diff --git a/changelog.txt b/changelog.txt
index 0f301f5bb38064901d7159eace5f028949d402db..54fff73846f5f840cd96e5ff22f3c997d35fe376 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -1,3 +1,9 @@
+eDelivery SMP 5.0
+- added new properties:
+ smp.truststore.type: Truststore type as JKS/PKCS12
+ smp.keystore.type: Keystore type as JKS/PKCS12
+
+
eDelivery SMP 4.2
- added new properties:
smp.passwordPolicy.validationRegex: Regular expression do define password minimum complexity rules!
@@ -12,7 +18,7 @@ eDelivery SMP 4.2
smp.ui.session.idle_timeout.admin: Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!
smp.ui.session.idle_timeout.user: Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)
smp.sso.cas.ui.label: The SSO service provider label.
- smp.sso.cas.url: The SSO CAS URL enpoint
+ smp.sso.cas.url: The SSO CAS URL endpoint
smp.sso.cas.urlpath.login: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.
smp.sso.cas.callback.url: The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/rest/security/cas'
smp.sso.cas.token.validation.urlpath: The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.token.validation}.
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
index 19b20bd99e97b9c3976ef8c4f21029e4d5fdf27e..e8762846bcc3118631684be271c10a988682e38f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
@@ -89,7 +89,7 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
@Transactional
public DBConfiguration setPropertyToDatabase(SMPPropertyEnum key, String value, String description) {
- File rootFolder = (File)getCachedPropertyValue(CONFIGURATION_DIR);
+ File rootFolder = getCachedPropertyValue(CONFIGURATION_DIR);
if (!PropertyUtils.isValidProperty(key, value, rootFolder)) {
throw new SMPRuntimeException(ErrorCode.CONFIGURATION_ERROR, key.getPropertyType().getErrorMessage(key.getProperty()));
}
@@ -155,12 +155,12 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
return cachedProperties.getProperty(property, defValue);
}
- public Object getCachedPropertyValue(SMPPropertyEnum key) {
+ public <T extends Object> T getCachedPropertyValue(SMPPropertyEnum key) {
if (lastUpdate == null) {
// init properties
refreshProperties();
}
- return cachedPropertyValues.get(key.getProperty());
+ return (T) cachedPropertyValues.get(key.getProperty());
}
@Transactional
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
index cb3542bce51feaa26906fba132f51e3b9fd7f358..ca06c8a30cca07f3f9ad12a52025d4b92d725773 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/EntityROStatus.java
@@ -2,7 +2,7 @@ package eu.europa.ec.edelivery.smp.data.ui.enums;
/**
- * Enumeraton of Resourceobject statuse .
+ * Enumeration of Resource Object status.
* @author Joze Rihtarsic
* @since 4.1
*/
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java
new file mode 100644
index 0000000000000000000000000000000000000000..430c4e4f18be8cc0a5654cf3589aba4a53defdf8
--- /dev/null
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPEnumConstants.java
@@ -0,0 +1,25 @@
+package eu.europa.ec.edelivery.smp.data.ui.enums;
+
+
+/**
+ * Enumeration constants. The purpose of the constants is to make enumeration configurations more transparent/readable
+ * ex:
+ * This is (see the boolean values)
+ * OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ * true, false, true, BOOLEAN),
+ * changed to:
+ * OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ * MANDATORY, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ *
+ * @author Joze Rihtarsic
+ * @since 4.2
+ */
+public class SMPEnumConstants {
+
+ public static final boolean MANDATORY = true;
+ public static final boolean OPTIONAL = !MANDATORY;
+ public static final boolean ENCRYPTED = true;
+ public static final boolean NOT_ENCRYPTED = !ENCRYPTED;
+ public static final boolean RESTART_NEEDED = true;
+ public static final boolean NO_RESTART_NEEDED = !RESTART_NEEDED;
+}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
index 3f87455cd5a0552716ac63018482af3110302f83..8c85a419047b83296bb26b7d9da54a6c4765f057 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -8,234 +8,355 @@ import java.util.Optional;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
+import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPEnumConstants.*;
import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyTypeEnum.*;
+
public enum SMPPropertyEnum {
- OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.", true, false, true, BOOLEAN),
- ENCODED_SLASHES_ALLOWED_IN_URL("encodedSlashesAllowedInUrl", "true", "Allow encoded slashes in context path. Set to true if slashes are are part of identifiers.", false, false, true, BOOLEAN),
- HTTP_FORWARDED_HEADERS_ENABLED("smp.http.forwarded.headers.enabled", "false", "Use (value true) or remove (value false) forwarded headers! There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client.", false, false, false, BOOLEAN),
- HTTP_HSTS_MAX_AGE("smp.http.httpStrictTransportSecurity.maxAge", "31536000", "How long(in seconds) HSTS should last in the browser's cache(default one year)", false, false, true, INTEGER),
- HTTP_HEADER_SEC_POLICY("smp.http.header.security.policy", "", "Content Security Policy (CSP) default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self';", false, false, true, STRING),
+ OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.",
+ MANDATORY, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ ENCODED_SLASHES_ALLOWED_IN_URL("encodedSlashesAllowedInUrl", "true", "Allow encoded slashes in context path. Set to true if slashes are are part of identifiers.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ HTTP_FORWARDED_HEADERS_ENABLED("smp.http.forwarded.headers.enabled", "false", "Use (value true) or remove (value false) forwarded headers! There are security considerations for forwarded headers since an application cannot know if the headers were added by a proxy, as intended, or by a malicious client.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ HTTP_HSTS_MAX_AGE("smp.http.httpStrictTransportSecurity.maxAge", "31536000", "How long(in seconds) HSTS should last in the browser's cache(default one year)",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, INTEGER),
+ HTTP_HEADER_SEC_POLICY("smp.http.header.security.policy", "", "Content Security Policy (CSP) default-src 'self'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self';",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
// http proxy configuration
- HTTP_PROXY_HOST("smp.proxy.host", "", "The http proxy host", false, false, false, STRING),
- HTTP_NO_PROXY_HOSTS("smp.noproxy.hosts", "localhost|127.0.0.1", "list of nor proxy hosts. Ex.: localhost|127.0.0.1", false, false, false, STRING),
- HTTP_PROXY_PASSWORD("smp.proxy.password", "", "Base64 encrypted password for Proxy.", false, true, false, STRING),
- HTTP_PROXY_PORT("smp.proxy.port", "80", "The http proxy port", false, false, false, INTEGER),
- HTTP_PROXY_USER("smp.proxy.user", "", "The proxy user", false, false, false, STRING),
-
- PARTC_SCH_REGEXP("identifiersBehaviour.ParticipantIdentifierScheme.validationRegex", "^$|^(?!^.{26})([a-z0-9]+-[a-z0-9]+-[a-z0-9]+)$|^urn:oasis:names:tc:ebcore:partyid-type:(iso6523|unregistered)(:.+)?$", "Participant Identifier Schema of each PUT ServiceGroup request is validated against this schema.", false, false, false, REGEXP),
+ HTTP_PROXY_HOST("smp.proxy.host", "", "The http proxy host",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ HTTP_NO_PROXY_HOSTS("smp.noproxy.hosts", "localhost|127.0.0.1", "list of nor proxy hosts. Ex.: localhost|127.0.0.1",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ HTTP_PROXY_PASSWORD("smp.proxy.password", "", "Base64 encrypted password for Proxy.",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ HTTP_PROXY_PORT("smp.proxy.port", "80", "The http proxy port",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ HTTP_PROXY_USER("smp.proxy.user", "", "The proxy user",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+
+ PARTC_SCH_REGEXP("identifiersBehaviour.ParticipantIdentifierScheme.validationRegex", "^$|^(?!^.{26})([a-z0-9]+-[a-z0-9]+-[a-z0-9]+)$|^urn:oasis:names:tc:ebcore:partyid-type:(iso6523|unregistered)(:.+)?$", "Participant Identifier Schema of each PUT ServiceGroup request is validated against this schema.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
PARTC_SCH_REGEXP_MSG("identifiersBehaviour.ParticipantIdentifierScheme.validationRegexMessage",
- "Participant scheme must start with:urn:oasis:names:tc:ebcore:partyid-type:(iso6523:|unregistered:) OR must be up to 25 characters long with form [domain]-[identifierArea]-[identifierType] (ex.: 'busdox-actorid-upis') and may only contain the following characters: [a-z0-9].", "Error message for UI", false, false, false, STRING),
- PARTC_SCH_MANDATORY("identifiersBehaviour.scheme.mandatory", "true", "Scheme for participant identifier is mandatory", false, false, false, BOOLEAN),
+ "Participant scheme must start with:urn:oasis:names:tc:ebcore:partyid-type:(iso6523:|unregistered:) OR must be up to 25 characters long with form [domain]-[identifierArea]-[identifierType] (ex.: 'busdox-actorid-upis') and may only contain the following characters: [a-z0-9].", "Error message for UI",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ PARTC_SCH_MANDATORY("identifiersBehaviour.scheme.mandatory", "true", "Scheme for participant identifier is mandatory",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
- PARTC_EBCOREPARTYID_CONCATENATE("identifiersBehaviour.ParticipantIdentifierScheme.ebCoreId.concatenate",
- "false", "Concatenate ebCore party id in XML responses <ParticipantIdentifier>urn:oasis:names:tc:ebcore:partyid-type:unregistered:test-ebcore-id</ParticipantIdentifier>", false, false, false, BOOLEAN),
+ PARTC_EBCOREPARTYID_CONCATENATE("identifiersBehaviour.ParticipantIdentifierScheme.ebCoreId.concatenate", "false",
+ "Concatenate ebCore party id in XML responses <ParticipantIdentifier>urn:oasis:names:tc:ebcore:partyid-type:unregistered:test-ebcore-id</ParticipantIdentifier>",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
- CS_PARTICIPANTS("identifiersBehaviour.caseSensitive.ParticipantIdentifierSchemes", "sensitive-participant-sc1|sensitive-participant-sc2", "Specifies schemes of participant identifiers that must be considered CASE-SENSITIVE.", false, false, false, LIST_STRING),
- CS_DOCUMENTS("identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes", "casesensitive-doc-scheme1|casesensitive-doc-scheme2", "Specifies schemes of document identifiers that must be considered CASE-SENSITIVE.", false, false, false, LIST_STRING),
+ CS_PARTICIPANTS("identifiersBehaviour.caseSensitive.ParticipantIdentifierSchemes", "sensitive-participant-sc1|sensitive-participant-sc2", "Specifies schemes of participant identifiers that must be considered CASE-SENSITIVE.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
+ CS_DOCUMENTS("identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes", "casesensitive-doc-scheme1|casesensitive-doc-scheme2", "Specifies schemes of document identifiers that must be considered CASE-SENSITIVE.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
// SML integration!
- SML_ENABLED("bdmsl.integration.enabled", "false", "BDMSL (SML) integration ON/OFF switch", false, false, false, BOOLEAN),
- SML_PARTICIPANT_MULTIDOMAIN("bdmsl.participant.multidomain.enabled", "false", "Set to true if SML support participant on multidomain", false, false, true, BOOLEAN),
- SML_URL("bdmsl.integration.url", "http://localhost:8080/edelivery-sml", "BDMSL (SML) endpoint", false, false, false, URL),
- SML_TLS_DISABLE_CN_CHECK("bdmsl.integration.tls.disableCNCheck", "false", "If SML Url is HTTPs - Disable CN check if needed.", false, false, false, BOOLEAN),
- SML_TLS_SERVER_CERT_SUBJECT_REGEXP("bdmsl.integration.tls.serverSubjectRegex", ".*", "Regular expression for server TLS certificate subject verification CertEx. .*CN=acc.edelivery.tech.ec.europa.eu.*.", false, false, false, REGEXP),
- SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT("bdmsl.integration.tls.useSystemDefaultTruststore", "false", "If true use system default truststore for trusting TLS server certificate (Legacy behaviour to SMP 4.1 version), else use SMP truststore", false, false, false, BOOLEAN),
- SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address", "http://localhost:8080/smp/", "Logical SMP endpoint which will be registered on SML when registering new domain", false, false, false, URL),
- SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address", "0.0.0.0", "Physical SMP endpoint which will be registered on SML when registering new domain.", false, false, false, STRING),
+ SML_ENABLED("bdmsl.integration.enabled", "false", "BDMSL (SML) integration ON/OFF switch",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ SML_PARTICIPANT_MULTIDOMAIN("bdmsl.participant.multidomain.enabled", "false", "Set to true if SML support participant on multidomain",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, BOOLEAN),
+ SML_URL("bdmsl.integration.url", "http://localhost:8080/edelivery-sml", "BDMSL (SML) endpoint",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, URL),
+ SML_TLS_DISABLE_CN_CHECK("bdmsl.integration.tls.disableCNCheck", "false", "If SML Url is HTTPs - Disable CN check if needed.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ SML_TLS_SERVER_CERT_SUBJECT_REGEXP("bdmsl.integration.tls.serverSubjectRegex", ".*", "Regular expression for server TLS certificate subject verification CertEx. .*CN=acc.edelivery.tech.ec.europa.eu.*.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
+ SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT("bdmsl.integration.tls.useSystemDefaultTruststore", "false", "If true use system default truststore for trusting TLS server certificate (Legacy behaviour to SMP 4.1 version), else use SMP truststore",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address", "http://localhost:8080/smp/", "Logical SMP endpoint which will be registered on SML when registering new domain",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, URL),
+ SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address", "0.0.0.0", "Physical SMP endpoint which will be registered on SML when registering new domain.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
// keystore truststore
- KEYSTORE_PASSWORD("smp.keystore.password", "", "Encrypted keystore (and keys) password ", false, true, false, STRING),
- KEYSTORE_FILENAME("smp.keystore.filename", "smp-keystore.jks", "Keystore filename ", true, false, false, FILENAME),
- TRUSTSTORE_PASSWORD("smp.truststore.password", "", "Encrypted truststore password ", false, true, false, STRING),
- TRUSTSTORE_FILENAME("smp.truststore.filename", "", "Truststore filename ", false, false, false, FILENAME),
+ KEYSTORE_PASSWORD("smp.keystore.password", "", "Encrypted keystore (and keys) password ",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ KEYSTORE_TYPE("smp.keystore.type", "JKS", "Keystore type as JKS/PKCS12",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ KEYSTORE_FILENAME("smp.keystore.filename", "smp-keystore.jks", "Keystore filename ",
+ MANDATORY, NOT_ENCRYPTED, NO_RESTART_NEEDED, FILENAME),
+ TRUSTSTORE_TYPE("smp.truststore.type", "JKS", "Truststore type as JKS/PKCS12",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ TRUSTSTORE_PASSWORD("smp.truststore.password", "", "Encrypted truststore password ",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ TRUSTSTORE_FILENAME("smp.truststore.filename", "", "Truststore filename ",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, FILENAME),
TRUSTSTORE_ADD_CERT_ON_USER_UPDATE("smp.truststore.add.cert.onUserRegistration",
- "false", "Automatically add certificate to truststore when assigned to user.", false, false, false, BOOLEAN),
- CERTIFICATE_CRL_FORCE("smp.certificate.crl.force", "false", "If false then if CRL is not reachable ignore CRL validation", false, false, false, BOOLEAN),
- CONFIGURATION_DIR("configuration.dir", "smp", "Path to the folder containing all the configuration files (keystore and encryption key)", true, false, true, PATH),
- ENCRYPTION_FILENAME("encryption.key.filename", "encryptionPrivateKey.private", "Key filename to encrypt passwords", false, false, true, FILENAME),
- KEYSTORE_PASSWORD_DECRYPTED("smp.keystore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!", false, false, false, STRING),
- TRUSTSTORE_PASSWORD_DECRYPTED("smp.truststore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!", false, false, false, STRING),
- CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS("smp.certificate.validation.allowedCertificatePolicyOIDs","","List of certificate policy OIDs separated by | where at least one must be in the CertifictePolicy extension", false, false,false, LIST_STRING),
- CERTIFICATE_SUBJECT_REGULAR_EXPRESSION("smp.certificate.validation.subjectRegex",".*","Regular expression to validate subject of the certificate", false, false,false, REGEXP),
-
- SMP_PROPERTY_REFRESH_CRON("smp.property.refresh.cronJobExpression", "0 48 */1 * * *", "Property refresh cron expression (def 12 minutes to each hour). Property change is refreshed at restart!", false, false, false, CRON_EXPRESSION),
+ "false", "Automatically add certificate to truststore when assigned to user.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ CERTIFICATE_CRL_FORCE("smp.certificate.crl.force", "false", "If false then if CRL is not reachable ignore CRL validation",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ CONFIGURATION_DIR("configuration.dir", "smp", "Path to the folder containing all the configuration files (keystore and encryption key)",
+ MANDATORY, NOT_ENCRYPTED, RESTART_NEEDED, PATH),
+ ENCRYPTION_FILENAME("encryption.key.filename", "encryptionPrivateKey.private", "Key filename to encrypt passwords",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, FILENAME),
+ KEYSTORE_PASSWORD_DECRYPTED("smp.keystore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ TRUSTSTORE_PASSWORD_DECRYPTED("smp.truststore.password.decrypted", "", "Only for backup purposes when password is automatically created. Store password somewhere save and delete this entry!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS("smp.certificate.validation.allowedCertificatePolicyOIDs", "", "List of certificate policy OIDs separated by | where at least one must be in the CertifictePolicy extension",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
+ CERTIFICATE_SUBJECT_REGULAR_EXPRESSION("smp.certificate.validation.subjectRegex", ".*", "Regular expression to validate subject of the certificate",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
+
+ SMP_PROPERTY_REFRESH_CRON("smp.property.refresh.cronJobExpression", "0 48 */1 * * *", "Property refresh cron expression (def 12 minutes to each hour). Property change is refreshed at restart!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, CRON_EXPRESSION),
// UI COOKIE configuration
- UI_COOKIE_SESSION_SECURE("smp.ui.session.secure", "false", "Cookie is only sent to the server when a request is made with the https: scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.", false, false, false, BOOLEAN),
- UI_COOKIE_SESSION_MAX_AGE("smp.ui.session.max-age", "", "Number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. Empty value will not set parameter", false, false, false, INTEGER),
- UI_COOKIE_SESSION_SITE("smp.ui.session.strict", "Lax", "Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax. (Cookies with SameSite=None require a secure context/HTTPS)!!)", false, false, false, STRING),
- UI_COOKIE_SESSION_PATH("smp.ui.session.path", "", "A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match", false, false, false, STRING),
- UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN("smp.ui.session.idle_timeout.admin", "300", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!", false, false, false, INTEGER),
- UI_COOKIE_SESSION_IDLE_TIMEOUT_USER("smp.ui.session.idle_timeout.user", "1800", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)", false, false, false, INTEGER),
- SMP_CLUSTER_ENABLED("smp.cluster.enabled", "false", "Define if application is set in cluster. In not cluster environment, properties are updated on setProperty.", false, false,false, BOOLEAN),
-
- PASSWORD_POLICY_REGULAR_EXPRESSION("smp.passwordPolicy.validationRegex","^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'\"\\\\]).{16,32}$",
- "Password minimum complexity rules!", false, false,false, REGEXP),
-
- PASSWORD_POLICY_MESSAGE("smp.passwordPolicy.validationMessage","Minimum length: 16 characters;Maximum length: 32 characters;At least one letter in lowercase;At least one letter in uppercase;At least one digit;At least one special character",
- "The error message shown to the user in case the password does not follow the regex put in the domibus.passwordPolicy.pattern property", false, false,false, STRING),
- PASSWORD_POLICY_VALID_DAYS("smp.passwordPolicy.validDays","90",
- "Number of days password is valid", false, false,false, INTEGER),
- PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE("smp.passwordPolicy.warning.beforeExpiration","15",
- "How many days before expiration should the UI warn users at login", false, false,false, INTEGER),
-
- PASSWORD_POLICY_FORCE_CHANGE_EXPIRED("smp.passwordPolicy.expired.forceChange","true",
- "Force change password at UI login if expired", false, false,false, BOOLEAN),
-
- USER_LOGIN_FAIL_DELAY("smp.user.login.fail.delay","1000",
- "Delay response in ms on invalid username or password", false, false,false, INTEGER),
-
- USER_MAX_FAILED_ATTEMPTS("smp.user.login.maximum.attempt","5",
+ UI_COOKIE_SESSION_SECURE("smp.ui.session.secure", "false", "Cookie is only sent to the server when a request is made with the https: scheme (except on localhost), and therefore is more resistant to man-in-the-middle attacks.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+ UI_COOKIE_SESSION_MAX_AGE("smp.ui.session.max-age", "", "Number of seconds until the cookie expires. A zero or negative number will expire the cookie immediately. Empty value will not set parameter",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ UI_COOKIE_SESSION_SITE("smp.ui.session.strict", "Lax", "Controls whether a cookie is sent with cross-origin requests, providing some protection against cross-site request forgery attacks. Possible values are: Strict, None, Lax. (Cookies with SameSite=None require a secure context/HTTPS)!!)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ UI_COOKIE_SESSION_PATH("smp.ui.session.path", "", "A path that must exist in the requested URL, or the browser won't send the Cookie header. Null/Empty value sets the authentication requests context by default. The forward slash (/) character is interpreted as a directory separator, and subdirectories will be matched as well: for Path=/docs, /docs, /docs/Web/, and /docs/Web/HTTP will all match",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN("smp.ui.session.idle_timeout.admin", "300", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for ADMIN users (System)!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ UI_COOKIE_SESSION_IDLE_TIMEOUT_USER("smp.ui.session.idle_timeout.user", "1800", "Specifies the time, in seconds, between client requests before the SMP will invalidate session for users (Service group, SMP Admin)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ SMP_CLUSTER_ENABLED("smp.cluster.enabled", "false", "Define if application is set in cluster. In not cluster environment, properties are updated on setProperty.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+
+ PASSWORD_POLICY_REGULAR_EXPRESSION("smp.passwordPolicy.validationRegex", "^(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z])(?=.*[~`!@#$%^&+=\\-_<>.,?:;*/()|\\[\\]{}'\"\\\\]).{16,32}$",
+ "Password minimum complexity rules!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, REGEXP),
+
+ PASSWORD_POLICY_MESSAGE("smp.passwordPolicy.validationMessage", "Minimum length: 16 characters;Maximum length: 32 characters;At least one letter in lowercase;At least one letter in uppercase;At least one digit;At least one special character",
+ "The error message shown to the user in case the password does not follow the regex put in the domibus.passwordPolicy.pattern property",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ PASSWORD_POLICY_VALID_DAYS("smp.passwordPolicy.validDays", "90", "Number of days password is valid",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE("smp.passwordPolicy.warning.beforeExpiration", "15",
+ "How many days before expiration should the UI warn users at login",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+
+ PASSWORD_POLICY_FORCE_CHANGE_EXPIRED("smp.passwordPolicy.expired.forceChange", "true",
+ "Force change password at UI login if expired",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
+
+ USER_LOGIN_FAIL_DELAY("smp.user.login.fail.delay", "1000",
+ "Delay response in ms on invalid username or password",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+
+ USER_MAX_FAILED_ATTEMPTS("smp.user.login.maximum.attempt", "5",
"The number of sequence login attempts when the user credentials get suspended. The login attempt count as a sequence login" +
- " if there is less time between login attempts than defined in property: smp.user.login.suspension.time!", false, false,false, INTEGER),
- USER_SUSPENSION_TIME("smp.user.login.suspension.time","3600",
- "Time in seconds for a suspended user to be reactivated. (if 0 the user will not be reactivated)", false, false,false, INTEGER),
-
- ACCESS_TOKEN_POLICY_VALID_DAYS("smp.accessToken.validDays","60",
- "Number of days access token is valid is valid", false, false,false, INTEGER),
- ACCESS_TOKEN_MAX_FAILED_ATTEMPTS("smp.accessToken.login.maximum.attempt","10",
- "Number of accessToken login attempt before the accessToken is deactivated", false, false,false, INTEGER),
- ACCESS_TOKEN_SUSPENSION_TIME("smp.accessToken.login.suspension.time","3600",
- "Time in seconds for a suspended accessToken to be reactivated. (if 0 the user will not be reactivated)", false, false,false, INTEGER),
- ACCESS_TOKEN_FAIL_DELAY("smp.accessToken.login.fail.delay","1000",
- "Delay in ms on invalid token id or token", false, false,false, INTEGER),
+ " if there is less time between login attempts than defined in property: smp.user.login.suspension.time!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ USER_SUSPENSION_TIME("smp.user.login.suspension.time", "3600",
+ "Time in seconds for a suspended user to be reactivated. (if 0 the user will not be reactivated)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+
+ ACCESS_TOKEN_POLICY_VALID_DAYS("smp.accessToken.validDays", "60",
+ "Number of days access token is valid is valid",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ ACCESS_TOKEN_MAX_FAILED_ATTEMPTS("smp.accessToken.login.maximum.attempt", "10",
+ "Number of accessToken login attempt before the accessToken is deactivated",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ ACCESS_TOKEN_SUSPENSION_TIME("smp.accessToken.login.suspension.time", "3600",
+ "Time in seconds for a suspended accessToken to be reactivated. (if 0 the user will not be reactivated)",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ ACCESS_TOKEN_FAIL_DELAY("smp.accessToken.login.fail.delay", "1000",
+ "Delay in ms on invalid token id or token",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
// authentication
- UI_AUTHENTICATION_TYPES("smp.ui.authentication.types", "PASSWORD", "Set list of '|' separated authentication types: PASSWORD|SSO.", false, false, false, LIST_STRING),
+ UI_AUTHENTICATION_TYPES("smp.ui.authentication.types", "PASSWORD", "Set list of '|' separated authentication types: PASSWORD|SSO.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
AUTOMATION_AUTHENTICATION_TYPES("smp.automation.authentication.types", "TOKEN|CERTIFICATE",
- "Set list of '|' separated application-automation authentication types (Web-Service integration). Currently supported TOKEN, CERTIFICATE: ex. TOKEN|CERTIFICATE", false, false, false, LIST_STRING
- ),
+ "Set list of '|' separated application-automation authentication types (Web-Service integration). Currently supported TOKEN, CERTIFICATE: ex. TOKEN|CERTIFICATE",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING
+ ),
EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED("smp.automation.authentication.external.tls.clientCert.enabled", "false",
"Authentication with external module as: reverse proxy. Authenticated data are send send to application using 'Client-Cert' HTTP header. Do not enable this feature " +
- "without properly configured reverse-proxy!", false, false, false, BOOLEAN),
+ "without properly configured reverse-proxy!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED("smp.automation.authentication.external.tls.SSLClientCert.enabled", "false",
"Authentication with external module as: reverse proxy. Authenticated certificate is send to application using 'SSLClientCert' HTTP header. Do not enable this feature " +
- "without properly configured reverse-proxy!", false, false, false, BOOLEAN),
+ "without properly configured reverse-proxy!",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
// SSO configuration
- SSO_CAS_UI_LABEL("smp.sso.cas.ui.label", "EU Login", "The SSO service provider label.", false, false, true, STRING),
- SSO_CAS_URL("smp.sso.cas.url", "http://localhost:8080/cas/", "The SSO CAS URL endpoint", false, false, true, URL),
- SSO_CAS_URL_PATH_LOGIN("smp.sso.cas.urlPath.login", "login", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.", false, false, true, STRING),
- SSO_CAS_CALLBACK_URL("smp.sso.cas.callback.url", "http://localhost:8080/smp/ui/public/rest/security/cas", "The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/public/rest/security/cas'", false, false, true, URL),
- SSO_CAS_SMP_LOGIN_URI("smp.sso.cas.smp.urlPath", "/smp/ui/public/rest/security/cas", "SMP relative path which triggers CAS authentication", false, false, true, STRING),
- SSO_CAS_SMP_USER_DATA_URL_PATH("smp.sso.cas.smp.user.data.urlPath", "userdata/myAccount.cgi", "Relative path for CAS user data. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.smp.user.data.urlpath}.", false, false, true, STRING),
- SSO_CAS_TOKEN_VALIDATION_URL_PATH("smp.sso.cas.token.validation.urlPath", "laxValidate", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.token.validation.urlpath}.", false, false, true, STRING),
- SSO_CAS_TOKEN_VALIDATION_PARAMS("smp.sso.cas.token.validation.params", "acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP", "The CAS token validation key:value properties separated with '|'.Ex: 'acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP'", false, false, true, MAP_STRING),
- SSO_CAS_TOKEN_VALIDATION_GROUPS("smp.sso.cas.token.validation.groups", "DIGIT_SMP|DIGIT_ADMIN", "'|' separated CAS groups user must belong to.", false, false, true, LIST_STRING),
-
- MAIL_SERVER_HOST("mail.smtp.host", "", "Email server - configuration for submitting the emails.", false,false, false, STRING),
- MAIL_SERVER_PORT("mail.smtp.port", "25", "Smtp mail port - configuration for submitting the emails.", false,false, false,INTEGER),
- MAIL_SERVER_PROTOCOL("mail.smtp.protocol", "smtp", "smtp mail protocol- configuration for submitting the emails.", false,false,false, STRING),
- MAIL_SERVER_USERNAME("mail.smtp.username", "", "smtp mail protocol- username for submitting the emails.", false,false,false, STRING),
- MAIL_SERVER_PASSWORD("mail.smtp.password", "", "smtp mail protocol - encrypted password for submitting the emails.", false,true,false, STRING),
- MAIL_SERVER_PROPERTIES("mail.smtp.properties", "", " key:value properties separated with '|'.Ex: mail.smtp.auth:true|mail.smtp.starttls.enable:true|mail.smtp.quitwait:false.", false, false,false, MAP_STRING),
+ SSO_CAS_UI_LABEL("smp.sso.cas.ui.label", "EU Login", "The SSO service provider label.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_URL("smp.sso.cas.url", "http://localhost:8080/cas/", "The SSO CAS URL endpoint",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, URL),
+ SSO_CAS_URL_PATH_LOGIN("smp.sso.cas.urlPath.login", "login", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.urlpath.login}.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_CALLBACK_URL("smp.sso.cas.callback.url", "http://localhost:8080/smp/ui/public/rest/security/cas", "The URL is the callback URL belonging to the local SMP Security System. If using RP make sure it target SMP path '/ui/public/rest/security/cas'",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, URL),
+ SSO_CAS_SMP_LOGIN_URI("smp.sso.cas.smp.urlPath", "/smp/ui/public/rest/security/cas", "SMP relative path which triggers CAS authentication",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_SMP_USER_DATA_URL_PATH("smp.sso.cas.smp.user.data.urlPath", "userdata/myAccount.cgi", "Relative path for CAS user data. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.smp.user.data.urlpath}.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_TOKEN_VALIDATION_URL_PATH("smp.sso.cas.token.validation.urlPath", "laxValidate", "The CAS URL path for login. Complete URL is composed from parameters: ${smp.sso.cas.url}/${smp.sso.cas.token.validation.urlpath}.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, STRING),
+ SSO_CAS_TOKEN_VALIDATION_PARAMS("smp.sso.cas.token.validation.params", "acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP", "The CAS token validation key:value properties separated with '|'.Ex: 'acceptStrengths:BASIC,CLIENT_CERT|assuranceLevel:TOP'",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, MAP_STRING),
+ SSO_CAS_TOKEN_VALIDATION_GROUPS("smp.sso.cas.token.validation.groups", "DIGIT_SMP|DIGIT_ADMIN", "'|' separated CAS groups user must belong to.",
+ OPTIONAL, NOT_ENCRYPTED, RESTART_NEEDED, LIST_STRING),
+
+ MAIL_SERVER_HOST("mail.smtp.host", "", "Email server - configuration for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_PORT("mail.smtp.port", "25", "Smtp mail port - configuration for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ MAIL_SERVER_PROTOCOL("mail.smtp.protocol", "smtp", "smtp mail protocol- configuration for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_USERNAME("mail.smtp.username", "", "smtp mail protocol- username for submitting the emails.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_PASSWORD("mail.smtp.password", "", "smtp mail protocol - encrypted password for submitting the emails.",
+ OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ MAIL_SERVER_PROPERTIES("mail.smtp.properties", "", " key:value properties separated with '|'.Ex: mail.smtp.auth:true|mail.smtp.starttls.enable:true|mail.smtp.quitwait:false.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, MAP_STRING),
ALERT_USER_LOGIN_FAILURE_ENABLED("smp.alert.user.login_failure.enabled",
- "false", "Enable/disable the login failure alert of the authentication module.", false, false,false, BOOLEAN),
+ "false", "Enable/disable the login failure alert of the authentication module.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_USER_LOGIN_FAILURE_LEVEL("smp.alert.user.login_failure.level",
- "LOW", "Alert level for login failure. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Alert level for login failure. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_USER_LOGIN_FAILURE_MAIL_SUBJECT("smp.alert.user.login_failure.mail.subject",
- "Login failure", "Login failure mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Login failure", "Login failure mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_USER_SUSPENDED_ENABLED("smp.alert.user.suspended.enabled",
- "true", "Enable/disable the login suspended alert of the authentication module.", false, false,false, BOOLEAN),
+ "true", "Enable/disable the login suspended alert of the authentication module.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_USER_SUSPENDED_LEVEL("smp.alert.user.suspended.level",
- "HIGH", "Alert level for login suspended. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "HIGH", "Alert level for login suspended. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_USER_SUSPENDED_MAIL_SUBJECT("smp.alert.user.suspended.mail.subject",
- "Login credentials suspended", "Login suspended mail subject.", false, false,false, STRING,
+ "Login credentials suspended", "Login suspended mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_USER_SUSPENDED_MOMENT("smp.alert.user.suspended.mail.moment",
"WHEN_BLOCKED", "When should the account disabled alert be triggered. Values: AT_LOGON: An alert will submit mail for all logon attempts to suspended account, WHEN_BLOCKED: An alert will be triggered only the first time when the account got suspended.",
- false, false,false, STRING, "^(AT_LOGON|WHEN_BLOCKED)$", "Allowed values are: AT_LOGON,WHEN_BLOCKED" ),
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING, "^(AT_LOGON|WHEN_BLOCKED)$", "Allowed values are: AT_LOGON,WHEN_BLOCKED"),
ALERT_PASSWORD_BEFORE_EXPIRATION_ENABLED("smp.alert.password.imminent_expiration.enabled",
- "true", "Enable/disable the imminent password expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the imminent password expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_PASSWORD_BEFORE_EXPIRATION_PERIOD("smp.alert.password.imminent_expiration.delay_days",
- "15", "Number of days before expiration as for how long before expiration the system should send alerts.", false, false,false, INTEGER),
+ "15", "Number of days before expiration as for how long before expiration the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_BEFORE_EXPIRATION_INTERVAL("smp.alert.password.imminent_expiration.frequency_days",
- "5", "Interval between alerts.", false, false,false, INTEGER),
+ "5", "Interval between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_BEFORE_EXPIRATION_LEVEL("smp.alert.password.imminent_expiration.level",
- "LOW", "Password imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Password imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_PASSWORD_BEFORE_EXPIRATION_MAIL_SUBJECT("smp.alert.password.imminent_expiration.mail.subject",
- "Password imminent expiration", "Password imminent expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Password imminent expiration", "Password imminent expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_PASSWORD_EXPIRED_ENABLED("smp.alert.password.expired.enabled",
- "true", "Enable/disable the password expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the password expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_PASSWORD_EXPIRED_PERIOD("smp.alert.password.expired.delay_days",
- "30", "Number of days after expiration as for how long the system should send alerts.", false, false,false, INTEGER),
+ "30", "Number of days after expiration as for how long the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_EXPIRED_INTERVAL("smp.alert.password.expired.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_PASSWORD_EXPIRED_LEVEL("smp.alert.password.expired.level",
- "LOW", "Password expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Password expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_PASSWORD_EXPIRED_MAIL_SUBJECT("smp.alert.password.expired.mail.subject",
- "Password expired", "Password expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Password expired", "Password expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_ENABLED("smp.alert.accessToken.imminent_expiration.enabled",
- "true", "Enable/disable the imminent accessToken expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the imminent accessToken expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_PERIOD("smp.alert.accessToken.imminent_expiration.delay_days",
- "15", "Number of days before expiration as for how long before expiration the system should send alerts.", false, false,false, INTEGER),
+ "15", "Number of days before expiration as for how long before expiration the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_INTERVAL("smp.alert.accessToken.imminent_expiration.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_LEVEL("smp.alert.accessToken.imminent_expiration.level",
- "LOW", "AccessToken imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "AccessToken imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_MAIL_SUBJECT("smp.alert.accessToken.imminent_expiration.mail.subject",
- "Access token imminent expiration", "accessToken imminent expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Access token imminent expiration", "accessToken imminent expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_ACCESS_TOKEN_EXPIRED_ENABLED("smp.alert.accessToken.expired.enabled",
- "true", "Enable/disable the accessToken expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the accessToken expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_ACCESS_TOKEN_EXPIRED_PERIOD("smp.alert.accessToken.expired.delay_days",
- "30", "Number of days after expiration as for how long the system should send alerts.", false, false,false, INTEGER),
+ "30", "Number of days after expiration as for how long the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_EXPIRED_INTERVAL("smp.alert.accessToken.expired.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_ACCESS_TOKEN_EXPIRED_LEVEL("smp.alert.accessToken.expired.level",
- "LOW", "Access Token expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Access Token expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_ACCESS_TOKEN_EXPIRED_MAIL_SUBJECT("smp.alert.accessToken.expired.mail.subject",
- "Access token expired", "Password expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Access token expired", "Password expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_ENABLED("smp.alert.certificate.imminent_expiration.enabled",
- "true", "Enable/disable the imminent certificate expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the imminent certificate expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_PERIOD("smp.alert.certificate.imminent_expiration.delay_days",
- "15", "Number of days before expiration as for how long before expiration the system should send alerts.", false, false,false, INTEGER),
+ "15", "Number of days before expiration as for how long before expiration the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_INTERVAL("smp.alert.certificate.imminent_expiration.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_LEVEL("smp.alert.certificate.imminent_expiration.level",
- "LOW", "certificate imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "certificate imminent expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_CERTIFICATE_BEFORE_EXPIRATION_MAIL_SUBJECT("smp.alert.certificate.imminent_expiration.mail.subject",
- "Certificate imminent expiration", "Certificate imminent expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
+ "Certificate imminent expiration", "Certificate imminent expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
ALERT_CERTIFICATE_EXPIRED_ENABLED("smp.alert.certificate.expired.enabled",
- "true", "Enable/disable the certificate expiration alert", false, false,false, BOOLEAN),
+ "true", "Enable/disable the certificate expiration alert",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ALERT_CERTIFICATE_EXPIRED_PERIOD("smp.alert.certificate.expired.delay_days",
- "30", "Number of days after expiration as for how long the system should send alerts.", false, false,false, INTEGER),
+ "30", "Number of days after expiration as for how long the system should send alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_EXPIRED_INTERVAL("smp.alert.certificate.expired.frequency_days",
- "5", "Frequency in days between alerts.", false, false,false, INTEGER),
+ "5", "Frequency in days between alerts.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
ALERT_CERTIFICATE_EXPIRED_LEVEL("smp.alert.certificate.expired.level",
- "LOW", "Certificate expiration alert level. Values: {LOW, MEDIUM, HIGH}", false, false,false, STRING,
+ "LOW", "Certificate expiration alert level. Values: {LOW, MEDIUM, HIGH}",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
"^(LOW|MEDIUM|HIGH)$", "Allowed values are: LOW, MEDIUM, HIGH"),
ALERT_CERTIFICATE_EXPIRED_MAIL_SUBJECT("smp.alert.certificate.expired.mail.subject",
- "Certificate expired", "Certificate expiration mail subject.", false, false,false, STRING,
- "^(.{0,255})$", "Subject must have less than 256 character" ),
-
- SMP_ALERT_CREDENTIALS_CRON("smp.alert.credentials.cronJobExpression", "0 52 4 */1 * *", "Property cron expression for triggering alert messages !", false, false, false, CRON_EXPRESSION),
- SMP_ALERT_CREDENTIALS_SERVER("smp.alert.credentials.serverInstance", "localhost", "If smp.cluster.enabled is set to true then then instance (hostname) to generate report.", false, false, false, STRING),
- SMP_ALERT_BATCH_SIZE("smp.alert.credentials.batch.size", "200", "Max alertes generated in a batch for the type", false, false, false, INTEGER),
- SMP_ALERT_MAIL_FROM("smp.alert.mail.from", "test@alert-send-mail.eu", "Alert send mail", false, false, false, EMAIL),
+ "Certificate expired", "Certificate expiration mail subject.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING,
+ "^(.{0,255})$", "Subject must have less than 256 character"),
- CLIENT_CERT_HEADER_ENABLED_DEPRECATED("authentication.blueCoat.enabled", "false", "Property was replaced by property: smp.automation.authentication.external.tls.clientCert.enabled", false, false, false, BOOLEAN),
+ SMP_ALERT_CREDENTIALS_CRON("smp.alert.credentials.cronJobExpression", "0 52 4 */1 * *", "Property cron expression for triggering alert messages !",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, CRON_EXPRESSION),
+ SMP_ALERT_CREDENTIALS_SERVER("smp.alert.credentials.serverInstance", "localhost", "If smp.cluster.enabled is set to true then then instance (hostname) to generate report.",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, STRING),
+ SMP_ALERT_BATCH_SIZE("smp.alert.credentials.batch.size", "200", "Max alertes generated in a batch for the type",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, INTEGER),
+ SMP_ALERT_MAIL_FROM("smp.alert.mail.from", "test@alert-send-mail.eu", "Alert send mail",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, EMAIL),
+
+ CLIENT_CERT_HEADER_ENABLED_DEPRECATED("authentication.blueCoat.enabled", "false", "Property was replaced by property: smp.automation.authentication.external.tls.clientCert.enabled",
+ OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
;
String property;
@@ -250,7 +371,7 @@ public enum SMPPropertyEnum {
SMPPropertyTypeEnum propertyType;
SMPPropertyEnum(String property, String defValue, String desc, boolean isMandatory, boolean isEncrypted, boolean restartNeeded,
- SMPPropertyTypeEnum propertyType,String valuePattern,String errorValueMessage ) {
+ SMPPropertyTypeEnum propertyType, String valuePattern, String errorValueMessage) {
this.property = property;
this.defValue = defValue;
this.desc = desc;
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
index 834d0f61982cd4875275669c36eb915327925156..093c462a36c48fc46250d9ed80c3ddd35f4e2ff2 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -36,7 +36,7 @@ public class ConfigurationService {
public Pattern getParticipantIdentifierSchemeRexExp() {
- return (Pattern) configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
+ return configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP);
}
public String getParticipantIdentifierSchemeRexExpPattern() {
@@ -44,17 +44,17 @@ public class ConfigurationService {
}
public String getParticipantIdentifierSchemeRexExpMessage() {
- return (String) configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP_MSG);
+ return configurationDAO.getCachedPropertyValue(PARTC_SCH_REGEXP_MSG);
}
public Boolean getForceConcatenateEBCorePartyId() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(PARTC_EBCOREPARTYID_CONCATENATE);
+ Boolean value = configurationDAO.getCachedPropertyValue(PARTC_EBCOREPARTYID_CONCATENATE);
// true by default
return value == null || value;
}
public Pattern getPasswordPolicyRexExp() {
- return (Pattern) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_REGULAR_EXPRESSION);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_REGULAR_EXPRESSION);
}
public String getPasswordPolicyRexExpPattern() {
@@ -66,53 +66,53 @@ public class ConfigurationService {
}
public Integer getPasswordPolicyValidDays() {
- return (Integer) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_VALID_DAYS);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_VALID_DAYS);
}
public Integer getPasswordPolicyUIWarningDaysBeforeExpire() {
- return (Integer) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_WARNING_DAYS_BEFORE_EXPIRE);
}
public Boolean getPasswordPolicyForceChangeIfExpired() {
- return (Boolean) configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_FORCE_CHANGE_EXPIRED);
+ return configurationDAO.getCachedPropertyValue(PASSWORD_POLICY_FORCE_CHANGE_EXPIRED);
}
public Integer getAccessTokenPolicyValidDays() {
- return (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_POLICY_VALID_DAYS);
+ return configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_POLICY_VALID_DAYS);
}
public Integer getLoginMaxAttempts() {
- return (Integer) configurationDAO.getCachedPropertyValue(USER_MAX_FAILED_ATTEMPTS);
+ return configurationDAO.getCachedPropertyValue(USER_MAX_FAILED_ATTEMPTS);
}
public Integer getLoginSuspensionTimeInSeconds() {
- return (Integer) configurationDAO.getCachedPropertyValue(USER_SUSPENSION_TIME);
+ return configurationDAO.getCachedPropertyValue(USER_SUSPENSION_TIME);
}
public Integer getLoginFailDelayInMilliSeconds() {
- Integer delay = (Integer) configurationDAO.getCachedPropertyValue(USER_LOGIN_FAIL_DELAY);
+ Integer delay = configurationDAO.getCachedPropertyValue(USER_LOGIN_FAIL_DELAY);
return delay == null ? 1000 : delay;
}
public Integer getAccessTokenLoginMaxAttempts() {
- return (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_MAX_FAILED_ATTEMPTS);
+ return configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_MAX_FAILED_ATTEMPTS);
}
public Integer getAccessTokenLoginSuspensionTimeInSeconds() {
- return (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_SUSPENSION_TIME);
+ return configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_SUSPENSION_TIME);
}
public Integer getAccessTokenLoginFailDelayInMilliSeconds() {
- Integer delay = (Integer) configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_FAIL_DELAY);
+ Integer delay = configurationDAO.getCachedPropertyValue(ACCESS_TOKEN_FAIL_DELAY);
return delay == null ? 1000 : delay;
}
public Integer getHttpHeaderHstsMaxAge() {
- return (Integer) configurationDAO.getCachedPropertyValue(HTTP_HSTS_MAX_AGE);
+ return configurationDAO.getCachedPropertyValue(HTTP_HSTS_MAX_AGE);
}
public String getHttpHeaderContentSecurityPolicy() {
- return (String) configurationDAO.getCachedPropertyValue(HTTP_HEADER_SEC_POLICY);
+ return configurationDAO.getCachedPropertyValue(HTTP_HEADER_SEC_POLICY);
}
public String getHttpProxyHost() {
@@ -124,33 +124,33 @@ public class ConfigurationService {
}
public Optional<Integer> getHttpProxyPort() {
- Integer intVal = (Integer) configurationDAO.getCachedPropertyValue(HTTP_PROXY_PORT);
+ Integer intVal = configurationDAO.getCachedPropertyValue(HTTP_PROXY_PORT);
return Optional.ofNullable(intVal);
}
public java.net.URL getSMLIntegrationUrl() {
- return (java.net.URL) configurationDAO.getCachedPropertyValue(SML_URL);
+ return configurationDAO.getCachedPropertyValue(SML_URL);
}
public String getProxyUsername() {
- return (String) configurationDAO.getCachedPropertyValue(HTTP_PROXY_USER);
+ return configurationDAO.getCachedPropertyValue(HTTP_PROXY_USER);
}
public String getProxyCredentialToken() {
- return (String) configurationDAO.getCachedPropertyValue(HTTP_PROXY_PASSWORD);
+ return configurationDAO.getCachedPropertyValue(HTTP_PROXY_PASSWORD);
}
public List<String> getCaseSensitiveDocumentScheme() {
- return (List<String>) configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
+ return configurationDAO.getCachedPropertyValue(CS_DOCUMENTS);
}
public List<String> getCaseSensitiveParticipantScheme() {
- return (List<String>) configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
+ return configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
}
public boolean getParticipantSchemeMandatory() {
// not mandatory by default
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(PARTC_SCH_MANDATORY);
+ Boolean value = configurationDAO.getCachedPropertyValue(PARTC_SCH_MANDATORY);
return value != null && value;
}
@@ -160,34 +160,34 @@ public class ConfigurationService {
}
public boolean isSMLIntegrationEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_ENABLED);
return value != null && value;
}
public boolean isSMLMultiDomainEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_PARTICIPANT_MULTIDOMAIN);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_PARTICIPANT_MULTIDOMAIN);
return value != null && value;
}
public boolean isUrlContextEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(OUTPUT_CONTEXT_PATH);
+ Boolean value = configurationDAO.getCachedPropertyValue(OUTPUT_CONTEXT_PATH);
// by default is true - return false only in case is declared in configuration
return value == null || value;
}
public boolean isClusterEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
return value != null && value;
}
public boolean encodedSlashesAllowedInUrl() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(ENCODED_SLASHES_ALLOWED_IN_URL);
+ Boolean value = configurationDAO.getCachedPropertyValue(ENCODED_SLASHES_ALLOWED_IN_URL);
// by default is true - return false only in case is declared in configuration
return value == null || value;
}
public String getTargetServerForCredentialValidation() {
- return (String) configurationDAO.getCachedPropertyValue(SMP_ALERT_CREDENTIALS_SERVER);
+ return configurationDAO.getCachedPropertyValue(SMP_ALERT_CREDENTIALS_SERVER);
}
public String getSMLIntegrationSMPLogicalAddress() {
@@ -199,30 +199,30 @@ public class ConfigurationService {
}
public boolean forceCRLValidation() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(CERTIFICATE_CRL_FORCE);
+ Boolean value = configurationDAO.getCachedPropertyValue(CERTIFICATE_CRL_FORCE);
// by default is not forced -> if missing is false!
return value != null && value;
}
public boolean isExternalTLSAuthenticationWithClientCertHeaderEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED);
// by default is not forced -> if missing is false!
return value != null && value;
}
public boolean isExternalTLSAuthenticationWithSSLClientCertHeaderEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED);
+ Boolean value = configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED);
// by default is not forced -> if missing is false!
return value != null && value;
}
public Pattern getCertificateSubjectRegularExpression() {
- return (Pattern) configurationDAO.getCachedPropertyValue(CERTIFICATE_SUBJECT_REGULAR_EXPRESSION);
+ return configurationDAO.getCachedPropertyValue(CERTIFICATE_SUBJECT_REGULAR_EXPRESSION);
}
public List<String> getAllowedCertificatePolicies() {
- return (List<String>) configurationDAO.getCachedPropertyValue(CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS);
+ return configurationDAO.getCachedPropertyValue(CERTIFICATE_ALLOWED_CERTIFICATEPOLICY_OIDS);
}
public String getSMLIntegrationServerCertSubjectRegExpPattern() {
@@ -230,70 +230,78 @@ public class ConfigurationService {
}
public Pattern getSMLIntegrationServerCertSubjectRegExp() {
- return (Pattern) configurationDAO.getCachedPropertyValue(SML_TLS_SERVER_CERT_SUBJECT_REGEXP);
+ return configurationDAO.getCachedPropertyValue(SML_TLS_SERVER_CERT_SUBJECT_REGEXP);
}
public boolean useSystemTruststoreForTLS() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT);
// by default is not forced
return value != null && value;
}
public boolean smlDisableCNCheck() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_DISABLE_CN_CHECK);
+ Boolean value = configurationDAO.getCachedPropertyValue(SML_TLS_DISABLE_CN_CHECK);
// by default is not forced
return value != null && value;
}
public boolean trustCertificateOnUserRegistration() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(TRUSTSTORE_ADD_CERT_ON_USER_UPDATE);
+ Boolean value = configurationDAO.getCachedPropertyValue(TRUSTSTORE_ADD_CERT_ON_USER_UPDATE);
// by default is not forced
return value != null && value;
}
public File getConfigurationFolder() {
- return (File) configurationDAO.getCachedPropertyValue(CONFIGURATION_DIR);
+ return configurationDAO.getCachedPropertyValue(CONFIGURATION_DIR);
}
public File getTruststoreFile() {
- return (File) configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
+ return configurationDAO.getCachedPropertyValue(TRUSTSTORE_FILENAME);
+ }
+
+ public String getTruststoreType() {
+ return configurationDAO.getCachedPropertyValue(TRUSTSTORE_TYPE);
}
public File getKeystoreFile() {
- return (File) configurationDAO.getCachedPropertyValue(KEYSTORE_FILENAME);
+ return configurationDAO.getCachedPropertyValue(KEYSTORE_FILENAME);
+ }
+
+ public String getKeystoreType() {
+ return configurationDAO.getCachedPropertyValue(KEYSTORE_TYPE);
}
public String getTruststoreCredentialToken() {
- return (String) configurationDAO.getCachedPropertyValue(TRUSTSTORE_PASSWORD);
+ return configurationDAO.getCachedPropertyValue(TRUSTSTORE_PASSWORD);
}
public String getKeystoreCredentialToken() {
- return (String) configurationDAO.getCachedPropertyValue(KEYSTORE_PASSWORD);
+ return configurationDAO.getCachedPropertyValue(KEYSTORE_PASSWORD);
}
public boolean getSessionCookieSecure() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SECURE);
+ Boolean value = configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SECURE);
return value != null && value;
}
public Integer getSessionCookieMaxAge() {
- return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_MAX_AGE);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_MAX_AGE);
}
public String getSessionCookieSameSite() {
- return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SITE);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_SITE);
}
public String getSessionCookiePath() {
- return (String) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_PATH);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_PATH);
}
public Integer getSessionIdleTimeoutForAdmin() {
- return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_ADMIN);
}
public Integer getSessionIdleTimeoutForUser() {
- return (Integer) configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_USER);
+ return configurationDAO.getCachedPropertyValue(UI_COOKIE_SESSION_IDLE_TIMEOUT_USER);
}
public boolean isSSOEnabledForUserAuthentication() {
@@ -302,27 +310,27 @@ public class ConfigurationService {
}
public String getCasUILabel() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_UI_LABEL);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_UI_LABEL);
}
public java.net.URL getCasURL() {
- return (java.net.URL) configurationDAO.getCachedPropertyValue(SSO_CAS_URL);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_URL);
}
public java.net.URL getCasCallbackUrl() {
- return (java.net.URL) configurationDAO.getCachedPropertyValue(SSO_CAS_CALLBACK_URL);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_CALLBACK_URL);
}
public String getCasSMPLoginRelativePath() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_LOGIN_URI);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_LOGIN_URI);
}
public String getCasURLPathLogin() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_URL_PATH_LOGIN);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_URL_PATH_LOGIN);
}
public String getCasURLTokenValidation() {
- return (String) configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_URL_PATH);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_URL_PATH);
}
public URL getCasUserDataURL() {
URL casUrl = getCasURL();
@@ -330,7 +338,7 @@ public class ConfigurationService {
LOG.warn("Invalid CAS configuration [{}]. Can not resolve user data URL!", SSO_CAS_URL.getProperty());
return null;
}
- String path = (String) configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_USER_DATA_URL_PATH);
+ String path = configurationDAO.getCachedPropertyValue(SSO_CAS_SMP_USER_DATA_URL_PATH);
if (StringUtils.isBlank(path)) {
LOG.warn("Invalid CAS configuration [{}]. Can not resolve user data URL!", SSO_CAS_SMP_USER_DATA_URL_PATH.getProperty());
return null;
@@ -347,198 +355,198 @@ public class ConfigurationService {
public Map<String, String> getCasTokenValidationParams() {
- return (Map<String, String>) configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_PARAMS);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_PARAMS);
}
public List<String> getCasURLTokenValidationGroups() {
- return (List<String>) configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_GROUPS);
+ return configurationDAO.getCachedPropertyValue(SSO_CAS_TOKEN_VALIDATION_GROUPS);
}
public List<String> getUIAuthenticationTypes() {
- return (List<String>) configurationDAO.getCachedPropertyValue(UI_AUTHENTICATION_TYPES);
+ return configurationDAO.getCachedPropertyValue(UI_AUTHENTICATION_TYPES);
}
public List<String> getAutomationAuthenticationTypes() {
- return (List<String>) configurationDAO.getCachedPropertyValue(AUTOMATION_AUTHENTICATION_TYPES);
+ return configurationDAO.getCachedPropertyValue(AUTOMATION_AUTHENTICATION_TYPES);
}
//-----------------------
// before user suspended
public Boolean getAlertUserLoginFailureEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_ENABLED);
}
public AlertLevelEnum getAlertUserLoginFailureLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertUserLoginFailureSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_LOGIN_FAILURE_MAIL_SUBJECT);
}
//-----------------------
// user suspended
public Boolean getAlertUserSuspendedEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_ENABLED);
}
public AlertLevelEnum getAlertUserSuspendedLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertUserSuspendedSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MAIL_SUBJECT);
}
public AlertSuspensionMomentEnum getAlertBeforeUserSuspendedAlertMoment() {
- String moment = (String) configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MOMENT);
+ String moment = configurationDAO.getCachedPropertyValue(ALERT_USER_SUSPENDED_MOMENT);
return AlertSuspensionMomentEnum.valueOf(moment);
}
//-----------------------
// before password expire
public Boolean getAlertBeforeExpirePasswordEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_ENABLED);
}
public Integer getAlertBeforeExpirePasswordPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_PERIOD);
}
public Integer getAlertBeforeExpirePasswordInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_INTERVAL);
}
public AlertLevelEnum getAlertBeforeExpirePasswordLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertBeforeExpirePasswordMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_BEFORE_EXPIRATION_MAIL_SUBJECT);
}
// expired passwords
public Boolean getAlertExpiredPasswordEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_ENABLED);
}
public Integer getAlertExpiredPasswordPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_PERIOD);
}
public Integer getAlertExpiredPasswordInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_INTERVAL);
}
public AlertLevelEnum getAlertExpiredPasswordLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertExpiredPasswordMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_PASSWORD_EXPIRED_MAIL_SUBJECT);
}
//-----------------------
// before access token expire
public Boolean getAlertBeforeExpireAccessTokenEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_ENABLED);
}
public Integer getAlertBeforeExpireAccessTokenPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_PERIOD);
}
public Integer getAlertBeforeExpireAccessTokenInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_INTERVAL);
}
public AlertLevelEnum getAlertBeforeExpireAccessTokenLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertBeforeExpireAccessTokenMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_BEFORE_EXPIRATION_MAIL_SUBJECT);
}
// expired access token alerts
public Boolean getAlertExpiredAccessTokenEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_ENABLED);
}
public Integer getAlertExpiredAccessTokenPeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_PERIOD);
}
public Integer getAlertExpiredAccessTokenInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_INTERVAL);
}
public AlertLevelEnum getAlertExpiredAccessTokenLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertExpiredAccessTokenMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_ACCESS_TOKEN_EXPIRED_MAIL_SUBJECT);
}
//-----------------------
// before certificate expire
public Boolean getAlertBeforeExpireCertificateEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_ENABLED);
}
public Integer getAlertBeforeExpireCertificatePeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_PERIOD);
}
public Integer getAlertBeforeExpireCertificateInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_INTERVAL);
}
public AlertLevelEnum getAlertBeforeExpireCertificateLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertBeforeExpireCertificateMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_BEFORE_EXPIRATION_MAIL_SUBJECT);
}
// expired access token alerts
public Boolean getAlertExpiredCertificateEnabled() {
- return (Boolean) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_ENABLED);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_ENABLED);
}
public Integer getAlertExpiredCertificatePeriod() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_PERIOD);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_PERIOD);
}
public Integer getAlertExpiredCertificateInterval() {
- return (Integer) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_INTERVAL);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_INTERVAL);
}
public AlertLevelEnum getAlertExpiredCertificateLevel() {
- String level = (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_LEVEL);
+ String level = configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_LEVEL);
return AlertLevelEnum.valueOf(level);
}
public String getAlertExpiredCertificateMailSubject() {
- return (String) configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_MAIL_SUBJECT);
+ return configurationDAO.getCachedPropertyValue(ALERT_CERTIFICATE_EXPIRED_MAIL_SUBJECT);
}
public Integer getAlertCredentialsBatchSize() {
- return (Integer) configurationDAO.getCachedPropertyValue(SMP_ALERT_BATCH_SIZE);
+ return configurationDAO.getCachedPropertyValue(SMP_ALERT_BATCH_SIZE);
}
public String getAlertEmailFrom() {
- return (String) configurationDAO.getCachedPropertyValue(SMP_ALERT_MAIL_FROM);
+ return configurationDAO.getCachedPropertyValue(SMP_ALERT_MAIL_FROM);
}
/**
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
index 74d16470f844ab6427cfc7e7e860dc0d9facd6a2..1f0dbe14463995d663a79e87749e6af426fd484a 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIKeystoreService.java
@@ -7,6 +7,7 @@ import eu.europa.ec.edelivery.smp.logging.SMPLogger;
import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
import eu.europa.ec.edelivery.smp.services.ConfigurationService;
import eu.europa.ec.edelivery.smp.utils.SecurityUtils;
+import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.exception.ExceptionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.convert.ConversionService;
@@ -140,13 +141,16 @@ public class UIKeystoreService {
}
- KeyStore keyStore = null;
+ KeyStore keyStore;
try (InputStream keystoreInputStream = new FileInputStream(keyStoreFile)) {
- keyStore = KeyStore.getInstance("JKS");
+ String type = StringUtils.defaultIfEmpty(configurationService.getKeystoreType(), "JKS");
+ LOG.info("Load keystore [{}] with type [{}].", keyStoreFile, type);
+ keyStore = KeyStore.getInstance(type);
keyStore.load(keystoreInputStream, keystoreSecToken.toCharArray());
} catch (Exception exception) {
LOG.error("Could not load signing certificate with private key from keystore file:"
+ keyStoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
+ keyStore = null;
}
return keyStore;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
index f7f22d8a777e5020f2193827d01ad44e0ef49787..0a5ce8e8aadd7632148c315f92b9dd4d84e404db 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIPropertyService.java
@@ -116,7 +116,7 @@ public class UIPropertyService {
for (PropertyRO property : properties) {
configurationDao.setPropertyToDatabase(property.getProperty(), property.getValue());
}
- Boolean isClusterEnabled = (Boolean) configurationDao.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
+ Boolean isClusterEnabled = configurationDao.getCachedPropertyValue(SMP_CLUSTER_ENABLED);
if (isClusterEnabled) {
LOG.info("Properties were updated in database. Changed properties will be activated to all cluster nodes at: [{}]!",
ISO_8601_EXTENDED_DATETIME_FORMAT.format(refreshPropertiesTrigger.getNextExecutionDate()));
@@ -147,7 +147,7 @@ public class UIPropertyService {
// try to parse value
try {
- File confDir = (File) configurationDao.getCachedPropertyValue(CONFIGURATION_DIR);
+ File confDir = configurationDao.getCachedPropertyValue(CONFIGURATION_DIR);
PropertyUtils.parseProperty(propertyEnum, propertyRO.getValue(), confDir);
} catch (SMPRuntimeException ex) {
propertyValidationRO.setErrorMessage(ex.getMessage());
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
index 6a8ef292ba784600060c1e3433c0213bc85632e5..9e6d5f2c6778cdd9f4e8104a3f7a1dcca3f6e352 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
@@ -377,15 +377,17 @@ public class UITruststoreService {
return null;
}
- KeyStore truststore = null;
try (InputStream truststoreInputStream = new FileInputStream(truststoreFile)) {
- truststore = KeyStore.getInstance("JKS");
- truststore.load(truststoreInputStream, token.toCharArray());
+ String type = StringUtils.defaultIfEmpty(configurationService.getTruststoreType(),"JKS");
+ LOG.info("Load truststore [{}] with type [{}].", truststoreFile, type);
+ KeyStore loadedTrustStore = KeyStore.getInstance(type);
+ loadedTrustStore.load(truststoreInputStream, token.toCharArray());
+ return loadedTrustStore;
} catch (Exception exception) {
LOG.error("Could not load truststore:"
+ truststoreFile + " Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
}
- return truststore;
+ return null;
}
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
index 5ed577a1c4940c4c805a4bd0fecd65adbef2eee7..800f0ea21b572bec60d1390fbf46c32397748743 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
@@ -284,7 +284,7 @@ public class ConfigurationDAOImplTest extends AbstractBaseDao {
assertEquals(newTestPassword, configurationDao.getCachedPropertyValue(SMPPropertyEnum.HTTP_PROXY_PASSWORD));
// test decrypt
- File encryptionKey = (File) configurationDao.getCachedPropertyValue(SMPPropertyEnum.ENCRYPTION_FILENAME);
+ File encryptionKey = configurationDao.getCachedPropertyValue(SMPPropertyEnum.ENCRYPTION_FILENAME);
assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.KEYSTORE_PASSWORD, dbKeystorePassword, encryptionKey));
assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.TRUSTSTORE_PASSWORD, dbTruststorePassword, encryptionKey));
assertEquals(newTestPassword, configurationDao.decryptString(SMPPropertyEnum.HTTP_PROXY_PASSWORD, dbProxyPassword, encryptionKey));
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
index 7d8bb0ac8d7e7ecd8cabf75d2f34bc06a005c67f..7ac2a39ef6022a1a1f163de17cbd4312ea2be80d 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResource.java
@@ -70,9 +70,8 @@ public class KeystoreResource {
payloadValidatorService.validateUploadedContent(new ByteArrayInputStream(fileBytes), MimeTypeUtils.APPLICATION_OCTET_STREAM_VALUE);
// try to open keystore
KeystoreImportResult keystoreImportResult = new KeystoreImportResult();
- KeyStore keyStore = null;
try {
- keyStore = KeyStore.getInstance(keystoreType);
+ KeyStore keyStore = KeyStore.getInstance(keystoreType);
keyStore.load(new ByteArrayInputStream(fileBytes), password.toCharArray());
LOG.debug(keyStore.aliases().nextElement());
uiKeystoreService.importKeys(keyStore, password);
@@ -81,7 +80,6 @@ public class KeystoreResource {
LOG.error(msg, e);
keystoreImportResult.setErrorMessage(msg);
}
-
return keystoreImportResult;
}