From 59a13bea5783aa666bcbcec793df19f129965ff3 Mon Sep 17 00:00:00 2001
From: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
Date: Tue, 21 May 2019 13:47:34 +0200
Subject: WIP: SSL Client Auth

- Refactor MsgClient: Not a Singleton anymore. Use MsgClientFactory to
  make a client. Make request and config private fields.
- Add configuration parameters to application.yaml.
- Init SSL client auth testcase, but dont include in testsuite because
  it aint working yet.
---
 src/main/resources/application.yaml | 41 ++++++++++++++++++++++++++++++++++---
 1 file changed, 38 insertions(+), 3 deletions(-)

(limited to 'src/main/resources')

diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml
index a59c460..d43e7dc 100644
--- a/src/main/resources/application.yaml
+++ b/src/main/resources/application.yaml
@@ -13,9 +13,31 @@ spring:
 # Order: DeliveryRequest/Config > [chosen-profile] > default
 delivery-request-configuration-profiles:
   default:
+    ## All parameters for MSG client.
     msg:
-      url: http://localhost:8081/
-      x509: todo!
+
+      ## How to reach
+      url: http://localhost:8081/services/DeliveryRequest
+      ssl:
+
+        ## Parameters for ssl client auth
+        keystore:
+          ## Absolute path to file
+          filename:
+          ## Password to unlock key store.
+          password: 1233
+          ## JKS or PKCS12
+          type: JKS
+
+        ## Boolean; if true, app will trust all server certificates;
+        ## if false, server certificate needs to be in truststore.
+        trustall: false
+
+        ## Boolean; if true, app ignores mismatches between server's host name and
+        ## Certificate's common name / alternative subject name.
+        laxhostnameverification: false
+
+
     perform-query-person-request: false
 
   app-profile-1:
@@ -27,7 +49,20 @@ delivery-request-configuration-profiles:
     msg:
       url: https://msg-url2.com
 
+key-store-profiles:
+  msg-key-store:
+
+
+
+
 ## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration
 ## profile and continues startup. See 'delivery-request-configuration-profiles'.
 ## Default value: true
-# verify-completeness-of-default-delivery-request-configuration: false
\ No newline at end of file
+# verify-completeness-of-default-delivery-request-configuration: false
+
+
+#  ssl.keystore.file=../keys/www.egiz.gv.at.p12
+#  egovutil.mis.ssl.keystore.password=OSgmSn!
+#  egovutil.mis.ssl.keystore.type=PKCS12
+#  egovutil.mis.ssl.trustall=true
+#  egovutil.mis.ssl.laxhostnameverification=false
\ No newline at end of file
-- 
cgit v1.2.3