Commit 27fca0a0 authored by Tobias Assmann's avatar Tobias Assmann
Browse files

rename webserver to ssa; add stuff for tctoken codegen and service method

parent dd977c7a
......@@ -17,3 +17,4 @@ packer/
.classpath
.settings
*/**/.settings
/bin/
......@@ -64,13 +64,15 @@ services:
POSTGRES_USER: ejbca
POSTGRES_PASSWORD: password
webserver:
image: "reqesidta/webserver"
container_name: "reqesidta_webserver"
ssa:
image: "reqesidta/ssa"
container_name: "reqesidta_ssa"
build:
context: ./webserver
context: ./ssa
networks:
- reqesidta_net
reqesidta_net:
aliases:
- ssa.docker.reqesidta.de
depends_on:
- poseidas
- ejbca
......@@ -80,7 +82,7 @@ services:
- "127.0.0.1:29990:9990"
- "127.0.0.1:9797:9797"
volumes:
- ./webserver/dist:/opt/jboss/wildfly/standalone/deployments/:rw
- ./ssa/dist:/opt/jboss/wildfly/standalone/deployments/:rw
sam:
image: "reqesidta/sam"
......
......@@ -3,7 +3,7 @@
ARG WILDFLY_IMAGE=jboss/wildfly:17.0.1.Final
FROM $WILDFLY_IMAGE
# we need this for consuming the eID SOAP service
# we need wsdl and cert for consuming the eID SOAP service
COPY wsdl/* /opt/jboss/
COPY ssl/poseidas.docker.reqesidta.de.crt /opt/poseidas.docker.reqesidta.de.crt
......
ssa-server.war
\ No newline at end of file
......@@ -16,7 +16,7 @@
<name>server</name>
<properties>
<war.dist.target>${basedir}/../../docker/webserver/dist/</war.dist.target>
<war.dist.target>${basedir}/../../docker/ssa/dist/</war.dist.target>
</properties>
<build>
......@@ -26,6 +26,7 @@
<artifactId>maven-war-plugin</artifactId>
<configuration>
<outputDirectory>${war.dist.target}</outputDirectory>
<!-- war name is used as context path if nothing else is specified -->
<warName>ssa-server</warName>
</configuration>
</plugin>
......@@ -98,43 +99,53 @@
</execution>
</executions>
</plugin>
<!-- code generation for tctoken response -->
<plugin>
<groupId>org.codehaus.mojo</groupId>
<artifactId>jaxb2-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>xjc</goal>
</goals>
</execution>
</executions>
<configuration>
<generateEpisode>false</generateEpisode>
<packageName>reqesidta.ssa.generated</packageName>
<sources>
<source>${basedir}/src/main/resources/xsd/tctoken.xsd</source>
</sources>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<!-- logging -->
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
</dependency>
<!-- needed for webservice stuff -->
<dependency>
<groupId>javax</groupId>
<artifactId>javaee-api</artifactId>
<version>8.0.1</version>
<scope>provided</scope>
</dependency>
<!-- used for configuration implementation -->
<dependency>
<groupId>com.typesafe</groupId>
<artifactId>config</artifactId>
</dependency>
<!-- used for crypto -->
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.62</version>
</dependency>
<!--Test-->
<!-- JSON-B API and Yasson (JSON-B implementation)
<dependency>
<groupId>jakarta.json.bind</groupId>
<artifactId>jakarta.json.bind-api</artifactId>
<version>1.0.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.eclipse</groupId>
<artifactId>yasson</artifactId>
<version>1.0.3</version>
<scope>test</scope>
</dependency>-->
<dependency>
<groupId>org.testng</groupId>
<artifactId>testng</artifactId>
......
......@@ -22,18 +22,8 @@ public class ApplicationConfig extends Application {
@Override
public Set<Class<?>> getClasses() {
Set<Class<?>> resources = new java.util.HashSet<>();
addRestResourceClasses(resources);
return resources;
}
/**
* Do not modify addRestResourceClasses() method.
* It is automatically populated with
* all resources defined in the project.
* If required, comment out calling this method in getClasses().
*/
private void addRestResourceClasses(Set<Class<?>> resources) {
resources.add(reqesidta.ssa.api.SsaService.class);
resources.add(reqesidta.ssa.api.EidService.class);
return resources;
}
}
package reqesidta.ssa.api;
import java.util.Optional;
import javax.inject.Inject;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.Produces;
import javax.xml.bind.JAXBElement;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import de.bund.bsi.eid.UseIDResponseType;
import reqesidta.ssa.config.SSAConfig;
import reqesidta.ssa.eid.EID_Client;
import reqesidta.ssa.generated.ObjectFactory;
import reqesidta.ssa.generated.TCTokenType;
import reqesidta.ssa.session.Session;
import reqesidta.ssa.session.SessionStore;
/**
* WebServices for eid
*
* @author Tobias Assmann
*/
@Path("/eid")
public class EidService {
private static final Logger log = LoggerFactory.getLogger(EidService.class);
@Inject private SSAConfig config;
@Inject private SessionStore sessionStore;
@Inject private EID_Client eidClient;
@GET
@Produces(MediaType.TEXT_XML)
@Path("/tctoken/{sessionId}")
public JAXBElement<TCTokenType> tcToken(@PathParam("sessionId") String sessionId) {
log.debug("tctoken got sessionId:"+sessionId);
// read session
Optional<Session> sessionOpt = sessionStore.getSession(sessionId);
if (!sessionOpt.isPresent()) {
throw new NotFoundException();
}
Session session = sessionOpt.get();
Optional<Object> sessionValOpt = session.get(Session.KEY_DOCUMENT_HASH);
if (!sessionValOpt.isPresent()) {
throw new NotFoundException();
}
byte[] documentHash = (byte[])sessionValOpt.get();
// get stuff from eID useID
UseIDResponseType useID_return = eidClient.useId(documentHash);
String eidSessionID = useID_return.getPSK().getID();
// replace session key for user with sessionID from eID
// build response
TCTokenType tcToken = new TCTokenType();
tcToken.setServerAddress(useID_return.getECardServerAddress());
tcToken.setSessionIdentifier(eidSessionID);
tcToken.setRefreshAddress(this.config.getBaseUrl()+"/refresh/"+eidSessionID);
tcToken.setBinding("urn:liberty:paos:2006-08"); // val comes from spec
// only add psk if we got a key from eID server
if (useID_return.getPSK().getKey() != null) {
tcToken.setPathSecurityProtocol("urn:ietf:rfc:4279"); // val comes from spec
TCTokenType.PathSecurityParameters psp = new TCTokenType.PathSecurityParameters();
psp.setPSK(useID_return.getPSK().getKey());
tcToken.setPathSecurityParameters(psp);
}
return new ObjectFactory().createTCTokenType(tcToken);
}
}
......@@ -9,7 +9,6 @@
***************************************************************************/
package reqesidta.ssa.api;
import java.util.Optional;
import javax.inject.Inject;
import javax.json.bind.Jsonb;
import javax.json.bind.JsonbBuilder;
......@@ -18,36 +17,34 @@ import javax.json.bind.config.BinaryDataStrategy;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.POST;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import reqesidta.ssa.sa.CertificateAuthorityClient;
import reqesidta.ssa.session.SessionStore;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import reqesidta.ssa.config.SSAConfig;
import reqesidta.ssa.eid.EID_Client;
import reqesidta.ssa.session.Session;
import reqesidta.ssa.session.SessionStore;
/**
* WebServices for ssa
*
* @author Neil Crossley, Tobias Assmann
*/
@Path("/")
@Path("/ssa")
public class SsaService {
private static final Logger log = LoggerFactory.getLogger(SsaService.class);
private Jsonb jsonb;
@Inject private SSAConfig config;
@Inject private CertificateAuthorityClient caClient;
// @Inject private CertificateAuthorityClient caClient;
@Inject private SessionStore sessionStore;
@Inject private EID_Client eidClient;
public SsaService() {
JsonbConfig config = new JsonbConfig()
......@@ -70,7 +67,7 @@ public class SsaService {
session.set(Session.KEY_SIGNATURE_ALGORITHM, req.signatureAlgorithm);
session.set(Session.KEY_DOCUMENT_HASH, req.documentHash);
InitResponse response = new InitResponse();
response.tcTokenUrl = "/tctoken/" + session.getId();
response.tcTokenUrl = this.config.getBaseUrl()+"/eid/tctoken/"+session.getId();
String respAsJson = jsonb.toJson(response);
log.debug("init send response:"+respAsJson);
......@@ -78,27 +75,10 @@ public class SsaService {
}
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/tctoken/{sessionId}")
public Response tcToken(@PathParam("sessionId") String sessionId) {
log.debug("tctoken got sessionId:"+sessionId);
Optional<Session> sessionOpt = sessionStore.getSession(sessionId);
if (!sessionOpt.isPresent()) {
throw new NotFoundException();
}
Session session = sessionOpt.get();
Optional<Object> sessionValOpt = session.get(Session.KEY_DOCUMENT_HASH);
if (!sessionValOpt.isPresent()) {
throw new NotFoundException();
}
byte[] documentHash = (byte[])sessionValOpt.get();
eidClient.useId(documentHash);
//InitResponse response = new InitResponse();
//response.tcTokenUrl = "/createtoken/" + session.getId();
//String respAsJson = jsonb.toJson(response);
@Path("/refresh/{sessionId}")
public Response refresh(@PathParam("sessionId") String sessionId) {
return Response.ok("{foo:bar}").build();
return Response.ok().build();
}
@POST
......
......@@ -17,8 +17,8 @@ public class SSAConfig {
private int sessionMaxAge;
private int sessionCheckAgeInterval;
private String baseUrl;
private String eidUrl;
private int eidPort;
private CertificateAuthorityConfig caConfig;
public int getSessionMaxAge() {
......@@ -37,6 +37,14 @@ public class SSAConfig {
this.sessionCheckAgeInterval = sessionCheckAgeInterval;
}
public String getBaseUrl() {
return this.baseUrl;
}
public void setBaseUrl(String baseUrl) {
this.baseUrl = baseUrl;
}
public String getEidUrl() {
return this.eidUrl;
}
......@@ -44,6 +52,7 @@ public class SSAConfig {
public void setEidUrl(String eidUrl) {
this.eidUrl = eidUrl;
}
public CertificateAuthorityConfig getCaConfig() {
return caConfig;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment