.mvn/wrapper/MavenWrapperDownloader.java

+/*
+ * Copyright 2007-present the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+import java.net.*;
+import java.io.*;
+import java.nio.channels.*;
+import java.util.Properties;
+
+public class MavenWrapperDownloader {
+
+    private static final String WRAPPER_VERSION = "0.5.6";
+    /**
+     * Default URL to download the maven-wrapper.jar from, if no 'downloadUrl' is provided.
+     */
+    private static final String DEFAULT_DOWNLOAD_URL = "https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/"
+        + WRAPPER_VERSION + "/maven-wrapper-" + WRAPPER_VERSION + ".jar";
+
+    /**
+     * Path to the maven-wrapper.properties file, which might contain a downloadUrl property to
+     * use instead of the default one.
+     */
+    private static final String MAVEN_WRAPPER_PROPERTIES_PATH =
+            ".mvn/wrapper/maven-wrapper.properties";
+
+    /**
+     * Path where the maven-wrapper.jar will be saved to.
+     */
+    private static final String MAVEN_WRAPPER_JAR_PATH =
+            ".mvn/wrapper/maven-wrapper.jar";
+
+    /**
+     * Name of the property which should be used to override the default download url for the wrapper.
+     */
+    private static final String PROPERTY_NAME_WRAPPER_URL = "wrapperUrl";
+
+    public static void main(String args[]) {
+        System.out.println("- Downloader started");
+        File baseDirectory = new File(args[0]);
+        System.out.println("- Using base directory: " + baseDirectory.getAbsolutePath());
+
+        // If the maven-wrapper.properties exists, read it and check if it contains a custom
+        // wrapperUrl parameter.
+        File mavenWrapperPropertyFile = new File(baseDirectory, MAVEN_WRAPPER_PROPERTIES_PATH);
+        String url = DEFAULT_DOWNLOAD_URL;
+        if(mavenWrapperPropertyFile.exists()) {
+            FileInputStream mavenWrapperPropertyFileInputStream = null;
+            try {
+                mavenWrapperPropertyFileInputStream = new FileInputStream(mavenWrapperPropertyFile);
+                Properties mavenWrapperProperties = new Properties();
+                mavenWrapperProperties.load(mavenWrapperPropertyFileInputStream);
+                url = mavenWrapperProperties.getProperty(PROPERTY_NAME_WRAPPER_URL, url);
+            } catch (IOException e) {
+                System.out.println("- ERROR loading '" + MAVEN_WRAPPER_PROPERTIES_PATH + "'");
+            } finally {
+                try {
+                    if(mavenWrapperPropertyFileInputStream != null) {
+                        mavenWrapperPropertyFileInputStream.close();
+                    }
+                } catch (IOException e) {
+                    // Ignore ...
+                }
+            }
+        }
+        System.out.println("- Downloading from: " + url);
+
+        File outputFile = new File(baseDirectory.getAbsolutePath(), MAVEN_WRAPPER_JAR_PATH);
+        if(!outputFile.getParentFile().exists()) {
+            if(!outputFile.getParentFile().mkdirs()) {
+                System.out.println(
+                        "- ERROR creating output directory '" + outputFile.getParentFile().getAbsolutePath() + "'");
+            }
+        }
+        System.out.println("- Downloading to: " + outputFile.getAbsolutePath());
+        try {
+            downloadFileFromURL(url, outputFile);
+            System.out.println("Done");
+            System.exit(0);
+        } catch (Throwable e) {
+            System.out.println("- Error downloading");
+            e.printStackTrace();
+            System.exit(1);
+        }
+    }
+
+    private static void downloadFileFromURL(String urlString, File destination) throws Exception {
+        if (System.getenv("MVNW_USERNAME") != null && System.getenv("MVNW_PASSWORD") != null) {
+            String username = System.getenv("MVNW_USERNAME");
+            char[] password = System.getenv("MVNW_PASSWORD").toCharArray();
+            Authenticator.setDefault(new Authenticator() {
+                @Override
+                protected PasswordAuthentication getPasswordAuthentication() {
+                    return new PasswordAuthentication(username, password);
+                }
+            });
+        }
+        URL website = new URL(urlString);
+        ReadableByteChannel rbc;
+        rbc = Channels.newChannel(website.openStream());
+        FileOutputStream fos = new FileOutputStream(destination);
+        fos.getChannel().transferFrom(rbc, 0, Long.MAX_VALUE);
+        fos.close();
+        rbc.close();
+    }
+
+}

.mvn/wrapper/maven-wrapper.properties

+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar

api/src/main/java/de/fitko/fitconnect/api/config/ApplicationConfig.java

@@ -8,6 +8,8 @@ public class ApplicationConfig {
     private String httpProxyHost = "";
     private Integer httpProxyPort = 0;
     private Integer requestTimeoutInSeconds;
+    private String metadataSchemaPath;
+    private String privateSigningKeyPath;
 
     private Sender sender;
     private Subscriber subscriber;

api/src/main/java/de/fitko/fitconnect/api/config/Subscriber.java

@@ -8,7 +8,5 @@ public class Subscriber {
     private String clientId;
     private String clientSecret;
     private String privateDecryptionKeyPath;
-    private String privateSigningKeyPath;
-    private String metadataSchemaPath;
     private String securityEventTokenSchemaPath;
 }

api/src/main/java/de/fitko/fitconnect/api/services/Sender.java

@@ -38,6 +38,14 @@ public interface Sender {
      */
     ValidationResult validatePublicKey(final RSAKey publicKey);
 
+    /**
+     * Validates the {@link Metadata} structure against a given JSON-schema to ensure its correctness.
+     *
+     * @param metadata the {@link Metadata} object that is validated
+     * @return a {@link ValidationResult}, contains an error if the {@link Metadata} is invalid or doesn't match the schema
+     */
+    ValidationResult validateMetadata(Metadata metadata, String schema);
+
     /**
      * Encrypts the submission data payload (json or xml) with JWE (JSON-Web-Encryption).
      *
@@ -115,4 +123,14 @@ public interface Sender {
      * @return the destination
      */
     Destination getDestination(UUID destinationId);
+
+    /**
+     * Sends a rejection event if the submission violates any validation rule.
+     *
+     * @param submissionId unique identifier of submission
+     * @param destinationId unique identifier of destination
+     * @param caseId unique identifier of case
+     * @see <a href="https://docs.fitko.de/fit-connect/docs/receiving/process-and-acknowledge">Process And Acknowledge</a>
+     */
+    void rejectSubmission(UUID submissionId, UUID destinationId, UUID caseId);
 }

client/pom.xml

@@ -76,7 +76,7 @@
                 <!-- Build an executable JAR -->
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-jar-plugin</artifactId>
-                <version>3.2.1</version>
+                <version>3.2.2</version>
                 <configuration>
                     <archive>
                         <manifest>

client/src/main/java/de/fitko/fitconnect/client/SenderClient.java

@@ -45,8 +45,8 @@ public class SenderClient {
     private SenderClient() {
     }
 
-    public static WithDestination build(final Sender sender) {
-        return new ClientBuilder(sender);
+    public static WithDestination build(final Sender sender, final String metadataSchema) {
+        return new ClientBuilder(sender, metadataSchema);
     }
 
     public interface WithDestination {
@@ -159,10 +159,12 @@ public class SenderClient {
         private DataPayload dataPayload;
         private UUID destinationId;
         private ServiceType serviceType;
+        private final String metadataSchema;
         private List<File> attachments = new ArrayList<>();
 
-        public ClientBuilder(final Sender sender) {
+        public ClientBuilder(final Sender sender, final String metadataSchema) {
             this.sender = sender;
+            this.metadataSchema = metadataSchema;
         }
 
         @Override
@@ -239,9 +241,16 @@ public class SenderClient {
 
                 /** Set encrypted metadata with data payload and attachments  **/
                 logger.info("Adding data payload with mime-type {} to submission", this.dataPayload.mimeType);
-                final DataPayload data = getEncryptedData(this.dataPayload, destination, encryptionKey);
-                submission.setEncryptedData(data.getEncryptedData());
-                submission.setEncryptedMetadata(getEncryptedMetadata(encryptionKey, data, hashedAttachments));
+                final DataPayload dataToSend = getEncryptedData(this.dataPayload, destination, encryptionKey);
+                final Metadata metadata = createMetadata(hashedAttachments, dataToSend);
+                final ValidationResult validatedMetadata = sender.validateMetadata(metadata, metadataSchema);
+                if (validatedMetadata.hasError()) {
+                    logger.error("Metadata does not match schema", validatedMetadata.getError());
+                    sender.rejectSubmission(submissionId, destinationId, announcedSubmission.getCaseId());
+                    return Optional.empty();
+                }
+                submission.setEncryptedData(dataToSend.getEncryptedData());
+                submission.setEncryptedMetadata(sender.encryptObject(encryptionKey, metadata));
 
                 /** submit submission **/
                 sender.sendSubmission(submission);
@@ -277,11 +286,6 @@ public class SenderClient {
                     .withHashedData(hashedData);
         }
 
-        private String getEncryptedMetadata(final RSAKey encryptionKey, final DataPayload dataPayload, final List<Attachment> hashedAttachments) {
-            final Metadata metadata = createMetadata(hashedAttachments, dataPayload);
-            return sender.encryptObject(encryptionKey, metadata);
-        }
-
         private List<Attachment> toHashedAttachments(final List<AttachmentPayload> attachmentPayloads) {
             return attachmentPayloads.stream()
                     .map(this::toHashedAttachment)

client/src/main/java/de/fitko/fitconnect/client/factory/ClientFactory.java

@@ -73,7 +73,11 @@ public class ClientFactory {
         logger.info(SENDER_BANNER);
         logger.info("Initializing sender client ...");
         final Sender sender = getSender(config);
-        return SenderClient.build(sender);
+
+        logger.info("Reading metadata schema from {} ", config.getMetadataSchemaPath());
+        final String metadataSchema = readPath(config.getMetadataSchemaPath());
+
+        return SenderClient.build(sender, metadataSchema);
     }
 
 
@@ -96,19 +100,18 @@ public class ClientFactory {
         logger.info(SUBSCRIBER_BANNER);
         logger.info("Initializing subscriber client ...");
         final Subscriber subscriber = getSubscriber(config);
-        final de.fitko.fitconnect.api.config.Subscriber subscriberConfig = config.getSubscriber();
+        final var subscriberConfig = config.getSubscriber();
 
         logger.info("Reading private key from {} ", subscriberConfig.getPrivateDecryptionKeyPath());
         final String privateKey = readPath(subscriberConfig.getPrivateDecryptionKeyPath());
 
-        logger.info("Reading metadata schema from {} ", subscriberConfig.getMetadataSchemaPath());
-        final String metadataSchema = readPath(subscriberConfig.getMetadataSchemaPath());
+        logger.info("Reading metadata schema from {} ", config.getMetadataSchemaPath());
+        final String metadataSchema = readPath(config.getMetadataSchemaPath());
 
         // TODO read SET-Event Token schema
         return SubscriberClient.builder(subscriber, privateKey, metadataSchema);
     }
 
-
     private static Subscriber getSubscriber(final ApplicationConfig config) {
         final CryptoService cryptoService = getCryptoService();
         final ValidationService validator = getValidatorService();
@@ -124,12 +127,12 @@ public class ClientFactory {
         final CryptoService cryptoService = getCryptoService();
         final ValidationService validator = getValidatorService();
         final RestTemplate restTemplate = getRestTemplate(config);
-
         final OAuthService authService = getSenderConfiguredAuthService(config, restTemplate);
         final EventLogService eventLogService = getEventLogService(config,restTemplate, authService);
         final SubmissionService submissionService = getSubmissionService(config,restTemplate, authService);
         final DestinationService destinationService = getDestinationApiService(config,restTemplate, authService);
-        return new SubmissionSender(destinationService, submissionService, eventLogService, cryptoService, validator);
+        final SecurityEventService setService = getSecurityEventTokenService(config);
+        return new SubmissionSender(destinationService, submissionService, eventLogService, cryptoService, validator, setService);
     }
 
     private static OAuthService getSenderConfiguredAuthService(final ApplicationConfig config, final RestTemplate restTemplate) {
@@ -176,8 +179,8 @@ public class ClientFactory {
     }
 
     private static SecurityEventTokenService getSecurityEventTokenService(final ApplicationConfig config) {
-        logger.info("Reading private signing key from {} ", config.getSubscriber().getPrivateSigningKeyPath());
-        final String signingKey = readPath(config.getSubscriber().getPrivateSigningKeyPath());
+        logger.info("Reading private signing key from {} ", config.getPrivateSigningKeyPath());
+        final String signingKey = readPath(config.getPrivateSigningKeyPath());
         return new SecurityEventTokenService(signingKey);
     }
 

client/src/test/java/de/fitko/fitconnect/client/ClientIntegrationTest.java

@@ -112,8 +112,6 @@ public class ClientIntegrationTest {
         subscriber.setClientId(System.getenv("SUBSCRIBER_CLIENT_ID"));
         subscriber.setClientSecret(System.getenv("SUBSCRIBER_CLIENT_SECRET"));
         subscriber.setPrivateDecryptionKeyPath("src/test/resources/private_decryption_test_key.json");
-        subscriber.setPrivateSigningKeyPath("src/test/resources/private_test_signing_key.json");
-        subscriber.setMetadataSchemaPath("src/test/resources/metadata_schema.json");
 
         final var resourcePaths = new ResourcePaths();
         resourcePaths.setAuthTokenPath("/token");
@@ -130,6 +128,8 @@ public class ClientIntegrationTest {
         config.setEnvironments(environments);
         config.setUsedEnvironment(TEST);
         config.setResourcePaths(resourcePaths);
+        config.setMetadataSchemaPath("src/test/resources/metadata_schema.json");
+        config.setPrivateSigningKeyPath("src/test/resources/private_test_signing_key.json");
 
         return config;
     }

client/src/test/java/de/fitko/fitconnect/client/SenderClientTest.java

@@ -11,10 +11,7 @@ import de.fitko.fitconnect.api.domain.model.metadata.data.SubmissionSchema;
 import de.fitko.fitconnect.api.domain.model.submission.SubmissionForPickup;
 import de.fitko.fitconnect.api.domain.model.submission.SubmitSubmission;
 import de.fitko.fitconnect.api.domain.validation.ValidationResult;
-import de.fitko.fitconnect.api.exceptions.EncryptionException;
-import de.fitko.fitconnect.api.exceptions.KeyNotRetrievedException;
-import de.fitko.fitconnect.api.exceptions.RestApiException;
-import de.fitko.fitconnect.api.exceptions.SubmissionNotCreatedException;
+import de.fitko.fitconnect.api.exceptions.*;
 import de.fitko.fitconnect.api.services.Sender;
 import io.github.netmikey.logunit.api.LogCapturer;
 import org.junit.jupiter.api.BeforeEach;
@@ -23,6 +20,7 @@ import org.junit.jupiter.api.extension.RegisterExtension;
 import org.mockito.Mockito;
 
 import java.io.File;
+import java.io.IOException;
 import java.net.URI;
 import java.util.List;
 import java.util.Optional;
@@ -44,9 +42,9 @@ public class SenderClientTest {
     private SenderClient.WithDestination underTest;
 
     @BeforeEach
-    public void setup() {
+    public void setup() throws IOException {
         senderMock = Mockito.mock(Sender.class);
-        underTest = SenderClient.build(senderMock);
+        underTest = SenderClient.build(senderMock, "");
     }
 
     @Test
@@ -67,6 +65,8 @@ public class SenderClientTest {
         when(senderMock.createSubmission(any())).thenReturn(announcedSubmission);
         when(senderMock.validatePublicKey(any())).thenReturn(ValidationResult.ok());
         when(senderMock.getEncryptionKeyForDestination(any(), any())).thenReturn(publicKey);
+        when(senderMock.validateMetadata(any(), any())).thenReturn(ValidationResult.ok());
+
 
         // When
         final var submission = underTest
@@ -100,6 +100,7 @@ public class SenderClientTest {
         when(senderMock.createSubmission(any())).thenReturn(announcedSubmission);
         when(senderMock.validatePublicKey(any())).thenReturn(ValidationResult.ok());
         when(senderMock.getEncryptionKeyForDestination(any(), any())).thenReturn(publicKey);
+        when(senderMock.validateMetadata(any(), any())).thenReturn(ValidationResult.ok());
 
         // When
         final var submission = underTest
@@ -407,6 +408,24 @@ public class SenderClientTest {
         logs.assertContains("Getting encryption key for destination "+ destinationId+" failed");
     }
 
+    @Test
+    public void testFailOnInvalidMetadata() throws Exception {
+
+        // Given
+        final var destinationId = setupTestMocks();
+        when(senderMock.validateMetadata(any(), any())).thenReturn(ValidationResult.error(new ValidationException("invalid metadata")));
+
+        // When
+        final Optional<SubmitSubmission> submission = underTest
+                .withDestination(destinationId)
+                .withServiceType("name", "test:key")
+                .withJsonData("{}")
+                .submit();
+
+        assertTrue(submission.isEmpty());
+        logs.assertContains("Metadata does not match schema");
+    }
+
     private UUID setupTestMocks() throws JOSEException {
         final var destinationId = UUID.randomUUID();
         final var destination = getDestination(destinationId);
@@ -418,6 +437,8 @@ public class SenderClientTest {
         when(senderMock.createSubmission(any())).thenReturn(announcedSubmission);
         when(senderMock.validatePublicKey(any())).thenReturn(ValidationResult.ok());
         when(senderMock.getEncryptionKeyForDestination(any(), any())).thenReturn(publicKey);
+        when(senderMock.validateMetadata(any(), any())).thenReturn(ValidationResult.ok());
+
         return destinationId;
     }
 

client/src/test/java/de/fitko/fitconnect/client/factory/ClientFactoryTest.java

@@ -38,6 +38,8 @@ public class ClientFactoryTest {
         senderConfig.setSender(sender);
         senderConfig.setUsedEnvironment(DEV);
         senderConfig.setResourcePaths(resourcePaths);
+        senderConfig.setMetadataSchemaPath("src/test/resources/metadata_schema.json");
+        senderConfig.setPrivateSigningKeyPath("src/test/resources/private_test_signing_key.json");
 
         assertNotNull(ClientFactory.senderClient(senderConfig));
     }
@@ -57,8 +59,6 @@ public class ClientFactoryTest {
         subscriber.setClientSecret("123");
         subscriber.setClientSecret("abc");
         subscriber.setPrivateDecryptionKeyPath("src/test/resources/private_decryption_test_key.json");
-        subscriber.setPrivateSigningKeyPath("src/test/resources/private_test_signing_key.json");
-        subscriber.setMetadataSchemaPath("src/test/resources/metadata_schema.json");
 
         final var subscriberConfig = new ApplicationConfig();
         subscriberConfig.setHttpProxyHost("https://proxy.fitco.de");
@@ -67,6 +67,8 @@ public class ClientFactoryTest {
         subscriberConfig.setSubscriber(subscriber);
         subscriberConfig.setUsedEnvironment(DEV);
         subscriberConfig.setResourcePaths(resourcePaths);
+        subscriberConfig.setMetadataSchemaPath("src/test/resources/metadata_schema.json");
+        subscriberConfig.setPrivateSigningKeyPath("src/test/resources/private_test_signing_key.json");
 
         assertNotNull(ClientFactory.subscriberClient(subscriberConfig));
     }

core/src/main/java/de/fitko/fitconnect/core/SubmissionSender.java

@@ -5,6 +5,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import com.nimbusds.jose.jwk.RSAKey;
 import de.fitko.fitconnect.api.domain.model.destination.Destination;
 import de.fitko.fitconnect.api.domain.model.jwk.JWK;
+import de.fitko.fitconnect.api.domain.model.metadata.Metadata;
 import de.fitko.fitconnect.api.domain.model.submission.CreateSubmission;
 import de.fitko.fitconnect.api.domain.model.submission.SubmissionForPickup;
 import de.fitko.fitconnect.api.domain.model.submission.SubmitSubmission;
@@ -17,6 +18,7 @@ import de.fitko.fitconnect.api.services.Sender;
 import de.fitko.fitconnect.api.services.crypto.CryptoService;
 import de.fitko.fitconnect.api.services.destination.DestinationService;
 import de.fitko.fitconnect.api.services.events.EventLogService;
+import de.fitko.fitconnect.api.services.events.SecurityEventService;
 import de.fitko.fitconnect.api.services.submission.SubmissionService;
 import de.fitko.fitconnect.api.services.validation.ValidationService;
 import org.slf4j.Logger;
@@ -33,19 +35,22 @@ public class SubmissionSender implements Sender {
     private final CryptoService cryptoService;
     private final DestinationService destinationService;
     private final SubmissionService submissionService;
-    private final EventLogService evenLogService;
+    private final EventLogService eventLogService;
+    private final SecurityEventService securityEventService;
 
     public SubmissionSender(final DestinationService destinationService,
                             final SubmissionService submissionService,
                             final EventLogService eventLogService,
                             final CryptoService encryptionService,
-                            final ValidationService validationService) {
+                            final ValidationService validationService,
+                            final SecurityEventService securityEventService) {
 
         this.destinationService = destinationService;
         this.submissionService = submissionService;
-        this.evenLogService = eventLogService;
+        this.eventLogService = eventLogService;
         this.cryptoService = encryptionService;
         this.validationService = validationService;
+        this.securityEventService =  securityEventService;
     }
 
     @Override
@@ -54,6 +59,11 @@ public class SubmissionSender implements Sender {
         return validationService.validatePublicKey(publicKey);
     }
 
+    @Override
+    public ValidationResult validateMetadata(final Metadata metadata, final String schema) {
+        return validationService.validateMetadataSchema(schema, metadata);
+    }
+
     @Override
     public String encryptBytes(final RSAKey publicKey, final byte[] data) {
         logger.info("Encrypting ...");
@@ -110,4 +120,11 @@ public class SubmissionSender implements Sender {
         return destinationService.getDestination(destinationId);
     }
 
+    @Override
+    public void rejectSubmission(final UUID submissionId, final UUID destinationId, final UUID caseId) {
+        final String rejectSubmissionEvent = securityEventService.createRejectSubmissionEvent(submissionId, destinationId, caseId);
+        eventLogService.sendEvent(caseId, rejectSubmissionEvent);
+        logger.info("REJECTED submission {}", submissionId);
+    }
+
 }

core/src/test/java/de/fitko/fitconnect/core/SubmissionSenderTest.java

@@ -7,26 +7,29 @@ import com.nimbusds.jose.jwk.RSAKey;
 import com.nimbusds.jose.jwk.gen.RSAKeyGenerator;
 import de.fitko.fitconnect.api.domain.model.destination.Destination;
 import de.fitko.fitconnect.api.domain.model.jwk.JWK;
+import de.fitko.fitconnect.api.domain.model.metadata.ContentStructure;
 import de.fitko.fitconnect.api.domain.model.metadata.Metadata;
+import de.fitko.fitconnect.api.domain.model.metadata.PublicServiceType;
+import de.fitko.fitconnect.api.domain.model.metadata.attachment.Attachment;
+import de.fitko.fitconnect.api.domain.model.metadata.data.*;
 import de.fitko.fitconnect.api.domain.model.submission.*;
 import de.fitko.fitconnect.api.domain.validation.ValidationResult;
-import de.fitko.fitconnect.api.exceptions.EncryptionException;
-import de.fitko.fitconnect.api.exceptions.KeyNotRetrievedException;
-import de.fitko.fitconnect.api.exceptions.MetadataNotCreatedException;
-import de.fitko.fitconnect.api.exceptions.RestApiException;
+import de.fitko.fitconnect.api.exceptions.*;
 import de.fitko.fitconnect.api.services.Sender;
 import de.fitko.fitconnect.api.services.crypto.CryptoService;
 import de.fitko.fitconnect.api.services.destination.DestinationService;
 import de.fitko.fitconnect.api.services.events.EventLogService;
 import de.fitko.fitconnect.api.services.submission.SubmissionService;
 import de.fitko.fitconnect.api.services.validation.ValidationService;
+import de.fitko.fitconnect.core.events.SecurityEventTokenService;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
-import org.mockito.Mockito;
 
 import java.io.IOException;
+import java.net.URI;
 import java.text.ParseException;
 import java.util.Collections;
+import java.util.List;
 import java.util.UUID;
 
 import static org.hamcrest.MatcherAssert.assertThat;
@@ -43,24 +46,26 @@ public class SubmissionSenderTest {
     private EventLogService eventLogServiceMock;
     private CryptoService cryptoServiceMock;
     private ValidationService validationServiceMock;
+    private SecurityEventTokenService setEventServiceMock;
 
     private Sender underTest;
 
     @BeforeEach
     public void setUp() {
-
-        destinationServiceMock = Mockito.mock(DestinationService.class);
-        submissionServiceMock = Mockito.mock(SubmissionService.class);
-        eventLogServiceMock = Mockito.mock(EventLogService.class);
-        cryptoServiceMock = Mockito.mock(CryptoService.class);
-        validationServiceMock = Mockito.mock(ValidationService.class);
+        this.destinationServiceMock = mock(DestinationService.class);
+        this.submissionServiceMock = mock(SubmissionService.class);
+        this.eventLogServiceMock = mock(EventLogService.class);
+        this.cryptoServiceMock = mock(CryptoService.class);
+        this.validationServiceMock = mock(ValidationService.class);
+        this.setEventServiceMock = mock(SecurityEventTokenService.class);
 
         underTest = new SubmissionSender(
                 destinationServiceMock,
                 submissionServiceMock,
                 eventLogServiceMock,
                 cryptoServiceMock,
-                validationServiceMock
+                validationServiceMock,
+                setEventServiceMock
         );
     }
 
@@ -169,7 +174,7 @@ public class SubmissionSenderTest {
         final JWK jwk = new ObjectMapper().readValue(publicKeyJson, JWK.class);
         final RSAKey expectedRSAKey = RSAKey.parse(publicKeyJson);
 
-        when(destinationServiceMock.getEncryptionKey(any(),any())).thenReturn(jwk);
+        when(destinationServiceMock.getEncryptionKey(any(), any())).thenReturn(jwk);
 
         // When
         final RSAKey key = underTest.getEncryptionKeyForDestination(submissionId, jwk.getKid());
@@ -182,7 +187,7 @@ public class SubmissionSenderTest {
     public void getEncryptionKeyForDestinationFailed() {
 
         // Given
-        when(destinationServiceMock.getEncryptionKey(any(),any())).thenThrow(RestApiException.class);
+        when(destinationServiceMock.getEncryptionKey(any(), any())).thenThrow(RestApiException.class);
 
         // Then
         assertThrows(
@@ -276,6 +281,37 @@ public class SubmissionSenderTest {
         assertThat(destination, equalTo(expectedDestination));
     }
 
+    @Test
+    public void testValidMetadata() {
+
+        // Given
+        final var metadata = new Metadata();
+
+        when(validationServiceMock.validateMetadataSchema(any(), any())).thenReturn(ValidationResult.ok());
+
+        // When
+        final ValidationResult validatedMetadata = underTest.validateMetadata(metadata, "metadataSchema");
+
+        // Then
+        assertTrue(validatedMetadata.isValid());
+    }
+
+    @Test
+    public void testInvalidMetadata() {
+
+        // Given
+        final var invalidMetadata = new Metadata();
+        final ValidationResult expectedResult = ValidationResult.error(new ValidationException("invalid metadata"));
+        when(validationServiceMock.validateMetadataSchema(any(), any())).thenReturn(expectedResult);
+
+        // When
+        final ValidationResult validatedMetadata = underTest.validateMetadata(invalidMetadata, "metadataSchema");
+
+        // Then
+        assertTrue(validatedMetadata.hasError());
+        assertThat(validatedMetadata.getError().getMessage(), equalTo("invalid metadata"));
+    }
+
     private String getResourceAsString(final String filename) throws IOException {
         return new String(SubmissionSenderTest.class.getResourceAsStream(filename).readAllBytes());
     }

core/src/test/java/de/fitko/fitconnect/core/events/SecurityEventTokenServiceTest.java

@@ -6,7 +6,6 @@ import com.nimbusds.jose.JWSHeader;
 import com.nimbusds.jose.JWSVerifier;
 import com.nimbusds.jose.crypto.RSASSAVerifier;
 import com.nimbusds.jose.jwk.JWK;
-import com.nimbusds.jose.shaded.json.JSONObject;
 import com.nimbusds.jwt.JWTClaimsSet;
 import com.nimbusds.jwt.SignedJWT;
 import de.fitko.fitconnect.api.exceptions.InvalidSigningKeyException;
@@ -18,6 +17,7 @@ import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
 import java.text.ParseException;
+import java.util.Map;
 import java.util.Optional;
 import java.util.UUID;
 
@@ -46,7 +46,7 @@ public class SecurityEventTokenServiceTest {
         final JWTClaimsSet payload = signedJWT.getJWTClaimsSet();
         final JWSVerifier jwsVerifier = new RSASSAVerifier(jwk.toRSAKey());
 
-        final JSONObject obj = (JSONObject) payload.getClaims().get("events");
+        final Map<String,Object> obj = (Map<String, Object>) payload.getClaims().get("events");
         final Optional<String> first = obj.keySet().stream().findFirst();
 
         assertEquals(jwk.getAlgorithm(), JWSAlgorithm.PS512);
@@ -71,7 +71,7 @@ public class SecurityEventTokenServiceTest {
         assertEquals(jwk.getAlgorithm(), JWSAlgorithm.PS512);
 
         final JWTClaimsSet payload = signedJWT.getJWTClaimsSet();
-        final JSONObject obj = (JSONObject) payload.getClaims().get("events");
+        final Map<String,Object> obj = (Map<String, Object>) payload.getClaims().get("events");
         final Optional<String> first = obj.keySet().stream().findFirst();
         final JWSVerifier jwsVerifier = new RSASSAVerifier(jwk.toRSAKey());
 

mvnw

+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Maven Start Up Batch script
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   M2_HOME - location of maven2's installed home dir
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "`uname`" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        export JAVA_HOME="`/usr/libexec/java_home`"
+      else
+        export JAVA_HOME="/Library/Java/Home"
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=`java-config --jre-home`
+  fi
+fi
+
+if [ -z "$M2_HOME" ] ; then
+  ## resolve links - $0 may be a link to maven's home
+  PRG="$0"
+
+  # need this for relative symlinks
+  while [ -h "$PRG" ] ; do
+    ls=`ls -ld "$PRG"`
+    link=`expr "$ls" : '.*-> \(.*\)$'`
+    if expr "$link" : '/.*' > /dev/null; then
+      PRG="$link"
+    else
+      PRG="`dirname "$PRG"`/$link"
+    fi
+  done
+
+  saveddir=`pwd`
+
+  M2_HOME=`dirname "$PRG"`/..
+
+  # make it fully qualified
+  M2_HOME=`cd "$M2_HOME" && pwd`
+
+  cd "$saveddir"
+  # echo Using m2 at $M2_HOME
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --unix "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --unix "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --unix "$CLASSPATH"`
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME="`(cd "$M2_HOME"; pwd)`"
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME="`(cd "$JAVA_HOME"; pwd)`"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="`which javac`"
+  if [ -n "$javaExecutable" ] && ! [ "`expr \"$javaExecutable\" : '\([^ ]*\)'`" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=`which readlink`
+    if [ ! `expr "$readLink" : '\([^ ]*\)'` = "no" ]; then
+      if $darwin ; then
+        javaHome="`dirname \"$javaExecutable\"`"
+        javaExecutable="`cd \"$javaHome\" && pwd -P`/javac"
+      else
+        javaExecutable="`readlink -f \"$javaExecutable\"`"
+      fi
+      javaHome="`dirname \"$javaExecutable\"`"
+      javaHome=`expr "$javaHome" : '\(.*\)/bin'`
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="`which java`"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+CLASSWORLDS_LAUNCHER=org.codehaus.plexus.classworlds.launcher.Launcher
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=`cd "$wdir/.."; pwd`
+    fi
+    # end of workaround
+  done
+  echo "${basedir}"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    echo "$(tr -s '\n' ' ' < "$1")"
+  fi
+}
+
+BASE_DIR=`find_maven_basedir "$(pwd)"`
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+if [ -r "$BASE_DIR/.mvn/wrapper/maven-wrapper.jar" ]; then
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Found .mvn/wrapper/maven-wrapper.jar"
+    fi
+else
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Couldn't find .mvn/wrapper/maven-wrapper.jar, downloading it ..."
+    fi
+    if [ -n "$MVNW_REPOURL" ]; then
+      jarUrl="$MVNW_REPOURL/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+    else
+      jarUrl="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+    fi
+    while IFS="=" read key value; do
+      case "$key" in (wrapperUrl) jarUrl="$value"; break ;;
+      esac
+    done < "$BASE_DIR/.mvn/wrapper/maven-wrapper.properties"
+    if [ "$MVNW_VERBOSE" = true ]; then
+      echo "Downloading from: $jarUrl"
+    fi
+    wrapperJarPath="$BASE_DIR/.mvn/wrapper/maven-wrapper.jar"
+    if $cygwin; then
+      wrapperJarPath=`cygpath --path --windows "$wrapperJarPath"`
+    fi
+
+    if command -v wget > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found wget ... using wget"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            wget "$jarUrl" -O "$wrapperJarPath"
+        else
+            wget --http-user=$MVNW_USERNAME --http-password=$MVNW_PASSWORD "$jarUrl" -O "$wrapperJarPath"
+        fi
+    elif command -v curl > /dev/null; then
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Found curl ... using curl"
+        fi
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            curl -o "$wrapperJarPath" "$jarUrl" -f
+        else
+            curl --user $MVNW_USERNAME:$MVNW_PASSWORD -o "$wrapperJarPath" "$jarUrl" -f
+        fi
+
+    else
+        if [ "$MVNW_VERBOSE" = true ]; then
+          echo "Falling back to using Java to download"
+        fi
+        javaClass="$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        # For Cygwin, switch paths to Windows format before running javac
+        if $cygwin; then
+          javaClass=`cygpath --path --windows "$javaClass"`
+        fi
+        if [ -e "$javaClass" ]; then
+            if [ ! -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Compiling MavenWrapperDownloader.java ..."
+                fi
+                # Compiling the Java class
+                ("$JAVA_HOME/bin/javac" "$javaClass")
+            fi
+            if [ -e "$BASE_DIR/.mvn/wrapper/MavenWrapperDownloader.class" ]; then
+                # Running the downloader
+                if [ "$MVNW_VERBOSE" = true ]; then
+                  echo " - Running MavenWrapperDownloader.java ..."
+                fi
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$MAVEN_PROJECTBASEDIR")
+            fi
+        fi
+    fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+export MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}
+if [ "$MVNW_VERBOSE" = true ]; then
+  echo $MAVEN_PROJECTBASEDIR
+fi
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$M2_HOME" ] &&
+    M2_HOME=`cygpath --path --windows "$M2_HOME"`
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=`cygpath --path --windows "$JAVA_HOME"`
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=`cygpath --path --windows "$CLASSPATH"`
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=`cygpath --path --windows "$MAVEN_PROJECTBASEDIR"`
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $@"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.home=${M2_HOME}" "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"

mvnw.cmd

+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    http://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Maven Start Up Batch script
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM M2_HOME - location of maven2's installed home dir
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_pre.bat" call "%HOME%\mavenrc_pre.bat"
+if exist "%HOME%\mavenrc_pre.cmd" call "%HOME%\mavenrc_pre.cmd"
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set DOWNLOAD_URL="https://repo.maven.apache.org/maven2/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+
+FOR /F "tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET DOWNLOAD_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET DOWNLOAD_URL="%MVNW_REPOURL%/io/takari/maven-wrapper/0.5.6/maven-wrapper-0.5.6.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %DOWNLOAD_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%DOWNLOAD_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% %JVM_CONFIG_MAVEN_PROPS% %MAVEN_OPTS% %MAVEN_DEBUG_OPTS% -classpath %WRAPPER_JAR% "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%HOME%\mavenrc_post.bat" call "%HOME%\mavenrc_post.bat"
+if exist "%HOME%\mavenrc_post.cmd" call "%HOME%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%" == "on" pause
+
+if "%MAVEN_TERMINATE_CMD%" == "on" exit %ERROR_CODE%
+
+exit /B %ERROR_CODE%

open-api/pom.xml

@@ -30,7 +30,7 @@
         <dependency>
             <groupId>io.swagger</groupId>
             <artifactId>swagger-annotations</artifactId>
-            <version>1.6.1</version>
+            <version>1.6.6</version>
         </dependency>
         <dependency>
             <groupId>org.projectlombok</groupId>
@@ -58,7 +58,7 @@
             <plugin>
                 <groupId>org.openapitools</groupId>
                 <artifactId>openapi-generator-maven-plugin</artifactId>
-                <version>6.0.0</version>
+                <version>6.0.1</version>
                 <executions>
                     <execution>
                         <goals>
@@ -86,7 +86,7 @@
             <plugin>
                 <groupId>org.codehaus.mojo</groupId>
                 <artifactId>exec-maven-plugin</artifactId>
-                <version>3.0.0</version>
+                <version>3.1.0</version>
                 <configuration>
                     <mainClass>de.fitko.fitconnect.api.postprocessing.ModelClassPostProcessor</mainClass>
                     <workingDirectory>postprocessing</workingDirectory>

pom.xml

@@ -11,30 +11,33 @@
 
     <properties>
         <java.version>11</java.version>
-        <maven.compiler.source>11</maven.compiler.source>
-        <maven.compiler.target>11</maven.compiler.target>
+        <maven.compiler.source>${java.version}</maven.compiler.source>
+        <maven.compiler.target>${java.version}</maven.compiler.target>
+
+        <encoding>UTF-8</encoding>
+        <project.build.sourceEncoding>${encoding}</project.build.sourceEncoding>
+        <project.reporting.outputEncoding>${encoding}</project.reporting.outputEncoding>
 
         <!-- 3rd party dependencies -->
-        <nimbus.version>9.19</nimbus.version>
+        <nimbus.version>9.24.3</nimbus.version>
         <jackson.version>2.13.3</jackson.version>
         <lombock.version>1.18.24</lombock.version>
-        <logback.version>1.2.11</logback.version>
+        <logback.version>1.4.0</logback.version>
         <jcommander.version>1.82</jcommander.version>
-        <apache-tika.version>1.18</apache-tika.version>
-        <spring-web.version>5.3.21</spring-web.version>
+        <apache-tika.version>1.28.4</apache-tika.version>
+        <spring-web.version>5.3.22</spring-web.version>
         <typesafe-config.version>1.4.2</typesafe-config.version>
         <json-schema-validator.version>1.0.72</json-schema-validator.version>
 
-        <junit.version>5.8.2</junit.version>
+        <junit.version>5.9.0</junit.version>
         <logunit.version>1.1.3</logunit.version>
-        <mockito.version>4.6.1</mockito.version>
+        <mockito.version>4.7.0</mockito.version>
         <wiremock.version>2.27.2</wiremock.version>
         <hamcrest.version>1.3</hamcrest.version>
         <maven-compiler-plugin.version>3.10.1</maven-compiler-plugin.version>
         <maven-surefire-plugin.version>3.0.0-M7</maven-surefire-plugin.version>
         <maven-failsafe-plugin.version>3.0.0-M7</maven-failsafe-plugin.version>
         <maven-checkstyle-plugin.version>3.1.2</maven-checkstyle-plugin.version>
-
     </properties>
 
     <modules>

sdk.conf

 # SKD application properties and global configurations
 sdk {
 
-    # Credentials to authenticate via OAuth
+ # Proxy config for http api calls
+  httpProxyHost: ""
+  httpProxyPort: 0
+  requestTimeoutInSeconds: 30
+
+  # Path that references the metadata schema
+  metadataSchemaPath: "path/to/metadata_schema.json"
+
+  # Path that references the signing key file
+  privateSigningKeyPath: "path/to/singning_key.json"
+
+  # switch between the active environments DEV, PROD or TEST
+  usedEnvironment: "DEV"
+
+  # Credentials to authenticate via OAuth
   sender {
     clientId: "SenderClientID"
     clientSecret: "SenderSecret"
@@ -14,22 +28,9 @@ sdk {
     # Path that references the private key file
     privateDecryptionKeyPath: "path/to/decrpytion_key.json"
 
-    # Path that references the signing key file
-    privateSigningKeyPath: "path/to/singning_key.json"
-
-     # Path that references the metadata schema
-    metadataSchemaPath: "path/to/metadata_schema.json"
     securityEventTokenSchemaPath: ""
   }
 
-  # Proxy config for http api calls
-  httpProxyHost: ""
-  httpProxyPort: 0
-  requestTimeoutInSeconds: 30
-
-  # switch between the active environments DEV, PROD or TEST
-  usedEnvironment: "DEV"
-
   # Configured environments for all api-urls
   environments {
     dev {
@@ -46,7 +47,8 @@ sdk {
     }
   }
 
-   resourcePaths {
+  # REST endpoint paths
+  resourcePaths {
     authTokenPath: "/token"
 
     destinationPath: "/v1/destinations/{destinationId}"