package at.gv.egiz.moazs.config; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService; import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.impl.SignatureVerificationService; import at.gv.egiz.moazs.util.FileUtils; import at.gv.egiz.moazs.backend.SignatureVerifier; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; import java.util.function.Consumer; @Configuration public class MoaSigConfig { private static final Logger log = LoggerFactory.getLogger(MoaSigConfig.class); private static final String MOA_SPSS_CONFIG_FILE_PROPERTY = "moa.spss.server.configuration"; private static final String JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY = "javax.net.ssl.trustStoreType"; private static final String JAVAX_SSL_KEYSTORE_TYPE_PROPERTY = "javax.net.ssl.keyStoreType"; private static final String SET_PROPERTY_MSG_TEMPLATE = "Set system property '{}' to {}" ; private final String trustStoreType; private final String keyStoreType; private final String defaultTrustProfile; private final String spssConfigFilePath; private final FileUtils fileUtils; public MoaSigConfig(@Value("${javax.net.ssl.trustStoreType}") String trustStoreType, @Value("${javax.net.ssl.keyStoreType}") String keyStoreType, @Value("${moa.spss.server.default-trustprofile}") String defaultTrustProfile, @Value("${moa.spss.server.configuration}") String spssConfigFilePath, @Autowired FileUtils fileUtils) throws IOException { this.trustStoreType = trustStoreType; this.keyStoreType = keyStoreType; this.defaultTrustProfile = defaultTrustProfile; this.spssConfigFilePath = spssConfigFilePath; this.fileUtils = fileUtils; fallBackToSpringEnvForMoaSPSSConfigProperty(); fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty(); } private void fallBackToSpringEnvForMoaSPSSConfigProperty() throws IOException { log.debug("Value of spssConfigFilePath is {}", spssConfigFilePath); if(System.getProperty(MOA_SPSS_CONFIG_FILE_PROPERTY) == null) { var realFile = new File(fileUtils.determinePath(spssConfigFilePath)); log.debug("spssConfigFilePath.getCanonicalPath(): {}", realFile.getCanonicalPath()); if(realFile.exists() && realFile.canRead()) { log.debug(SET_PROPERTY_MSG_TEMPLATE, MOA_SPSS_CONFIG_FILE_PROPERTY, realFile.getCanonicalPath()); System.getProperties().setProperty(MOA_SPSS_CONFIG_FILE_PROPERTY, realFile.getCanonicalPath()); } else { throw new FileNotFoundException("File '" + realFile.getCanonicalPath() + "' does not exist or is not readable."); } } } private void fallBackToSpringEnvForJavaxNetSSLStoreTypeProperty() { if (System.getProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY) == null) { log.info(SET_PROPERTY_MSG_TEMPLATE, JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType); System.getProperties().setProperty(JAVAX_SSL_TRUSTSTORE_TYPE_PROPERTY, trustStoreType); } if (System.getProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY) == null) { log.info(SET_PROPERTY_MSG_TEMPLATE, JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType); System.getProperties().setProperty(JAVAX_SSL_KEYSTORE_TYPE_PROPERTY, keyStoreType); } } @Bean public String moaSPSSServerDefaultTrustProfile() { return defaultTrustProfile; } @Bean public ISignatureVerificationService moaSigVerifyService() { return new SignatureVerificationService(); } @Bean public Consumer signatureVerifier(@Value("${moa.spss.is-active}") boolean isMoaSPSSActive, @Value("${moa.spss.is-manifest-check-active}") boolean isManifestCheckActive) { if (isMoaSPSSActive) { log.info("Moa SPSS is active. Signatures in SOAP Messages will be verified."); return new SignatureVerifier(moaSigVerifyService(), defaultTrustProfile, isManifestCheckActive); } else { log.warn("Moa SPSS is not active. Signatures in SOAP Messages will not be verified."); return signedXMLdocument -> {}; } } }