Age | Commit message (Collapse) | Author | Files | Lines |
|
Reason: MoaZSException (and: its builder) were used to collect
intermediary results while stepping through the delivery request
backend. These results were needed to generate meaningful responses
towards the sender application in case of error. However, the builder
sprawled over too many interfaces (e.g. DeliveryRequestBackend and
TNVZHelper) and it became difficult to understand from where
intermediary results originated.
Solution: Put MoaZSException on diet:
- Remove all DeliveryAnswer fields from MoaZSException and refactor
code base to ensure that the removed fields get sourced by other
means.
- Remove Builder since amount of parameters is manageable.
Refactor DeliveryRequestBackend:
- Instead of passing down the builder and using MoaZSException as the
only source for intermediary results, we collect available results
at the outermost stack frame (DeliveryRequestBackend.accept) and
only retrieve results via exception if those results appear
somewhere down the stack frame (E.g. PredviceNoteSent). We collect
available results with the "fallbackAnswerBuilder" and switch to the
msg client response, once received.
Refactor MsgResponseBackend:
- Handle cases (response missing, binary response missing) properly.
- Integrate changes from MsgResponse.generateError()
Refactor TVNZHelper:
- Remove MoaZSExceptionBuilder from all interfaces.
Refactor MsgResponse.generateError:
- Change interface such that it's more intuitive.
- Implement NotificationResponse.generateError.
- Implement RequestStatusResponse.generateError.
Others:
- Replace all invocations against MoaZSException.Builder.
|
|
- Fix in ConfigUtil: SaveResponseToFile boolean would override
LogResponse configuration (Copy Paste Error).
|
|
- MZS Schema Change: Add "MsgResponseSinks" element to
mzs:DeliveryRequest/Config that allows sender to configure how
MsgResponses should be archived.
- ConfigUtil: Interpret MsgResponseSink parameters from Spring
Environment and merge with ConfigType.
- MsgResponseBackend: Send responses to sinks according to
MsgResponseSinks in Config
- application.yaml: Add MsgResponseSinks parameter to configuration.
- Uncouple Sink implementations from java.util.function.Function,
because the sink interfaces are going to differ and there is no need
to unite them under one interface.
- Add and test LogResponseSink, which logs responses to it's logger.
- MsgResponse: Add JAXB getter for response. Reason: Can be passed to
marshaller.
|
|
|
|
Reason:
- Interfaces with a single method can be replaced with
interfaces from java.util.function.
- Less interfaces = less code = less maintenance!
- Spring can inject beans by name so we name dependencies correctly
to prevent ambiguity.
Others:
- Rename process to backend since backend gives a better description
of its components.
|
|
- Fix typo in SafeResponseToFileSink.
- MoaZSException: Simplify constructor by replacing lots of arguments
with the builder instance.
- Fix minor codesmells (unused imports, superfluous braces).
|
|
- Reason: Components, which rely on one of those, usually also rely on
the other, so merging them reduces amount of dependencies.
- Frame operations in DeliveryRepository API as "store" and "retrieve"
operations.
- Rename: Convert *Id in local variable names to upper case.
|
|
StoreSOAPBodyBinaryInRepositoryInterceptor:
- Replace "generate body's id via concatenation" with "give the right
generator function the app delivery id and let the generator
function do the work". Reason: Prevent the logistics of deriving IDs
to spill into unrelated components.
MsgResponse refactor:
- Make MsgResponse an abstract class.
- Derive ResponseID's ONLY in MsgResponse::createResponseID.
Others:
- Ensure that all invocations to DeliveryRepository.getResponse and
BinaryRepository.get use "responseID" instead of ambiguous "id" or
incorrect "appDeliveryID".
- Move SingleThreadedDeliveryPipeline into process package.
|
|
- Add zuse2app.wsdl contract.
- Add MsgResponse as an type-agnostic view for DeliveryRequestStatus
and DeliveryNotification messages. Reason: Both DeliveryNotification
and DeliveryRequestStatus messages have similar fields and need to
be treated similarly (e.g.: receive from msg service, store to
repository, verify signature, store to file...). In order to prevent
duplicated code, the wrapper interface provides a type-agnostic view
onto these messages for depending components to operate on.
- Add MsgResponseHandler interface; decides how to process
MsgResponse. Also implement this handler with a multi-threaded
single-node implementation.
- Add MsgResponseSink interface; decides how to archive MsgResponse.
- Implement and test SafeResponseToFileSink.
Change Identifier for MsgResponses:
- Before, DeliveryRequestStatus and DeliveryNotifications had their
own repositories. Now, both types are stored in the same repository
(the MsgResponse repository) to streamline the handling of
MsgResponses. We need to change the identification of MsgReponses,
otherwise the identifiers (AppDeliveryID) clash.
- MsgResponses are not identified by:
<AppDeliveryId>+<typeSpecificSuffix>
- Rewrite StoreSOAPInterceptor to accommodate fact that, both
DeliveryRequestStatus and DeliveryNotification messages have
different IDs upon storage / retrieval.
Restructure packages and components as follows:
- client: All components that are involved when consuming a web service.
- process: "fabric" of MoaZS; contains business logic that
orchestrates back-end tasks of MoaZS's operational services, e.g.:
by processing a delivery request.
- service: Implementation of MoaZS's front-end services.
Refactoring:
- MoaZSException: Remove unused fields. Before: Store mzsrequest,
tnvzresult, msgrequest and msgresult as members. Now: Only keep the
fields that are needed later, e.g for generating a
msg:DeliveryRequestStatus element. Add copy constructor to Builder.
- Put storage of byte[] into a dedicated "BinaryRepository". Reason:
This was useful in a former design. Now it's not really needed
anymore.
- Put "create Endpoint" code into EndpointFactory. Reason: Eliminate
duplicated code when configuring a service.
Testing:
- Activate Stacktraces in surefire.
|
|
- Move components that depend on the service contracts into scheme
package.
- Move cxf related components into util package.
- Rename SameThread to SingleThreaded.
|
|
- TnvzHelper: Handle edge case where
Mzs/DeliveryRequest/Sender/CorporateBody is missing (Reason: This
field is in a <choice> with msg:SenderProfile, so if CorporateBody
is missing the request still passes the schema validation). Handle
case by rejecting missing CorporateBody and TnvzQuery activated.
- Add test cases for TnvzHelper.
|
|
TnvzHelper Fixes
- Handle additional edge cases.
- Mzs:Schema Change: Eliminate PreAdviceNote redundancy by removing it
from mzs:DeliveryRequest/TnvzMetaData; PreadviceNote is already in
the Receiver element. Update TnvzHelper accordingly.
- Implement and integrate tnvz completeness check into
DeliveryRequestAugmenter to ensure that, after augmentation, tnvz
can be performed.
Refactor mzs:DeliveryRequest Validation:
- Before: Validating, merging and generatig ConfigType in ConfigUtil.
- Change: Need to add validation of DeliveryRequest (Reason: For
performing Tnvz Requests, the DeliveryRequest needs to be in a
consistent state).
- Problem: DeliveryRequest validation does not fit into ConfigUtil.
- Solution: Put validation of DeliveryRequest and Config into new
Component "MzsValidation".
|
|
- Merge TnvzClient and TnvzResultVerifier to TnvzHelper; TnvzHelper
now builds the QueryPersonRequest, sends it to the tnvz port and
evaluates the result.
- Publish some interfaces in Mzs2MsgConverter because they are needed
by TnvzHelper.
- Generalize MsgClientFactory to ClientFactory such that it can be
used to generate arbitrary SOAP clients (e.g. also for tnvz!).
Schema Changes to accomodate Tnvz's QueryPersonRequest:
- Add optional tnvz:AustrianAddressesOnly and optional TnvzMetaData to
mzs:mzs:DeliveryRequest.
Removed Unit Tests:
- Remove subset of SameThreadDeliveryPipeline testcases (mimetype
related) because its logic moved to TnvzHelper.
|
|
- EgovUtils were needed because of DomUtils. Replace it with eaaf
components' DomUtils.
- Add test case to ensure SoapUtils still works as intended. - Remove
unused import statement
|
|
Per default, integration tests are excluded from build. They can be
included with the `-P integration-test` argument.
- Pom: Add maven profile for integration tests.
- Rename integration tests (add `IT` prefix).
- Move Resources into IT* folders.
- Add MsgClientTest to test suite and add assertions to each test case.
|
|
- Move JaxbM initialization into Marshaller such that it can be used
in tests without Spring's Application Context.
- Remove SpringRunner from Mzs2MsgConverter Test, which makes the test
run faster.
|
|
- Also: Ensure that truststore is of type JKS because PKCS12 is not
supported.
|
|
- Print a big scary warning message for everyone who enables "trustAll"
- Test TrustAll and LaxHostNameVerification
- Describe test case requirements and add key material needed to run
these test cases.
|
|
- Refactor: Get rid of MsgClient, because MsgClientFactory can do all the work.
- Add Connection Timeout and Request Timeout (Policies of HTTP Client)
to mzs:DeliveryRequest/Config and application.yaml.
- Update readme: Add JDK 12 Requirement
|
|
- Switch to java 12 for now. Reason: Bug [1] in JDK 11 (up to
jdk-11+28) impairs SSLHandshake ("Unsupported Operation Exception"),
but was fixed in Java 12.
- Set HTTP policy to infinite.
- Fix key/truststore path resolution
- Fix NPE in ConfigUtil.merge
- Rearrange application.yaml to include two config profiles (one with
and one without SSL for the msg client).
- Add key material for testcases (Note: expires: May 2 14:47:08 2020 GMT)
- Update MsgClient Testcases
[1] https://bugs.openjdk.java.net/browse/JDK-8214098
|
|
- Add Component to create SSLContexts with own Key- and trust store.
- Inject SSLContext into HTTP Client.
- Add EAAF-Components Core Dependency, which is needed by
SSLContextCreator (KeyStoreUtils).
Schema Changes in mzs:DeliveryRequest/Config:
- Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1,
Server replaces the result of zkopf query person request. Since this
zkopf interface does not exist anymore, Server was removed.
- Add ClientType, which holds all parameters needed to connect to a
service (Url, SSL params, a.o.).
Configuration:
- Add default parameters for SSL Clients in application.yaml.
- Merge default parameters into incoming mzs:DeliveryRequests.
MoaZSException Fixes:
- Remove "Extends throwable" from Builder.
- Add convenient shorthand init method (message, throwable).
Refactor:
- Put "determinePath" to FileUtils.
- Put string related utility functions into StringUtils.
|
|
|
|
- Interpret `ISignatureVerificationService` response properly (by
following security layer spec [1] and moaspss handbook [2]).
- Add config flag `moa.spss.is-manifest-check-active`
- Change SignatureVerifier Interface: Remove @return boolean, just
throw an exception when a validation error occurs. Reason: In case
the signature cannot be validated, the application always needs the
reason for the validation error, which requires the verifier to
throw an exception. In turn, the only valid return value for
`verify()` becomes `true`, which can be omitted at that point.
- Add testcase for verifying a valid enveloped xml signature
- Remove Certificates that are not needed.
[1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html
[2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html
|
|
|
|
Fixing "ASN.1 creation error: iaik.asn1.CodingException: Length: Too
large ASN.1 object: 109"
- Set fallback value ('jks') for system property
'javax.net.ssl.keyStoreType' and 'javax.net.ssl.trustStoreType'. If
system property is not defined, MoaSigConfig falls back to value
from spring environment. Reason: Without this property explicitly
set to JKS, the inclusion of eaaf-components-moa-sig-lib breaks the
HTTP client builder and the ASN.1 creation error arises. See [1] for
explanation.
- Why fall back: Allows a user to configure these parameters via
command line, but gives meaningful defaults in case of absent
command line properties. Furthermore, these parameters can be configured via
application.yaml or .properties.
Others:
- Set fallback value for system property
'moa.spss.server.configuration'. If system property is not defined,
fall back to value from spring environment. Reason: Allows a user to
configure these parameters via command line while providing
meaningful defaults in case of absent command line properties.
- Add switch 'moa.spss.is-active' to enable / disable signature verification.
- Change log levels of at.gv.* and iaik.* packages to INFO
- Add default certstore (copied from EAAF Components).
- Add mzs root certificate to cert- and truststore.
- Update readme's installation requirements and guide.
Refactor:
- Extract public interface of SignatureVerification class.
- Rename trustprofile folder.
[1] Why eaaf-components-moa-sig-lib breaks HTTP client:
- Including eaaf-components-moa-sig-lib includes IAIK's jca/jce and
xsect, which in turn injects the iaik provider for cryptographic
operations and its own key store (iaik.pkcs.pkcs12.PKCS12KeyStore).
- The Apache HTTP client builder will ask for a
java.base/javax.net.ssl.SSLSocketFactory because it creates an SSL
context, even if the connection runs without SSL.
- Somewhere down the stack, this will trigger the TrustStoreManager to
hand over the systems default trust store (a JKS file) to IAIK's
PKCS12KeyStore. This happens if the type properties of the trust
stores are not set.
- Oracle relaxed a precondition of this trust store (somewhere in
between Java 8 and 11) in the TrustStoreManager: Formerly, the trust
store was a JKS object. Now, the trust store can be both a JKS and a
PKCS12 object. The TrustStoreManager expects the key store to handle
both types, and Oracle's keystore does. However, IAIK's key store
cannot handle a JKS object, but since eaaf-components-moa-sig-lib
was included, the IAIK key store comes first.
- PKCS12KeyStore expects a PKCS12 file but receives a JKS file ->
Parser Error.
|
|
- Ensure proper communication of errors between pipeline and mzs
service by converting MoaZSExceptions into DeliveryRequestStatus
messages.
- Revise MoaZSException: Add optional fields; those fields are a)
helpful to construct meaningful error messages and b) optional
because, depending on where an exception appears, either existent or
non-existent and thus optional. Add inner-class Builder.
- Integrate Signature Verification into pipeline and add Stub for
SignatureVerification.
- Move TNVZResponse's Mimetype check into dedicated class (Reason:
separate abstration layers).
- Update api changes in testcases.
|
|
- Add egovutils dependency (Reason: Need DomUtils to serialize /
unserialize Soap Message via DOMParser)
- Add Incerceptor to MsgClient / -Factory that stores the message
content byte-by-byte in the DeliveryRepository. The format is
required for successfully validating a DeliveryRequestStatus.
- Add SoapUtils, which interacts with byte[] Soap message.
- Add CXFMessageUtils, which interacts with CXF Messages from
interceptor chains.
- Refactor xsd namespaces: Move them out from the PrefixMapper and
into a dedicated class.
|
|
- MZS cant reply with a msg:DeliveryRequestStatusType to a
mzs:DeliveryRequest. Reason: unmarshalling a
msg:DeliveryRequestStatusType with JAXB (after receiving the msg
reply) breaks the signature in msg:DeliveryRequestStatusType. Why?
Because JAXB marshalling tinkers with the namespaces and, as for the
current state of knowledge, we cannot configure the JAXB marshaller
to reconstruct a XML Document byte-by-byte such that a signature
that went through this process can be verified successfully (see [1]).
- For this reason, we revert back to mzs:DeliveryResponse and add new
fields / remove obsolete fields / capture all changes between zusemsg
1.5.3 and zusemsg 2.0.0.
- The easier solution would be to wrap and transmit signed data +
signature in a binary (base64) container, such that apache cxf and
other web service frameworks won't unmarshall them. This doesnt work
because zusemsg 2.0.0 is final.
app2mzs.xsd Changes in Detail :
- Add DeliverySystem, ZSDeliveryID and GZ to MessageType (MessageType
is the base type of DeliveryResponse.Success, -PartialSuccess, and
-Error); Reason: It was added to zusemsg 2.0.0.
- Add SignedDeliveryRequestStatus to MessageType. Reason: If msg
returns signed reply, this element contains the reply as byte[] such
that the signature does not break.
- Add optional PreadvicenoteSend to ErrorType (because it was added in
zusemsg 2.0.0)
- Remove MZSDeliveryID from every instance because this ID does not
exist anymore (moa zs does not maintain requests in a database).
- Remove DocumentReference from ErrorType as it was removed from
zusemsg 2.0.0.
- Remove DeliveryConfirmation as node in DeliveryNotificiationType
because it does not exist anymore in zusemsg 2.0.0;
DeliveryConfirmation is also obsolete because all msg' replies are
signed and need to be transferred to the sender application as a
byte[], which is done by SignedDeliveryRequestStatus node in
MessageType.
- Remove DeliveryStatement as node in DeliveryNotificiationType
because it does not exist anymore in zusemsg 2.0.0.
Other Changes
- Adapt codebase: MzsService returns mzs:DeliveryResponse.
- Implement conversion from msg:DeliveryRequestStatus to
mzs:DeliveryResponse.
- Add store / retrieve interface to DeliveryRepository that stores
signed delivery request statuses as byte[].
Temporary Changes
- Disable integration tests which have external dependencies.
[1] https://download.oracle.com/javaee-archive/jaxb.java.net/users/2007/03/6674.html
Signed-off-by: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
|
|
- Refactor MsgClient: Not a Singleton anymore. Use MsgClientFactory to
make a client. Make request and config private fields.
- Add configuration parameters to application.yaml.
- Init SSL client auth testcase, but dont include in testsuite because
it aint working yet.
|
|
|
|
- Reason: All three classes opertate with the same data type, have
the same clients, and have the same reasons for change.
- Makes code in client more readable as it reduces number of
dependencies.
|
|
Refactor
- Add Builder to ConfigProfileGenerator. Reason: Constructor had too
many arguments.
- Move Conversion from Map to Config from ConfigProfileGenerator into
dedicated 'ConvertMapToConfig' Class; Reason: I expect additional
configuration properties and I don't want those changes to affect
the ConfigProfileGenerator (or it's test cases)
- Move Access to Spring's env into facade to simplify ConfigProfileGenerator.
|
|
|
|
ConfigProfileGenerator:
- Cancel startup if default Config profile is incomplete.
- Add property flag
'verify-completeness-of-default-delivery-request-configuration',
which allows admin to disable completeness check. In that case, just
log a warning if the default profile is incomplete.
Augmenter:
- Ensure that after merging the config is complete (or throw an
exception otherwise).
- Refactor: Move ConfigProfileValidator from ConfigProfileGenerator to
dedicated "ConfigProfileValidator" class; Reason: Augmenter needs to
check completness of at-runtime-compiled configuration.
- Refactor: Rewrote code for better readability.
Others
- NPE Fix in ConfigProfileMerger: If FallbackConfigProfile/Server is
empty, use PrimaryProfile/Server.
|
|
Config Profile Integration:
- Merge generated Configs from ConfigProfileGenerator with the default
Config; Reason: Merging profile Configs with default Config asap
ensures that profile Configs are "as complete as possible" while
allowing profile Configs to "on-demand"-override values from the
default Config.
- Adapt Augmenter to work with Config profiles: Select a Config on the
basis of on msg:DeliveryRequest/Config/ProfileId, fall back to 'default'
Config.
- Schema change: Make ProfileID optional.
Refactoring:
- Move Config-merging code from Augmenter into dedicated
'ConfigProfileMerger' class.
- ConfigProfileGenerator: Clarify stream pipeline and comply with
coding standard w.r.t. constant members.
- Add Augmenter test cases for profile selection.
|
|
Augmenter
- Replace default Config Profile with map of Config Profiles. Now,
Augmenter can choose a config profile at runtime and augment it.
- Move Augmenter to sub package.
WIP
- Implement ConfigProfileGenerator, which retrieves Config profiles
from Spring Environment and returns an easy-to-use map with
profiles that is keyed with profile id's.
- Replace application.properties with application.yaml.
- Remove Augmenter test cases: They need to be adapted.
|
|
|
|
- Rewrite DeliveryRequestAugmenter to allow per-field-overriding of
configuration parameters and add test suite.
- Mzs schema change: Move DeliveryRequest/Server into
DeliveryRequest/Config; Reason: DeliveryRequest/Config contains all
parameters exclusively needed by moazs to execute the delivery
request. The msg's server url belongs to this set of parameters.
- WIP: Add prototype implementation of MsgClient and move MsgClient to
dedicated package.
- Refactor: move TnvzClient to dedicated package.
|
|
- Refactor: Move TnvzClient in sub package
- Autowire all parameters instead of each parameter individually
|
|
|
|
- Relax Validation for now by only validating incoming requests.
|
|
Problem: Apache CXF does not validate incoming mzs:DeliveryRequests
automatically. Per default, validation is off (performs better).
However, (1) we need to validate incoming requests, and (2)
automated CXF validation requires less maintenance and is
expected to be more stable than manual validation.
Solution:
- Add @SchemaValidation annotation to @Service.
- Endpoint Configuration: set WsdlLocation and ServiceName (needed
to prevent parser errors; see [1]).
Without those, CXF validates against generated classes and not
against the WSDL spec, and generated classes do not contain format
restrictions.
Add a testcase with an invalid delivery request ("rejectBothProfile-
AndCorporateBody") to ensure that the validator works.
[1] https://stackoverflow.com/questions/2231779/cxf-and-validation-schema-restrictions-ignored
|
|
|
|
|
|
- Reason: Converter does not perform validation
|
|
|
|
- Implement own NamespacePrefixMapper that maps prefixes depending on
whether a msg or a mzs object is being marshaled.
- Namespaces are not hardcoded but extracted from jaxb's generated
sources (somewhat indirect, can be considered a hack, but there's no
public API to extract namespaces)
|
|
- Implement and test conversion from mzs:DeliveryRequest to
msg:DeliveryRequest with the "convert-pojos-by-hand"-strategy.
Reason: The chosen strategy benefits from JAXB's strong typing,
which is useful in this scenario: Differences between msg and mzs
are nuanced and easy to overlook. The chosen strategy is,
unfortunately, verbose and could become expensive to maintain.
- Update SameThreadDeliveryPipeline: Integrate tnvz query, conversion,
and msg query.
- Add MsgClient stub.
tnvz:
- Change TnvzClient stub interface.
- Implement mimetype mismatch check from tnvz Response.
- Put p:Identification from tnvz response into msg:DeliveryRequest.
MZS Schema changes:
- Replace DeliveryRequest/Sender/Person with CorporateBody (because
thats the only sender that is allowed by zusemsg) and add a
SenderProfile choice.
- Add ID Attribute to DeliveryRequest/Sender because
msg/DeliveryRequest/Sender/AbstractSenderPersonType also has an id
attribute.
- Remove PersonDataType because it's dead code.
|
|
- Reason: Improves readability and makes import statetemens shorter
and more consistent
|
|
- App2MZS Server: Instead of generating a DeliveryRequestStatus/Error
Message, we throw an exception. This will generate a SoapFault
(including a 500 http status code), which is more appropriate.
- Fix possible NPE of deliveryRequest.getMetadata().getAppDeliveryID()
by moving appDeliveryID initialization into the TimeOutException catch block
- pom.xml: Remove hamcrest dependency, as not needed for now.
|