aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-27 13:11:53 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-27 13:11:53 +0200
commita8e726382b0472ad030d7a579fe8d6878a216bd4 (patch)
treeceeb6bb09073da926c95230cb80a8ff156ea1481
parente2e77ed55687cb92c6f5a273995daf64dedef848 (diff)
downloadmoa-zs-a8e726382b0472ad030d7a579fe8d6878a216bd4.tar.gz
moa-zs-a8e726382b0472ad030d7a579fe8d6878a216bd4.tar.bz2
moa-zs-a8e726382b0472ad030d7a579fe8d6878a216bd4.zip
Fixes; SSL Client Auth Works!
- Switch to java 12 for now. Reason: Bug [1] in JDK 11 (up to jdk-11+28) impairs SSLHandshake ("Unsupported Operation Exception"), but was fixed in Java 12. - Set HTTP policy to infinite. - Fix key/truststore path resolution - Fix NPE in ConfigUtil.merge - Rearrange application.yaml to include two config profiles (one with and one without SSL for the msg client). - Add key material for testcases (Note: expires: May 2 14:47:08 2020 GMT) - Update MsgClient Testcases [1] https://bugs.openjdk.java.net/browse/JDK-8214098
-rw-r--r--pom.xml2
-rw-r--r--src/main/java/at/gv/egiz/moazs/msg/MsgClient.java4
-rw-r--r--src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java19
-rw-r--r--src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java10
-rw-r--r--src/main/resources/application.yaml38
-rw-r--r--src/main/resources/ssl/client.cert.key.p12bin0 -> 6221 bytes
-rw-r--r--src/main/resources/ssl/truststore.jksbin0 -> 1648 bytes
-rw-r--r--src/main/resources/ssl/truststore.p12bin0 -> 1776 bytes
-rw-r--r--src/test/java/at/gv/egiz/moazs/MsgClientTest.java51
9 files changed, 78 insertions, 46 deletions
diff --git a/pom.xml b/pom.xml
index c27e764..37063b9 100644
--- a/pom.xml
+++ b/pom.xml
@@ -31,7 +31,7 @@
</repositories>
<properties>
- <java.version>11</java.version>
+ <java.version>12</java.version>
<cxf.version>3.3.0</cxf.version>
<springboot.version>2.1.3.RELEASE</springboot.version>
<commonspool2.version>2.6.2</commonspool2.version>
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
index 84a7801..d834eff 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
@@ -31,8 +31,8 @@ public class MsgClient {
private final String address;
//TODO: make configurable
- private final int connectionTimeout = 60;
- private final int receiveTimeout = 60;
+ private final int connectionTimeout = 0;
+ private final int receiveTimeout = 0;
@Nullable
private final SSLContext sslContext;
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
index d4cc9f1..071a243 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
@@ -4,6 +4,9 @@ import at.gv.egiz.moazs.util.FileUtils;
import at.gv.egiz.moazs.util.SSLContextCreator;
import at.gv.zustellung.app2mzs.xsd.ClientType;
import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
+import com.sun.istack.Nullable;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -14,6 +17,8 @@ import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
@Component
public class MsgClientFactory {
+ private static final Logger log = LoggerFactory.getLogger(MsgClientFactory.class);
+
private final StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor;
private final SSLContextCreator sslContextCreator;
private final FileUtils fileUtils;
@@ -47,10 +52,16 @@ public class MsgClientFactory {
return new MsgClient(storeResponseInterceptor, params.getURL(), sslContext);
}
- private KeyStoreType resolveKeyStorePath(KeyStoreType store) {
- return store == null ? null
- : keyStoreTypeBuilder(store)
- .withFileName(fileUtils.determinePath(store.getFileName()))
+ private KeyStoreType resolveKeyStorePath(@Nullable KeyStoreType store) {
+
+ if (store == null) return null;
+
+ var resolvedURI = "file:" + fileUtils.determinePath(store.getFileName());
+
+ log.trace("Resolved key store path from {} to {}.", store.getFileName(), resolvedURI);
+
+ return keyStoreTypeBuilder(store)
+ .withFileName(resolvedURI)
.build();
}
diff --git a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
index 1befd1d..aa86873 100644
--- a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
+++ b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
@@ -138,6 +138,11 @@ public class ConfigUtil {
}
private ClientType merge(ClientType primary, ClientType fallback) {
+
+ if (fallback == null) {
+ return primary;
+ }
+
var builder = clientTypeBuilder(fallback);
if (primary.getURL() != null) {
@@ -152,6 +157,11 @@ public class ConfigUtil {
}
private SSLType merge(SSLType primary, SSLType fallback) {
+
+ if (fallback == null) {
+ return primary;
+ }
+
var builder = SSLTypeBuilder(fallback);
if (primary.getKeyStore() != null) {
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index a0040ca..2d376a8 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -13,56 +13,34 @@ spring:
# Order: DeliveryRequest/Config > [chosen-profile] > default
delivery-request-configuration-profiles:
default:
-
perform-query-person-request: false
+ msg-client.url: http://localhost:8081/services/DeliveryRequest
- ## All parameters for MSG client.
+ ssl-profile:
+ perform-query-person-request: false
msg-client:
-
- url: http://localhost:8081/services/DeliveryRequest
-
+ url: https://localhost/zusemsg/services/DeliveryRequest
ssl:
-
## Boolean; if true, app will trust all server certificates;
## if false, server certificate needs to be in truststore.
trust-all: false
-
## Boolean; if true, app ignores mismatches between server's host name and
## Certificate's common name / alternative subject name.
lax-hostname-verification: false
-
## Parameters for ssl client auth
keystore:
- ## Absolute path to file
- filename: ssl/client.jks
+ ## Path to file
+ filename: ssl/client.cert.key.p12
## Password to unlock key store.
- password: 1233
+ password: 123456
## JKS or PKCS12
- type: JKS
-
-
-
- app-profile-1:
- msg:
- url: https://msg-url1.com
- perform-query-person-request: true
-
- app-profile-2:
- msg:
- url: https://msg-url2.com
+ type: PKCS12
## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration
## profile and continues startup. See 'delivery-request-configuration-profiles'.
## Default value: true
# verify-completeness-of-default-delivery-request-configuration: false
-## todo: fix this
-# ssl.keystore.file=../keys/www.egiz.gv.at.p12
-# egovutil.mis.ssl.keystore.password=OSgmSn!
-# egovutil.mis.ssl.keystore.type=PKCS12
-# egovutil.mis.ssl.trustall=true
-# egovutil.mis.ssl.laxhostnameverification=false
-
### logging
logging:
level:
diff --git a/src/main/resources/ssl/client.cert.key.p12 b/src/main/resources/ssl/client.cert.key.p12
new file mode 100644
index 0000000..f3becbf
--- /dev/null
+++ b/src/main/resources/ssl/client.cert.key.p12
Binary files differ
diff --git a/src/main/resources/ssl/truststore.jks b/src/main/resources/ssl/truststore.jks
new file mode 100644
index 0000000..3f90814
--- /dev/null
+++ b/src/main/resources/ssl/truststore.jks
Binary files differ
diff --git a/src/main/resources/ssl/truststore.p12 b/src/main/resources/ssl/truststore.p12
new file mode 100644
index 0000000..67eb611
--- /dev/null
+++ b/src/main/resources/ssl/truststore.p12
Binary files differ
diff --git a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
index 62df52d..294b2b8 100644
--- a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
+++ b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
@@ -7,25 +7,28 @@ import at.gv.egiz.moazs.scheme.Marshaller;
import at.gv.zustellung.app2mzs.xsd.ClientType;
import at.gv.zustellung.msg.xsd.DeliveryRequestType;
import at.gv.zustellung.msg.xsd.ObjectFactory;
+import org.junit.Test;
+import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.context.junit4.SpringRunner;
import javax.xml.bind.JAXBElement;
import java.io.BufferedInputStream;
import java.io.FileInputStream;
import java.io.IOException;
+import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
+import static at.gv.zustellung.app2mzs.xsd.SSLType.SSLTypeBuilder;
// @RunWith(SpringRunner.class)
// @SpringBootTest
-public class MsgClientTest {
-
- private final static Logger logger = LoggerFactory.getLogger(MsgClient.class);
- private String httpServiceUri = "http://localhost:8081/services/DeliveryRequest";
- private String sslServiceUri = "https://localhost/zusemsg/services/DeliveryRequest";
+public class MsgClientTest {
+ private final static Logger log = LoggerFactory.getLogger(MsgClient.class);
private final String basePath = "src/test/resources/at/gv/egiz/moazs/MsgClientTest/";
@Autowired
@@ -46,27 +49,57 @@ public class MsgClientTest {
public void sendValidMessage() throws IOException {
var request = loadFromFile("validDeliveryRequest.xml");
+ var httpServiceUri = "http://localhost:8081/services/DeliveryRequest";
var clientParams = generateClientParams(httpServiceUri);
var client = factory.create(clientParams);
try{
var status = client.send(request);
- logger.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryResponse(status)));
+ log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryResponse(status)));
} catch (Exception ex) {
System.out.println(ex.getMessage());
}
}
//@Test
- public void sendValidMessageToSSL() throws IOException {
+ public void sendValidMessageSSL() throws IOException {
var request = loadFromFile("validDeliveryRequest.xml");
- var clientParams = generateClientParams(sslServiceUri);
+ var sslServiceUri = "https://localhost/zusemsg/services/DeliveryRequest";
+ var clientParams = generateSSLClientParams(sslServiceUri);
var client = factory.create(clientParams);
var status = client.send(request);
+ log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
+
+ }
+
+ private ClientType generateSSLClientParams(String sslServiceUri) {
+
+ var keystore = keyStoreTypeBuilder()
+ .withFileName("ssl/client.cert.key.p12")
+ .withFileType("PKCS12")
+ .withPassword("123456")
+ .build();
+
+ var truststore = keyStoreTypeBuilder()
+ .withFileName("ssl/truststore.jks")
+ .withPassword("123456")
+ .withFileType("JKS")
+ .build();
+
+ var sslParams = SSLTypeBuilder()
+ .withLaxHostNameVerification(false)
+ .withTrustAll(false)
+ .withKeyStore(keystore)
+ .withTrustStore(truststore)
+ .build();
+
+ return ClientType.clientTypeBuilder()
+ .withURL(sslServiceUri)
+ .withSSL(sslParams)
+ .build();
- logger.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
}
private DeliveryRequestType loadFromFile(String fileName) throws IOException {