Age | Commit message (Collapse) | Author | Files | Lines |
|
Fixing "ASN.1 creation error: iaik.asn1.CodingException: Length: Too
large ASN.1 object: 109"
- Set fallback value ('jks') for system property
'javax.net.ssl.keyStoreType' and 'javax.net.ssl.trustStoreType'. If
system property is not defined, MoaSigConfig falls back to value
from spring environment. Reason: Without this property explicitly
set to JKS, the inclusion of eaaf-components-moa-sig-lib breaks the
HTTP client builder and the ASN.1 creation error arises. See [1] for
explanation.
- Why fall back: Allows a user to configure these parameters via
command line, but gives meaningful defaults in case of absent
command line properties. Furthermore, these parameters can be configured via
application.yaml or .properties.
Others:
- Set fallback value for system property
'moa.spss.server.configuration'. If system property is not defined,
fall back to value from spring environment. Reason: Allows a user to
configure these parameters via command line while providing
meaningful defaults in case of absent command line properties.
- Add switch 'moa.spss.is-active' to enable / disable signature verification.
- Change log levels of at.gv.* and iaik.* packages to INFO
- Add default certstore (copied from EAAF Components).
- Add mzs root certificate to cert- and truststore.
- Update readme's installation requirements and guide.
Refactor:
- Extract public interface of SignatureVerification class.
- Rename trustprofile folder.
[1] Why eaaf-components-moa-sig-lib breaks HTTP client:
- Including eaaf-components-moa-sig-lib includes IAIK's jca/jce and
xsect, which in turn injects the iaik provider for cryptographic
operations and its own key store (iaik.pkcs.pkcs12.PKCS12KeyStore).
- The Apache HTTP client builder will ask for a
java.base/javax.net.ssl.SSLSocketFactory because it creates an SSL
context, even if the connection runs without SSL.
- Somewhere down the stack, this will trigger the TrustStoreManager to
hand over the systems default trust store (a JKS file) to IAIK's
PKCS12KeyStore. This happens if the type properties of the trust
stores are not set.
- Oracle relaxed a precondition of this trust store (somewhere in
between Java 8 and 11) in the TrustStoreManager: Formerly, the trust
store was a JKS object. Now, the trust store can be both a JKS and a
PKCS12 object. The TrustStoreManager expects the key store to handle
both types, and Oracle's keystore does. However, IAIK's key store
cannot handle a JKS object, but since eaaf-components-moa-sig-lib
was included, the IAIK key store comes first.
- PKCS12KeyStore expects a PKCS12 file but receives a JKS file ->
Parser Error.
|
|
- Verify signature via ISignatureVerificationService.
- Override System Property moa.spss.server.configuration via spring's
environment (Reason: can configure path to moa SPSS config file via
application.yaml & moa SPSS needs this parameter to find the config
file)
- Setup test configuration directory for moaspss in
src/main/resources/moa-spss
- Readme: Explain how to install moaspss' dependencies into local
repository.
|
|
- Reduce logger output of all contexts to ERROR and WARN Statements;
Moazs can log to INFO. Reason: Including moa-sig causes lots of
DEBUG / TRACE logging .
- Add Repository that points to file://${basedir}/repository.
- Add guide how to compile project (I dont check moa-sig depenendcies
into repository but explain how to retrieve dependencies manually in
readme.md.)
|
|
- Ensure proper communication of errors between pipeline and mzs
service by converting MoaZSExceptions into DeliveryRequestStatus
messages.
- Revise MoaZSException: Add optional fields; those fields are a)
helpful to construct meaningful error messages and b) optional
because, depending on where an exception appears, either existent or
non-existent and thus optional. Add inner-class Builder.
- Integrate Signature Verification into pipeline and add Stub for
SignatureVerification.
- Move TNVZResponse's Mimetype check into dedicated class (Reason:
separate abstration layers).
- Update api changes in testcases.
|
|
- Add egovutils dependency (Reason: Need DomUtils to serialize /
unserialize Soap Message via DOMParser)
- Add Incerceptor to MsgClient / -Factory that stores the message
content byte-by-byte in the DeliveryRepository. The format is
required for successfully validating a DeliveryRequestStatus.
- Add SoapUtils, which interacts with byte[] Soap message.
- Add CXFMessageUtils, which interacts with CXF Messages from
interceptor chains.
- Refactor xsd namespaces: Move them out from the PrefixMapper and
into a dedicated class.
|
|
- Remove unused imports, commented code and copy-pasted code
|
|
- Refactor MsgClient: Not a Singleton anymore. Use MsgClientFactory to
make a client. Make request and config private fields.
- Add configuration parameters to application.yaml.
- Init SSL client auth testcase, but dont include in testsuite because
it aint working yet.
|
|
|
|
|
|
|
|
|
|
|
|
- Reason: Redefining mzs packages is not neccessary for zusemsg
related jaxb classes because zusemsg does not rely on mzs.
|
|
- Reason: Improves readability and makes import statetemens shorter
and more consistent
|
|
- App2MZS Server: Instead of generating a DeliveryRequestStatus/Error
Message, we throw an exception. This will generate a SoapFault
(including a 500 http status code), which is more appropriate.
- Fix possible NPE of deliveryRequest.getMetadata().getAppDeliveryID()
by moving appDeliveryID initialization into the TimeOutException catch block
- pom.xml: Remove hamcrest dependency, as not needed for now.
|
|
Add Optional "Config" to MZS Schema:
- Add mzs:DeliveryRequest/Config Element with a
"PerformQueryPersonRequest" node
- The config element contains parameters that are interpreted by
moa-zs and not forwarded to the ZD
- The boolean PerformQueryPersonRequest tells moa-zs if moa-zs should
perform a QueryPersonRequest towards the TNVZ.
- If config is missing, moa-zs augments the delivery request with
parameters from the app's configuartion or the default configuartion
Other Changes:
- Validate and augment incoming requests with the
DeliveryPreprocessor.
- Add stub for TlnvzClient.
- Remove some leftover ObjectFactory imports (because of the builder
they are not needed anymore)
Fixes
- Fixed incorrect API usage of Messageformat.format: format string
needs an index.
pom.xml
- Add Hamcrest Dependency (for writing more expressive tests)
- Add copy constructor to JAXB Builder
Testing
- Test validation of incoming request
- Refactor testcases to improve readability
|
|
- Use Immutable-XJC from https://github.com/sabomichal/immutable-xjc
- Update existing JAXB-object manipulations to use the Builder
- Remove jaxbMarshallerTest (as it relies on mutable JAXB interfaces)
Reason for making JAXB objects immutable: I put JAXB objects in the
repository. Depending on the configuration, the repository can be a
simple hashmap; in that case I might end up sharing JAXB objects
between threads. Immutable shared object should make life a little
simpler.
|
|
|
|
- Deployer can choose which implementation to use (by activating
- corresponding profile)
- Add guava dependency
- Extract DeliveryRequestRepository to Interface
- Implement InMemory Repository using guava's cache
|
|
- Connect to Redis server and implement RedisRepository
- Add redis dependencies (spring-boot-starter, jedis, apache commons
io). Latter dependencies are apparently needed and not included in
the sprint-boot-starter; See
https://github.com/spring-projects/spring-boot/issues/5718 and
https://www.concretepage.com/questions/599
- Connect DeliveryRequestHandler to RedisRepository
- Rewrote Marshalling: replace JaxbContext with spring-oxm
JaxbMarshaller
- Catch and log all exceptions in App2MZSService; Former: certain
exceptions would go unnoticed, e.g. ConnectionRefused
|
|
|
|
|
|
- Switch to mzs1.5.3-rc1 and rename to mzs 2.0.0
- remove app2mzs scheme sources from other versions
|
|
- Can generate java sources with wsdl2java (mvn generate-sources)
- Add multiple versions of app2mzs because I don't know which one is
right.
- Fix zuseutil's wsdl (import statement)
- Remove header in 1.5.3-rc1's wsdl
|