Merge remote-tracking branch 'origin/develop_2' into

issue/346_347_ProcessPluginDefinition_Access_-_BPMN_Activity_Beans

Author: hhund

.gitignore

@@ -21,7 +21,8 @@ dsf-bpe/dsf-bpe-server-jetty/cert/*.key
 dsf-bpe/dsf-bpe-server-jetty/conf/config.properties
 dsf-bpe/dsf-bpe-server-jetty/docker/api/v1/*.jar
 dsf-bpe/dsf-bpe-server-jetty/docker/api/v2/*.jar
-dsf-bpe/dsf-bpe-server-jetty/docker/ca/*.pem
+dsf-bpe/dsf-bpe-server-jetty/docker/ca/client_ca_chains/*.crt
+dsf-bpe/dsf-bpe-server-jetty/docker/ca/server_root_cas/*.crt
 dsf-bpe/dsf-bpe-server-jetty/docker/dsf_bpe.jar
 dsf-bpe/dsf-bpe-server-jetty/docker/dsf_status_client.jar
 dsf-bpe/dsf-bpe-server-jetty/docker/lib/*.jar
@@ -32,8 +33,10 @@ dsf-bpe/dsf-bpe-server-jetty/ui
 ###
 # dsf-docker ignore
 ###
-dsf-docker/bpe_proxy/ca/*.pem
-dsf-docker/fhir_proxy/ca/*.pem
+dsf-docker/bpe_proxy/ca/client_ca_chains/*.crt
+dsf-docker/bpe_proxy/ca/client_issuing_cas/*.crt
+dsf-docker/fhir_proxy/ca/client_ca_chains/*.crt
+dsf-docker/fhir_proxy/ca/client_issuing_cas/*.crt
 
 ###
 # dsf-docker-test-setup ignores
@@ -98,25 +101,10 @@ dsf-fhir/dsf-fhir-server-jetty/cert/*.crt
 dsf-fhir/dsf-fhir-server-jetty/cert/*.key
 dsf-fhir/dsf-fhir-server-jetty/conf/bundle.xml
 dsf-fhir/dsf-fhir-server-jetty/conf/config.properties
-dsf-fhir/dsf-fhir-server-jetty/docker/ca/*.pem
+dsf-fhir/dsf-fhir-server-jetty/docker/ca/client_ca_chains/*.crt
+dsf-fhir/dsf-fhir-server-jetty/docker/ca/server_root_cas/*.crt
 dsf-fhir/dsf-fhir-server-jetty/docker/dsf_fhir.jar
 dsf-fhir/dsf-fhir-server-jetty/docker/dsf_status_client.jar
 dsf-fhir/dsf-fhir-server-jetty/docker/lib/*.jar
 dsf-fhir/dsf-fhir-server-jetty/ui
-dsf-fhir/dsf-fhir-validation/src/main/resources/fhir/bundle.xml
-
-###
-# dsf-tools ignores
-###
-dsf-tools/dsf-tools-default-ca-files-generator/cert/*.pem
-
-dsf-tools/dsf-tools-test-data-generator/bundle/*.xml
-
-dsf-tools/dsf-tools-test-data-generator/cert/**/*.pem
-dsf-tools/dsf-tools-test-data-generator/cert/**/*.key
-dsf-tools/dsf-tools-test-data-generator/cert/**/*.crt
-dsf-tools/dsf-tools-test-data-generator/cert/**/*.csr
-dsf-tools/dsf-tools-test-data-generator/cert/**/*.p12
-dsf-tools/dsf-tools-test-data-generator/cert/thumbprints.txt
-
-dsf-tools/dsf-tools-test-data-generator/config/*.properties
+dsf-fhir/dsf-fhir-validation/src/main/resources/fhir/bundle.xml

dsf-bpe/dsf-bpe-process-api-v1-impl/pom.xml

@@ -64,10 +64,22 @@
 
 	<build>
 		<plugins>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-compiler-plugin</artifactId>
+				<configuration>
+					<testCompilerArgument>-proc:none</testCompilerArgument>
+				</configuration>
+			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-dependency-plugin</artifactId>
 				<executions>
+					<execution>
+						<goals>
+							<goal>properties</goal>
+						</goals>
+					</execution>
 					<execution>
 						<id>copy-api-v1-dependencies-to-docker</id>
 						<phase>pre-integration-test</phase>
@@ -187,6 +199,13 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.apache.maven.plugins</groupId>
+				<artifactId>maven-surefire-plugin</artifactId>
+				<configuration>
+					<argLine>-javaagent:${org.mockito:mockito-core:jar}</argLine>
+				</configuration>
+			</plugin>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-clean-plugin</artifactId>

dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/ProcessPluginApiFactory.java

@@ -13,6 +13,7 @@
 import dev.dsf.bpe.v2.service.DataLogger;
 import dev.dsf.bpe.v2.service.DsfClientProvider;
 import dev.dsf.bpe.v2.service.EndpointProvider;
+import dev.dsf.bpe.v2.service.FhirClientConfigProvider;
 import dev.dsf.bpe.v2.service.FhirClientProvider;
 import dev.dsf.bpe.v2.service.MailService;
 import dev.dsf.bpe.v2.service.MimeTypeService;
@@ -45,11 +46,11 @@ public ProcessPluginApi get()
 	{
 		return new ProcessPluginApiImpl(processPluginDefinition, fromParent(ProxyConfig.class),
 				fromParent(EndpointProvider.class), fromParent(FhirContext.class), fromParent(DsfClientProvider.class),
-				fromParent(FhirClientProvider.class), fromParent(OidcClientProvider.class),
-				fromParent(MailService.class), fromParent(MimeTypeService.class), fromParent(ObjectMapper.class),
-				fromParent(OrganizationProvider.class), fromParent(ProcessAuthorizationHelper.class),
-				fromParent(QuestionnaireResponseHelper.class), fromParent(ReadAccessHelper.class),
-				fromParent(TaskHelper.class), fromParent(CryptoService.class), fromParent(TargetProvider.class),
-				fromParent(DataLogger.class));
+				fromParent(FhirClientProvider.class), fromParent(FhirClientConfigProvider.class),
+				fromParent(OidcClientProvider.class), fromParent(MailService.class), fromParent(MimeTypeService.class),
+				fromParent(ObjectMapper.class), fromParent(OrganizationProvider.class),
+				fromParent(ProcessAuthorizationHelper.class), fromParent(QuestionnaireResponseHelper.class),
+				fromParent(ReadAccessHelper.class), fromParent(TaskHelper.class), fromParent(CryptoService.class),
+				fromParent(TargetProvider.class), fromParent(DataLogger.class));
 	}
 }

dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/ProcessPluginApiImpl.java

@@ -12,6 +12,7 @@
 import dev.dsf.bpe.v2.service.DataLogger;
 import dev.dsf.bpe.v2.service.DsfClientProvider;
 import dev.dsf.bpe.v2.service.EndpointProvider;
+import dev.dsf.bpe.v2.service.FhirClientConfigProvider;
 import dev.dsf.bpe.v2.service.FhirClientProvider;
 import dev.dsf.bpe.v2.service.MailService;
 import dev.dsf.bpe.v2.service.MimeTypeService;
@@ -31,6 +32,7 @@ public class ProcessPluginApiImpl implements ProcessPluginApi, InitializingBean
 	private final FhirContext fhirContext;
 	private final DsfClientProvider dsfClientProvider;
 	private final FhirClientProvider fhirClientProvider;
+	private final FhirClientConfigProvider fhirClientConfigProvider;
 	private final OidcClientProvider oidcClientProvider;
 	private final MailService mailService;
 	private final MimeTypeService mimeTypeService;
@@ -46,8 +48,9 @@ public class ProcessPluginApiImpl implements ProcessPluginApi, InitializingBean
 
 	public ProcessPluginApiImpl(ProcessPluginDefinition processPluginDefinition, ProxyConfig proxyConfig,
 			EndpointProvider endpointProvider, FhirContext fhirContext, DsfClientProvider dsfClientProvider,
-			FhirClientProvider fhirClientProvider, OidcClientProvider oidcClientProvider, MailService mailService,
-			MimeTypeService mimeTypeService, ObjectMapper objectMapper, OrganizationProvider organizationProvider,
+			FhirClientProvider fhirClientProvider, FhirClientConfigProvider fhirClientConfigProvider,
+			OidcClientProvider oidcClientProvider, MailService mailService, MimeTypeService mimeTypeService,
+			ObjectMapper objectMapper, OrganizationProvider organizationProvider,
 			ProcessAuthorizationHelper processAuthorizationHelper,
 			QuestionnaireResponseHelper questionnaireResponseHelper, ReadAccessHelper readAccessHelper,
 			TaskHelper taskHelper, CryptoService cryptoService, TargetProvider targetProvider, DataLogger dataLogger)
@@ -58,6 +61,7 @@ public ProcessPluginApiImpl(ProcessPluginDefinition processPluginDefinition, Pro
 		this.fhirContext = fhirContext;
 		this.dsfClientProvider = dsfClientProvider;
 		this.fhirClientProvider = fhirClientProvider;
+		this.fhirClientConfigProvider = fhirClientConfigProvider;
 		this.oidcClientProvider = oidcClientProvider;
 		this.mailService = mailService;
 		this.mimeTypeService = mimeTypeService;
@@ -81,6 +85,7 @@ public void afterPropertiesSet() throws Exception
 		Objects.requireNonNull(fhirContext, "fhirContext");
 		Objects.requireNonNull(dsfClientProvider, "dsfClientProvider");
 		Objects.requireNonNull(fhirClientProvider, "fhirClientProvider");
+		Objects.requireNonNull(fhirClientConfigProvider, "fhirClientConfigProvider");
 		Objects.requireNonNull(oidcClientProvider, "oidcClientProvider");
 		Objects.requireNonNull(mailService, "mailService");
 		Objects.requireNonNull(mimeTypeService, "mimeTypeService");
@@ -131,6 +136,12 @@ public FhirClientProvider getFhirClientProvider()
 		return fhirClientProvider;
 	}
 
+	@Override
+	public FhirClientConfigProvider getFhirClientConfigProvider()
+	{
+		return fhirClientConfigProvider;
+	}
+
 	@Override
 	public OidcClientProvider getOidcClientProvider()
 	{

dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/client/fhir/FhirClientFactory.java

@@ -222,6 +222,7 @@ public int getConnectTimeout()
 	}
 
 	@Override
+	@Deprecated
 	public ServerValidationModeEnum getServerValidationModeEnum()
 	{
 		return getServerValidationMode();
@@ -294,6 +295,7 @@ public void setProxyCredentials(String theUsername, String thePassword)
 	}
 
 	@Override
+	@Deprecated
 	public void setServerValidationModeEnum(ServerValidationModeEnum theServerValidationMode)
 	{
 		throw notSupported();

dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/service/FhirClientConfigProviderImpl.java

@@ -0,0 +1,89 @@
+package dev.dsf.bpe.v2.service;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Objects;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.function.Function;
+import java.util.stream.Collectors;
+
+import javax.net.ssl.SSLContext;
+
+import org.springframework.beans.factory.InitializingBean;
+
+import de.hsheilbronn.mi.utils.crypto.context.SSLContextFactory;
+import dev.dsf.bpe.v2.client.fhir.ClientConfig;
+import dev.dsf.bpe.v2.client.fhir.ClientConfigs;
+
+public class FhirClientConfigProviderImpl implements FhirClientConfigProvider, InitializingBean
+{
+	private final Map<String, ClientConfig> clientConfigsByFhirServerId = new HashMap<>();
+	private final KeyStore defaultTrustStore;
+
+	public FhirClientConfigProviderImpl(KeyStore defaultTrustStore, ClientConfigs clientConfigs)
+	{
+		this.defaultTrustStore = defaultTrustStore;
+
+		if (clientConfigs != null)
+			clientConfigsByFhirServerId.putAll(clientConfigs.getConfigs().stream()
+					.collect(Collectors.toMap(ClientConfig::getFhirServerId, Function.identity())));
+	}
+
+	@Override
+	public void afterPropertiesSet() throws Exception
+	{
+		Objects.requireNonNull(defaultTrustStore, "defaultTrustStore");
+	}
+
+	@Override
+	public SSLContext createDefaultSslContext()
+	{
+		try
+		{
+			return SSLContextFactory.createSSLContext(defaultTrustStore);
+		}
+		catch (UnrecoverableKeyException | KeyManagementException | KeyStoreException | NoSuchAlgorithmException e)
+		{
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	public KeyStore createDefaultTrustStore()
+	{
+		try
+		{
+			char[] password = UUID.randomUUID().toString().toCharArray();
+			ByteArrayOutputStream out = new ByteArrayOutputStream();
+			defaultTrustStore.store(out, password);
+
+			KeyStore store = KeyStore.getInstance(defaultTrustStore.getType(), defaultTrustStore.getProvider());
+			store.load(new ByteArrayInputStream(out.toByteArray()), password);
+
+			return store;
+		}
+		catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException e)
+		{
+			throw new RuntimeException(e);
+		}
+	}
+
+	@Override
+	public Optional<ClientConfig> getClientConfig(String fhirServerId)
+	{
+		if (fhirServerId == null || fhirServerId.isBlank())
+			return Optional.empty();
+
+		return Optional.ofNullable(clientConfigsByFhirServerId.get(fhirServerId));
+	}
+}

dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/service/FhirClientProviderWithEndpointSupport.java renamed to dsf-bpe/dsf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/service/FhirClientConfigProviderWithEndpointSupport.java

@@ -2,43 +2,36 @@
 
 import java.security.KeyStore;
 import java.time.Duration;
-import java.util.Objects;
 import java.util.Optional;
 import java.util.function.Function;
 
-import org.springframework.beans.factory.InitializingBean;
+import javax.net.ssl.SSLContext;
 
-import ca.uhn.fhir.rest.client.api.IGenericClient;
 import dev.dsf.bpe.api.config.FhirClientConfig;
 import dev.dsf.bpe.v2.client.fhir.ClientConfig;
 
-public class FhirClientProviderWithEndpointSupport implements FhirClientProvider, InitializingBean
+public class FhirClientConfigProviderWithEndpointSupport implements FhirClientConfigProvider
 {
 	private final EndpointProvider endpointProvider;
-	private final FhirClientProviderImpl delegate;
+	private final FhirClientConfigProvider delegate;
 
-	public FhirClientProviderWithEndpointSupport(EndpointProvider endpointProvider, FhirClientProviderImpl delegate)
+	public FhirClientConfigProviderWithEndpointSupport(EndpointProvider endpointProvider,
+			FhirClientConfigProvider delegate)
 	{
 		this.endpointProvider = endpointProvider;
 		this.delegate = delegate;
 	}
 
 	@Override
-	public void afterPropertiesSet() throws Exception
+	public SSLContext createDefaultSslContext()
 	{
-		Objects.requireNonNull(endpointProvider, "endpointProvider");
-		Objects.requireNonNull(delegate, "delegate");
+		return delegate.createDefaultSslContext();
 	}
 
 	@Override
-	public Optional<IGenericClient> getClient(String fhirServerId)
+	public KeyStore createDefaultTrustStore()
 	{
-		if (fhirServerId == null || fhirServerId.isBlank())
-			return Optional.empty();
-		else if (fhirServerId.startsWith("#"))
-			return getClientConfig(fhirServerId).flatMap(delegate::getClient);
-		else
-			return delegate.getClient(fhirServerId);
+		return delegate.createDefaultTrustStore();
 	}
 
 	@Override