Pull request #231: Truststore object is set even if is not configured correctly.

Merge in EDELIVERY/smp from EDELIVERY-10167-wrong-error-messages-for-disabled-truststore-validation-on-the-ui-user-page to development * commit 'dd054f89b22308740db719fb2d134670049bf283': PR Updates Truststore object is set even if is not configured correctly. Add truststore/keystore type as configuration option

Pull request #231: Truststore object is set even if is not configured correctly.
51f415cc · Joze RIHTARSIC · 4462e409 · bb752496 · 51f415cc · 51f415cc
Commit 51f415cc authored 2 years ago by Joze RIHTARSIC
--- a/changelog.txt
+++ b/changelog.txt
+eDelivery SMP 5.0
+- added new properties:
+    smp.truststore.type: Truststore type as JKS/PKCS12
+    smp.keystore.type: Keystore type as JKS/PKCS12
+
+
 eDelivery SMP 4.2
 - added new properties:
    smp.passwordPolicy.validationRegex: Regular expression do define password minimum complexity rules!
@@ -12,7 +18,7 @@ eDelivery SMP 4.2
    smp.ui.session.idle_timeout.admin: Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!
    smp.ui.session.idle_timeout.user: Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)
    smp.sso.cas.ui.label: The SSO service provider label.
-    smp.sso.cas.url: The SSO CAS URL enpoint
+    smp.sso.cas.url: The SSO CAS URL endpoint
    smp.sso.cas.urlpath.login: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.
    smp.sso.cas.callback.url: The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/rest/security/cas'
    smp.sso.cas.token.validation.urlpath: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.token.validation}.

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
@@ -89,7 +89,7 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {

    @Transactional
    public DBConfiguration setPropertyToDatabase(SMPPropertyEnum key, String value, String description) {
-        File rootFolder = (File)getCachedPropertyValue(CONFIGURATION_DIR);
+        File rootFolder = getCachedPropertyValue(CONFIGURATION_DIR);
        if (!PropertyUtils.isValidProperty(key, value, rootFolder)) {
            throw new SMPRuntimeException(ErrorCode.CONFIGURATION_ERROR, key.getPropertyType().getErrorMessage(key.getProperty()));
        }
@@ -155,12 +155,12 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
        return cachedProperties.getProperty(property, defValue);
    }

-    public Object getCachedPropertyValue(SMPPropertyEnum key) {
+    public <T extends Object> T getCachedPropertyValue(SMPPropertyEnum key) {
        if (lastUpdate == null) {
            // init properties
            refreshProperties();
        }
-        return cachedPropertyValues.get(key.getProperty());
+        return (T) cachedPropertyValues.get(key.getProperty());
    }

    @Transactional

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
@@ -2,7 +2,7 @@ package eu.europa.ec.edelivery.smp.data.ui.enums;


 /**
- * Enumeraton of Resourceobject statuse .
+ * Enumeration of Resource Object status.
 * @author Joze Rihtarsic
 * @since 4.1
 */

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java
+package eu.europa.ec.edelivery.smp.data.ui.enums;
+
+
+/**
+ * Enumeration constants. The purpose of the constants is to make enumeration configurations more transparent/readable
+ * ex:
+ * This is  (see the boolean values)
+ *   OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ *   true, false, true, BOOLEAN),
+ * changed to:
+ *   OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ *   MANDATORY, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ *
+ * @author Joze Rihtarsic
+ * @since 4.2
+ */
+public class SMPEnumConstants {
+
+    public static final boolean MANDATORY = true;
+    public static final boolean OPTIONAL = !MANDATORY;
+    public static final boolean ENCRYPTED = true;
+    public static final boolean NOT_ENCRYPTED = !ENCRYPTED;
+    public static final boolean RESTART_NEEDED = true;
+    public static final boolean NO_RESTART_NEEDED = !RESTART_NEEDED;
+}
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
@@ -7,6 +7,7 @@ import eu.europa.ec.edelivery.smp.logging.SMPLogger;
 import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
 import eu.europa.ec.edelivery.smp.services.ConfigurationService;
 import eu.europa.ec.edelivery.smp.utils.SecurityUtils;
+import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.exception.ExceptionUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.convert.ConversionService;
@@ -140,13 +141,16 @@ public class UIKeystoreService {
        }


-        KeyStore keyStore = null;
+        KeyStore keyStore;
        try (InputStream keystoreInputStream = new FileInputStream(keyStoreFile)) {
-            keyStore = KeyStore.getInstance("JKS");
+            String type = StringUtils.defaultIfEmpty(configurationService.getKeystoreType(), "JKS");
+            LOG.info("Load keystore [{}] with type [{}].", keyStoreFile, type);
+            keyStore = KeyStore.getInstance(type);
            keyStore.load(keystoreInputStream, keystoreSecToken.toCharArray());
        } catch (Exception exception) {
            LOG.error("Could not load signing certificate with private key from keystore file:"
                    + keyStoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
+            keyStore = null;
        }
        return keyStore;
    }

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
@@ -116,7 +116,7 @@ public class UIPropertyService {
        for (PropertyRO property : properties) {
            configurationDao.setPropertyToDatabase(property.getProperty(), property.getValue());
        }
-        Boolean isClusterEnabled = (Boolean) configurationDao.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
+        Boolean isClusterEnabled = configurationDao.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
        if (isClusterEnabled) {
            LOG.info("Properties were updated in database. Changed properties will be activated to all cluster nodes at: [{}]!",
                    ISO_8601_EXTENDED_DATETIME_FORMAT.format(refreshPropertiesTrigger.getNextExecutionDate()));
@@ -147,7 +147,7 @@ public class UIPropertyService {

        // try to parse value
        try {
-            File confDir = (File) configurationDao.getCachedPropertyValue(CONFIGURATION_DIR);
+            File confDir = configurationDao.getCachedPropertyValue(CONFIGURATION_DIR);
            PropertyUtils.parseProperty(propertyEnum, propertyRO.getValue(), confDir);
        } catch (SMPRuntimeException ex) {
            propertyValidationRO.setErrorMessage(ex.getMessage());

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
@@ -377,15 +377,17 @@ public class UITruststoreService {
            return null;
        }

-        KeyStore truststore = null;
        try (InputStream truststoreInputStream = new FileInputStream(truststoreFile)) {
-            truststore = KeyStore.getInstance("JKS");
-            truststore.load(truststoreInputStream, token.toCharArray());
+            String type = StringUtils.defaultIfEmpty(configurationService.getTruststoreType(),"JKS");
+            LOG.info("Load truststore [{}] with type [{}].", truststoreFile, type);
+            KeyStore loadedTrustStore = KeyStore.getInstance(type);
+            loadedTrustStore.load(truststoreInputStream, token.toCharArray());
+            return loadedTrustStore;
        } catch (Exception exception) {
            LOG.error("Could not load truststore:"
                    + truststoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
        }
-        return truststore;
+        return null;
    }



--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
@@ -284,7 +284,7 @@ public class ConfigurationDAOImplTest extends AbstractBaseDao {
        assertEquals(newTestPassword, configurationDao.getCachedPropertyValue(SMPPropertyEnum.HTTP_PROXY_PASSWORD));

        // test decrypt
-        File encryptionKey = (File) configurationDao.getCachedPropertyValue(SMPPropertyEnum.ENCRYPTION_FILENAME);
+        File encryptionKey = configurationDao.getCachedPropertyValue(SMPPropertyEnum.ENCRYPTION_FILENAME);
        assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.KEYSTORE_PASSWORD, dbKeystorePassword, encryptionKey));
        assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.TRUSTSTORE_PASSWORD, dbTruststorePassword, encryptionKey));
        assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.HTTP_PROXY_PASSWORD, dbProxyPassword, encryptionKey));

--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
@@ -70,9 +70,8 @@ public class KeystoreResource {
        payloadValidatorService.validateUploadedContent(new ByteArrayInputStream(fileBytes), MimeTypeUtils.APPLICATION_OCTET_STREAM_VALUE);
        // try to open keystore
        KeystoreImportResult keystoreImportResult = new KeystoreImportResult();
-        KeyStore keyStore = null;
        try {
-            keyStore = KeyStore.getInstance(keystoreType);
+            KeyStore keyStore = KeyStore.getInstance(keystoreType);
            keyStore.load(new ByteArrayInputStream(fileBytes), password.toCharArray());
            LOG.debug(keyStore.aliases().nextElement());
            uiKeystoreService.importKeys(keyStore, password);
@@ -81,7 +80,6 @@ public class KeystoreResource {
            LOG.error(msg, e);
            keystoreImportResult.setErrorMessage(msg);
        }
-
        return keystoreImportResult;
    }