Merge pull request #12 from MobileID-Strong-Authentication/dev-sslctx-restcfg

Support for REST endpoints, sslcontext protocol config, added geofencing param for mobileid cli

Author: thomas4v

mid-java-client-core/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>ch.mobileid.mid-java-client</groupId>
         <artifactId>mid-java-client-parent</artifactId>
-        <version>1.5.4</version>
+        <version>1.5.5</version>
     </parent>
 
     <artifactId>mid-java-client-core</artifactId>

mid-java-client-rest/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>ch.mobileid.mid-java-client</groupId>
         <artifactId>mid-java-client-parent</artifactId>
-        <version>1.5.4</version>
+        <version>1.5.5</version>
     </parent>
 
     <artifactId>mid-java-client-rest</artifactId>

mid-java-client-rest/src/main/java/ch/swisscom/mid/client/rest/ComProtocolHandlerRestImpl.java

@@ -51,6 +51,7 @@
 import java.security.KeyStore;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
 
 import ch.swisscom.mid.client.MIDFlowException;
@@ -102,15 +103,26 @@ public void initialize(ClientConfiguration config) {
                 .loadKeyMaterial(produceAKeyStore(tlsConfig),
                                  tlsConfig.getKeyStoreKeyPassword() == null ? null : tlsConfig.getKeyStoreKeyPassword().toCharArray(),
                                  produceAPrivateKeyStrategy(tlsConfig));
+
+            if (tlsConfig.getSslContext() != null) {
+                sslContextBuilder.setProtocol(tlsConfig.getSslContext());
+            }
+
             if (trustStoreIsConfigured(tlsConfig)) {
                 sslContextBuilder.loadTrustMaterial(produceATrustStore(tlsConfig), null);
             }
+
+            final SSLContext sslCtx = sslContextBuilder.build();
             if (tlsConfig.isHostnameVerification()) {
-                sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build());
+                sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx);
             } else {
-                sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContextBuilder.build(),
+                sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslCtx,
                                                                             NoopHostnameVerifier.INSTANCE);
             }
+
+            if (tlsConfig.getSslContext() == null && sslCtx != null) {
+                logConfig.debug("Evaluated sslContext protocol for Rest HTTP Client = [{}]", sslCtx.getProtocol());
+            }
         } catch (Exception e) {
             throw new ConfigurationException("Failed to configure the TLS/SSL connection factory for the MID client", e);
         }
@@ -149,6 +161,8 @@ public void initialize(ClientConfiguration config) {
             .setConnectionManager(connectionManager)
             .setDefaultRequestConfig(httpClientRequestConfig)
             .build();
+
+
     }
 
     @Override
@@ -271,9 +285,10 @@ private void logTlsConfiguration(TlsConfiguration tlsConfig) {
                        "key store type: [{}], " +
                        "key store alias: [{}], " +
                        "trust store source: [{}], " +
-                       "trust store type: [{}]",
+                       "trust store type: [{}], " +
+                       "tls ssl context: [{}]",
                        keyStoreSource, tlsConfig.getKeyStoreType(), tlsConfig.getKeyStoreCertificateAlias(),
-                       trustStoreSource, tlsConfig.getTrustStoreType());
+                       trustStoreSource, tlsConfig.getTrustStoreType(), tlsConfig.getSslContext());
     }
 
     private KeyStore produceAKeyStore(TlsConfiguration tlsConfig) {

mid-java-client-rest/src/test/java/ch/swisscom/mid/client/rest/AsyncSignatureTest.java

@@ -15,6 +15,7 @@
  */
 package ch.swisscom.mid.client.rest;
 
+import ch.swisscom.mid.client.config.TlsConfiguration;
 import com.github.tomakehurst.wiremock.WireMockServer;
 import com.github.tomakehurst.wiremock.http.MimeType;
 import com.github.tomakehurst.wiremock.stubbing.Scenario;
@@ -30,8 +31,7 @@
 import ch.swisscom.mid.client.model.*;
 
 import static ch.swisscom.mid.client.rest.TestData.*;
-import static ch.swisscom.mid.client.rest.TestSupport.buildConfig;
-import static ch.swisscom.mid.client.rest.TestSupport.fileToString;
+import static ch.swisscom.mid.client.rest.TestSupport.*;
 import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
 import static com.github.tomakehurst.wiremock.client.WireMock.containing;
 import static com.github.tomakehurst.wiremock.client.WireMock.post;
@@ -52,7 +52,7 @@ public static void setUpThisClass() {
         server = new WireMockServer(options().port(8089));
         server.start();
 
-        client = new MIDClientImpl(buildConfig());
+        client = new MIDClientImpl(buildConfig(buildTlsConfig("TLSv1.2")));
     }
 
     @BeforeEach
@@ -228,5 +228,4 @@ private static SignatureRequest buildSignatureRequest() {
         request.addAdditionalService(new GeofencingAdditionalService());
         return request;
     }
-
 }

mid-java-client-rest/src/test/java/ch/swisscom/mid/client/rest/ProfileQueryTest.java

@@ -15,28 +15,22 @@
  */
 package ch.swisscom.mid.client.rest;
 
-import com.github.tomakehurst.wiremock.WireMockServer;
-import com.github.tomakehurst.wiremock.http.MimeType;
-
-import org.junit.jupiter.api.AfterAll;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
-
 import ch.swisscom.mid.client.MIDClient;
 import ch.swisscom.mid.client.config.DefaultConfiguration;
 import ch.swisscom.mid.client.impl.MIDClientImpl;
 import ch.swisscom.mid.client.model.ProfileRequest;
 import ch.swisscom.mid.client.model.ProfileResponse;
 import ch.swisscom.mid.client.model.SignatureProfiles;
+import com.github.tomakehurst.wiremock.WireMockServer;
+import com.github.tomakehurst.wiremock.http.MimeType;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
 
 import static ch.swisscom.mid.client.rest.TestData.CUSTOM_AP_ID;
 import static ch.swisscom.mid.client.rest.TestData.CUSTOM_AP_PASSWORD;
-import static ch.swisscom.mid.client.rest.TestSupport.buildConfig;
-import static ch.swisscom.mid.client.rest.TestSupport.fileToString;
-import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
-import static com.github.tomakehurst.wiremock.client.WireMock.containing;
-import static com.github.tomakehurst.wiremock.client.WireMock.post;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
+import static ch.swisscom.mid.client.rest.TestSupport.*;
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
 import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.options;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.contains;
@@ -51,7 +45,7 @@ public static void setUpThisClass() {
         server = new WireMockServer(options().port(8089));
         server.start();
 
-        client = new MIDClientImpl(buildConfig());
+        client = new MIDClientImpl(buildConfig(buildTlsConfig("TLSv1.1")));
     }
 
     @AfterAll
@@ -65,31 +59,31 @@ public static void tearDownThisClass() {
     @Test
     public void testProfileQuery_success() {
         server.stubFor(
-            post(urlEqualTo(DefaultConfiguration.REST_ENDPOINT_SUB_URL))
-                .willReturn(
-                    aResponse()
-                        .withHeader("Content-Type", MimeType.JSON.toString())
-                        .withBody(fileToString("/samples/rest-response-profile-query.json"))));
+                post(urlEqualTo(DefaultConfiguration.REST_ENDPOINT_SUB_URL))
+                        .willReturn(
+                                aResponse()
+                                        .withHeader("Content-Type", MimeType.JSON.toString())
+                                        .withBody(fileToString("/samples/rest-response-profile-query.json"))));
 
         ProfileRequest request = new ProfileRequest();
         request.getMobileUser().setMsisdn("418888888888");
         request.setExtensionParamsToAllValues();
 
         ProfileResponse response = client.requestProfile(request);
         assertThat(response.getSignatureProfiles(),
-                   contains(SignatureProfiles.ANY_LOA4, SignatureProfiles.DEFAULT_PROFILE, SignatureProfiles.STK_LOA4));
+                contains(SignatureProfiles.ANY_LOA4, SignatureProfiles.DEFAULT_PROFILE, SignatureProfiles.STK_LOA4));
     }
 
     @Test
     public void testProfileQuery_success_customApIdAndPassword() {
         server.stubFor(
-            post(urlEqualTo(DefaultConfiguration.REST_ENDPOINT_SUB_URL))
-                .withRequestBody(containing("\"" + CUSTOM_AP_ID + "\""))
-                .withRequestBody(containing("\"" + CUSTOM_AP_PASSWORD + "\""))
-                .willReturn(
-                    aResponse()
-                        .withHeader("Content-Type", MimeType.JSON.toString())
-                        .withBody(fileToString("/samples/rest-response-profile-query.json"))));
+                post(urlEqualTo(DefaultConfiguration.REST_ENDPOINT_SUB_URL))
+                        .withRequestBody(containing("\"" + CUSTOM_AP_ID + "\""))
+                        .withRequestBody(containing("\"" + CUSTOM_AP_PASSWORD + "\""))
+                        .willReturn(
+                                aResponse()
+                                        .withHeader("Content-Type", MimeType.JSON.toString())
+                                        .withBody(fileToString("/samples/rest-response-profile-query.json"))));
 
         ProfileRequest request = new ProfileRequest();
         request.getMobileUser().setMsisdn("418888888888");
@@ -99,7 +93,6 @@ public void testProfileQuery_success_customApIdAndPassword() {
 
         ProfileResponse response = client.requestProfile(request);
         assertThat(response.getSignatureProfiles(),
-                   contains(SignatureProfiles.ANY_LOA4, SignatureProfiles.DEFAULT_PROFILE, SignatureProfiles.STK_LOA4));
+                contains(SignatureProfiles.ANY_LOA4, SignatureProfiles.DEFAULT_PROFILE, SignatureProfiles.STK_LOA4));
     }
-
 }

mid-java-client-rest/src/test/java/ch/swisscom/mid/client/rest/SyncSignatureTest.java

@@ -15,6 +15,7 @@
  */
 package ch.swisscom.mid.client.rest;
 
+import ch.swisscom.mid.client.config.TlsConfiguration;
 import com.github.tomakehurst.wiremock.WireMockServer;
 import com.github.tomakehurst.wiremock.http.MimeType;
 
@@ -30,8 +31,8 @@
 
 import static ch.swisscom.mid.client.rest.TestData.CUSTOM_AP_ID;
 import static ch.swisscom.mid.client.rest.TestData.CUSTOM_AP_PASSWORD;
-import static ch.swisscom.mid.client.rest.TestSupport.buildConfig;
-import static ch.swisscom.mid.client.rest.TestSupport.fileToString;
+import static ch.swisscom.mid.client.rest.TestSupport.*;
+import static ch.swisscom.mid.client.rest.TestSupport.fileToBytes;
 import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
 import static com.github.tomakehurst.wiremock.client.WireMock.containing;
 import static com.github.tomakehurst.wiremock.client.WireMock.post;
@@ -52,7 +53,8 @@ public static void setUpThisClass() {
         server = new WireMockServer(options().port(8089));
         server.start();
 
-        client = new MIDClientImpl(buildConfig());
+        // client = new MIDClientImpl(buildConfig(buildTlsConfig("TLSv1.1")));
+        client = new MIDClientImpl(buildConfig(buildTlsConfig(null)));
     }
 
     @AfterAll
@@ -165,5 +167,4 @@ private static SignatureRequest buildSignatureRequest() {
         request.addAdditionalService(new GeofencingAdditionalService());
         return request;
     }
-
 }

mid-java-client-rest/src/test/java/ch/swisscom/mid/client/rest/TestSupport.java

@@ -29,7 +29,7 @@
 
 public class TestSupport {
 
-    public static ClientConfiguration buildConfig() {
+    public static ClientConfiguration buildConfig(TlsConfiguration customTlsCfg) {
         ClientConfiguration config = new ClientConfiguration();
         config.setProtocolToRest();
         config.setApId("mid://test.swisscom.ch");
@@ -38,14 +38,18 @@ public static ClientConfiguration buildConfig() {
         UrlsConfiguration urls = config.getUrls();
         urls.setAllServiceUrlsTo("http://localhost:8089" + DefaultConfiguration.REST_ENDPOINT_SUB_URL);
 
-        TlsConfiguration tls = config.getTls();
-        tls.setKeyStoreBytes(fileToBytes("/empty-store.jks"));
-        tls.setKeyStorePassword("secret");
-        tls.setKeyStoreKeyPassword("secret");
-        tls.setKeyStoreCertificateAlias("alias");
-        tls.setTrustStoreBytes(fileToBytes("/empty-store.jks"));
-        tls.setTrustStorePassword("secret");
-        tls.setHostnameVerification(false);
+        if (customTlsCfg != null) {
+            config.setTls(customTlsCfg);
+        } else {
+            TlsConfiguration tls = config.getTls();
+            tls.setKeyStoreBytes(fileToBytes("/empty-store.jks"));
+            tls.setKeyStorePassword("secret");
+            tls.setKeyStoreKeyPassword("secret");
+            tls.setKeyStoreCertificateAlias("alias");
+            tls.setTrustStoreBytes(fileToBytes("/empty-store.jks"));
+            tls.setTrustStorePassword("secret");
+            tls.setHostnameVerification(false);
+        }
 
         HttpConfiguration http = config.getHttp();
         http.setConnectionTimeoutInMs(2 * 1000);
@@ -70,5 +74,19 @@ public static byte[] fileToBytes(String fileName) {
         }
     }
 
+    public static TlsConfiguration buildTlsConfig(String sslContext) {
+        TlsConfiguration tls = new TlsConfiguration();
+        tls.setKeyStoreBytes(fileToBytes("/empty-store.jks"));
+        tls.setKeyStorePassword("secret");
+        tls.setKeyStoreKeyPassword("secret");
+        tls.setKeyStoreCertificateAlias("alias");
+        tls.setTrustStoreBytes(fileToBytes("/empty-store.jks"));
+        tls.setTrustStorePassword("secret");
+        tls.setHostnameVerification(false);
+        if (sslContext != null) {
+            tls.setSslContext(sslContext);
+        }
+        return tls;
+    }
 
 }

mid-java-client-soap/pom.xml

@@ -6,7 +6,7 @@
     <parent>
         <groupId>ch.mobileid.mid-java-client</groupId>
         <artifactId>mid-java-client-parent</artifactId>
-        <version>1.5.4</version>
+        <version>1.5.5</version>
     </parent>
 
     <artifactId>mid-java-client-soap</artifactId>