Merge pull request #1166 from OSGP/feature/SMHE-1918_tls_support

Feature/smhe 1918 tls support

osgp/platform/osgp-adapter-ws-core/src/main/java/org/opensmartgridplatform/adapter/ws/core/application/config/CoreNotificationClientConfig.java

@@ -40,6 +40,9 @@ public class CoreNotificationClientConfig extends AbstractConfig {
   @Value("${web.service.notification.application.name}")
   private String webserviceNotificationApplicationName;
 
+  @Value("${web.service.notification.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] webserviceNotificationSupportedTlsProtocols;
+
   @Bean
   public String webserviceNotificationApplicationName() {
     return this.webserviceNotificationApplicationName;
@@ -77,7 +80,8 @@ public NotificationWebServiceTemplateFactory notificationWebServiceTemplateFacto
     return new NotificationWebServiceTemplateFactory(
         configRepository,
         this.messageFactory(),
-        Collections.singletonList(addOsgpHeadersInterceptor));
+        Collections.singletonList(addOsgpHeadersInterceptor),
+        this.webserviceNotificationSupportedTlsProtocols);
   }
 
   @Bean

osgp/platform/osgp-adapter-ws-core/src/main/resources/osgp-adapter-ws-core.properties

@@ -79,6 +79,7 @@ web.service.notification.application.name=OSGP
 web.service.notification.enabled=true
 web.service.notification.username=test-org
 web.service.notification.organisation=OSGP
+web.service.notification.supported.tls.protocols=TLSv1.2,TLSv1.3
 
 #Firmware Management
 firmware.domain=127.0.0.1

osgp/platform/osgp-adapter-ws-distributionautomation/src/main/java/org/opensmartgridplatform/adapter/ws/da/application/config/WebServiceConfig.java

@@ -83,6 +83,9 @@ public class WebServiceConfig extends AbstractConfig {
   @Value("${web.service.notification.application.name:DISTRIBUTION_AUTOMATION}")
   private String webserviceNotificationApplicationName;
 
+  @Value("${web.service.notification.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] webserviceNotificationSupportedTlsProtocols;
+
   // === DISTRIBUTION AUTOMATION MARSHALLERS ===
 
   /**
@@ -255,7 +258,10 @@ public NotificationWebServiceTemplateFactory notificationWebServiceTemplateFacto
             .build();
 
     return new NotificationWebServiceTemplateFactory(
-        configRepository, this.messageFactory(), Arrays.asList(addOsgpHeadersInterceptor));
+        configRepository,
+        this.messageFactory(),
+        Arrays.asList(addOsgpHeadersInterceptor),
+        this.webserviceNotificationSupportedTlsProtocols);
   }
 
   @Bean

osgp/platform/osgp-adapter-ws-distributionautomation/src/main/resources/osgp-adapter-ws-distributionautomation.properties

@@ -20,6 +20,7 @@ web.service.notification.username=test-org
 web.service.notification.organisation=OSGP
 web.service.notification.enabled=true
 web.service.notification.application.name=DISTRIBUTION_AUTOMATION
+web.service.notification.supported.tls.protocols=TLSv1.2,TLSv1.3
 
 # =========================================================
 # PERSISTENCE CONFIG

osgp/platform/osgp-adapter-ws-microgrids/src/main/java/org/opensmartgridplatform/adapter/ws/microgrids/application/config/WebServiceConfig.java

@@ -80,6 +80,9 @@ public class WebServiceConfig extends AbstractConfig {
   @Value("${web.service.notification.application.name}")
   private String webserviceNotificationApplicationName;
 
+  @Value("${web.service.notification.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] webserviceNotificationSupportedTlsProtocols;
+
   private static final String SERVER = "SERVER";
 
   // === MICROGRIDS MARSHALLERS ===
@@ -236,7 +239,10 @@ public NotificationWebServiceTemplateFactory notificationWebServiceTemplateFacto
             .build();
 
     return new NotificationWebServiceTemplateFactory(
-        configRepository, this.messageFactory(), Arrays.asList(addOsgpHeadersInterceptor));
+        configRepository,
+        this.messageFactory(),
+        Arrays.asList(addOsgpHeadersInterceptor),
+        this.webserviceNotificationSupportedTlsProtocols);
   }
 
   @Bean

osgp/platform/osgp-adapter-ws-microgrids/src/main/resources/osgp-adapter-ws-microgrids.properties

@@ -19,6 +19,7 @@ web.service.notification.username=test-org
 web.service.notification.organisation=OSGP
 web.service.notification.enabled=true
 web.service.notification.application.name=ZownStream
+web.service.notification.supported.tls.protocols=TLSv1.2,TLSv1.3
 
 stub.responses=false
 

osgp/platform/osgp-adapter-ws-publiclighting/src/main/java/org/opensmartgridplatform/adapter/ws/publiclighting/application/config/PublicLightingNotificationClientConfig.java

@@ -42,6 +42,9 @@ public class PublicLightingNotificationClientConfig extends AbstractConfig {
   @Value("${web.service.notification.application.name:OSGP}")
   private String webserviceNotificationApplicationName;
 
+  @Value("${web.service.notification.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] webserviceNotificationSupportedTlsProtocols;
+
   @Bean
   public NotificationService publicLightingNotificationService(
       final NotificationWebServiceTemplateFactory templateFactory,
@@ -72,7 +75,10 @@ public NotificationWebServiceTemplateFactory notificationWebServiceTemplateFacto
             .build();
 
     return new NotificationWebServiceTemplateFactory(
-        configRepository, this.messageFactory(), Arrays.asList(addOsgpHeadersInterceptor));
+        configRepository,
+        this.messageFactory(),
+        Arrays.asList(addOsgpHeadersInterceptor),
+        this.webserviceNotificationSupportedTlsProtocols);
   }
 
   @Bean

osgp/platform/osgp-adapter-ws-publiclighting/src/main/resources/osgp-adapter-ws-publiclighting.properties

@@ -55,6 +55,7 @@ paging.default.pagesize=15
 #Notification Settings
 web.service.notification.enabled=true
 web.service.notification.application.name=OSGP
+web.service.notification.supported.tls.protocols=TLSv1.2,TLSv1.3
 
 publiclighting.scheduling.job.resend.notification.cron.expression=0 0/1 * * * ?
 publiclighting.scheduling.job.resend.notification.maximum=3

osgp/platform/osgp-adapter-ws-shared/src/main/java/org/opensmartgridplatform/adapter/ws/clients/NotificationWebServiceTemplateFactory.java

@@ -50,6 +50,8 @@ public class NotificationWebServiceTemplateFactory {
   private final WebServiceMessageFactory messageFactory;
   private final List<ClientInterceptor> fixedInterceptors = new ArrayList<>();
 
+  private final String[] supportedTlsProtocols;
+
   /**
    * Web service template factory that creates web service templates based on configuration from the
    * database.
@@ -62,14 +64,16 @@ public class NotificationWebServiceTemplateFactory {
   public NotificationWebServiceTemplateFactory(
       final NotificationWebServiceConfigurationRepository configRepository,
       final WebServiceMessageFactory messageFactory,
-      final List<ClientInterceptor> fixedInterceptors) {
+      final List<ClientInterceptor> fixedInterceptors,
+      final String[] supportedTlsProtocols) {
 
     this.configRepository =
         Objects.requireNonNull(configRepository, "configRepository must not be null");
     this.messageFactory = Objects.requireNonNull(messageFactory, "messageFactory must not be null");
     if (fixedInterceptors != null) {
       this.fixedInterceptors.addAll(fixedInterceptors);
     }
+    this.supportedTlsProtocols = supportedTlsProtocols;
   }
 
   public WebServiceTemplate getTemplate(final ApplicationDataLookupKey templateKey) {
@@ -184,7 +188,10 @@ private LayeredConnectionSocketFactory createSslConnectionSocketFactory(
     this.loadTrustMaterial(sslContextBuilder, config);
     try {
       return new SSLConnectionSocketFactory(
-          sslContextBuilder.build(), SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
+          sslContextBuilder.build(),
+          this.supportedTlsProtocols,
+          null,
+          SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
     } catch (final GeneralSecurityException e) {
       LOGGER.error("Exception creating SSL connection socket factory", e);
       throw new WebServiceSecurityException("Unable to build SSL context", e);

osgp/platform/osgp-adapter-ws-smartmetering/src/main/java/org/opensmartgridplatform/adapter/ws/smartmetering/application/config/SmartMeteringNotificationClientConfig.java

@@ -40,6 +40,9 @@ public class SmartMeteringNotificationClientConfig extends AbstractConfig {
   @Value("${web.service.notification.application.name}")
   private String webserviceNotificationApplicationName;
 
+  @Value("${web.service.notification.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] webserviceNotificationSupportedTlsProtocols;
+
   @Bean
   public String webserviceNotificationApplicationName() {
     return this.webserviceNotificationApplicationName;
@@ -77,7 +80,8 @@ public NotificationWebServiceTemplateFactory notificationWebServiceTemplateFacto
     return new NotificationWebServiceTemplateFactory(
         configRepository,
         this.messageFactory(),
-        Collections.singletonList(addOsgpHeadersInterceptor));
+        Collections.singletonList(addOsgpHeadersInterceptor),
+        this.webserviceNotificationSupportedTlsProtocols);
   }
 
   @Bean

osgp/platform/osgp-adapter-ws-smartmetering/src/main/resources/osgp-adapter-ws-smartmetering.properties

@@ -90,6 +90,7 @@ web.service.notification.enabled=true
 web.service.notification.username=test-org
 web.service.notification.organisation=OSGP
 web.service.notification.application.name=SMART_METERS
+web.service.notification.supported.tls.protocols=TLSv1.2,TLSv1.3
 
 #Paging
 paging.maximum.pagesize=30

osgp/platform/osgp-adapter-ws-tariffswitching/src/main/java/org/opensmartgridplatform/adapter/ws/tariffswitching/application/config/TariffSwitchingNotificationClientConfig.java

@@ -42,6 +42,9 @@ public class TariffSwitchingNotificationClientConfig extends AbstractConfig {
   @Value("${web.service.notification.application.name:OSGP}")
   private String webserviceNotificationApplicationName;
 
+  @Value("${web.service.notification.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] webserviceNotificationSupportedTlsProtocols;
+
   @Bean
   public NotificationService tariffSwitchingNotificationService(
       final NotificationWebServiceTemplateFactory templateFactory,
@@ -72,7 +75,10 @@ public NotificationWebServiceTemplateFactory notificationWebServiceTemplateFacto
             .build();
 
     return new NotificationWebServiceTemplateFactory(
-        configRepository, this.messageFactory(), Arrays.asList(addOsgpHeadersInterceptor));
+        configRepository,
+        this.messageFactory(),
+        Arrays.asList(addOsgpHeadersInterceptor),
+        this.webserviceNotificationSupportedTlsProtocols);
   }
 
   @Bean

osgp/platform/osgp-adapter-ws-tariffswitching/src/main/resources/osgp-adapter-ws-tariffswitching.properties

@@ -49,6 +49,7 @@ soap.message.printing.enabled=true
 #Notification Settings
 web.service.notification.enabled=true
 web.service.notification.application.name=OSGP
+web.service.notification.supported.tls.protocols=TLSv1.2,TLSv1.3
 
 tariffswitching.scheduling.job.resend.notification.cron.expression=0 0/1 * * * ?
 tariffswitching.scheduling.job.resend.notification.maximum=3

osgp/protocol-adapter-dlms/osgp-protocol-adapter-dlms/src/main/java/org/opensmartgridplatform/adapter/protocol/dlms/application/config/SoapClientConfig.java

@@ -78,6 +78,9 @@ public class SoapClientConfig {
   @Value("${soapclient.max-conn-total:100}")
   private int maxConnTotal;
 
+  @Value("${soapclient.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] supportedTlsProtocols;
+
   @Bean
   Jaxb2Marshaller soapClientJaxb2Marshaller() {
     final Jaxb2Marshaller jaxb2Marshaller = new Jaxb2Marshaller();
@@ -125,9 +128,14 @@ public SSLConnectionSocketFactory sslConnectionSocketFactory()
       throws IOException, UnrecoverableKeyException, CertificateException, NoSuchAlgorithmException,
           KeyStoreException, KeyManagementException {
     if (!Boolean.parseBoolean(this.useHostNameVerifier)) {
-      return new SSLConnectionSocketFactory(this.sslContext(), NoopHostnameVerifier.INSTANCE);
+      return new SSLConnectionSocketFactory(
+          this.sslContext(), this.supportedTlsProtocols, null, NoopHostnameVerifier.INSTANCE);
     } else {
-      return new SSLConnectionSocketFactory(this.sslContext());
+      return new SSLConnectionSocketFactory(
+          this.sslContext(),
+          this.supportedTlsProtocols,
+          null,
+          SSLConnectionSocketFactory.getDefaultHostnameVerifier());
     }
   }
 

osgp/protocol-adapter-dlms/osgp-protocol-adapter-dlms/src/main/resources/osgp-adapter-protocol-dlms.properties

@@ -2,6 +2,7 @@ soapclient.max-conn-per-route=20
 soapclient.max-conn-total=100
 soapclient.use.client.auth=true
 soapclient.use.hostname.verifier=false
+soapclient.supported.tls.protocols=TLSv1.2,TLSv1.3
 soapclient.default-uri=https://localhost:443/osgp-secret-management/ws/SecretManagement
 soapclient.ssl.trust-store=file:/etc/ssl/certs/trust.jks
 soapclient.ssl.key-store=file:/etc/ssl/certs/OSGP.pfx

osgp/shared/shared/src/main/java/org/opensmartgridplatform/shared/infra/ws/DefaultWebServiceTemplateFactory.java

@@ -54,6 +54,7 @@ public class DefaultWebServiceTemplateFactory implements WebserviceTemplateFacto
   private String keyStoreLocation;
   private String keyStorePassword;
   private KeyStoreFactoryBean trustStoreFactory;
+  private String[] supportedTlsProtocols;
   private String applicationName;
   private int maxConnectionsPerRoute;
   private int maxConnectionsTotal;
@@ -90,6 +91,7 @@ public static class Builder {
     private String keyStoreLocation;
     private String keyStorePassword;
     private KeyStoreFactoryBean trustStoreFactory;
+    private String[] supportedTlsProtocols = new String[] {"TLSv1.2", "TLSv1.3"};
     private int maxConnectionsPerRoute = 2;
     private int maxConnectionsTotal = 20;
     private int connectionTimeout = 120000;
@@ -148,6 +150,11 @@ public Builder setMaxConnectionsPerRoute(final int maxConnectionsPerRoute) {
       return this;
     }
 
+    public Builder setSupportedTlsProtocols(final String[] supportedTlsProtocols) {
+      this.supportedTlsProtocols = supportedTlsProtocols;
+      return this;
+    }
+
     public Builder setMaxConnectionsTotal(final int maxConnectionsTotal) {
       this.maxConnectionsTotal = maxConnectionsTotal;
       return this;
@@ -191,6 +198,7 @@ public DefaultWebServiceTemplateFactory build() {
       webServiceTemplateFactory.circuitBreaker = this.circuitBreaker;
       webServiceTemplateFactory.webServiceTemplateHostnameVerificationStrategy =
           this.webServiceTemplateHostnameVerificationStrategy;
+      webServiceTemplateFactory.supportedTlsProtocols = this.supportedTlsProtocols;
       return webServiceTemplateFactory;
     }
   }
@@ -284,7 +292,7 @@ private HttpComponentsMessageSender webServiceMessageSender(final String keystor
     if (this.isSecurityEnabled) {
       try {
         clientbuilder.setSSLSocketFactory(this.getSSLConnectionSocketFactory(keystore));
-      } catch (GeneralSecurityException | IOException e) {
+      } catch (final GeneralSecurityException | IOException e) {
         LOGGER.error("Webservice exception occurred: Certificate not available", e);
         throw new WebServiceSecurityException("Certificate not available", e);
       }
@@ -330,7 +338,8 @@ private SSLConnectionSocketFactory getSSLConnectionSocketFactory(final String ke
 
     final HostnameVerifier hostnameVerifier = this.getHostnameVerifier();
 
-    return new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+    return new SSLConnectionSocketFactory(
+        sslContext, this.supportedTlsProtocols, null, hostnameVerifier);
   }
 
   private HostnameVerifier getHostnameVerifier() throws GeneralSecurityException {

public-lighting-demo-app/web-demo-app/src/main/java/org/opensmartgridplatform/webdemoapp/infra/platform/SoapRequestHelper.java

@@ -49,6 +49,9 @@ public class SoapRequestHelper {
   @Value("${web.service.template.default.uri.publiclighting.adhocmanagement}")
   private String publicLightingWebServiceAdHocManagementUri;
 
+  @Value("${web.service.template.default.supported.tls.protocols:TLSv1.2,TLSv1.3}")
+  private String[] supportedTlsProtocols;
+
   @Value("${web.service.hostname.verification.strategy}")
   private String webServiceHostnameVerificationStrategy;
 
@@ -154,7 +157,8 @@ private HttpComponentsMessageSender createHttpMessageSender() {
       final HostnameVerifier hostnameVerifier = this.getHostnameVerifier();
 
       final SSLConnectionSocketFactory sslConnectionFactory =
-          new SSLConnectionSocketFactory(sslContext, hostnameVerifier);
+          new SSLConnectionSocketFactory(
+              sslContext, this.supportedTlsProtocols, null, hostnameVerifier);
       builder.setSSLSocketFactory(sslConnectionFactory);
       sender.setHttpClient(builder.build());
     } catch (final GeneralSecurityException e) {

public-lighting-demo-app/web-demo-app/src/main/resources/web-demo-app.properties

@@ -21,6 +21,7 @@ application.name=demo-app
 
 # OSGP Web Service URL
 base.uri=https://localhost/
+web.service.template.default.supported.tls.protocols=TLSv1.2,TLSv1.3
 web.service.template.default.uri.admin.devicemanagement=osgp-adapter-ws-admin/admin/deviceManagementService/DeviceManagement
 web.service.template.default.uri.common.devicemanagement=osgp-adapter-ws-core/common/deviceManagementService/DeviceManagement
 web.service.template.default.uri.common.deviceinstallation=osgp-adapter-ws-core/common/deviceInstallationService/DeviceInstallation