aboutsummaryrefslogtreecommitdiff
path: root/src/main/resources
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-26 08:47:58 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-26 08:47:58 +0200
commite2e77ed55687cb92c6f5a273995daf64dedef848 (patch)
treec5955745715a513d2875fcd348a5d50d964c9b72 /src/main/resources
parent97aadc426ca2f61dccd58a05f37d065b2752ef6d (diff)
downloadmoa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.gz
moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.bz2
moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.zip
Protect MsgClient via SSL (ink Client Authentication)
- Add Component to create SSLContexts with own Key- and trust store. - Inject SSLContext into HTTP Client. - Add EAAF-Components Core Dependency, which is needed by SSLContextCreator (KeyStoreUtils). Schema Changes in mzs:DeliveryRequest/Config: - Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1, Server replaces the result of zkopf query person request. Since this zkopf interface does not exist anymore, Server was removed. - Add ClientType, which holds all parameters needed to connect to a service (Url, SSL params, a.o.). Configuration: - Add default parameters for SSL Clients in application.yaml. - Merge default parameters into incoming mzs:DeliveryRequests. MoaZSException Fixes: - Remove "Extends throwable" from Builder. - Add convenient shorthand init method (message, throwable). Refactor: - Put "determinePath" to FileUtils. - Put string related utility functions into StringUtils.
Diffstat (limited to 'src/main/resources')
-rw-r--r--src/main/resources/application.yaml29
-rw-r--r--src/main/resources/mzs/app2mzs.xsd34
2 files changed, 41 insertions, 22 deletions
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index 9ce1158..a0040ca 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -13,32 +13,34 @@ spring:
# Order: DeliveryRequest/Config > [chosen-profile] > default
delivery-request-configuration-profiles:
default:
+
+ perform-query-person-request: false
+
## All parameters for MSG client.
- msg:
+ msg-client:
- ## How to reach
url: http://localhost:8081/services/DeliveryRequest
+
ssl:
+ ## Boolean; if true, app will trust all server certificates;
+ ## if false, server certificate needs to be in truststore.
+ trust-all: false
+
+ ## Boolean; if true, app ignores mismatches between server's host name and
+ ## Certificate's common name / alternative subject name.
+ lax-hostname-verification: false
+
## Parameters for ssl client auth
keystore:
## Absolute path to file
- filename:
+ filename: ssl/client.jks
## Password to unlock key store.
password: 1233
## JKS or PKCS12
type: JKS
- ## Boolean; if true, app will trust all server certificates;
- ## if false, server certificate needs to be in truststore.
- trustall: false
- ## Boolean; if true, app ignores mismatches between server's host name and
- ## Certificate's common name / alternative subject name.
- laxhostnameverification: false
-
-
- perform-query-person-request: false
app-profile-1:
msg:
@@ -49,9 +51,6 @@ delivery-request-configuration-profiles:
msg:
url: https://msg-url2.com
-key-store-profiles:
- msg-key-store:
-
## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration
## profile and continues startup. See 'delivery-request-configuration-profiles'.
## Default value: true
diff --git a/src/main/resources/mzs/app2mzs.xsd b/src/main/resources/mzs/app2mzs.xsd
index 05a9ea4..956cd31 100644
--- a/src/main/resources/mzs/app2mzs.xsd
+++ b/src/main/resources/mzs/app2mzs.xsd
@@ -81,19 +81,39 @@
<xs:complexType name="ConfigType">
<xs:sequence>
<xs:element name="ProfileID" type="xs:token" minOccurs="0"></xs:element>
- <xs:element ref="Server" minOccurs="0"></xs:element>
<xs:element name="PerformQueryPersonRequest" type="xs:boolean" minOccurs="0" />
+ <xs:element ref="MSGClient" minOccurs="0" />
+ <xs:element ref="TNVZClient" minOccurs="0" />
</xs:sequence>
</xs:complexType>
- <xs:element name="Server" type="ServerType" />
- <xs:complexType name="ServerType">
+ <xs:element name="MSGClient" type="ClientType" />
+ <xs:element name="TNVZClient" type="ClientType" />
+ <xs:complexType name="ClientType">
<xs:sequence>
- <xs:element name="ZUSEUrlID" type="xs:anyURI" minOccurs="0"/>
- <xs:element name="X509" type="xs:base64Binary" minOccurs="0"/>
+ <xs:element name="URL" type="xs:anyURI" />
+ <xs:element ref="SSL" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="SSL" type="SSLType" />
+ <xs:complexType name="SSLType">
+ <xs:sequence>
+ <xs:element name="TrustAll" minOccurs="0" type="xs:boolean" />
+ <xs:element name="LaxHostNameVerification" minOccurs="0" type="xs:boolean" />
+ <xs:element ref="KeyStore" minOccurs="0" />
+ <xs:element ref="TrustStore" minOccurs="0"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:element name="TrustStore" type="KeyStoreType" />
+ <xs:element name="KeyStore" type="KeyStoreType" />
+ <xs:complexType name="KeyStoreType">
+ <xs:sequence>
+ <xs:element name="FileName" type="xs:string" minOccurs="0"/>
+ <xs:element name="Password" type="xs:string" minOccurs="0"/>
+ <xs:element name="FileType" type="xs:string" minOccurs="0"/>
</xs:sequence>
</xs:complexType>
<xs:element name="DeliveryResponse" type="DeliveryResponseType"/>
- <xs:complexType name="DeliveryResponseType">
+ <xs:complexType name="DeliveryResponseType">
<xs:choice>
<xs:element ref="PartialSuccess"/>
<xs:element ref="Success"/>
@@ -179,7 +199,7 @@
<xs:element ref="msg:DeliverySystem"/>
<xs:element ref="msg:ZSDeliveryID" />
<xs:element ref="msg:GZ" minOccurs="0"/>
- <xs:element name="SignedDeliveryRequestStatus" type="xs:base64Binary" minOccurs="0"/>
+ <xs:element name="SignedDeliveryRequestStatus" type="xs:base64Binary" minOccurs="0"/>
</xs:sequence>
</xs:complexType>