-
Notifications
You must be signed in to change notification settings - Fork 27
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* refactor: moved some helper methods to utils in order to reduce code duplication * feat: connection to gateway and credential store on BTP closes #18, closes #45, closes #55
- Loading branch information
Showing
27 changed files
with
774 additions
and
189 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
67 changes: 67 additions & 0 deletions
67
src/main/java/eu/europa/ec/dgc/issuance/config/btp/SapCredentialStoreCfEnvProcessor.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
package eu.europa.ec.dgc.issuance.config.btp; | ||
|
||
import io.pivotal.cfenv.core.CfCredentials; | ||
import io.pivotal.cfenv.core.CfService; | ||
import io.pivotal.cfenv.spring.boot.CfEnvProcessor; | ||
import io.pivotal.cfenv.spring.boot.CfEnvProcessorProperties; | ||
import java.util.Map; | ||
|
||
/** | ||
* Custom implementation of {@link CfEnvProcessor} for reading the SAP credential store parameters from the <code> | ||
* VCAP_SERVICES</code> environment variable and making them available as properties in the spring context. | ||
* <br/><br/> | ||
* The following properties are available in the context after the processor is done: | ||
* <code> | ||
* <ul> | ||
* <li>sap.btp.credstore.url</li> | ||
* <li>sap.btp.credstore.password</li> | ||
* <li>sap.btp.credstore.username</li> | ||
* <li>sap.btp.credstore.clientPrivateKey</li> | ||
* <li>sap.btp.credstore.serverPublicKey</li> | ||
* </ul> | ||
* </code> | ||
* | ||
* @see CfEnvProcessor | ||
*/ | ||
public class SapCredentialStoreCfEnvProcessor implements CfEnvProcessor { | ||
|
||
private static final String CRED_STORE_SCHEME = "credstore"; | ||
private static final String CRED_STORE_PROPERTY_PREFIX = "sap.btp.credstore"; | ||
|
||
@Override | ||
public boolean accept(CfService service) { | ||
return service.existsByTagIgnoreCase("credstore", "securestore", "keystore", "credentials") | ||
|| service.existsByLabelStartsWith("credstore") || service.existsByUriSchemeStartsWith(CRED_STORE_SCHEME); | ||
} | ||
|
||
@Override | ||
public void process(CfCredentials cfCredentials, Map<String, Object> properties) { | ||
properties.put(CRED_STORE_PROPERTY_PREFIX + ".url", cfCredentials.getString("url")); | ||
properties.put(CRED_STORE_PROPERTY_PREFIX + ".password", cfCredentials.getString("password")); | ||
properties.put(CRED_STORE_PROPERTY_PREFIX + ".username", cfCredentials.getString("username")); | ||
|
||
@SuppressWarnings("unchecked") | ||
Map<String, Object> encryption = (Map<String, Object>) cfCredentials.getMap().get("encryption"); | ||
if (encryption == null) { | ||
// Encryption features have been disabled on this BTP instance. | ||
properties.put(CRED_STORE_PROPERTY_PREFIX + ".clientPrivateKey", "encryption-disabled"); | ||
properties.put(CRED_STORE_PROPERTY_PREFIX + ".serverPublicKey", "encryption-disabled"); | ||
return; | ||
} | ||
|
||
String clientPrivateKey = encryption.get("client_private_key").toString(); | ||
String serverPublicKey = encryption.get("server_public_key").toString(); | ||
|
||
properties.put(CRED_STORE_PROPERTY_PREFIX + ".clientPrivateKey", clientPrivateKey); | ||
properties.put(CRED_STORE_PROPERTY_PREFIX + ".serverPublicKey", serverPublicKey); | ||
} | ||
|
||
@Override | ||
public CfEnvProcessorProperties getProperties() { | ||
return CfEnvProcessorProperties.builder() | ||
.propertyPrefixes(CRED_STORE_PROPERTY_PREFIX) | ||
.serviceName("CredentialStore") | ||
.build(); | ||
} | ||
|
||
} |
34 changes: 3 additions & 31 deletions
34
src/main/java/eu/europa/ec/dgc/issuance/service/CertKeyPublisherService.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,36 +1,8 @@ | ||
package eu.europa.ec.dgc.issuance.service; | ||
|
||
|
||
import eu.europa.ec.dgc.gateway.connector.DgcGatewayUploadConnector; | ||
import java.util.Optional; | ||
import lombok.RequiredArgsConstructor; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.springframework.stereotype.Component; | ||
|
||
@Component | ||
@Slf4j | ||
@RequiredArgsConstructor | ||
public class CertKeyPublisherService { | ||
private final CertificateService certificateService; | ||
private final Optional<DgcGatewayUploadConnector> dgcGatewayUploadConnector; | ||
|
||
public interface CertKeyPublisherService { | ||
/** | ||
* publish signing certificate to gateway. | ||
* Publishes the signing certificate to the DGC gateway. | ||
*/ | ||
public void publishKey() { | ||
if (dgcGatewayUploadConnector.isPresent()) { | ||
log.info("start publish certificate to gateway"); | ||
DgcGatewayUploadConnector connector = dgcGatewayUploadConnector.get(); | ||
try { | ||
connector.uploadTrustedCertificate(certificateService.getCertficate()); | ||
log.info("certificate uploaded to gateway"); | ||
} catch (DgcGatewayUploadConnector.DgcCertificateUploadException e) { | ||
log.error("can not upload certificate to gateway",e); | ||
throw new DdcGatewayException("error during gateway connector communication",e); | ||
} | ||
} else { | ||
log.warn("can not publish certificate to gateway, because the gateway connector is not enabled"); | ||
throw new DdcGatewayException("gateway connector is configured as disabled"); | ||
} | ||
} | ||
void publishKey(); | ||
} |
37 changes: 37 additions & 0 deletions
37
src/main/java/eu/europa/ec/dgc/issuance/service/CertKeyPublisherServiceImpl.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
package eu.europa.ec.dgc.issuance.service; | ||
|
||
|
||
import eu.europa.ec.dgc.gateway.connector.DgcGatewayUploadConnector; | ||
import java.util.Optional; | ||
import lombok.RequiredArgsConstructor; | ||
import lombok.extern.slf4j.Slf4j; | ||
import org.springframework.context.annotation.Profile; | ||
import org.springframework.stereotype.Component; | ||
|
||
@Component | ||
@Profile("!btp") | ||
@Slf4j | ||
@RequiredArgsConstructor | ||
public class CertKeyPublisherServiceImpl implements CertKeyPublisherService { | ||
private final CertificateService certificateService; | ||
private final Optional<DgcGatewayUploadConnector> dgcGatewayUploadConnector; | ||
|
||
@Override | ||
public void publishKey() { | ||
if (dgcGatewayUploadConnector.isPresent()) { | ||
log.info("start publish certificate to gateway"); | ||
DgcGatewayUploadConnector connector = dgcGatewayUploadConnector.get(); | ||
try { | ||
connector.uploadTrustedCertificate(certificateService.getCertficate()); | ||
log.info("certificate uploaded to gateway"); | ||
} catch (DgcGatewayUploadConnector.DgcCertificateUploadException e) { | ||
log.error("can not upload certificate to gateway", e); | ||
throw new DdcGatewayException("error during gateway connector communication", e); | ||
} | ||
} else { | ||
log.warn("can not publish certificate to gateway, because the gateway connector is not enabled"); | ||
throw new DdcGatewayException("gateway connector is configured as disabled"); | ||
} | ||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
package eu.europa.ec.dgc.issuance.service; | ||
|
||
import eu.europa.ec.dgc.issuance.utils.HashUtil; | ||
import java.security.SecureRandom; | ||
import org.apache.commons.lang3.RandomStringUtils; | ||
|
||
public final class Tan { | ||
|
||
private static final int TAN_LENGTH = 8; | ||
private static final String HASH_ALGORITHM = "SHA-256"; | ||
private static final char[] CHAR_SET_FOR_TAN = "ABCDEFGHJKLMNPQRSTUVWXYZ23456789".toCharArray(); | ||
|
||
private String rawTan; | ||
private String hashedTan; | ||
|
||
private Tan() { | ||
} | ||
|
||
/** | ||
* Create new TAN object with a TAN and the hash of the TAN. The TAN is constructed from a charset consisting | ||
* of A-Z (exclcuding I and O) and 2-9. | ||
* | ||
* @return the newly created TAN object | ||
*/ | ||
public static Tan create() { | ||
Tan retVal = new Tan(); | ||
retVal.rawTan = retVal.generateNewTan(); | ||
retVal.hashedTan = HashUtil.sha256Base64(retVal.rawTan); | ||
return retVal; | ||
} | ||
|
||
private String generateNewTan() { | ||
SecureRandom random = new SecureRandom(); | ||
long rnd = random.nextLong(); | ||
int radixLen = CHAR_SET_FOR_TAN.length; | ||
StringBuilder tan = new StringBuilder(); | ||
while (tan.length() < TAN_LENGTH) { | ||
if (rnd == 0) { | ||
rnd = random.nextLong(); | ||
continue; | ||
} | ||
tan.append(CHAR_SET_FOR_TAN[Math.abs((int) (rnd % radixLen))]); | ||
rnd /= radixLen; | ||
} | ||
return tan.toString(); | ||
} | ||
|
||
public String getRawTan() { | ||
return rawTan; | ||
} | ||
|
||
public String getHashedTan() { | ||
return hashedTan; | ||
} | ||
} |
Oops, something went wrong.