Preparation for additional Request Header send to UBirch with labId

Author: f11h

src/main/java/app/coronawarn/dcc/client/SigningApiClient.java

@@ -24,6 +24,7 @@
 import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestHeader;
 
 /**
  * This class represents the Verification Server Feign client.
@@ -44,5 +45,5 @@ public interface SigningApiClient {
     consumes = MediaType.TEXT_PLAIN_VALUE,
     produces = MediaType.APPLICATION_CBOR_VALUE
   )
-  byte[] sign(@RequestBody String hash);
+  byte[] sign(@RequestBody String hash, @RequestHeader("<<LAB ID REQUEST HEADER>>") String labId);
 }

src/main/java/app/coronawarn/dcc/client/SigningApiClientConfig.java

@@ -74,7 +74,7 @@ public Client signingApiClient() {
 
     List<BasicHeader> headers = new ArrayList<>();
 
-    if (config.getSigningApiServer().getApiKey() != null) {
+    if (!config.getSigningApiServer().getApiKey().isEmpty()) {
       headers.add(
         new BasicHeader(HttpHeaders.AUTHORIZATION, "Bearer " + config.getSigningApiServer().getApiKey()));
     }

src/main/java/app/coronawarn/dcc/service/DccService.java

@@ -58,7 +58,7 @@ public DccRegistration sign(DccRegistration registration) throws DccGenerateExce
       byte[] hashBytes = Hex.decode(registration.getDccHash());
       String hashBase64 = Base64.getEncoder().encodeToString(hashBytes);
 
-      coseBytes = callSigningApiWithRetry(hashBase64);
+      coseBytes = callSigningApiWithRetry(hashBase64, registration.getLabId());
     } catch (FeignException e) {
       log.error("Failed to sign DCC. Http Status Code: {}, Message: {}", e.status(), e.getMessage());
 
@@ -81,12 +81,12 @@ public DccRegistration sign(DccRegistration registration) throws DccGenerateExce
     return registration;
   }
 
-  private byte[] callSigningApiWithRetry(String hashBase64) {
+  private byte[] callSigningApiWithRetry(String hashBase64, String labId) {
     try {
-      return signingApiClient.sign(hashBase64);
+      return signingApiClient.sign(hashBase64, labId);
     } catch (FeignException e) {
       log.info("First try of calling Signing API failed. Status Code: {}, Message: {}", e.status(), e.getMessage());
-      return signingApiClient.sign(hashBase64);
+      return signingApiClient.sign(hashBase64, labId);
     }
   }
 

src/main/resources/application-cloud.yml

@@ -43,9 +43,9 @@ cwa:
       key-store-password: ${CWA_DCC_SIGNINGAPISERVER_KEYSTOREPASSWORD}
       trust-store-password: ${CWA_DCC_SIGNINGAPISERVER_TRUSTSTOREPASSWORD}
       trust-store-path: ${CWA_DCC_SIGNINGAPISERVER_TRUSTSTOREPATH}
-      api-key: ${CWA_DCC_SIGNINGAPISERVER_APIKEY}
+      api-key: ${CWA_DCC_SIGNINGAPISERVER_APIKEY:}
       verify-hostnames: true
-      connection-close-workaround: ${CWA_DCC_SIGNINGAPISERVER_CONNECTIONCLOSEWORKAROUND}
+      connection-close-workaround: ${CWA_DCC_SIGNINGAPISERVER_CONNECTIONCLOSEWORKAROUND:false}
     request:
       sizelimit: 10000
     entities:

src/test/java/app/coronawarn/dcc/controller/InternalDccControllerTest.java

@@ -103,7 +103,7 @@ void setup() {
     when(verificationServerClientMock.result(eq(registrationToken)))
       .thenReturn(new InternalTestResult(6, labId, testId, 0));
 
-    when(signingApiClientMock.sign(eq(dccHashBase64)))
+    when(signingApiClientMock.sign(eq(dccHashBase64), eq(labId)))
       .thenReturn(partialDcc);
   }
 
@@ -123,7 +123,7 @@ void testUploadDcc() throws Exception {
       .andExpect(status().isOk())
       .andExpect(jsonPath("$.partialDcc").value(equalTo(partialDccBase64)));
 
-    verify(signingApiClientMock).sign(eq(dccHashBase64));
+    verify(signingApiClientMock).sign(eq(dccHashBase64), eq(labId));
 
     Optional<DccRegistration> dccRegistration = dccRegistrationRepository.findByRegistrationToken(registrationTokenValue);
 
@@ -147,7 +147,7 @@ void testUploadDccFailedUnknownTestId() throws Exception {
     )
       .andExpect(status().isNotFound());
 
-    verify(signingApiClientMock, never()).sign(eq(dccHashBase64));
+    verify(signingApiClientMock, never()).sign(eq(dccHashBase64), eq(labId));
   }
 
   @Test
@@ -166,7 +166,7 @@ void testUploadDccFailedLabIdNotAssignedToPartner() throws Exception {
     )
       .andExpect(status().isForbidden());
 
-    verify(signingApiClientMock, never()).sign(eq(dccHashBase64));
+    verify(signingApiClientMock, never()).sign(eq(dccHashBase64), eq(labId));
   }
 
   @Test
@@ -186,7 +186,7 @@ void testUploadDccFailedAlreadyExists() throws Exception {
     )
       .andExpect(status().isConflict());
 
-    verify(signingApiClientMock, never()).sign(eq(dccHashBase64));
+    verify(signingApiClientMock, never()).sign(eq(dccHashBase64), eq(labId));
   }
 
   @Test
@@ -202,7 +202,7 @@ void testUploadDccFailedInvalidDCC() throws Exception {
     )
       .andExpect(status().isBadRequest());
 
-    verify(signingApiClientMock, never()).sign(eq(dccHashBase64));
+    verify(signingApiClientMock, never()).sign(eq(dccHashBase64), eq(labId));
   }
 
   @Test
@@ -218,7 +218,7 @@ void testUploadDccFailedInvalidDek() throws Exception {
     )
       .andExpect(status().isBadRequest());
 
-    verify(signingApiClientMock, never()).sign(eq(dccHashBase64));
+    verify(signingApiClientMock, never()).sign(eq(dccHashBase64), eq(labId));
   }
 
   @Test
@@ -228,7 +228,7 @@ void testUploadDccFailedBadResponseFromSignignAPI4xx() throws Exception {
     DccUploadRequest dccUploadRequest = new DccUploadRequest(dccHash, encryptedDccBase64, encryptedDekBase64);
 
     doThrow(new FeignException.BadRequest("", dummyRequest, null))
-      .when(signingApiClientMock).sign(eq(dccHashBase64));
+      .when(signingApiClientMock).sign(eq(dccHashBase64), eq(labId));
 
     mockMvc.perform(post("/version/v1/test/" + testId + "/dcc")
       .contentType(MediaType.APPLICATION_JSON_VALUE)
@@ -254,7 +254,7 @@ void testUploadDccFailedBadResponseFromSignignAPI5xx() throws Exception {
     DccUploadRequest dccUploadRequest = new DccUploadRequest(dccHash, encryptedDccBase64, encryptedDekBase64);
 
     doThrow(new FeignException.InternalServerError("", dummyRequest, null))
-      .when(signingApiClientMock).sign(eq(dccHashBase64));
+      .when(signingApiClientMock).sign(eq(dccHashBase64), eq(labId));
 
     mockMvc.perform(post("/version/v1/test/" + testId + "/dcc")
       .contentType(MediaType.APPLICATION_JSON_VALUE)

src/test/java/app/coronawarn/dcc/service/DccServiceTest.java

@@ -80,7 +80,7 @@ void setup() {
   void testSigning() throws NoSuchAlgorithmException, DccRegistrationService.DccRegistrationException {
 
     when(verificationServerClientMock.result(eq(registrationToken))).thenReturn(new InternalTestResult(6, labId, testId, 0));
-    when(signingApiClient.sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))))).thenReturn(partialDcc);
+    when(signingApiClient.sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))), eq(labId))).thenReturn(partialDcc);
 
     PublicKey publicKey = TestUtils.generateKeyPair().getPublic();
     DccRegistration registration = dccRegistrationService.createDccRegistration(registrationTokenValue, publicKey);
@@ -105,7 +105,7 @@ void testSigningFailedBySigningApi4xx() throws NoSuchAlgorithmException, DccRegi
     when(verificationServerClientMock.result(eq(registrationToken))).thenReturn(new InternalTestResult(6, labId, testId, 0));
 
     doThrow(new FeignException.BadRequest("", dummyRequest, null))
-      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))));
+      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))), eq(labId));
 
     PublicKey publicKey = TestUtils.generateKeyPair().getPublic();
     DccRegistration registration = dccRegistrationService.createDccRegistration(registrationTokenValue, publicKey);
@@ -131,7 +131,7 @@ void testSigningFailedBySigningApi5xx() throws NoSuchAlgorithmException, DccRegi
     when(verificationServerClientMock.result(eq(registrationToken))).thenReturn(new InternalTestResult(6, labId, testId, 0));
 
     doThrow(new FeignException.InternalServerError("", dummyRequest, null))
-      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))));
+      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))), eq(labId));
 
     PublicKey publicKey = TestUtils.generateKeyPair().getPublic();
     DccRegistration registration = dccRegistrationService.createDccRegistration(registrationTokenValue, publicKey);
@@ -158,7 +158,7 @@ void testSigningRetry() throws NoSuchAlgorithmException, DccRegistrationService.
 
     doThrow(new FeignException.InternalServerError("", dummyRequest, null))
       .doReturn(partialDcc)
-      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))));
+      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))), eq(labId));
 
     PublicKey publicKey = TestUtils.generateKeyPair().getPublic();
     DccRegistration registration = dccRegistrationService.createDccRegistration(registrationTokenValue, publicKey);
@@ -185,7 +185,7 @@ void testSigningFailedOnFirstRequestButSuccessOnSecond() throws NoSuchAlgorithmE
     doThrow(new FeignException.InternalServerError("", dummyRequest, null))
       .doThrow(new FeignException.InternalServerError("", dummyRequest, null))
       .doReturn(partialDcc)
-      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))));
+      .when(signingApiClient).sign(eq(Base64.getEncoder().encodeToString(Hex.decode(dccHash))), eq(labId));
 
     PublicKey publicKey = TestUtils.generateKeyPair().getPublic();
     DccRegistration registration = dccRegistrationService.createDccRegistration(registrationTokenValue, publicKey);