diff options
| author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-26 08:47:58 +0200 |
|---|---|---|
| committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-26 08:47:58 +0200 |
| commit | e2e77ed55687cb92c6f5a273995daf64dedef848 (patch) | |
| tree | c5955745715a513d2875fcd348a5d50d964c9b72 /src/main/java/at/gv/egiz/moazs/msg/MsgClient.java | |
| parent | 97aadc426ca2f61dccd58a05f37d065b2752ef6d (diff) | |
| download | moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.gz moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.bz2 moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.zip | |
Protect MsgClient via SSL (ink Client Authentication)
- Add Component to create SSLContexts with own Key- and trust store.
- Inject SSLContext into HTTP Client.
- Add EAAF-Components Core Dependency, which is needed by
SSLContextCreator (KeyStoreUtils).
Schema Changes in mzs:DeliveryRequest/Config:
- Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1,
Server replaces the result of zkopf query person request. Since this
zkopf interface does not exist anymore, Server was removed.
- Add ClientType, which holds all parameters needed to connect to a
service (Url, SSL params, a.o.).
Configuration:
- Add default parameters for SSL Clients in application.yaml.
- Merge default parameters into incoming mzs:DeliveryRequests.
MoaZSException Fixes:
- Remove "Extends throwable" from Builder.
- Add convenient shorthand init method (message, throwable).
Refactor:
- Put "determinePath" to FileUtils.
- Put string related utility functions into StringUtils.
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs/msg/MsgClient.java')
| -rw-r--r-- | src/main/java/at/gv/egiz/moazs/msg/MsgClient.java | 64 |
1 files changed, 49 insertions, 15 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java index 82f172d..84a7801 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java +++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java @@ -1,46 +1,80 @@ package at.gv.egiz.moazs.msg; -import at.gv.zustellung.app2mzs.xsd.ConfigType; import at.gv.zustellung.msg.xsd.App2ZusePort; +import at.gv.zustellung.msg.xsd.App2ZusePortService; import at.gv.zustellung.msg.xsd.DeliveryRequestStatusType; import at.gv.zustellung.msg.xsd.DeliveryRequestType; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Client; +import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.jaxws.JaxWsClientFactoryBean; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; import org.apache.cxf.message.Message; import org.apache.cxf.phase.PhaseInterceptor; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.lang.Nullable; +import javax.net.ssl.SSLContext; + +//TODO: Rethink design. could this entire class be replaced? +// Because everything the send() method does could be initialized in +// the MsgClientFactory as well. public class MsgClient { - private final DeliveryRequestType msgRequest; - private final ConfigType config; + private static final Logger log = LoggerFactory.getLogger(MsgClient.class); + private final PhaseInterceptor<? extends Message> interceptor; - public MsgClient(DeliveryRequestType msgRequest, ConfigType config, PhaseInterceptor<? extends Message> interceptor) { - this.msgRequest = msgRequest; - this.config = config; + private final String address; + + //TODO: make configurable + private final int connectionTimeout = 60; + private final int receiveTimeout = 60; + + @Nullable + private final SSLContext sslContext; + + public MsgClient(PhaseInterceptor<? extends Message> interceptor, + String address, + @Nullable SSLContext sslContext) { this.interceptor = interceptor; + this.address = address; + this.sslContext = sslContext; } /** * Send {@code msgRequest} to {@code Config/Server/ZUSEUrlID} and run {@code interceptor} on response. * @return */ - public DeliveryRequestStatusType send() { - var proxy = connect(config); - return proxy.delivery(msgRequest); - } - - private App2ZusePort connect(ConfigType config) { - - var address = config.getServer().getZUSEUrlID(); + public DeliveryRequestStatusType send(DeliveryRequestType msgRequest) { var factory = new JaxWsClientFactoryBean(); + factory.setServiceClass(App2ZusePort.class); factory.setAddress(address); factory.getInInterceptors().add(interceptor); var proxy = new JaxWsProxyFactoryBean(factory).create(); - return (App2ZusePort) proxy; + Client client = ClientProxy.getClient(proxy); + HTTPConduit http = (HTTPConduit) client.getConduit(); + + var httpClientPolicy = new HTTPClientPolicy(); + httpClientPolicy.setConnectionTimeout(connectionTimeout); + httpClientPolicy.setReceiveTimeout(receiveTimeout); + http.setClient(httpClientPolicy); + + if (sslContext != null) { + var tlsParams = new TLSClientParameters(); + tlsParams.setSSLSocketFactory(sslContext.getSocketFactory()); + http.setTlsClientParameters(tlsParams); + log.info("SSLContext initialized. "); + } + + return ((App2ZusePort)proxy).delivery(msgRequest); } + } |