Merge pull request #135 from Fraunhofer-AISEC/release/7.1.0

Release 7.1.0

Author: milux

.github/dependabot.yml

@@ -1,3 +1,4 @@
+version: 2
 updates:
   - package-ecosystem: "npm"
     directory: "/"

build.gradle.kts

@@ -25,9 +25,9 @@ licenseReport {
 
 allprojects {
     group = "de.fhg.aisec.ids"
-    version = "7.0.0"
+    version = "7.1.0"
 
-    val versionRegex = ".*(rc-?[0-9]*|beta)$".toRegex(RegexOption.IGNORE_CASE)
+    val versionRegex = ".*(rc-?[0-9]*|beta|-b.+)$".toRegex(RegexOption.IGNORE_CASE)
 
     tasks.withType<DependencyUpdatesTask> {
         rejectVersionIf {

camel-processors/src/main/kotlin/de/fhg/aisec/ids/camel/processors/multipart/CertExposingHttpClientConfigurer.kt

@@ -19,8 +19,7 @@
  */
 package de.fhg.aisec.ids.camel.processors.multipart
 
-import com.google.common.collect.MapMaker
-import de.fhg.aisec.ids.idscp2.daps.aisecdaps.AisecDapsDriver.Companion.toHexString
+import de.fhg.aisec.ids.idscp2.api.sha256Fingerprint
 import org.apache.camel.component.http.HttpClientConfigurer
 import org.apache.http.HttpResponse
 import org.apache.http.conn.ManagedHttpClientConnection
@@ -29,8 +28,6 @@ import org.apache.http.protocol.HttpCoreContext
 import org.slf4j.Logger
 import org.slf4j.LoggerFactory
 import org.springframework.stereotype.Component
-import java.security.MessageDigest
-import java.security.cert.Certificate
 
 @Component("certExposingHttpClientConfigurer")
 class CertExposingHttpClientConfigurer : HttpClientConfigurer {
@@ -39,11 +36,10 @@ class CertExposingHttpClientConfigurer : HttpClientConfigurer {
             val routedConnection = context.getAttribute(HttpCoreContext.HTTP_CONNECTION) as ManagedHttpClientConnection
             routedConnection.sslSession?.let { sslSession ->
                 val certs = sslSession.peerCertificates
-                val certHash = MessageDigest.getInstance("SHA-256").digest(certs[0].encoded).toHexString().lowercase()
-                certificateMap += certHash to certs
+                val certHash = certs[0].sha256Fingerprint
                 response.setHeader(SERVER_CERTIFICATE_HASH_HEADER, certHash)
                 if (LOG.isDebugEnabled) {
-                    LOG.debug("Captured server certificate with SHA256 fingerprint $certHash.")
+                    LOG.debug("Observed server certificate with SHA256 fingerprint $certHash.")
                 }
             }
         }
@@ -52,6 +48,5 @@ class CertExposingHttpClientConfigurer : HttpClientConfigurer {
     companion object {
         val LOG: Logger = LoggerFactory.getLogger(CertExposingHttpClientConfigurer::class.java)
         const val SERVER_CERTIFICATE_HASH_HEADER = "ServerCertificateHash"
-        val certificateMap: MutableMap<String, Array<Certificate>> = MapMaker().weakKeys().makeMap()
     }
 }

camel-processors/src/main/kotlin/de/fhg/aisec/ids/camel/processors/multipart/IdsMultiPartInputProcessor.kt

@@ -22,6 +22,7 @@ package de.fhg.aisec.ids.camel.processors.multipart
 import de.fhg.aisec.ids.api.contracts.ContractUtils.SERIALIZER
 import de.fhg.aisec.ids.camel.processors.UsageControlMaps
 import de.fhg.aisec.ids.idscp2.api.drivers.DapsDriver
+import de.fhg.aisec.ids.idscp2.api.sha256Fingerprint
 import de.fraunhofer.iais.eis.Message
 import org.apache.camel.Exchange
 import org.apache.camel.Processor
@@ -33,8 +34,6 @@ import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
 import org.springframework.stereotype.Component
 import java.io.InputStream
-import java.security.cert.Certificate
-import java.security.cert.X509Certificate
 import javax.net.ssl.SSLPeerUnverifiedException
 import javax.net.ssl.SSLSession
 
@@ -62,32 +61,31 @@ class IdsMultiPartInputProcessor : Processor {
             val dat = idsHeader.securityToken?.tokenValue ?: throw RuntimeException("No DAT provided!")
 
             dapsBeanName?.let { dapsBeanName ->
-                val peerCertificates: Array<Certificate> = if (message.headers.containsKey("CamelHttpServletRequest")) {
+                val peerCertificateHash: String = if (message.headers.containsKey("CamelHttpServletRequest")) {
                     // Assume server-side REST endpoint.
                     // Try to extract certificates from CamelHttpServletRequest reference.
                     val request = message.headers["CamelHttpServletRequest"] as Request
                     val sslSession = request.getAttribute("org.eclipse.jetty.servlet.request.ssl_session") as SSLSession
                     try {
-                        sslSession.peerCertificates
+                        sslSession.peerCertificates[0].sha256Fingerprint
                     } catch (e: SSLPeerUnverifiedException) {
                         LOG.error("Client didn't provide a certificate!")
                         throw e
                     }
                 } else {
                     // Assume client-side HTTPS request.
-                    // Try to obtain Certificates extracted by CertExposingHttpClientConfigurer.
-                    message.headers[CertExposingHttpClientConfigurer.SERVER_CERTIFICATE_HASH_HEADER]?.let { hash ->
-                        CertExposingHttpClientConfigurer.certificateMap[hash]
-                    } ?: throw RuntimeException(
-                        "Could not obtain server TLS certificate! Has CertExposingHttpClientConfigurer been invoked?"
-                    )
+                    // Try to obtain Certificate hash extracted by CertExposingHttpClientConfigurer.
+                    message.headers[CertExposingHttpClientConfigurer.SERVER_CERTIFICATE_HASH_HEADER]?.toString()
+                        ?: throw RuntimeException(
+                            "Could not obtain server TLS certificate! Has CertExposingHttpClientConfigurer been invoked?"
+                        )
                 }
                 if (LOG.isTraceEnabled) {
-                    LOG.trace("Peer Certificates: {}", peerCertificates)
+                    LOG.trace("Peer Certificate hash: {}", peerCertificateHash)
                 }
                 val daps = beanFactory.getBean(dapsBeanName, DapsDriver::class.java)
                 try {
-                    val verifiedDat = daps.verifyToken(dat.toByteArray(), peerCertificates[0] as X509Certificate)
+                    val verifiedDat = daps.verifyToken(dat.toByteArray(), peerCertificateHash)
                     // Save exchange peer identity for contract association
                     UsageControlMaps.setExchangePeerIdentity(exchange, verifiedDat.identity)
                     // Save effective transfer contract for peer

camel-processors/src/main/kotlin/de/fhg/aisec/ids/idscp2/beans/AisecDapsDriverFactoryBean.kt

@@ -19,7 +19,7 @@
  */
 package de.fhg.aisec.ids.idscp2.beans
 
-import de.fhg.aisec.ids.camel.idscp2.Idscp2Endpoint.Companion.applySslContextParameters
+import de.fhg.aisec.ids.camel.idscp2.applySslContextParameters
 import de.fhg.aisec.ids.idscp2.daps.aisecdaps.AisecDapsDriver
 import de.fhg.aisec.ids.idscp2.daps.aisecdaps.AisecDapsDriverConfig
 import de.fhg.aisec.ids.idscp2.daps.aisecdaps.SecurityRequirements
@@ -60,7 +60,7 @@ class AisecDapsDriverFactoryBean : FactoryBean<AisecDapsDriver> {
 
     var dapsSslParameters: SSLContextParameters
         set(value) {
-            applySslContextParameters(builder, value)
+            builder.applySslContextParameters(value)
         }
         get() = throw UnsupportedOperationException("set-only Builder method")
 

camel-processors/src/main/kotlin/de/fhg/aisec/ids/idscp2/beans/NativeTlsConfigurationBuilderFactoryBean.kt

@@ -19,7 +19,7 @@
  */
 package de.fhg.aisec.ids.idscp2.beans
 
-import de.fhg.aisec.ids.camel.idscp2.Idscp2Endpoint
+import de.fhg.aisec.ids.camel.idscp2.applySslContextParameters
 import de.fhg.aisec.ids.idscp2.defaultdrivers.securechannel.tls13.NativeTlsConfiguration
 import org.apache.camel.support.jsse.SSLContextParameters
 import org.springframework.beans.factory.FactoryBean
@@ -31,7 +31,7 @@ class NativeTlsConfigurationBuilderFactoryBean : FactoryBean<NativeTlsConfigurat
 
     var sslParameters: SSLContextParameters
         set(value) {
-            Idscp2Endpoint.applySslContextParameters(builder, value)
+            builder.applySslContextParameters(value)
         }
         get() = throw UnsupportedOperationException("set-only Builder method")
 

gradle/libs.versions.toml

@@ -1,12 +1,12 @@
 [versions]
-idscp2 = "0.16.1"
+idscp2 = "0.17.0"
 ktlint = "0.48.2"
 
 # Kotlin library/compiler version
 kotlin = "1.8.0"
 kotlinxCoroutines = "1.6.4"
 # HTTP client
-ktor = "2.2.2"
+ktor = "2.2.3"
 
 # The used version of the infomodel from IESE
 infomodel = "4.1.3"
@@ -23,7 +23,7 @@ influxDB = "2.23"
 guava = "31.1-jre"
 junit4 = "4.13.2"
 junit5 = "5.9.2"
-mockito = "5.0.0"
+mockito = "5.1.1"
 mapdb = "3.0.9"
 jnrunix = "0.38.19"
 protobuf = "3.21.12"
@@ -43,8 +43,8 @@ javaxJson = "1.1.4"
 dockerJavaApi = "0.0.13"
 
 # We will pull in a newer version of jackson because of security fixes
-jackson = "2.14.1"
-jacksonDatabind = "2.14.1"
+jackson = "2.14.2"
+jacksonDatabind = "2.14.2"
 
 orgJson = "20220320"
 
@@ -160,6 +160,6 @@ kotlin-jvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" }
 kotlin-plugin-spring = { id = "org.jetbrains.kotlin.plugin.spring", version.ref = "kotlin" }
 spotless = { id = "com.diffplug.spotless", version = "6.14.0" }
 licenseReport = { id = "com.github.jk1.dependency-license-report", version = "2.1" }
-versions = { id = "com.github.ben-manes.versions", version = "0.44.0" }
+versions = { id = "com.github.ben-manes.versions", version = "0.45.0" }
 buildconfig = { id = "com.github.gmazzo.buildconfig", version = "3.1.0" }
 node = { id = "com.github.node-gradle.node", version = "3.5.1" }