From e2e77ed55687cb92c6f5a273995daf64dedef848 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Wed, 26 Jun 2019 08:47:58 +0200 Subject: Protect MsgClient via SSL (ink Client Authentication) - Add Component to create SSLContexts with own Key- and trust store. - Inject SSLContext into HTTP Client. - Add EAAF-Components Core Dependency, which is needed by SSLContextCreator (KeyStoreUtils). Schema Changes in mzs:DeliveryRequest/Config: - Got Rid of mzs:DeliveryRequest/Config/Server. In mzs 1.4.1, Server replaces the result of zkopf query person request. Since this zkopf interface does not exist anymore, Server was removed. - Add ClientType, which holds all parameters needed to connect to a service (Url, SSL params, a.o.). Configuration: - Add default parameters for SSL Clients in application.yaml. - Merge default parameters into incoming mzs:DeliveryRequests. MoaZSException Fixes: - Remove "Extends throwable" from Builder. - Add convenient shorthand init method (message, throwable). Refactor: - Put "determinePath" to FileUtils. - Put string related utility functions into StringUtils. --- src/main/resources/application.yaml | 29 ++++++++++++++--------------- 1 file changed, 14 insertions(+), 15 deletions(-) (limited to 'src/main/resources/application.yaml') diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 9ce1158..a0040ca 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -13,32 +13,34 @@ spring: # Order: DeliveryRequest/Config > [chosen-profile] > default delivery-request-configuration-profiles: default: + + perform-query-person-request: false + ## All parameters for MSG client. - msg: + msg-client: - ## How to reach url: http://localhost:8081/services/DeliveryRequest + ssl: + ## Boolean; if true, app will trust all server certificates; + ## if false, server certificate needs to be in truststore. + trust-all: false + + ## Boolean; if true, app ignores mismatches between server's host name and + ## Certificate's common name / alternative subject name. + lax-hostname-verification: false + ## Parameters for ssl client auth keystore: ## Absolute path to file - filename: + filename: ssl/client.jks ## Password to unlock key store. password: 1233 ## JKS or PKCS12 type: JKS - ## Boolean; if true, app will trust all server certificates; - ## if false, server certificate needs to be in truststore. - trustall: false - ## Boolean; if true, app ignores mismatches between server's host name and - ## Certificate's common name / alternative subject name. - laxhostnameverification: false - - - perform-query-person-request: false app-profile-1: msg: @@ -49,9 +51,6 @@ delivery-request-configuration-profiles: msg: url: https://msg-url2.com -key-store-profiles: - msg-key-store: - ## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration ## profile and continues startup. See 'delivery-request-configuration-profiles'. ## Default value: true -- cgit v1.2.3