From e2e77ed55687cb92c6f5a273995daf64dedef848 Mon Sep 17 00:00:00 2001
From: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
Date: Wed, 26 Jun 2019 08:47:58 +0200
Subject: Protect MsgClient via SSL (ink Client Authentication)

- Add Component to create SSLContexts with own Key- and trust store.
- Inject SSLContext into HTTP Client.
- Add EAAF-Components Core Dependency, which is needed by
  SSLContextCreator (KeyStoreUtils).

Schema Changes in mzs:DeliveryRequest/Config:
- Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1,
  Server replaces the result of zkopf query person request. Since this
  zkopf interface does not exist anymore, Server was removed.
- Add ClientType, which holds all parameters needed to connect to a
  service (Url, SSL params, a.o.).

Configuration:
- Add default parameters for SSL Clients in application.yaml.
- Merge default parameters into incoming mzs:DeliveryRequests.

MoaZSException Fixes:
- Remove "Extends throwable" from Builder.
- Add convenient shorthand init method (message, throwable).

Refactor:
- Put "determinePath" to FileUtils.
- Put string related utility functions into StringUtils.
---
 src/main/java/at/gv/egiz/moazs/msg/MsgClient.java | 64 +++++++++++++++++------
 1 file changed, 49 insertions(+), 15 deletions(-)

(limited to 'src/main/java/at/gv/egiz/moazs/msg/MsgClient.java')

diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
index 82f172d..84a7801 100644
--- a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
+++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java
@@ -1,46 +1,80 @@
 package at.gv.egiz.moazs.msg;
 
-import at.gv.zustellung.app2mzs.xsd.ConfigType;
 import at.gv.zustellung.msg.xsd.App2ZusePort;
+import at.gv.zustellung.msg.xsd.App2ZusePortService;
 import at.gv.zustellung.msg.xsd.DeliveryRequestStatusType;
 import at.gv.zustellung.msg.xsd.DeliveryRequestType;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.endpoint.Client;
+import org.apache.cxf.frontend.ClientProxy;
 import org.apache.cxf.jaxws.JaxWsClientFactoryBean;
 import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.phase.PhaseInterceptor;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.lang.Nullable;
 
+import javax.net.ssl.SSLContext;
+
+//TODO: Rethink design. could this entire class be replaced?
+//  Because everything the send() method does could be initialized in
+//  the MsgClientFactory as well.
 public class MsgClient {
 
-    private final DeliveryRequestType msgRequest;
-    private final ConfigType config;
+    private static final Logger log = LoggerFactory.getLogger(MsgClient.class);
+
     private final PhaseInterceptor<? extends Message> interceptor;
 
-    public MsgClient(DeliveryRequestType msgRequest, ConfigType config, PhaseInterceptor<? extends Message> interceptor) {
-        this.msgRequest = msgRequest;
-        this.config = config;
+    private final String address;
+
+    //TODO: make configurable
+    private final int connectionTimeout = 60;
+    private final int receiveTimeout = 60;
+
+    @Nullable
+    private final SSLContext sslContext;
+
+    public MsgClient(PhaseInterceptor<? extends Message> interceptor,
+                     String address,
+                     @Nullable SSLContext sslContext) {
         this.interceptor = interceptor;
+        this.address = address;
+        this.sslContext = sslContext;
     }
 
     /**
      * Send {@code msgRequest} to {@code Config/Server/ZUSEUrlID} and run {@code interceptor} on response.
      * @return
      */
-    public DeliveryRequestStatusType send() {
-        var proxy = connect(config);
-        return proxy.delivery(msgRequest);
-    }
-
-    private App2ZusePort connect(ConfigType config) {
-
-        var address = config.getServer().getZUSEUrlID();
+    public DeliveryRequestStatusType send(DeliveryRequestType msgRequest) {
 
         var factory = new JaxWsClientFactoryBean();
+
         factory.setServiceClass(App2ZusePort.class);
         factory.setAddress(address);
         factory.getInInterceptors().add(interceptor);
 
         var proxy = new JaxWsProxyFactoryBean(factory).create();
 
-        return (App2ZusePort) proxy;
+        Client client = ClientProxy.getClient(proxy);
+        HTTPConduit http = (HTTPConduit) client.getConduit();
+
+        var httpClientPolicy = new HTTPClientPolicy();
+        httpClientPolicy.setConnectionTimeout(connectionTimeout);
+        httpClientPolicy.setReceiveTimeout(receiveTimeout);
+        http.setClient(httpClientPolicy);
+
+        if (sslContext != null) {
+            var tlsParams = new TLSClientParameters();
+            tlsParams.setSSLSocketFactory(sslContext.getSocketFactory());
+            http.setTlsClientParameters(tlsParams);
+            log.info("SSLContext initialized. ");
+        }
+
+        return ((App2ZusePort)proxy).delivery(msgRequest);
     }
+
 }
-- 
cgit v1.2.3