Merge pull request #11 from WorldHealthOrganization/feature/tng-dev-c…

…onnection

Feature/tng dev connection

.gitignore

@@ -50,3 +50,10 @@ pom.xml.versionsBackup
 
 ### Helm Charts ###
 Chart.lock
+
+### Certificates
+*.pem
+*.cer
+*.key
+*.p12
+*.jks

certs/PlaceYourGatewayAccessKeysHere.md

@@ -5,3 +5,27 @@ If you want to run the key distribution service via the given docker-compose fil
 in the [docker-compose.yml](../docker-compose.yml) file.
 
 Further information can be found in the [README](../README.md)
+
+# How to use participants key material to access TNG
+
+Copy the TLS.pem, TLS.key and CA.pem from your participant onboarding repository to this /certs folder.
+
+Create a JKS TrustStore from the CA.pem:
+
+R3 of the URL cert export (keystore explorer):
+
+```
+keytool -importcert -alias tng-tls-server-certificate -file R3.cer -keystore tng_tls_server_truststore.p12 -storepass dgcg-p4ssw0rd -storetype jks
+```
+
+Create a Trustanchor store from TNG TrustAnchor.pem:
+
+```
+keytool -importcert -alias trustanchor -file TA_CA.pem -keystore trustanchor_store.jks -storepass dgcg-p4ssw0rd -storetype jks
+```
+
+Create a pkcs12 KeyStore from the TLS.pem and TLS.key:
+
+```
+openssl pkcs12 -export -out tls_key_store.p12 -inkey TLS.key -in TLS.pem -passout pass:dgcg-p4ssw0rd -name clientcredentials
+```

pom.xml

@@ -230,6 +230,11 @@
   </dependencyManagement>
 
   <dependencies>
+    <dependency>
+      <groupId>eu.europa.ec.dgc</groupId>
+      <artifactId>ddcc-gateway-lib</artifactId>
+      <version>2.0.1</version>
+    </dependency>
     <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter</artifactId>

src/main/java/tng/trustnetwork/keydistribution/mapper/IssuerMapper.java

@@ -20,12 +20,12 @@
 
 package tng.trustnetwork.keydistribution.mapper;
 
+import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer;
 import java.util.List;
 import org.mapstruct.Mapper;
 import org.mapstruct.Mapping;
 import tng.trustnetwork.keydistribution.dto.TrustedIssuerDto;
 import tng.trustnetwork.keydistribution.entity.TrustedIssuerEntity;
-import tng.trustnetwork.keydistribution.model.TrustedIssuer;
 
 @Mapper(componentModel = "spring")
 public interface IssuerMapper {

src/main/java/tng/trustnetwork/keydistribution/restapi/controller/ContextController.java

@@ -80,7 +80,7 @@ public ResponseEntity<String> getContext() {
             String context = null;
 
             if (properties.getContext().isEmpty()) {
-                Resource resource = new ClassPathResource("/static/context.json");
+                Resource resource = new ClassPathResource("/static/context.json");//TODO: cleanup EU context information
                 context = IOUtils.toString(resource.getInputStream(), StandardCharsets.UTF_8);
             } else {
                 context = properties.getContext();

src/main/java/tng/trustnetwork/keydistribution/service/SignerCertificateDownloadServiceImpl.java

@@ -20,14 +20,16 @@
 
 package tng.trustnetwork.keydistribution.service;
 
+import eu.europa.ec.dgc.gateway.connector.DgcGatewayDownloadConnector;
+import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import net.javacrumbs.shedlock.spring.annotation.SchedulerLock;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Profile;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Component;
-import tng.trustnetwork.keydistribution.model.TrustListItem;
 
 /**
  * A service to download the signer certificates from the digital green certificate gateway.
@@ -36,10 +38,10 @@
 @RequiredArgsConstructor
 @Component
 @Profile("!btp")
+//@ConditionalOnProperty("dgc.gateway.connector.enabled")
 public class SignerCertificateDownloadServiceImpl implements SignerCertificateDownloadService {
 
-    DummyDownloadConnector dummyDownloadConnector = new DummyDownloadConnector();
-
+    private final DgcGatewayDownloadConnector dgcGatewayConnector;
     private final SignerInformationService signerInformationService;
 
     @Override
@@ -49,8 +51,7 @@ public class SignerCertificateDownloadServiceImpl implements SignerCertificateDo
     public void downloadCertificates() {
         log.info("Certificates download started");
 
-        // TODO Dummy
-        List<TrustListItem> trustedCerts = dummyDownloadConnector.getTrustedCertificates();
+        List<TrustListItem> trustedCerts = dgcGatewayConnector.getTrustedCertificates();
 
         signerInformationService.updateTrustedCertsList(trustedCerts);
 

src/main/java/tng/trustnetwork/keydistribution/service/SignerInformationService.java

@@ -20,6 +20,7 @@
 
 package tng.trustnetwork.keydistribution.service;
 
+import eu.europa.ec.dgc.gateway.connector.model.TrustListItem;
 import java.time.ZonedDateTime;
 import java.util.ArrayList;
 import java.util.List;
@@ -31,7 +32,6 @@
 import org.springframework.stereotype.Component;
 import org.springframework.transaction.annotation.Transactional;
 import tng.trustnetwork.keydistribution.entity.SignerInformationEntity;
-import tng.trustnetwork.keydistribution.model.TrustListItem;
 import tng.trustnetwork.keydistribution.repository.SignerInformationRepository;
 import tng.trustnetwork.keydistribution.restapi.dto.CertificatesLookupResponseItemDto;
 import tng.trustnetwork.keydistribution.restapi.dto.DeltaListDto;

src/main/java/tng/trustnetwork/keydistribution/service/TrustedIssuerDownloadServiceImpl.java

@@ -20,8 +20,8 @@
 
 package tng.trustnetwork.keydistribution.service;
 
-import java.util.ArrayList;
-import java.util.Collections;
+import eu.europa.ec.dgc.gateway.connector.DgcGatewayTrustedIssuerDownloadConnector;
+import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer;
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
@@ -30,7 +30,6 @@
 import org.springframework.context.annotation.Profile;
 import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.stereotype.Component;
-import tng.trustnetwork.keydistribution.model.TrustedIssuer;
 
 /**
  * A service to download the signer certificates from the digital green certificate gateway.
@@ -42,7 +41,7 @@
 @ConditionalOnProperty("dgc.trustedIssuerDownloader.enabled")
 public class TrustedIssuerDownloadServiceImpl implements TrustedIssuerDownloadService {
 
-    DummyDownloadConnector dummyDownloadConnector = new DummyDownloadConnector();
+    private final DgcGatewayTrustedIssuerDownloadConnector downloadConnector;
     private final TrustedIssuerService trustedIssuerService;
 
     @Override
@@ -52,7 +51,7 @@ public class TrustedIssuerDownloadServiceImpl implements TrustedIssuerDownloadSe
     public void downloadTrustedIssuers() {
         log.info("Trusted issuers download started");
 
-        List<TrustedIssuer> trustedIssuers = dummyDownloadConnector.getTrustedIssuers();
+        List<TrustedIssuer> trustedIssuers = downloadConnector.getTrustedIssuers();
 
         trustedIssuerService.updateTrustedIssuersList(trustedIssuers);