aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-28 08:00:42 +0200
committerChristof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>2019-06-28 08:00:42 +0200
commit52306ddf6e786bd1ceaba09cbe37b42778b715fe (patch)
treed14f4528214ceaa5d6920be907b07d500ed08086 /src
parenta9a9e1cb62123475edd733a53ecc00611c2aa764 (diff)
downloadmoa-zs-52306ddf6e786bd1ceaba09cbe37b42778b715fe.tar.gz
moa-zs-52306ddf6e786bd1ceaba09cbe37b42778b715fe.tar.bz2
moa-zs-52306ddf6e786bd1ceaba09cbe37b42778b715fe.zip
Simplified Config Validation
- Also: Ensure that truststore is of type JKS because PKCS12 is not supported.
Diffstat (limited to 'src')
-rw-r--r--src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java30
-rw-r--r--src/test/java/at/gv/egiz/moazs/MsgClientTest.java31
2 files changed, 30 insertions, 31 deletions
diff --git a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
index 14fb377..6c9d264 100644
--- a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
+++ b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
@@ -229,13 +229,11 @@ public class ConfigUtil {
}
private boolean isTVNZClientConfigured(ClientType tnvzClient, Boolean isPerformQueryPersonRequest) {
- return (isPerformQueryPersonRequest
- && tnvzClient != null
- && tnvzClient.getURL() != null
- && tnvzClient.getReceiveTimeout() != null
- && tnvzClient.getConnectionTimeout() != null
- && isSSLConfigured(tnvzClient))
- || !isPerformQueryPersonRequest;
+ return !isPerformQueryPersonRequest || (tnvzClient != null
+ && tnvzClient.getURL() != null
+ && tnvzClient.getReceiveTimeout() != null
+ && tnvzClient.getConnectionTimeout() != null
+ && isSSLConfigured(tnvzClient));
}
private boolean isMSGClientConfigured(ClientType msgClientParams) {
@@ -247,21 +245,23 @@ public class ConfigUtil {
}
private boolean isSSLConfigured(ClientType clientParams) {
- return (clientParams.getURL().startsWith("https")
- && clientParams.getSSL() != null
+ return !clientParams.getURL().startsWith("https") || (clientParams.getSSL() != null
&& clientParams.getSSL().isTrustAll() != null
&& clientParams.getSSL().isLaxHostNameVerification() != null
&& isKeyStoreConfigured(clientParams.getSSL().getKeyStore())
- && isKeyStoreConfigured(clientParams.getSSL().getTrustStore()))
- || !clientParams.getURL().startsWith("https");
+ && isTrustStoreConfigured(clientParams.getSSL().getTrustStore()));
}
private boolean isKeyStoreConfigured(KeyStoreType keyStore) {
- return (keyStore != null
- && keyStore.getPassword() != null
+ return keyStore == null || (keyStore.getPassword() != null
&& keyStore.getFileType() != null
- && keyStore.getFileName() != null)
- || keyStore == null;
+ && keyStore.getFileName() != null);
+ }
+
+ private boolean isTrustStoreConfigured(KeyStoreType trustStore) {
+ return trustStore == null || (trustStore.getPassword() != null
+ && "JKS".equals(trustStore.getFileType())
+ && trustStore.getFileName() != null);
}
diff --git a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
index bd68d9d..485d01c 100644
--- a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
+++ b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
@@ -7,12 +7,9 @@ import at.gv.zustellung.app2mzs.xsd.ClientType;
import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
import at.gv.zustellung.msg.xsd.DeliveryRequestType;
import at.gv.zustellung.msg.xsd.ObjectFactory;
-import org.junit.runner.RunWith;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.context.junit4.SpringRunner;
import javax.xml.bind.JAXBElement;
import java.io.BufferedInputStream;
@@ -91,12 +88,12 @@ public class MsgClientTest {
// - server uses the server certificate in ssl/server/server.localhost.*.pem
// - server sends certificate chain ssl/server/ca-chain.cert.pem
//@Test
- public void sendOverSSLWithTrustAll() throws IOException {
+ public void sendOverSSLWithClientAuthTrustAll() throws IOException {
var request = loadFromFile("validDeliveryRequest.xml");
- var sslServiceUri = "https://localhost/zusemsg/services/DeliveryRequest";
+ var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest";
- var clientParams = generateSSLClientParams(sslServiceUri, true, false);
+ var clientParams = generateSSLClientParams(httpsServiceURL, true, false);
var client = factory.create(clientParams);
var status = client.delivery(request);
@@ -109,12 +106,12 @@ public class MsgClientTest {
// - server uses the server certificate in ssl/server/server.localhost.*.pem
// - server sends certificate chain ssl/server/ca-chain.cert.pem
//@Test
- public void sendOverSSLWithLaxHostnameVerification() throws IOException {
+ public void sendOverSSLWithClientAuthLaxHostnameVerification() throws IOException {
var request = loadFromFile("validDeliveryRequest.xml");
- var sslServiceUri = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+ var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";
- var clientParams = generateSSLClientParams(sslServiceUri, false, true);
+ var clientParams = generateSSLClientParams(httpsServiceURL, false, true);
var client = factory.create(clientParams);
var status = client.delivery(request);
@@ -130,16 +127,20 @@ public class MsgClientTest {
public void rejectBecauseHostNameVerificationFails() throws IOException {
var request = loadFromFile("validDeliveryRequest.xml");
- var sslServiceUri = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+ var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";
- var clientParams = generateSSLClientParams(sslServiceUri, false, false);
+ var clientParams = generateSSLClientParams(httpsServiceURL, false, false);
var client = factory.create(clientParams);
var status = client.delivery(request);
log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
}
- private ClientType generateSSLClientParams(String sslServiceUri, boolean trustAll, boolean laxHostNameVerification) {
+ private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification) {
+ return generateSSLClientParams(httpsServiceURL, trustAll, laxHostNameVerification, generateTrustLocalhostStore());
+ }
+
+ private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification, KeyStoreType truststore) {
var keystore = keyStoreTypeBuilder()
.withFileName("ssl/client.cert.key.p12")
@@ -147,17 +148,15 @@ public class MsgClientTest {
.withPassword("123456")
.build();
- var truststore = trustAll ? null : generateTrustLocalhostStore();
-
var sslParams = SSLTypeBuilder()
.withLaxHostNameVerification(laxHostNameVerification)
.withTrustAll(trustAll)
.withKeyStore(keystore)
- .withTrustStore(truststore)
+ .withTrustStore(trustAll ? null : truststore)
.build();
return clientTypeBuilder()
- .withURL(sslServiceUri)
+ .withURL(httpsServiceURL)
.withSSL(sslParams)
.withReceiveTimeout(BigInteger.ZERO)
.withConnectionTimeout(BigInteger.ZERO)