aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/gv/egiz/moazs/preprocess
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-26 08:47:58 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-26 08:47:58 +0200
commite2e77ed55687cb92c6f5a273995daf64dedef848 (patch)
treec5955745715a513d2875fcd348a5d50d964c9b72 /src/main/java/at/gv/egiz/moazs/preprocess
parent97aadc426ca2f61dccd58a05f37d065b2752ef6d (diff)
downloadmoa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.gz
moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.bz2
moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.zip
Protect MsgClient via SSL (ink Client Authentication)
- Add Component to create SSLContexts with own Key- and trust store. - Inject SSLContext into HTTP Client. - Add EAAF-Components Core Dependency, which is needed by SSLContextCreator (KeyStoreUtils). Schema Changes in mzs:DeliveryRequest/Config: - Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1, Server replaces the result of zkopf query person request. Since this zkopf interface does not exist anymore, Server was removed. - Add ClientType, which holds all parameters needed to connect to a service (Url, SSL params, a.o.). Configuration: - Add default parameters for SSL Clients in application.yaml. - Merge default parameters into incoming mzs:DeliveryRequests. MoaZSException Fixes: - Remove "Extends throwable" from Builder. - Add convenient shorthand init method (message, throwable). Refactor: - Put "determinePath" to FileUtils. - Put string related utility functions into StringUtils.
Diffstat (limited to 'src/main/java/at/gv/egiz/moazs/preprocess')
-rw-r--r--src/main/java/at/gv/egiz/moazs/preprocess/ConfigProfileGenerator.java19
-rw-r--r--src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java183
-rw-r--r--src/main/java/at/gv/egiz/moazs/preprocess/DeliveryRequestAugmenter.java6
3 files changed, 168 insertions, 40 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigProfileGenerator.java b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigProfileGenerator.java
index be14852..fa1ccd6 100644
--- a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigProfileGenerator.java
+++ b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigProfileGenerator.java
@@ -1,6 +1,7 @@
package at.gv.egiz.moazs.preprocess;
import at.gv.egiz.moazs.MoaZSException;
+import at.gv.egiz.moazs.util.StringUtils;
import at.gv.zustellung.app2mzs.xsd.ConfigType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -58,9 +59,9 @@ public class ConfigProfileGenerator {
var groupedKeys = properties.getPropertyNames()
.filter(this::isConfigurationProfileProperty)
- .map(this::removePrefix)
- .filter(this::hasPrefix)
- .collect(groupingBy(this::keepPrefix, mapping(this::removePrefix, toSet())));
+ .map(StringUtils::removePrefix)
+ .filter(StringUtils::hasPrefix)
+ .collect(groupingBy(StringUtils::keepPrefix, mapping(StringUtils::removePrefix, toSet())));
var profiles = groupedKeys.entrySet().stream()
.collect(toUnmodifiableMap(Entry::getKey, this::createConfigFromEnv));
@@ -78,22 +79,10 @@ public class ConfigProfileGenerator {
return defaultProfile == null ? profiles : mergeProfiles(profiles, defaultProfile);
}
- private boolean hasPrefix(String name) {
- return name.indexOf('.') != -1;
- }
-
private boolean isConfigurationProfileProperty(String propName) {
return propName.startsWith(profilePrefix + ".");
}
- private String keepPrefix(String name) {
- return name.substring(0, name.indexOf('.'));
- }
-
- private String removePrefix(String name) {
- return name.substring(name.indexOf('.') + 1);
- }
-
private ConfigType createConfigFromEnv(Entry<String, Set<String>> entry) {
var profile = entry.getKey();
diff --git a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
index 3fef4bd..1befd1d 100644
--- a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
+++ b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
@@ -1,20 +1,37 @@
package at.gv.egiz.moazs.preprocess;
+import at.gv.egiz.moazs.util.StringUtils;
+import at.gv.zustellung.app2mzs.xsd.ClientType;
import at.gv.zustellung.app2mzs.xsd.ConfigType;
-import at.gv.zustellung.app2mzs.xsd.ServerType;
+import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
+import at.gv.zustellung.app2mzs.xsd.SSLType;
import org.springframework.lang.Nullable;
import org.springframework.stereotype.Component;
import java.util.Map;
+import static at.gv.zustellung.app2mzs.xsd.ClientType.clientTypeBuilder;
import static at.gv.zustellung.app2mzs.xsd.ConfigType.configTypeBuilder;
-import static at.gv.zustellung.app2mzs.xsd.ServerType.serverTypeBuilder;
+import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder;
+import static at.gv.zustellung.app2mzs.xsd.SSLType.SSLTypeBuilder;
+import static java.util.stream.Collectors.toMap;
@Component
public class ConfigUtil {
- private static final String TNVZ_REQUEST_KEY = "perform-query-person-request";
- private static final String MSG_URL_KEY = "msg.url";
+ public static final String TNVZ_REQUEST_KEY = "perform-query-person-request";
+ public static final String MSG_CLIENT_KEY = "msg-client";
+ public static final String TNVZ_CLIENT_KEY = "tnvz-client";
+ public static final String URL_KEY = "url";
+ public static final String SSL_KEY = "ssl";
+ public static final String TRUST_ALL_KEY = "trust-all";
+ public static final String LAX_HOSTNAME_VERIFICATION_KEY = "lax-hostname-verification";
+ public static final String KEYSTORE_KEY = "keystore";
+ public static final String TRUSTSTORE_KEY = "truststore";
+ public static final String FILENAME_KEY = "filename";
+ public static final String FILETYPE_KEY = "filetype";
+ public static final String PASSWORD_KEY = "password";
+
/**
* Convert a map into a Config object.
@@ -23,16 +40,74 @@ public class ConfigUtil {
* @return Config
*/
public ConfigType convert(Map<String, String> values) {
- var server = serverTypeBuilder()
- .withZUSEUrlID(values.get(MSG_URL_KEY))
- .build();
-
Boolean performQueryPersonRequest = values.get(TNVZ_REQUEST_KEY) == null
? null : Boolean.getBoolean(values.get(TNVZ_REQUEST_KEY));
+ var msgClientParams = filterMapByPrefix(values, MSG_CLIENT_KEY);
+ ClientType msgClient = msgClientParams.isEmpty()
+ ? null : buildClient(msgClientParams);
+
+ var tnvzClientParams = filterMapByPrefix(values, TNVZ_CLIENT_KEY);
+ ClientType tnvzClient = tnvzClientParams.isEmpty()
+ ? null : buildClient(tnvzClientParams);
+
return ConfigType.configTypeBuilder()
.withPerformQueryPersonRequest(performQueryPersonRequest)
- .withServer(server)
+ .withMSGClient(msgClient)
+ .withTNVZClient(tnvzClient)
+ .build();
+ }
+
+ private Map<String, String> filterMapByPrefix(Map<String, String> values, String prefix) {
+ return values.entrySet().stream()
+ .filter(entry -> entry.getKey().startsWith(prefix))
+ .collect(toMap(e -> StringUtils.removePrefix(e.getKey()), Map.Entry::getValue));
+ }
+
+
+ private ClientType buildClient(Map<String, String> clientParams) {
+
+ var url = clientParams.get(URL_KEY);
+
+ var sslParams = filterMapByPrefix(clientParams, SSL_KEY);
+ SSLType ssl = sslParams.isEmpty()
+ ? null : buildSSL(sslParams);
+
+ return clientTypeBuilder().withURL(url).withSSL(ssl).build();
+
+ }
+
+ private SSLType buildSSL(Map<String, String> sslParams) {
+
+ var keyStoreParams = filterMapByPrefix(sslParams, KEYSTORE_KEY);
+ KeyStoreType keyStore = keyStoreParams.isEmpty()
+ ? null : buildKeyStore(keyStoreParams);
+
+ var trustStoreParams = filterMapByPrefix(sslParams, TRUSTSTORE_KEY);
+ KeyStoreType trustStore = trustStoreParams.isEmpty()
+ ? null : buildKeyStore(trustStoreParams);
+
+ var trustAll = sslParams.get(TRUST_ALL_KEY) == null
+ ? null : Boolean.getBoolean(sslParams.get(TRUST_ALL_KEY));
+
+ var laxHostNameVerification = sslParams.get(LAX_HOSTNAME_VERIFICATION_KEY) == null
+ ? null : Boolean.getBoolean(sslParams.get(LAX_HOSTNAME_VERIFICATION_KEY));
+
+ return SSLTypeBuilder()
+ .withKeyStore(keyStore)
+ .withTrustStore(trustStore)
+ .withTrustAll(trustAll)
+ .withLaxHostNameVerification(laxHostNameVerification)
+ .build();
+
+ }
+
+ private KeyStoreType buildKeyStore(Map<String, String> params) {
+
+ return keyStoreTypeBuilder()
+ .withFileName(params.get(FILENAME_KEY))
+ .withFileType(params.get(FILETYPE_KEY))
+ .withPassword(params.get(PASSWORD_KEY))
.build();
}
@@ -47,32 +122,65 @@ public class ConfigUtil {
var builder = configTypeBuilder(fallback);
- if(primary.getServer() != null) {
- builder.withServer(merge(primary.getServer(), fallback.getServer()));
+ if (primary.isPerformQueryPersonRequest() != null) {
+ builder.withPerformQueryPersonRequest(primary.isPerformQueryPersonRequest());
}
- if(primary.isPerformQueryPersonRequest() != null) {
- builder.withPerformQueryPersonRequest(primary.isPerformQueryPersonRequest());
+ if (primary.getMSGClient() != null) {
+ builder.withMSGClient(merge(primary.getMSGClient(), fallback.getMSGClient()));
+ }
+
+ if (primary.getTNVZClient() != null) {
+ builder.withMSGClient(merge(primary.getTNVZClient(), fallback.getTNVZClient()));
}
return builder.build();
+ }
+
+ private ClientType merge(ClientType primary, ClientType fallback) {
+ var builder = clientTypeBuilder(fallback);
+
+ if (primary.getURL() != null) {
+ builder.withURL(primary.getURL());
+ }
+
+ if (primary.getSSL() != null) {
+ builder.withSSL(merge(primary.getSSL(), fallback.getSSL()));
+ }
+ return builder.build();
}
- private ServerType merge(ServerType primary, ServerType fallback) {
+ private SSLType merge(SSLType primary, SSLType fallback) {
+ var builder = SSLTypeBuilder(fallback);
- if (fallback == null) {
- return primary;
+ if (primary.getKeyStore() != null) {
+ builder.withKeyStore(merge(primary.getKeyStore(), fallback.getKeyStore()));
}
- var builder = serverTypeBuilder(fallback);
+ if (primary.getTrustStore() != null) {
+ builder.withKeyStore(merge(primary.getTrustStore(), fallback.getTrustStore()));
+ }
- if (primary.getX509() != null) builder.withX509 (primary.getX509() );
- if (primary.getZUSEUrlID() != null) builder.withZUSEUrlID(primary.getZUSEUrlID());
+ if (primary.isLaxHostNameVerification() != null) {
+ builder.withLaxHostNameVerification(primary.isLaxHostNameVerification());
+ }
+ if (primary.isTrustAll() != null) {
+ builder.withLaxHostNameVerification(primary.isTrustAll());
+ }
return builder.build();
}
+ private KeyStoreType merge(KeyStoreType primary, KeyStoreType fallback) {
+
+ if (primary.getFileName() != null && primary.getFileType() != null && primary.getPassword() != null)
+ return primary;
+
+ return fallback;
+
+ }
+
/**
* Check if all mandatory fields are set.
*
@@ -80,11 +188,42 @@ public class ConfigUtil {
* @return true if all mandatory fields are set
*/
public boolean isComplete(@Nullable ConfigType profile) {
- //TODO: add check fo x509 certificate
return profile != null
&& profile.isPerformQueryPersonRequest() != null
- && profile.getServer() != null
- && profile.getServer().getZUSEUrlID() != null;
+ && isTVNZClientConfigured(profile.getTNVZClient(), profile.isPerformQueryPersonRequest())
+ && isMSGClientConfigured(profile.getMSGClient());
+ }
+
+ private boolean isTVNZClientConfigured(ClientType tnvzClient, Boolean isPerformQueryPersonRequest) {
+ return (tnvzClient != null
+ && tnvzClient.getURL() != null
+ && isSSLConfigured(tnvzClient))
+ || isPerformQueryPersonRequest == false;
}
+ private boolean isMSGClientConfigured(ClientType msgClient) {
+ return msgClient != null
+ && msgClient.getURL() != null
+ && isSSLConfigured(msgClient);
+ }
+
+ private boolean isSSLConfigured(ClientType params) {
+ return (params.getURL().startsWith("https")
+ && params.getSSL() != null
+ && params.getSSL().isTrustAll() != null
+ && params.getSSL().isLaxHostNameVerification() != null
+ && isKeyStoreConfigured(params.getSSL().getKeyStore())
+ && isKeyStoreConfigured(params.getSSL().getTrustStore()))
+ || !params.getURL().startsWith("https");
+ }
+
+ private boolean isKeyStoreConfigured(KeyStoreType keyStore) {
+ return (keyStore != null
+ && keyStore.getPassword() != null
+ && keyStore.getFileType() != null
+ && keyStore.getFileName() != null)
+ || keyStore == null;
+ }
+
+
}
diff --git a/src/main/java/at/gv/egiz/moazs/preprocess/DeliveryRequestAugmenter.java b/src/main/java/at/gv/egiz/moazs/preprocess/DeliveryRequestAugmenter.java
index 057c3d4..d3891e4 100644
--- a/src/main/java/at/gv/egiz/moazs/preprocess/DeliveryRequestAugmenter.java
+++ b/src/main/java/at/gv/egiz/moazs/preprocess/DeliveryRequestAugmenter.java
@@ -37,8 +37,8 @@ public class DeliveryRequestAugmenter {
public DeliveryRequestType augment(DeliveryRequestType request) {
var requestConfig = request.getConfig();
- var profileId = determineProfileIdFrom(requestConfig);
- var fallbackConfig = configs.get(profileId);
+ var fallbackProfileId = determineProfileIdFrom(requestConfig);
+ var fallbackConfig = configs.get(fallbackProfileId);
if (fallbackConfig == null) {
@@ -58,7 +58,7 @@ public class DeliveryRequestAugmenter {
.withConfig(mergedConfig)
.build();
} else {
- throw moaZSException(INCOMPLETE_MERGED_CONFIG_ERROR_MESSAGE, profileId);
+ throw moaZSException(INCOMPLETE_MERGED_CONFIG_ERROR_MESSAGE, fallbackProfileId);
}
}
}