enable sslClientCert for the soapui tests

b7153694 · Joze RIHTARSIC · 5e286277 · b7153694 · b7153694 · b7153694
Commit b7153694 authored 1 year ago by Joze RIHTARSIC
--- a/changelog.txt
+++ b/changelog.txt
@@ -5,9 +5,11 @@ eDelivery SMP 5.0
 - added new properties:
    smp.truststore.type: Truststore type as JKS/PKCS12
    smp.keystore.type: Keystore type as JKS/PKCS12
-    document.restriction.allowed.certificate.types: Allowed key algorithms for certificates to be used in service metadata.Empty value means no restrictions, for other values see the java KeyFactory Algorithms for example: RSA|EC|Ed25519|Ed448.
    smp.certificate.validation.allowed.certificate.type: Allowed user certificate JCE types. Empty value means no restrictions, for other values see the java KeyFactory Algorithms for example: RSA|EC|Ed25519|Ed448.
    identifiersBehaviour.splitPattern: Regular expression with groups scheme and identifier for splitting the URN identifiers to scheme and identifier part.
+    identifiersBehaviour.splitPattern	^(?i)\\s*?(?<scheme>urn:oasis:names:tc:ebcore:partyid-type:(iso6523:[0-9]{4}|unregistered(:[^:]+)?))::?(?<identifier>.+)?\\s*$	Regular expression with groups <scheme> and <identifier> for splitting the identifiers to scheme and identifier part!	false	REGEXP
+    identifiersBehaviour.ParticipantIdentifierScheme.urn.concatenate		Regular expression to detect URN party identifiers. If the party identifier schema matches the regexp, then the party identifier is concatenated with a single colon in XML responses. Else it is handled as OASIS SMP party identifier. Example: ^(?i)(urn:)|(mailto:).*$	false	REGEXP
+
 - the default keystore type is now PKCS12. Set the keystore type to JKS if properties smp.truststore.type and smp.keystore.type are missing!

 eDelivery SMP 4.2

--- a/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
+++ b/smp-docker/compose/tomcat-mysql-smp-sml/docker-compose.yml
@@ -6,6 +6,7 @@ services:
    hostname: eulogin.protected.smp.local
    environment:
      - SMP_INIT_PROPERTIES=smp.passwordPolicy.expired.forceChange=false
+        ||smp.automation.authentication.external.tls.SSLClientCert.enabled=true
        ||smp.cluster.enabled=false
        ||smp.ui.authentication.types=PASSWORD|SSO
        ||smp.sso.cas.url=https://eulogin-mock-server:7102/cas
@@ -51,4 +52,4 @@ services:
    image: inbucket/inbucket:3.0.0
    hostname: mail-server.smp.local
    ports:
-      - "9005:9000"
\ No newline at end of file
+      - "9005:9000"
--- a/smp-docker/compose/weblogic-oracle/properties/weblogic-init/smp.config.properties
+++ b/smp-docker/compose/weblogic-oracle/properties/weblogic-init/smp.config.properties
@@ -6,3 +6,4 @@ smp.automation.authentication.external.tls.clientCert.enabled=true
 smp.truststore.password={DEC}{test123}
 smp.keystore.password={DEC}{test123}
 smp.log.folder=./logs/
+smp.automation.authentication.external.tls.SSLClientCert.enabled=true
--- a/smp-docker/compose/weblogic-oracle14/properties/weblogic-init/smp.config.properties
+++ b/smp-docker/compose/weblogic-oracle14/properties/weblogic-init/smp.config.properties
@@ -6,3 +6,4 @@ smp.automation.authentication.external.tls.clientCert.enabled=true
 smp.truststore.password={DEC}{test123}
 smp.keystore.password={DEC}{test123}
 smp.log.folder=./logs/
+smp.automation.authentication.external.tls.SSLClientCert.enabled=true
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/enums/SMPPropertyEnum.java
@@ -63,8 +63,6 @@ public enum SMPPropertyEnum {
    CS_DOCUMENTS("identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes", "casesensitive-doc-scheme1|casesensitive-doc-scheme2", "Specifies schemes of document identifiers that must be considered CASE-SENSITIVE.",
            OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),

-    DOCUMENT_RESTRICTION_CERT_TYPES("document.restriction.allowed.certificate.types", "", "Allowed certificate types registered when composing service metadata. Empty value means no restrictions, for other values see the java KeyFactory Algorithms for example RSA|EC|Ed25519|Ed448",
-            OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, LIST_STRING),

    // SML integration!
    SML_ENABLED("bdmsl.integration.enabled", "false", "BDMSL (SML) integration ON/OFF switch",
@@ -96,9 +94,6 @@ public enum SMPPropertyEnum {
            OPTIONAL, ENCRYPTED, NO_RESTART_NEEDED, STRING),
    TRUSTSTORE_FILENAME("smp.truststore.filename", "smp-truststore.p12", "Truststore filename ",
            OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, FILENAME),
-    TRUSTSTORE_ADD_CERT_ON_USER_UPDATE("smp.truststore.add.cert.onUserRegistration",
-            "false", "Automatically add certificate to truststore when assigned to user.",
-            OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
    CERTIFICATE_CRL_FORCE("smp.certificate.crl.force", "false", "If false then if CRL is not reachable ignore CRL validation",
            OPTIONAL, NOT_ENCRYPTED, NO_RESTART_NEEDED, BOOLEAN),
    ENCRYPTION_FILENAME("encryption.key.filename", "encryptionPrivateKey.private", "Key filename to encrypt passwords",

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -147,9 +147,6 @@ public class ConfigurationService {
        return configurationDAO.getCachedPropertyValue(CS_PARTICIPANTS);
    }

-    public List<String> getAllowedDocumentCertificateTypes() {
-        return configurationDAO.getCachedPropertyValue(DOCUMENT_RESTRICTION_CERT_TYPES);
-    }

    public boolean getParticipantSchemeMandatory() {
        // not mandatory by default
@@ -260,12 +257,6 @@ public class ConfigurationService {
        return value != null && value;
    }

-    public boolean trustCertificateOnUserRegistration() {
-        Boolean value = configurationDAO.getCachedPropertyValue(TRUSTSTORE_ADD_CERT_ON_USER_UPDATE);
-        // by default is not forced
-        return value != null && value;
-    }
-
    public File getSecurityFolder() {
        return  configurationDAO.getSecurityFolder();
    }

--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
@@ -218,4 +218,148 @@ public class PropertyUtilsTest {
            Assert.assertEquals(expectedValue, PropertyUtils.getMaskedData(smpPropertyEnum.getProperty(),testValue));
        }
    }
+/*
+    @Test
+    public void matchAllValues(){
+        System.out.println("Contains in values");
+
+        List<String> enumList =  Arrays.stream(SMPPropertyEnum.values()).map(val-> val.getProperty()).collect(Collectors.toList());
+        List<String> docList = Arrays.asList(docValues);
+
+        System.out.println("Missing in documentation");
+        for (String enumVal: enumList) {
+            if (!docList.contains(enumVal)) {
+                System.out.println("Missing: " + enumVal);
+            }
+        }
+
+        for (String docVal: docList) {
+            if (!enumList.contains(docVal)) {
+                System.out.println("Not in use: " + docVal);
+            }
+        }
+
+    }
+
+    String[] docValues = new String[] {
+            "contextPath.output",
+            "encodedSlashesAllowedInUrl",
+            "smp.http.forwarded.headers.enabled",
+            "smp.http.httpStrictTransportSecurity.maxAge",
+            "smp.http.header.security.policy",
+            "smp.proxy.host",
+            "smp.noproxy.hosts",
+            "smp.proxy.password",
+            "smp.proxy.port",
+            "smp.proxy.user",
+            "identifiersBehaviour.ParticipantIdentifierScheme.validationRegex",
+            "identifiersBehaviour.ParticipantIdentifierScheme.validationRegexMessage",
+            "identifiersBehaviour.scheme.mandatory",
+            "identifiersBehaviour.ParticipantIdentifierScheme.ebCoreId.concatenate",
+            "identifiersBehaviour.caseSensitive.ParticipantIdentifierSchemes",
+            "identifiersBehaviour.caseSensitive.DocumentIdentifierSchemes",
+            "identifiersBehaviour.splitPattern",
+            "identifiersBehaviour.ParticipantIdentifierScheme.urn.concatenate",
+            "bdmsl.integration.enabled",
+            "bdmsl.participant.multidomain.enabled",
+            "bdmsl.integration.url",
+            "bdmsl.integration.tls.disableCNCheck",
+            "bdmsl.integration.tls.serverSubjectRegex",
+            "bdmsl.integration.logical.address",
+            "bdmsl.integration.physical.address",
+            "bdmsl.integration.tls.useSystemDefaultTruststore",
+            "smp.keystore.password",
+            "smp.keystore.filename",
+            "smp.keystore.type",
+            "smp.truststore.password",
+            "smp.truststore.filename",
+            "smp.truststore.type",
+            "smp.certificate.crl.force",
+            "encryption.key.filename",
+            "smp.keystore.password.decrypted",
+            "smp.truststore.password.decrypted",
+            "smp.certificate.validation.allowedCertificatePolicyOIDs",
+            "smp.certificate.validation.subjectRegex",
+            "smp.property.refresh.cronJobExpression",
+            "smp.ui.session.secure",
+            "smp.ui.session.max-age",
+            "smp.ui.session.strict",
+            "smp.ui.session.path",
+            "smp.ui.session.idle_timeout.admin",
+            "smp.ui.session.idle_timeout.user",
+            "smp.cluster.enabled",
+            "smp.passwordPolicy.validationRegex",
+            "smp.passwordPolicy.validationMessage",
+            "smp.passwordPolicy.validDays",
+            "smp.passwordPolicy.warning.beforeExpiration",
+            "smp.passwordPolicy.expired.forceChange",
+            "smp.user.login.fail.delay",
+            "smp.user.login.maximum.attempt",
+            "smp.user.login.suspension.time",
+            "smp.accessToken.validDays",
+            "smp.accessToken.login.maximum.attempt",
+            "smp.accessToken.login.suspension.time",
+            "smp.accessToken.login.fail.delay",
+            "smp.ui.authentication.types",
+            "smp.automation.authentication.types",
+            "smp.automation.authentication.external.tls.clientCert.enabled",
+            "smp.automation.authentication.external.tls.SSLClientCert.enabled",
+            "smp.sso.cas.ui.label",
+            "smp.sso.cas.url",
+            "smp.sso.cas.urlPath.login",
+            "smp.sso.cas.callback.url",
+            "smp.sso.cas.smp.urlPath",
+            "smp.sso.cas.smp.user.data.urlPath",
+            "smp.sso.cas.token.validation.urlPath",
+            "smp.sso.cas.token.validation.params",
+            "smp.sso.cas.token.validation.groups",
+            "mail.smtp.host",
+            "mail.smtp.port",
+            "mail.smtp.protocol",
+            "mail.smtp.username",
+            "mail.smtp.password",
+            "mail.smtp.properties",
+            "smp.alert.user.login_failure.enabled",
+            "smp.alert.user.login_failure.level",
+            "smp.alert.user.login_failure.mail.subject",
+            "smp.alert.user.suspended.enabled",
+            "smp.alert.user.suspended.level",
+            "smp.alert.user.suspended.mail.subject",
+            "smp.alert.user.suspended.mail.moment",
+            "smp.alert.password.imminent_expiration.enabled",
+            "smp.alert.password.imminent_expiration.delay_days",
+            "smp.alert.password.imminent_expiration.frequency_days",
+            "smp.alert.password.imminent_expiration.level",
+            "smp.alert.password.imminent_expiration.mail.subject",
+            "smp.alert.password.expired.enabled",
+            "smp.alert.password.expired.delay_days",
+            "smp.alert.password.expired.frequency_days",
+            "smp.alert.password.expired.level",
+            "smp.alert.password.expired.mail.subject",
+            "smp.alert.accessToken.imminent_expiration.enabled",
+            "smp.alert.accessToken.imminent_expiration.delay_days",
+            "smp.alert.accessToken.imminent_expiration.frequency_days",
+            "smp.alert.accessToken.imminent_expiration.level",
+            "smp.alert.accessToken.imminent_expiration.mail.subject",
+            "smp.alert.accessToken.expired.enabled",
+            "smp.alert.accessToken.expired.delay_days",
+            "smp.alert.accessToken.expired.frequency_days",
+            "smp.alert.accessToken.expired.level",
+            "smp.alert.accessToken.expired.mail.subject",
+            "smp.alert.certificate.imminent_expiration.enabled",
+            "smp.alert.certificate.imminent_expiration.delay_days",
+            "smp.alert.certificate.imminent_expiration.frequency_days",
+            "smp.alert.certificate.imminent_expiration.level",
+            "smp.alert.certificate.imminent_expiration.mail.subject",
+            "smp.alert.certificate.expired.enabled",
+            "smp.alert.certificate.expired.delay_days",
+            "smp.alert.certificate.expired.frequency_days",
+            "smp.alert.certificate.expired.level",
+            "smp.alert.certificate.expired.mail.subject",
+            "smp.alert.credentials.cronJobExpression",
+            "smp.alert.credentials.serverInstance",
+            "smp.alert.credentials.batch.size",
+            "smp.alert.mail.from"
+    };
+    */
 }