diff options
author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-26 08:47:58 +0200 |
---|---|---|
committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-26 08:47:58 +0200 |
commit | e2e77ed55687cb92c6f5a273995daf64dedef848 (patch) | |
tree | c5955745715a513d2875fcd348a5d50d964c9b72 /src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java | |
parent | 97aadc426ca2f61dccd58a05f37d065b2752ef6d (diff) | |
download | moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.gz moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.bz2 moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.zip |
Protect MsgClient via SSL (ink Client Authentication)
- Add Component to create SSLContexts with own Key- and trust store.
- Inject SSLContext into HTTP Client.
- Add EAAF-Components Core Dependency, which is needed by
SSLContextCreator (KeyStoreUtils).
Schema Changes in mzs:DeliveryRequest/Config:
- Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1,
Server replaces the result of zkopf query person request. Since this
zkopf interface does not exist anymore, Server was removed.
- Add ClientType, which holds all parameters needed to connect to a
service (Url, SSL params, a.o.).
Configuration:
- Add default parameters for SSL Clients in application.yaml.
- Merge default parameters into incoming mzs:DeliveryRequests.
MoaZSException Fixes:
- Remove "Extends throwable" from Builder.
- Add convenient shorthand init method (message, throwable).
Refactor:
- Put "determinePath" to FileUtils.
- Put string related utility functions into StringUtils.
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java')
-rw-r--r-- | src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java | 51 |
1 files changed, 47 insertions, 4 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java index c2cf34f..d4cc9f1 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java +++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java @@ -1,14 +1,57 @@ package at.gv.egiz.moazs.msg; -import at.gv.zustellung.app2mzs.xsd.ConfigType; -import at.gv.zustellung.msg.xsd.DeliveryRequestType; +import at.gv.egiz.moazs.util.FileUtils; +import at.gv.egiz.moazs.util.SSLContextCreator; +import at.gv.zustellung.app2mzs.xsd.ClientType; +import at.gv.zustellung.app2mzs.xsd.KeyStoreType; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.net.ssl.SSLContext; + +import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder; + @Component public class MsgClientFactory { - public MsgClient create(DeliveryRequestType msgRequest, ConfigType config, StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor) { - return new MsgClient(msgRequest, config, storeResponseInterceptor); + private final StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor; + private final SSLContextCreator sslContextCreator; + private final FileUtils fileUtils; + + + @Autowired + public MsgClientFactory(StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor, SSLContextCreator creator, FileUtils fileUtils) { + this.storeResponseInterceptor = storeResponseInterceptor; + this.sslContextCreator = creator; + this.fileUtils = fileUtils; + } + + + /** + * Creates a client that communicates with a msg service. + * + * @param params for the client, such as service url and ssl parameters. + * @return the msg client + */ + //TODO evaluate and honor laxhostnameverification and trustall parameter! + public MsgClient create(ClientType params) { + + SSLContext sslContext = null; + + if (params.getURL().startsWith("https")) { + var keystore = resolveKeyStorePath(params.getSSL().getKeyStore()); + var truststore = resolveKeyStorePath(params.getSSL().getTrustStore()); + sslContext = sslContextCreator.createSSLContext(keystore, truststore); + } + + return new MsgClient(storeResponseInterceptor, params.getURL(), sslContext); + } + + private KeyStoreType resolveKeyStorePath(KeyStoreType store) { + return store == null ? null + : keyStoreTypeBuilder(store) + .withFileName(fileUtils.determinePath(store.getFileName())) + .build(); } } |