WIP: SSL Client Auth

- Refactor MsgClient: Not a Singleton anymore. Use MsgClientFactory to make a client. Make request and config private fields. - Add configuration parameters to application.yaml. - Init SSL client auth testcase, but dont include in testsuite because it aint working yet.
author: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> 2019-05-21 13:47:34 +0200
committer: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> 2019-05-21 13:47:34 +0200
commit: 59a13bea5783aa666bcbcec793df19f129965ff3 (patch)
tree: 15049405249a0940484e3f177e5c5b51cb5458e9
parent: 96f82d09c22853ce3b37db0983ce6ccc34c2587f (diff)
download: moa-zs-59a13bea5783aa666bcbcec793df19f129965ff3.tar.gz
moa-zs-59a13bea5783aa666bcbcec793df19f129965ff3.tar.bz2
moa-zs-59a13bea5783aa666bcbcec793df19f129965ff3.zip
7 files changed, 143 insertions, 23 deletions
diff --git a/pom.xml b/pom.xml
index 716e901..f2724c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -25,6 +25,7 @@
     <jaxwsapi.version>2.3.1</jaxwsapi.version>
     <jwsapi.version>1.1</jwsapi.version>
     <jedisclient.version>2.9.3</jedisclient.version>
+    <!--<egovutils.version>2.0.7-snapshot</egovutils.version>-->
     <guava.version>27.1-jre</guava.version>
     <immutable-xjc-plugin.version>1.5</immutable-xjc-plugin.version>
     <jacoco.version>0.8.3</jacoco.version>
@@ -96,6 +97,12 @@
       <artifactId>javax.jws-api</artifactId>
       <version>${jwsapi.version}</version>
     </dependency>
+
+    <!--<dependency>-->
+      <!--<groupId>at.gv.util</groupId>-->
+      <!--<artifactId>egovutils</artifactId>-->
+      <!--<version>${egovutils.version}</version>-->
+    <!--</dependency>-->
   </dependencies>
 
   <build>
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
index 47ee8c3..6f0b1d9 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
@@ -4,24 +4,64 @@ import at.gv.zustellung.app2mzs.xsd.ConfigType;
 import at.gv.zustellung.msg.xsd.App2ZusePort;
 import at.gv.zustellung.msg.xsd.DeliveryRequestStatusType;
 import at.gv.zustellung.msg.xsd.DeliveryRequestType;
+import org.apache.cxf.jaxws.JaxWsClientFactoryBean;
 import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
-import org.springframework.stereotype.Component;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
-@Component
 public class MsgClient {
 
-    public DeliveryRequestStatusType send(DeliveryRequestType msgRequest, ConfigType config) {
-        var address = config.getServer().getZUSEUrlID();
-        var proxy = connect(address);
+    private static final Logger log = LoggerFactory.getLogger(MsgClient.class);
+
+    private final DeliveryRequestType msgRequest;
+    private final ConfigType config;
+
+    MsgClient(DeliveryRequestType msgRequest, ConfigType config) {
+        this.msgRequest = msgRequest;
+        this.config = config;
+    }
+
+    public DeliveryRequestStatusType send() {
+
+        var proxy = connect(config);
+
         return proxy.delivery(msgRequest);
 
     }
 
-    private App2ZusePort connect(String address) {
+    private App2ZusePort connect(ConfigType config) {
+
+        new JaxWsClientFactoryBean();
+
+        var address = config.getServer().getZUSEUrlID();
         var factory = new JaxWsProxyFactoryBean();
         factory.setServiceClass(App2ZusePort.class);
         factory.setAddress(address);
-        return (App2ZusePort) factory.create();
+
+        var proxy = factory.create();
+
+//        var client = ClientProxy.getClient(proxy);
+//        var conduit = (HTTPConduit) client.getConduit();
+//
+//        if (addressIsHttps(address)) {
+//            var tlsParams = new TLSClientParameters();
+//            tlsParams.setSSLSocketFactory(createSSLContext().getSocketFactory());
+//            conduit.setTlsClientParameters(tlsParams);
+//        }
+
+        return (App2ZusePort) proxy;
+    }
+
+//    private SSLContext createSSLContext() {
+//        java.util.Properties props = new Properties();
+//        props.entrySet();
+//
+//        // return SSLUtils.getPropertiesSSLContext(this.props, this.configDir, this.propsPrefix, forceTrustAllManager);
+//        return null;
+//    }
+
+    private boolean addressIsHttps(String address) {
+        return address.startsWith("https://");
     }
 
 }
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
new file mode 100644
index 0000000..9884bd5
--- /dev/null
+++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
@@ -0,0 +1,14 @@
+package at.gv.egiz.moazs.msg;
+
+import at.gv.zustellung.app2mzs.xsd.ConfigType;
+import at.gv.zustellung.msg.xsd.DeliveryRequestType;
+import org.springframework.stereotype.Component;
+
+@Component
+public class MsgClientFactory {
+
+    public MsgClient create(DeliveryRequestType msgRequest, ConfigType config) {
+        return new MsgClient(msgRequest, config);
+    }
+
+}
diff --git a/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java b/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
index 3d7f8e9..bfd05b2 100644
--- a/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
+++ b/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java
@@ -2,6 +2,7 @@ package at.gv.egiz.moazs.pipeline;
 
 
 import at.gv.egiz.moazs.msg.MsgClient;
+import at.gv.egiz.moazs.msg.MsgClientFactory;
 import at.gv.egiz.moazs.tnvz.TnvzClient;
 import at.gv.egiz.moazs.repository.DeliveryRepository;
 import at.gv.egiz.moazs.scheme.Mzs2MsgConverter;
@@ -27,17 +28,17 @@ public class SameThreadDeliveryPipeline implements DeliveryPipeline {
     private final DeliveryRepository repository;
     private final TnvzClient tnvzClient;
     private final Mzs2MsgConverter converter;
-    private final MsgClient msgClient;
+    private final MsgClientFactory msgClientFactory;
 
     @Autowired
     public SameThreadDeliveryPipeline(DeliveryRepository repository,
                                       TnvzClient tnvzClient,
                                       Mzs2MsgConverter converter,
-                                      MsgClient msgClient) {
+                                      MsgClientFactory msgClientFactory) {
         this.repository = repository;
         this.tnvzClient = tnvzClient;
         this.converter = converter;
-        this.msgClient = msgClient;
+        this.msgClientFactory = msgClientFactory;
     }
 
     @Override
@@ -48,7 +49,8 @@ public class SameThreadDeliveryPipeline implements DeliveryPipeline {
                 ? converter.convert(mzsRequest, queryPerson(mzsRequest))
                 : converter.convert(mzsRequest);
 
-        var status = msgClient.send(msgRequest, mzsRequest.getConfig());
+        var msgClient = msgClientFactory.create(msgRequest, mzsRequest.getConfig());
+        var status = msgClient.send();
         repository.add(status);
     }
 
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index a59c460..d43e7dc 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -13,9 +13,31 @@ spring:
 # Order: DeliveryRequest/Config > [chosen-profile] > default
 delivery-request-configuration-profiles:
   default:
+    ## All parameters for MSG client.
     msg:
-      url: http://localhost:8081/
-      x509: todo!
+
+      ## How to reach
+      url: http://localhost:8081/services/DeliveryRequest
+      ssl:
+
+        ## Parameters for ssl client auth
+        keystore:
+          ## Absolute path to file
+          filename:
+          ## Password to unlock key store.
+          password: 1233
+          ## JKS or PKCS12
+          type: JKS
+
+        ## Boolean; if true, app will trust all server certificates;
+        ## if false, server certificate needs to be in truststore.
+        trustall: false
+
+        ## Boolean; if true, app ignores mismatches between server's host name and
+        ## Certificate's common name / alternative subject name.
+        laxhostnameverification: false
+
+
     perform-query-person-request: false
 
   app-profile-1:
@@ -27,7 +49,20 @@ delivery-request-configuration-profiles:
     msg:
       url: https://msg-url2.com
 
+key-store-profiles:
+  msg-key-store:
+
+
+
+
 ## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration
 ## profile and continues startup. See 'delivery-request-configuration-profiles'.
 ## Default value: true
-# verify-completeness-of-default-delivery-request-configuration: false
-\ No newline at end of file
+# verify-completeness-of-default-delivery-request-configuration: false
+
+
+#  ssl.keystore.file=../keys/www.egiz.gv.at.p12
+#  egovutil.mis.ssl.keystore.password=OSgmSn!
+#  egovutil.mis.ssl.keystore.type=PKCS12
+#  egovutil.mis.ssl.trustall=true
+#  egovutil.mis.ssl.laxhostnameverification=false
+\ No newline at end of file
diff --git a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
index 6dc94e0..5b6419f 100644
--- a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
+++ b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
@@ -1,6 +1,7 @@
 package at.gv.egiz.moazs;
 
 import at.gv.egiz.moazs.msg.MsgClient;
+import at.gv.egiz.moazs.msg.MsgClientFactory;
 import at.gv.egiz.moazs.scheme.Marshaller;
 import at.gv.zustellung.app2mzs.xsd.ConfigType;
 import at.gv.zustellung.msg.xsd.DeliveryRequestType;
@@ -28,25 +29,41 @@ public class MsgClientTest {
 
     private final static Logger logger = LoggerFactory.getLogger(MsgClient.class);
 
-    private final String serviceUri = "http://localhost:8081/services/DeliveryRequest";
+    private String httpServiceUri =  "http://localhost:8081/services/DeliveryRequest";
+    private String sslServiceUri = "https://localhost/zusemsg/services/DeliveryRequest";
+
     private final String basePath = "src/test/resources/at/gv/egiz/moazs/MsgClientTest/";
 
+    private MsgClientFactory factory = new MsgClientFactory();
+
     @Autowired
     private Marshaller msgMarshaller;
 
     private static final ObjectFactory OF = new ObjectFactory();
 
 
-    // this test requires that a zusemsg service runs under serviceUri!
+    // this test requires that a zusemsg service runs under httpServiceUri!
 
     @Test
     public void sendValidMessage() throws IOException {
 
         var request = loadFromFile("validDeliveryRequest.xml");
-        var config = generateConfig();
-        var client = new MsgClient();
+        var config = generateConfig(httpServiceUri);
+        var client = factory.create(request, config);
+
+        var status = client.send();
+
+        logger.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
+    }
+
+    //@Test
+    public void sendValidMessageToSSL() throws IOException {
+
+        var request = loadFromFile("validDeliveryRequest.xml");
+        var config = generateConfig(sslServiceUri);
+        var client = factory.create(request, config);
 
-        var status = client.send(request, config);
+        var status = client.send();
 
         logger.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
     }
@@ -58,10 +75,10 @@ public class MsgClientTest {
         }
     }
 
-    private ConfigType generateConfig() {
+    private ConfigType generateConfig(String zuseUrl) {
 
         var server = serverTypeBuilder()
-                .withZUSEUrlID(serviceUri)
+                .withZUSEUrlID(zuseUrl)
                 .build();
 
         return configTypeBuilder()
diff --git a/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java b/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java
index 9ee3ceb..5e4b9b0 100644
--- a/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java
+++ b/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java
@@ -1,6 +1,7 @@
 package at.gv.egiz.moazs;
 
 import at.gv.egiz.moazs.msg.MsgClient;
+import at.gv.egiz.moazs.msg.MsgClientFactory;
 import at.gv.egiz.moazs.pipeline.DeliveryPipeline;
 import at.gv.egiz.moazs.pipeline.SameThreadDeliveryPipeline;
 import at.gv.egiz.moazs.repository.DeliveryRepository;
@@ -46,6 +47,9 @@ public class SameThreadDeliveryPipelineTest {
     private TnvzClient tnvzClient;
 
     @Mock
+    private MsgClientFactory msgClientFactory;
+
+    @Mock
     private MsgClient msgClient;
 
     @Mock
@@ -56,7 +60,7 @@ public class SameThreadDeliveryPipelineTest {
 
     @Before
     public void setup() {
-        pipeline = new SameThreadDeliveryPipeline(repository, tnvzClient, converter, msgClient);
+        pipeline = new SameThreadDeliveryPipeline(repository, tnvzClient, converter, msgClientFactory);
     }
 
     @Test
@@ -129,7 +133,8 @@ public class SameThreadDeliveryPipelineTest {
         when(tnvzClient.queryPerson(any(), any())).thenReturn(setupTnvzSuccess(acceptedTypes));
         when(converter.convert(eq(mzsRequest)       )).thenReturn(msgRequest);
         when(converter.convert(eq(mzsRequest), any())).thenReturn(msgRequest);
-        when(msgClient.send(msgRequest, mzsRequest.getConfig())).thenReturn(status);
+        when(msgClientFactory.create(msgRequest, mzsRequest.getConfig())).thenReturn(msgClient);
+        when(msgClient.send()).thenReturn(status);
 
         return status;
author	Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>	2019-05-21 13:47:34 +0200
committer	Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>	2019-05-21 13:47:34 +0200
commit	59a13bea5783aa666bcbcec793df19f129965ff3 (patch)
tree	15049405249a0940484e3f177e5c5b51cb5458e9
parent	96f82d09c22853ce3b37db0983ce6ccc34c2587f (diff)
download	moa-zs-59a13bea5783aa666bcbcec793df19f129965ff3.tar.gz moa-zs-59a13bea5783aa666bcbcec793df19f129965ff3.tar.bz2 moa-zs-59a13bea5783aa666bcbcec793df19f129965ff3.zip