From 78105a2f8a5dfccf9ac486bce3b99e8691d392a5 Mon Sep 17 00:00:00 2001 From: Jasper Kamerling Date: Thu, 23 Nov 2023 14:46:58 +0100 Subject: [PATCH 1/3] FDP-94: Add option to not use organisation certificates Signed-off-by: Jasper Kamerling --- .../soap/endpoints/SoapEndpoint.java | 22 +++++++++++-------- .../properties/SoapConfigurationProperties.kt | 9 ++++++++ 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java b/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java index 88dfe75..7b3dadd 100644 --- a/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java +++ b/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java @@ -94,15 +94,19 @@ public void handleRequest( } String organisationName = null; - if (request.getAttribute(DEFAULT_REQUEST_ATTR_NAME) - instanceof final SecurityContext securityContext - && securityContext.getAuthentication().getPrincipal() instanceof final User organisation) { - organisationName = organisation.getUsername(); - } - if (organisationName == null) { - LOGGER.error("Unable to find client certificate, returning 500."); - createErrorResponse(response); - return; + if(soapConfiguration.getUseOrganisationFromRequest()) { + if (request.getAttribute(DEFAULT_REQUEST_ATTR_NAME) + instanceof final SecurityContext securityContext + && securityContext.getAuthentication().getPrincipal() instanceof final User organisation) { + organisationName = organisation.getUsername(); + } + if (organisationName == null) { + LOGGER.error("Unable to find client certificate, returning 500."); + createErrorResponse(response); + return; + } + } else { + organisationName = ""; } // Cache the incoming connection. diff --git a/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt b/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt index ebe4675..aa6cad9 100644 --- a/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt +++ b/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt @@ -18,6 +18,15 @@ class SoapConfigurationProperties( * Timeouts for specific functions. */ val customTimeouts: Map = emptyMap(), + /** + * TODO Can we search for certificates on both sides + * + * Property to not set common name based on the organisation on requests published to Kafka. + * + * This makes it so the other listening proxy doesn't search for certificates by [org.gxf.soapbridge.valueobjects.ProxyServerRequestMessage.commonName]. + * Instead, the other proxy will generate a new ssl context. + */ + val useOrganisationFromRequest: Boolean = true, val callEndpoint: SoapEndpointConfiguration, ) From 135e3d75a2f61dc935cd23703fc33bff2757c29d Mon Sep 17 00:00:00 2001 From: Jasper Kamerling Date: Thu, 23 Nov 2023 15:20:47 +0100 Subject: [PATCH 2/3] FDP-94: Fix unit test Signed-off-by: Jasper Kamerling --- .../java/org/gxf/soapbridge/soap/clients/SoapClientTest.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/application/src/test/java/org/gxf/soapbridge/soap/clients/SoapClientTest.java b/application/src/test/java/org/gxf/soapbridge/soap/clients/SoapClientTest.java index 0340a52..30aa572 100644 --- a/application/src/test/java/org/gxf/soapbridge/soap/clients/SoapClientTest.java +++ b/application/src/test/java/org/gxf/soapbridge/soap/clients/SoapClientTest.java @@ -37,6 +37,7 @@ class SoapClientTest { HostnameVerificationStrategy.BROWSER_COMPATIBLE_HOSTNAMES, 45, new HashMap<>(), + true, new SoapEndpointConfiguration("localhost", 443, "https")); @InjectMocks SoapClient soapClient; @@ -61,7 +62,7 @@ void shouldSendSoapRequestAndKafkaResponse() throws Exception { } @Test - void shoudDisconnectWhenSoapRequestFails() throws Exception { + void shouldDisconnectWhenSoapRequestFails() throws Exception { // arrange final HttpsURLConnection connection = setupFailingConnectionMock(); Mockito.when( From 47e483883dc1562299f12577572f34d30bc3f592 Mon Sep 17 00:00:00 2001 From: Jasper Kamerling Date: Thu, 23 Nov 2023 15:36:02 +0100 Subject: [PATCH 3/3] FDP-94: Update comment Signed-off-by: Jasper Kamerling --- .../configuration/properties/SoapConfigurationProperties.kt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt b/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt index aa6cad9..60e1968 100644 --- a/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt +++ b/application/src/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt @@ -21,9 +21,9 @@ class SoapConfigurationProperties( /** * TODO Can we search for certificates on both sides * - * Property to not set common name based on the organisation on requests published to Kafka. + * Property to set common name based on the organisation on requests published to Kafka. * - * This makes it so the other listening proxy doesn't search for certificates by [org.gxf.soapbridge.valueobjects.ProxyServerRequestMessage.commonName]. + * If set to false the other listening proxy doesn't search for certificates by [org.gxf.soapbridge.valueobjects.ProxyServerRequestMessage.commonName]. * Instead, the other proxy will generate a new ssl context. */ val useOrganisationFromRequest: Boolean = true,