diff options
author | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-27 13:11:53 +0200 |
---|---|---|
committer | Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at> | 2019-06-27 13:11:53 +0200 |
commit | a8e726382b0472ad030d7a579fe8d6878a216bd4 (patch) | |
tree | ceeb6bb09073da926c95230cb80a8ff156ea1481 /src/main | |
parent | e2e77ed55687cb92c6f5a273995daf64dedef848 (diff) | |
download | moa-zs-a8e726382b0472ad030d7a579fe8d6878a216bd4.tar.gz moa-zs-a8e726382b0472ad030d7a579fe8d6878a216bd4.tar.bz2 moa-zs-a8e726382b0472ad030d7a579fe8d6878a216bd4.zip |
Fixes; SSL Client Auth Works!
- Switch to java 12 for now. Reason: Bug [1] in JDK 11 (up to
jdk-11+28) impairs SSLHandshake ("Unsupported Operation Exception"),
but was fixed in Java 12.
- Set HTTP policy to infinite.
- Fix key/truststore path resolution
- Fix NPE in ConfigUtil.merge
- Rearrange application.yaml to include two config profiles (one with
and one without SSL for the msg client).
- Add key material for testcases (Note: expires: May 2 14:47:08 2020 GMT)
- Update MsgClient Testcases
[1] https://bugs.openjdk.java.net/browse/JDK-8214098
Diffstat (limited to 'src/main')
-rw-r--r-- | src/main/java/at/gv/egiz/moazs/msg/MsgClient.java | 4 | ||||
-rw-r--r-- | src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java | 19 | ||||
-rw-r--r-- | src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java | 10 | ||||
-rw-r--r-- | src/main/resources/application.yaml | 38 | ||||
-rw-r--r-- | src/main/resources/ssl/client.cert.key.p12 | bin | 0 -> 6221 bytes | |||
-rw-r--r-- | src/main/resources/ssl/truststore.jks | bin | 0 -> 1648 bytes | |||
-rw-r--r-- | src/main/resources/ssl/truststore.p12 | bin | 0 -> 1776 bytes |
7 files changed, 35 insertions, 36 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java index 84a7801..d834eff 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java +++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java @@ -31,8 +31,8 @@ public class MsgClient { private final String address; //TODO: make configurable - private final int connectionTimeout = 60; - private final int receiveTimeout = 60; + private final int connectionTimeout = 0; + private final int receiveTimeout = 0; @Nullable private final SSLContext sslContext; diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java index d4cc9f1..071a243 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java +++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java @@ -4,6 +4,9 @@ import at.gv.egiz.moazs.util.FileUtils; import at.gv.egiz.moazs.util.SSLContextCreator; import at.gv.zustellung.app2mzs.xsd.ClientType; import at.gv.zustellung.app2mzs.xsd.KeyStoreType; +import com.sun.istack.Nullable; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -14,6 +17,8 @@ import static at.gv.zustellung.app2mzs.xsd.KeyStoreType.keyStoreTypeBuilder; @Component public class MsgClientFactory { + private static final Logger log = LoggerFactory.getLogger(MsgClientFactory.class); + private final StoreSOAPBodyBinaryInRepositoryInterceptor storeResponseInterceptor; private final SSLContextCreator sslContextCreator; private final FileUtils fileUtils; @@ -47,10 +52,16 @@ public class MsgClientFactory { return new MsgClient(storeResponseInterceptor, params.getURL(), sslContext); } - private KeyStoreType resolveKeyStorePath(KeyStoreType store) { - return store == null ? null - : keyStoreTypeBuilder(store) - .withFileName(fileUtils.determinePath(store.getFileName())) + private KeyStoreType resolveKeyStorePath(@Nullable KeyStoreType store) { + + if (store == null) return null; + + var resolvedURI = "file:" + fileUtils.determinePath(store.getFileName()); + + log.trace("Resolved key store path from {} to {}.", store.getFileName(), resolvedURI); + + return keyStoreTypeBuilder(store) + .withFileName(resolvedURI) .build(); } diff --git a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java index 1befd1d..aa86873 100644 --- a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java +++ b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java @@ -138,6 +138,11 @@ public class ConfigUtil { } private ClientType merge(ClientType primary, ClientType fallback) { + + if (fallback == null) { + return primary; + } + var builder = clientTypeBuilder(fallback); if (primary.getURL() != null) { @@ -152,6 +157,11 @@ public class ConfigUtil { } private SSLType merge(SSLType primary, SSLType fallback) { + + if (fallback == null) { + return primary; + } + var builder = SSLTypeBuilder(fallback); if (primary.getKeyStore() != null) { diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index a0040ca..2d376a8 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -13,56 +13,34 @@ spring: # Order: DeliveryRequest/Config > [chosen-profile] > default delivery-request-configuration-profiles: default: - perform-query-person-request: false + msg-client.url: http://localhost:8081/services/DeliveryRequest - ## All parameters for MSG client. + ssl-profile: + perform-query-person-request: false msg-client: - - url: http://localhost:8081/services/DeliveryRequest - + url: https://localhost/zusemsg/services/DeliveryRequest ssl: - ## Boolean; if true, app will trust all server certificates; ## if false, server certificate needs to be in truststore. trust-all: false - ## Boolean; if true, app ignores mismatches between server's host name and ## Certificate's common name / alternative subject name. lax-hostname-verification: false - ## Parameters for ssl client auth keystore: - ## Absolute path to file - filename: ssl/client.jks + ## Path to file + filename: ssl/client.cert.key.p12 ## Password to unlock key store. - password: 1233 + password: 123456 ## JKS or PKCS12 - type: JKS - - - - app-profile-1: - msg: - url: https://msg-url1.com - perform-query-person-request: true - - app-profile-2: - msg: - url: https://msg-url2.com + type: PKCS12 ## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration ## profile and continues startup. See 'delivery-request-configuration-profiles'. ## Default value: true # verify-completeness-of-default-delivery-request-configuration: false -## todo: fix this -# ssl.keystore.file=../keys/www.egiz.gv.at.p12 -# egovutil.mis.ssl.keystore.password=OSgmSn! -# egovutil.mis.ssl.keystore.type=PKCS12 -# egovutil.mis.ssl.trustall=true -# egovutil.mis.ssl.laxhostnameverification=false - ### logging logging: level: diff --git a/src/main/resources/ssl/client.cert.key.p12 b/src/main/resources/ssl/client.cert.key.p12 Binary files differnew file mode 100644 index 0000000..f3becbf --- /dev/null +++ b/src/main/resources/ssl/client.cert.key.p12 diff --git a/src/main/resources/ssl/truststore.jks b/src/main/resources/ssl/truststore.jks Binary files differnew file mode 100644 index 0000000..3f90814 --- /dev/null +++ b/src/main/resources/ssl/truststore.jks diff --git a/src/main/resources/ssl/truststore.p12 b/src/main/resources/ssl/truststore.p12 Binary files differnew file mode 100644 index 0000000..67eb611 --- /dev/null +++ b/src/main/resources/ssl/truststore.p12 |