From 5c933bd1f7df5d75fc01ca58dabc844f468f04b2 Mon Sep 17 00:00:00 2001
From: Henry Borasch <Henry.Borasch@sinc.de>
Date: Tue, 7 Mar 2023 10:50:04 +0100
Subject: [PATCH] moved loading of root certificates to ClientFactory
---
.../client/factory/ClientFactory.java | 3 +-
.../validation/DefaultValidationService.java | 10 +++---
.../events/SecurityEventTokenServiceTest.java | 4 ++-
.../DefaultValidationServiceTest.java | 31 ++++++++++++-------
4 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/client/src/main/java/dev/fitko/fitconnect/client/factory/ClientFactory.java b/client/src/main/java/dev/fitko/fitconnect/client/factory/ClientFactory.java
index c4c1ed70b..b1efc7ca4 100644
--- a/client/src/main/java/dev/fitko/fitconnect/client/factory/ClientFactory.java
+++ b/client/src/main/java/dev/fitko/fitconnect/client/factory/ClientFactory.java
@@ -39,6 +39,7 @@ import dev.fitko.fitconnect.core.routing.RouteVerifier;
import dev.fitko.fitconnect.core.routing.RoutingApiService;
import dev.fitko.fitconnect.core.schema.SchemaResourceProvider;
import dev.fitko.fitconnect.core.submission.SubmissionApiService;
+import dev.fitko.fitconnect.core.util.FileUtil;
import dev.fitko.fitconnect.core.validation.DefaultValidationService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -201,7 +202,7 @@ public final class ClientFactory {
}
private static ValidationService getValidationService(final ApplicationConfig config, final SchemaProvider schemaProvider, final MessageDigestService messageDigestService) {
- return new DefaultValidationService(config, messageDigestService, schemaProvider, PATH_TO_TRUSTED_ROOT_CERTIFICATES);
+ return new DefaultValidationService(config, messageDigestService, schemaProvider, FileUtil.loadContentOfFilesInDirectory(PATH_TO_TRUSTED_ROOT_CERTIFICATES));
}
private static CryptoService getCryptoService(final MessageDigestService messageDigestService) {
diff --git a/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java b/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
index da9268e4e..9c5f29a57 100644
--- a/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
+++ b/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
@@ -67,14 +67,14 @@ public class DefaultValidationService implements ValidationService {
private final MessageDigestService messageDigestService;
private final SchemaProvider schemaProvider;
private final ApplicationConfig config;
- private final String pathToTrustedRootCertificates;
+ private final List<String> rootCertificates;
public DefaultValidationService(final ApplicationConfig config, final MessageDigestService messageDigestService,
- final SchemaProvider schemaProvider, final String pathToTrustedRootCertificates) {
+ final SchemaProvider schemaProvider, final List<String> rootCertificates) {
this.config = config;
this.messageDigestService = messageDigestService;
this.schemaProvider = schemaProvider;
- this.pathToTrustedRootCertificates = pathToTrustedRootCertificates;
+ this.rootCertificates = rootCertificates;
}
@Override
@@ -239,8 +239,8 @@ public class DefaultValidationService implements ValidationService {
private List<String> loadTrustedRootCertificates() {
- List<X509Certificate> trustedRootCertificates = FileUtil.loadContentOfFilesInDirectory(this.pathToTrustedRootCertificates)
- .stream().map(FileUtil::convertToX509Certificate).collect(Collectors.toList());
+ List<X509Certificate> trustedRootCertificates = rootCertificates.stream()
+ .map(FileUtil::convertToX509Certificate).collect(Collectors.toList());
List<String> encodedCertificates = trustedRootCertificates.stream().map(cert -> {
try {
return Base64.encode(cert.getEncoded()).toString();
diff --git a/core/src/test/java/dev/fitko/fitconnect/core/events/SecurityEventTokenServiceTest.java b/core/src/test/java/dev/fitko/fitconnect/core/events/SecurityEventTokenServiceTest.java
index 15f7f8e50..e47d725e0 100644
--- a/core/src/test/java/dev/fitko/fitconnect/core/events/SecurityEventTokenServiceTest.java
+++ b/core/src/test/java/dev/fitko/fitconnect/core/events/SecurityEventTokenServiceTest.java
@@ -24,6 +24,7 @@ import dev.fitko.fitconnect.api.services.validation.ValidationService;
import dev.fitko.fitconnect.core.crypto.HashService;
import dev.fitko.fitconnect.core.crypto.JWECryptoService;
import dev.fitko.fitconnect.core.schema.SchemaResourceProvider;
+import dev.fitko.fitconnect.core.util.FileUtil;
import dev.fitko.fitconnect.core.validation.DefaultValidationService;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@@ -63,7 +64,8 @@ class SecurityEventTokenServiceTest {
final List<String> destinationSchemas = SchemaConfig.getDestinationSchemaPaths("/destination-schema");
final SchemaResources schemaResources = new SchemaResources(setSchemas, metadataSchemas, destinationSchemas);
final SchemaProvider schemaProvider = new SchemaResourceProvider(schemaResources);
- this.validationService = new DefaultValidationService(config, new HashService(), schemaProvider, "trusted-test-root-certificates");
+ this.validationService = new DefaultValidationService(config, new HashService(), schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
this.underTest = new SecurityEventTokenService(config, this.validationService, this.signingKey);
}
diff --git a/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java b/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
index fb0c5aa03..f5b53d572 100644
--- a/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
+++ b/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
@@ -62,7 +62,8 @@ class DefaultValidationServiceTest {
final List<String> destinationSchemas = SchemaConfig.getDestinationSchemaPaths("/destination-schema");
final SchemaResources schemaResources = new SchemaResources(setSchemas, metadataSchemas, destinationSchemas);
schemaProvider = new SchemaResourceProvider(schemaResources);
- underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+ underTest = new DefaultValidationService(config, hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
}
@Test
@@ -115,7 +116,8 @@ class DefaultValidationServiceTest {
config.setEnvironments(Map.of(envName, env));
config.setActiveEnvironment(envName);
- final DefaultValidationService underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+ final DefaultValidationService underTest = new DefaultValidationService(config, hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
final RSAKey rsaKey = getRsaKeyWithCertChain();
@@ -131,7 +133,8 @@ class DefaultValidationServiceTest {
// Given
final ApplicationConfig config = getApplicationConfig(true);
- final var underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+ final var underTest = new DefaultValidationService(config, hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
final RSAKey rsaKey = new RSAKeyGenerator(4096)
.keyOperations(Set.of(KeyOperation.WRAP_KEY))
@@ -151,7 +154,8 @@ class DefaultValidationServiceTest {
// Given
final ApplicationConfig config = getApplicationConfig(false);
- final var underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+ final var underTest = new DefaultValidationService(config, hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
final RSAKey rsaKey = new RSAKeyGenerator(4096)
.keyOperations(Set.of(KeyOperation.ENCRYPT))
@@ -371,7 +375,7 @@ class DefaultValidationServiceTest {
void testValidDestinationPayload() {
// Given
- final Map<String,Object> claims = Map.of(
+ final Map<String, Object> claims = Map.of(
"iss", "submission-service",
"jti", UUID.randomUUID().toString(),
"iat", new Date().getTime(),
@@ -391,7 +395,7 @@ class DefaultValidationServiceTest {
void testDestinationPayloadIsMissingMandatoryClaims() {
// Given
- final Map<String,Object> claims = Map.of("test", "claim");
+ final Map<String, Object> claims = Map.of("test", "claim");
// When
final ValidationResult validationResult = underTest.validateDestinationSchema(claims);
@@ -442,7 +446,8 @@ class DefaultValidationServiceTest {
when(mockedMessageDigestService.calculateHMAC(anyString(), anyString())).thenReturn("valid");
final DefaultValidationService defaultValidationService = new DefaultValidationService(
- new ApplicationConfig(), mockedMessageDigestService, mock(SchemaProvider.class), "trusted-test-root-certificates");
+ new ApplicationConfig(), mockedMessageDigestService, mock(SchemaProvider.class),
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
final ValidationResult validationResult = defaultValidationService.validateCallback(
"valid", ZonedDateTime.now().toInstant().toEpochMilli(), "body", "secret");
@@ -478,7 +483,8 @@ class DefaultValidationServiceTest {
public void productiveTransmissionServiceCertificateIsValidAccordingToRootCertificates() throws JWKValidationException, ParseException {
DefaultValidationService defaultValidationService = new DefaultValidationService(
- getApplicationConfig(false), hashService, schemaProvider, "trusted-root-certificates");
+ getApplicationConfig(false), hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fit-connect-zustelldienst-produktivumgebung.json"));
@@ -490,7 +496,8 @@ class DefaultValidationServiceTest {
public void fitConnectTestCertificateIsValidAccordingToTestRootCertificates() throws JWKValidationException, ParseException {
DefaultValidationService defaultValidationService = new DefaultValidationService(
- getApplicationConfig(false), hashService, schemaProvider, "trusted-test-root-certificates");
+ getApplicationConfig(false), hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fitko-testzertifikat-fit-connect-1.json"));
@@ -502,7 +509,8 @@ class DefaultValidationServiceTest {
public void revokedFitConnectTestCertificateIsInvalidAccordingToTestRootCertificates() throws JWKValidationException, ParseException {
DefaultValidationService defaultValidationService = new DefaultValidationService(
- getApplicationConfig(false), hashService, schemaProvider, "trusted-test-root-certificates");
+ getApplicationConfig(false), hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fitko-testzertifikat-fit-connect-2.json"));
@@ -513,7 +521,8 @@ class DefaultValidationServiceTest {
public void fitConnectTestCertificateIsInvalidAccordingToRootCertificates() throws ParseException {
DefaultValidationService defaultValidationService = new DefaultValidationService(
- getApplicationConfig(false), hashService, schemaProvider, "trusted-root-certificates");
+ getApplicationConfig(false), hashService, schemaProvider,
+ FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fitko-testzertifikat-fit-connect-1.json"));
--
GitLab