Merge branch 'develop'

open-eid · May 10, 2024 · c2b6ae1 · c2b6ae1
2 parents bd4a58c + 6e9f178
commit c2b6ae1
Show file tree

Hide file tree

Showing 10 changed files with 192 additions and 84 deletions.
diff --git a/Readme.md b/Readme.md
@@ -22,17 +22,17 @@ towards sample APIs.
 
 **Preconditions**:
 
-- Java 17
+1. **Java JDK 17** - to compile and run SiVa demo
+2. **SiVa parent project** - Can be found [here](https://github.com/open-eid/SiGa)
 
-### Option 1: Running with SiGa locally
-
-To build the docker image run the following command:
+### Option 1: Running SiGa locally with Docker
 
+1. Docker must be installed and running.
+2. Build SiGa demo application docker image:
 ```
-./mvnw spring-boot:build-image
+./mvnw clean spring-boot:build-image
 ```
-
-Then, follow the Docker instructions at [SiGa webapp](https://github.com/open-eid/SiGa) to run both apps at the same
+3. Then, follow the "Running SiGa with Docker" instructions at [SiGa webapp](https://github.com/open-eid/SiGa) to run both apps at the same
 time.
 
 If everything was successful, open up the browser at `https://siga-demo.localhost:9443/`.
@@ -45,8 +45,9 @@ If everything was successful, open up the browser at `https://siga-demo.localhos
 
 ```
 siga.api.uri=https://siga.localhost:8443/siga
-siga.api.trustStore=file:/path/to/siga_server_truststore.p12
-siga.api.trustStorePassword=changeit
+siga.api.trust-store=file:/path/to/siga_server_truststore.p12
+siga.api.trust-store-password=changeit
+siga.api.trust-store-type=PKCS12
 siga.client.hmac.algorithm=HmacSHA256
 siga.client.hmac.service-uuid=a7fd7728-a3ea-4975-bfab-f240a67e894f
 siga.client.hmac.shared-signing-key=746573745365637265744b6579303031
@@ -55,7 +56,9 @@ siga.client.hmac.shared-signing-key=746573745365637265744b6579303031
 | Parameter           | Description | Example |
 |---------------------|-------------|---------|
 | siga.api.uri        | SIGA server URL (without slash symbol in the end) | `https://siga.localhost:8443/siga` |
-| siga.api.trustStore | Location of the trustore containing servers certificate or CA (path without quotes symbol) | `file:/path/to/siga_server_truststore.p12` |
+| siga.api.trust-store | Location of the trustore containing server's certificate or CA (path without quotes symbol) | `classpath:siga_server_truststore.p12` or `file:/path/to/siga_server_truststore.p12` |
+| siga.api.trust-store-password | Password of the trustore containing server's certificate or CA. | `changeit` |
+| siga.api.trust-store-type | Type of the trustore containing server's certificate or CA. Defaults to system default if not provided. | `PKCS12` |
 
 2. Build this project
 

diff --git a/pom.xml b/pom.xml
@@ -6,61 +6,49 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.7.15</version>
+        <version>3.1.4</version>
     </parent>
 
     <groupId>ee.openeid.siga.client</groupId>
     <artifactId>siga-demo-application</artifactId>
-    <version>3.2.0</version>
+    <version>3.3.0</version>
     <description>Contains SiGa demo client application</description>
     <packaging>jar</packaging>
 
     <properties>
         <java.version>17</java.version>
         <spring-boot.build-image.builder>paketobuildpacks/builder:tiny</spring-boot.build-image.builder>
         <spring-boot.build-image.imageName>${project.artifactId}:latest</spring-boot.build-image.imageName>
-
-        <!-- Override vulnerable dependencies that are pulled in via Spring boot -->
-        <!-- TODO: Amend this list when Spring Boot version is updated! -->
-        <tomcat.version>9.0.80</tomcat.version>
-        <thymeleaf.version>3.1.2.RELEASE</thymeleaf.version>
     </properties>
 
     <dependencies>
-        <dependency>
-            <groupId>org.projectlombok</groupId>
-            <artifactId>lombok</artifactId>
-            <version>1.18.28</version>
-        </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-classic</artifactId>
-            <version>1.2.12</version>
         </dependency>
         <dependency>
             <groupId>ch.qos.logback</groupId>
             <artifactId>logback-core</artifactId>
-            <version>1.2.12</version>
         </dependency>
         <dependency>
             <groupId>co.elastic.logging</groupId>
             <artifactId>logback-ecs-encoder</artifactId>
             <version>1.5.0</version>
         </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-test</artifactId>
+            <artifactId>spring-boot-starter-web</artifactId>
             <exclusions>
                 <exclusion>
                     <groupId>org.yaml</groupId>
                     <artifactId>snakeyaml</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-        </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-cache</artifactId>
@@ -86,39 +74,55 @@
         <dependency>
             <groupId>jakarta.ws.rs</groupId>
             <artifactId>jakarta.ws.rs-api</artifactId>
-            <version>3.1.0</version>
         </dependency>
         <dependency>
             <groupId>jakarta.xml.bind</groupId>
             <artifactId>jakarta.xml.bind-api</artifactId>
-            <version>4.0.0</version>
-        </dependency>
-        <dependency>
-            <groupId>org.glassfish.jaxb</groupId>
-            <artifactId>jaxb-runtime</artifactId>
-            <version>4.0.3</version>
         </dependency>
 
         <dependency>
             <groupId>org.digidoc4j</groupId>
             <artifactId>digidoc4j</artifactId>
             <version>5.2.0</version>
             <exclusions>
+                <exclusion>
+                    <groupId>ch.qos.logback</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>com.sun.xml.bind</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>jakarta.activation</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>jakarta.xml.bind</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.apache.santuario</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.bouncycastle</groupId>
                     <artifactId>*</artifactId>
                 </exclusion>
+                <exclusion>
+                    <groupId>org.glassfish.jaxb</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
+                <exclusion>
+                    <groupId>org.slf4j</groupId>
+                    <artifactId>*</artifactId>
+                </exclusion>
                 <exclusion>
                     <groupId>org.yaml</groupId>
                     <artifactId>snakeyaml</artifactId>
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>org.apache.httpcomponents</groupId>
-            <artifactId>httpclient</artifactId>
-            <version>4.5.14</version>
-        </dependency>
         <dependency>
             <groupId>org.bouncycastle</groupId>
             <artifactId>bcpkix-jdk15on</artifactId>
@@ -218,14 +222,15 @@
         </dependency>
 
         <dependency>
-            <groupId>org.junit.vintage</groupId>
-            <artifactId>junit-vintage-engine</artifactId>
-            <scope>test</scope>
-        </dependency>
-        <dependency>
-            <groupId>junit</groupId>
-            <artifactId>junit</artifactId>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
+            <exclusions>
+                <exclusion>
+                    <groupId>org.yaml</groupId>
+                    <artifactId>snakeyaml</artifactId>
+                </exclusion>
+            </exclusions>
         </dependency>
     </dependencies>
 
@@ -238,7 +243,7 @@
             <plugin>
                 <groupId>org.apache.cxf</groupId>
                 <artifactId>cxf-wadl2java-plugin</artifactId>
-                <version>4.0.2</version>
+                <version>4.0.3</version>
                 <executions>
                     <execution>
                         <id>generate-sources</id>

diff --git a/src/main/java/ee/openeid/siga/client/configuration/SiGaApiConfig.java b/src/main/java/ee/openeid/siga/client/configuration/SiGaApiConfig.java
@@ -0,0 +1,56 @@
+package ee.openeid.siga.client.configuration;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.hc.core5.ssl.SSLContextBuilder;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+
+import javax.net.ssl.SSLContext;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateException;
+import java.util.Optional;
+
+@Configuration
+public class SiGaApiConfig {
+
+    @Bean
+    SSLContext sigaApiSslContext(SiGaDemoProperties.SigaApi sigaApiProperties) {
+        try {
+            return new SSLContextBuilder()
+                    .loadTrustMaterial(loadTrustStore(sigaApiProperties), null)
+                    .build();
+        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException e) {
+            throw new IllegalStateException("Failed to create SiGa API SSL context", e);
+        }
+    }
+
+    private static KeyStore loadTrustStore(SiGaDemoProperties.SigaApi sigaApiProperties) {
+        String trustStoreType = Optional
+                .ofNullable(sigaApiProperties.trustStoreType())
+                .filter(StringUtils::isNotBlank)
+                .orElse(KeyStore.getDefaultType());
+
+        KeyStore trustStore;
+        try {
+            trustStore = KeyStore.getInstance(trustStoreType);
+        } catch (KeyStoreException e) {
+            throw new IllegalStateException("Failed to create keystore of type: " + trustStoreType, e);
+        }
+
+        Resource trustStoreResource = sigaApiProperties.trustStore();
+        try (InputStream in = trustStoreResource.getInputStream()) {
+            trustStore.load(in, sigaApiProperties.trustStorePassword());
+        } catch (CertificateException | IOException | NoSuchAlgorithmException | NullPointerException e) {
+            throw new IllegalStateException("Failed to load truststore: " + trustStoreResource, e);
+        }
+
+        return trustStore;
+    }
+
+}
diff --git a/src/main/java/ee/openeid/siga/client/configuration/SiGaDemoProperties.java b/src/main/java/ee/openeid/siga/client/configuration/SiGaDemoProperties.java
@@ -1,25 +1,26 @@
 package ee.openeid.siga.client.configuration;
 
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.boot.context.properties.ConstructorBinding;
+import org.springframework.core.io.Resource;
 
-@ConstructorBinding
 @ConfigurationProperties(prefix = "siga")
 public record SiGaDemoProperties(SigaClient client, SigaApi api) {
 
-    @ConstructorBinding
     @ConfigurationProperties(prefix = "siga.client")
     public record SigaClient(Hmac hmac) {
     }
 
-    @ConstructorBinding
     @ConfigurationProperties(prefix = "siga.client.hmac")
     public record Hmac(String algorithm, String serviceUuid, String sharedSigningKey) {
     }
 
-    @ConstructorBinding
     @ConfigurationProperties(prefix = "siga.api")
-    public record SigaApi(String uri, String trustStore, String trustStorePassword) {
+    public record SigaApi(
+            String uri,
+            Resource trustStore,
+            char[] trustStorePassword,
+            String trustStoreType
+    ) {
         @Override
         public String uri() {
             return uri + "/";

diff --git a/src/main/java/ee/openeid/siga/client/hashcode/HashcodeContainerWriter.java b/src/main/java/ee/openeid/siga/client/hashcode/HashcodeContainerWriter.java
@@ -83,7 +83,7 @@ public void writeSignatures(List<byte[]> wrappers) {
     public void writeManifest(List<HashcodeDataFile> hashcodeDataFiles) {
         List<DataFile> dataFiles = convertDataFiles(hashcodeDataFiles);
         final AsicManifest asicManifest = new AsicManifest(Container.DocumentType.ASICE.name());
-        asicManifest.addFileEntry(dataFiles);
+        asicManifest.addFileEntries(dataFiles);
         new EntryCallback(new ZipEntry(AsicManifest.XML_PATH)) {
             @Override
             void doWithEntryStream(OutputStream stream) {