Skip to content
Snippets Groups Projects

Feature/808 validate root certificates

Merged Feature/808 validate root certificates
feature/808-validate_root_certificates into main
Merged Henry Borasch requested to merge feature/808-validate_root_certificates into main

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
core/src/test/java/dev/fitko/fitconnect/core/validation/DefaultValidationServiceTest.java
160 161
161 162 // Then
162 163 assertTrue(validationResult.hasError());
163 assertThat(validationResult.getError().getMessage(), containsString("\"certChain\" is null"));
164 assertThat(validationResult.getError().getMessage(), containsString("\"x5c\" is null"));
  • Henry Borasch
    Henry Borasch @Henry_Borasch ·
    Author Contributor

    @Martin_Vogel Schau mal hier scharf drauf. Bislang war die Validierung ja recht harmlos, jetzt passiert hier wirklich was. Der JWKValidator wirft diesen "x5c"-Fehler und ich denke genau das sollten wir auch epxtecten.

    Edited by Henry Borasch
  • Martin Vogel
    Martin Vogel @Martin_Vogel ·
    Maintainer

    Ja diese assertion is besser, ich hatte den Punkt der spezifischeren Fehler durch CertChains "damals" noch nicht auf dem Schirm.

  • Martin Vogel
    Martin Vogel @Martin_Vogel ·
    Maintainer

    Der Test soll auch eher beweisen das die Ansteuuerung des JWKValidators funktioniert. Alle anderen funktions tests zur chain finden ja dann dort statt (dev.fitko.fitconnect.jwkvalidator.x5c.X5CValidator)

  • Please register or sign in to reply
  • Martin Vogel
    Martin Vogel @Martin_Vogel started a thread on the diff
    • core/src/main/java/dev/fitko/fitconnect/core/util/FileUtil.java 0 → 100644
    9 import java.security.cert.CertificateFactory;
    10 import java.security.cert.X509Certificate;
    11 import java.util.Arrays;
    12 import java.util.List;
    13 import java.util.Objects;
    14 import java.util.stream.Collectors;
    15
    16 public class FileUtil {
    17
    18 public static List<String> loadContentOfFilesInDirectory(String directoryPath) {
    19
    20 File folder = new File(Objects.requireNonNull(FileUtil.class.getClassLoader().getResource(directoryPath)).getFile());
    21
    22 return Arrays.stream(Objects.requireNonNull(folder.listFiles())).map(file -> {
    23 try {
    24 return Files.readString(file.toPath());
    • Martin Vogel
      Martin Vogel @Martin_Vogel ·
      Maintainer

      Könnte man den Teil Files.readString(...) der auch in der loadContentOfFile genutzt wird auslagern um den Part wiederverwendbar zu machen ?

    • Henry Borasch
      Henry Borasch @Henry_Borasch ·
      Author Contributor

      Der Teil, den beide Methoden beinhakten sieht so aus:

      try {
            return Files.readString(...);
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

      Im Grunde geht es ja nur um den Aufruf von Files.readString plus Exception-Behandlung. Das in eine weitere private-Methode auszulagern würde wenige Zeilen Code einsparen, die Nachvollziehbarkeit jedoch erschweren. Ich persönlich bin kein Freund von diesem Methoden-Hopping, nur weil da ein, zwei Zeilen doppelt sind. Den aktuellen Stand empfinde ich als intuitiver,

    • Please register or sign in to reply
  • Martin Vogel
    Martin Vogel @Martin_Vogel started a thread on an old version of the diff
    • core/src/main/java/dev/fitko/fitconnect/core/util/FileUtil.java 0 → 100644
    21
    22 return Arrays.stream(Objects.requireNonNull(folder.listFiles())).map(file -> {
    23 try {
    24 return Files.readString(file.toPath());
    25 } catch (IOException e) {
    26 throw new RuntimeException(e);
    27 }
    28 }).collect(Collectors.toList());
    29 }
    30
    31 public static String loadContentOfFile(String filePath) {
    32
    33 try {
    34 return Files.readString(new File(Objects.requireNonNull(FileUtil.class.getClassLoader().getResource(filePath)).getFile()).toPath());
    35 } catch (IOException e) {
    36 throw new RuntimeException(e);
  • Martin Vogel
    Martin Vogel @Martin_Vogel started a thread on an old version of the diff
    • core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
    58 58 private static final Logger LOGGER = LoggerFactory.getLogger(DefaultValidationService.class);
    59 59 private static final ObjectMapper MAPPER = new ObjectMapper().setDateFormat(new SimpleDateFormat("yyyy-MM-dd"));
    60 60 private static final JsonSchemaFactory SCHEMA_FACTORY = JsonSchemaFactory.getInstance(SpecVersion.VersionFlag.V202012);
    61 public static final String VALID_SCHEMA_URL_EXPRESSION = "https://schema\\.fitko\\.de/fit-connect/metadata/1\\.\\d+\\.\\d+/metadata.schema.json";
    61 private static final String VALID_SCHEMA_URL_EXPRESSION = "https://schema\\.fitko\\.de/fit-connect/metadata/1\\.\\d+\\.\\d+/metadata.schema.json";
    62 62
    63 63 private final MessageDigestService messageDigestService;
    64 64 private final SchemaProvider schemaProvider;
    65 65 private final ApplicationConfig config;
    66 private final String pathToTrustedRootCertificates;
    66 67
    67 public DefaultValidationService(final ApplicationConfig config, final MessageDigestService messageDigestService, final SchemaProvider schemaProvider) {
    68 public DefaultValidationService(final ApplicationConfig config, final MessageDigestService messageDigestService,
    69 final SchemaProvider schemaProvider, final String pathToTrustedRootCertificates) {
  • Martin Vogel
    Martin Vogel @Martin_Vogel started a thread on an old version of the diff
    • core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
    220 validateWithX509AndWithoutProxy(trustedRootCertificates, publicKey, purpose);
    234 221 }
    235 222 }
    236 223
    237 private List<String> getPemCerts(final List<X509Certificate> certChain) throws CertificateEncodingException {
    238 final List<String> pemCerts = new ArrayList<>();
    239 for (final X509Certificate cert : certChain) {
    240 pemCerts.add(getEncodedString(cert));
    241 }
    242 return pemCerts;
    243 }
    224 private List<String> loadTrustedRootCertificates() {
    225
    226 List<X509Certificate> trustedRootCertificates = FileUtil.loadContentOfFilesInDirectory(this.pathToTrustedRootCertificates)
    227 .stream().map(FileUtil::convertToX509Certificate).collect(Collectors.toList());
    228 List<String> encodedCertificates = trustedRootCertificates.stream().map(cert -> {
  • Henry Borasch added 28 commits

    added 28 commits

    Compare with previous version

  • Henry Borasch added 14 commits

    added 14 commits

    Compare with previous version

  • Henry Borasch added 1 commit

    added 1 commit

    • 5c933bd1 - moved loading of root certificates to ClientFactory

    Compare with previous version

  • Henry Borasch added 1 commit

    added 1 commit

    Compare with previous version

  • Henry Borasch added 1 commit

    added 1 commit

    • 0e5dd4c6 - moved test certificates to other module, where it is actually needed

    Compare with previous version

  • Henry Borasch added 1 commit

    added 1 commit

    • 7943f1a4 - added test certificates to an additional module

    Compare with previous version

  • Martin Vogel
    Martin Vogel @Martin_Vogel started a thread on an old version of the diff
    • core/src/main/java/dev/fitko/fitconnect/core/validation/DefaultValidationService.java
    248 235 } else {
    249 validateWithX509AndWithoutProxy(pemCerts, publicKey, purpose);
    236 validateWithX509AndWithoutProxy(trustedRootCertificates, publicKey, purpose);
    250 237 }
    251 238 }
    252 239
    253 private List<String> getPemCerts(final List<X509Certificate> certChain) throws CertificateEncodingException {
    254 final List<String> pemCerts = new ArrayList<>();
    255 for (final X509Certificate cert : certChain) {
    256 pemCerts.add(getEncodedString(cert));
    257 }
    258 return pemCerts;
    259 }
    240 private List<String> loadTrustedRootCertificates() {
    241
    242 List<String> trustedRootCertificates = rootCertificates.stream()
  • Henry Borasch added 5 commits

    added 5 commits

    Compare with previous version

  • Henry Borasch added 24 commits

    added 24 commits

    Compare with previous version

  • Henry Borasch added 1 commit

    added 1 commit

    • 6fbfa04b - fixed path of root certificates

    Compare with previous version

  • Henry Borasch added 1 commit

    added 1 commit

    • bbef99b4 - added certificates to integration test resources

    Compare with previous version

  • Henry Borasch added 7 commits

    added 7 commits

    Compare with previous version

  • Henry Borasch added 1 commit

    added 1 commit

    Compare with previous version

  • Henry Borasch added 10 commits

    added 10 commits

    • 9db92581 - make JWKValidator throw always exceptions if something fails
    • 40c7d11f - fixed test
    • 62876ecf - adjusted and fixed tests
    • 0e599e5a - fixed test
    • 7f58dba9 - use more ValidationResults instead of exceptions
    • 18c72b98 - simplified exception handling, adjusted tests
    • 9ff9bb3e - Merge branch 'feature/808-validate_root_certificates' into...
    • ad92212b - Merge remote-tracking branch 'origin/feature/808-validate_root_certificates'...
    • 669cb314 - added missing imports
    • 06d891df - fixed broken purpose transmission

    Compare with previous version

    Toggle commit list
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
    • Please register or sign in to reply