From 59a13bea5783aa666bcbcec793df19f129965ff3 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Tue, 21 May 2019 13:47:34 +0200 Subject: WIP: SSL Client Auth - Refactor MsgClient: Not a Singleton anymore. Use MsgClientFactory to make a client. Make request and config private fields. - Add configuration parameters to application.yaml. - Init SSL client auth testcase, but dont include in testsuite because it aint working yet. --- src/main/java/at/gv/egiz/moazs/msg/MsgClient.java | 54 +++++++++++++++++++--- .../at/gv/egiz/moazs/msg/MsgClientFactory.java | 14 ++++++ .../moazs/pipeline/SameThreadDeliveryPipeline.java | 10 ++-- src/main/resources/application.yaml | 41 ++++++++++++++-- 4 files changed, 105 insertions(+), 14 deletions(-) create mode 100644 src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java (limited to 'src/main') diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java index 47ee8c3..6f0b1d9 100644 --- a/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java +++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClient.java @@ -4,24 +4,64 @@ import at.gv.zustellung.app2mzs.xsd.ConfigType; import at.gv.zustellung.msg.xsd.App2ZusePort; import at.gv.zustellung.msg.xsd.DeliveryRequestStatusType; import at.gv.zustellung.msg.xsd.DeliveryRequestType; +import org.apache.cxf.jaxws.JaxWsClientFactoryBean; import org.apache.cxf.jaxws.JaxWsProxyFactoryBean; -import org.springframework.stereotype.Component; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; -@Component public class MsgClient { - public DeliveryRequestStatusType send(DeliveryRequestType msgRequest, ConfigType config) { - var address = config.getServer().getZUSEUrlID(); - var proxy = connect(address); + private static final Logger log = LoggerFactory.getLogger(MsgClient.class); + + private final DeliveryRequestType msgRequest; + private final ConfigType config; + + MsgClient(DeliveryRequestType msgRequest, ConfigType config) { + this.msgRequest = msgRequest; + this.config = config; + } + + public DeliveryRequestStatusType send() { + + var proxy = connect(config); + return proxy.delivery(msgRequest); } - private App2ZusePort connect(String address) { + private App2ZusePort connect(ConfigType config) { + + new JaxWsClientFactoryBean(); + + var address = config.getServer().getZUSEUrlID(); var factory = new JaxWsProxyFactoryBean(); factory.setServiceClass(App2ZusePort.class); factory.setAddress(address); - return (App2ZusePort) factory.create(); + + var proxy = factory.create(); + +// var client = ClientProxy.getClient(proxy); +// var conduit = (HTTPConduit) client.getConduit(); +// +// if (addressIsHttps(address)) { +// var tlsParams = new TLSClientParameters(); +// tlsParams.setSSLSocketFactory(createSSLContext().getSocketFactory()); +// conduit.setTlsClientParameters(tlsParams); +// } + + return (App2ZusePort) proxy; + } + +// private SSLContext createSSLContext() { +// java.util.Properties props = new Properties(); +// props.entrySet(); +// +// // return SSLUtils.getPropertiesSSLContext(this.props, this.configDir, this.propsPrefix, forceTrustAllManager); +// return null; +// } + + private boolean addressIsHttps(String address) { + return address.startsWith("https://"); } } diff --git a/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java new file mode 100644 index 0000000..9884bd5 --- /dev/null +++ b/src/main/java/at/gv/egiz/moazs/msg/MsgClientFactory.java @@ -0,0 +1,14 @@ +package at.gv.egiz.moazs.msg; + +import at.gv.zustellung.app2mzs.xsd.ConfigType; +import at.gv.zustellung.msg.xsd.DeliveryRequestType; +import org.springframework.stereotype.Component; + +@Component +public class MsgClientFactory { + + public MsgClient create(DeliveryRequestType msgRequest, ConfigType config) { + return new MsgClient(msgRequest, config); + } + +} diff --git a/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java b/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java index 3d7f8e9..bfd05b2 100644 --- a/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java +++ b/src/main/java/at/gv/egiz/moazs/pipeline/SameThreadDeliveryPipeline.java @@ -2,6 +2,7 @@ package at.gv.egiz.moazs.pipeline; import at.gv.egiz.moazs.msg.MsgClient; +import at.gv.egiz.moazs.msg.MsgClientFactory; import at.gv.egiz.moazs.tnvz.TnvzClient; import at.gv.egiz.moazs.repository.DeliveryRepository; import at.gv.egiz.moazs.scheme.Mzs2MsgConverter; @@ -27,17 +28,17 @@ public class SameThreadDeliveryPipeline implements DeliveryPipeline { private final DeliveryRepository repository; private final TnvzClient tnvzClient; private final Mzs2MsgConverter converter; - private final MsgClient msgClient; + private final MsgClientFactory msgClientFactory; @Autowired public SameThreadDeliveryPipeline(DeliveryRepository repository, TnvzClient tnvzClient, Mzs2MsgConverter converter, - MsgClient msgClient) { + MsgClientFactory msgClientFactory) { this.repository = repository; this.tnvzClient = tnvzClient; this.converter = converter; - this.msgClient = msgClient; + this.msgClientFactory = msgClientFactory; } @Override @@ -48,7 +49,8 @@ public class SameThreadDeliveryPipeline implements DeliveryPipeline { ? converter.convert(mzsRequest, queryPerson(mzsRequest)) : converter.convert(mzsRequest); - var status = msgClient.send(msgRequest, mzsRequest.getConfig()); + var msgClient = msgClientFactory.create(msgRequest, mzsRequest.getConfig()); + var status = msgClient.send(); repository.add(status); } diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index a59c460..d43e7dc 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -13,9 +13,31 @@ spring: # Order: DeliveryRequest/Config > [chosen-profile] > default delivery-request-configuration-profiles: default: + ## All parameters for MSG client. msg: - url: http://localhost:8081/ - x509: todo! + + ## How to reach + url: http://localhost:8081/services/DeliveryRequest + ssl: + + ## Parameters for ssl client auth + keystore: + ## Absolute path to file + filename: + ## Password to unlock key store. + password: 1233 + ## JKS or PKCS12 + type: JKS + + ## Boolean; if true, app will trust all server certificates; + ## if false, server certificate needs to be in truststore. + trustall: false + + ## Boolean; if true, app ignores mismatches between server's host name and + ## Certificate's common name / alternative subject name. + laxhostnameverification: false + + perform-query-person-request: false app-profile-1: @@ -27,7 +49,20 @@ delivery-request-configuration-profiles: msg: url: https://msg-url2.com +key-store-profiles: + msg-key-store: + + + + ## If set to false, moa zs ignores an incomplete default DeliveryRequest-configuration ## profile and continues startup. See 'delivery-request-configuration-profiles'. ## Default value: true -# verify-completeness-of-default-delivery-request-configuration: false \ No newline at end of file +# verify-completeness-of-default-delivery-request-configuration: false + + +# ssl.keystore.file=../keys/www.egiz.gv.at.p12 +# egovutil.mis.ssl.keystore.password=OSgmSn! +# egovutil.mis.ssl.keystore.type=PKCS12 +# egovutil.mis.ssl.trustall=true +# egovutil.mis.ssl.laxhostnameverification=false \ No newline at end of file -- cgit v1.2.3