diff --git a/changelog.txt b/changelog.txt
index d510029a37b4e1711cb1f23d3b84b27986a10eca..2ba5295ad20405c7b66071ff1498f56f4220fefb 100644
--- a/changelog.txt
+++ b/changelog.txt
@@ -22,6 +22,9 @@ eDelivery SMP 4.2
smp.http.header.security.policy: Http header content security policy
contextPath.output - added now as database configuration option
smp.cluster.enabled: if smp is deployed on cluster. If property is not enabled then all properties are refreshed on SetProperty. Otherwise properties are refreshed by cron task for all nodes at the same time
+ authentication.blueCoat.enabled - deprecated and replaced with smp.automation.authentication.external.tls.clientCert.enabled
+ smp.automation.authentication.external.tls.SSLClientCert.enabled Authentication with external module as: reverse proxy. Authenticated certificate is send to application using 'SSLClientCert' HTTP header. Do not enable this feature without properly configured reverse-proxy!
+
- removed deprecated properties
bdmsl.integration.keystore.password
diff --git a/smp-angular/src/app/smp.constants.ts b/smp-angular/src/app/smp.constants.ts
index 092f5a685c321a2dc432481788d2290177028622..abe18b79a1f8caee819cef501f8aff70999da237 100644
--- a/smp-angular/src/app/smp.constants.ts
+++ b/smp-angular/src/app/smp.constants.ts
@@ -1,4 +1,8 @@
export class SmpConstants {
+
+ public static readonly PATH_PARAM_ENC_USER_ID = '{user-id}';
+ public static readonly PATH_PARAM_SRV_GROUP_ID = '{service-group-id}';
+
//------------------------------
// public endpoints
public static readonly REST_PUBLIC = 'public/rest/';
@@ -8,24 +12,24 @@ export class SmpConstants {
public static readonly REST_PUBLIC_APPLICATION_INFO = SmpConstants.REST_PUBLIC + 'application/info';
// user public services
public static readonly REST_PUBLIC_USER = SmpConstants.REST_PUBLIC + 'user';
- public static readonly REST_PUBLIC_USER_UPDATE = SmpConstants.REST_PUBLIC_USER + '/{user-id}/';
+ public static readonly REST_PUBLIC_USER_UPDATE = SmpConstants.REST_PUBLIC_USER + "/" + SmpConstants.PATH_PARAM_ENC_USER_ID + "/";
public static readonly REST_PUBLIC_USER_CERT_VALIDATE = SmpConstants.REST_PUBLIC_USER_UPDATE + 'validate-certificate';
public static readonly REST_PUBLIC_USER_GENERATE_ACCESS_TOKEN = SmpConstants.REST_PUBLIC_USER_UPDATE + 'generate-access-token';
public static readonly REST_PUBLIC_USER_CHANGE_PASSWORD = SmpConstants.REST_PUBLIC_USER_UPDATE + 'change-password';
- public static readonly REST_PUBLIC_TRUSTSTORE = SmpConstants.REST_PUBLIC + 'truststore/{user-id}/';
- public static readonly REST_PUBLIC_TRUSTSTORE_VALIDATE_CERT = SmpConstants.REST_PUBLIC_TRUSTSTORE + 'validate-certificate';
+
// public authentication services
- public static readonly REST_PUBLIC_SECURITY_AUTHENTICATION = SmpConstants.REST_PUBLIC + 'security/authentication';
- public static readonly REST_PUBLIC_SECURITY_USER = SmpConstants.REST_PUBLIC + 'security/user';
+ public static readonly REST_PUBLIC_SECURITY = SmpConstants.REST_PUBLIC + 'security/';
+ public static readonly REST_PUBLIC_SECURITY_AUTHENTICATION = SmpConstants.REST_PUBLIC_SECURITY + 'authentication';
+ public static readonly REST_PUBLIC_SECURITY_USER = SmpConstants.REST_PUBLIC_SECURITY + 'user';
public static readonly REST_PUBLIC_SERVICE_GROUP = SmpConstants.REST_PUBLIC + 'service-group';
- public static readonly REST_PUBLIC_SERVICE_GROUP_ENTITY = SmpConstants.REST_PUBLIC_SERVICE_GROUP + '/{service-group-id}';
+ public static readonly REST_PUBLIC_SERVICE_GROUP_ENTITY = SmpConstants.REST_PUBLIC_SERVICE_GROUP + '/' + SmpConstants.PATH_PARAM_SRV_GROUP_ID;
public static readonly REST_PUBLIC_SERVICE_GROUP_ENTITY_EXTENSION = SmpConstants.REST_PUBLIC_SERVICE_GROUP_ENTITY + '/extension';
// service group extension tools
public static readonly REST_SERVICE_GROUP_EXTENSION = `${SmpConstants.REST_PUBLIC_SERVICE_GROUP}/extension`;
public static readonly REST_SERVICE_GROUP_EXTENSION_VALIDATE = `${SmpConstants.REST_SERVICE_GROUP_EXTENSION}/validate`;
- public static readonly REST_METADATA = SmpConstants.REST_PUBLIC +'service-metadata';
+ public static readonly REST_METADATA = SmpConstants.REST_PUBLIC + 'service-metadata';
public static readonly REST_METADATA_VALIDATE = `${SmpConstants.REST_METADATA}/validate`;
@@ -40,10 +44,7 @@ export class SmpConstants {
public static readonly REST_INTERNAL_APPLICATION_CONFIG = SmpConstants.REST_INTERNAL + 'application/config';
public static readonly REST_INTERNAL_KEYSTORE = SmpConstants.REST_INTERNAL + 'keystore';
public static readonly REST_INTERNAL_TRUSTSTORE = SmpConstants.REST_INTERNAL + 'truststore';
-
-
-
-
+ public static readonly REST_INTERNAL_TRUSTSTORE_UPLOAD_CERT = SmpConstants.REST_INTERNAL_TRUSTSTORE + "/" + SmpConstants.PATH_PARAM_ENC_USER_ID + "/" + 'upload-certificate';
}
diff --git a/smp-angular/src/app/user/certificate.service.ts b/smp-angular/src/app/user/certificate.service.ts
index f1bf5be8dbf3d8e3a0366718553881b8bf669892..3823d1ad269c6205b6a5506ee409599f7ee731b6 100644
--- a/smp-angular/src/app/user/certificate.service.ts
+++ b/smp-angular/src/app/user/certificate.service.ts
@@ -24,7 +24,7 @@ export class CertificateService {
.set("Content-Type", "application/octet-stream");
const currentUser: User = this.securityService.getCurrentUser();
- return this.http.post<CertificateRo>(SmpConstants.REST_PUBLIC_TRUSTSTORE_VALIDATE_CERT.replace('{user-id}', currentUser.userId+""), payload, {headers});
+ return this.http.post<CertificateRo>(SmpConstants.REST_PUBLIC_USER_CERT_VALIDATE.replace('{user-id}', currentUser.userId), payload, {headers});
}
validateCertificate(payload): Observable<CertificateRo> {
@@ -37,6 +37,6 @@ export class CertificateService {
.set("Content-Type", "application/octet-stream");
const currentUser: User = this.securityService.getCurrentUser();
- return this.http.post<CertificateRo>(SmpConstants.REST_PUBLIC_TRUSTSTORE_VALIDATE_CERT.replace('{user-id}', currentUser.userId+""), payload, {headers});
+ return this.http.post<CertificateRo>(SmpConstants.REST_PUBLIC_USER_CERT_VALIDATE.replace('{user-id}', currentUser.userId), payload, {headers});
}
}
diff --git a/smp-angular/src/app/user/truststore.service.ts b/smp-angular/src/app/user/truststore.service.ts
index cd43eec0115b735cca749caa94b061d621ab14ca..c9d76abb5235008a1a17d94887ba021200c49fae 100644
--- a/smp-angular/src/app/user/truststore.service.ts
+++ b/smp-angular/src/app/user/truststore.service.ts
@@ -26,7 +26,9 @@ export class TruststoreService {
.set("Content-Type", "application/octet-stream");
const currentUser: User = this.securityService.getCurrentUser();
- return this.http.post<CertificateRo>(`${SmpConstants.REST_INTERNAL_TRUSTSTORE}/${currentUser.userId}/validate-certificate`, payload, {headers});
+ return this.http.post<CertificateRo>(
+ SmpConstants.REST_INTERNAL_TRUSTSTORE_UPLOAD_CERT.replace(SmpConstants.PATH_PARAM_ENC_USER_ID, currentUser.userId),
+ payload, {headers});
}
deleteCertificateFromKeystore$(certificateAlias): Observable<TruststoreResult> {
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java
index ba34a0b8d9060b35cb4cd80188ffd6bba8d758be..e08fdbb3b9729422da7289e50d8dd14232230cb2 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/FileProperty.java
@@ -15,6 +15,8 @@ import java.io.IOException;
import java.io.InputStream;
import java.util.Properties;
+import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyEnum.CLIENT_CERT_HEADER_ENABLED_DEPRECATED;
+import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED;
import static eu.europa.ec.edelivery.smp.exceptions.ErrorCode.INTERNAL_ERROR;
public class FileProperty {
@@ -81,6 +83,23 @@ public class FileProperty {
LOG.error("IOException occurred while reading properties", e);
throw new SMPRuntimeException(INTERNAL_ERROR, e, "Error occurred while reading properties.", e.getMessage());
}
- return connectionProp;
+ // update deprecated values and return properties:
+ return updateDeprecatedValues(connectionProp);
}
+ /**
+ * Method validates if new value for deprecated value is already set. If not it set the value from deprecated property if exists!
+ * @param properties
+ * @return
+ */
+ public static Properties updateDeprecatedValues(Properties properties){
+ if (!properties.containsKey(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED.getProperty())
+ && properties.containsKey(CLIENT_CERT_HEADER_ENABLED_DEPRECATED.getProperty())){
+
+ properties.setProperty(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED.getProperty(),
+ properties.getProperty(CLIENT_CERT_HEADER_ENABLED_DEPRECATED.getProperty()) );
+ }
+
+ return properties;
+ }
+
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
index bbd34de1213b3c1f54a2a86d797adfdc1a2b562f..e28357843e8f746527d12738a8ecf7068bdf3f51 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/config/PropertyInitialization.java
@@ -29,16 +29,16 @@ import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter;
import javax.naming.NamingException;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
-import javax.persistence.Query;
import javax.sql.DataSource;
-import java.io.*;
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.nio.file.Files;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
-import java.time.LocalDateTime;
-import java.util.Optional;
import java.util.Properties;
import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyEnum.*;
@@ -48,11 +48,11 @@ import static eu.europa.ec.edelivery.smp.exceptions.ErrorCode.INTERNAL_ERROR;
* Created by Flavio Santos
* Class read properties from configuration file if exists. Than it use datasource (default by JNDI
* if not defined in property file jdbc/smpDatasource) to read application properties. Because this class is
- * invoked before datasource is initialiyzed by default - it creates it's own database connection.
+ * invoked before datasource is initialized by default - it creates it's own database connection.
* Also it uses hibernate to handle dates for Configuration table.
*/
public class PropertyInitialization {
- // application priperties contains build data and are set at build time.
+ // application properties contains build data and are set at build time.
private static final String FILE_APPLICATION_PROPERTIES = "/application.properties";
private static final String PROP_BUILD_NAME = "smp.artifact.name";
@@ -82,15 +82,9 @@ public class PropertyInitialization {
}
}
- public Properties getFileProperties() {
- return FileProperty.getFileProperties();
- }
-
protected Properties getDatabaseProperties(Properties fileProperties) {
-
-
String dialect = fileProperties.getProperty(FileProperty.PROPERTY_DB_DIALECT);
- if (StringUtils.isBlank(dialect)){
+ if (StringUtils.isBlank(dialect)) {
LOG.warn("Attribute: {} is empty. Database might not initialize!", FileProperty.PROPERTY_DB_DIALECT);
}
// get datasource
@@ -113,12 +107,6 @@ public class PropertyInitialization {
return prop;
}
-
- protected Properties getDatabaseProperties() {
- Properties fileProperties = FileProperty.getFileProperties();
- return getDatabaseProperties(fileProperties);
- }
-
/**
* Method do the next tasks
* // copy SMPProperties
@@ -168,17 +156,16 @@ public class PropertyInitialization {
em.getTransaction().commit();
}
-
- public void initTruststore(String absolutePath, File fEncryption, EntityManager em, Properties properties,Properties fileProperties) {
+ public void initTruststore(String absolutePath, File fEncryption, EntityManager em, Properties properties, Properties fileProperties) {
LOG.info("Start generating new truststore.");
String encTrustEncToken;
- if ( fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_PASSWORD.getProperty())){
+ if (fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_PASSWORD.getProperty())) {
LOG.info("get token from properties");
encTrustEncToken = SecurityUtils.encryptWrappedToken(fEncryption,
fileProperties.getProperty(SMPPropertyEnum.TRUSTSTORE_PASSWORD.getProperty()));
- }else {
+ } else {
// generate new token
LOG.info("generate token");
String trustToken = SecurityUtils.generateAuthenticationToken();
@@ -191,13 +178,13 @@ public class PropertyInitialization {
properties.setProperty(SMPPropertyEnum.TRUSTSTORE_PASSWORD.getProperty(), encTrustEncToken);
LOG.info("Decode security token");
- String trustToken = SecurityUtils.decrypt(fEncryption,encTrustEncToken);
+ String trustToken = SecurityUtils.decrypt(fEncryption, encTrustEncToken);
LOG.info("Get keystore");
File truststore;
- if ( fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty())){
+ if (fileProperties.containsKey(SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty())) {
LOG.info("Get truststore value from property file");
truststore = new File(absolutePath, fileProperties.getProperty(
- SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty() ));
+ SMPPropertyEnum.TRUSTSTORE_FILENAME.getProperty()));
} else {
LOG.info("Generate truststore file ");
@@ -245,8 +232,6 @@ public class PropertyInitialization {
storeDBEntry(em, SMPPropertyEnum.KEYSTORE_FILENAME, keystore.getName());
initProperties.setProperty(SMPPropertyEnum.KEYSTORE_FILENAME.getProperty(), keystore.getName());
-
-
try (FileOutputStream out = new FileOutputStream(keystore)) {
KeyStore newKeystore = KeyStore.getInstance(KeyStore.getDefaultType());
// initialize keystore
@@ -271,12 +256,13 @@ public class PropertyInitialization {
public File initEncryptionKey(String absolutePath, EntityManager em, Properties initProperties, Properties fileProperties) {
File fEncryption;
- if (fileProperties.containsKey(ENCRYPTION_FILENAME.getProperty())){
- fEncryption =new File(absolutePath,fileProperties.getProperty(ENCRYPTION_FILENAME.getProperty()) );
+ if (fileProperties.containsKey(ENCRYPTION_FILENAME.getProperty())) {
+ fEncryption = new File(absolutePath, fileProperties.getProperty(ENCRYPTION_FILENAME.getProperty()));
} else {
fEncryption = getNewFile(absolutePath, SMPPropertyEnum.ENCRYPTION_FILENAME.getDefValue());
- };
+ }
+ ;
// if file is not existing yet - as is the case in getNewFile create file
if (!fEncryption.exists()) {
SecurityUtils.generatePrivateSymmetricKey(fEncryption);
@@ -296,12 +282,12 @@ public class PropertyInitialization {
*/
protected File initNewValues(EntityManager em, Properties fileProperties, Properties initProperties) {
String absolutePath;
- if (fileProperties.containsKey(CONFIGURATION_DIR.getProperty())){
+ if (fileProperties.containsKey(CONFIGURATION_DIR.getProperty())) {
absolutePath = fileProperties.getProperty(CONFIGURATION_DIR.getProperty());
} else {
File settingsFolder = new File("/");
// set absolute path
- absolutePath = new File("/").getAbsolutePath();
+ absolutePath = new File("/").getAbsolutePath();
}
File confFolder = new File(absolutePath);
@@ -326,11 +312,6 @@ public class PropertyInitialization {
return fEncryption;
}
- public boolean isEncryptedProperty(String key) {
- Optional<SMPPropertyEnum> propertyEnum = SMPPropertyEnum.getByProperty(key);
- return propertyEnum.isPresent() && propertyEnum.get().isEncrypted();
- }
-
public static File getNewFile(String folder, String fileName) {
File file = new File(folder, fileName);
if (file.exists()) {
@@ -415,12 +396,6 @@ public class PropertyInitialization {
em.persist(cnt);
}
- protected void updateAlias(EntityManager em, String namedQuery, String alias) {
- Query query = em.createNamedQuery(namedQuery);
- query.setParameter("alias", alias);
- query.executeUpdate();
- }
-
/**
* create datasource to read properties from database
*
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
index 50f2afec8a332305c830b19131027989685de0d6..42173bba263b10c2362ceffacda384b7da809d0e 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverter.java
@@ -29,7 +29,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
private static final SMPLogger LOG = SMPLoggerFactory.getLogger(CertificateROToDBCertificateConverter.class);
- private static final String S_BLUECOAT_DATEFORMAT = "MMM dd HH:mm:ss yyyy";
+ private static final String S_CLIENT_CERT_DATEFORMAT = "MMM dd HH:mm:ss yyyy";
@Override
public CertificateRO convert(X509Certificate cert) {
@@ -57,8 +57,8 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
"Error occured while decoding certificate " + subject, cex.getMessage(), cex);
}
- // generate bluecoat header
- SimpleDateFormat sdf = new SimpleDateFormat(S_BLUECOAT_DATEFORMAT);
+ // generate clientCertHeader header
+ SimpleDateFormat sdf = new SimpleDateFormat(S_CLIENT_CERT_DATEFORMAT);
StringWriter sw = new StringWriter();
sw.write("sno=");
sw.write(serial.toString(16));
@@ -70,7 +70,7 @@ public class X509CertificateToCertificateROConverter implements Converter<X509Ce
sw.write(urlEncodeString(sdf.format(cert.getNotAfter()) + " GMT"));
sw.write("&issuer=");
sw.write(urlEncodeString(issuer));
- cro.setBlueCoatHeader(sw.toString());
+ cro.setClientCertHeader(sw.toString());
return cro;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
index 5f841f56352c742fb4b13c696e0201a4aa18c413..824b9f511df873726cc87cc1a35dfb316c76fdb3 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/dao/ConfigurationDao.java
@@ -293,8 +293,10 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
if (!lstMissingProperties.isEmpty()) {
LOG.error("Missing mandatory properties: [{}]. Fix the SMP configuration!", lstMissingProperties);
}
+ // update deprecated values
+ properties = updateDeprecatedValues(properties);
Map<String, Object> propertyValues = parseProperties(properties);
// property validation
@@ -361,6 +363,22 @@ public class ConfigurationDao extends BaseDao<DBConfiguration> {
}
}
+ /**
+ * Method validates if new value for deprecated value is already set. If not it set the value from deprecated property if exists!
+ * @param properties
+ * @return
+ */
+ public Properties updateDeprecatedValues(Properties properties){
+ if (!properties.containsKey(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED.getProperty())
+ && properties.containsKey(CLIENT_CERT_HEADER_ENABLED_DEPRECATED.getProperty())){
+
+ properties.setProperty(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED.getProperty(),
+ properties.getProperty(CLIENT_CERT_HEADER_ENABLED_DEPRECATED.getProperty()) );
+ }
+
+ return properties;
+ }
+
protected Map<String, Object> parseProperties(Properties properties) {
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/DBDomain.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/DBDomain.java
index 5091f4f2a6eb71ea3592f414bce04e656ad64442..c12b28f0c3cdcc5e6aad280785e9cc5257c93d78 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/DBDomain.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/model/DBDomain.java
@@ -17,7 +17,6 @@ import eu.europa.ec.edelivery.smp.data.dao.utils.ColumnDescription;
import org.hibernate.envers.Audited;
import javax.persistence.*;
-import java.time.LocalDateTime;
/**
* Created by gutowpa on 16/01/2018.
@@ -73,7 +72,7 @@ public class DBDomain extends BaseEntity {
@ColumnDescription(comment = "Reqular expresion for participant ids")
String smlParticipantIdentifierRegExp;
@Column(name = "SML_CLIENT_CERT_HEADER", length = CommonColumnsLengths.MAX_FREE_TEXT_LENGTH)
- @ColumnDescription(comment = "Client-Cert header used behind RP - BlueCoat for SML integration")
+ @ColumnDescription(comment = "Client-Cert header used behind RP - ClientCertHeader for SML integration")
String smlClientCertHeader;
@Column(name = "SML_CLIENT_KEY_ALIAS", length = CommonColumnsLengths.MAX_CERT_ALIAS_LENGTH)
@ColumnDescription(comment = "Client key alias used for SML integration")
@@ -87,8 +86,8 @@ public class DBDomain extends BaseEntity {
private boolean smlRegistered = false;
@Column(name = "SML_BLUE_COAT_AUTH", nullable = false)
- @ColumnDescription(comment = "Flag for SML authentication type - use CLientCert header or HTTPS ClientCertificate (key)")
- private boolean smlBlueCoatAuth = false;
+ @ColumnDescription(comment = "Flag for SML authentication type - use ClientCert header or HTTPS ClientCertificate (key)")
+ private boolean smlClientCertAuth = false;
@Override
public Long getId() {
@@ -163,11 +162,11 @@ public class DBDomain extends BaseEntity {
this.smlRegistered = smlRegistered;
}
- public boolean isSmlBlueCoatAuth() {
- return smlBlueCoatAuth;
+ public boolean isSmlClientCertAuth() {
+ return smlClientCertAuth;
}
- public void setSmlBlueCoatAuth(boolean smlBlueCoatAuth) {
- this.smlBlueCoatAuth = smlBlueCoatAuth;
+ public void setSmlClientCertAuth(boolean smlClientCertAuth) {
+ this.smlClientCertAuth = smlClientCertAuth;
}
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/CertificateRO.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/CertificateRO.java
index 5b55027aafcf8502df3f9bf51a595d3d03ed16f6..21286cd02db7631cf82508bcd664a7736f9106af 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/CertificateRO.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/CertificateRO.java
@@ -20,7 +20,7 @@ public class CertificateRO extends BaseRO {
private String serialNumber;
private String crlUrl;
private String encodedValue;
- private String blueCoatHeader;
+ private String clientCertHeader;
private boolean isInvalid;
private String invalidReason;
@@ -101,12 +101,12 @@ public class CertificateRO extends BaseRO {
this.encodedValue = encodedValue;
}
- public String getBlueCoatHeader() {
- return blueCoatHeader;
+ public String getClientCertHeader() {
+ return clientCertHeader;
}
- public void setBlueCoatHeader(String blueCoatHeader) {
- this.blueCoatHeader = blueCoatHeader;
+ public void setClientCertHeader(String clientCertHeader) {
+ this.clientCertHeader = clientCertHeader;
}
public String getCrlUrl() {
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/DomainRO.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/DomainRO.java
index 979cb42db851430b0a74b92f9e124d04aa6f8521..03fd1cd1faed6698ad3dd1cb17562688cc4b1b1f 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/DomainRO.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/DomainRO.java
@@ -19,7 +19,7 @@ public class DomainRO extends BaseRO {
String smlClientCertHeader;
String smlClientKeyAlias;
String signatureKeyAlias;
- boolean smlBlueCoatAuth;
+ boolean smlClientCertAuth;
boolean smlRegistered;
public Long getId() {
@@ -86,12 +86,12 @@ public class DomainRO extends BaseRO {
this.signatureKeyAlias = signatureKeyAlias;
}
- public boolean isSmlBlueCoatAuth() {
- return smlBlueCoatAuth;
+ public boolean isSmlClientCertAuth() {
+ return smlClientCertAuth;
}
- public void setSmlBlueCoatAuth(boolean smlBlueCoatAuth) {
- this.smlBlueCoatAuth = smlBlueCoatAuth;
+ public void setSmlClientCertAuth(boolean smlClientCertAuth) {
+ this.smlClientCertAuth = smlClientCertAuth;
}
public boolean isSmlRegistered() {
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
index 8e609026fc8a83ec3c34173db69865d1e6a189fc..42316f2d26c40b74ddec079f10e8f1ec4bd3cf60 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -10,10 +10,6 @@ import java.util.stream.Collectors;
import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyTypeEnum.*;
public enum SMPPropertyEnum {
- CLIENT_CERT_HEADER_ENABLED("authentication.blueCoat.enabled", "false", "Authentication with Blue Coat means that all HTTP requests " +
- "having 'Client-Cert' header will be authenticated as username placed in the header.Never expose SMP to the WEB " +
- "without properly configured reverse-proxy and active blue coat.", false, false, false, BOOLEAN),
-
OUTPUT_CONTEXT_PATH("contextPath.output", "true", "This property controls pattern of URLs produced by SMP in GET ServiceGroup responses.", true, false, true, BOOLEAN),
ENCODED_SLASHES_ALLOWED_IN_URL("encodedSlashesAllowedInUrl", "true", "Allow encoded slashes in context path. Set to true if slashes are are part of identifiers.", false, false, true, BOOLEAN),
@@ -85,7 +81,16 @@ public enum SMPPropertyEnum {
// authentication
UI_AUTHENTICATION_TYPES("smp.ui.authentication.types", "PASSWORD", "Set list of '|' separated authentication types: PASSWORD|SSO.", false, false, false, LIST_STRING),
- AUTOMATION_AUTHENTICATION_TYPES("smp.automation.authentication.types", "PASSWORD|CERTIFICATE", "Set list of '|' separated application-automation authentication types (Web-Service integration). Currently supported PASSWORD, CERT: ex. PASSWORD|CERT", false, false, false, LIST_STRING),
+ AUTOMATION_AUTHENTICATION_TYPES("smp.automation.authentication.types", "PASSWORD|CERTIFICATE",
+ "Set list of '|' separated application-automation authentication types (Web-Service integration). Currently supported PASSWORD, CERTIFICATE: ex. PASSWORD|CERTIFICATE", false, false, false, LIST_STRING),
+
+ EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED("smp.automation.authentication.external.tls.clientCert.enabled", "false",
+ "Authentication with external module as: reverse proxy. Authenticated data are send send to application using 'Client-Cert' HTTP header. Do not enable this feature " +
+ "without properly configured reverse-proxy!", false, false, false, BOOLEAN),
+ EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED("smp.automation.authentication.external.tls.SSLClientCert.enabled", "false",
+ "Authentication with external module as: reverse proxy. Authenticated certificate is send to application using 'SSLClientCert' HTTP header. Do not enable this feature " +
+ "without properly configured reverse-proxy!", false, false, false, BOOLEAN),
+
// SSO configuration
SSO_CAS_UI_LABEL("smp.sso.cas.ui.label", "EU Login", "The SSO service provider label.", false, false, true, STRING),
SSO_CAS_URL("smp.sso.cas.url", "http://localhost:8080/cas/", "The SSO CAS URL enpoint", false, false, true, URL),
@@ -101,8 +106,11 @@ public enum SMPPropertyEnum {
MAIL_SERVER_USERNAME("mail.smtp.username", "", "smtp mail protocol- username for submitting the emails.", false,false,false, STRING),
MAIL_SERVER_PASSWORD("mail.smtp.password", "", "smtp mail protocol - encrypted password for submitting the emails.", false,true,false, STRING),
MAIL_SERVER_PROPERTIES("mail.smtp.properties", "", " key:value properties separated with '|'.Ex: mail.smtp.auth:true|mail.smtp.starttls.enable:true|mail.smtp.quitwait:false.", false, false,false, MAP_STRING),
- ;
+ CLIENT_CERT_HEADER_ENABLED_DEPRECATED("authentication.blueCoat.enabled", "false", "Authentication with Client cert means that all HTTP requests " +
+ "having 'Client-Cert' header will be authenticated as username placed in the header. Do not enable this feature " +
+ "without properly configured reverse-proxy!", false, false, false, BOOLEAN),
+ ;
String property;
String defValue;
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
index fa3b2a4fc44baeb5aea608cd88fb1ce155d1114f..c500fd8c68cb8cedf2a2d4657e77d04b73bd7418 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -163,8 +163,14 @@ public class ConfigurationService {
return value != null && value;
}
- public boolean isAuthenticationWithClientCertHeaderEnabled() {
- Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMPPropertyEnum.CLIENT_CERT_HEADER_ENABLED);
+ public boolean isExternalTLSAuthenticationWithClientCertHeaderEnabled() {
+ Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED);
+ // by default is not forced -> if missing is false!
+ return value != null && value;
+ }
+
+ public boolean isExternalTLSAuthenticationWithSSLClientCertHeaderEnabled() {
+ Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SMPPropertyEnum.EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED);
// by default is not forced -> if missing is false!
return value != null && value;
}
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIDomainService.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIDomainService.java
index dc03bcc7dfa57d6fdc5e62afa1cac0a8b7c76418..8b90edd205b45c7584a93f9e60afaddb4b34d327 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIDomainService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIDomainService.java
@@ -5,20 +5,17 @@ import eu.europa.ec.edelivery.smp.data.dao.DomainDao;
import eu.europa.ec.edelivery.smp.data.model.DBDomain;
import eu.europa.ec.edelivery.smp.data.model.DBDomainDeleteValidation;
import eu.europa.ec.edelivery.smp.data.ui.DeleteEntityValidation;
-import eu.europa.ec.edelivery.smp.data.ui.DomainPublicRO;
import eu.europa.ec.edelivery.smp.data.ui.DomainRO;
import eu.europa.ec.edelivery.smp.data.ui.ServiceResult;
import eu.europa.ec.edelivery.smp.data.ui.enums.EntityROStatus;
import eu.europa.ec.edelivery.smp.logging.SMPLogger;
import eu.europa.ec.edelivery.smp.logging.SMPLoggerFactory;
import eu.europa.ec.edelivery.smp.sml.SmlConnector;
-import eu.europa.ec.edelivery.smp.utils.SessionSecurityUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;
import java.io.StringWriter;
-import java.time.LocalDateTime;
import java.util.List;
import java.util.stream.Collectors;
@@ -72,7 +69,7 @@ public class UIDomainService extends UIServiceBase<DBDomain, DomainRO> {
upd.setSmlSubdomain(dRo.getSmlSubdomain());
upd.setDomainCode(dRo.getDomainCode());
upd.setSignatureKeyAlias(dRo.getSignatureKeyAlias());
- upd.setSmlBlueCoatAuth(dRo.isSmlBlueCoatAuth());
+ upd.setSmlClientCertAuth(dRo.isSmlClientCertAuth());
domainDao.update(upd);
} else if (dRo.getStatus() == EntityROStatus.REMOVE.getStatusNumber()) {
domainDao.removeByDomainCode(dRo.getDomainCode());
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactory.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactory.java
index 902ead031676e2c3ec50c5712c96d9fa2c24e7c4..566e14420d3865d7e79dd4105ad1f982e0a69df1 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactory.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactory.java
@@ -52,7 +52,7 @@ public class SmlClientFactory {
@Bean
@Scope("prototype")
- public IManageParticipantIdentifierWS create(String clientKeyAlias, String clientCertHttpHeader, boolean blueCoatAuthentication) {
+ public IManageParticipantIdentifierWS create(String clientKeyAlias, String clientCertHttpHeader, boolean clientCertAuthentication) {
LOG.info("create IManageParticipantIdentifierWS");
@@ -68,7 +68,7 @@ public class SmlClientFactory {
@Bean
@Scope("prototype")
- public IManageServiceMetadataWS createSmp(String clientKeyAlias, String clientCertHttpHeader, boolean blueCoatAuthentication) {
+ public IManageServiceMetadataWS createSmp(String clientKeyAlias, String clientCertHttpHeader, boolean clientCertAuthentication) {
LOG.info("create IManageServiceMetadataWS");
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
diff --git a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java
index ba82955415554aba65213657b43799eef64fe65c..403a0e5880c9475cbda4e062a9250dd659957aff 100644
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java
@@ -263,7 +263,7 @@ public class SmlConnector implements ApplicationContextAware {
private IManageParticipantIdentifierWS getParticipantWSClient(DBDomain domain) {
IManageParticipantIdentifierWS iManageServiceMetadataWS = ctx.getBean(IManageParticipantIdentifierWS.class, getSmlClientKeyAliasForDomain(domain),
- domain.getSmlClientCertHeader(), domain.isSmlBlueCoatAuth());
+ domain.getSmlClientCertHeader(), domain.isSmlClientCertAuth());
// configure connection
configureClient(PARTICIPANT_IDENTIFIER_CONTEXT, iManageServiceMetadataWS, domain);
@@ -274,7 +274,7 @@ public class SmlConnector implements ApplicationContextAware {
IManageServiceMetadataWS iManageServiceMetadataWS = ctx.getBean(IManageServiceMetadataWS.class,
- getSmlClientKeyAliasForDomain(domain), domain.getSmlClientCertHeader(), domain.isSmlBlueCoatAuth());
+ getSmlClientKeyAliasForDomain(domain), domain.getSmlClientCertHeader(), domain.isSmlClientCertAuth());
// configure value connection
configureClient(SERVICE_METADATA_CONTEXT, iManageServiceMetadataWS, domain);
@@ -289,7 +289,7 @@ public class SmlConnector implements ApplicationContextAware {
protected String getSmlClientKeyAliasForDomain(DBDomain domain) {
String alias = domain.getSmlClientKeyAlias();
- if (!domain.isSmlBlueCoatAuth() && StringUtils.isBlank(alias)) {
+ if (!domain.isSmlClientCertAuth() && StringUtils.isBlank(alias)) {
List<CertificateRO> list = keystoreService.getKeystoreEntriesList();
// if there is only one certificate than choose the one
if (list.size() == 1) {
@@ -304,7 +304,7 @@ public class SmlConnector implements ApplicationContextAware {
String clientKeyAlias = getSmlClientKeyAliasForDomain(domain);
String clientCertHttpHeader = domain.getSmlClientCertHeader();
- boolean blueCoatAuthentication = domain.isSmlBlueCoatAuth();
+ boolean clientCertAuthentication = domain.isSmlClientCertAuth();
Client client = ClientProxy.getClient(smlPort);
URL url = configurationService.getSMLIntegrationUrl();
@@ -323,7 +323,7 @@ public class SmlConnector implements ApplicationContextAware {
requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, urlSMPManagment.toString());
// check if there is only one cert in keystore
- if (!blueCoatAuthentication && StringUtils.isBlank(clientKeyAlias)) {
+ if (!clientCertAuthentication && StringUtils.isBlank(clientKeyAlias)) {
List<CertificateRO> list = keystoreService.getKeystoreEntriesList();
if (list.size() == 1) {
// set the default alias
@@ -335,23 +335,23 @@ public class SmlConnector implements ApplicationContextAware {
}
}
- if (!blueCoatAuthentication && !useTLS) {
+ if (!clientCertAuthentication && !useTLS) {
LOG.warn("SML integration is wrongly configured. Uses 2-way-SSL HTTPS but URL is not HTTPS! Url: {}.", urlSMPManagment.toString());
}
HTTPConduit httpConduit = (HTTPConduit) client.getConduit();
configureClientAuthentication(httpConduit, requestContext,
- blueCoatAuthentication ? clientCertHttpHeader : clientKeyAlias,
- blueCoatAuthentication, useTLS);
+ clientCertAuthentication ? clientCertHttpHeader : clientKeyAlias,
+ clientCertAuthentication, useTLS);
configureFaultHandling(requestContext);
configureProxy(httpConduit, urlSMPManagment);
configurePayloadLogging(client);
}
- public void configureClientAuthentication(HTTPConduit httpConduit, Map<String, Object> requestContext, String smlClientAuthentication, boolean blueCoatAuthentication, boolean useTLS) {
- LOG.info("Connect to SML (smlClientAuthentication: {} use Client-CertHeader: {})", smlClientAuthentication, blueCoatAuthentication);
+ public void configureClientAuthentication(HTTPConduit httpConduit, Map<String, Object> requestContext, String smlClientAuthentication, boolean clientCertAuthentication, boolean useTLS) {
+ LOG.info("Connect to SML (smlClientAuthentication: {} use Client-CertHeader: {})", smlClientAuthentication, clientCertAuthentication);
if (StringUtils.isBlank(smlClientAuthentication)) {
throw new IllegalStateException("SML integration is wrongly configured, at least one authentication option is required: 2-way-SSL or Client-Cert header");
}
@@ -363,7 +363,7 @@ public class SmlConnector implements ApplicationContextAware {
tlsParams.setCertConstraints(createCertConstraint(configurationService.getSMLIntegrationServerCertSubjectRegExpPattern()));
tlsParams.setDisableCNCheck(configurationService.smlDisableCNCheck());
- if (!blueCoatAuthentication) {
+ if (!clientCertAuthentication) {
LOG.info("SML X509 certificate authentication with alias {}.", smlClientAuthentication);
tlsParams.setCertAlias(smlClientAuthentication);
tlsParams.setKeyManagers(keystoreService.getKeyManagers());
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/AuthenticationTestDataHolder.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/AuthenticationTestDataHolder.java
index a1610a4be0609f2a680d9569e850dd166c80b815..4fe899540ec89a48c97f42426823ca6d6f9fa926 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/AuthenticationTestDataHolder.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/AuthenticationTestDataHolder.java
@@ -2,7 +2,7 @@ package eu.europa.ec.edelivery.smp.config;
public class AuthenticationTestDataHolder {
String alias;
- String blueCoatHeader;
+ String clientCertHeader;
public String getAlias() {
return alias;
@@ -12,11 +12,11 @@ public class AuthenticationTestDataHolder {
this.alias = alias;
}
- public String getBlueCoatHeader() {
- return blueCoatHeader;
+ public String getClientCertHeader() {
+ return clientCertHeader;
}
- public void setBlueCoatHeader(String blueCoatHeader) {
- this.blueCoatHeader = blueCoatHeader;
+ public void setClientCertHeader(String clientCertHeader) {
+ this.clientCertHeader = clientCertHeader;
}
}
\ No newline at end of file
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/SmlIntegrationConfiguration.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/SmlIntegrationConfiguration.java
index d2597fc34dc8a9ffe908b255145f5009ef4fe0eb..7c63a380e55aed65f2416c537b736367c22ff659 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/SmlIntegrationConfiguration.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/config/SmlIntegrationConfiguration.java
@@ -48,16 +48,16 @@ public class SmlIntegrationConfiguration {
defaultDomain.setDomainCode("default_domain_id");
defaultDomain.setSmlSmpId("SAMPLE-SMP-ID");
defaultDomain.setSmlRegistered(false);
- defaultDomain.setSmlBlueCoatAuth(false);
+ defaultDomain.setSmlClientCertAuth(false);
defaultDomain.setSmlClientKeyAlias("clientAlias");
- defaultDomain.setSmlClientCertHeader("blueCoatClientHeader");
+ defaultDomain.setSmlClientCertHeader("clientCertClientHeader");
setThrowExceptionAfterParticipantCallCount(-1);
setThrowException(null);
}
@Bean
@Scope(SCOPE_PROTOTYPE)
- public IManageServiceMetadataWS smpManagerClient(String clientKeyAlias, String clientCertHttpHeader, boolean authBlueCoat) throws BadRequestFault, UnauthorizedFault, InternalErrorFault, NotFoundFault {
+ public IManageServiceMetadataWS smpManagerClient(String clientKeyAlias, String clientCertHttpHeader, boolean authClientCert) throws BadRequestFault, UnauthorizedFault, InternalErrorFault, NotFoundFault {
@@ -71,7 +71,7 @@ public class SmlIntegrationConfiguration {
AuthenticationTestDataHolder dh = new AuthenticationTestDataHolder();
dh.setAlias(clientKeyAlias);
- dh.setBlueCoatHeader(clientCertHttpHeader);
+ dh.setClientCertHeader(clientCertHttpHeader);
smpManagerClientMocks.add(clientMock);
smpManagerClientMocksData.put(clientMock, dh);
return clientMock;
@@ -79,7 +79,7 @@ public class SmlIntegrationConfiguration {
@Bean
@Scope(SCOPE_PROTOTYPE)
- public IManageParticipantIdentifierWS smpParticipantClient(String clientKeyAlias, String clientCertHttpHeader,boolean authBlueCoat) throws UnauthorizedFault, NotFoundFault, InternalErrorFault, BadRequestFault {
+ public IManageParticipantIdentifierWS smpParticipantClient(String clientKeyAlias, String clientCertHttpHeader,boolean authClientCert) throws UnauthorizedFault, NotFoundFault, InternalErrorFault, BadRequestFault {
if (throwExceptionAfterParticipantCallCount >0 && throwExceptionAfterParticipantCallCount <= smlClientMocks.size()){
@@ -99,7 +99,7 @@ public class SmlIntegrationConfiguration {
AuthenticationTestDataHolder dh = new AuthenticationTestDataHolder();
dh.setAlias(clientKeyAlias);
- dh.setBlueCoatHeader(clientCertHttpHeader);
+ dh.setClientCertHeader(clientCertHttpHeader);
smlClientMocks.add(clientMock);
smlClientMocksData.put(clientMock, dh);
return clientMock;
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
index 736db31bcd6d83bd3da2899fe0612ea1c25988ff..fef55b9c1c835ff17b9fe3f2ff8581cbb4063cf5 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/conversion/X509CertificateToCertificateROConverterTest.java
@@ -1,24 +1,16 @@
package eu.europa.ec.edelivery.smp.conversion;
import eu.europa.ec.edelivery.smp.data.ui.CertificateRO;
-import eu.europa.ec.smp.api.Identifiers;
import junitparams.JUnitParamsRunner;
import junitparams.Parameters;
-import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.oasis_open.docs.bdxr.ns.smp._2016._05.ParticipantIdentifierType;
-import javax.security.auth.x500.X500Principal;
-import java.io.FileInputStream;
-import java.io.FileNotFoundException;
import java.io.InputStream;
import java.security.Security;
-import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.Base64;
import static org.junit.Assert.*;
@@ -33,7 +25,7 @@ public class X509CertificateToCertificateROConverterTest {
private static final Object[] testCases() {
return new Object[][]{
- // filename, subject, issuer, serial number, blueCoatHeader, certificateId
+ // filename, subject, issuer, serial number, clientCertHeader, certificateId
{"cert-escaped-chars.pem", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE", "CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,OU=CEF,O=DIGIT,C=BE","5c1bb275","sno=5c1bb275&subject=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A17%3A09+2018+GMT&validto=Dec+17+16%3A17%3A09+2028+GMT&issuer=CN%3DEscape+characters+%5C%2C%5C%5C%5C%23%5C%2B%5C%3C%5C%3E%5C%22%5C%3D%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Escape characters \\,\\\\\\#\\+\\<\\>\\\"\\=,O=DIGIT,C=BE:000000005c1bb275"},
{"cert-nonAscii.pem", "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE", "CN=NonAscii chars: à øýßĉæãäħ,OU=CEF,O=DIGIT,C=BE","5c1bb38d","sno=5c1bb38d&subject=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A21%3A49+2018+GMT&validto=Dec+17+16%3A21%3A49+2028+GMT&issuer=CN%3DNonAscii+chars%3A++%C3%A0%C3%B8%C3%BD%C3%9F%C4%89%C3%A6%C3%A3%C3%A4%C4%A7%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=NonAscii chars: aøyßcæaaħ,O=DIGIT,C=BE:000000005c1bb38d"},
{"cert-with-email.pem", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE", "CN=Cert with email,OU=CEF,O=DIGIT,C=BE","5c1bb358","sno=5c1bb358&subject=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE&validfrom=Dec+20+16%3A20%3A56+2018+GMT&validto=Dec+17+16%3A20%3A56+2028+GMT&issuer=CN%3DCert+with+email%2COU%3DCEF%2CO%3DDIGIT%2CC%3DBE","CN=Cert with email,O=DIGIT,C=BE:000000005c1bb358"},
@@ -52,7 +44,7 @@ public class X509CertificateToCertificateROConverterTest {
String subject,
String issuer,
String serialNumber,
- String blueCoat,
+ String clientCertHeader,
String certificateId) throws CertificateException {
@@ -68,7 +60,7 @@ public class X509CertificateToCertificateROConverterTest {
assertEquals(subject, certRo.getSubject());
assertEquals(issuer, certRo.getIssuer());
assertEquals(serialNumber, certRo.getSerialNumber());
- assertEquals(blueCoat, certRo.getBlueCoatHeader());
+ assertEquals(clientCertHeader, certRo.getClientCertHeader());
assertEquals(certificateId, certRo.getCertificateId());
assertNotNull(certRo.getEncodedValue());
assertEquals(certificate.getNotBefore(), certRo.getValidFrom());
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ConfigurationServiceAllGetMethodsTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ConfigurationServiceAllGetMethodsTest.java
index d368c81d3c2ae867257a718483ac4755c37661cb..5ae9b715809f214efcd95a80afebd03d2beb69c2 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ConfigurationServiceAllGetMethodsTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ConfigurationServiceAllGetMethodsTest.java
@@ -44,7 +44,8 @@ public class ConfigurationServiceAllGetMethodsTest {
public static Collection<Object[]> data() {
// set property values for property, set value, method name, value or property, value (true) or property (false)
return Arrays.asList(new Object[][] {
- {CLIENT_CERT_HEADER_ENABLED, Boolean.TRUE, "isAuthenticationWithClientCertHeaderEnabled", true},
+ {EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED, Boolean.TRUE, "isExternalTLSAuthenticationWithClientCertHeaderEnabled", true},
+ {EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED, Boolean.TRUE, "isExternalTLSAuthenticationWithSSLClientCertHeaderEnabled", true},
{OUTPUT_CONTEXT_PATH, Boolean.FALSE, "isUrlContextEnabled", true},
//{HTTP_FORWARDED_HEADERS_ENABLED, Boolean.TRUE, "", true},
{HTTP_HSTS_MAX_AGE, 1234, "getHttpHeaderHstsMaxAge", true},
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertFromKeystoreTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertFromKeystoreTest.java
index d4cec96b129ce979f87ded99913db35a0048d4f2..56eb26111c32bff140b7fdee7fc18690d8210cc3 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertFromKeystoreTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertFromKeystoreTest.java
@@ -96,7 +96,7 @@ public class SmlClientFactoryAuthenticationByClientCertFromKeystoreTest extends
IManageParticipantIdentifierWS client = smlClientFactory.create(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias("second_domain_alias");
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
// when
testInstance.configureClient("manageparticipantidentifier", client, domain);
@@ -122,7 +122,7 @@ public class SmlClientFactoryAuthenticationByClientCertFromKeystoreTest extends
IManageServiceMetadataWS client = smlClientFactory.createSmp(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias("second_domain_alias");
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
// when
testInstance.configureClient("manageservicemetadata", client, domain);
@@ -145,7 +145,7 @@ public class SmlClientFactoryAuthenticationByClientCertFromKeystoreTest extends
IManageParticipantIdentifierWS client = smlClientFactory.create(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias("single_domain_key");
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
// when
testInstance.configureClient("changedEndpoint", client, domain);
@@ -166,7 +166,7 @@ public class SmlClientFactoryAuthenticationByClientCertFromKeystoreTest extends
IManageServiceMetadataWS client = smlClientFactory.createSmp(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias("single_domain_key");
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
// when
testInstance.configureClient("changedEndpoint", client, domain);
@@ -186,7 +186,7 @@ public class SmlClientFactoryAuthenticationByClientCertFromKeystoreTest extends
IManageParticipantIdentifierWS client = smlClientFactory.create(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias(null);
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
expectedEx.expect(IllegalStateException.class);
expectedEx.expectMessage("More than one key in Keystore! Define alias for the domain SML authentication!");
@@ -204,7 +204,7 @@ public class SmlClientFactoryAuthenticationByClientCertFromKeystoreTest extends
IManageServiceMetadataWS client = smlClientFactory.createSmp(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias(null);
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
expectedEx.expect(IllegalStateException.class);
expectedEx.expectMessage("More than one key in Keystore! Define alias for the domain SML authentication!");
@@ -226,7 +226,7 @@ public class SmlClientFactoryAuthenticationByClientCertFromKeystoreTest extends
IManageParticipantIdentifierWS client = smlClientFactory.create(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias(null);
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
// when
testInstance.configureClient("changedEndpoint", client, domain);
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertHttpHeader.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertHttpHeader.java
index ed641b914b73f7c42a6dc243ea41e09c94e836fe..84510f88b5ebdb541b1a191df39a721534839de9 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertHttpHeader.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlClientFactoryAuthenticationByClientCertHttpHeader.java
@@ -18,12 +18,9 @@ import eu.europa.ec.bdmsl.ws.soap.IManageServiceMetadataWS;
import eu.europa.ec.edelivery.smp.data.model.DBDomain;
import eu.europa.ec.edelivery.smp.services.AbstractServiceIntegrationTest;
import eu.europa.ec.edelivery.smp.services.ConfigurationService;
-import eu.europa.ec.edelivery.smp.services.ui.UIKeystoreService;
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.message.Message;
-import org.apache.cxf.transport.http.HTTPConduit;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
@@ -35,15 +32,8 @@ import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.util.ReflectionTestUtils;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.X509KeyManager;
-import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
@@ -84,7 +74,7 @@ public class SmlClientFactoryAuthenticationByClientCertHttpHeader extends Abstra
IManageParticipantIdentifierWS client = smlClientFactory.create(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientCertHeader(CLIENT_CERT_HTTP_HEADER);
- domain.setSmlBlueCoatAuth(true);
+ domain.setSmlClientCertAuth(true);
// when
testInstance.configureClient("manageparticipantidentifier", client, domain);
@@ -107,7 +97,7 @@ public class SmlClientFactoryAuthenticationByClientCertHttpHeader extends Abstra
IManageServiceMetadataWS client = smlClientFactory.createSmp(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientCertHeader(CLIENT_CERT_HTTP_HEADER);
- domain.setSmlBlueCoatAuth(true);
+ domain.setSmlClientCertAuth(true);
// when
testInstance.configureClient("manageservicemetadata", client, domain);
@@ -130,7 +120,7 @@ public class SmlClientFactoryAuthenticationByClientCertHttpHeader extends Abstra
IManageServiceMetadataWS client = smlClientFactory.createSmp(null, null, false);
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias(null);
- domain.setSmlBlueCoatAuth(true);
+ domain.setSmlClientCertAuth(true);
expectedEx.expect(IllegalStateException.class);
expectedEx.expectMessage("SML integration is wrongly configured, at least one authentication option is required: 2-way-SSL or Client-Cert header");
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlConnectorDomainTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlConnectorDomainTest.java
index 98403d32e193fc63f2124e0113e4295b1818fc29..0e99e9a65b20e23f8191e2857f1a5ee6e36e6258 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlConnectorDomainTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/sml/SmlConnectorDomainTest.java
@@ -202,7 +202,7 @@ public class SmlConnectorDomainTest extends AbstractServiceIntegrationTest {
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias(UUID.randomUUID().toString());
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
String alias = testInstance.getSmlClientKeyAliasForDomain(domain);
@@ -214,7 +214,7 @@ public class SmlConnectorDomainTest extends AbstractServiceIntegrationTest {
DBDomain domain = new DBDomain();
domain.setSmlClientKeyAlias(null);
- domain.setSmlBlueCoatAuth(false);
+ domain.setSmlClientCertAuth(false);
String alias = testInstance.getSmlClientKeyAliasForDomain(domain);
diff --git a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
index 3b4464b3a038cdaee65434446b9c58804c128def..3ae3cb123e91b5285b9638dc2a7667a444fe33db 100644
--- a/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
+++ b/smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/utils/PropertyUtilsTest.java
@@ -44,7 +44,8 @@ public class PropertyUtilsTest {
private static final Object[] testParsePropertiesToType() {
return new Object[][]{
- {CLIENT_CERT_HEADER_ENABLED, "true", Boolean.class},
+ {EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED, "true", Boolean.class},
+ {EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED, "true", Boolean.class},
{OUTPUT_CONTEXT_PATH, "true", Boolean.class},
{PARTC_SCH_REGEXP, ".*", Pattern.class},
{CS_PARTICIPANTS, "casesensitive-participant-scheme1|casesensitive-participant-scheme2", List.class},
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthorizationService.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthorizationService.java
index 57e15231f5d0682d59c94ffedd29042a44536bff..e27be3122be6e32fb127f0b64d81edaed3eb3722 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthorizationService.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/SMPAuthorizationService.java
@@ -34,12 +34,16 @@ public class SMPAuthorizationService {
public boolean isSystemAdministrator() {
SMPAuthenticationToken authentication = getAndValidateSessionAuthentication();
- return hasSessionUserRole(S_AUTHORITY_TOKEN_SYSTEM_ADMIN, authentication);
+ boolean hasSystemRole = hasSessionUserRole(S_AUTHORITY_TOKEN_SYSTEM_ADMIN, authentication);
+ LOG.debug("Logged user [{}] is system administrator role [{}]", authentication.getUser().getUsername(), hasSystemRole);
+ return hasSystemRole;
}
public boolean isSMPAdministrator() {
SMPAuthenticationToken authentication = getAndValidateSessionAuthentication();
- return hasSessionUserRole(S_AUTHORITY_TOKEN_SMP_ADMIN, authentication);
+ boolean hasSystemRole = hasSessionUserRole(S_AUTHORITY_TOKEN_SMP_ADMIN, authentication);
+ LOG.debug("Logged user [{}] is SMP administrator role [{}]", authentication.getUser().getUsername(), hasSystemRole);
+ return hasSystemRole;
}
public boolean isCurrentlyLoggedIn(String userId) {
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java
index f53b0ac4c913ddb00dea84d869792ad38524c058..e575b1999a987d4413ad4e524720f79201c1a246 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/WSSecurityConfigurerAdapter.java
@@ -202,7 +202,7 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
if (clientCertAuthenticationFilter == null) {
clientCertAuthenticationFilter = new ClientCertAuthenticationFilter();
clientCertAuthenticationFilter.setAuthenticationManager(authenticationManager());
- clientCertAuthenticationFilter.setClientCertAuthenticationEnabled(configurationService.isAuthenticationWithClientCertHeaderEnabled());
+ clientCertAuthenticationFilter.setClientCertAuthenticationEnabled(configurationService.isExternalTLSAuthenticationWithClientCertHeaderEnabled());
}
return clientCertAuthenticationFilter;
}
@@ -212,13 +212,14 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
if (x509AuthenticationFilter == null) {
x509AuthenticationFilter = new EDeliveryX509AuthenticationFilter();
x509AuthenticationFilter.setAuthenticationManager(authenticationManager());
+ x509AuthenticationFilter.setHttpHeaderAuthenticationEnabled(configurationService.isExternalTLSAuthenticationWithSSLClientCertHeaderEnabled());
}
return x509AuthenticationFilter;
}
- public void setClientCertAuthenticationEnabled(boolean clientCertEnabled) {
+ public void setExternalTlsAuthenticationWithClientCertHeaderEnabled(boolean clientCertEnabled) {
try {
getClientCertAuthenticationFilter().setClientCertAuthenticationEnabled(clientCertEnabled);
} catch (Exception e) {
@@ -226,5 +227,13 @@ public class WSSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
}
}
+ public void setExternalTlsAuthenticationWithX509CertificateHeaderEnabled(boolean sslClientCertEnabled) {
+ try {
+ getEDeliveryX509AuthenticationFilter().setHttpHeaderAuthenticationEnabled(sslClientCertEnabled);
+ } catch (Exception e) {
+ new SMPRuntimeException(ErrorCode.INTERNAL_ERROR, "Error occurred while setting the ClientCert feature (enable [" + sslClientCertEnabled + "])", ExceptionUtils.getRootCauseMessage(e));
+ }
+ }
+
}
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/properties/SMPSecurityPropertyUpdateListener.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/properties/SMPSecurityPropertyUpdateListener.java
index 51fac6ebb33bbb97a4153548dfc996186a18538e..2a74b4cf585bc9785a65818dfe1bb0373ef7251a 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/properties/SMPSecurityPropertyUpdateListener.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/config/properties/SMPSecurityPropertyUpdateListener.java
@@ -13,8 +13,7 @@ import java.util.Arrays;
import java.util.List;
import java.util.Map;
-import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyEnum.CLIENT_CERT_HEADER_ENABLED;
-import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyEnum.HTTP_FORWARDED_HEADERS_ENABLED;
+import static eu.europa.ec.edelivery.smp.data.ui.enums.SMPPropertyEnum.*;
/**
@@ -38,16 +37,20 @@ public class SMPSecurityPropertyUpdateListener implements PropertyUpdateListener
@Override
public void updateProperties(Map<SMPPropertyEnum, Object> properties) {
- setClientCertAuthentication((Boolean) properties.get(CLIENT_CERT_HEADER_ENABLED));
+ setExternalTlsAuthenticationWithClientCertHeaderEnabled((Boolean) properties.get(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED));
+ setExternalTlsAuthenticationWithX509CertificateHeaderEnabled((Boolean) properties.get(EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED));
setForwardHeadersEnabled((Boolean) properties.get(HTTP_FORWARDED_HEADERS_ENABLED));
}
@Override
public List<SMPPropertyEnum> handledProperties() {
- return Arrays.asList(CLIENT_CERT_HEADER_ENABLED, HTTP_FORWARDED_HEADERS_ENABLED);
+ return Arrays.asList(
+ EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED,
+ EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED,
+ HTTP_FORWARDED_HEADERS_ENABLED);
}
- public void setClientCertAuthentication(Boolean clientCertEnabled) {
+ public void setExternalTlsAuthenticationWithClientCertHeaderEnabled(Boolean clientCertEnabled) {
if (clientCertEnabled == null) {
LOG.debug("Skip setting null client-cert");
return;
@@ -56,7 +59,19 @@ public class SMPSecurityPropertyUpdateListener implements PropertyUpdateListener
if (clientCertEnabled) {
LOG.warn("Set Client-Cert HTTP header enabled: [true]. Do not enable this option when using SMP without reverse-proxy and HTTP header protection!");
}
- wsSecurityConfigurerAdapter.setClientCertAuthenticationEnabled(clientCertEnabled);
+ wsSecurityConfigurerAdapter.setExternalTlsAuthenticationWithClientCertHeaderEnabled(clientCertEnabled);
+ }
+
+ public void setExternalTlsAuthenticationWithX509CertificateHeaderEnabled(Boolean clientCertEnabled) {
+ if (clientCertEnabled == null) {
+ LOG.debug("Skip setting null SSLClientCert");
+ return;
+ }
+ LOG.info("Set SSLClientCert headers enabled: [{}]." , clientCertEnabled);
+ if (clientCertEnabled) {
+ LOG.warn("Set SSLClientCert HTTP header enabled: [true]. Do not enable this option when using SMP without reverse-proxy and HTTP header protection!");
+ }
+ wsSecurityConfigurerAdapter.setExternalTlsAuthenticationWithX509CertificateHeaderEnabled(clientCertEnabled);
}
public void setForwardHeadersEnabled(Boolean forwardHeadersEnabled) {
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/ResourceConstants.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/ResourceConstants.java
index c0190f8c3b738f83ea5fbd0552190bf05851aac6..83995035837ce67dffd86298852d378dac7a875f 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/ResourceConstants.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/ResourceConstants.java
@@ -19,6 +19,7 @@ public class ResourceConstants {
public static final String CONTEXT_PATH_PUBLIC_SERVICE_GROUP = CONTEXT_PATH_PUBLIC + "service-group";
public static final String CONTEXT_PATH_PUBLIC_SERVICE_METADATA = CONTEXT_PATH_PUBLIC + "service-metadata";
public static final String CONTEXT_PATH_PUBLIC_SECURITY = CONTEXT_PATH_PUBLIC + "security";
+ public static final String CONTEXT_PATH_PUBLIC_SECURITY_AUTHENTICATION = CONTEXT_PATH_PUBLIC_SECURITY + "/authentication";
//internal
public static final String CONTEXT_PATH_INTERNAL_ALERT = CONTEXT_PATH_INTERNAL + "alert";
diff --git a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResource.java b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResource.java
index 09f0ec004a3626e84de441643c7fe0c1a2d9e62c..a830610cada7ef44bf14dfb1ee81b7a1b228bedf 100644
--- a/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResource.java
+++ b/smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResource.java
@@ -53,7 +53,7 @@ public class TruststoreAdminResource {
}
- @PreAuthorize("@smpAuthorizationService.systemAdministrator")
+ @PreAuthorize("@smpAuthorizationService.isSystemAdministrator and @smpAuthorizationService.isCurrentlyLoggedIn(#userId)")
@PostMapping(value = "/{user-id}/upload-certificate", consumes = MimeTypeUtils.APPLICATION_OCTET_STREAM_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
public CertificateRO uploadCertificate(@PathVariable("user-id") String userId,
@RequestBody byte[] fileBytes) {
@@ -80,7 +80,7 @@ public class TruststoreAdminResource {
@DeleteMapping(value = "/{id}/delete/{alias}", produces = {"application/json"})
- @PreAuthorize("@smpAuthorizationService.systemAdministrator || @smpAuthorizationService.isCurrentlyLoggedIn(#userId)")
+ @PreAuthorize("@smpAuthorizationService.systemAdministrator && @smpAuthorizationService.isCurrentlyLoggedIn(#userId)")
public KeystoreImportResult deleteCertificate(@PathVariable("id") String userId,
@PathVariable("alias") String alias) {
LOG.info("Remove alias by user id {}, alias {}.", userId, alias);
diff --git a/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl b/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl
index 49636e75b6215f8a392d53df0de8a8fa3e671dd6..3c0bd31fe3eb65b81fb4e770c886eef5a2fd5e02 100644
--- a/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl
+++ b/smp-webapp/src/main/smp-setup/database-scripts/mysql5innodb.ddl
@@ -90,7 +90,7 @@
DOMAIN_CODE varchar(256) CHARACTER SET utf8 COLLATE utf8_bin not null comment 'Domain code used as http parameter in rest webservices',
SIGNATURE_KEY_ALIAS varchar(256) CHARACTER SET utf8 COLLATE utf8_bin comment 'Signature key alias used for SML integration',
SML_BLUE_COAT_AUTH bit not null comment 'Flag for SML authentication type - use CLientCert header or HTTPS ClientCertificate (key)',
- SML_CLIENT_CERT_HEADER varchar(4000) CHARACTER SET utf8 COLLATE utf8_bin comment 'Client-Cert header used behind RP - BlueCoat for SML integration',
+ SML_CLIENT_CERT_HEADER varchar(4000) CHARACTER SET utf8 COLLATE utf8_bin comment 'Client-Cert header used behind RP - ClientCertHeader for SML integration',
SML_CLIENT_KEY_ALIAS varchar(256) CHARACTER SET utf8 COLLATE utf8_bin comment 'Client key alias used for SML integration',
SML_PARTC_IDENT_REGEXP varchar(4000) CHARACTER SET utf8 COLLATE utf8_bin comment 'Reqular expresion for participant ids',
SML_REGISTERED bit not null comment 'Flag for: Is domain registered in SML',
diff --git a/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl b/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl
index 8145a1ddee75f2a5d9dec3eefdfae3ee98a12c12..637c165191dbe691617555c513fc87082d7ff7f4 100644
--- a/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl
+++ b/smp-webapp/src/main/smp-setup/database-scripts/oracle10g.ddl
@@ -170,7 +170,7 @@ create sequence SMP_USER_SEQ start with 1 increment by 1;
'Flag for SML authentication type - use CLientCert header or HTTPS ClientCertificate (key)';
comment on column SMP_DOMAIN.SML_CLIENT_CERT_HEADER is
- 'Client-Cert header used behind RP - BlueCoat for SML integration';
+ 'Client-Cert header used behind RP - ClientCertHeader for SML integration';
comment on column SMP_DOMAIN.SML_CLIENT_KEY_ALIAS is
'Client key alias used for SML integration';
diff --git a/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java b/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java
index 7d9da615bd5d8fdc343b530b86785efd572c95e8..c5572f4c10eddfc4e5319659b98fbf6fa9edb2f0 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/cipa/smp/server/security/SecurityConfigurationTest.java
@@ -13,11 +13,9 @@
package eu.europa.ec.cipa.smp.server.security;
-import eu.europa.ec.edelivery.exception.BlueCoatParseException;
+import eu.europa.ec.edelivery.exception.ClientCertParseException;
import eu.europa.ec.edelivery.smp.test.SmpTestWebAppConfig;
import eu.europa.ec.edelivery.smp.test.testutils.X509CertificateTestUtils;
-import org.apache.commons.text.matcher.StringMatcher;
-import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
@@ -130,7 +128,7 @@ public class SecurityConfigurationTest {
}
- @Test(expected = BlueCoatParseException.class)
+ @Test(expected = ClientCertParseException.class)
public void malformedClientCertHeaderNotAuthorizedTest() throws Exception {
HttpHeaders headers = new HttpHeaders();
headers.add("Client-Cert", "malformed header value");
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/config/SMPSecurityPropertyUpdateListenerTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/config/SMPSecurityPropertyUpdateListenerTest.java
index 65d2a23cfea742bd3450229cf6b575637ae5ce49..762f380ca1b9611f6f707b9b44ee4c89b5bb11ec 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/config/SMPSecurityPropertyUpdateListenerTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/config/SMPSecurityPropertyUpdateListenerTest.java
@@ -25,28 +25,42 @@ public class SMPSecurityPropertyUpdateListenerTest {
@Test
public void testPropertiesUpdateClientCertTrue() {
Map<SMPPropertyEnum, Object> prop = new HashMap();
- prop.put(CLIENT_CERT_HEADER_ENABLED, TRUE);
+ prop.put(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED, TRUE);
testInstance.updateProperties(prop);
- Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(1)).setClientCertAuthenticationEnabled(true);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(1)).setExternalTlsAuthenticationWithClientCertHeaderEnabled(true);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(0)).setExternalTlsAuthenticationWithX509CertificateHeaderEnabled(false);
+ Mockito.verify(forwardedHeaderTransformer, Mockito.times(0)).setRemoveOnly(false);
+ }
+
+ @Test
+ public void testPropertiesUpdateSSLClientCertTrue() {
+ Map<SMPPropertyEnum, Object> prop = new HashMap();
+ prop.put(EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED, TRUE);
+ testInstance.updateProperties(prop);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(0)).setExternalTlsAuthenticationWithClientCertHeaderEnabled(false);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(1)).setExternalTlsAuthenticationWithX509CertificateHeaderEnabled(true);
Mockito.verify(forwardedHeaderTransformer, Mockito.times(0)).setRemoveOnly(false);
}
@Test
public void testPropertiesUpdateForwardedHeadersTrue() {
Map<SMPPropertyEnum, Object> prop = new HashMap();
- prop.put(HTTP_FORWARDED_HEADERS_ENABLED, TRUE);
+ prop.put(HTTP_FORWARDED_HEADERS_ENABLED, FALSE);
testInstance.updateProperties(prop);
- Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(0)).setClientCertAuthenticationEnabled(true);
- Mockito.verify(forwardedHeaderTransformer, Mockito.times(1)).setRemoveOnly(false);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(0)).setExternalTlsAuthenticationWithClientCertHeaderEnabled(false);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(0)).setExternalTlsAuthenticationWithX509CertificateHeaderEnabled(false);
+ Mockito.verify(forwardedHeaderTransformer, Mockito.times(1)).setRemoveOnly(TRUE);
}
@Test
public void testPropertiesUpdateFalse() {
Map<SMPPropertyEnum, Object> prop = new HashMap();
- prop.put(CLIENT_CERT_HEADER_ENABLED, FALSE);
+ prop.put(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED, FALSE);
+ prop.put(EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED, FALSE);
prop.put(HTTP_FORWARDED_HEADERS_ENABLED, FALSE);
testInstance.updateProperties(prop);
- Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(1)).setClientCertAuthenticationEnabled(false);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(1)).setExternalTlsAuthenticationWithClientCertHeaderEnabled(false);
+ Mockito.verify(wsSecurityConfigurerAdapter, Mockito.times(1)).setExternalTlsAuthenticationWithX509CertificateHeaderEnabled(false);
Mockito.verify(forwardedHeaderTransformer, Mockito.times(1)).setRemoveOnly(true);
}
@@ -54,8 +68,9 @@ public class SMPSecurityPropertyUpdateListenerTest {
public void testHandledProperties() {
Map<SMPPropertyEnum, Object> prop = new HashMap();
List<SMPPropertyEnum> result = testInstance.handledProperties();
- assertEquals(2, result.size());
- assertTrue(result.contains(CLIENT_CERT_HEADER_ENABLED));
+ assertEquals(3, result.size());
+ assertTrue(result.contains(EXTERNAL_TLS_AUTHENTICATION_CLIENT_CERT_HEADER_ENABLED));
+ assertTrue(result.contains(EXTERNAL_TLS_AUTHENTICATION_CERTIFICATE_HEADER_ENABLED));
assertTrue(result.contains(HTTP_FORWARDED_HEADERS_ENABLED));
}
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/test/testutils/MockMvcUtils.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/test/testutils/MockMvcUtils.java
new file mode 100644
index 0000000000000000000000000000000000000000..ae8c88af52adc2b1938a7f0ae22b470d7c7c4aca
--- /dev/null
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/test/testutils/MockMvcUtils.java
@@ -0,0 +1,135 @@
+package eu.europa.ec.edelivery.smp.test.testutils;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import eu.europa.ec.edelivery.smp.data.ui.UserRO;
+import org.springframework.http.HttpHeaders;
+import org.springframework.mock.web.MockHttpSession;
+import org.springframework.mock.web.MockServletContext;
+import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.MvcResult;
+import org.springframework.test.web.servlet.request.RequestPostProcessor;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.ContextLoaderListener;
+import org.springframework.web.context.WebApplicationContext;
+
+import javax.servlet.ServletContextEvent;
+import javax.servlet.ServletContextListener;
+
+import static eu.europa.ec.edelivery.smp.ui.ResourceConstants.*;
+import static org.junit.Assert.assertNotNull;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
+import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+/**
+ * Collection on MVC Utility tools accessible via static methods.
+ *
+ * @author Joze Rihtarsic
+ * @since 4.2
+ */
+public class MockMvcUtils {
+ static ObjectMapper mapper = new ObjectMapper();
+
+ private static final String SYS_ADMIN_USERNAME = "sys_admin";
+ private static final String SYS_ADMIN_PASSWD = "test123";
+ private static final String SMP_ADMIN_USERNAME = "smp_admin";
+ private static final String SMP_ADMIN_PASSWD = "test123";
+ private static final String SG_USER_USERNAME = "sg_admin";
+ private static final String SG_USER_PASSWD = "test123";
+
+
+ public static RequestPostProcessor getHttpBasicSystemAdminCredentials() {
+ return httpBasic(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
+ }
+
+ public static RequestPostProcessor getHttpBasicSMPAdminCredentials() {
+ return httpBasic(SMP_ADMIN_USERNAME, SMP_ADMIN_PASSWD);
+ }
+
+ public static RequestPostProcessor getHttpBasicServiceGroupUserCredentials() {
+ return httpBasic(SG_USER_USERNAME, SG_USER_PASSWD);
+ }
+
+ /**
+ * Login with system the username and data
+ *
+ * @param mvc
+ * @return
+ * @throws Exception
+ */
+ public static MockHttpSession loginWithSystemAdmin(MockMvc mvc) throws Exception {
+ return loginWithCredentials(mvc, SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
+ }
+
+ /**
+ * Login with SMP admin the username and data
+ *
+ * @param mvc
+ * @return
+ * @throws Exception
+ */
+ public static MockHttpSession loginWithSMPAdmin(MockMvc mvc) throws Exception {
+ return loginWithCredentials(mvc, SMP_ADMIN_USERNAME, SMP_ADMIN_PASSWD);
+ }
+
+ /**
+ * Login with SMP admin the username and data
+ *
+ * @param mvc
+ * @return
+ * @throws Exception
+ */
+ public static MockHttpSession loginWithServiceGroupUser(MockMvc mvc) throws Exception {
+ return loginWithCredentials(mvc, SG_USER_USERNAME, SG_USER_PASSWD);
+ }
+
+ /**
+ * Login with the username and data
+ *
+ * @param mvc
+ * @param username
+ * @param password
+ * @return
+ * @throws Exception
+ */
+ public static MockHttpSession loginWithCredentials(MockMvc mvc, String username, String password) throws Exception {
+ MvcResult result = mvc.perform(post(CONTEXT_PATH_PUBLIC_SECURITY_AUTHENTICATION)
+ .header(HttpHeaders.CONTENT_TYPE, org.springframework.http.MediaType.APPLICATION_JSON_VALUE)
+ .content("{\"username\":\"" + username + "\",\"password\":\"" + password + "\"}"))
+ .andExpect(status().isOk()).andReturn();
+ // assert successful login
+ UserRO userRO = mapper.readValue(result.getResponse().getContentAsString(), UserRO.class);
+ assertNotNull(userRO);
+ return (MockHttpSession) result.getRequest().getSession();
+ }
+
+ /**
+ * Return currently logged in data for the session
+ *
+ * @param mvc
+ * @param session
+ * @return
+ * @throws Exception
+ */
+ public static UserRO getLoggedUserData(MockMvc mvc, MockHttpSession session) throws Exception {
+ MvcResult result = mvc.perform(get(CONTEXT_PATH_PUBLIC_SECURITY + "/user")
+ .session(session)
+ .with(csrf()))
+ .andExpect(status().isOk()).andReturn();
+ return mapper.readValue(result.getResponse().getContentAsString(), UserRO.class);
+ }
+
+ public static MockMvc initializeMockMvc(WebApplicationContext webAppContext) {
+ MockMvc mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
+ .apply(SecurityMockMvcConfigurers.springSecurity())
+ .build();
+ MockServletContext sc = new MockServletContext("");
+ ServletContextListener listener = new ContextLoaderListener(webAppContext);
+ ServletContextEvent event = new ServletContextEvent(sc);
+ return mvc;
+ }
+
+}
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/UserResourceTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/UserResourceTest.java
index 43c81d52b79f56be73b29050c58574060701b7a5..bd85440e649af4c15fd1f636ab0835db878c7c65 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/UserResourceTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/UserResourceTest.java
@@ -10,31 +10,23 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpHeaders;
import org.springframework.mock.web.MockHttpSession;
-import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.jdbc.Sql;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
-import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.WebApplicationContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
import javax.ws.rs.core.MediaType;
import java.util.Arrays;
import java.util.UUID;
+import static eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils.*;
import static eu.europa.ec.edelivery.smp.ui.ResourceConstants.CONTEXT_PATH_INTERNAL_USER;
-import static eu.europa.ec.edelivery.smp.ui.ResourceConstants.CONTEXT_PATH_PUBLIC_SECURITY;
import static org.junit.Assert.*;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TEST_METHOD;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
@@ -53,39 +45,23 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
public class UserResourceTest {
private static final String PATH_PUBLIC = ResourceConstants.CONTEXT_PATH_PUBLIC_USER;
- private static final String PATH_AUTHENTICATION = CONTEXT_PATH_PUBLIC_SECURITY + "/authentication";
@Autowired
private WebApplicationContext webAppContext;
private MockMvc mvc;
- private static final String SMP_ADMIN_USERNAME = "smp_admin";
- private static final String SMP_ADMIN_PASSWD = "test123";
- private static final String SYS_ADMIN_USERNAME = "sys_admin";
- private static final String SYS_ADMIN_PASSWD = "test123";
- private static final String SG_ADMIN_USERNAME = "sg_admin";
- private static final String SG_ADMIN_PASSWD = "test123";
ObjectMapper mapper = new ObjectMapper();
@Before
public void setup() {
- mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
- .apply(SecurityMockMvcConfigurers.springSecurity())
- .build();
- initServletContext();
- }
-
- private void initServletContext() {
- MockServletContext sc = new MockServletContext("");
- ServletContextListener listener = new ContextLoaderListener(webAppContext);
- ServletContextEvent event = new ServletContextEvent(sc);
+ mvc = initializeMockMvc(webAppContext);
}
@Test
public void getUserList() throws Exception {
- MockHttpSession session = loginWithCredentials(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(get(CONTEXT_PATH_INTERNAL_USER)
.session(session)
.with(csrf()))
@@ -105,9 +81,9 @@ public class UserResourceTest {
@Test
public void testUpdateCurrentUserOK() throws Exception {
// login
- MockHttpSession session = loginWithCredentials(SMP_ADMIN_USERNAME, SMP_ADMIN_PASSWD);
+ MockHttpSession session = loginWithSMPAdmin(mvc);
// when update data
- UserRO userRO = getLoggedUserData(session);
+ UserRO userRO = getLoggedUserData(mvc, session);
userRO.setActive(!userRO.isActive());
userRO.setEmailAddress("test@mail.com");
if (userRO.getCertificate() == null) {
@@ -127,8 +103,8 @@ public class UserResourceTest {
// given when - log as SMP admin
// then change values and list uses for changed value
- MockHttpSession session = loginWithCredentials(SMP_ADMIN_USERNAME, SMP_ADMIN_PASSWD);
- UserRO userRO = getLoggedUserData(session);
+ MockHttpSession session = loginWithSMPAdmin(mvc);
+ UserRO userRO = getLoggedUserData(mvc, session);
assertNotNull(userRO);
// when
userRO.setActive(!userRO.isActive());
@@ -139,7 +115,7 @@ public class UserResourceTest {
userRO.getCertificate().setCertificateId(UUID.randomUUID().toString());
mvc.perform(put(PATH_PUBLIC + "/" + userRO.getUserId())
- .with(httpBasic(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD))
+ .with(getHttpBasicSystemAdminCredentials()) // authenticate with system admin
.with(csrf())
.contentType(MediaType.APPLICATION_JSON)
.content(mapper.writeValueAsString(userRO))
@@ -149,7 +125,7 @@ public class UserResourceTest {
@Test
public void testUpdateUserList() throws Exception {
// given when
- MockHttpSession session = loginWithCredentials(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(get(CONTEXT_PATH_INTERNAL_USER)
.session(session)
.with(csrf()))
@@ -178,7 +154,7 @@ public class UserResourceTest {
@Test
public void testUpdateUserListWrongAuthentication() throws Exception {
// given when
- MockHttpSession session = loginWithCredentials(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
+ MockHttpSession session = loginWithSystemAdmin(mvc);
MvcResult result = mvc.perform(get(CONTEXT_PATH_INTERNAL_USER)
.session(session)
.with(csrf()))
@@ -202,7 +178,7 @@ public class UserResourceTest {
.content(mapper.writeValueAsString(Arrays.asList(userRO)))
).andExpect(status().isUnauthorized());
- MockHttpSession sessionSMPAdmin = loginWithCredentials(SMP_ADMIN_USERNAME, SMP_ADMIN_PASSWD);
+ MockHttpSession sessionSMPAdmin = loginWithSMPAdmin(mvc);
mvc.perform(put(CONTEXT_PATH_INTERNAL_USER)
.session(sessionSMPAdmin)
.with(csrf())
@@ -210,7 +186,7 @@ public class UserResourceTest {
.content(mapper.writeValueAsString(Arrays.asList(userRO)))
).andExpect(status().isUnauthorized());
- MockHttpSession sessionSGAdmin = loginWithCredentials(SG_ADMIN_USERNAME, SG_ADMIN_PASSWD);
+ MockHttpSession sessionSGAdmin = loginWithServiceGroupUser(mvc);
mvc.perform(put(CONTEXT_PATH_INTERNAL_USER)
.session(sessionSGAdmin)
.with(csrf())
@@ -223,7 +199,7 @@ public class UserResourceTest {
public void testValidateDeleteUserOK() throws Exception {
// login
- MockHttpSession session = loginWithCredentials(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
+ MockHttpSession session = loginWithSystemAdmin(mvc);
// get list
MvcResult result = mvc.perform(get(CONTEXT_PATH_INTERNAL_USER)
.with(csrf())
@@ -252,13 +228,13 @@ public class UserResourceTest {
public void testValidateDeleteLoggedUserNotOK() throws Exception {
// login
- MockHttpSession session = loginWithCredentials(SYS_ADMIN_USERNAME, SYS_ADMIN_PASSWD);
+ MockHttpSession session = loginWithSystemAdmin(mvc);
// get list
MvcResult result = mvc.perform(get(CONTEXT_PATH_INTERNAL_USER)
.with(csrf())
.session(session))
.andExpect(status().isOk()).andReturn();
- UserRO userRO = getLoggedUserData(session);
+ UserRO userRO = getLoggedUserData(mvc, session);
// note system credential has id 3!
MvcResult resultDelete = mvc.perform(post(CONTEXT_PATH_INTERNAL_USER + "/validate-delete")
@@ -275,39 +251,4 @@ public class UserResourceTest {
assertEquals("Could not delete logged user!", res.getStringMessage());
}
-
- /**
- * Login with the username and data
- *
- * @param username
- * @param password
- * @return
- * @throws Exception
- */
- public MockHttpSession loginWithCredentials(String username, String password) throws Exception {
- MvcResult result = mvc.perform(post(PATH_AUTHENTICATION)
- .header(HttpHeaders.CONTENT_TYPE, org.springframework.http.MediaType.APPLICATION_JSON_VALUE)
- .content("{\"username\":\"" + username + "\",\"password\":\"" + password + "\"}"))
- .andExpect(status().isOk()).andReturn();
- // assert successful login
- UserRO userRO = mapper.readValue(result.getResponse().getContentAsString(), UserRO.class);
- assertNotNull(userRO);
- return (MockHttpSession) result.getRequest().getSession();
- }
-
- /**
- * Return currently logged in data for the session
- *
- * @param session
- * @return
- * @throws Exception
- */
- public UserRO getLoggedUserData(MockHttpSession session) throws Exception {
- MvcResult result = mvc.perform(get(CONTEXT_PATH_PUBLIC_SECURITY + "/user")
- .session(session)
- .with(csrf()))
- .andExpect(status().isOk()).andReturn();
- return mapper.readValue(result.getResponse().getContentAsString(), UserRO.class);
- }
-
}
\ No newline at end of file
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceTest.java
index 11cd2889a02c7e31d61d19bc05abe56e9399507a..8b79c9816b7fb41cba73f34357db0f217177b430 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/DomainAdminResourceTest.java
@@ -79,7 +79,7 @@ public class DomainAdminResourceTest {
.with(SYSTEM_CREDENTIALS)
.with(csrf())
.header("Content-Type", " application/json")
- .content("[{\"status\":3,\"index\":9,\"id\":2,\"domainCode\":\"domainTwo\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlBlueCoatAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
+ .content("[{\"status\":3,\"index\":9,\"id\":2,\"domainCode\":\"domainTwo\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlClientCertAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
.andExpect(status().isOk()).andReturn();
// check if exists
@@ -94,7 +94,7 @@ public class DomainAdminResourceTest {
.with(SYSTEM_CREDENTIALS)
.with(csrf())
.header("Content-Type", " application/json")
- .content("[{\"status\":3,\"index\":9,\"id\":10,\"domainCode\":\"domainTwoNotExist\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlBlueCoatAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
+ .content("[{\"status\":3,\"index\":9,\"id\":10,\"domainCode\":\"domainTwoNotExist\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlClientCertAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
.andExpect(status().isOk()).andReturn();
}
@@ -128,7 +128,7 @@ public class DomainAdminResourceTest {
.with(SYSTEM_CREDENTIALS)
.with(csrf())
.header("Content-Type", " application/json")
- .content("[{\"status\":1,\"index\":9,\"id\":2,\"domainCode\":\"domainTwo\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlBlueCoatAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
+ .content("[{\"status\":1,\"index\":9,\"id\":2,\"domainCode\":\"domainTwo\",\"smlSubdomain\":\"newdomain\",\"smlSmpId\":\"CEF-SMP-010\",\"smlParticipantIdentifierRegExp\":null,\"smlClientCertHeader\":null,\"smlClientKeyAlias\":null,\"signatureKeyAlias\":\"sig-key\",\"smlClientCertAuth\":true,\"smlRegistered\":false}]")) // delete domain with id 2
.andExpect(status().isOk()).andReturn();
// check if exists
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResourceTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResourceTest.java
index 9e10ed437b109799cbc2b79adc64ccde214c876b..94fdb36bc5cd7df5eae91e795c27b3e5d68491d6 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResourceTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/KeystoreResourceTest.java
@@ -98,7 +98,7 @@ public class KeystoreResourceTest {
CertificateRO cert = mapper.convertValue(sgMap, CertificateRO.class);
assertNotNull(cert.getAlias());
assertNotNull(cert.getCertificateId());
- assertNotNull(cert.getBlueCoatHeader());
+ assertNotNull(cert.getClientCertHeader());
assertNull(cert.getEncodedValue()); // submit only metadata
});
}
diff --git a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResourceTest.java b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResourceTest.java
index 714ec7eae85516afaabc3de3356f3f905a343e63..5482126041af10f5e3bb6cc1a851368104936b8c 100644
--- a/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResourceTest.java
+++ b/smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/internal/TruststoreAdminResourceTest.java
@@ -4,6 +4,7 @@ package eu.europa.ec.edelivery.smp.ui.internal;
import com.fasterxml.jackson.databind.ObjectMapper;
import eu.europa.ec.edelivery.smp.data.ui.CertificateRO;
import eu.europa.ec.edelivery.smp.data.ui.ServiceResult;
+import eu.europa.ec.edelivery.smp.data.ui.UserRO;
import eu.europa.ec.edelivery.smp.services.ui.UITruststoreService;
import eu.europa.ec.edelivery.smp.test.SmpTestWebAppConfig;
import eu.europa.ec.edelivery.smp.test.testutils.X509CertificateTestUtils;
@@ -14,31 +15,23 @@ import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.mock.web.MockServletContext;
-import org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers;
+import org.springframework.mock.web.MockHttpSession;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.jdbc.Sql;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.test.web.servlet.MockMvc;
import org.springframework.test.web.servlet.MvcResult;
-import org.springframework.test.web.servlet.request.RequestPostProcessor;
-import org.springframework.test.web.servlet.setup.MockMvcBuilders;
-import org.springframework.web.context.ContextLoaderListener;
import org.springframework.web.context.WebApplicationContext;
-import javax.servlet.ServletContextEvent;
-import javax.servlet.ServletContextListener;
import java.io.IOException;
import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.List;
+import static eu.europa.ec.edelivery.smp.test.testutils.MockMvcUtils.*;
import static eu.europa.ec.edelivery.smp.ui.ResourceConstants.CONTEXT_PATH_INTERNAL_TRUSTSTORE;
import static eu.europa.ec.edelivery.smp.ui.ResourceConstants.CONTEXT_PATH_PUBLIC_TRUSTSTORE;
import static org.junit.Assert.*;
import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.csrf;
-import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
import static org.springframework.test.context.jdbc.Sql.ExecutionPhase.BEFORE_TEST_METHOD;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.*;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
@@ -62,36 +55,27 @@ public class TruststoreAdminResourceTest {
private UITruststoreService uiTruststoreService;
private MockMvc mvc;
- private static final RequestPostProcessor SYSTEM_CREDENTIALS = httpBasic("sys_admin", "test123");
- private static final RequestPostProcessor ADMIN_CREDENTIALS = httpBasic("smp_admin", "test123");
- private static final RequestPostProcessor SG_ADMIN_CREDENTIALS = httpBasic("sg_admin", "test123");
@Before
public void setup() throws IOException {
X509CertificateTestUtils.reloadKeystores();
-
- mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
- .apply(SecurityMockMvcConfigurers.springSecurity())
- .build();
-
-
- initServletContext();
+ mvc = initializeMockMvc(webAppContext);
uiTruststoreService.refreshData();
}
- private void initServletContext() {
- MockServletContext sc = new MockServletContext("");
- ServletContextListener listener = new ContextLoaderListener(webAppContext);
- ServletContextEvent event = new ServletContextEvent(sc);
- }
@Test
public void validateInvalidCertificate() throws Exception {
- byte[] buff = (new String("Not a certficate :) ")).getBytes();
+ byte[] buff = (new String("Not a certificate :) ")).getBytes();
+
+ // login
+ MockHttpSession session = loginWithSMPAdmin(mvc);
+ // when update data
+ UserRO userRO = getLoggedUserData(mvc, session);
// given when
- mvc.perform(post(PATH_PUBLIC + "/1098765430/validate-certificate")
- .with(SYSTEM_CREDENTIALS)
+ mvc.perform(post(PATH_PUBLIC + "/"+userRO.getUserId()+"/validate-certificate")
+ .session(session)
.with(csrf())
.content(buff))
.andExpect(status().is5xxServerError())
@@ -101,10 +85,13 @@ public class TruststoreAdminResourceTest {
@Test
public void validateCertificateSystemAdmin() throws Exception {
byte[] buff = IOUtils.toByteArray(UserResourceTest.class.getResourceAsStream("/SMPtest.crt"));
-
+ // login
+ MockHttpSession session = loginWithSMPAdmin(mvc);
+ // when update data
+ UserRO userRO = getLoggedUserData(mvc, session);
// given when
- MvcResult result = mvc.perform(post(PATH_PUBLIC + "/1098765430/validate-certificate")
- .with(SYSTEM_CREDENTIALS)
+ MvcResult result = mvc.perform(post(PATH_PUBLIC + "/"+userRO.getUserId()+"/validate-certificate")
+ .session(session)
.with(csrf())
.content(buff))
.andExpect(status().isOk()).andReturn();
@@ -118,18 +105,23 @@ public class TruststoreAdminResourceTest {
assertEquals("1.2.840.113549.1.9.1=#160c736d7040746573742e636f6d,CN=SMP test,O=DIGIT,C=BE", res.getSubject());
assertEquals("3", res.getSerialNumber());
assertEquals("CN=SMP test,O=DIGIT,C=BE:0000000000000003", res.getCertificateId());
- assertEquals("sno=3&subject=1.2.840.113549.1.9.1%3D%23160c736d7040746573742e636f6d%2CCN%3DSMP+test%2CO%3DDIGIT%2CC%3DBE&validfrom=May+22+20%3A59%3A00+2018+GMT&validto=May+22+20%3A56%3A00+2019+GMT&issuer=CN%3DIntermediate+CA%2CO%3DDIGIT%2CC%3DBE", res.getBlueCoatHeader());
+ assertEquals("sno=3&subject=1.2.840.113549.1.9.1%3D%23160c736d7040746573742e636f6d%2CCN%3DSMP+test%2CO%3DDIGIT%2CC%3DBE&validfrom=May+22+20%3A59%3A00+2018+GMT&validto=May+22+20%3A56%3A00+2019+GMT&issuer=CN%3DIntermediate+CA%2CO%3DDIGIT%2CC%3DBE", res.getClientCertHeader());
}
@Test
public void validateCertificateIdWithEmailSerialNumberInSubjectCertIdTest() throws Exception {
+ // login
+ MockHttpSession session = loginWithSMPAdmin(mvc);
+ // when update data
+ UserRO userRO = getLoggedUserData(mvc, session);
+
String subject = "CN=common name,emailAddress=CEF-EDELIVERY-SUPPORT@ec.europa.eu,serialNumber=1,O=org,ST=My town,postalCode=2151, L=GreatTown,street=My Street. 20, C=BE";
String serialNumber = "1234321";
X509Certificate certificate = X509CertificateTestUtils.createX509CertificateForTest(serialNumber, subject);
byte[] buff = certificate.getEncoded();
// given when
- MvcResult result = mvc.perform(post(PATH_PUBLIC + "/1098765430/validate-certificate")
- .with(SYSTEM_CREDENTIALS)
+ MvcResult result = mvc.perform(post(PATH_PUBLIC + "/"+userRO.getUserId()+"/validate-certificate")
+ .session(session)
.with(csrf())
.content(buff))
.andExpect(status().isOk()).andReturn();
@@ -147,7 +139,7 @@ public class TruststoreAdminResourceTest {
// id and logged user not match
// given when
mvc.perform(post(PATH_PUBLIC + "/34556655/validate-certificate")
- .with(ADMIN_CREDENTIALS)
+ .with(getHttpBasicSMPAdminCredentials())
.with(csrf())
.content(buff))
.andExpect(status().isUnauthorized()).andReturn();
@@ -156,9 +148,14 @@ public class TruststoreAdminResourceTest {
@Test
public void getCertificateList() throws Exception {
// given when
+ // login
+ MockHttpSession session = loginWithSystemAdmin(mvc);
+ // when update data
+ UserRO userRO = getLoggedUserData(mvc, session);
+
int countStart = uiTruststoreService.getCertificateROEntriesList().size();
MvcResult result = mvc.perform(get(PATH_INTERNAL)
- .with(SYSTEM_CREDENTIALS)
+ .session(session)
.with(csrf()))
.andExpect(status().isOk()).andReturn();
@@ -173,18 +170,22 @@ public class TruststoreAdminResourceTest {
CertificateRO cert = mapper.convertValue(sgMap, CertificateRO.class);
assertNotNull(cert.getAlias());
assertNotNull(cert.getCertificateId());
- assertNotNull(cert.getBlueCoatHeader());
+ assertNotNull(cert.getClientCertHeader());
assertNull(cert.getEncodedValue()); // submit only metadata
});
}
@Test
public void deleteCertificateSystemAdmin() throws Exception {
+
+ MockHttpSession session = loginWithSystemAdmin(mvc);
+ UserRO userRO = getLoggedUserData(mvc, session);
+
byte[] buff = IOUtils.toByteArray(UserResourceTest.class.getResourceAsStream("/SMPtest.crt"));
int countStart = uiTruststoreService.getNormalizedTrustedList().size();
- MvcResult prepRes = mvc.perform(post(PATH_INTERNAL + "/3/upload-certificate")
- .with(SYSTEM_CREDENTIALS)
+ MvcResult prepRes = mvc.perform(post(PATH_INTERNAL + "/" + userRO.getUserId() + "/upload-certificate")
+ .session(session)
.with(csrf())
.content(buff))
.andExpect(status().isOk()).andReturn();
@@ -197,8 +198,8 @@ public class TruststoreAdminResourceTest {
assertEquals(countStart + 1, uiTruststoreService.getNormalizedTrustedList().size());
// then
- MvcResult result = mvc.perform(delete(PATH_INTERNAL + "/3/delete/" + res.getAlias())
- .with(SYSTEM_CREDENTIALS)
+ MvcResult result = mvc.perform(delete(PATH_INTERNAL + "/" + userRO.getUserId() + "/delete/" + res.getAlias())
+ .session(session)
.with(csrf())
.content(buff))
.andExpect(status().isOk()).andReturn();
@@ -206,63 +207,4 @@ public class TruststoreAdminResourceTest {
assertEquals(countStart, uiTruststoreService.getNormalizedTrustedList().size());
}
-
-/*
- @Test
- public void uploadKeystoreOK() throws Exception {
-
- int countStart = uiTruststoreService.getCertificateROEntriesList().size();
- // given when
- MvcResult result = mvc.perform(post(PATH+"/3/upload/JKS/test123")
- .with(SYSTEM_CREDENTIALS)
- .content(Files.readAllBytes(keystore)) )
- .andExpect(status().isOk()).andReturn();
-
- //them
- ObjectMapper mapper = new ObjectMapper();
- KeystoreImportResult res = mapper.readValue(result.getResponse().getContentAsString(), KeystoreImportResult.class);
-
- assertNotNull(res);
- assertNull(res.getErrorMessage());
- assertEquals(countStart+1, uiTruststoreService.getCertificateROEntriesList().size());
- }*/
-/*
- @Test
- public void deleteKeystoreEntryOK() throws Exception {
-
- int countStart = uiTruststoreService.getKeystoreEntriesList().size();
- // given when
- MvcResult result = mvc.perform(delete(PATH+"/3/delete/second_domain_alias")
- .with(SYSTEM_CREDENTIALS)
- .content(Files.readAllBytes(keystore)) )
- .andExpect(status().isOk()).andReturn();
-
- //them
- ObjectMapper mapper = new ObjectMapper();
- KeystoreImportResult res = mapper.readValue(result.getResponse().getContentAsString(), KeystoreImportResult.class);
-
- assertNotNull(res);
- assertNull(res.getErrorMessage());
- assertEquals(countStart-1, uiTruststoreService.getKeystoreEntriesList().size());
- }
-*/
-
- public List<CertificateRO> getCertificateFromEndpointList() throws Exception {
- // given when
- MvcResult result = mvc.perform(get(PATH_INTERNAL).with(SYSTEM_CREDENTIALS)).
- andExpect(status().isOk()).andReturn();
-
- //them
- ObjectMapper mapper = new ObjectMapper();
- ServiceResult res = mapper.readValue(result.getResponse().getContentAsString(), ServiceResult.class);
-
-
- List<CertificateRO> list = new ArrayList<>();
- res.getServiceEntities().forEach(sgMap -> {
- CertificateRO cert = mapper.convertValue(sgMap, CertificateRO.class);
- list.add(cert);
- assertNotNull(cert.getAlias());
- });
- return list;
- }
}
\ No newline at end of file