Merge pull request #65 from xdev-software/accept-multiple-certs

Accept multiple certs

Author: JohannesRabauer

CHANGELOG.md

@@ -2,6 +2,7 @@
 
 * Now supports the CESOP-Format (and the DAC7-Format).
 * Uses a client that is auto generated by OpenAPI. This makes the library more robust for future changes of the API.
+* Certificates can now be defined with a ``SigningProvider``.
 
 # 1.0.3
 

README.md

@@ -40,19 +40,32 @@ Our library validates each request through these XSD find errors before they are
 
 See the [examples in the demo package](./bzst-dip-java-client-demo/src/main/java/software/xdev/).
 
-### Create keystore file
+### Create certificate
 
 For authentification at the BZST you have to create a public- and private-key.
 
 First you have to create a **PEM** file as described on the [BZST Website](https://www.bzst.de/DE/Service/Portalinformation/Massendaten/DIP/dip_node.html) (see 1.7).
 
-OpenSSL can be downloaded from their [website](https://www.openssl.org/).
+OpenSSL can be downloaded from the [website](https://www.openssl.org/).
 
 ```
 openssl req -newkey rsa-pss -new -nodes -x509 -days 3650 -pkeyopt rsa_keygen_bits:4096 -sigopt rsa_pss_saltlen:32 -keyout key.pem -out cert.pem
 ```
 
-Next you have to convert that file to a **PKCS12** file.
+You also have to set the public key in the [BZST online.portal](https://online.portal.bzst.de/).
+Exporting the public key with OpenSSL is easy:
+
+```
+openssl rsa -in key.pem -pubout > publicKey.pub
+```
+
+Now you can already use these two files to sign your requests. See
+the [example with PEM signing](./bzst-dip-java-client-demo\src\main\java\software\xdev\ApplicationWithPem.java).
+
+### Create Java KeyStore (JKS)
+
+If you want to go one step further you can use the Java KeyStore. Then you have to convert the `cert.pem` file to a *
+*PKCS12** file.
 
 ```
 openssl pkcs12 -export -in cert.pem -inkey key.pem -out certificate.p12 -name "certificate"
@@ -71,13 +84,6 @@ certificate.keystore.password=SECRET_PASSWORD
 certificate.keystore.file=cert.jks
 ```
 
-You also have to set the public key in the [BZST online.portal](https://online.portal.bzst.de/).
-Exporting the public key with OpenSSL is easy:
-
-```
-openssl rsa -in key.pem -pubout > publicKey.pub
-```
-
 ### Client ID
 
 It's also important to use the client id provided by [BZST online.portal](https://online.portal.bzst.de/)
@@ -99,9 +105,7 @@ public static BzstDipConfiguration createConfiguration()
 		.setClientId("abcd1234-ab12-ab12-ab12-abcdef123456")
 		.setTaxID("86095742719")
 		.setTaxNumber("123")
-		.setCertificateKeystoreInputStream(() -> ClassLoader.getSystemClassLoader()
-			.getResourceAsStream("DemoKeystore.jks"))
-		.setCertificateKeystorePassword("test123")
+		.setSigningProvider(new SigningProviderByJks("DemoKeystore.jks", "test123"))
 		.setRealmEnvironmentBaseUrl(BzstDipConfiguration.ENDPOINT_URL_TEST)
 		.setMessageTypeIndic(BzstDipDpiMessageType.DPI_401)
 		.setReportingPeriod(LocalDate.now())

bzst-dip-java-client-demo/src/main/java/software/xdev/ApplicationWithCesop.java

@@ -48,6 +48,7 @@
 import software.xdev.bzst.dip.client.model.message.dac7.BzstDipCompleteResult;
 import software.xdev.bzst.dip.client.model.message.dac7.BzstDipCountryCode;
 import software.xdev.bzst.dip.client.model.message.dac7.BzstDipCurrency;
+import software.xdev.bzst.dip.client.signing.SigningProviderByJks;
 
 
 @SuppressWarnings("checkstyle:MagicNumber")
@@ -75,8 +76,7 @@ public static BzstDipConfiguration createConfiguration()
 			.setClientId("abcd1234-ab12-ab12-ab12-abcdef123456")
 			.setTaxID("86095742719")
 			.setTaxNumber("123")
-			.setCertificateKeystoreInputStream(() -> ClassLoader.getSystemClassLoader()
-				.getResourceAsStream("DemoKeystore.jks"))
+			.setSigningProvider(new SigningProviderByJks("DemoKeystore.jks", "test123"))
 			.setCertificateKeystorePassword("test123")
 			.setRealmEnvironmentBaseUrl(BzstDipConfiguration.ENDPOINT_URL_TEST)
 			.setMessageTypeIndicCesop(BzstCesopMessageTypeIndicEnum.CESOP_101)

bzst-dip-java-client-demo/src/main/java/software/xdev/ApplicationWithDac7.java

@@ -26,6 +26,7 @@
 import software.xdev.bzst.dip.client.model.message.dac7.BzstDipOecdLegalAddressType;
 import software.xdev.bzst.dip.client.model.message.dac7.BzstDipTaxes;
 import software.xdev.bzst.dip.client.model.message.dac7.BzstDipTin;
+import software.xdev.bzst.dip.client.signing.SigningProviderByJks;
 
 
 @SuppressWarnings("checkstyle:MagicNumber")
@@ -53,9 +54,7 @@ public static BzstDipConfiguration createConfiguration()
 			.setClientId("abcd1234-ab12-ab12-ab12-abcdef123456")
 			.setTaxID("86095742719")
 			.setTaxNumber("123")
-			.setCertificateKeystoreInputStream(() -> ClassLoader.getSystemClassLoader()
-				.getResourceAsStream("DemoKeystore.jks"))
-			.setCertificateKeystorePassword("test123")
+			.setSigningProvider(new SigningProviderByJks("DemoKeystore.jks", "test123"))
 			.setRealmEnvironmentBaseUrl(BzstDipConfiguration.ENDPOINT_URL_TEST)
 			.setMessageTypeIndic(BzstDipDpiMessageType.DPI_401)
 			.setReportingPeriod(LocalDate.now())

bzst-dip-java-client-demo/src/main/java/software/xdev/ApplicationWithPem.java

@@ -0,0 +1,58 @@
+package software.xdev;
+
+import java.io.IOException;
+import java.time.LocalDate;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import software.xdev.bzst.dip.client.BzstDipClient;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipConfiguration;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipConfigurationBuilder;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipDpiMessageType;
+import software.xdev.bzst.dip.client.model.configuration.BzstDipOecdDocType;
+import software.xdev.bzst.dip.client.model.message.dac7.BzstDipAddressFix;
+import software.xdev.bzst.dip.client.model.message.dac7.BzstDipCompleteResult;
+import software.xdev.bzst.dip.client.signing.SigningProviderByPem;
+
+
+@SuppressWarnings("checkstyle:MagicNumber")
+public final class ApplicationWithPem
+{
+	private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationWithPem.class);
+	
+	public static void main(final String[] args)
+		throws InterruptedException, IOException
+	{
+		final BzstDipConfiguration configuration = createConfiguration();
+		final BzstDipClient bzstDipClient = new BzstDipClient(configuration);
+		final BzstDipCompleteResult bzstDipCompleteResult =
+			bzstDipClient.sendDipAndQueryResult(ApplicationWithDac7.createMessage());
+		LOGGER.info(
+			"Sending dip message with transfer number {} {}",
+			bzstDipCompleteResult.dataTransferNumber(),
+			bzstDipCompleteResult.isSuccessful() ? "was successful." : "has failed!"
+		);
+	}
+	
+	public static BzstDipConfiguration createConfiguration()
+	{
+		return new BzstDipConfigurationBuilder()
+			.setClientId("abcd1234-ab12-ab12-ab12-abcdef123456")
+			.setTaxID("86095742719")
+			.setTaxNumber("123")
+			.setSigningProvider(new SigningProviderByPem("DemoCert.pem", "DemoKey.pem"))
+			.setRealmEnvironmentBaseUrl(BzstDipConfiguration.ENDPOINT_URL_TEST)
+			.setMessageTypeIndic(BzstDipDpiMessageType.DPI_401)
+			.setReportingPeriod(LocalDate.now())
+			.setDocTypeIndic(BzstDipOecdDocType.OECD_1)
+			.setPlatformOperatorOrganizationName("TestOrg")
+			.setPlatformOperatorPlatformName("TestApp")
+			.setPlatformOperatorAddress(new BzstDipAddressFix("TestCity"))
+			.buildAndValidate();
+	}
+	
+	private ApplicationWithPem()
+	{
+	}
+}

bzst-dip-java-client-demo/src/main/resources/DemoCert.pem

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGDTCCA8GgAwIBAgIUG7/UrJcPXln7veZrUjABqaCAbh8wQQYJKoZIhvcNAQEK
+MDSgDzANBglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEF
+AKIDAgEgMGMxCzAJBgNVBAYTAkRFMRAwDgYDVQQIDAdCYXZhcmlhMQ0wCwYDVQQH
+DARjaXR5MRswGQYDVQQKDBJYREVWIFNvZnR3YXJlIEdtYkgxFjAUBgNVBAMMDXhk
+ZXYuc29mdHdhcmUwHhcNMjQwNTI5MTMwODMxWhcNMzQwNTI3MTMwODMxWjBjMQsw
+CQYDVQQGEwJERTEQMA4GA1UECAwHQmF2YXJpYTENMAsGA1UEBwwEY2l0eTEbMBkG
+A1UECgwSWERFViBTb2Z0d2FyZSBHbWJIMRYwFAYDVQQDDA14ZGV2LnNvZnR3YXJl
+MIICIDALBgkqhkiG9w0BAQoDggIPADCCAgoCggIBALhAndCGFrJXO0ZNAxmrgW32
+YdsBOEcxkXxZMZoD4VZdHMflj7QbzsYuXn2Emndpz9wUYLzowv+rItK6H/xct66f
+hei9Gz4JeIOp1CGz5a6gH3eQLL7cYOtlBJoxYLQaWaCg0z5ZNRgS4h2ub8yKLBx+
++or5ne7AjGnei0UyNSvBrWwU0b+rAF3dC3LvXuvNrOGFvMv9y0DHfQ2CEZNErWx+
+LMq/VezRPkF8qmaxPmKBZ/ODDsI3mQ0ATJSshr2vuDjIaM7ZWPG9x2H3aFaJvz64
+YPN3PjqexM6hBs6S2mrbC9Dx3x1NbxH3wqHfeqXiuPFBU3NcZxzw5qtd/p/63Sfd
+YL1ouKX7WX3NDUFx1XMfZXWrOinzvNT5QPV13GpKW1ec8ZJZbfxDp/0rRp8WTY2R
+XSuuWnriBWefnlFPwDAR5srHaETTZoD/ydsLNS5s3o/TRG6RgGbpzo6bZVMIZ62h
++77e78h8MiGIzWa2vsx6mgOr4/CMyxXaSKrGJmjlnRY/SuC3eNY+mS98ANL7EeE+
+PtakCG1hAjpso0OPZkUl6cyCqeb4JbDIxGckUsKw6PTczYitO78QroteDpt+cX/Q
+DzbcYn8mg6jtFfCkDzXbRlhF+sJZj1zbVtmg80rnXlsJN/8sF0i3imq4A/+7i+v/
+/E1yH8dU2X4LyDWFLo2fAgMBAAGjUzBRMB0GA1UdDgQWBBQS4GBqywGNaQYc0XbR
+Csw61hNmOTAfBgNVHSMEGDAWgBQS4GBqywGNaQYc0XbRCsw61hNmOTAPBgNVHRMB
+Af8EBTADAQH/MEEGCSqGSIb3DQEBCjA0oA8wDQYJYIZIAWUDBAIBBQChHDAaBgkq
+hkiG9w0BAQgwDQYJYIZIAWUDBAIBBQCiAwIBIAOCAgEApjV0UZZLSWFSZuRCwSu9
+QeozeRAU+/GnC0WNATJmLE+CIwXyHZPYaCIus6R9/NaRg6bdmYBgqtYBHF18YoWE
+iFNUuLlkzEU0jkKPUvWg5heVeyUvGxqwRP318P3VGTtx2ovvO1rAeuRNQ5/cr0Nf
+UYhxIuA9ym9aHOCgmdnsbySmX9BH6kum5Dnna1Ofk+ipM0wf+tBrGPR/0+8yvWn8
+V1gwPOypn+zBs0FlLKzAqQtLgau3PEgHdbLOfHuW0fV2KVVVwO4h5SjuUJPhJAMF
+Fy5f5azQ9I5eNiaTpOMT9bI/Vn7XqvRY8YIjsSeAMcqpBygMmQFVjwRJhfyIPL1j
+9MN7fF5xVBUn14C2CEwgndJ5AD3S6UrSVhRWmWs/Q4FisyPvclds+Tr2q/zpFLuX
+uMwDDABJ12qw5kB8G1bAyi8TgAcHUAVh2TDK8vgN0/om68Em9HzFSEe63SKTYfEy
+Mss908jGIDsrsbRoQAbdg0XDnK/3OO/M+/0tRZYAZ+gceQoFOS9d2s5StoGO7nn9
+rlSRj+hA6XlNvb6Dc6we9tHSaN1qxqK4GXymKkS6dfWuvdgxjtFr/H3kDcdzTN0u
+6pEUnAFcyU/Z+/XyNRvmdl31CwstHajAdTtWGqdkQmugvhE9GMI5LYzglycAbnoN
+0IGQKyqO/74AsAKW8tlozi8=
+-----END CERTIFICATE-----

bzst-dip-java-client-demo/src/main/resources/DemoKey.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQQIBADALBgkqhkiG9w0BAQoEggktMIIJKQIBAAKCAgEAuECd0IYWslc7Rk0D
+GauBbfZh2wE4RzGRfFkxmgPhVl0cx+WPtBvOxi5efYSad2nP3BRgvOjC/6si0rof
+/Fy3rp+F6L0bPgl4g6nUIbPlrqAfd5Asvtxg62UEmjFgtBpZoKDTPlk1GBLiHa5v
+zIosHH76ivmd7sCMad6LRTI1K8GtbBTRv6sAXd0Lcu9e682s4YW8y/3LQMd9DYIR
+k0StbH4syr9V7NE+QXyqZrE+YoFn84MOwjeZDQBMlKyGva+4OMhoztlY8b3HYfdo
+Vom/Prhg83c+Op7EzqEGzpLaatsL0PHfHU1vEffCod96peK48UFTc1xnHPDmq13+
+n/rdJ91gvWi4pftZfc0NQXHVcx9ldas6KfO81PlA9XXcakpbV5zxkllt/EOn/StG
+nxZNjZFdK65aeuIFZ5+eUU/AMBHmysdoRNNmgP/J2ws1Lmzej9NEbpGAZunOjptl
+UwhnraH7vt7vyHwyIYjNZra+zHqaA6vj8IzLFdpIqsYmaOWdFj9K4Ld41j6ZL3wA
+0vsR4T4+1qQIbWECOmyjQ49mRSXpzIKp5vglsMjEZyRSwrDo9NzNiK07vxCui14O
+m35xf9APNtxifyaDqO0V8KQPNdtGWEX6wlmPXNtW2aDzSudeWwk3/ywXSLeKargD
+/7uL6//8TXIfx1TZfgvINYUujZ8CAwEAAQKCAgATeBh06UZKr/b+dbLHKp0xjmBG
+sPlOZIl390DLgm90HcClyrcFlA6kWE/5uWJNDew92BVkwL+iHmY+mBY7J1ztYcPX
+lOvlAUEvwGk+6nBxpE/O5Xgk7sp69SCoXmFWhpZD59qKcwiuM4ibFEyR82O32x8E
+Ql4S1VvA8BgNRsHhjsSRcB29wAb45BuKmIqSJhiHeAc8EuRAQxQOsljDE/WzSh3X
+iqI8tNt8Nf0XftEVvZDLZWTQ1ukgO5DcAOL39jJkJaEVglfoq2H/ExJ+Wm3P5dGw
+yD/WF+K55r/+YfwcYGr+OCCYSw9aebCiRCgEkVFzhLCZtwDaSQZGw1bddreZid9C
+KBWgqq/gV3X9srkRkLNfc2n4HaYSGfiWyKNXfs7WszUjFhud5rF0tJ7dEtx1q+kb
+/G4VSOaruOfMGnX6O8Ia8WvsduSi4o9GmrI8sjdO6+yJZdDBnicQgs4DTspoorR1
+ShKxmLJyVWxioQbvhJPMrtD7rMSoYHzvsLPLAkPwhLSZ2v6J5Wds594zJZZCxEdm
+zk4DOIawKPL9B6UIVhA8Sat3eRgvAAsRptXwREg4PJT0bcQDcsdvlrFJkPRbzjB8
+v5XY0Mjm/GNZlrPUl6y4tfHElngH2sKYjZSPcg4LvM2TlAq44VTj/lKzu0q8F9tO
+VQM9bMCxL/gAloYKcQKCAQEA24v2U0a1/kFpqYNOi6dD+m2QIQdxYhiQCPRJwP1V
+0jJUQ8Yg35Uk5Isb981bSRdh+StnetXOeMKhx+HjcBBrgnLTPYNZk6tsouhMdCi3
+45LPnNrPrGwvJ6r14wDkZ3x/3oHcuqpEmG7CLGaHjLr7/CCIAjYCFjw0cFouA8S3
+mStxAkOljolS5rpyWASzL+TgpPws0Lgczjv/lC/gzGIyPBSCkMGz7a782HJvc/QQ
+OBrFBLL2aItPaKcBz137301u2lt4mQ9O1t10/ScpzP2j8Lx5Wod4zWxgvpsmsP26
+uzeYczgwYxPz97OYs16jve4Id4NEQEbC+n9y2yl2fZfj5wKCAQEA1thvt4TDW3O4
+VgYw1I43EGE2IwsSfO7XjN5LeMHx00XUNomDxA1CyaPVVOiC6lKBMpQtgHHxBgE0
+1bh5LSFq0CI0s02BFcTY3/ZAs1WuYKGogf6DkBXBIgtlMUG3KoWv7Aan5fHoKwjx
+uFm1mO77SJBuJZtbC78nnBW9gLWel0SghQlavsAWed5IpSU7RLW7aZpiV1TXofiq
+R2v0wpHrPmTIote04xGqzKTcJtQ2jHRDQmpPVJsZFgyNI3Onj4sag5wMoaTfQUeA
+J0wxyQFnfuoes3a+GOLVkBeWsAnIj+iWoxxxh8EWkWqavms+kJUTiDMDMbc2aD9I
+DQzjiLrRiQKCAQEAqXb41UEAm9isEb+cMmoTK8vEc+pF191z2KWQBJrH0u8sYgAe
+Qdbi2lKSbQ2jh+C3rFiXkJZWwJojvKEdKNRT2CZ/7bxkuXqZ6Yl78jG3977L6Jxx
+rvr2zxzEncuDgmn0XbFJywBA4JSl5xXhTXzLossNkP9VTwp7w7moSRpgSafhnEjR
+Exvm1NhYCJ7gHXkC+fb5NMbY3UwstJrcX4bwlbWTLt+F3lKzMvPqGcvrdRMcvsrR
+LtNRoUtAN2upTq17gqsWhLbvOSVJ91pyhpvGHr2swndNhOtCJf6mt/myWG7Kiy11
+FBVDvRBxLws/Qwzoli/Jz/+O40LbSlZP8xP6QwKCAQEAw840WyyLo4Ce4v/3ZvFK
+LAp8/Yksy2IeX0uFu0P/Ms80bpP73CU91moTlrPmBMs25rL3mVW/FfrpfVMIVWJc
+Z96U60lauU1TXyKeqxMOvxD2c6tTmnDJOU7rZe3/kqiOwez6/m3va7FWI+7Wu9Aq
+gmLnkCy72MPZxL5nnLNqG3E3Xqg85RZKJb25tZFuJ9v9N2y17ePsNrlb74XrZ5z3
+qkDOPuOa/0vtv18NKfJE2NNpLVGYhYJpZZgA1eulLgTYIFSLipKpymPw31/pC8nU
+2m1jl6pD7IhnnVByTHROLyIKkBPvQItxFwzyhVNWjQzg5UOgyKGy22W5M/OoN8gU
+CQKCAQAnN6tA6ztx3fOfyordmZosOCjqX3PgMDrqz0327aUeUYK2YDiKwFf3DNkn
+r5pb03QJY6kad+8IIB1Kr6ezdJ7I1p23XSZtwQVvVwx189haWmMbKALJiKgDyk6A
+tyUahcDtwtXnXamesP+b4dZHSkEOeLvfXoBHwQPKE2m6Ubdes2ll2nFN50/h7kNe
+alVMsSOYeo4sr669gWyPk5iX1S1bRvpI/S+G9qTV/bp1piuzibzqwAhoNER6J1ue
+i0ZmGEHbj5paULxhol2BPUrTaW2VSlFyiQiJ/000c3eJvmhAr75tFPWmXowhiOC+
+zoafrCyAHLoMLdwpXQzSl212U04/
+-----END PRIVATE KEY-----

bzst-dip-java-client-demo/src/main/resources/DemoKeystore.jks

@@ -8,8 +8,8 @@ application.code=
 message.type=DPI402
 reporting.period=2023-12-31
 doc.type=OECD2
-certificate.keystore.password=test123
-certificate.keystore.file=DemoKeystore.jks
+signing.jks.keystore.password=test123
+signing.jks.keystore.file=DemoKeystore.jks
 
 delay.before.checking.results.in.millis=
 retry.query.results.amount=

bzst-dip-java-client-demo/src/main/resources/app.properties

@@ -57,6 +57,7 @@
 		<sonar.exclusions>
 			src/generated/**
 		</sonar.exclusions>
+		<junit-jupiter.version>5.10.2</junit-jupiter.version>
 	</properties>
 
 	<repositories>
@@ -149,13 +150,13 @@
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter-api</artifactId>
-			<version>5.10.3</version>
+			<version>${junit-jupiter.version}</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
 			<groupId>org.junit.jupiter</groupId>
 			<artifactId>junit-jupiter-params</artifactId>
-			<version>5.10.3</version>
+			<version>${junit-jupiter.version}</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>