FDP-94: Add option to not use organisation certificates

Signed-off-by: Jasper Kamerling <[email protected]>
OSGP · Nov 23, 2023 · 78105a2 · 78105a2
1 parent 5654742
commit 78105a2
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 9 deletions.
diff --git a/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java b/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java
@@ -94,15 +94,19 @@ public void handleRequest(
     }
 
     String organisationName = null;
-    if (request.getAttribute(DEFAULT_REQUEST_ATTR_NAME)
-            instanceof final SecurityContext securityContext
-        && securityContext.getAuthentication().getPrincipal() instanceof final User organisation) {
-      organisationName = organisation.getUsername();
-    }
-    if (organisationName == null) {
-      LOGGER.error("Unable to find client certificate, returning 500.");
-      createErrorResponse(response);
-      return;
+    if(soapConfiguration.getUseOrganisationFromRequest()) {
+      if (request.getAttribute(DEFAULT_REQUEST_ATTR_NAME)
+              instanceof final SecurityContext securityContext
+              && securityContext.getAuthentication().getPrincipal() instanceof final User organisation) {
+        organisationName = organisation.getUsername();
+      }
+      if (organisationName == null) {
+        LOGGER.error("Unable to find client certificate, returning 500.");
+        createErrorResponse(response);
+        return;
+      }
+    } else {
+      organisationName = "";
     }
 
     // Cache the incoming connection.

diff --git a/...rc/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt b/...rc/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt
@@ -18,6 +18,15 @@ class SoapConfigurationProperties(
      * Timeouts for specific functions.
      */
     val customTimeouts: Map<String, Int> = emptyMap(),
+    /**
+     * TODO Can we search for certificates on both sides
+     *
+     * Property to not set common name based on the organisation on requests published to Kafka.
+     *
+     * This makes it so the other listening proxy doesn't search for certificates by [org.gxf.soapbridge.valueobjects.ProxyServerRequestMessage.commonName].
+     * Instead, the other proxy will generate a new ssl context.
+     */
+    val useOrganisationFromRequest: Boolean = true,
     val callEndpoint: SoapEndpointConfiguration,
 )