diff --git a/changelog.txt b/changelog.txt
index ce5b938fe762dfa4eb02f49f99af189ed91ddebe..04e543a88d1168ec9d2a37e93762a6ba3967c85f 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -5,9 +5,11 @@ eDelivery SMP 5.0
- added new properties:
smp.truststore.type: Truststore type as JKS/PKCS12
smp.keystore.type: Keystore type as JKS/PKCS12
- document.restriction.allowed.certificate.types: Allowed key algorithms for certificates to be used in service metadata.Empty value means no restrictions, for other values see the java KeyFactory Algorithms for example: RSA|EC|Ed25519|Ed448.
smp.certificate.validation.allowed.certificate.type: Allowed user certificate JCE types. Empty value means no restrictions, for other values see the java KeyFactory Algorithms for example: RSA|EC|Ed25519|Ed448.
identifiersBehaviour.splitPattern: Regular expression with groups scheme and identifier for splitting the URN identifiers to scheme and identifier part.
+ identifiersBehaviour.splitPattern ^(?i)\\s*?(?<scheme>urn:oasis:names:tc:ebcore:partyid-type:(iso6523:[0-9]{4}|unregistered(:[^:]+)?))::?(?<identifier>.+)?\\s*$ Regular expression with groups <scheme> and <identifier> for splitting the identifiers to scheme and identifier part! false REGEXP
+ identifiersBehaviour.ParticipantIdentifierScheme.urn.concatenate Regular expression to detect URN party identifiers. If the party identifier schema matches the regexp, then the party identifier is concatenated with a single colon in XML responses. Else it is handled as OASIS SMP party identifier. Example: ^(?i)(urn:)|(mailto:).*$ false REGEXP
+
- the default keystore type is now PKCS12. Set the keystore type to JKS if properties smp.truststore.type and smp.keystore.type are missing!
eDelivery SMP 4.2
diff --git a/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml b/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
index 6108fc3c4a120ff1a3b11de45d88616a514c11fd..0f4045c4f846cbd8307fbc7292ded30f7d9b4707 100644
--- a/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
@@ -6,6 +6,7 @@ services:
hostname: eulogin.protected.smp.local
environment:
- SMP_INIT_PROPERTIES=smp.passwordPolicy.expired.forceChange=false
+ ||smp.automation.authentication.external.tls.SSLClientCert.enabled=true
||smp.cluster.enabled=false
||smp.ui.authentication.types=PASSWORD|SSO
||smp.sso.cas.url=https://eulogin-mock-server:7102/cas
@@ -51,4 +52,4 @@ services:
image: inbucket/inbucket:3.0.0
hostname: mail-server.smp.local
ports:
- - "9005:9000"
\ No newline at end of file
+ - "9005:9000"
diff --git a/smp-docker/compose/weblogic-oracle/properties/weblogic-init/smp.config.properties b/smp-docker/compose/weblogic-oracle/properties/weblogic-init/smp.config.properties
index beec0400e7fbe65d7c3ab014ea533fe2669c109d..b973405c2195f57c49f919d57e1baec02a78ef01 100644
--- a/smp-docker/compose/weblogic-oracle/properties/weblogic-init/smp.config.properties
+++ b/smp-docker/compose/weblogic-oracle/properties/weblogic-init/smp.config.properties
@@ -6,3 +6,4 @@ smp.automation.authentication.external.tls.clientCert.enabled=true
smp.truststore.password={DEC}{test123}
smp.keystore.password={DEC}{test123}
smp.log.folder=./logs/
+smp.automation.authentication.external.tls.SSLClientCert.enabled=true
diff --git a/smp-docker/compose/weblogic-oracle14/properties/weblogic-init/smp.config.properties b/smp-docker/compose/weblogic-oracle14/properties/weblogic-init/smp.config.properties
index 14d02db2c34cc031dd72c8e50ca43117f9489dc2..12c067539478e88740f0ee22af5432c765cc4f85 100644
--- a/smp-docker/compose/weblogic-oracle14/properties/weblogic-init/smp.config.properties
+++ b/smp-docker/compose/weblogic-oracle14/properties/weblogic-init/smp.config.properties
@@ -6,3 +6,4 @@ smp.automation.authentication.external.tls.clientCert.enabled=true
smp.truststore.password={DEC}{test123}
smp.keystore.password={DEC}{test123}
smp.log.folder=./logs/
+smp.automation.authentication.external.tls.SSLClientCert.enabled=true
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/enums/SMPPropertyEnum.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/enums/SMPPropertyEnum.java
index d399bbf1f81d82cba6712cc0c5a2dc75966f2863..bfe098f78152713bbf58a697f4621e8f1fbf06a5 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/enums/SMPPropertyEnum.java
@@ -63,8 +63,6 @@ public enum SMPPropertyEnum {
CS_DOCUMENTS("identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes", "casesensitive-doc-scheme1|casesensitive-doc-scheme2", "Specifies schemes of document identifiers that must be considered CASE-SENSITIVE.",
OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
- DOCUMENT_RESTRICTION_CERT_TYPES("document.restriction.allowed.certificate.types", "", "Allowed certificate types registered when composing service metadata. Empty value means no restrictions, for other values see the java KeyFactory Algorithms for example RSA|EC|Ed25519|Ed448",
- OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),
// SML integration!
SML_ENABLED("bdmsl.integration.enabled", "false", "BDMSL (SML) integration ON/OFF switch",
@@ -96,9 +94,6 @@ public enum SMPPropertyEnum {
OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
TRUSTSTORE_FILENAME("smp.truststore.filename", "smp-truststore.p12", "Truststore filename ",
OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, FILENAME),
- TRUSTSTORE_ADD_CERT_ON_USER_UPDATE("smp.truststore.add.cert.onUserRegistration",
- "false", "Automatically add certificate to truststore when assigned to user.",
- OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
CERTIFICATE_CRL_FORCE("smp.certificate.crl.force", "false", "If false then if CRL is not reachable ignore CRL validation",
OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
ENCRYPTION_FILENAME("encryption.key.filename", "encryptionPrivateKey.private", "Key filename to encrypt passwords",
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
index 7eca3263e0f21b126b1ca9ceb9b1431b8bc040ce..1985fe73f17c76915f77b69117b678ef525bbcd0 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -147,9 +147,6 @@ public class ConfigurationService {
return configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
}
- public List<String> getAllowedDocumentCertificateTypes() {
- return configurationDAO.getCachedPropertyValue(DOCUMENT_RESTRICTION_CERT_TYPES);
- }
public boolean getParticipantSchemeMandatory() {
// not mandatory by default
@@ -260,12 +257,6 @@ public class ConfigurationService {
return value != null && value;
}
- public boolean trustCertificateOnUserRegistration() {
- Boolean value = configurationDAO.getCachedPropertyValue(TRUSTSTORE_ADD_CERT_ON_USER_UPDATE);
- // by default is not forced
- return value != null && value;
- }
-
public File getSecurityFolder() {
return configurationDAO.getSecurityFolder();
}
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
index 4d58991296f240a016b2e89144e4bc77918cb405..621fe0b4f61c7fd97dd8e7ea3606ae8067456ea8 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
@@ -218,4 +218,148 @@ public class PropertyUtilsTest {
Assert.assertEquals(expectedValue, PropertyUtils.getMaskedData(smpPropertyEnum.getProperty(),testValue));
}
}
+/*
+ @Test
+ public void matchAllValues(){
+ System.out.println("Contains in values");
+
+ List<String> enumList = Arrays.stream(SMPPropertyEnum.values()).map(val-> val.getProperty()).collect(Collectors.toList());
+ List<String> docList = Arrays.asList(docValues);
+
+ System.out.println("Missing in documentation");
+ for (String enumVal: enumList) {
+ if (!docList.contains(enumVal)) {
+ System.out.println("Missing: " + enumVal);
+ }
+ }
+
+ for (String docVal: docList) {
+ if (!enumList.contains(docVal)) {
+ System.out.println("Not in use: " + docVal);
+ }
+ }
+
+ }
+
+ String[] docValues = new String[] {
+ "contextPath.output",
+ "encodedSlashesAllowedInUrl",
+ "smp.http.forwarded.headers.enabled",
+ "smp.http.httpStrictTransportSecurity.maxAge",
+ "smp.http.header.security.policy",
+ "smp.proxy.host",
+ "smp.noproxy.hosts",
+ "smp.proxy.password",
+ "smp.proxy.port",
+ "smp.proxy.user",
+ "identifiersBehaviour.ParticipantIdentifierScheme.validationRegex",
+ "identifiersBehaviour.ParticipantIdentifierScheme.validationRegexMessage",
+ "identifiersBehaviour.scheme.mandatory",
+ "identifiersBehaviour.ParticipantIdentifierScheme.ebCoreId.concatenate",
+ "identifiersBehaviour.caseSensitive.ParticipantIdentifierSchemes",
+ "identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes",
+ "identifiersBehaviour.splitPattern",
+ "identifiersBehaviour.ParticipantIdentifierScheme.urn.concatenate",
+ "bdmsl.integration.enabled",
+ "bdmsl.participant.multidomain.enabled",
+ "bdmsl.integration.url",
+ "bdmsl.integration.tls.disableCNCheck",
+ "bdmsl.integration.tls.serverSubjectRegex",
+ "bdmsl.integration.logical.address",
+ "bdmsl.integration.physical.address",
+ "bdmsl.integration.tls.useSystemDefaultTruststore",
+ "smp.keystore.password",
+ "smp.keystore.filename",
+ "smp.keystore.type",
+ "smp.truststore.password",
+ "smp.truststore.filename",
+ "smp.truststore.type",
+ "smp.certificate.crl.force",
+ "encryption.key.filename",
+ "smp.keystore.password.decrypted",
+ "smp.truststore.password.decrypted",
+ "smp.certificate.validation.allowedCertificatePolicyOIDs",
+ "smp.certificate.validation.subjectRegex",
+ "smp.property.refresh.cronJobExpression",
+ "smp.ui.session.secure",
+ "smp.ui.session.max-age",
+ "smp.ui.session.strict",
+ "smp.ui.session.path",
+ "smp.ui.session.idle_timeout.admin",
+ "smp.ui.session.idle_timeout.user",
+ "smp.cluster.enabled",
+ "smp.passwordPolicy.validationRegex",
+ "smp.passwordPolicy.validationMessage",
+ "smp.passwordPolicy.validDays",
+ "smp.passwordPolicy.warning.beforeExpiration",
+ "smp.passwordPolicy.expired.forceChange",
+ "smp.user.login.fail.delay",
+ "smp.user.login.maximum.attempt",
+ "smp.user.login.suspension.time",
+ "smp.accessToken.validDays",
+ "smp.accessToken.login.maximum.attempt",
+ "smp.accessToken.login.suspension.time",
+ "smp.accessToken.login.fail.delay",
+ "smp.ui.authentication.types",
+ "smp.automation.authentication.types",
+ "smp.automation.authentication.external.tls.clientCert.enabled",
+ "smp.automation.authentication.external.tls.SSLClientCert.enabled",
+ "smp.sso.cas.ui.label",
+ "smp.sso.cas.url",
+ "smp.sso.cas.urlPath.login",
+ "smp.sso.cas.callback.url",
+ "smp.sso.cas.smp.urlPath",
+ "smp.sso.cas.smp.user.data.urlPath",
+ "smp.sso.cas.token.validation.urlPath",
+ "smp.sso.cas.token.validation.params",
+ "smp.sso.cas.token.validation.groups",
+ "mail.smtp.host",
+ "mail.smtp.port",
+ "mail.smtp.protocol",
+ "mail.smtp.username",
+ "mail.smtp.password",
+ "mail.smtp.properties",
+ "smp.alert.user.login_failure.enabled",
+ "smp.alert.user.login_failure.level",
+ "smp.alert.user.login_failure.mail.subject",
+ "smp.alert.user.suspended.enabled",
+ "smp.alert.user.suspended.level",
+ "smp.alert.user.suspended.mail.subject",
+ "smp.alert.user.suspended.mail.moment",
+ "smp.alert.password.imminent_expiration.enabled",
+ "smp.alert.password.imminent_expiration.delay_days",
+ "smp.alert.password.imminent_expiration.frequency_days",
+ "smp.alert.password.imminent_expiration.level",
+ "smp.alert.password.imminent_expiration.mail.subject",
+ "smp.alert.password.expired.enabled",
+ "smp.alert.password.expired.delay_days",
+ "smp.alert.password.expired.frequency_days",
+ "smp.alert.password.expired.level",
+ "smp.alert.password.expired.mail.subject",
+ "smp.alert.accessToken.imminent_expiration.enabled",
+ "smp.alert.accessToken.imminent_expiration.delay_days",
+ "smp.alert.accessToken.imminent_expiration.frequency_days",
+ "smp.alert.accessToken.imminent_expiration.level",
+ "smp.alert.accessToken.imminent_expiration.mail.subject",
+ "smp.alert.accessToken.expired.enabled",
+ "smp.alert.accessToken.expired.delay_days",
+ "smp.alert.accessToken.expired.frequency_days",
+ "smp.alert.accessToken.expired.level",
+ "smp.alert.accessToken.expired.mail.subject",
+ "smp.alert.certificate.imminent_expiration.enabled",
+ "smp.alert.certificate.imminent_expiration.delay_days",
+ "smp.alert.certificate.imminent_expiration.frequency_days",
+ "smp.alert.certificate.imminent_expiration.level",
+ "smp.alert.certificate.imminent_expiration.mail.subject",
+ "smp.alert.certificate.expired.enabled",
+ "smp.alert.certificate.expired.delay_days",
+ "smp.alert.certificate.expired.frequency_days",
+ "smp.alert.certificate.expired.level",
+ "smp.alert.certificate.expired.mail.subject",
+ "smp.alert.credentials.cronJobExpression",
+ "smp.alert.credentials.serverInstance",
+ "smp.alert.credentials.batch.size",
+ "smp.alert.mail.from"
+ };
+ */
}