From 52306ddf6e786bd1ceaba09cbe37b42778b715fe Mon Sep 17 00:00:00 2001
From: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
Date: Fri, 28 Jun 2019 08:00:42 +0200
Subject: Simplified Config Validation

- Also: Ensure that truststore is of type JKS because PKCS12 is not
  supported.
---
 .../at/gv/egiz/moazs/preprocess/ConfigUtil.java    | 30 ++++++++++-----------
 src/test/java/at/gv/egiz/moazs/MsgClientTest.java  | 31 +++++++++++-----------
 2 files changed, 30 insertions(+), 31 deletions(-)

(limited to 'src')

diff --git a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
index 14fb377..6c9d264 100644
--- a/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
+++ b/src/main/java/at/gv/egiz/moazs/preprocess/ConfigUtil.java
@@ -229,13 +229,11 @@ public class ConfigUtil {
     }
 
     private boolean isTVNZClientConfigured(ClientType tnvzClient, Boolean isPerformQueryPersonRequest) {
-        return (isPerformQueryPersonRequest
-                        && tnvzClient != null
-                        && tnvzClient.getURL() != null
-                        && tnvzClient.getReceiveTimeout() != null
-                        && tnvzClient.getConnectionTimeout() != null
-                        && isSSLConfigured(tnvzClient))
-                || !isPerformQueryPersonRequest;
+        return !isPerformQueryPersonRequest || (tnvzClient != null
+                && tnvzClient.getURL() != null
+                && tnvzClient.getReceiveTimeout() != null
+                && tnvzClient.getConnectionTimeout() != null
+                && isSSLConfigured(tnvzClient));
     }
 
     private boolean isMSGClientConfigured(ClientType msgClientParams) {
@@ -247,21 +245,23 @@ public class ConfigUtil {
     }
 
     private boolean isSSLConfigured(ClientType clientParams) {
-        return (clientParams.getURL().startsWith("https")
-                && clientParams.getSSL() != null
+        return !clientParams.getURL().startsWith("https") || (clientParams.getSSL() != null
                 && clientParams.getSSL().isTrustAll() != null
                 && clientParams.getSSL().isLaxHostNameVerification() != null
                 && isKeyStoreConfigured(clientParams.getSSL().getKeyStore())
-                && isKeyStoreConfigured(clientParams.getSSL().getTrustStore()))
-                || !clientParams.getURL().startsWith("https");
+                && isTrustStoreConfigured(clientParams.getSSL().getTrustStore()));
     }
 
     private boolean isKeyStoreConfigured(KeyStoreType keyStore) {
-        return (keyStore != null
-                && keyStore.getPassword() != null
+        return keyStore == null || (keyStore.getPassword() != null
                 && keyStore.getFileType() != null
-                && keyStore.getFileName() != null)
-                || keyStore == null;
+                && keyStore.getFileName() != null);
+    }
+
+    private boolean isTrustStoreConfigured(KeyStoreType trustStore) {
+        return trustStore == null || (trustStore.getPassword() != null
+                && "JKS".equals(trustStore.getFileType())
+                && trustStore.getFileName() != null);
     }
 
 
diff --git a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
index bd68d9d..485d01c 100644
--- a/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
+++ b/src/test/java/at/gv/egiz/moazs/MsgClientTest.java
@@ -7,12 +7,9 @@ import at.gv.zustellung.app2mzs.xsd.ClientType;
 import at.gv.zustellung.app2mzs.xsd.KeyStoreType;
 import at.gv.zustellung.msg.xsd.DeliveryRequestType;
 import at.gv.zustellung.msg.xsd.ObjectFactory;
-import org.junit.runner.RunWith;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.test.context.SpringBootTest;
-import org.springframework.test.context.junit4.SpringRunner;
 
 import javax.xml.bind.JAXBElement;
 import java.io.BufferedInputStream;
@@ -91,12 +88,12 @@ public class MsgClientTest {
     // - server uses the server certificate in ssl/server/server.localhost.*.pem
     // - server sends certificate chain ssl/server/ca-chain.cert.pem
     //@Test
-    public void sendOverSSLWithTrustAll() throws IOException {
+    public void sendOverSSLWithClientAuthTrustAll() throws IOException {
 
         var request = loadFromFile("validDeliveryRequest.xml");
-        var sslServiceUri = "https://localhost/zusemsg/services/DeliveryRequest";
+        var httpsServiceURL = "https://localhost/zusemsg/services/DeliveryRequest";
 
-        var clientParams = generateSSLClientParams(sslServiceUri, true, false);
+        var clientParams = generateSSLClientParams(httpsServiceURL, true, false);
         var client = factory.create(clientParams);
 
         var status = client.delivery(request);
@@ -109,12 +106,12 @@ public class MsgClientTest {
     // - server uses the server certificate in ssl/server/server.localhost.*.pem
     // - server sends certificate chain ssl/server/ca-chain.cert.pem
     //@Test
-    public void sendOverSSLWithLaxHostnameVerification() throws IOException {
+    public void sendOverSSLWithClientAuthLaxHostnameVerification() throws IOException {
 
         var request = loadFromFile("validDeliveryRequest.xml");
-        var sslServiceUri = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+        var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";
 
-        var clientParams = generateSSLClientParams(sslServiceUri, false, true);
+        var clientParams = generateSSLClientParams(httpsServiceURL, false, true);
         var client = factory.create(clientParams);
 
         var status = client.delivery(request);
@@ -130,16 +127,20 @@ public class MsgClientTest {
     public void rejectBecauseHostNameVerificationFails() throws IOException {
 
         var request = loadFromFile("validDeliveryRequest.xml");
-        var sslServiceUri = "https://notlocalhost/zusemsg/services/DeliveryRequest";
+        var httpsServiceURL = "https://notlocalhost/zusemsg/services/DeliveryRequest";
 
-        var clientParams = generateSSLClientParams(sslServiceUri, false, false);
+        var clientParams = generateSSLClientParams(httpsServiceURL, false, false);
         var client = factory.create(clientParams);
 
         var status = client.delivery(request);
         log.info("status: " + msgMarshaller.marshallXml(OF.createDeliveryRequestStatus(status)));
     }
 
-    private ClientType generateSSLClientParams(String sslServiceUri, boolean trustAll, boolean laxHostNameVerification) {
+    private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification) {
+        return generateSSLClientParams(httpsServiceURL, trustAll, laxHostNameVerification, generateTrustLocalhostStore());
+    }
+
+    private ClientType generateSSLClientParams(String httpsServiceURL, boolean trustAll, boolean laxHostNameVerification, KeyStoreType truststore) {
 
         var keystore = keyStoreTypeBuilder()
                 .withFileName("ssl/client.cert.key.p12")
@@ -147,17 +148,15 @@ public class MsgClientTest {
                 .withPassword("123456")
                 .build();
 
-        var truststore = trustAll ? null : generateTrustLocalhostStore();
-
         var sslParams = SSLTypeBuilder()
                 .withLaxHostNameVerification(laxHostNameVerification)
                 .withTrustAll(trustAll)
                 .withKeyStore(keystore)
-                .withTrustStore(truststore)
+                .withTrustStore(trustAll ? null : truststore)
                 .build();
 
         return clientTypeBuilder()
-                .withURL(sslServiceUri)
+                .withURL(httpsServiceURL)
                 .withSSL(sslParams)
                 .withReceiveTimeout(BigInteger.ZERO)
                 .withConnectionTimeout(BigInteger.ZERO)
-- 
cgit v1.2.3