diff options
| author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-26 08:47:58 +0200 |
|---|---|---|
| committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-26 08:47:58 +0200 |
| commit | e2e77ed55687cb92c6f5a273995daf64dedef848 (patch) | |
| tree | c5955745715a513d2875fcd348a5d50d964c9b72 /src/main/resources | |
| parent | 97aadc426ca2f61dccd58a05f37d065b2752ef6d (diff) | |
| download | moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.gz moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.tar.bz2 moa-zs-e2e77ed55687cb92c6f5a273995daf64dedef848.zip | |
Protect MsgClient via SSL (ink Client Authentication)
- Add Component to create SSLContexts with own Key- and trust store.
- Inject SSLContext into HTTP Client.
- Add EAAF-Components Core Dependency, which is needed by
SSLContextCreator (KeyStoreUtils).
Schema Changes in mzs:DeliveryRequest/Config:
- Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1,
Server replaces the result of zkopf query person request. Since this
zkopf interface does not exist anymore, Server was removed.
- Add ClientType, which holds all parameters needed to connect to a
service (Url, SSL params, a.o.).
Configuration:
- Add default parameters for SSL Clients in application.yaml.
- Merge default parameters into incoming mzs:DeliveryRequests.
MoaZSException Fixes:
- Remove "Extends throwable" from Builder.
- Add convenient shorthand init method (message, throwable).
Refactor:
- Put "determinePath" to FileUtils.
- Put string related utility functions into StringUtils.
Diffstat (limited to 'src/main/resources')
| -rw-r--r-- | src/main/resources/application.yaml | 29 | ||||
| -rw-r--r-- | src/main/resources/mzs/app2mzs.xsd | 34 |
2 files changed, 41 insertions, 22 deletions
diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 9ce1158..a0040ca 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -13,32 +13,34 @@ spring: # Order: DeliveryRequest/Config > [chosen-profile] > default delivery-request-configuration-profiles: default: + + perform-query-person-request: false + ## All parameters for MSG client. - msg: + msg-client: - ## How to reach url: http://localhost:8081/services/DeliveryRequest + ssl: + ## Boolean; if true, app will trust all server certificates; + ## if false, server certificate needs to be in truststore. + trust-all: false + + ## Boolean; if true, app ignores mismatches between server's host name and + ## Certificate's common name / alternative subject name. + lax-hostname-verification: false + ## Parameters for ssl client auth keystore: ## Absolute path to file - filename: + filename: ssl/client.jks ## Password to unlock key store. password: 1233 ## JKS or PKCS12 type: JKS - ## Boolean; if true, app will trust all server certificates; - ## if false, server certificate needs to be in truststore. - trustall: false - ## Boolean; if true, app ignores mismatches between server's host name and - ## Certificate's common name / alternative subject name. - laxhostnameverification: false - - - perform-query-person-request: false app-profile-1: msg: @@ -49,9 +51,6 @@ delivery-request-configuration-profiles: msg: url: https://msg-url2.com -key-store-profiles: - msg-key-store: - ## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration ## profile and continues startup. See 'delivery-request-configuration-profiles'. ## Default value: true diff --git a/src/main/resources/mzs/app2mzs.xsd b/src/main/resources/mzs/app2mzs.xsd index 05a9ea4..956cd31 100644 --- a/src/main/resources/mzs/app2mzs.xsd +++ b/src/main/resources/mzs/app2mzs.xsd @@ -81,19 +81,39 @@ <xs:complexType name="ConfigType"> <xs:sequence> <xs:element name="ProfileID" type="xs:token" minOccurs="0"></xs:element> - <xs:element ref="Server" minOccurs="0"></xs:element> <xs:element name="PerformQueryPersonRequest" type="xs:boolean" minOccurs="0" /> + <xs:element ref="MSGClient" minOccurs="0" /> + <xs:element ref="TNVZClient" minOccurs="0" /> </xs:sequence> </xs:complexType> - <xs:element name="Server" type="ServerType" /> - <xs:complexType name="ServerType"> + <xs:element name="MSGClient" type="ClientType" /> + <xs:element name="TNVZClient" type="ClientType" /> + <xs:complexType name="ClientType"> <xs:sequence> - <xs:element name="ZUSEUrlID" type="xs:anyURI" minOccurs="0"/> - <xs:element name="X509" type="xs:base64Binary" minOccurs="0"/> + <xs:element name="URL" type="xs:anyURI" /> + <xs:element ref="SSL" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:element name="SSL" type="SSLType" /> + <xs:complexType name="SSLType"> + <xs:sequence> + <xs:element name="TrustAll" minOccurs="0" type="xs:boolean" /> + <xs:element name="LaxHostNameVerification" minOccurs="0" type="xs:boolean" /> + <xs:element ref="KeyStore" minOccurs="0" /> + <xs:element ref="TrustStore" minOccurs="0"/> + </xs:sequence> + </xs:complexType> + <xs:element name="TrustStore" type="KeyStoreType" /> + <xs:element name="KeyStore" type="KeyStoreType" /> + <xs:complexType name="KeyStoreType"> + <xs:sequence> + <xs:element name="FileName" type="xs:string" minOccurs="0"/> + <xs:element name="Password" type="xs:string" minOccurs="0"/> + <xs:element name="FileType" type="xs:string" minOccurs="0"/> </xs:sequence> </xs:complexType> <xs:element name="DeliveryResponse" type="DeliveryResponseType"/> - <xs:complexType name="DeliveryResponseType"> + <xs:complexType name="DeliveryResponseType"> <xs:choice> <xs:element ref="PartialSuccess"/> <xs:element ref="Success"/> @@ -179,7 +199,7 @@ <xs:element ref="msg:DeliverySystem"/> <xs:element ref="msg:ZSDeliveryID" /> <xs:element ref="msg:GZ" minOccurs="0"/> - <xs:element name="SignedDeliveryRequestStatus" type="xs:base64Binary" minOccurs="0"/> + <xs:element name="SignedDeliveryRequestStatus" type="xs:base64Binary" minOccurs="0"/> </xs:sequence> </xs:complexType> |