Age | Commit message (Collapse) | Author | Files | Lines |
|
- Merge TnvzClient and TnvzResultVerifier to TnvzHelper; TnvzHelper
now builds the QueryPersonRequest, sends it to the tnvz port and
evaluates the result.
- Publish some interfaces in Mzs2MsgConverter because they are needed
by TnvzHelper.
- Generalize MsgClientFactory to ClientFactory such that it can be
used to generate arbitrary SOAP clients (e.g. also for tnvz!).
Schema Changes to accomodate Tnvz's QueryPersonRequest:
- Add optional tnvz:AustrianAddressesOnly and optional TnvzMetaData to
mzs:mzs:DeliveryRequest.
Removed Unit Tests:
- Remove subset of SameThreadDeliveryPipeline testcases (mimetype
related) because its logic moved to TnvzHelper.
|
|
- EgovUtils were needed because of DomUtils. Replace it with eaaf
components' DomUtils.
- Add test case to ensure SoapUtils still works as intended. - Remove
unused import statement
|
|
- Print a big scary warning message for everyone who enables "trustAll"
- Test TrustAll and LaxHostNameVerification
- Describe test case requirements and add key material needed to run
these test cases.
|
|
|
|
- Refactor: Get rid of MsgClient, because MsgClientFactory can do all the work.
- Add Connection Timeout and Request Timeout (Policies of HTTP Client)
to mzs:DeliveryRequest/Config and application.yaml.
- Update readme: Add JDK 12 Requirement
|
|
- Switch to java 12 for now. Reason: Bug [1] in JDK 11 (up to
jdk-11+28) impairs SSLHandshake ("Unsupported Operation Exception"),
but was fixed in Java 12.
- Set HTTP policy to infinite.
- Fix key/truststore path resolution
- Fix NPE in ConfigUtil.merge
- Rearrange application.yaml to include two config profiles (one with
and one without SSL for the msg client).
- Add key material for testcases (Note: expires: May 2 14:47:08 2020 GMT)
- Update MsgClient Testcases
[1] https://bugs.openjdk.java.net/browse/JDK-8214098
|
|
- Add Component to create SSLContexts with own Key- and trust store.
- Inject SSLContext into HTTP Client.
- Add EAAF-Components Core Dependency, which is needed by
SSLContextCreator (KeyStoreUtils).
Schema Changes in mzs:DeliveryRequest/Config:
- Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1,
Server replaces the result of zkopf query person request. Since this
zkopf interface does not exist anymore, Server was removed.
- Add ClientType, which holds all parameters needed to connect to a
service (Url, SSL params, a.o.).
Configuration:
- Add default parameters for SSL Clients in application.yaml.
- Merge default parameters into incoming mzs:DeliveryRequests.
MoaZSException Fixes:
- Remove "Extends throwable" from Builder.
- Add convenient shorthand init method (message, throwable).
Refactor:
- Put "determinePath" to FileUtils.
- Put string related utility functions into StringUtils.
|
|
|
|
|
|
Fixing "ASN.1 creation error: iaik.asn1.CodingException: Length: Too
large ASN.1 object: 109"
- Set fallback value ('jks') for system property
'javax.net.ssl.keyStoreType' and 'javax.net.ssl.trustStoreType'. If
system property is not defined, MoaSigConfig falls back to value
from spring environment. Reason: Without this property explicitly
set to JKS, the inclusion of eaaf-components-moa-sig-lib breaks the
HTTP client builder and the ASN.1 creation error arises. See [1] for
explanation.
- Why fall back: Allows a user to configure these parameters via
command line, but gives meaningful defaults in case of absent
command line properties. Furthermore, these parameters can be configured via
application.yaml or .properties.
Others:
- Set fallback value for system property
'moa.spss.server.configuration'. If system property is not defined,
fall back to value from spring environment. Reason: Allows a user to
configure these parameters via command line while providing
meaningful defaults in case of absent command line properties.
- Add switch 'moa.spss.is-active' to enable / disable signature verification.
- Change log levels of at.gv.* and iaik.* packages to INFO
- Add default certstore (copied from EAAF Components).
- Add mzs root certificate to cert- and truststore.
- Update readme's installation requirements and guide.
Refactor:
- Extract public interface of SignatureVerification class.
- Rename trustprofile folder.
[1] Why eaaf-components-moa-sig-lib breaks HTTP client:
- Including eaaf-components-moa-sig-lib includes IAIK's jca/jce and
xsect, which in turn injects the iaik provider for cryptographic
operations and its own key store (iaik.pkcs.pkcs12.PKCS12KeyStore).
- The Apache HTTP client builder will ask for a
java.base/javax.net.ssl.SSLSocketFactory because it creates an SSL
context, even if the connection runs without SSL.
- Somewhere down the stack, this will trigger the TrustStoreManager to
hand over the systems default trust store (a JKS file) to IAIK's
PKCS12KeyStore. This happens if the type properties of the trust
stores are not set.
- Oracle relaxed a precondition of this trust store (somewhere in
between Java 8 and 11) in the TrustStoreManager: Formerly, the trust
store was a JKS object. Now, the trust store can be both a JKS and a
PKCS12 object. The TrustStoreManager expects the key store to handle
both types, and Oracle's keystore does. However, IAIK's key store
cannot handle a JKS object, but since eaaf-components-moa-sig-lib
was included, the IAIK key store comes first.
- PKCS12KeyStore expects a PKCS12 file but receives a JKS file ->
Parser Error.
|
|
- Verify signature via ISignatureVerificationService.
- Override System Property moa.spss.server.configuration via spring's
environment (Reason: can configure path to moa SPSS config file via
application.yaml & moa SPSS needs this parameter to find the config
file)
- Setup test configuration directory for moaspss in
src/main/resources/moa-spss
- Readme: Explain how to install moaspss' dependencies into local
repository.
|
|
|
|
- Ensure proper communication of errors between pipeline and mzs
service by converting MoaZSExceptions into DeliveryRequestStatus
messages.
- Revise MoaZSException: Add optional fields; those fields are a)
helpful to construct meaningful error messages and b) optional
because, depending on where an exception appears, either existent or
non-existent and thus optional. Add inner-class Builder.
- Integrate Signature Verification into pipeline and add Stub for
SignatureVerification.
- Move TNVZResponse's Mimetype check into dedicated class (Reason:
separate abstration layers).
- Update api changes in testcases.
|
|
- Add egovutils dependency (Reason: Need DomUtils to serialize /
unserialize Soap Message via DOMParser)
- Add Incerceptor to MsgClient / -Factory that stores the message
content byte-by-byte in the DeliveryRepository. The format is
required for successfully validating a DeliveryRequestStatus.
- Add SoapUtils, which interacts with byte[] Soap message.
- Add CXFMessageUtils, which interacts with CXF Messages from
interceptor chains.
- Refactor xsd namespaces: Move them out from the PrefixMapper and
into a dedicated class.
|
|
- Refactor MsgClient: Not a Singleton anymore. Use MsgClientFactory to
make a client. Make request and config private fields.
- Add configuration parameters to application.yaml.
- Init SSL client auth testcase, but dont include in testsuite because
it aint working yet.
|
|
|
|
- Rewrite DeliveryRequestAugmenter to allow per-field-overriding of
configuration parameters and add test suite.
- Mzs schema change: Move DeliveryRequest/Server into
DeliveryRequest/Config; Reason: DeliveryRequest/Config contains all
parameters exclusively needed by moazs to execute the delivery
request. The msg's server url belongs to this set of parameters.
- WIP: Add prototype implementation of MsgClient and move MsgClient to
dedicated package.
- Refactor: move TnvzClient to dedicated package.
|