NFC-82 Refactor application properties

Author: aarmam

example/pom.xml

@@ -38,6 +38,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-thymeleaf</artifactId>
 		</dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
 
 		<dependency>
 			<groupId>org.digidoc4j</groupId>

example/src/main/java/eu/webeid/example/config/ApplicationConfiguration.java

@@ -28,6 +28,7 @@
 import eu.webeid.example.security.WebEidMobileAuthInitFilter;
 import eu.webeid.example.security.ui.WebEidLoginPageGeneratingFilter;
 import eu.webeid.security.challenge.ChallengeNonceGenerator;
+import org.springframework.boot.context.properties.ConfigurationPropertiesScan;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
@@ -43,6 +44,7 @@
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @Configuration
+@ConfigurationPropertiesScan
 @EnableWebSecurity
 @EnableMethodSecurity(securedEnabled = true)
 public class ApplicationConfiguration implements WebMvcConfigurer {

example/src/main/java/eu/webeid/example/config/ValidationConfiguration.java

@@ -79,24 +79,19 @@ public ChallengeNonceGenerator generator(ChallengeNonceStore challengeNonceStore
     }
 
     @Bean
-    public AuthTokenValidator validator(YAMLConfig yamlConfig) {
+    public AuthTokenValidator validator(WebEidAuthTokenProperties authTokenProperties) {
         try {
             return new AuthTokenValidatorBuilder()
-                .withSiteOrigin(URI.create(yamlConfig.getLocalOrigin()))
+                .withSiteOrigin(URI.create(authTokenProperties.validation().localOrigin()))
                 .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromCerFiles())
-                .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore(yamlConfig))
-                .withOcspRequestTimeout(yamlConfig.getOcspRequestTimeout())
+                .withTrustedCertificateAuthorities(loadTrustedCACertificatesFromTrustStore(authTokenProperties))
+                .withOcspRequestTimeout(authTokenProperties.validation().ocspRequestTimeout())
                 .build();
         } catch (JceException e) {
             throw new RuntimeException("Error building the Web eID auth token validator.", e);
         }
     }
 
-    @Bean
-    public YAMLConfig yamlConfig() {
-        return new YAMLConfig();
-    }
-
     private X509Certificate[] loadTrustedCACertificatesFromCerFiles() {
         List<X509Certificate> caCertificates = new ArrayList<>();
 
@@ -118,7 +113,7 @@ private X509Certificate[] loadTrustedCACertificatesFromCerFiles() {
         return caCertificates.toArray(new X509Certificate[0]);
     }
 
-    private X509Certificate[] loadTrustedCACertificatesFromTrustStore(YAMLConfig yamlConfig) {
+    private X509Certificate[] loadTrustedCACertificatesFromTrustStore(WebEidAuthTokenProperties authTokenProperties) {
         List<X509Certificate> caCertificates = new ArrayList<>();
 
         try (InputStream is = ValidationConfiguration.class.getResourceAsStream(CERTS_RESOURCE_PATH + activeProfile + "/" + TRUSTED_CERTIFICATES_JKS)) {
@@ -127,7 +122,7 @@ private X509Certificate[] loadTrustedCACertificatesFromTrustStore(YAMLConfig yam
                 return new X509Certificate[0];
             }
             KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
-            keystore.load(is, yamlConfig.getTrustStorePassword().toCharArray());
+            keystore.load(is, authTokenProperties.validation().trustStorePassword().toCharArray());
             Enumeration<String> aliases = keystore.aliases();
             while (aliases.hasMoreElements()) {
                 String alias = aliases.nextElement();

example/src/main/java/eu/webeid/example/config/WebEidAuthTokenProperties.java

@@ -0,0 +1,44 @@
+/*
+ * Copyright (c) 2020-2025 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package eu.webeid.example.config;
+
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.boot.context.properties.bind.DefaultValue;
+import org.springframework.validation.annotation.Validated;
+
+import java.time.Duration;
+
+@Validated
+@ConfigurationProperties(prefix = "web-eid-auth-token")
+public record WebEidAuthTokenProperties(WebEidAuthTokenValidation validation) {
+
+    public record WebEidAuthTokenValidation(
+        @NotBlank String localOrigin,
+        String siteCertHash,
+        @NotBlank String trustStorePassword,
+        @DefaultValue("5s") Duration ocspRequestTimeout,
+        @NotNull Boolean useDigiDoc4jProdConfiguration) {
+    }
+}

example/src/main/java/eu/webeid/example/config/WebEidMobileProperties.java

@@ -0,0 +1,34 @@
+/*
+ * Copyright (c) 2020-2025 Estonian Information System Authority
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in all
+ * copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+ * SOFTWARE.
+ */
+
+package eu.webeid.example.config;
+
+import jakarta.validation.constraints.NotBlank;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.validation.annotation.Validated;
+
+@Validated
+@ConfigurationProperties(prefix = "web-eid-mobile")
+public record WebEidMobileProperties(
+    @NotBlank String baseRequestUri,
+    boolean requestSigningCert) {
+}

example/src/main/java/eu/webeid/example/config/YAMLConfig.java

@@ -23,7 +23,8 @@
 package eu.webeid.example.service;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import eu.webeid.example.config.YAMLConfig;
+import eu.webeid.example.config.WebEidAuthTokenProperties;
+import eu.webeid.example.config.WebEidMobileProperties;
 import eu.webeid.example.security.WebEidAuthentication;
 import eu.webeid.example.service.dto.CertificateDTO;
 import eu.webeid.example.service.dto.DigestDTO;
@@ -78,13 +79,13 @@ public class SigningService {
     private final Configuration signingConfiguration;
 
     private final ObjectFactory<HttpSession> httpSessionFactory;
-    private final YAMLConfig yamlConfig;
+    private final WebEidMobileProperties webEidMobileProperties;
 
-    public SigningService(ObjectFactory<HttpSession> httpSessionFactory, YAMLConfig yamlConfig) {
+    public SigningService(ObjectFactory<HttpSession> httpSessionFactory, WebEidAuthTokenProperties authTokenProperties, WebEidMobileProperties webEidMobileProperties) {
         this.httpSessionFactory = httpSessionFactory;
-        this.yamlConfig = yamlConfig;
-        signingConfiguration = Configuration.of(yamlConfig.getUseDigiDoc4jProdConfiguration() ?
-                Configuration.Mode.PROD : Configuration.Mode.TEST);
+        this.webEidMobileProperties = webEidMobileProperties;
+        signingConfiguration = Configuration.of(authTokenProperties.validation().useDigiDoc4jProdConfiguration() ?
+            Configuration.Mode.PROD : Configuration.Mode.TEST);
         // Use automatic AIA OCSP URL selection from certificate for signatures.
         signingConfiguration.setPreferAiaOcsp(true);
     }
@@ -198,7 +199,7 @@ public Map<String, Object> buildMobileInitResponse(WebEidAuthentication authenti
             && supportedSignatureAlgorithms != null
             && !supportedSignatureAlgorithms.isEmpty();
 
-        boolean requestSigningCert = yamlConfig.getRequestSigningCert();
+        boolean requestSigningCert = webEidMobileProperties.requestSigningCert();
         String nextPath = requestSigningCert
             ? CERTIFICATE_URI
             : SIGNATURE_URI;

example/src/main/java/eu/webeid/example/service/SigningService.java

@@ -1,5 +1,7 @@
 web-eid-auth-token:
   validation:
-    use-digidoc4j-prod-configuration: false
+    use-digi-doc4j-prod-configuration: false
     local-origin: "https://test.web-eid.eu"
+web-eid-mobile:
+  base-request-uri: "web-eid-mobile://"
   request-signing-cert: false

example/src/main/resources/application-dev.yaml

@@ -1,9 +1,11 @@
 web-eid-auth-token:
   validation:
-    use-digidoc4j-prod-configuration: true
+    use-digi-doc4j-prod-configuration: true
     local-origin: "https://web-eid.eu"
     truststore-password: "changeit"
-  request-signing-cert: false
+web-eid-mobile:
+    base-request-uri: "web-eid-mobile://"
+    request-signing-cert: false
 spring:
   thymeleaf:
     cache: true

example/src/main/resources/application-prod.yaml

@@ -1,4 +1,7 @@
 web-eid-auth-token:
   validation:
-    use-digidoc4j-prod-configuration: false
+    use-digi-doc4j-prod-configuration: false
     local-origin: "https://ria.ee"
+web-eid-mobile:
+    base-request-uri: "web-eid-mobile://"
+    request-signing-cert: false