moved loading of root certificates to ClientFactory

5c933bd1 · Henry Borasch · 57878187 · 5c933bd1 · 5c933bd1 · 5c933bd1
Commit 5c933bd1 authored 2 years ago by Henry Borasch
--- a/client/src/main/java/dev/fitko/fitconnect/client/factory/ClientFactory.java
+++ b/client/src/main/java/dev/fitko/fitconnect/client/factory/ClientFactory.java
@@ -39,6 +39,7 @@ import dev.fitko.fitconnect.core.routing.RouteVerifier;
 import dev.fitko.fitconnect.core.routing.RoutingApiService;
 import dev.fitko.fitconnect.core.schema.SchemaResourceProvider;
 import dev.fitko.fitconnect.core.submission.SubmissionApiService;
+import dev.fitko.fitconnect.core.util.FileUtil;
 import dev.fitko.fitconnect.core.validation.DefaultValidationService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -201,7 +202,7 @@ public final class ClientFactory {
    }
    private static ValidationService getValidationService(final ApplicationConfig config, final SchemaProvider schemaProvider, final MessageDigestService messageDigestService) {
-        return new DefaultValidationService(config, messageDigestService, schemaProvider, PATH_TO_TRUSTED_ROOT_CERTIFICATES);
+        return new DefaultValidationService(config, messageDigestService, schemaProvider, FileUtil.loadContentOfFilesInDirectory(PATH_TO_TRUSTED_ROOT_CERTIFICATES));
    }
    private static CryptoService getCryptoService(final MessageDigestService messageDigestService) {

--- a/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
+++ b/core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
@@ -67,14 +67,14 @@ public class DefaultValidationService implements ValidationService {
    private final MessageDigestService messageDigestService;
    private final SchemaProvider schemaProvider;
    private final ApplicationConfig config;
-    private final String pathToTrustedRootCertificates;
+    private final List<String> rootCertificates;
    public DefaultValidationService(final ApplicationConfig config, final MessageDigestService messageDigestService,
-                                    final SchemaProvider schemaProvider, final String pathToTrustedRootCertificates) {
+                                    final SchemaProvider schemaProvider, final List<String> rootCertificates) {
        this.config = config;
        this.messageDigestService = messageDigestService;
        this.schemaProvider = schemaProvider;
-        this.pathToTrustedRootCertificates = pathToTrustedRootCertificates;
+        this.rootCertificates = rootCertificates;
    }
    @Override
@@ -239,8 +239,8 @@ public class DefaultValidationService implements ValidationService {
    private List<String> loadTrustedRootCertificates() {
-        List<X509Certificate> trustedRootCertificates = FileUtil.loadContentOfFilesInDirectory(this.pathToTrustedRootCertificates)
+        List<X509Certificate> trustedRootCertificates = rootCertificates.stream()
-                .stream().map(FileUtil::convertToX509Certificate).collect(Collectors.toList());
+                .map(FileUtil::convertToX509Certificate).collect(Collectors.toList());
        List<String> encodedCertificates = trustedRootCertificates.stream().map(cert -> {
            try {
                return Base64.encode(cert.getEncoded()).toString();

--- a/core/src/test/java/dev/fitko/fitconnect/core/events/SecurityEventTokenServiceTest.java
+++ b/core/src/test/java/dev/fitko/fitconnect/core/events/SecurityEventTokenServiceTest.java
@@ -24,6 +24,7 @@ import dev.fitko.fitconnect.api.services.validation.ValidationService;
 import dev.fitko.fitconnect.core.crypto.HashService;
 import dev.fitko.fitconnect.core.crypto.JWECryptoService;
 import dev.fitko.fitconnect.core.schema.SchemaResourceProvider;
+import dev.fitko.fitconnect.core.util.FileUtil;
 import dev.fitko.fitconnect.core.validation.DefaultValidationService;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -63,7 +64,8 @@ class SecurityEventTokenServiceTest {
        final List<String> destinationSchemas = SchemaConfig.getDestinationSchemaPaths("/destination-schema");
        final SchemaResources schemaResources = new SchemaResources(setSchemas, metadataSchemas, destinationSchemas);
        final SchemaProvider schemaProvider = new SchemaResourceProvider(schemaResources);
-        this.validationService = new DefaultValidationService(config, new HashService(), schemaProvider, "trusted-test-root-certificates");
+        this.validationService = new DefaultValidationService(config, new HashService(), schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        this.underTest = new SecurityEventTokenService(config, this.validationService, this.signingKey);
    }

--- a/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
+++ b/core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
@@ -62,7 +62,8 @@ class DefaultValidationServiceTest {
        final List<String> destinationSchemas = SchemaConfig.getDestinationSchemaPaths("/destination-schema");
        final SchemaResources schemaResources = new SchemaResources(setSchemas, metadataSchemas, destinationSchemas);
        schemaProvider = new SchemaResourceProvider(schemaResources);
-        underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+        underTest = new DefaultValidationService(config, hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
    }
    @Test
@@ -115,7 +116,8 @@ class DefaultValidationServiceTest {
        config.setEnvironments(Map.of(envName, env));
        config.setActiveEnvironment(envName);
-        final DefaultValidationService underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+        final DefaultValidationService underTest = new DefaultValidationService(config, hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        final RSAKey rsaKey = getRsaKeyWithCertChain();
@@ -131,7 +133,8 @@ class DefaultValidationServiceTest {
        // Given
        final ApplicationConfig config = getApplicationConfig(true);
-        final var underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+        final var underTest = new DefaultValidationService(config, hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        final RSAKey rsaKey = new RSAKeyGenerator(4096)
                .keyOperations(Set.of(KeyOperation.WRAP_KEY))
@@ -151,7 +154,8 @@ class DefaultValidationServiceTest {
        // Given
        final ApplicationConfig config = getApplicationConfig(false);
-        final var underTest = new DefaultValidationService(config, hashService, schemaProvider, "trusted-test-root-certificates");
+        final var underTest = new DefaultValidationService(config, hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        final RSAKey rsaKey = new RSAKeyGenerator(4096)
                .keyOperations(Set.of(KeyOperation.ENCRYPT))
@@ -371,7 +375,7 @@ class DefaultValidationServiceTest {
    void testValidDestinationPayload() {
        // Given
-        final Map<String,Object> claims = Map.of(
+        final Map<String, Object> claims = Map.of(
                "iss", "submission-service",
                "jti", UUID.randomUUID().toString(),
                "iat", new Date().getTime(),
@@ -391,7 +395,7 @@ class DefaultValidationServiceTest {
    void testDestinationPayloadIsMissingMandatoryClaims() {
        // Given
-        final Map<String,Object> claims = Map.of("test", "claim");
+        final Map<String, Object> claims = Map.of("test", "claim");
        // When
        final ValidationResult validationResult = underTest.validateDestinationSchema(claims);
@@ -442,7 +446,8 @@ class DefaultValidationServiceTest {
        when(mockedMessageDigestService.calculateHMAC(anyString(), anyString())).thenReturn("valid");
        final DefaultValidationService defaultValidationService = new DefaultValidationService(
-                new ApplicationConfig(), mockedMessageDigestService, mock(SchemaProvider.class), "trusted-test-root-certificates");
+                new ApplicationConfig(), mockedMessageDigestService, mock(SchemaProvider.class),
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        final ValidationResult validationResult = defaultValidationService.validateCallback(
                "valid", ZonedDateTime.now().toInstant().toEpochMilli(), "body", "secret");
@@ -478,7 +483,8 @@ class DefaultValidationServiceTest {
    public void productiveTransmissionServiceCertificateIsValidAccordingToRootCertificates() throws JWKValidationException, ParseException {
        DefaultValidationService defaultValidationService = new DefaultValidationService(
-                getApplicationConfig(false), hashService, schemaProvider, "trusted-root-certificates");
+                getApplicationConfig(false), hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fit-connect-zustelldienst-produktivumgebung.json"));
@@ -490,7 +496,8 @@ class DefaultValidationServiceTest {
    public void fitConnectTestCertificateIsValidAccordingToTestRootCertificates() throws JWKValidationException, ParseException {
        DefaultValidationService defaultValidationService = new DefaultValidationService(
-                getApplicationConfig(false), hashService, schemaProvider, "trusted-test-root-certificates");
+                getApplicationConfig(false), hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fitko-testzertifikat-fit-connect-1.json"));
@@ -502,7 +509,8 @@ class DefaultValidationServiceTest {
    public void revokedFitConnectTestCertificateIsInvalidAccordingToTestRootCertificates() throws JWKValidationException, ParseException {
        DefaultValidationService defaultValidationService = new DefaultValidationService(
-                getApplicationConfig(false), hashService, schemaProvider, "trusted-test-root-certificates");
+                getApplicationConfig(false), hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fitko-testzertifikat-fit-connect-2.json"));
@@ -513,7 +521,8 @@ class DefaultValidationServiceTest {
    public void fitConnectTestCertificateIsInvalidAccordingToRootCertificates() throws ParseException {
        DefaultValidationService defaultValidationService = new DefaultValidationService(
-                getApplicationConfig(false), hashService, schemaProvider, "trusted-root-certificates");
+                getApplicationConfig(false), hashService, schemaProvider,
+                FileUtil.loadContentOfFilesInDirectory("trusted-test-root-certificates"));
        RSAKey rsaKey = RSAKey.parse(FileUtil.loadContentOfFile("certificates/grp-fitko-testzertifikat-fit-connect-1.json"));