Skip to content

Commit

Permalink
Merge pull request eu-digital-green-certificates#97 from eu-digital-g…
Browse files Browse the repository at this point in the history
…reen-certificates/feat/update-dependencies

Update Dependencies
  • Loading branch information
f11h authored Oct 24, 2022
2 parents be85ebd + e98a054 commit bb41a6d
Show file tree
Hide file tree
Showing 35 changed files with 307 additions and 1,501 deletions.
14 changes: 7 additions & 7 deletions codestyle/checkstyle.xml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
<?xml version="1.0"?>
<!DOCTYPE module PUBLIC
"-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
"https://checkstyle.org/dtds/configuration_1_3.dtd">
"-//Checkstyle//DTD Checkstyle Configuration 1.3//EN"
"https://checkstyle.org/dtds/configuration_1_3.dtd">

<!--
Checkstyle configuration that checks the Google coding conventions from Google Java Style
Expand Down Expand Up @@ -215,10 +215,10 @@
<module name="Indentation">
<property name="basicOffset" value="4"/>
<property name="braceAdjustment" value="0"/>
<property name="caseIndent" value="2"/>
<property name="throwsIndent" value="2"/>
<property name="lineWrappingIndentation" value="2"/>
<property name="arrayInitIndent" value="2"/>
<property name="caseIndent" value="4"/>
<property name="throwsIndent" value="4"/>
<property name="lineWrappingIndentation" value="4"/>
<property name="arrayInitIndent" value="4"/>
</module>
<module name="AbbreviationAsWordInName">
<property name="ignoreFinal" value="false"/>
Expand Down Expand Up @@ -282,7 +282,7 @@
value="CLASS_DEF, INTERFACE_DEF, ENUM_DEF, METHOD_DEF, CTOR_DEF, VARIABLE_DEF"/>
</module>
<module name="JavadocMethod">
<property name="scope" value="public"/>
<property name="accessModifiers" value="public"/>
<property name="allowMissingParamTags" value="true"/>
<property name="allowMissingReturnTag" value="true"/>
<property name="allowedAnnotations" value="Override, Test"/>
Expand Down
8 changes: 8 additions & 0 deletions owasp/suppressions.xml
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,12 @@
<notes>H2 is not used by this project.</notes>
<cve>CVE-2021-23463</cve>
</suppress>
<suppress>
<notes>False Positive, Should match only up to 5.3.2 (excluding) but we have 5.6.3 </notes>
<cve>CVE-2020-5408</cve>
</suppress>
<suppress>
<notes>False Positive, Should match only up to 1.32 (excluding) but we have 1.33</notes>
<cve>CVE-2022-38752</cve>
</suppress>
</suppressions>
63 changes: 27 additions & 36 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -23,22 +23,21 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<!-- dependencies -->
<owasp.version>6.5.3</owasp.version>
<spring.boot.version>2.6.3</spring.boot.version>
<spring.cloud.version>3.1.0</spring.cloud.version>
<feign.version>11.7</feign.version>
<owasp.version>7.3.0</owasp.version>
<spring.boot.version>2.7.5</spring.boot.version>
<spring.cloud.version>3.1.4</spring.cloud.version>
<feign.version>11.10</feign.version>
<bcpkix.version>1.70</bcpkix.version>
<lombok.version>1.18.22</lombok.version>
<mapstruct.version>1.4.2.Final</mapstruct.version>
<lombok.version>1.18.24</lombok.version>
<mapstruct.version>1.5.3.Final</mapstruct.version>
<commonsio.version>2.11.0</commonsio.version>
<cbor.version>4.5.1</cbor.version>
<jackson.version>2.13.2</jackson.version>
<jackson.databind.version>2.13.2.1</jackson.databind.version>
<mockwebserver.version>4.9.3</mockwebserver.version>
<plugin.checkstyle.version>3.1.2</plugin.checkstyle.version>
<plugin.sonar.version>3.9.1.2184</plugin.sonar.version>
<plugin.surefire.version>3.0.0-M5</plugin.surefire.version>
<plugin.jacoco.version>0.8.7</plugin.jacoco.version>
<cbor.version>4.5.2</cbor.version>
<jackson.version>2.13.4</jackson.version>
<jackson.databind.version>2.13.4.2</jackson.databind.version>
<mockwebserver.version>4.10.0</mockwebserver.version>
<plugin.checkstyle.version>3.2.0</plugin.checkstyle.version>
<plugin.surefire.version>3.0.0-M7</plugin.surefire.version>
<plugin.jacoco.version>0.8.8</plugin.jacoco.version>

<!-- license -->
<license.projectName>EU Digital Green Certificate Gateway Service / dgc-lib</license.projectName>
Expand Down Expand Up @@ -74,9 +73,21 @@
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
<artifactId>spring-boot-starter-web</artifactId>
<version>${spring.boot.version}</version>
<optional>true</optional>
<exclusions>
<exclusion>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
</exclusion>
</exclusions>
</dependency>
<!-- Explicit inclusion of SnakeYaml because of CVE -->
<dependency>
<groupId>org.yaml</groupId>
<artifactId>snakeyaml</artifactId>
<version>1.33</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
Expand Down Expand Up @@ -149,24 +160,6 @@
<version>${mockwebserver.version}</version>
<scope>test</scope>
</dependency>
<!-- Explicit inclusion because of https://nvd.nist.gov/vuln/detail/CVE-2021-27568 -->
<dependency>
<groupId>net.minidev</groupId>
<artifactId>json-smart</artifactId>
<version>2.4.7</version>
<scope>test</scope>
</dependency>
<!-- Explicit inclusion because of https://nvd.nist.gov/vuln/detail/CVE-2021-22119 -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-crypto</artifactId>
<version>5.5.1</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>5.3.15</version>
</dependency>
</dependencies>

<build>
Expand All @@ -185,7 +178,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.8.1</version>
<version>3.10.1</version>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
Expand Down Expand Up @@ -242,8 +235,6 @@
<configuration>
<configLocation>codestyle/checkstyle.xml</configLocation>
<excludes>target/**/*</excludes>
<excludes>**/springbootworkaroundforks/*</excludes>
<encoding>UTF-8</encoding>
<consoleOutput>true</consoleOutput>
<failsOnError>true</failsOnError>
<violationSeverity>warning</violationSeverity>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -135,14 +135,14 @@ public boolean trustListItemSignedByCa(TrustListItemDto certificate, X509Certifi
}

public boolean trustListItemSignedByCa(TrustListItemDto certificate, Map<String,
List<X509CertificateHolder>> caMap) {
List<X509CertificateHolder>> caMap) {

X509CertificateHolder dcs;
try {
dcs = new X509CertificateHolder(Base64.getDecoder().decode(certificate.getRawData()));
} catch (IOException e) {
log.error("Could not parse certificate. KID: {}, Country: {}",
certificate.getKid(), certificate.getCountry());
certificate.getKid(), certificate.getCountry());
return false;
} catch (NullPointerException e) {
return false;
Expand All @@ -151,13 +151,13 @@ public boolean trustListItemSignedByCa(TrustListItemDto certificate, Map<String,
List<X509CertificateHolder> caList = caMap.get(dcs.getIssuer().toString());
if (caList == null) {
log.error("Failed to find issuer certificate from cert. KID: {}, Country: {}",
certificate.getKid(), certificate.getCountry());
certificate.getKid(), certificate.getCountry());
return false;
}

return caList
.stream()
.anyMatch(ca -> trustListItemSignedByCa(certificate, ca));
.stream()
.anyMatch(ca -> trustListItemSignedByCa(certificate, ca));
}

boolean checkTrustAnchorSignature(TrustListItemDto trustListItem, List<X509CertificateHolder> trustAnchors) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,8 +103,8 @@ private synchronized void updateIfRequired() {
trustedCscaCertificates = connectorUtils.fetchCertificatesAndVerifyByTrustAnchor(CertificateTypeDto.CSCA);
log.info("CSCA TrustStore contains {} trusted certificates.", trustedCscaCertificates.size());
trustedCscaCertificateMap = trustedCscaCertificates.stream()
.collect(Collectors.groupingBy((ca) -> ca.getSubject().toString(),
Collectors.mapping((ca) -> ca, Collectors.toList())));
.collect(Collectors.groupingBy((ca) -> ca.getSubject().toString(),
Collectors.mapping((ca) -> ca, Collectors.toList())));

trustedUploadCertificates =
connectorUtils.fetchCertificatesAndVerifyByTrustAnchor(CertificateTypeDto.UPLOAD);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,6 @@
import eu.europa.ec.dgc.gateway.connector.mapper.TrustListMapper;
import eu.europa.ec.dgc.gateway.connector.mapper.TrustedIssuerMapper;
import eu.europa.ec.dgc.gateway.connector.mapper.TrustedIssuerMapperImpl;
import eu.europa.ec.dgc.gateway.connector.springbootworkaroundforks.DgcFeignClientBuilder;
import eu.europa.ec.dgc.gateway.connector.springbootworkaroundforks.DgcFeignClientFactoryBean;
import eu.europa.ec.dgc.utils.CertificateUtils;
import feign.Client;
import feign.httpclient.ApacheHttpClient;
Expand Down Expand Up @@ -58,6 +56,8 @@
import org.apache.http.ssl.SSLContextBuilder;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.springframework.cloud.openfeign.FeignClientBuilder;
import org.springframework.cloud.openfeign.FeignClientFactoryBean;
import org.springframework.context.ApplicationContext;
import org.springframework.http.HttpHeaders;

Expand Down Expand Up @@ -287,9 +287,8 @@ public DgcGatewayDownloadConnector build() throws DgcGatewayDownloadConnectorBui
"Failed to create HTTP Client",
e);
}

DgcGatewayConnectorRestClient restClient = new DgcFeignClientBuilder(springBootContext)
.forType(DgcGatewayConnectorRestClient.class, new DgcFeignClientFactoryBean(), UUID.randomUUID().toString())
DgcGatewayConnectorRestClient restClient = new FeignClientBuilder(springBootContext)
.forType(DgcGatewayConnectorRestClient.class, new FeignClientFactoryBean(), UUID.randomUUID().toString())
.customize(builder -> builder.client(client))
.url(url)
.build();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,7 @@ public class DgcGatewayRevocationListDownloadConnector {
/**
* Gets a revocation list iterator, for partly downloading the revocation list.
* The if-modified-since header is set to the default value to start at the beginning of the list.
*
* @return revocation list iterator
*/
public DgcGatewayRevocationListDownloadIterator getRevocationListDownloadIterator() {
Expand All @@ -65,6 +66,7 @@ public DgcGatewayRevocationListDownloadIterator getRevocationListDownloadIterato
/**
* Gets a revocation list iterator, for partly downloading the revocation list.
* The if-modified-since header is set to the value of the parameter. Only newer part of the list are downloaded.
*
* @param ifModifiedSinceDate The value for the if-modified-since header
* @return revocation list iterator
*/
Expand All @@ -76,6 +78,7 @@ public DgcGatewayRevocationListDownloadIterator getRevocationListDownloadIterato

/**
* Gets the revocation list batch data for a given batchId.
*
* @param batchId the id of the batch to download.
* @return the batch data.
*/
Expand All @@ -90,7 +93,7 @@ public RevocationBatchDto getRevocationListBatchById(String batchId) throws Revo
log.error("Download of revocation list batch failed. DGCG responded with status code: {}", e.status());

if (e.status() == HttpStatus.GONE.value()) {
throw new RevocationBatchGoneException(String.format("Batch already gone: %s", batchId),batchId);
throw new RevocationBatchGoneException(String.format("Batch already gone: %s", batchId), batchId);
}

throw new RevocationBatchDownloadException("Batch download failed with exception.", e);
Expand All @@ -102,7 +105,7 @@ public RevocationBatchDto getRevocationListBatchById(String batchId) throws Revo

throw new RevocationBatchDownloadException(
String.format("Batch download failed with unexpected response. Response status code: %d", statusCode),
statusCode);
statusCode);
}

String cms = responseEntity.getBody();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public class DgcGatewayRevocationListUploadConnector {
private final DgcGatewayConnectorRestClient dgcGatewayConnectorRestClient;

private final DgcGatewayConnectorConfigProperties properties;

private final ObjectMapper objectMapper;

private final CertificateUtils certificateUtils;
Expand Down Expand Up @@ -111,12 +111,12 @@ void init() throws KeyStoreException, CertificateEncodingException, IOException
* @throws DgcRevocationBatchUploadException with detailed information why the upload has failed.
*/
public String uploadRevocationBatch(RevocationBatchDto revocationBatchDto)
throws DgcRevocationBatchUploadException, JsonProcessingException {
throws DgcRevocationBatchUploadException, JsonProcessingException {

objectMapper.registerModule(new JavaTimeModule());
String jsonString = objectMapper.writeValueAsString(revocationBatchDto);
String payload = new SignedStringMessageBuilder().withPayload(jsonString)
.withSigningCertificate(uploadCertificateHolder, uploadCertificatePrivateKey).buildAsString();
.withSigningCertificate(uploadCertificateHolder, uploadCertificatePrivateKey).buildAsString();

try {
ResponseEntity<Void> response = dgcGatewayConnectorRestClient.uploadBatch(payload);
Expand All @@ -132,7 +132,7 @@ public String uploadRevocationBatch(RevocationBatchDto revocationBatchDto)
} else if (e.status() == HttpStatus.UNAUTHORIZED.value() || e.status() == HttpStatus.FORBIDDEN.value()) {
log.error("Client is not authorized. (Invalid Client Certificate)");
throw new DgcRevocationBatchUploadException(
DgcRevocationBatchUploadException.Reason.INVALID_AUTHORIZATION);
DgcRevocationBatchUploadException.Reason.INVALID_AUTHORIZATION);
}
}
return null;
Expand All @@ -145,14 +145,14 @@ public String uploadRevocationBatch(RevocationBatchDto revocationBatchDto)
* @throws DgcRevocationBatchUploadException with detailed information why the delete has failed.
*/
public void deleteRevocationBatch(String batchId) throws DgcRevocationBatchUploadException,
JsonProcessingException {
JsonProcessingException {

RevocationBatchDeleteRequestDto deleteRequest = new RevocationBatchDeleteRequestDto();
deleteRequest.setBatchId(batchId);
String jsonString = objectMapper.writeValueAsString(deleteRequest);

String payload = new SignedStringMessageBuilder().withPayload(jsonString)
.withSigningCertificate(uploadCertificateHolder, uploadCertificatePrivateKey).buildAsString();
.withSigningCertificate(uploadCertificateHolder, uploadCertificatePrivateKey).buildAsString();

try {
ResponseEntity<Void> response = dgcGatewayConnectorRestClient.deleteBatch(payload);
Expand All @@ -167,7 +167,7 @@ public void deleteRevocationBatch(String batchId) throws DgcRevocationBatchUploa
} else if (e.status() == HttpStatus.UNAUTHORIZED.value() || e.status() == HttpStatus.FORBIDDEN.value()) {
log.error("Client is not authorized. (Invalid Client Certificate)");
throw new DgcRevocationBatchUploadException(
DgcRevocationBatchUploadException.Reason.INVALID_AUTHORIZATION);
DgcRevocationBatchUploadException.Reason.INVALID_AUTHORIZATION);

} else if (e.status() == HttpStatus.NOT_FOUND.value()) {
log.info("ValidationRules with ID {} does not exists on DGCG", batchId);
Expand All @@ -181,8 +181,8 @@ private void handleBadRequest(FeignException e) throws DgcRevocationBatchUploadE
ProblemReportDto problemReport = objectMapper.readValue(e.contentUTF8(), ProblemReportDto.class);

throw new DgcRevocationBatchUploadException(DgcRevocationBatchUploadException.Reason.INVALID_BATCH,
String.format("%s: %s, %s", problemReport.getCode(), problemReport.getProblem(),
problemReport.getDetails()));
String.format("%s: %s, %s", problemReport.getCode(), problemReport.getProblem(),
problemReport.getDetails()));
} catch (JsonProcessingException jsonException) {
throw new DgcRevocationBatchUploadException(DgcRevocationBatchUploadException.Reason.UNKNOWN_ERROR);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,9 +42,9 @@

@ConditionalOnProperty("dgc.gateway.connector.enabled")
@FeignClient(
name = "dgc-gateway-connector",
url = "${dgc.gateway.connector.endpoint}",
configuration = DgcGatewayConnectorRestClientConfig.class
name = "dgc-gateway-connector",
url = "${dgc.gateway.connector.endpoint}",
configuration = DgcGatewayConnectorRestClientConfig.class
)
public interface DgcGatewayConnectorRestClient {

Expand Down Expand Up @@ -130,7 +130,7 @@ public interface DgcGatewayConnectorRestClient {
*/
@GetMapping(value = "/revocation-list", produces = MediaType.APPLICATION_JSON_VALUE)
ResponseEntity<RevocationBatchListDto> downloadRevocationList(
@RequestHeader(HttpHeaders.IF_MODIFIED_SINCE) String lastUpdate);
@RequestHeader(HttpHeaders.IF_MODIFIED_SINCE) String lastUpdate);

/**
* Downloads a batch of the revocation list.
Expand Down
Loading

0 comments on commit bb41a6d

Please sign in to comment.