aboutsummaryrefslogtreecommitdiff
path: root/src/main/java/at/gv/egiz/moazs/config
AgeCommit message (Collapse)AuthorFilesLines
2020-03-03Update Copyright to 2020Christof Rabensteiner6-6/+6
2019-10-04Add @author Tag Where It Was MissingChristof Rabensteiner6-1/+24
2019-10-04Add Licenses, NOTICE, and License HeaderChristof Rabensteiner6-0/+126
2019-08-28Fixes and RefactoringChristof Rabensteiner1-1/+1
- JAXB Hack: Handle InterruptionException properly (as in [1], "Dont swallow Interrupts") - Mzs2MsgConverter: Rename convert(Person) to convertReceiverPerson(Person) to emphasize that this method can only be used to convert Receiver Persons (Reminder: Receiver Persons are PhysicalPersons / CorporateBodies. SenderPersons can also be Authorities) - Mzs2MsgConverter: Remove assertion because not needed anymore. - Refactor: Move mzs:DeliveryRequest validation out ouf augmenter and into service. - Refactor: Create a single entry point for validating a mzs:DeliveryRequest. - Remove unused imports. - Fix log messages. [1] https://www.ibm.com/developerworks/java/library/j-jtp05236/index.html?ca=drs-#2.1
2019-08-28Ensure that Each Step of Each Backend Process is LoggedChristof Rabensteiner1-3/+3
2019-08-23Fix Binary-Status-Missing BugChristof Rabensteiner1-0/+1
...by ensuring that the interceptor also stores messages with the element "msg:DeliveryResponse" to the repository.
2019-08-23Moved Config Files From main/resources/ To test/resources/configChristof Rabensteiner1-7/+9
- Reason: Integration tests need configuration, but config files should not be packaged into the final artifact. - Update paths.
2019-07-22Test Flow of DeliveryRequest from "End-To-End" & Fix BugsChristof Rabensteiner1-3/+4
Schema Changes: - Remove mzs:DeliveryRequest/TnvzMetaData because all metadata fields can be collected from DeliveryRequest and redundancy is not needed. Fixes and Refactoring in preprocess: - MzsDeliveryRequestValidator: Instead of returning false, throw an exception when a condition is not met, and explain which condition is not met / why it is not met in the exception's message. - Integrate interface change in ConfigProfileGenerator and DeliveryRequestAugmenter. - Rewrite and simplify DeliveryRequestAugmenter's augmentation. - ConfigUtil Fixes: Ensure that we do not override the wrong parameters while merging. This error appeared in tnvz / msg client, connection / receive timeout, key / trust store, and lax hostname verification / trust all. Fix Bugs in Interceptor / SoapUtils: - Problem: DOM access and information extraction was implemented somewhat sloppy. - SolutioN: Change DOM access interface to access DOM more efficiently. Add boundary checks and handle edge cases while extracting information from SOAP Messages. - Test those changes properly. Testing: - Implement Delivery Request Flow in ITEndToEndTest. - Start application on random port instead of fixed port when running integration tests. - Add assertions to tests in ITMzsServiceTest suite. Others Bug Fixes: - ServicesConfig: Ensure that mzs service and msg service run on different endpoint addresses (/msg and /mzs). - DeliveryRequestBackend: Throw exception when binary message is missing. Don't wrap the exception. - SaveResponseToFileSink: Wrap Response in JAXB Element (otherwise, marshaller does not recognize it)
2019-07-09Refactor Needles Interfaces and Rename "process" to "backend"Christof Rabensteiner3-12/+10
Reason: - Interfaces with a single method can be replaced with interfaces from java.util.function. - Less interfaces = less code = less maintenance! - Spring can inject beans by name so we name dependencies correctly to prevent ambiguity. Others: - Rename process to backend since backend gives a better description of its components.
2019-07-09Minor Fixes And RefactoringChristof Rabensteiner1-1/+0
- Fix typo in SafeResponseToFileSink. - MoaZSException: Simplify constructor by replacing lots of arguments with the builder instance. - Fix minor codesmells (unused imports, superfluous braces).
2019-07-09Refactor: Merge BinaryRepository into DeliveryRepositoryChristof Rabensteiner1-8/+2
- Reason: Components, which rely on one of those, usually also rely on the other, so merging them reduces amount of dependencies. - Frame operations in DeliveryRepository API as "store" and "retrieve" operations. - Rename: Convert *Id in local variable names to upper case.
2019-07-09Refactor MsgResponse and its IDsChristof Rabensteiner1-3/+5
StoreSOAPBodyBinaryInRepositoryInterceptor: - Replace "generate body's id via concatenation" with "give the right generator function the app delivery id and let the generator function do the work". Reason: Prevent the logistics of deriving IDs to spill into unrelated components. MsgResponse refactor: - Make MsgResponse an abstract class. - Derive ResponseID's ONLY in MsgResponse::createResponseID. Others: - Ensure that all invocations to DeliveryRepository.getResponse and BinaryRepository.get use "responseID" instead of ambiguous "id" or incorrect "appDeliveryID". - Move SingleThreadedDeliveryPipeline into process package.
2019-07-08Implement Zuse2App ServicesChristof Rabensteiner4-31/+79
- Add zuse2app.wsdl contract. - Add MsgResponse as an type-agnostic view for DeliveryRequestStatus and DeliveryNotification messages. Reason: Both DeliveryNotification and DeliveryRequestStatus messages have similar fields and need to be treated similarly (e.g.: receive from msg service, store to repository, verify signature, store to file...). In order to prevent duplicated code, the wrapper interface provides a type-agnostic view onto these messages for depending components to operate on. - Add MsgResponseHandler interface; decides how to process MsgResponse. Also implement this handler with a multi-threaded single-node implementation. - Add MsgResponseSink interface; decides how to archive MsgResponse. - Implement and test SafeResponseToFileSink. Change Identifier for MsgResponses: - Before, DeliveryRequestStatus and DeliveryNotifications had their own repositories. Now, both types are stored in the same repository (the MsgResponse repository) to streamline the handling of MsgResponses. We need to change the identification of MsgReponses, otherwise the identifiers (AppDeliveryID) clash. - MsgResponses are not identified by: <AppDeliveryId>+<typeSpecificSuffix> - Rewrite StoreSOAPInterceptor to accommodate fact that, both DeliveryRequestStatus and DeliveryNotification messages have different IDs upon storage / retrieval. Restructure packages and components as follows: - client: All components that are involved when consuming a web service. - process: "fabric" of MoaZS; contains business logic that orchestrates back-end tasks of MoaZS's operational services, e.g.: by processing a delivery request. - service: Implementation of MoaZS's front-end services. Refactoring: - MoaZSException: Remove unused fields. Before: Store mzsrequest, tnvzresult, msgrequest and msgresult as members. Now: Only keep the fields that are needed later, e.g for generating a msg:DeliveryRequestStatus element. Add copy constructor to Builder. - Put storage of byte[] into a dedicated "BinaryRepository". Reason: This was useful in a former design. Now it's not really needed anymore. - Put "create Endpoint" code into EndpointFactory. Reason: Eliminate duplicated code when configuring a service. Testing: - Activate Stacktraces in surefire.
2019-07-03Refactor: Restructure ProjectChristof Rabensteiner2-3/+3
- Move components that depend on the service contracts into scheme package. - Move cxf related components into util package. - Rename SameThread to SingleThreaded.
2019-07-02Handle tnvz Query Edge Cases by Improving ValidationChristof Rabensteiner1-0/+3
TnvzHelper Fixes - Handle additional edge cases. - Mzs:Schema Change: Eliminate PreAdviceNote redundancy by removing it from mzs:DeliveryRequest/TnvzMetaData; PreadviceNote is already in the Receiver element. Update TnvzHelper accordingly. - Implement and integrate tnvz completeness check into DeliveryRequestAugmenter to ensure that, after augmentation, tnvz can be performed. Refactor mzs:DeliveryRequest Validation: - Before: Validating, merging and generatig ConfigType in ConfigUtil. - Change: Need to add validation of DeliveryRequest (Reason: For performing Tnvz Requests, the DeliveryRequest needs to be in a consistent state). - Problem: DeliveryRequest validation does not fit into ConfigUtil. - Solution: Put validation of DeliveryRequest and Config into new Component "MzsValidation".
2019-06-28Separate Test Suite into Unit- And Integration TestsChristof Rabensteiner1-5/+0
Per default, integration tests are excluded from build. They can be included with the `-P integration-test` argument. - Pom: Add maven profile for integration tests. - Rename integration tests (add `IT` prefix). - Move Resources into IT* folders. - Add MsgClientTest to test suite and add assertions to each test case.
2019-06-28Refactor: Deduplicate Code by Simplifying MarshallerConfigChristof Rabensteiner1-45/+2
- Move JaxbM initialization into Marshaller such that it can be used in tests without Spring's Application Context. - Remove SpringRunner from Mzs2MsgConverter Test, which makes the test run faster.
2019-06-26Protect MsgClient via SSL (ink Client Authentication)Christof Rabensteiner1-11/+8
- Add Component to create SSLContexts with own Key- and trust store. - Inject SSLContext into HTTP Client. - Add EAAF-Components Core Dependency, which is needed by SSLContextCreator (KeyStoreUtils). Schema Changes in mzs:DeliveryRequest/Config: - Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1, Server replaces the result of zkopf query person request. Since this zkopf interface does not exist anymore, Server was removed. - Add ClientType, which holds all parameters needed to connect to a service (Url, SSL params, a.o.). Configuration: - Add default parameters for SSL Clients in application.yaml. - Merge default parameters into incoming mzs:DeliveryRequests. MoaZSException Fixes: - Remove "Extends throwable" from Builder. - Add convenient shorthand init method (message, throwable). Refactor: - Put "determinePath" to FileUtils. - Put string related utility functions into StringUtils.
2019-06-19Finalize moa-sig-lib's Integration and Add TestcaseChristof Rabensteiner1-3/+4
- Interpret `ISignatureVerificationService` response properly (by following security layer spec [1] and moaspss handbook [2]). - Add config flag `moa.spss.is-manifest-check-active` - Change SignatureVerifier Interface: Remove @return boolean, just throw an exception when a validation error occurs. Reason: In case the signature cannot be validated, the application always needs the reason for the validation error, which requires the verifier to throw an exception. In turn, the only valid return value for `verify()` becomes `true`, which can be omitted at that point. - Add testcase for verifying a valid enveloped xml signature - Remove Certificates that are not needed. [1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html [2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html
2019-06-13Refactor: Create and Reuse Info Message TemplateChristof Rabensteiner1-4/+5
2019-06-13Refactor: Move Signature Verification in Dedicated PackageChristof Rabensteiner1-2/+2
2019-06-13Fix moa-sig-lib's Integration IssuesChristof Rabensteiner1-3/+75
Fixing "ASN.1 creation error: iaik.asn1.CodingException: Length: Too large ASN.1 object: 109" - Set fallback value ('jks') for system property 'javax.net.ssl.keyStoreType' and 'javax.net.ssl.trustStoreType'. If system property is not defined, MoaSigConfig falls back to value from spring environment. Reason: Without this property explicitly set to JKS, the inclusion of eaaf-components-moa-sig-lib breaks the HTTP client builder and the ASN.1 creation error arises. See [1] for explanation. - Why fall back: Allows a user to configure these parameters via command line, but gives meaningful defaults in case of absent command line properties. Furthermore, these parameters can be configured via application.yaml or .properties. Others: - Set fallback value for system property 'moa.spss.server.configuration'. If system property is not defined, fall back to value from spring environment. Reason: Allows a user to configure these parameters via command line while providing meaningful defaults in case of absent command line properties. - Add switch 'moa.spss.is-active' to enable / disable signature verification. - Change log levels of at.gv.* and iaik.* packages to INFO - Add default certstore (copied from EAAF Components). - Add mzs root certificate to cert- and truststore. - Update readme's installation requirements and guide. Refactor: - Extract public interface of SignatureVerification class. - Rename trustprofile folder. [1] Why eaaf-components-moa-sig-lib breaks HTTP client: - Including eaaf-components-moa-sig-lib includes IAIK's jca/jce and xsect, which in turn injects the iaik provider for cryptographic operations and its own key store (iaik.pkcs.pkcs12.PKCS12KeyStore). - The Apache HTTP client builder will ask for a java.base/javax.net.ssl.SSLSocketFactory because it creates an SSL context, even if the connection runs without SSL. - Somewhere down the stack, this will trigger the TrustStoreManager to hand over the systems default trust store (a JKS file) to IAIK's PKCS12KeyStore. This happens if the type properties of the trust stores are not set. - Oracle relaxed a precondition of this trust store (somewhere in between Java 8 and 11) in the TrustStoreManager: Formerly, the trust store was a JKS object. Now, the trust store can be both a JKS and a PKCS12 object. The TrustStoreManager expects the key store to handle both types, and Oracle's keystore does. However, IAIK's key store cannot handle a JKS object, but since eaaf-components-moa-sig-lib was included, the IAIK key store comes first. - PKCS12KeyStore expects a PKCS12 file but receives a JKS file -> Parser Error.
2019-05-29Integrate MoaSig Verification into SignatureVerifierChristof Rabensteiner1-0/+29
- Verify signature via ISignatureVerificationService. - Override System Property moa.spss.server.configuration via spring's environment (Reason: can configure path to moa SPSS config file via application.yaml & moa SPSS needs this parameter to find the config file) - Setup test configuration directory for moaspss in src/main/resources/moa-spss - Readme: Explain how to install moaspss' dependencies into local repository.
2019-05-16Refactor: Merge Converter, Validator, and Merger into UtilChristof Rabensteiner1-6/+2
- Reason: All three classes opertate with the same data type, have the same clients, and have the same reasons for change. - Makes code in client more readable as it reduces number of dependencies.
2019-05-16Refactor and Test ConfigProfileGeneratorChristof Rabensteiner2-33/+43
Refactor - Add Builder to ConfigProfileGenerator. Reason: Constructor had too many arguments. - Move Conversion from Map to Config from ConfigProfileGenerator into dedicated 'ConvertMapToConfig' Class; Reason: I expect additional configuration properties and I don't want those changes to affect the ConfigProfileGenerator (or it's test cases) - Move Access to Spring's env into facade to simplify ConfigProfileGenerator.
2019-05-15Move Services / Clients To Dedicated PackagesChristof Rabensteiner1-4/+4
2019-05-15Handle Config Related Edge Cases in Augmenter & ProfileGeneratorChristof Rabensteiner1-1/+14
ConfigProfileGenerator: - Cancel startup if default Config profile is incomplete. - Add property flag 'verify-completeness-of-default-delivery-request-configuration', which allows admin to disable completeness check. In that case, just log a warning if the default profile is incomplete. Augmenter: - Ensure that after merging the config is complete (or throw an exception otherwise). - Refactor: Move ConfigProfileValidator from ConfigProfileGenerator to dedicated "ConfigProfileValidator" class; Reason: Augmenter needs to check completness of at-runtime-compiled configuration. - Refactor: Rewrote code for better readability. Others - NPE Fix in ConfigProfileMerger: If FallbackConfigProfile/Server is empty, use PrimaryProfile/Server.
2019-05-15WIP: Generate Map of Config Profiles from Spring EnvironmentChristof Rabensteiner1-18/+7
Augmenter - Replace default Config Profile with map of Config Profiles. Now, Augmenter can choose a config profile at runtime and augment it. - Move Augmenter to sub package. WIP - Implement ConfigProfileGenerator, which retrieves Config profiles from Spring Environment and returns an easy-to-use map with profiles that is keyed with profile id's. - Replace application.properties with application.yaml. - Remove Augmenter test cases: They need to be adapted.
2019-05-14Implement Per-Field-Overriding of Configuration in AugmenterChristof Rabensteiner1-0/+31
- Rewrite DeliveryRequestAugmenter to allow per-field-overriding of configuration parameters and add test suite. - Mzs schema change: Move DeliveryRequest/Server into DeliveryRequest/Config; Reason: DeliveryRequest/Config contains all parameters exclusively needed by moazs to execute the delivery request. The msg's server url belongs to this set of parameters. - WIP: Add prototype implementation of MsgClient and move MsgClient to dedicated package. - Refactor: move TnvzClient to dedicated package.
2019-05-13Refactor RedisConfig: Use Diamond OperatorChristof Rabensteiner1-4/+1
2019-05-13Refactor: Remove Unused MembersChristof Rabensteiner1-12/+2
2019-05-10Refactor: Eliminate Non-Compliant HashMap InitializationChristof Rabensteiner1-8/+8
2019-05-10Fix Hardcoded WSDL locationsChristof Rabensteiner1-2/+7
2019-05-09Fix: Enable ApacheCXF's Automated Schema ValidationChristof Rabensteiner1-0/+7
Problem: Apache CXF does not validate incoming mzs:DeliveryRequests automatically. Per default, validation is off (performs better). However, (1) we need to validate incoming requests, and (2) automated CXF validation requires less maintenance and is expected to be more stable than manual validation. Solution: - Add @SchemaValidation annotation to @Service. - Endpoint Configuration: set WsdlLocation and ServiceName (needed to prevent parser errors; see [1]). Without those, CXF validates against generated classes and not against the WSDL spec, and generated classes do not contain format restrictions. Add a testcase with an invalid delivery request ("rejectBothProfile- AndCorporateBody") to ensure that the validator works. [1] https://stackoverflow.com/questions/2231779/cxf-and-validation-schema-restrictions-ignored
2019-05-08Refactor: Consolidate Schema-Related ComponentsChristof Rabensteiner1-3/+2
2019-05-08Fix Namespace Prefixes in Marshaled Messages (msg: instead of ns#:)Christof Rabensteiner1-5/+47
- Implement own NamespacePrefixMapper that maps prefixes depending on whether a msg or a mzs object is being marshaled. - Namespaces are not hardcoded but extracted from jaxb's generated sources (somewhat indirect, can be considered a hack, but there's no public API to extract namespaces)
2019-05-06Change Package Namespaces of JAXB Generated SourcesChristof Rabensteiner1-6/+4
- Reason: Improves readability and makes import statetemens shorter and more consistent
2019-04-30Add Optional mzs:DeliveryRequest/Config & Validate / Augment ItChristof Rabensteiner1-6/+0
Add Optional "Config" to MZS Schema: - Add mzs:DeliveryRequest/Config Element with a "PerformQueryPersonRequest" node - The config element contains parameters that are interpreted by moa-zs and not forwarded to the ZD - The boolean PerformQueryPersonRequest tells moa-zs if moa-zs should perform a QueryPersonRequest towards the TNVZ. - If config is missing, moa-zs augments the delivery request with parameters from the app's configuartion or the default configuartion Other Changes: - Validate and augment incoming requests with the DeliveryPreprocessor. - Add stub for TlnvzClient. - Remove some leftover ObjectFactory imports (because of the builder they are not needed anymore) Fixes - Fixed incorrect API usage of Messageformat.format: format string needs an index. pom.xml - Add Hamcrest Dependency (for writing more expressive tests) - Add copy constructor to JAXB Builder Testing - Test validation of incoming request - Refactor testcases to improve readability
2019-04-17Refactor: Move Configs to config PackageChristof Rabensteiner3-0/+107