Protect MsgClient via SSL (ink Client Authentication)

- Add Component to create SSLContexts with own Key- and trust store.
- Inject SSLContext into HTTP Client.
- Add EAAF-Components Core Dependency, which is needed by
  SSLContextCreator (KeyStoreUtils).

Schema Changes in mzs:DeliveryRequest/Config:
- Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1,
  Server replaces the result of zkopf query person request. Since this
  zkopf interface does not exist anymore, Server was removed.
- Add ClientType, which holds all parameters needed to connect to a
  service (Url, SSL params, a.o.).

Configuration:
- Add default parameters for SSL Clients in application.yaml.
- Merge default parameters into incoming mzs:DeliveryRequests.

MoaZSException Fixes:
- Remove "Extends throwable" from Builder.
- Add convenient shorthand init method (message, throwable).

Refactor:
- Put "determinePath" to FileUtils.
- Put string related utility functions into StringUtils.

1 files changed, 47 insertions, 4 deletions

diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
index c2cf34f..d4cc9f1 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java
@@ -1,14 +1,57 @@
 package at.gv.egiz.moazs.msg;
 
-import at.gv.zustellung.app2mzs.xsd.ConfigType;
-import at.gv.zustellung.msg.xsd.DeliveryRequestType;
+import at.gv.egiz.moazs.util.FileUtils;
+import at.gv.egiz.moazs.util.SSLContextCreator;
+import at.gv.zustellung.app2mzs.xsd.ClientType;
+import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import javax.net.ssl.SSLContext;
+
+import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
+
 @Component
 public class MsgClientFactory {
 
-    public MsgClient create(DeliveryRequestType msgRequest, ConfigType config, StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor) {
-        return new MsgClient(msgRequest, config, storeResponseInterceptor);
+    private final StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor;
+    private final SSLContextCreator sslContextCreator;
+    private final FileUtils fileUtils;
+
+
+    @Autowired
+    public MsgClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor, SSLContextCreator creator, FileUtils fileUtils) {
+        this.storeResponseInterceptor = storeResponseInterceptor;
+        this.sslContextCreator = creator;
+        this.fileUtils = fileUtils;
+    }
+
+
+    /**
+     * Creates a client that communicates with a msg service.
+     *
+     * @param params for the client, such as service url and ssl parameters.
+     * @return the msg client
+     */
+    //TODO evaluate and honor laxhostnameverification and trustall parameter!
+    public MsgClient create(ClientType params) {
+
+        SSLContext sslContext = null;
+
+        if (params.getURL().startsWith("https")) {
+            var keystore = resolveKeyStorePath(params.getSSL().getKeyStore());
+            var truststore = resolveKeyStorePath(params.getSSL().getTrustStore());
+            sslContext = sslContextCreator.createSSLContext(keystore, truststore);
+        }
+
+        return new MsgClient(storeResponseInterceptor, params.getURL(), sslContext);
+    }
+
+    private KeyStoreType resolveKeyStorePath(KeyStoreType store) {
+        return store == null ? null
+            : keyStoreTypeBuilder(store)
+                .withFileName(fileUtils.determinePath(store.getFileName()))
+                .build();
     }
 
 }