SAP
diff --git a/‎.github/dependabot.yaml‎
Lines changed: 7 additions & 0 deletions b/‎.github/dependabot.yaml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎.github/workflows/cache-maven-dependencies.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/cache-maven-dependencies.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/continuous-integration.yaml‎
Lines changed: 12 additions & 12 deletions b/‎.github/workflows/continuous-integration.yaml‎
Lines changed: 12 additions & 12 deletions
diff --git a/‎cloudplatform/connectivity-apache-httpclient5/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/ClientCertificateAuthenticationLocalTest.java‎
Lines changed: 16 additions & 8 deletions b/‎cloudplatform/connectivity-apache-httpclient5/src/test/java/com/sap/cloud/sdk/cloudplatform/connectivity/ClientCertificateAuthenticationLocalTest.java‎
Lines changed: 16 additions & 8 deletions
diff --git a/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/README.md‎
Lines changed: 103 additions & 9 deletions b/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/README.md‎
Lines changed: 103 additions & 9 deletions
diff --git a/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/client1.cer‎
716 Bytes b/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/client1.cer‎
716 Bytes
diff --git a/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/client1.jks‎
2.02 KB b/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/client1.jks‎
2.02 KB
diff --git a/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/client1.p12‎
2.51 KB b/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/client1.p12‎
2.51 KB
diff --git a/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/server.jks‎
2.06 KB b/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/server.jks‎
2.06 KB
diff --git a/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/truststore.jks‎
1.07 KB b/‎cloudplatform/connectivity-apache-httpclient5/src/test/resources/ClientCertificateAuthenticationLocalTest/certs/truststore.jks‎
1.07 KB
@@ -30,6 +30,10 @@ updates:
       test:
         dependency-type: "development"
     ignore:
+      - dependency-name: "org.springframework.boot:*"
+        versions: [ ">=4.0.0" ]
+      - dependency-name: "org.springframework:*"
+        versions: [ ">=7.0.0" ]
       # updating leads to ignoring our formatting rules
       - dependency-name: 'net.revelc.code.formatter:formatter-maven-plugin'
       # updating leads to unintended formatting of POM files
@@ -45,6 +49,9 @@ updates:
         versions: ['3.6.1', '3.6.2']
       - dependency-name: 'com.sap.cloud.security:env'
         versions: ['3.6.1', '3.6.2']
+      # needs Java 21
+      - dependency-name: 'com.puppycrawl.tools:checkstyle'
+        versions: [ ">=13.0.0" ]
 
   # archetype updates
   # Dependabot seems to be unable to handle those, so this is disabled for now
 
@@ -39,7 +39,7 @@ jobs:
           GH_TOKEN: ${{ secrets.BOT_SDK_JS_FOR_DOCS_REPO_PR }}
 
       - name: "Cache Dependencies"
-        uses: actions/cache/save@v4
+        uses: actions/cache/save@v5
         with:
           path: ${{ env.MAVEN_CACHE_DIR }}
           key: ${{ env.MAVEN_CACHE_KEY }}
@@ -120,7 +120,7 @@ jobs:
 
       - name: "Restore Dependencies"
         id: restore-dependencies
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           key: ${{ env.MAVEN_CACHE_KEY }}
           path: ${{ env.MAVEN_CACHE_DIR }}
@@ -143,14 +143,14 @@ jobs:
           fi
 
       - name: "Upload SDK M2"
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ env.SDK_M2_NAME }}
           path: ${{ env.SDK_M2_PATH }}
           retention-days: 1
 
       - name: "Upload SDK Targets"
-        uses: actions/upload-artifact@v5
+        uses: actions/upload-artifact@v6
         with:
           name: ${{ env.SDK_TARGETS_NAME }}
           path: ${{ env.SDK_TARGETS_PATH }}
@@ -174,19 +174,19 @@ jobs:
 
       - name: "Restore Dependencies"
         id: restore-dependencies
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           key: ${{ env.MAVEN_CACHE_KEY }}
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK M2"
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         with:
           name: ${{ env.SDK_M2_NAME }}
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK Targets"
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         with:
           name: ${{ env.SDK_TARGETS_NAME }}
 
@@ -235,19 +235,19 @@ jobs:
 
       - name: "Restore Dependencies"
         id: restore-dependencies
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           key: ${{ env.MAVEN_CACHE_KEY }}
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK M2"
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         with:
           name: ${{ env.SDK_M2_NAME }}
           path: ${{ env.M2_ROOT }}
 
       - name: "Restore SDK Targets"
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         with:
           name: ${{ env.SDK_TARGETS_NAME }}
 
@@ -276,7 +276,7 @@ jobs:
 
       - name: "Restore Dependencies"
         id: restore-dependencies
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           key: ${{ env.MAVEN_CACHE_KEY }}
           path: ${{ env.MAVEN_CACHE_DIR }}
@@ -319,13 +319,13 @@ jobs:
 
       - name: "Restore Dependencies"
         id: restore-dependencies
-        uses: actions/cache/restore@v4
+        uses: actions/cache/restore@v5
         with:
           key: ${{ env.MAVEN_CACHE_KEY }}
           path: ${{ env.MAVEN_CACHE_DIR }}
 
       - name: "Restore SDK M2"
-        uses: actions/download-artifact@v6
+        uses: actions/download-artifact@v7
         with:
           name: ${{ env.SDK_M2_NAME }}
           path: ${{ env.M2_ROOT }}
 
@@ -37,9 +37,14 @@
 
 class ClientCertificateAuthenticationLocalTest
 {
-    private static final String CCA_PASSWORD = "cca-password";
-    private static final String JKS_PATH =
-        "src/test/resources/" + ClientCertificateAuthenticationLocalTest.class.getSimpleName() + "/client-cert.pkcs12";
+    private static final String JKS_PREFIX =
+        "src/test/resources/" + ClientCertificateAuthenticationLocalTest.class.getSimpleName();
+    private static final String SERVER_TRUST_STORE = JKS_PREFIX + "/certs/truststore.jks";
+    private static final String SERVER_TRUST_STORE_PASS = "changeit";
+    private static final String SERVER_KEY_STORE = JKS_PREFIX + "/certs/server.jks";
+    private static final String SERVER_KEY_STORE_PASS = "changeit";
+    private static final String CLIENT_KEY_STORE = JKS_PREFIX + "/certs/client1.p12";
+    private static final String CLIENT_KEY_STORE_PASS = "changeit";
 
     @RegisterExtension
     static final WireMockExtension server =
@@ -71,7 +76,7 @@ void testClientCorrectlyConfigured()
                     .authenticationType(AuthenticationType.CLIENT_CERTIFICATE_AUTHENTICATION)
                     .proxyType(ProxyType.INTERNET)
                     .keyStore(getClientKeyStore())
-                    .keyStorePassword(CCA_PASSWORD)
+                    .keyStorePassword(CLIENT_KEY_STORE_PASS)
                     .trustAllCertificates()
                     .build());
 
@@ -82,7 +87,7 @@ void testClientCorrectlyConfigured()
 
         assertThat(context.getUserToken()).isNotNull();
         assertThat(context.getUserToken()).isInstanceOf(X500Principal.class);
-        assertThat(((X500Principal) context.getUserToken()).getName()).contains("CN=localhost");
+        assertThat(((X500Principal) context.getUserToken()).getName()).contains("CN=client1");
 
         // assert keystore methods have been used
         Mockito.verify(destination).getKeyStorePassword();
@@ -122,8 +127,11 @@ private static WireMockConfiguration buildWireMockConfiguration()
             .httpDisabled(true)
             .dynamicHttpsPort()
             .needClientAuth(true)
-            .trustStorePath(JKS_PATH)
-            .trustStorePassword(CCA_PASSWORD)
+            .keystorePath(SERVER_KEY_STORE)
+            .keystorePassword(SERVER_KEY_STORE_PASS)
+            .keyManagerPassword(SERVER_KEY_STORE_PASS)
+            .trustStorePath(SERVER_TRUST_STORE)
+            .trustStorePassword(SERVER_TRUST_STORE_PASS)
             .trustStoreType("JKS");
     }
 
@@ -134,7 +142,7 @@ private static KeyStore getClientKeyStore()
             NoSuchAlgorithmException
     {
         final KeyStore keyStore = KeyStore.getInstance("PKCS12");
-        keyStore.load(new FileInputStream(JKS_PATH), CCA_PASSWORD.toCharArray());
+        keyStore.load(new FileInputStream(CLIENT_KEY_STORE), CLIENT_KEY_STORE_PASS.toCharArray());
         return keyStore;
     }
 }
@@ -5,18 +5,112 @@ The credential files are generated from command line. This process can be automa
 
 ## CREATE CLIENT CREDENTIALS
 
-* Generate key pair
-  ```bash
-  openssl req -x509 -newkey rsa:2048 -utf8 -days 3650 -nodes -config client-cert.conf -keyout client-cert.key -out client-cert.crt
+* Client keystore
   ```
+  docker run --rm -v $(pwd)/certs:/certs eclipse-temurin:17-jre \
+   keytool -genkeypair \
+   -alias client1 \
+   -keyalg RSA \
+   -keysize 2048 \
+   -validity 3650 \
+   -storetype JKS \
+   -keystore /certs/client1.jks \
+   -storepass changeit \
+   -keypass changeit \
+   -dname "CN=client1"
+  ```
+
+  <details><summary>(Windows)</summary>
 
-* Generate _PKCS#12_ keystore
-  ```bash
-  openssl pkcs12 -export -inkey client-cert.key -in client-cert.crt -out client-cert.p12 -password "pass:cca-password"
+  ```
+  docker run --rm -v ${pwd}/certs:/certs eclipse-temurin:17-jre keytool -genkeypair -alias client1 -keyalg RSA -keysize 2048 -validity 3650 -storetype JKS -keystore /certs/client1.jks -storepass changeit -keypass changeit -dname "CN=client1"
   ```
 
-* Transform to JKS
+  </details>
+
+* Export client certificate
+  ```
+  docker run --rm -v $(pwd)/certs:/certs eclipse-temurin:17-jre \
+   keytool -exportcert \
+   -alias client1 \
+   -keystore /certs/client1.jks \
+   -storepass changeit \
+   -file /certs/client1.cer
+   ```
+
+  <details><summary>(Windows)</summary>
+
+  ```
+  docker run --rm -v ${pwd}/certs:/certs eclipse-temurin:17-jre keytool -exportcert -alias client1 -keystore /certs/client1.jks -storepass changeit -file /certs/client1.cer
+  ```
 
-  ```bash
-  keytool -importkeystore -deststorepass "cca-password" -destkeypass "cca-password" -srckeystore client-cert.p12 -srcstorepass "cca-password" -deststoretype pkcs12 -destkeystore client-cert.pkcs12
+  </details>
+
+* PKCS12 keystore for client
+
+  ```
+  docker run --rm -v $(pwd)/certs:/certs eclipse-temurin:17-jre \
+   keytool -importkeystore \
+   -srckeystore /certs/client1.jks \
+   -srcstoretype JKS \
+   -srcstorepass changeit \
+   -destkeystore /certs/client1.p12 \
+   -deststoretype PKCS12 \
+   -deststorepass changeit \
+   -destkeypass changeit
   ```
+
+  <details><summary>(Windows)</summary>
+
+  ```
+  docker run --rm -v ${pwd}/certs:/certs eclipse-temurin:17-jre keytool -importkeystore -srckeystore /certs/client1.jks -srcstoretype JKS -srcstorepass changeit -destkeystore /certs/client1.p12 -deststoretype PKCS12 -deststorepass changeit -destkeypass changeit
+  ```
+  
+  </details>
+
+
+## CREATE SERVER CREDENTIALS
+
+* Server keystore. Run once
+  ```
+  docker run --rm -v $(pwd)/certs:/certs eclipse-temurin:17-jre \
+   keytool -genkeypair \
+   -alias wiremock-server \
+   -keyalg RSA \
+   -keysize 2048 \
+   -validity 3650 \
+   -storetype JKS \
+   -keystore /certs/server.jks \
+   -storepass changeit \
+   -keypass changeit \
+   -dname "CN=localhost" \
+   -ext SAN=dns:localhost,ip:127.0.0.1
+   ```
+
+  <details><summary>(Windows)</summary>
+  
+  ```
+  docker run --rm -v ${pwd}/certs:/certs eclipse-temurin:17-jre keytool -genkeypair -alias wiremock-server -keyalg RSA -keysize 2048 -validity 3650 -storetype JKS -keystore /certs/server.jks -storepass changeit -keypass changeit -dname "CN=localhost" -ext SAN=dns:localhost,ip:127.0.0.1
+  ```
+  
+  </details>
+
+* Truststore for wiremock
+
+  ```
+  docker run --rm -v $(pwd)/certs:/certs eclipse-temurin:17-jre \
+   keytool -importcert \
+   -alias client1 \
+   -file /certs/client1.cer \
+   -keystore /certs/truststore.jks \
+   -storepass changeit \
+   -noprompt
+  ```
+
+  <details><summary>(Windows)</summary>
+
+  ```
+  docker run --rm -v ${pwd}/certs:/certs eclipse-temurin:17-jre keytool -importcert -alias client1 -file /certs/client1.cer -keystore /certs/truststore.jks -storepass changeit -noprompt
+  ```
+  
+  </details>