Add Check CertificateType match ID Prefix for ValidationRules (#105)

eu-digital-green-certificates · Jul 2, 2021 · 279b705 · 279b705
1 parent 153e7b3
commit 279b705
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 1 deletion.
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/service/ValidationRuleService.java b/src/main/java/eu/europa/ec/dgc/gateway/service/ValidationRuleService.java
@@ -35,6 +35,7 @@
 import java.util.Collection;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Optional;
 import java.util.stream.Collectors;
 import lombok.Getter;
@@ -174,6 +175,7 @@ public ValidationRuleEntity addValidationRule(
             parsedValidationRule.getType().equals("Acceptance") ? ValidationRuleEntity.ValidationRuleType.ACCEPTANCE
                 : ValidationRuleEntity.ValidationRuleType.INVALIDATION;
 
+        contentCheckRuleIdPrefixMatchCertificateType(parsedValidationRule);
         contentCheckRuleIdPrefixMatchType(parsedValidationRule, validationRuleType);
         contentCheckUploaderCountry(parsedValidationRule, authenticatedCountryCode);
         Optional<ValidationRuleEntity> latestValidationRule = contentCheckVersion(parsedValidationRule);
@@ -198,6 +200,26 @@ public ValidationRuleEntity addValidationRule(
         return newValidationRule;
     }
 
+    private void contentCheckRuleIdPrefixMatchCertificateType(ParsedValidationRule parsedValidationRule)
+        throws ValidationRuleCheckException {
+
+        Map<String, String> mapping = Map.of(
+            "TR", "Test",
+            "VR", "Vaccination",
+            "RR", "Recovery",
+            "GR", "General"
+        );
+
+        for (Map.Entry<String, String> entry : mapping.entrySet()) {
+            if (parsedValidationRule.getIdentifier().startsWith(entry.getKey())
+                && !parsedValidationRule.getCertificateType().equals(entry.getValue())) {
+
+                throw new ValidationRuleCheckException(ValidationRuleCheckException.Reason.INVALID_RULE_ID,
+                    String.format("ID must start with %s for %s Rules", entry.getKey(), entry.getValue()));
+            }
+        }
+    }
+
     private void contentCheckRuleIdPrefixMatchType(
         ParsedValidationRule parsedValidationRule, ValidationRuleEntity.ValidationRuleType type)
         throws ValidationRuleCheckException {

diff --git a/src/test/java/eu/europa/ec/dgc/gateway/restapi/controller/ValidationRuleIntegrationTest.java b/src/test/java/eu/europa/ec/dgc/gateway/restapi/controller/ValidationRuleIntegrationTest.java
@@ -569,6 +569,82 @@ void testValidationRuleId() throws Exception {
             .andExpect(status().isCreated());
     }
 
+    @Test
+    void testValidationRuleInvalidIdPrefix() throws Exception {
+        X509Certificate signerCertificate = trustedPartyTestHelper.getCert(TrustedPartyEntity.CertificateType.UPLOAD, countryCode);
+        PrivateKey signerPrivateKey = trustedPartyTestHelper.getPrivateKey(TrustedPartyEntity.CertificateType.UPLOAD, countryCode);
+        String authCertHash = trustedPartyTestHelper.getHash(TrustedPartyEntity.CertificateType.AUTHENTICATION, countryCode);
+
+        ValidationRule validationRule = getDummyValidationRule();
+        validationRule.setIdentifier("TR-EU-0001");
+        validationRule.setCertificateType("Vaccination");
+
+        String payload = new SignedStringMessageBuilder()
+            .withSigningCertificate(certificateUtils.convertCertificate(signerCertificate), signerPrivateKey)
+            .withPayload(objectMapper.writeValueAsString(validationRule))
+            .buildAsString();
+
+        mockMvc.perform(post("/rules")
+            .content(payload)
+            .contentType("application/cms-text")
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getThumbprint(), authCertHash)
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getDistinguishedName(), authCertSubject)
+        )
+            .andExpect(status().isBadRequest())
+            .andExpect(jsonPath("$.code").value("0x250"));
+
+        validationRule.setIdentifier("VR-EU-0001");
+        validationRule.setCertificateType("Test");
+
+        payload = new SignedStringMessageBuilder()
+            .withSigningCertificate(certificateUtils.convertCertificate(signerCertificate), signerPrivateKey)
+            .withPayload(objectMapper.writeValueAsString(validationRule))
+            .buildAsString();
+
+        mockMvc.perform(post("/rules")
+            .content(payload)
+            .contentType("application/cms-text")
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getThumbprint(), authCertHash)
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getDistinguishedName(), authCertSubject)
+        )
+            .andExpect(status().isBadRequest())
+            .andExpect(jsonPath("$.code").value("0x250"));
+
+        validationRule.setIdentifier("RR-EU-0001");
+        validationRule.setCertificateType("Vaccination");
+
+        payload = new SignedStringMessageBuilder()
+            .withSigningCertificate(certificateUtils.convertCertificate(signerCertificate), signerPrivateKey)
+            .withPayload(objectMapper.writeValueAsString(validationRule))
+            .buildAsString();
+
+        mockMvc.perform(post("/rules")
+            .content(payload)
+            .contentType("application/cms-text")
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getThumbprint(), authCertHash)
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getDistinguishedName(), authCertSubject)
+        )
+            .andExpect(status().isBadRequest())
+            .andExpect(jsonPath("$.code").value("0x250"));
+
+        validationRule.setIdentifier("GR-EU-0001");
+        validationRule.setCertificateType("Vaccination");
+
+        payload = new SignedStringMessageBuilder()
+            .withSigningCertificate(certificateUtils.convertCertificate(signerCertificate), signerPrivateKey)
+            .withPayload(objectMapper.writeValueAsString(validationRule))
+            .buildAsString();
+
+        mockMvc.perform(post("/rules")
+            .content(payload)
+            .contentType("application/cms-text")
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getThumbprint(), authCertHash)
+            .header(dgcConfigProperties.getCertAuth().getHeaderFields().getDistinguishedName(), authCertSubject)
+        )
+            .andExpect(status().isBadRequest())
+            .andExpect(jsonPath("$.code").value("0x250"));
+    }
+
     @Test
     void testDelete() throws Exception {
         long validationRulesInDb = validationRuleRepository.count();

diff --git a/src/test/java/eu/europa/ec/dgc/gateway/testdata/CertificateTestUtils.java b/src/test/java/eu/europa/ec/dgc/gateway/testdata/CertificateTestUtils.java
@@ -53,7 +53,7 @@ public static ValidationRule getDummyValidationRule() {
         validationRule.setLogic(jsonNodeFactory.objectNode().set("field1", jsonNodeFactory.textNode("value1")));
         validationRule.setValidTo(ZonedDateTime.now().plus(1, ChronoUnit.WEEKS));
         validationRule.setValidFrom(ZonedDateTime.now().plus(3, ChronoUnit.DAYS));
-        validationRule.setCertificateType("Vaccination");
+        validationRule.setCertificateType("General");
         validationRule.setDescription(List.of(new ValidationRule.DescriptionItem("en", "de".repeat(10))));
         validationRule.setEngine("CERTLOGIC");
         validationRule.setEngineVersion("1.0.0");