diff --git a/pom.xml b/pom.xml
index 59ce3dbefaf820e35770aa85ba4db34964f89196..83a961e262f53b03f51cc6f880dac5a023bb03d6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -32,7 +32,7 @@
<properties>
<maven.deploy.skip>true</maven.deploy.skip>
<project.scm.id>edelivery-scm</project.scm.id>
- <sonar.host.url>http://edelquality.westeurope.cloudapp.azure.com:9000/sonar/</sonar.host.url>
+ <sonar.host.url>http://localhost:9000/sonar/</sonar.host.url>
<sonar.exclusions>**/smp/data/model/*,**/smp/data/ui/*, **/smp/ui/exception/*,**/smp/services/ui/filters/*,
**/smp/exceptions/*, **/smp/data/ui/enums/*, **/to_be_removed/*
</sonar.exclusions>
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseConfig.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseConfig.java
index 893824315c1216db71086ff4d4b2276953a46727..48e92dd2afe3a1054dbd78eccab16bd8347ec3b2 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseConfig.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/DatabaseConfig.java
@@ -53,7 +53,7 @@ public class DatabaseConfig {
@Value("${" + FileProperty.PROPERTY_DB_USER + ":}")
private String username;
- @Value("${" + FileProperty.PROPERTY_DB_PASSWORD + ":}")
+ @Value("${" + FileProperty.PROPERTY_DB_TOKEN + ":}")
private String password;
@Value("${" + FileProperty.PROPERTY_DB_URL + ":}")
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java
index ffb9b7ac79b1d6d267bfcde790041584e2f576f9..25d806416903bb99fbe898af6be9ed55ab9ce512 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java
@@ -3,7 +3,6 @@ package eu.europa.ec.edelivery.smp.config;
import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
import eu.europa.ec.edelivery.smp.logging.SMPLogger;
import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
-import eu.europa.ec.edelivery.smp.services.ui.UIKeystoreService;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.LogManager;
import org.apache.log4j.PropertyConfigurator;
@@ -26,12 +25,15 @@ public class FileProperty {
public static final String PROPERTY_ALLOWED_ENC_SLASHES = "encodedSlashesAllowedInUrl";
public static final String PROPERTY_DB_DRIVER = "jdbc.driver";
- public static final String PROPERTY_DB_USER= "jdbc.user";
- public static final String PROPERTY_DB_PASSWORD = "jdbc.password";
+ public static final String PROPERTY_DB_USER = "jdbc.user";
+ public static final String PROPERTY_DB_TOKEN = "jdbc.password";
public static final String PROPERTY_DB_URL = "jdbc.url";
public static final String PROPERTY_DB_JNDI = "datasource.jndi";
public static final String PROPERTY_DB_DIALECT = "hibernate.dialect";
+ private FileProperty() {
+ }
+
public static void updateLog4jConfiguration(String logFileFolder, String logPropertyFile, String configurationFolder) {
Properties props = new Properties();
try {
@@ -39,13 +41,13 @@ public class FileProperty {
if (!StringUtils.isBlank(logPropertyFile)) {
File f = new File(logPropertyFile);
if (!f.exists()) {
- LOG.info("Log configuration file: "+f.getAbsolutePath() + " not exists.");
+ LOG.info("Log configuration file: {} not exists.", f.getAbsolutePath());
f = new File(configurationFolder, logPropertyFile);
- LOG.info("Set log configuration file: "+f.getAbsolutePath() + ".");
+ LOG.info("Set log configuration file: {}.", f.getAbsolutePath());
}
if (f.exists()) {
- LOG.info("Set log configuration: "+f.getAbsolutePath() + ".");
+ LOG.info("Set log configuration: {}.",f.getAbsolutePath());
configStream = new FileInputStream(f);
}
}
@@ -57,29 +59,29 @@ public class FileProperty {
props.load(configStream);
configStream.close();
} catch (IOException e) {
- System.out.println("Error occurred while loading default LOG configuration.");
+ LOG.info("Error occurred while loading default LOG configuration.", e);
}
// set
if (!StringUtils.isBlank(logFileFolder)) {
- LOG.info("Set log4j.appender.MainLogFile.File : "+logFileFolder + "/edelivery-smp.log");
- props.setProperty("log4j.appender.MainLogFile.File", logFileFolder + "/edelivery-smp.log");
+ LOG.info("Set log4j.appender.MainLogFile.File:{}. ", logFileFolder + "/edelivery-smp.log");
+ props.setProperty("log4j.appender.MainLogFile.File {}", logFileFolder + "/edelivery-smp.log");
}
LogManager.resetConfiguration();
PropertyConfigurator.configure(props);
}
public static Properties getFileProperties() {
- LOG.info( "Start read file properties from '/smp.config.properties'");
+ LOG.info("Start read file properties from '/smp.config.properties'");
InputStream is = PropertyInitialization.class.getResourceAsStream("/smp.config.properties");
if (is == null) {
- LOG.info( "File '/smp.config.properties' not found in classpath, read '/config.properties'");
+ LOG.info("File '/smp.config.properties' not found in classpath, read '/config.properties'");
is = PropertyInitialization.class.getResourceAsStream("/config.properties");
}
Properties connectionProp = new Properties();
try {
connectionProp.load(is);
} catch (IOException e) {
- LOG.error( "IOException occurred while reading properties", e);
+ LOG.error("IOException occurred while reading properties", e);
throw new SMPRuntimeException(INTERNAL_ERROR, e, "Error occurred while reading properties.", e.getMessage());
}
return connectionProp;
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
index d74316c0c4bd4b2dbba5bc38919cce73aa10bcff..843c9325a64b6d8b47c23a6e8827bbe7dfd6451f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
@@ -125,17 +125,25 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
}
@Transactional
- public void refreshProperties() {
+ public void refreshAndUpdateProperties() {
// get update
LocalDateTime lastUpdateFromDB = getLastUpdate();
if (lastUpdate == null || lastUpdateFromDB == null || lastUpdateFromDB.isAfter(lastUpdate)) {
reloadPropertiesFromDatabase();
// check and update non encrypted tokens
updateCurrentEncryptedValues();
+ } else {
+ LOG.info("Skip property update because max(LastUpdate) of properties in database is not changed: {}.", lastUpdateFromDB );
+ }
+ }
+ public void refreshProperties() {
+ // get update
+ LocalDateTime lastUpdateFromDB = getLastUpdate();
+ if (lastUpdate == null || lastUpdateFromDB == null || lastUpdateFromDB.isAfter(lastUpdate)) {
+ reloadPropertiesFromDatabase();
} else {
- LOG.info("Skip property update because max(LastUpdate) of properties in database is not changed:"
- + lastUpdateFromDB + ".");
+ LOG.info("Skip property update because max(LastUpdate) of properties in database is not changed: {}."+ lastUpdateFromDB );
}
}
@@ -148,8 +156,7 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
Map<String, Object> resultProperties = null;
try {
resultProperties = validateConfiguration(newProperties);
- } catch (Throwable ex) {
- ex.printStackTrace();
+ } catch (SMPRuntimeException ex) {
LOG.error("Throwable error occurred while refreshing configuration. Configuration was not changed! Error: {} ", ex.getMessage(), ex);
isRefreshProcess = false;
return;
@@ -177,6 +184,7 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
public void addPropertyUpdateListener(PropertyUpdateListener listener){
updateListenerList.add(listener);
}
+
public boolean removePropertyUpdateListener(PropertyUpdateListener listener){
return updateListenerList.remove(listener);
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CRLVerifierService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CRLVerifierService.java
index 3985b8090b2ced2e4e53d7d2f05e0a437cb742a2..271d41fc09c5afd019cc097841349ea57383adb3 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CRLVerifierService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/CRLVerifierService.java
@@ -60,11 +60,11 @@ public class CRLVerifierService {
Map<String, X509CRL> crlCacheMap = new HashMap<>();
Map<String, Long> crlCacheNextRefreshMap = new HashMap<>();
- public static long REFRESH_CRL_INTERVAL = 1000 * 60 * 60;
- public static Long NULL_LONG = new Long(-1);
+ public static final long REFRESH_CRL_INTERVAL = 1000L * 60 * 60;
+ public static final Long NULL_LONG = Long.valueOf(-1);
- private static X500Principal NULL_ISSUER = new X500Principal("");
- private static CRLReason NULL_CRL_REASON = CRLReason.UNSPECIFIED;
+ private static final X500Principal NULL_ISSUER = new X500Principal("");
+ private static final CRLReason NULL_CRL_REASON = CRLReason.UNSPECIFIED;
@Autowired
ConfigurationService configurationService;
@@ -105,62 +105,72 @@ public class CRLVerifierService {
}
Date currentDate = Calendar.getInstance().getTime();
String url = crlURL.trim();
- if (crlCacheMap.containsKey(url)) {
- X509CRL crlTmp = crlCacheMap.get(url);
- Long nextRefresh = crlCacheNextRefreshMap.getOrDefault(url, NULL_LONG);
- if (nextRefresh > currentDate.getTime()) {
- x509CRL = crlTmp;
- }
- }
- if (x509CRL == null) {
+ x509CRL = getCachedCRLByURL(url, currentDate);
- SMPRuntimeException exception = null;
- try {
- x509CRL = downloadCRL(crlURL);
- } catch (IOException e) {
- exception = new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "Can not download CRL '" + crlURL
- , ExceptionUtils.getRootCauseMessage(e), e);
- } catch (CertificateException e) {
- exception = new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "CRL list is not supported '" + crlURL
- , ExceptionUtils.getRootCauseMessage(e), e);
- } catch (CRLException e) {
- exception = new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "CRL can not be read: '" + crlURL
- , ExceptionUtils.getRootCauseMessage(e), e);
- }
-
- if (exception != null) {
- boolean force = configurationService.forceCRLValidation();
- if (force) {
- throw exception;
- } else {
- LOG.warn(SMPLogger.SECURITY_MARKER, exception.getMessage(), exception);
- }
-
- }
+ if (x509CRL == null) {
+ // if CRL is null try to get one
+ boolean mandatoryCrlValidation = configurationService.forceCRLValidation();
+ x509CRL = downloadCRL(crlURL,mandatoryCrlValidation);
+ // calculate next update in milliseconds...
Long nextRefresh = x509CRL != null && x509CRL.getNextUpdate() != null ? x509CRL.getNextUpdate().getTime()
: currentDate.getTime() + REFRESH_CRL_INTERVAL;
+ // set /replace data
crlCacheMap.put(crlURL, x509CRL);
crlCacheNextRefreshMap.put(crlURL, nextRefresh);
}
return x509CRL;
}
+ protected X509CRL getCachedCRLByURL(String crlURL, Date currentDate) {
+ X509CRL x509CRL = null;
+ if (StringUtils.isBlank(crlURL)) {
+ return x509CRL;
+ }
+ String url = crlURL.trim();
+ if (crlCacheMap.containsKey(url)) {
+ X509CRL crlTmp = crlCacheMap.get(url);
+ Long nextRefresh = crlCacheNextRefreshMap.getOrDefault(url, NULL_LONG);
+ if (nextRefresh > currentDate.getTime()) {
+ x509CRL = crlTmp;
+ }
+ }
+ return x509CRL;
+ }
+
/**
* Downloads CRL from given URL. Supports http, https, ftp based
* URLs.
*/
- public X509CRL downloadCRL(String crlURL) throws IOException,
- CertificateException, CRLException {
-
- InputStream crlStream = downloadURL(crlURL);
+ public X509CRL downloadCRL(String crlURL, boolean mandatoryCRLValidation) {
X509CRL crl = null;
- if (crlStream != null) {
- CertificateFactory cf = CertificateFactory.getInstance("X.509");
- crl = (X509CRL) cf.generateCRL(crlStream);
- crlStream.close();
+ SMPRuntimeException exception = null;
+ try ( InputStream crlStream = downloadURL(crlURL)){
+ if (crlStream != null) {
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ crl = (X509CRL) cf.generateCRL(crlStream);
+ }
+ } catch (IOException e) {
+ exception = new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "Can not download CRL '" + crlURL
+ , ExceptionUtils.getRootCauseMessage(e), e);
+ } catch (CertificateException e) {
+ exception = new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "CRL list is not supported '" + crlURL
+ , ExceptionUtils.getRootCauseMessage(e), e);
+ } catch (CRLException e) {
+ exception = new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "CRL can not be read: '" + crlURL
+ , ExceptionUtils.getRootCauseMessage(e), e);
+ } catch(SMPRuntimeException exc) {
+ exception = exc;
+ }
+ // if exception occurred
+ if (exception != null ) {
+ if (mandatoryCRLValidation) {
+ throw exception;
+ } else {
+ LOG.warn(SMPLogger.SECURITY_MARKER, exception.getMessage(), exception);
+ }
}
return crl;
}
@@ -209,8 +219,10 @@ public class CRLVerifierService {
RequestConfig config = RequestConfig.custom().setProxy(new HttpHost(proxyHost, proxyPort)).build();
HttpGet httpget = new HttpGet(url);
httpget.setConfig(config);
- LOG.debug("Executing request '{}' via proxy '{}' {}",url, proxyHost,
- (credentialsProvider == null ? " with no authentication." : "with username: " + proxyUser + "."));
+ // log username
+ String logUserName = credentialsProvider == null ? "None" : proxyUser;
+ LOG.debug("Executing request '{}' via proxy '{}' with user: '{}'.",url, proxyHost,
+ logUserName);
return execute(httpclient, httpget);
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
index e975909512a8c4a6abb79f3be70464224520d377..cd3246781c8303c704da177645ea29993deb9452 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java
@@ -158,8 +158,7 @@ public class UITruststoreService {
return cro;
}
- public void checkFullCertificateValidity(X509Certificate cert) throws CertificateException, CertificateExpiredException,
- CertificateNotYetValidException, CertificateRevokedException {
+ public void checkFullCertificateValidity(X509Certificate cert) throws CertificateException{
// test if certificate is valid
cert.checkValidity();
// check if certificate or its issuer is on trusted list
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
index 370571125fdc84706059320008305e4a4ce55403..f9b1eb303a61bc9b8e627faf4c9f601130ed032e 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDAOImplTest.java
@@ -227,7 +227,7 @@ public class ConfigurationDAOImplTest extends AbstractBaseDao {
newDBTestPassword + "", "");
// when
- configurationDao.refreshProperties();
+ configurationDao.refreshAndUpdateProperties();
// read properties again from database!
configurationDao.reloadPropertiesFromDatabase();
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/CRLVerifierServiceTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/CRLVerifierServiceTest.java
index c64e9892aa70618e3d6be3dccf350fa5e8d744e1..342718a5219cf4ff0ade381d7ccb79b67ca19faf 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/CRLVerifierServiceTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/CRLVerifierServiceTest.java
@@ -1,5 +1,6 @@
package eu.europa.ec.edelivery.smp.services;
+import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
import org.junit.*;
import org.junit.rules.ExpectedException;
@@ -93,7 +94,7 @@ public class CRLVerifierServiceTest extends AbstractServiceIntegrationTest {
@Test
public void downloadCRLWrongUrlSchemeTest() throws CertificateException, CRLException, IOException {
- X509CRL crl = crlVerifierServiceInstance.downloadCRL("wrong://localhost/crl");
+ X509CRL crl = crlVerifierServiceInstance.downloadCRL("wrong://localhost/crl", true);
assertNull(crl);
}
@@ -101,7 +102,7 @@ public class CRLVerifierServiceTest extends AbstractServiceIntegrationTest {
@Test
public void downloadCRLUrlSchemeLdapTest() throws CertificateException, CRLException, IOException {
- X509CRL crl = crlVerifierServiceInstance.downloadCRL("ldap://localhost/crl");
+ X509CRL crl = crlVerifierServiceInstance.downloadCRL("ldap://localhost/crl", true);
assertNull(crl);
}
@@ -112,7 +113,7 @@ public class CRLVerifierServiceTest extends AbstractServiceIntegrationTest {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(getClass().getResourceAsStream("/certificates/smp-crl-test.crl"));
- Mockito.doReturn(crl).when(crlVerifierServiceInstance).downloadCRL("https://localhost/crl");
+ Mockito.doReturn(crl).when(crlVerifierServiceInstance).downloadCRL("https://localhost/crl", true);
expectedEx.expect(CertificateRevokedException.class);
expectedEx.expectMessage("Certificate has been revoked, reason: UNSPECIFIED, revocation date: Mon Mar 18 19:22:42 CET 2019, authority: , extension OIDs: []");
@@ -123,9 +124,9 @@ public class CRLVerifierServiceTest extends AbstractServiceIntegrationTest {
@Test
public void verifyCertificateCRLsRevokedSerialTestThrowIOExceptionHttps() throws CertificateException, IOException, CRLException {
+ String crlURL = "https://localhost/crl";
-
- Mockito.doThrow(new IOException("Can not access URL")).when(crlVerifierServiceInstance).downloadCRL("https://localhost/crl");
+ Mockito.doThrow(new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "Can not download CRL '" + crlURL,"IOException: Can not access URL")).when(crlVerifierServiceInstance).downloadCRL("https://localhost/crl", true);
expectedEx.expect(SMPRuntimeException.class);
expectedEx.expectMessage("Certificate error Can not download CRL 'https://localhost/crl. Error: IOException: Can not access URL!");
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreServiceTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreServiceTest.java
index 58baa8697d9cf4ce4cc34df534bd17c85570a31a..3f89ce5796dd592d9a6a36fc8293b06da4b56ea1 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreServiceTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreServiceTest.java
@@ -2,6 +2,8 @@ package eu.europa.ec.edelivery.smp.services.ui;
import eu.europa.ec.edelivery.smp.data.ui.CertificateRO;
import eu.europa.ec.edelivery.smp.exceptions.CertificateNotTrustedException;
+import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
+import eu.europa.ec.edelivery.smp.exceptions.SMPRuntimeException;
import eu.europa.ec.edelivery.smp.services.AbstractServiceIntegrationTest;
import eu.europa.ec.edelivery.smp.services.CRLVerifierService;
import eu.europa.ec.edelivery.smp.services.ConfigurationService;
@@ -13,16 +15,17 @@ import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.junit.runner.RunWith;
+import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.util.ReflectionTestUtils;
-import java.security.cert.*;
import java.io.File;
import java.io.IOException;
import java.nio.file.Path;
import java.nio.file.Paths;
+import java.security.cert.*;
import java.util.Calendar;
import java.util.Collections;
import java.util.List;
@@ -31,9 +34,8 @@ import java.util.UUID;
import static org.junit.Assert.*;
-
@RunWith(SpringJUnit4ClassRunner.class)
-public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
+public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
public static final String S_SUBJECT_PEPPOL = "CN=POP000004,OU=PEPPOL TEST AP,O=European Commission,C=BE";
public static final String S_SUBJECT_PEPPOL_EXPANDED = "serialNumber=12345,emailAddress=test@mail.com,CN=POP000004,OU=PEPPOL TEST AP,O=European Commission,street=My Street,C=BE";
@@ -42,8 +44,8 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
public static final String S_SUBJECT_TEST = "CN=SMP test,O=DIGIT,C=BE";
- Path resourceDirectory = Paths.get("src", "test", "resources", "truststore");
- Path targetDirectory = Paths.get("target","truststore");
+ Path resourceDirectory = Paths.get("src", "test", "resources", "truststore");
+ Path targetDirectory = Paths.get("target", "truststore");
@Rule
public ExpectedException expectedEx = ExpectedException.none();
@@ -62,14 +64,15 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
configurationService = Mockito.spy(configurationService);
crlVerifierService = Mockito.spy(crlVerifierService);
- ReflectionTestUtils.setField(testInstance,"crlVerifierService",crlVerifierService);
+ ReflectionTestUtils.setField(testInstance, "crlVerifierService", crlVerifierService);
- ReflectionTestUtils.setField(testInstance,"configurationService",configurationService);
+ ReflectionTestUtils.setField(testInstance, "configurationService", configurationService);
File truststoreFile = new File(targetDirectory.toFile(), "smp-truststore.jks");
Mockito.doReturn("test123").when(configurationService).getTruststoreCredentialToken();
Mockito.doReturn(truststoreFile).when(configurationService).getTruststoreFile();
Mockito.doReturn(targetDirectory.toFile()).when(configurationService).getConfigurationFolder();
+ Mockito.doReturn(true).when(configurationService).forceCRLValidation();
resetKeystore();
testInstance.refreshData();
@@ -110,44 +113,44 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
}
@Test
- public void testAddCertificate() throws Exception {
+ public void testAddCertificate() throws Exception {
// given
- String certSubject="CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
- String alias =UUID.randomUUID().toString();
+ String certSubject = "CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
+ String alias = UUID.randomUUID().toString();
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(certSubject);
int iSize = testInstance.getNormalizedTrustedList().size();
assertFalse(testInstance.isSubjectOnTrustedList(certSubject));
// when
- testInstance.addCertificate(alias, certificate );
+ testInstance.addCertificate(alias, certificate);
// then
- assertEquals(iSize+1, testInstance.getNormalizedTrustedList().size());
+ assertEquals(iSize + 1, testInstance.getNormalizedTrustedList().size());
assertTrue(testInstance.isSubjectOnTrustedList(certSubject));
}
@Test
- public void testDeleteCertificate() throws Exception {
+ public void testDeleteCertificate() throws Exception {
// given
List<CertificateRO> list = testInstance.getCertificateROEntriesList();
int iSize = list.size();
- assertTrue(list.size()>0);
+ assertTrue(list.size() > 0);
CertificateRO certificateRO = list.get(0);
assertTrue(testInstance.isSubjectOnTrustedList(certificateRO.getSubject()));
// when
testInstance.deleteCertificate(certificateRO.getAlias());
// then
- assertEquals(iSize-1, testInstance.getNormalizedTrustedList().size());
+ assertEquals(iSize - 1, testInstance.getNormalizedTrustedList().size());
assertFalse(testInstance.isSubjectOnTrustedList(certificateRO.getSubject()));
}
@Test
- public void testIsTruststoreChanged() throws Exception {
+ public void testIsTruststoreChanged() throws Exception {
// given
- String certSubject="CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
- String alias =UUID.randomUUID().toString();
+ String certSubject = "CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
+ String alias = UUID.randomUUID().toString();
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(certSubject);
- testInstance.addCertificate(alias, certificate );
+ testInstance.addCertificate(alias, certificate);
assertTrue(testInstance.isSubjectOnTrustedList(certSubject));
// when rollback truststore
resetKeystore();
@@ -231,10 +234,10 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
@Test
public void testCheckFullCertificateValidityNotYetValid() throws Exception {
// given
- String certSubject="CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
+ String certSubject = "CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
Calendar from = Calendar.getInstance();
Calendar to = Calendar.getInstance();
- to.add(Calendar.DAY_OF_YEAR, 2);
+ to.add(Calendar.DAY_OF_YEAR, 2);
from.add(Calendar.DAY_OF_YEAR, 1);
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(
"10af", certSubject, certSubject, from.getTime(), to.getTime(), Collections.emptyList());
@@ -248,10 +251,10 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
@Test
public void testCheckFullCertificateValidityExpired() throws Exception {
// given
- String certSubject="CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
+ String certSubject = "CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
Calendar from = Calendar.getInstance();
Calendar to = Calendar.getInstance();
- to.add(Calendar.DAY_OF_YEAR, -1);
+ to.add(Calendar.DAY_OF_YEAR, -1);
from.add(Calendar.DAY_OF_YEAR, -2);
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(
"10af", certSubject, certSubject, from.getTime(), to.getTime(), Collections.emptyList());
@@ -266,7 +269,7 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
public void testCheckFullCertificateNotTrusted() throws Exception {
// given
String crlUrl = "https://localhost/crl";
- String revokedSerialFromList="0011";
+ String revokedSerialFromList = "0011";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(getClass().getResourceAsStream("/certificates/smp-crl-test.crl"));
@@ -274,7 +277,7 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
Calendar from = Calendar.getInstance();
Calendar to = Calendar.getInstance();
- to.add(Calendar.DAY_OF_YEAR, 1);
+ to.add(Calendar.DAY_OF_YEAR, 1);
from.add(Calendar.DAY_OF_YEAR, -2);
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(
revokedSerialFromList, S_SUBJECT_PEPPOL_NOT_TRUSTED, S_SUBJECT_PEPPOL_NOT_TRUSTED, from.getTime(), to.getTime(), Collections.singletonList(crlUrl));
@@ -289,21 +292,21 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
public void testCheckFullCertificateValidityRevoked() throws Exception {
// given
String crlUrl = "https://localhost/crl";
- String revokedSerialFromList="0011";
+ String revokedSerialFromList = "0011";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(getClass().getResourceAsStream("/certificates/smp-crl-test.crl"));
- Mockito.doReturn(crl).when(crlVerifierService).downloadCRL(crlUrl);
+ Mockito.doReturn(crl).when(crlVerifierService).downloadCRL(ArgumentMatchers.eq(crlUrl), ArgumentMatchers.anyBoolean());
- String certSubject="CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
+ String certSubject = "CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
Calendar from = Calendar.getInstance();
Calendar to = Calendar.getInstance();
- to.add(Calendar.DAY_OF_YEAR, 1);
+ to.add(Calendar.DAY_OF_YEAR, 1);
from.add(Calendar.DAY_OF_YEAR, -2);
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(
revokedSerialFromList, certSubject, certSubject, from.getTime(), to.getTime(), Collections.singletonList(crlUrl));
// add as trusted certificate
- testInstance.addCertificate(UUID.randomUUID().toString(), certificate);
+ testInstance.addCertificate(UUID.randomUUID().toString(), certificate);
//then
@@ -316,16 +319,16 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
public void testCheckFullCertificateValidityNotForceCRL() throws Exception {
// given
String crlUrl = "https://localhost/crl";
- String revokedSerialFromList="0011";
+ String revokedSerialFromList = "0011";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(getClass().getResourceAsStream("/certificates/smp-crl-test.crl"));
-
- Mockito.doThrow(new IOException("Can not connect to " + crlUrl)).when(crlVerifierService).downloadCRL(crlUrl);
Mockito.doReturn(false).when(configurationService).forceCRLValidation();
- String certSubject="CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
+ Mockito.doThrow(new SMPRuntimeException(ErrorCode.CERTIFICATE_ERROR, "Error occurred while downloading CRL:" + crlUrl, "")).when(crlVerifierService).downloadURL(crlUrl);
+
+ String certSubject = "CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
Calendar from = Calendar.getInstance();
Calendar to = Calendar.getInstance();
- to.add(Calendar.DAY_OF_YEAR, 1);
+ to.add(Calendar.DAY_OF_YEAR, 1);
from.add(Calendar.DAY_OF_YEAR, -2);
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(
revokedSerialFromList, certSubject, certSubject, from.getTime(), to.getTime(), Collections.singletonList(crlUrl));
@@ -333,7 +336,7 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
testInstance.addCertificate(UUID.randomUUID().toString(), certificate);
- //then sholud be thrown CertificateRevokedException but is not
+ //then should be thrown CertificateRevokedException but is not
// when
testInstance.checkFullCertificateValidity(certificate);
}
@@ -342,16 +345,16 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
public void testCheckFullCertificateValidityOK() throws Exception {
// given
String crlUrl = "https://localhost/crl";
- String serialNotInList="20011FF";
+ String serialNotInList = "20011FF";
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509CRL crl = (X509CRL) cf.generateCRL(getClass().getResourceAsStream("/certificates/smp-crl-test.crl"));
- Mockito.doReturn(crl).when(crlVerifierService).downloadCRL(crlUrl);
+ Mockito.doReturn(crl).when(crlVerifierService).downloadCRL(crlUrl, true);
- String certSubject="CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
+ String certSubject = "CN=SMP Test,OU=eDelivery,O=DIGITAL,C=BE";
Calendar from = Calendar.getInstance();
Calendar to = Calendar.getInstance();
- to.add(Calendar.DAY_OF_YEAR, 1);
+ to.add(Calendar.DAY_OF_YEAR, 1);
from.add(Calendar.DAY_OF_YEAR, -2);
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(
serialNotInList, certSubject, certSubject, from.getTime(), to.getTime(), Collections.singletonList(crlUrl));
diff --git a/smp-webapp/src/main/resources/spring-security.xml b/smp-webapp/src/main/resources/spring-security.xml
index 42f10eac3e77814445da78a7fb94d1441dbabc75..b9f7344965473938710bf6c7ca61b223808a8367 100644
--- a/smp-webapp/src/main/resources/spring-security.xml
+++ b/smp-webapp/src/main/resources/spring-security.xml
@@ -68,7 +68,7 @@
<task:scheduler id="scheduler" pool-size="1"/>
<task:scheduled-tasks scheduler="scheduler">
- <task:scheduled ref="configurationDao" method="refreshProperties"
+ <task:scheduled ref="configurationDao" method="refreshAndUpdateProperties"
cron="${smp.property.refresh.cronJobExpression:0 48 */1 * * *}"/>
</task:scheduled-tasks>