time. We can get some performance benefit by defining static final Pattern.

* Decrypt the incoming AEAD request.
*
* @param request Vault unlock request.
* @return Vault unlok decryption result.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo

Suggested change
* @return Vault unlok decryption result.
* @return Vault unlock decryption result.

* @throws GenericServiceException Thrown in case key identifier is invalid.
*/
private void checkKeyIdentifier(String keyIdentifier, AuthenticationCodeType authenticationCodeType, String applicationId) throws GenericServiceException {
if (keyIdentifier == null) {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the specification recommends a fallback to v3 if the identifier is null, but I guess this is solved by dedicated endpoints?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants