Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Chore: Update CWA-Parent to 2.0.2 #143

Merged
merged 9 commits into from
Mar 16, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 0 additions & 34 deletions .github/workflows/ci-dependency-check.yml

This file was deleted.

2 changes: 1 addition & 1 deletion .github/workflows/ci-master.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
restore-keys: ${{ env.cache-name }}-
- uses: actions/setup-java@v1
with:
java-version: 11
java-version: 17
- name: environment
run: |
sudo apt-get install --yes --no-install-recommends libxml-xpath-perl
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/ci-pull-request.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
restore-keys: ${{ env.cache-name }}-
- uses: actions/setup-java@v1
with:
java-version: 11
java-version: 17
- name: mvn package
run: mvn --batch-mode package
env:
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM gcr.io/distroless/java-debian10:11
FROM gcr.io/distroless/java17-debian11
COPY target/*.jar app.jar
COPY scripts/Dpkg.java Dpkg.java
RUN ["java", "Dpkg.java"]
Expand Down
2 changes: 1 addition & 1 deletion pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
<parent>
<groupId>app.coronawarn</groupId>
<artifactId>cwa-parent</artifactId>
<version>1.8</version>
<version>2.0.2</version>
<relativePath/>
</parent>

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,9 +23,9 @@

import app.coronawarn.testresult.config.TestResultConfig;
import app.coronawarn.testresult.entity.TestResultEntity;
import jakarta.transaction.Transactional;
import java.time.LocalDateTime;
import java.time.Period;
import javax.transaction.Transactional;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import net.javacrumbs.shedlock.spring.annotation.SchedulerLock;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import javax.validation.Valid;
import javax.validation.constraints.NotNull;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotNull;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.MediaType;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,25 @@
package app.coronawarn.testresult.config;

import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.SecurityFilterChain;

@Configuration
@ConditionalOnProperty(name = "server.ssl.client-auth", havingValue = "none", matchIfMissing = true)
public class LocalSecurityConfig extends WebSecurityConfigurerAdapter {
public class LocalSecurityConfig {

@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* SecurityFilterChain.
*
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.authorizeHttpRequests()
.anyRequest().permitAll()
.and().csrf().disable();
return http.build();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -35,9 +35,9 @@
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.preauth.x509.X509PrincipalExtractor;
import org.springframework.security.web.firewall.HttpFirewall;
import org.springframework.security.web.firewall.StrictHttpFirewall;
Expand All @@ -47,7 +47,7 @@
@Slf4j
@RequiredArgsConstructor
@ConditionalOnProperty(name = "server.ssl.client-auth", havingValue = "need")
public class MtlsSecurityConfig extends WebSecurityConfigurerAdapter {
public class MtlsSecurityConfig {

private final TestResultConfig testResultConfig;

Expand All @@ -61,23 +61,30 @@ protected HttpFirewall strictFirewall() {
return firewall;
}

@Override
protected void configure(HttpSecurity http) throws Exception {
/**
* SecurityFilterChain.
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.mvcMatchers("/api/**").authenticated().and()
.authorizeHttpRequests()
.requestMatchers("/api/**").authenticated().and()
.x509().x509PrincipalExtractor(new ThumbprintX509PrincipalExtractor()).userDetailsService(userDetailsService())
.and().authorizeRequests()
.mvcMatchers("/actuator/**").permitAll()
.and().authorizeHttpRequests()
.requestMatchers("/actuator/**").permitAll()
.anyRequest().denyAll()
.and().csrf().disable();
return http.build();
}

@Override
/**
* UserDetailsService.
*/
@Bean
public UserDetailsService userDetailsService() {
return hash -> {
boolean allowed = Stream.of(testResultConfig.getAllowedClientCertificates()
.split(","))
.split(","))
.map(String::trim)
.anyMatch(entry -> entry.equalsIgnoreCase(hash));

Expand All @@ -97,7 +104,7 @@ public Object extractPrincipal(X509Certificate x509Certificate) {

try {
String hash = DigestUtils.sha256Hex(x509Certificate.getEncoded());
log.debug("Accessed by Subject {} Hash {}",x509Certificate.getSubjectDN().getName(), hash);
log.debug("Accessed by Subject {} Hash {}", x509Certificate.getSubjectX500Principal().getName(), hash);
return hash;
} catch (CertificateEncodingException e) {
log.error("Failed to extract bytes from certificate");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,26 +21,28 @@

package app.coronawarn.testresult.entity;

import jakarta.persistence.Column;
import jakarta.persistence.Entity;
import jakarta.persistence.EntityListeners;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;
import jakarta.persistence.Table;
import jakarta.persistence.Version;
import java.time.LocalDateTime;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.EntityListeners;
import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import javax.persistence.Version;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter;
import org.springframework.data.annotation.CreatedDate;
import org.springframework.data.annotation.LastModifiedDate;
import org.springframework.data.jpa.domain.support.AuditingEntityListener;

/**
* This class represents the test result entity.
*/
@Data
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Entity
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@

package app.coronawarn.testresult.exception;

import javax.validation.ConstraintViolationException;
import jakarta.validation.ConstraintViolationException;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.MethodArgumentNotValidException;
Expand Down
14 changes: 8 additions & 6 deletions src/main/java/app/coronawarn/testresult/model/PocNatResult.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@

package app.coronawarn.testresult.model;

import static io.swagger.v3.oas.annotations.media.Schema.RequiredMode.REQUIRED;

import io.swagger.v3.oas.annotations.media.Schema;
import javax.validation.constraints.Max;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import jakarta.validation.constraints.Max;
import jakarta.validation.constraints.Min;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Pattern;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
Expand Down Expand Up @@ -65,7 +67,7 @@ public class PocNatResult {
@Min(10)
@Max(14)
@NotNull
@Schema(description = "the result of the PoC-NAT", required = true)
@Schema(description = "the result of the PoC-NAT", requiredMode = REQUIRED)
private Integer result;

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@

package app.coronawarn.testresult.model;

import static io.swagger.v3.oas.annotations.media.Schema.RequiredMode.REQUIRED;

import com.fasterxml.jackson.annotation.JsonInclude;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull;
import java.util.List;
import javax.validation.Valid;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
Expand All @@ -53,15 +55,15 @@ public class PocNatResultList {
*/
@NotNull
@NotEmpty
@Schema(description = "array of PoC-NAT results", required = true)
@Schema(description = "array of PoC-NAT results", requiredMode = REQUIRED)
private List<@Valid PocNatResult> testResults;

/**
* The labId of the uploader.
*/
@Schema(description = "The id that identifies a lab. Every lab can choose its own labid, "
+ "but it must be unique over all labs, should be generated once via cryptographic hash function",
required = true, maxLength = 64)
requiredMode = REQUIRED, maxLength = 64)
@JsonInclude(JsonInclude.Include.NON_NULL)
private String labId;
}
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@

package app.coronawarn.testresult.model;

import static io.swagger.v3.oas.annotations.media.Schema.RequiredMode.REQUIRED;

import io.swagger.v3.oas.annotations.media.Schema;
import javax.validation.constraints.Max;
import javax.validation.constraints.Min;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import jakarta.validation.constraints.Max;
import jakarta.validation.constraints.Min;
import jakarta.validation.constraints.NotBlank;
import jakarta.validation.constraints.NotNull;
import jakarta.validation.constraints.Pattern;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
Expand Down Expand Up @@ -65,7 +67,7 @@ public class QuickTestResult {
@Min(5)
@Max(9)
@NotNull
@Schema(description = "the result of the rapid antigen test", required = true)
@Schema(description = "the result of the rapid antigen test", requiredMode = REQUIRED)
private Integer result;

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,12 +21,14 @@

package app.coronawarn.testresult.model;

import static io.swagger.v3.oas.annotations.media.Schema.RequiredMode.REQUIRED;

import com.fasterxml.jackson.annotation.JsonInclude;
import io.swagger.v3.oas.annotations.media.Schema;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull;
import java.util.List;
import javax.validation.Valid;
import javax.validation.constraints.NotEmpty;
import javax.validation.constraints.NotNull;
import lombok.EqualsAndHashCode;
import lombok.Getter;
import lombok.Setter;
Expand All @@ -51,15 +53,15 @@ public class QuickTestResultList {
*/
@NotNull
@NotEmpty
@Schema(description = "array of rapid antingen test results", required = true)
@Schema(description = "array of rapid antingen test results", requiredMode = REQUIRED)
private List<@Valid QuickTestResult> testResults;

/**
* The labId of the uploader.
*/
@Schema(description = "The id that identifies a lab. Every lab can choose its own labid, "
+ "but it must be unique over all labs, should be generated once via cryptographic hash function",
required = true, maxLength = 64)
requiredMode = REQUIRED, maxLength = 64)
@JsonInclude(JsonInclude.Include.NON_NULL)
private String labId;
}
Loading