diff --git a/.dev/auth.keystore b/.dev/auth.keystore new file mode 100644 index 0000000000000000000000000000000000000000..99c4c27b3c501fac08a68f4733cdb1f5ad983f0a Binary files /dev/null and b/.dev/auth.keystore differ diff --git a/.dev/chain.jks b/.dev/chain.jks new file mode 100644 index 0000000000000000000000000000000000000000..3ff345e9205852ad7c95ec36199f7d59f00f1a8c Binary files /dev/null and b/.dev/chain.jks differ diff --git a/.dev/generate-jks.sh b/.dev/generate-jks.sh new file mode 100644 index 0000000000000000000000000000000000000000..68a08784f0f9a3eb044b3f8adc370fcf572f5e83 --- /dev/null +++ b/.dev/generate-jks.sh @@ -0,0 +1,100 @@ +#!/bin/bash +# ---------------- +# https://blogs.oracle.com/blogbypuneeth/post/create-an-internal-certification-authority-ca-using-keytool-and-sign-your-server-certificate +# ---------------- +STORE_PASS=password +KEY_PASS=password + +declare -A services +services[9091]=container +services[9092]=database +services[9093]=query +services[9094]=table +services[9095]=gateway +services[9096]=identifier +services[9097]=authentication +services[9098]=user +services[9099]=metadata + +function generate () { + echo "... generate $1-service certificate" + keytool -genkeypair -storepass ${STORE_PASS} -keypass ${KEY_PASS} -storetype PKCS12 -keyalg RSA -keysize 2048 \ + -dname "CN=$1-service, OU=DS-IFS, O=TU Wien, C=AT" -alias "$1-service" -ext "SAN:c=DNS:localhost,IP:127.0.0.1" \ + -keystore ./server.keystore +} + +function sign () { + echo "... sign $1-service certificate" + keytool -alias "$1-service" -certreq -storepass ${STORE_PASS} -keyalg RSA \ + -keystore ./server.keystore | keytool -alias intermediate -gencert -storepass ${STORE_PASS} \ + -keyalg RSA | keytool -alias "$1-service" -importcert -storepass ${STORE_PASS} -keyalg RSA \ + -keystore ./server.keystore -noprompt -trustcacerts +} + +function crt () { + echo "... export $1 certificate" + keytool -exportcert -alias "$1" -rfc -storepass ${STORE_PASS} -keystore "$2" > "./$1.crt" +} + +function move () { + echo "... move jks to the $1-service" + cp ./server.keystore "../fda-$1-service/server.keystore" + rm -f "../fda-$1-service/intermediate.crt" && cp ./intermediate.crt "../fda-$1-service/intermediate.crt" +} + +echo "Remove old JKS(s)" +rm -f ./server.keystore ./auth.keystore ./chain.jks ./*.crt + +echo "Generate root certificate" +keytool -alias root -dname "CN=RootCA, OU=DS-IFS, O=TU Wien, C=AT" -genkeypair -ext KeyUsage="keyCertSign" \ + -ext BasicConstraints:"critical=ca:true" -validity 3600 -storepass ${STORE_PASS} -keyalg RSA + +echo "Generate intermediate certificate" +keytool -alias intermediate -dname "CN=IntermediateCA, OU=DS-IFS, O=TU Wien, C=AT" -genkeypair \ + -ext KeyUsage="keyCertSign" -ext BasicConstraints:"critical=ca:true" -validity 1800 -storepass ${STORE_PASS} \ + -keyalg RSA + +echo "Sign the intermediate certificate" +keytool -alias intermediate -certreq -storepass ${STORE_PASS} -keyalg RSA | keytool -alias root -gencert \ + -ext KeyUsage="keyCertSign" -ext BasicConstraints:"critical=ca:true" -storepass ${STORE_PASS} \ + -keyalg RSA | keytool -alias intermediate -importcert -storepass ${STORE_PASS} -keyalg RSA + +echo "Import the root certificate to the JKS" +keytool -export -alias root -storepass ${STORE_PASS} | keytool -import -alias root -keystore ./server.keystore \ + -storepass ${STORE_PASS} -noprompt -trustcacerts + +echo "Import the intermediate certificate to the JKS" +keytool -export -alias intermediate -storepass ${STORE_PASS} | keytool -import -alias intermediate -keystore ./server.keystore \ + -storepass ${STORE_PASS} -noprompt -trustcacerts + +echo "Generating the certificate key pairs" +for key in "${!services[@]}"; do + generate "${services[$key]}" +done + +echo "Sign the certificates with intermediate certificate" +for key in "${!services[@]}"; do + sign "${services[$key]}" +done + +echo "Export the trusted keystore" +keytool -export -alias intermediate -storepass ${STORE_PASS} | keytool -import -alias intermediate \ + -keystore ./chain.jks -storepass ${STORE_PASS} -trustcacerts -noprompt +keytool -export -alias root -storepass ${STORE_PASS} | keytool -import -alias root -keystore ./chain.jks \ + -storepass ${STORE_PASS} -trustcacerts -noprompt + +echo "Export CRTs" +crt root ./chain.jks +crt intermediate ./chain.jks + +echo "Copy the JKS(s)" +for key in "${!services[@]}"; do + move "${services[$key]}" +done + +echo "Create the authentication service JKS" +echo "... import private key into the key store" +keytool -importkeystore -srckeystore ./server.keystore -srcstorepass ${STORE_PASS} -srcalias "authentication-service" \ + -destkeystore ./auth.keystore -deststorepass ${STORE_PASS} -deststoretype PKCS12 -destalias "server" -trustcacerts \ + -noprompt +rm -f ../fda-authentication-service/auth.keystore && cp ./auth.keystore ../fda-authentication-service/auth.keystore diff --git a/.dev/intermediate.crt b/.dev/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/.dev/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/.dev/root.crt b/.dev/root.crt new file mode 100644 index 0000000000000000000000000000000000000000..798a1f673479c075782eeed6458beb2d7d693e07 --- /dev/null +++ b/.dev/root.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDPzCCAiegAwIBAgIEHaMDRDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTczOTU5WhcNMzMwMjA5MTczOTU5WjBBMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQD +EwZSb290Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCK8FuP0bGt +QAvhZEjRWTQuCdE6vXpDWjvSoevZaSclgJ9SncDHtRzkH0x0ArVfIRZFtjSUEcHb +2r8mnOvqQ+9vs2azjTlacdPvezbhfgFFGIdrnHSm3RTB7smeOFceFkIvwiXT49+y +ZGkB/p0QCDoVYhgRxFNtZKBTYa0uJLQ7cM8LK2g66/yugJsB4zOlre1zPiWGY/5k +sWu780XVKpl9j6CR/xp3012bKlT/t7j7fKRamJYVYtW2guRQnl5J5AKRzlRGh84G +onNI5qiwS0gAZUajpL00lb2XxSkv11DY0743EOSsqOvUDr+5h4v7pXEt+O5aFvFN +ewRTHON1624fAgMBAAGjPzA9MB0GA1UdDgQWBBSdLp+I30uB4jAMP1PnZLolxbF/ +AzALBgNVHQ8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC +AQEAIqrbs8mXC07a8VURnu3EFxO3dliDgxY1yQfB0VqMFL1yxGKXrVAJFLP/1MVr +HVx53vZd/KBNGUjhLfnj3vF+TpqnOoJ/QEDSJPuEnpfFPtx0tE3e3lQQlebIA8aM +m1iP2SJuKAYQUYOg1N9XXa+UPs9tWWrllY5dcYdHOK168eUwo1h6v0OOnaP7RvSn +457jewK6fJ3tUhox2Hu1JEowupYE5QhMiLwG30MGkf2pWkTNfz005LTzmgvfMSz7 +k1rfO9oKdVbxNYxZPdzKZRsnCfOka/MmYcXstjp5KKXLo4Z3LLs8N0GDWlKRvX9p +z2CJQ6CG+Aws4+J3mFOm2G9rIw== +-----END CERTIFICATE----- diff --git a/.dev/server.keystore b/.dev/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/.dev/server.keystore differ diff --git a/.env.unix.example b/.env.unix.example index 2e4923867fc8febcd1db501b16baf212a99781df..8c690b8b0431a5aaff1f5a94136ce4c9ca3bf45c 100644 --- a/.env.unix.example +++ b/.env.unix.example @@ -15,6 +15,4 @@ KEYCLOAK_ADMIN=fda KEYCLOAK_ADMIN_PASSWORD=fda BROKER_CONSUMERS=2 WEBSITE=http://example.com -KEY_ALIAS=server -KEY_STORE_PATH=/server.keystore -KEY_STORE_PASSWORD=password \ No newline at end of file +spring_profiles_active=insecure \ No newline at end of file diff --git a/fda-authentication-service/.gitignore b/fda-authentication-service/.gitignore new file mode 100644 index 0000000000000000000000000000000000000000..5ce9a595c60335bf4d5285a70f3f5f1dc37a60a6 --- /dev/null +++ b/fda-authentication-service/.gitignore @@ -0,0 +1 @@ +server.keystore \ No newline at end of file diff --git a/fda-authentication-service/Dockerfile b/fda-authentication-service/Dockerfile index 243d9689185ffeca3c9a26047976352686e12e30..65a36dd48b4f3e7a66bd13b76015bf3ad3379e95 100644 --- a/fda-authentication-service/Dockerfile +++ b/fda-authentication-service/Dockerfile @@ -13,7 +13,7 @@ ENV KC_DB=mariadb WORKDIR /opt/keycloak -COPY ./server.keystore ./conf/server.keystore +COPY ./auth.keystore ./conf/server.keystore RUN /opt/keycloak/bin/kc.sh build diff --git a/fda-authentication-service/auth.keystore b/fda-authentication-service/auth.keystore new file mode 100644 index 0000000000000000000000000000000000000000..99c4c27b3c501fac08a68f4733cdb1f5ad983f0a Binary files /dev/null and b/fda-authentication-service/auth.keystore differ diff --git a/fda-authentication-service/intermediate.crt b/fda-authentication-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-authentication-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-authentication-service/server.keystore b/fda-authentication-service/server.keystore deleted file mode 100644 index 93e5c28b23293910dac23a3e974cb485524a3a17..0000000000000000000000000000000000000000 Binary files a/fda-authentication-service/server.keystore and /dev/null differ diff --git a/fda-container-service/Dockerfile b/fda-container-service/Dockerfile index 95f2ddbb34ab85f9ceada45f408fea52cb618c26..49ae10cee1dda3d2dc76ec7abb508fff43a3df43 100644 --- a/fda-container-service/Dockerfile +++ b/fda-container-service/Dockerfile @@ -33,6 +33,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret ENV CLIENT_ID=dbrepo-client ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo ENV JWT_PUBKEY=public-key +ENV KEY_ALIAS=container-service +ENV KEY_PASS=password +ENV KEY_STORE=./server.keystore +ENV KEY_STORE_PASS=password + +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready diff --git a/fda-container-service/intermediate.crt b/fda-container-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-container-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-container-service/rest-service/src/main/resources/application-docker.yml b/fda-container-service/rest-service/src/main/resources/application-insecure.yml similarity index 75% rename from fda-container-service/rest-service/src/main/resources/application-docker.yml rename to fda-container-service/rest-service/src/main/resources/application-insecure.yml index eea48592c78d8c76d69038c26d089cd64f20b4f9..d135584cf3f8b1ca6800f707bbf0818ad073c40d 100644 --- a/fda-container-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-container-service/rest-service/src/main/resources/application-insecure.yml @@ -22,9 +22,21 @@ spring: name: container-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus springdoc.swagger-ui.enabled: true -server.port: 9091 +server: + port: 9091 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -32,7 +44,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: container-service + instance: + hostname: container-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9091 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: network: userdb diff --git a/fda-container-service/rest-service/src/main/resources/application-local.yml b/fda-container-service/rest-service/src/main/resources/application-local.yml index a8ff84d143fc369013f9da7acc3dc2c702a7bc51..8e82a9f09948d2763969e820823cfd707eed4d14 100644 --- a/fda-container-service/rest-service/src/main/resources/application-local.yml +++ b/fda-container-service/rest-service/src/main/resources/application-local.yml @@ -22,9 +22,21 @@ spring: name: container-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus springdoc.swagger-ui.enabled: true -server.port: 9091 +server: + port: 9091 + ssl: + enabled: true + key-alias: container-service + key-store: ./server.keystore + key-store-type: jks + key-store-password: password + key-password: password logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -32,7 +44,11 @@ logging: at.tuwien.: trace org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: container-service + instance: + hostname: container-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9091 client.serviceUrl.defaultZone: http://localhost:9090/eureka/ fda: network: userdb diff --git a/fda-container-service/rest-service/src/main/resources/application.yml b/fda-container-service/rest-service/src/main/resources/application.yml index 1b781359d2ecb1d8b079140a2d75f150a8c7aad1..c131ca5e6769e98d5767add639c8dbe9b21c246f 100644 --- a/fda-container-service/rest-service/src/main/resources/application.yml +++ b/fda-container-service/rest-service/src/main/resources/application.yml @@ -32,7 +32,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: container-service + instance: + hostname: container-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9091 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: network: "${USER_NETWORK}" diff --git a/fda-container-service/server.keystore b/fda-container-service/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/fda-container-service/server.keystore differ diff --git a/fda-database-service/Dockerfile b/fda-database-service/Dockerfile index 8cb9cb8d330e94625022957c94eeb90fe7ad5b95..00484c81fb56a74eb89f0e1b62e90032eefa4e8e 100644 --- a/fda-database-service/Dockerfile +++ b/fda-database-service/Dockerfile @@ -35,6 +35,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret ENV CLIENT_ID=dbrepo-client ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo ENV JWT_PUBKEY=public-key +ENV KEY_ALIAS=database-service +ENV KEY_PASS=password +ENV KEY_STORE=./server.keystore +ENV KEY_STORE_PASS=password + +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready diff --git a/fda-database-service/intermediate.crt b/fda-database-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-database-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-database-service/rest-service/src/main/resources/application-docker.yml b/fda-database-service/rest-service/src/main/resources/application-insecure.yml similarity index 76% rename from fda-database-service/rest-service/src/main/resources/application-docker.yml rename to fda-database-service/rest-service/src/main/resources/application-insecure.yml index f94d2480e098c74ed183deefbf7fb78d530fed76..b6863b599bf770f996d35df97f1ebc78d561ea2f 100644 --- a/fda-database-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-database-service/rest-service/src/main/resources/application-insecure.yml @@ -22,12 +22,24 @@ spring: name: database-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true rabbitmq: host: broker-service username: fda password: fda management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9092 +server: + port: 9092 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +47,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: database-service + instance: + hostname: container-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9092 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: elastic: diff --git a/fda-database-service/rest-service/src/main/resources/application-local.yml b/fda-database-service/rest-service/src/main/resources/application-local.yml index bd021238de249217b2c0f67d7fbc7ef30a695b33..40650c6040b48b1a33330803fb3ec9862b9d547d 100644 --- a/fda-database-service/rest-service/src/main/resources/application-local.yml +++ b/fda-database-service/rest-service/src/main/resources/application-local.yml @@ -22,12 +22,24 @@ spring: name: database-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true rabbitmq: host: localhost username: fda password: fda management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9092 +server: + port: 9092 + ssl: + enabled: true + key-alias: database-service + key-store: ./server.keystore + key-store-type: jks + key-store-password: password + key-password: password logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +47,11 @@ logging: at.tuwien.: info org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: database-service + instance: + hostname: database-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9092 client.serviceUrl.defaultZone: http://localhost:9090/eureka/ fda: elastic: diff --git a/fda-database-service/rest-service/src/main/resources/application.yml b/fda-database-service/rest-service/src/main/resources/application.yml index 5fe3306acfb65381f970ac91842a50e77de95780..50c8c50bf95b60ccfd3cc18dc5aff4f65c02955c 100644 --- a/fda-database-service/rest-service/src/main/resources/application.yml +++ b/fda-database-service/rest-service/src/main/resources/application.yml @@ -27,7 +27,15 @@ spring: username: "${BROKER_USERNAME}" password: "${BROKER_PASSWORD}" management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9092 +server: + port: 9092 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +43,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: database-service + instance: + hostname: database-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9092 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: elastic: diff --git a/fda-database-service/server.keystore b/fda-database-service/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/fda-database-service/server.keystore differ diff --git a/fda-discovery-service/rest-service/src/main/resources/application-docker.yml b/fda-discovery-service/rest-service/src/main/resources/application-insecure.yml similarity index 71% rename from fda-discovery-service/rest-service/src/main/resources/application-docker.yml rename to fda-discovery-service/rest-service/src/main/resources/application-insecure.yml index 967b742f9e3e7f4514211dd2971009dff253c04f..9d94a3e040753966791aaa6694298bfac2134d1c 100644 --- a/fda-discovery-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-discovery-service/rest-service/src/main/resources/application-insecure.yml @@ -22,8 +22,13 @@ spring: name: discovery-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9090 +server: + port: 9090 logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,9 +36,14 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - eureka.client.register-with-eureka: false - eureka.client.fetch-registry: false - instance.hostname: discovery-service - client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ + client: + register-with-eureka: false + fetch-registry: false + serviceUrl.defaultZone: http://discovery-service:9090/eureka/ + instance: + hostname: discovery-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9090 fda: ready.path: /ready \ No newline at end of file diff --git a/fda-discovery-service/rest-service/src/main/resources/application-local.yml b/fda-discovery-service/rest-service/src/main/resources/application-local.yml index 6f14ec975a5770250ce8c8bb5f3ae385531a4c8e..0d81e2101e6f9d729aefe3d2213d9ca1a3006590 100644 --- a/fda-discovery-service/rest-service/src/main/resources/application-local.yml +++ b/fda-discovery-service/rest-service/src/main/resources/application-local.yml @@ -22,8 +22,13 @@ spring: name: discovery-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9090 +server: + port: 9090 logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,9 +36,14 @@ logging: at.tuwien.: info org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - eureka.client.register-with-eureka: false - eureka.client.fetch-registry: false - instance.hostname: discovery-service - client.serviceUrl.defaultZone: http://localhost:9090/eureka/ + client: + register-with-eureka: false + fetch-registry: false + serviceUrl.defaultZone: http://localhost:9090/eureka/ + instance: + hostname: discovery-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9090 fda: ready.path: ./ready \ No newline at end of file diff --git a/fda-discovery-service/rest-service/src/main/resources/application.yml b/fda-discovery-service/rest-service/src/main/resources/application.yml index 23923e95375b0b47020eb8bc9e3a5c4eeace8e91..641d1a87a42dc371da51053ff98cce8041b86500 100644 --- a/fda-discovery-service/rest-service/src/main/resources/application.yml +++ b/fda-discovery-service/rest-service/src/main/resources/application.yml @@ -17,8 +17,11 @@ spring: time_zone: UTC application: name: discovery-service + cloud: + loadbalancer.ribbon.enabled: false management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9090 +server: + port: 9090 logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -26,9 +29,14 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - eureka.client.register-with-eureka: false - eureka.client.fetch-registry: false - instance.hostname: discovery-service - client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ + client: + register-with-eureka: false + fetch-registry: false + serviceUrl.defaultZone: http://discovery-service:9090/eureka/ + instance: + hostname: discovery-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9090 fda: ready.path: /ready \ No newline at end of file diff --git a/fda-gateway-service/Dockerfile b/fda-gateway-service/Dockerfile index a270239d58b0b4b44aefba904aa8d007fca8d720..ad6e477f6978e44b711cfc818221b793ee6fa55b 100644 --- a/fda-gateway-service/Dockerfile +++ b/fda-gateway-service/Dockerfile @@ -21,12 +21,15 @@ ENV METADATA_USERNAME=postgres ENV METADATA_PASSWORD=postgres ENV GATEWAY_ENDPOINT=http://gateway-service:9095 ENV LOG_LEVEL=debug -ENV KEY_ALIAS=server +ENV KEY_ALIAS=gateway-service ENV KEY_PASS=password ENV KEY_STORE=/server.keystore ENV KEY_STORE_PASS=password -COPY ./server.keystore /server.keystore +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready diff --git a/fda-gateway-service/intermediate.crt b/fda-gateway-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-gateway-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-gateway-service/rest-service/src/main/resources/application-docker.yml b/fda-gateway-service/rest-service/src/main/resources/application-insecure.yml similarity index 90% rename from fda-gateway-service/rest-service/src/main/resources/application-docker.yml rename to fda-gateway-service/rest-service/src/main/resources/application-insecure.yml index b1eda86566fd3e7bfc350f2f730f3dd72965d776..05cba21093c6a1b964eadbaacc6dcc8515eb02d3 100644 --- a/fda-gateway-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-gateway-service/rest-service/src/main/resources/application-insecure.yml @@ -43,7 +43,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: discovery-service + instance: + hostname: discovery-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9095 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: /ready \ No newline at end of file diff --git a/fda-gateway-service/rest-service/src/main/resources/application-local.yml b/fda-gateway-service/rest-service/src/main/resources/application-local.yml index ab294c2a578b643cb24002204804c6d3953b0b93..ffb8b7e672910d58ca291f7ff4cbdb9769da417b 100644 --- a/fda-gateway-service/rest-service/src/main/resources/application-local.yml +++ b/fda-gateway-service/rest-service/src/main/resources/application-local.yml @@ -43,7 +43,11 @@ logging: at.tuwien.: info org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: gateway-service - client.serviceUrl.defaultZone: http://localhost:9090/eureka/ + instance: + hostname: gateway-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9095 + client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: ./ready \ No newline at end of file diff --git a/fda-gateway-service/rest-service/src/main/resources/application.yml b/fda-gateway-service/rest-service/src/main/resources/application.yml index 94983082cbc97883df236924c7bb61226f877aee..4139a81a84d83e8fc603d6cba7c2e582e009745b 100644 --- a/fda-gateway-service/rest-service/src/main/resources/application.yml +++ b/fda-gateway-service/rest-service/src/main/resources/application.yml @@ -19,11 +19,6 @@ spring: name: gateway-service cloud: loadbalancer.ribbon.enabled: false - gateway: - httpclient: - ssl: - useInsecureTrustManager: true -springdoc.swagger-ui.enabled: false management.endpoints.web.exposure.include: health,info,prometheus server: port: 9095 @@ -41,7 +36,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: discovery-service + instance: + hostname: gateway-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9095 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: /ready \ No newline at end of file diff --git a/fda-gateway-service/server.keystore b/fda-gateway-service/server.keystore index 93e5c28b23293910dac23a3e974cb485524a3a17..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e 100644 Binary files a/fda-gateway-service/server.keystore and b/fda-gateway-service/server.keystore differ diff --git a/fda-identifier-service/Dockerfile b/fda-identifier-service/Dockerfile index 1d1d44e699773daca509fd60a34cab01fb0b886e..e0e06559c5cb3654cc300b2fa858f94dd46a27d8 100644 --- a/fda-identifier-service/Dockerfile +++ b/fda-identifier-service/Dockerfile @@ -32,6 +32,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret ENV CLIENT_ID=dbrepo-client ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo ENV JWT_PUBKEY=public-key +ENV KEY_ALIAS=identifier-service +ENV KEY_PASS=password +ENV KEY_STORE=./server.keystore +ENV KEY_STORE_PASS=password + +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready diff --git a/fda-identifier-service/intermediate.crt b/fda-identifier-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-identifier-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-identifier-service/rest-service/src/main/resources/application-docker.yml b/fda-identifier-service/rest-service/src/main/resources/application-insecure.yml similarity index 75% rename from fda-identifier-service/rest-service/src/main/resources/application-docker.yml rename to fda-identifier-service/rest-service/src/main/resources/application-insecure.yml index effdbdecf86f748ef83a0b9df79ac13229124755..3919219a351ffd523643d69a30385b2fb76afe15 100644 --- a/fda-identifier-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-identifier-service/rest-service/src/main/resources/application-insecure.yml @@ -22,8 +22,20 @@ spring: name: identifier-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9096 +server: + port: 9096 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,7 +43,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: identifier-service + instance: + hostname: identifier-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9096 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: /ready diff --git a/fda-identifier-service/rest-service/src/main/resources/application-local.yml b/fda-identifier-service/rest-service/src/main/resources/application-local.yml index 6a7ec7b45465c35f08e03c4dd96b3cb2d90f0948..d508ce58c9b060e67bac314b9443af0e6a706307 100644 --- a/fda-identifier-service/rest-service/src/main/resources/application-local.yml +++ b/fda-identifier-service/rest-service/src/main/resources/application-local.yml @@ -22,7 +22,19 @@ spring: name: identifier-service cloud: loadbalancer.ribbon.enabled: false -server.port: 9096 + gateway: + httpclient: + ssl: + useInsecureTrustManager: true +server: + port: 9096 + ssl: + enabled: true + key-alias: identifier-service + key-store: ./server.keystore + key-store-type: jks + key-store-password: password + key-password: password logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,7 +43,11 @@ logging: at.tuwien.auth.UserPermissionEvaluator: trace org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: identifier-service + instance: + hostname: identifier-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9096 client.serviceUrl.defaultZone: http://localhost:9090/eureka/ fda: ready.path: ./ready diff --git a/fda-identifier-service/rest-service/src/main/resources/application.yml b/fda-identifier-service/rest-service/src/main/resources/application.yml index c94870bb525e18a83a51ad981afa9f1b36e0ce04..8e4ddd84d849c99fbca68e923d76dab65b9896bd 100644 --- a/fda-identifier-service/rest-service/src/main/resources/application.yml +++ b/fda-identifier-service/rest-service/src/main/resources/application.yml @@ -23,7 +23,15 @@ spring: cloud: loadbalancer.ribbon.enabled: false management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9096 +server: + port: 9096 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,7 +39,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: identifier-service + instance: + hostname: identifier-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9096 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: /ready diff --git a/fda-identifier-service/server.keystore b/fda-identifier-service/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/fda-identifier-service/server.keystore differ diff --git a/fda-metadata-service/Dockerfile b/fda-metadata-service/Dockerfile index 274c810b3a8fcc727badc137e81800b2772489cd..ab91517a44f29aefabde0882317f5c4af6d3c8d0 100644 --- a/fda-metadata-service/Dockerfile +++ b/fda-metadata-service/Dockerfile @@ -33,6 +33,15 @@ ENV EARLIEST_DATESTAMP="2022-09-17T18:23:00Z" ENV DELETED_RECORD=persistent ENV GRANULARITY="YYYY-MM-DDThh:mm:ssZ" ENV LOG_LEVEL=debug +ENV KEY_ALIAS=metadata-service +ENV KEY_PASS=password +ENV KEY_STORE=./server.keystore +ENV KEY_STORE_PASS=password + +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready diff --git a/fda-metadata-service/intermediate.crt b/fda-metadata-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-metadata-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-metadata-service/rest-service/src/main/resources/application-docker.yml b/fda-metadata-service/rest-service/src/main/resources/application-insecure.yml similarity index 75% rename from fda-metadata-service/rest-service/src/main/resources/application-docker.yml rename to fda-metadata-service/rest-service/src/main/resources/application-insecure.yml index c4910247cb201c0b3c967df7520c616105568c8b..e2c8e24b3f7a9b75f086ab9752ff0ae0cdc4af05 100644 --- a/fda-metadata-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-metadata-service/rest-service/src/main/resources/application-insecure.yml @@ -22,8 +22,20 @@ spring: name: metadata-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9099 +server: + port: 9099 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,7 +43,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: metadata-service + instance: + hostname: metadata-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9099 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: ./ready diff --git a/fda-metadata-service/rest-service/src/main/resources/application-local.yml b/fda-metadata-service/rest-service/src/main/resources/application-local.yml index 821d504e9c65d247ff9499fa69cf548d2b584bb7..f50a1d555e2df503752e2fe6f2e347eceaa65539 100644 --- a/fda-metadata-service/rest-service/src/main/resources/application-local.yml +++ b/fda-metadata-service/rest-service/src/main/resources/application-local.yml @@ -2,7 +2,7 @@ app.version: '@project.version@' spring: main.banner-mode: off datasource: - url: jdbc:mariadb://metadata-db:3306/fda + url: jdbc:mariadb://localhost:3306/fda driver-class-name: org.mariadb.jdbc.Driver username: root password: dbrepo @@ -22,8 +22,20 @@ spring: name: metadata-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9099 +server: + port: 9099 + ssl: + enabled: true + key-alias: metadata-service + key-store: ./server.keystore + key-store-type: jks + key-store-password: password + key-password: password logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,7 +43,11 @@ logging: at.tuwien.: trace org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: metadata-service + instance: + hostname: metadata-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9099 client.serviceUrl.defaultZone: http://localhost:9090/eureka/ fda: ready.path: ./ready diff --git a/fda-metadata-service/rest-service/src/main/resources/application.yml b/fda-metadata-service/rest-service/src/main/resources/application.yml index 7e02fcd5d1c40b757ed9c1ca59d85c9d6fbc6340..c83d16237a1572dfc21ad30b55b8e4ecbf747921 100644 --- a/fda-metadata-service/rest-service/src/main/resources/application.yml +++ b/fda-metadata-service/rest-service/src/main/resources/application.yml @@ -27,7 +27,15 @@ spring: cloud: loadbalancer.ribbon.enabled: false management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9099 +server: + port: 9099 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +43,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: metadata-service + instance: + hostname: metadata-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9099 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: ./ready diff --git a/fda-metadata-service/server.keystore b/fda-metadata-service/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/fda-metadata-service/server.keystore differ diff --git a/fda-query-service/Dockerfile b/fda-query-service/Dockerfile index 75b10b84358d279a493ebff048fdcbbf29714c8e..b569cd934bb74f6a8bc141e42d398eadff9ae66d 100644 --- a/fda-query-service/Dockerfile +++ b/fda-query-service/Dockerfile @@ -36,6 +36,15 @@ ENV CLIENT_ID=dbrepo-client ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo ENV JWT_PUBKEY=public-key ENV NOT_SUPPORTED_KEYWORDS=\\*,AVG,BIT_AND,BIT_OR,BIT_XOR,COUNT,COUNTDISTINCT,GROUP_CONCAT,JSON_ARRAYAGG,JSON_OBJECTAGG,MAX,MIN,STD,STDDEV,STDDEV_POP,STDDEV_SAMP,SUM,VARIANCE,VAR_POP,VAR_SAMP,-- +ENV KEY_ALIAS=query-service +ENV KEY_PASS=password +ENV KEY_STORE=./server.keystore +ENV KEY_STORE_PASS=password + +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready diff --git a/fda-query-service/intermediate.crt b/fda-query-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-query-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-query-service/rest-service/src/main/resources/application-docker.yml b/fda-query-service/rest-service/src/main/resources/application-insecure.yml similarity index 77% rename from fda-query-service/rest-service/src/main/resources/application-docker.yml rename to fda-query-service/rest-service/src/main/resources/application-insecure.yml index af01aef8848883339087020d716790a5e0faaf54..7aee796534edcd986653692bd66447e73e301a76 100644 --- a/fda-query-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-query-service/rest-service/src/main/resources/application-insecure.yml @@ -26,8 +26,20 @@ spring: password: fda cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9093 +server: + port: 9093 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +47,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: query-service + instance: + hostname: query-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9093 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: gateway.endpoint: "${GATEWAY_ENDPOINT}" diff --git a/fda-query-service/rest-service/src/main/resources/application-local.yml b/fda-query-service/rest-service/src/main/resources/application-local.yml index 2efc331ed92353ea1440cfc018a0cbd9d2ccc689..ac83fc07bb0fbc6260338c3ee1b8591a444a950b 100644 --- a/fda-query-service/rest-service/src/main/resources/application-local.yml +++ b/fda-query-service/rest-service/src/main/resources/application-local.yml @@ -26,8 +26,20 @@ spring: password: fda cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9093 +server: + port: 9093 + ssl: + enabled: true + key-alias: query-service + key-store: ./server.keystore + key-store-type: jks + key-store-password: password + key-password: password logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,8 +47,12 @@ logging: at.tuwien.: trace org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: query-service - client.serviceUrl.defaultZone: http://localhost:9090/eureka/ + instance: + hostname: query-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9093 + client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: gateway.endpoint: http://localhost:9095 ready.path: ./ready diff --git a/fda-query-service/rest-service/src/main/resources/application.yml b/fda-query-service/rest-service/src/main/resources/application.yml index 5fa2c15377451daa437fa5ca0c1f21417467d4a0..852aa812c533881a4a19132e8385e63986bde698 100644 --- a/fda-query-service/rest-service/src/main/resources/application.yml +++ b/fda-query-service/rest-service/src/main/resources/application.yml @@ -27,7 +27,15 @@ spring: cloud: loadbalancer.ribbon.enabled: false management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9093 +server: + port: 9093 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +43,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: query-service + instance: + hostname: query-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9093 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: gateway.endpoint: "${GATEWAY_ENDPOINT}" diff --git a/fda-query-service/server.keystore b/fda-query-service/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/fda-query-service/server.keystore differ diff --git a/fda-table-service/Dockerfile b/fda-table-service/Dockerfile index 95f2ddbb34ab85f9ceada45f408fea52cb618c26..7a98bac0c9e93805498802fdb4247826f830c0a6 100644 --- a/fda-table-service/Dockerfile +++ b/fda-table-service/Dockerfile @@ -33,6 +33,15 @@ ENV DBREPO_CLIENT_SECRET=client-secret ENV CLIENT_ID=dbrepo-client ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo ENV JWT_PUBKEY=public-key +ENV KEY_ALIAS=table-service +ENV KEY_PASS=password +ENV KEY_STORE=./server.keystore +ENV KEY_STORE_PASS=password + +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready diff --git a/fda-table-service/intermediate.crt b/fda-table-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-table-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-table-service/rest-service/src/main/resources/application-docker.yml b/fda-table-service/rest-service/src/main/resources/application-docker.yml index 2bb58074adc7189b70e92299f7479280a411dd47..63633fa2b7bd36f096e28dd8bfbb51abcb58c3a1 100644 --- a/fda-table-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-table-service/rest-service/src/main/resources/application-docker.yml @@ -26,8 +26,20 @@ spring: password: fda cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9094 +server: + port: 9094 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +47,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: table-service + instance: + hostname: table-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9094 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: /ready diff --git a/fda-table-service/rest-service/src/main/resources/application-local.yml b/fda-table-service/rest-service/src/main/resources/application-local.yml index c0fd28220a6cbfb95a6cf156e027689ed67b6e9b..3ee0f5dca9139dd26a1205f8974512379937cffe 100644 --- a/fda-table-service/rest-service/src/main/resources/application-local.yml +++ b/fda-table-service/rest-service/src/main/resources/application-local.yml @@ -26,8 +26,20 @@ spring: password: fda cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9094 +server: + port: 9094 + ssl: + enabled: true + key-alias: table-service + key-store: ./server.keystore + key-store-type: jks + key-store-password: password + key-password: password logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +47,11 @@ logging: at.tuwien.: trace org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: table-service + instance: + hostname: table-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9094 client.serviceUrl.defaultZone: http://localhost:9090/eureka/ fda: ready.path: ./ready diff --git a/fda-table-service/rest-service/src/main/resources/application.yml b/fda-table-service/rest-service/src/main/resources/application.yml index 93de3e69e5a1b46ae72b4ad12886200aca3ad46c..7fcf0b41e2b3aa7f41fe8a9a481b51ca7bed2d6c 100644 --- a/fda-table-service/rest-service/src/main/resources/application.yml +++ b/fda-table-service/rest-service/src/main/resources/application.yml @@ -27,7 +27,15 @@ spring: cloud: loadbalancer.ribbon.enabled: false management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9094 +server: + port: 9094 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -35,7 +43,11 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: table-service + instance: + hostname: table-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9094 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: ./ready diff --git a/fda-table-service/server.keystore b/fda-table-service/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/fda-table-service/server.keystore differ diff --git a/fda-user-service/Dockerfile b/fda-user-service/Dockerfile index a772cacf6ff3420cd7568106ee27c38a346285bb..678b956ca504fb246d735a87d8f89433f4c9eb47 100644 --- a/fda-user-service/Dockerfile +++ b/fda-user-service/Dockerfile @@ -24,14 +24,25 @@ FROM openjdk:11-jre-slim as runtime ENV METADATA_DB=fda ENV METADATA_USERNAME=root ENV METADATA_PASSWORD=dbrepo -ENV GATEWAY_ENDPOINT=http://gateway-service:9095 +ENV GATEWAY_ENDPOINT=https://gateway-service:9095 ENV KEYCLOAK_ADMIN=fda ENV KEYCLOAK_ADMIN_PASSWORD=fda -ENV LOG_LEVEL=debug ENV DBREPO_CLIENT_SECRET=client-secret ENV CLIENT_ID=dbrepo-client ENV JWT_ISSUER=http://localhost:8080/realms/dbrepo ENV JWT_PUBKEY=public-key +ENV LOG_LEVEL=debug +ENV KEY_ALIAS=user-service +ENV KEY_PASS=password +ENV KEY_STORE=./server.keystore +ENV KEY_STORE_PASS=password + +WORKDIR /app + +COPY ./server.keystore ./server.keystore +COPY ./intermediate.crt /etc/ssl/certs/DBRepo_Intermediate_CA.crt + +RUN cat /etc/ssl/certs/DBRepo_Intermediate_CA.crt >> /etc/ssl/certs/ca-certificates.crt COPY ./service_ready /usr/bin RUN chmod +x /usr/bin/service_ready @@ -42,4 +53,4 @@ COPY --from=build ./rest-service/target/rest-service-*.jar ./user-service.jar EXPOSE 9093 -ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "./user-service.jar"] +ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-Djavax.net.ssl.trustStore=/app/server.keystore", "-Djavax.net.ssl.trustStorePassword=password", "-jar", "./user-service.jar"] diff --git a/fda-user-service/intermediate.crt b/fda-user-service/intermediate.crt new file mode 100644 index 0000000000000000000000000000000000000000..6b8e17c27ea8e5337a7c0aee7bc720dab08dac44 --- /dev/null +++ b/fda-user-service/intermediate.crt @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDaDCCAlCgAwIBAgIEH/QufDANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB +VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS +b290Q0EwHhcNMjMwNDAzMTc1MDQ0WhcNMjMwNzAyMTc1MDQ0WjBJMQswCQYDVQQG +EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD +Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt +HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s +x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc +zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF +UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg +YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W +jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY +MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQAviRt0 +PEHhiEOzEqI45XfnRNGntYdKHRKoftRIg2HM9drVKygZ85EBeiceyhX7U2O91X+i +zKionrqgpZrjO/rJc0R7QEVN2McCqFQEAu4AgZh4hcbhzjZVo74gQkCFnsTwQXwQ +/UB0exd5Qw1zcbgn4I+LcJaApvwZ5tTCvFDX20W7dSpxhqBPnU5dV92HoXqCX9H3 +8fgX8rK3PWoYKPuXHNcjhlG0d8FxNoxRKRJRUyUwT4UC/LJE5HZR8zTVcIPR/nlD +c2V539v4myGmZdWc8OYee09OPIDtjT2zejEmTpP3fPtvHdoTe59UGWMkYn830H4Z +U/v3rj9nHwAoTytU +-----END CERTIFICATE----- diff --git a/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java b/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java index 20c41199280f2df5ac0bee8385707cc46bf0634a..8bdb18dc09783d6ac2be5882629f353caf27b367 100644 --- a/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java +++ b/fda-user-service/rest-service/src/main/java/at/tuwien/endpoint/UserEndpoint.java @@ -2,7 +2,6 @@ package at.tuwien.endpoint; import at.tuwien.api.auth.SignupRequestDto; import at.tuwien.api.user.UserBriefDto; -import at.tuwien.exception.RealmNotFoundException; import at.tuwien.exception.RemoteUnavailableException; import at.tuwien.exception.UserNotFoundException; import at.tuwien.mapper.UserMapper; @@ -15,6 +14,8 @@ import org.springframework.http.ResponseEntity; import org.springframework.transaction.annotation.Transactional; import org.springframework.web.bind.annotation.*; +import javax.validation.Valid; +import javax.validation.constraints.NotNull; import java.util.List; import java.util.stream.Collectors; @@ -51,8 +52,8 @@ public class UserEndpoint { @Transactional @Timed(value = "user.create", description = "Time needed to create a user in the metadata database") @Operation(summary = "Create a user") - public ResponseEntity<?> create(SignupRequestDto data) throws RealmNotFoundException, UserNotFoundException, - RemoteUnavailableException { + public ResponseEntity<UserBriefDto> create(@NotNull @Valid @RequestBody SignupRequestDto data) + throws UserNotFoundException, RemoteUnavailableException { log.debug("endpoint create a user, data={}", data); final UserBriefDto dto = userMapper.userToUserBriefDto(userService.create(data)); log.trace("create user resulted in dto {}", dto); diff --git a/fda-user-service/rest-service/src/main/resources/application-docker.yml b/fda-user-service/rest-service/src/main/resources/application-insecure.yml similarity index 74% rename from fda-user-service/rest-service/src/main/resources/application-docker.yml rename to fda-user-service/rest-service/src/main/resources/application-insecure.yml index 486101dd8e32882c69e4066d1911a030e07be3ce..157eb96a16d469c7ecdeaf814cfdf55e74c2f156 100644 --- a/fda-user-service/rest-service/src/main/resources/application-docker.yml +++ b/fda-user-service/rest-service/src/main/resources/application-insecure.yml @@ -22,8 +22,20 @@ spring: name: user-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9098 +server: + port: 9098 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,13 +43,16 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: user-service + instance: + hostname: user-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9098 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: /ready gateway.endpoint: "${GATEWAY_ENDPOINT}" keycloak: - endpoint: https://authentication-service:8443/ username: "${KEYCLOAK_ADMIN}" password: "${KEYCLOAK_ADMIN_PASSWORD}" jwt: diff --git a/fda-user-service/rest-service/src/main/resources/application-local.yml b/fda-user-service/rest-service/src/main/resources/application-local.yml index c6ac95610eda5541b3765e8e5ca10939c1b53294..29e2dddbdfa32c50ab327bc3bc2fb1128d920a79 100644 --- a/fda-user-service/rest-service/src/main/resources/application-local.yml +++ b/fda-user-service/rest-service/src/main/resources/application-local.yml @@ -22,8 +22,20 @@ spring: name: user-service cloud: loadbalancer.ribbon.enabled: false + gateway: + httpclient: + ssl: + useInsecureTrustManager: true management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9098 +server: + port: 9098 + ssl: + enabled: true + key-alias: server + key-store: "./server.keystore" + key-store-type: jks + key-store-password: password + key-password: password logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,13 +43,16 @@ logging: at.tuwien.: trace org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: user-service - client.serviceUrl.defaultZone: http://localhost:9090/eureka/ + instance: + hostname: user-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9098 + client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: ./ready - gateway.endpoint: http://localhost:9095 + gateway.endpoint: https://localhost:9095 keycloak: - endpoint: https://localhost:8443/ username: fda password: fda jwt: diff --git a/fda-user-service/rest-service/src/main/resources/application.yml b/fda-user-service/rest-service/src/main/resources/application.yml index 5f93e7a6182e1972a150ad884e9385752b4c8c0d..a2748c511ba89492d50c0c69552762581519e16d 100644 --- a/fda-user-service/rest-service/src/main/resources/application.yml +++ b/fda-user-service/rest-service/src/main/resources/application.yml @@ -23,7 +23,15 @@ spring: cloud: loadbalancer.ribbon.enabled: false management.endpoints.web.exposure.include: health,info,prometheus -server.port: 9098 +server: + port: 9098 + ssl: + enabled: true + key-alias: "${KEY_ALIAS}" + key-store: "${KEY_STORE}" + key-store-type: jks + key-store-password: "${KEY_STORE_PASS}" + key-password: "${KEY_PASS}" logging: pattern.console: "%d %highlight(%-5level) %msg%n" level: @@ -31,13 +39,16 @@ logging: at.tuwien.: "${LOG_LEVEL}" org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver: debug eureka: - instance.hostname: user-service + instance: + hostname: user-service + non-secure-port-enabled: false + secure-port-enabled: true + secure-port: 9098 client.serviceUrl.defaultZone: http://discovery-service:9090/eureka/ fda: ready.path: /ready gateway.endpoint: "${GATEWAY_ENDPOINT}" keycloak: - endpoint: https://authentication-service:8443/ username: "${KEYCLOAK_ADMIN}" password: "${KEYCLOAK_ADMIN_PASSWORD}" jwt: diff --git a/fda-user-service/server.keystore b/fda-user-service/server.keystore new file mode 100644 index 0000000000000000000000000000000000000000..e1d9ad028279c08a1d4cc1aa86a5f992085ad48e Binary files /dev/null and b/fda-user-service/server.keystore differ diff --git a/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java b/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java index 540b5d96f4e750a5fdea93f0d2da7a46e7c5c44c..fa6ef35e180a6f4ed99b90269cdb4f1364cdeec0 100644 --- a/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java +++ b/fda-user-service/services/src/main/java/at/tuwien/config/GatewayConfig.java @@ -14,9 +14,6 @@ public class GatewayConfig { @Value("${fda.gateway.endpoint}") private String gatewayEndpoint; - @Value("${fda.keycloak.endpoint}") - private String keycloakEndpoint; - @Value("${fda.keycloak.username}") private String keycloakUsername; @@ -24,17 +21,9 @@ public class GatewayConfig { private String keycloakPassword; @Bean - public RestTemplate gatewayRestTemplate() { + public RestTemplate restTemplate() { final RestTemplate restTemplate = new RestTemplate(); restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(gatewayEndpoint)); return restTemplate; } - - @Bean - public RestTemplate keycloakRestTemplate() { - final RestTemplate restTemplate = new RestTemplate(); - restTemplate.setUriTemplateHandler(new DefaultUriBuilderFactory(keycloakEndpoint)); - return restTemplate; - } - } diff --git a/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java b/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java index 388480c9be24fb50e83699c7fd2f1a92bd39f8d5..2250fa50884df3f47b0b063975aea74f06203f80 100644 --- a/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java +++ b/fda-user-service/services/src/main/java/at/tuwien/config/ReadyConfig.java @@ -1,10 +1,7 @@ package at.tuwien.config; -import at.tuwien.exception.RealmNotFoundException; -import at.tuwien.service.RealmService; import com.google.common.io.Files; import lombok.extern.log4j.Log4j2; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.context.event.ApplicationReadyEvent; import org.springframework.context.annotation.Configuration; @@ -20,16 +17,8 @@ public class ReadyConfig { @Value("${fda.ready.path}") private String readyPath; - private final RealmService realmService; - - @Autowired - public ReadyConfig(RealmService realmService) { - this.realmService = realmService; - } - @EventListener(ApplicationReadyEvent.class) - public void init() throws IOException, RealmNotFoundException { - realmService.update("master"); + public void init() throws IOException { Files.touch(new File(readyPath)); } diff --git a/fda-user-service/services/src/main/java/at/tuwien/exception/RealmNotFoundException.java b/fda-user-service/services/src/main/java/at/tuwien/exception/RealmNotFoundException.java deleted file mode 100644 index 1750cfb525c2947f8f13837b5e89ed7ddc46f8fd..0000000000000000000000000000000000000000 --- a/fda-user-service/services/src/main/java/at/tuwien/exception/RealmNotFoundException.java +++ /dev/null @@ -1,21 +0,0 @@ -package at.tuwien.exception; - -import org.springframework.http.HttpStatus; -import org.springframework.web.bind.annotation.ResponseStatus; - -@ResponseStatus(code = HttpStatus.NOT_FOUND) -public class RealmNotFoundException extends Exception { - - public RealmNotFoundException(String msg) { - super(msg); - } - - public RealmNotFoundException(String msg, Throwable thr) { - super(msg, thr); - } - - public RealmNotFoundException(Throwable thr) { - super(thr); - } - -} diff --git a/fda-user-service/services/src/main/java/at/tuwien/gateway/AuthenticationServiceGateway.java b/fda-user-service/services/src/main/java/at/tuwien/gateway/GatewayServiceGateway.java similarity index 86% rename from fda-user-service/services/src/main/java/at/tuwien/gateway/AuthenticationServiceGateway.java rename to fda-user-service/services/src/main/java/at/tuwien/gateway/GatewayServiceGateway.java index 3d41955d06f05e0897e2bc27db4c784ed6ad3b86..2338d4091ef411be172aceae0288e231480d9430 100644 --- a/fda-user-service/services/src/main/java/at/tuwien/gateway/AuthenticationServiceGateway.java +++ b/fda-user-service/services/src/main/java/at/tuwien/gateway/GatewayServiceGateway.java @@ -4,7 +4,7 @@ import at.tuwien.api.auth.CreateUserDto; import at.tuwien.api.auth.TokenDto; import at.tuwien.exception.RemoteUnavailableException; -public interface AuthenticationServiceGateway { +public interface GatewayServiceGateway { TokenDto getToken() throws RemoteUnavailableException; void createUser(String token, CreateUserDto data) throws RemoteUnavailableException; diff --git a/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java b/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/GatewayServiceGatewayImpl.java similarity index 84% rename from fda-user-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java rename to fda-user-service/services/src/main/java/at/tuwien/gateway/impl/GatewayServiceGatewayImpl.java index 19e2544e29a596e34296cb6179c29e3f0443783c..159a07460d68f86fadb2227fefbece480a2921e7 100644 --- a/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/AuthenticationServiceGatewayImpl.java +++ b/fda-user-service/services/src/main/java/at/tuwien/gateway/impl/GatewayServiceGatewayImpl.java @@ -4,10 +4,9 @@ import at.tuwien.api.auth.CreateUserDto; import at.tuwien.api.auth.TokenDto; import at.tuwien.config.GatewayConfig; import at.tuwien.exception.RemoteUnavailableException; -import at.tuwien.gateway.AuthenticationServiceGateway; +import at.tuwien.gateway.GatewayServiceGateway; import lombok.extern.log4j.Log4j2; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.*; import org.springframework.stereotype.Service; import org.springframework.util.LinkedMultiValueMap; @@ -18,14 +17,14 @@ import org.springframework.web.client.RestTemplate; @Log4j2 @Service -public class AuthenticationServiceGatewayImpl implements AuthenticationServiceGateway { +public class GatewayServiceGatewayImpl implements GatewayServiceGateway { private final RestTemplate restTemplate; private final GatewayConfig gatewayConfig; @Autowired - public AuthenticationServiceGatewayImpl(@Qualifier("keycloakRestTemplate") RestTemplate restTemplate, - GatewayConfig gatewayConfig) { + public GatewayServiceGatewayImpl(RestTemplate restTemplate, + GatewayConfig gatewayConfig) { this.restTemplate = restTemplate; this.gatewayConfig = gatewayConfig; } @@ -39,7 +38,7 @@ public class AuthenticationServiceGatewayImpl implements AuthenticationServiceGa payload.add("password", gatewayConfig.getKeycloakPassword()); payload.add("grant_type", "password"); payload.add("client_id", "admin-cli"); - final String url = "/realms/master/protocol/openid-connect/token"; + final String url = "/api/auth/realms/master/protocol/openid-connect/token"; log.debug("call authentication service {}", url); final ResponseEntity<TokenDto> response; try { @@ -63,7 +62,7 @@ public class AuthenticationServiceGatewayImpl implements AuthenticationServiceGa headers.add("Authorization", "Bearer: " + token); final ResponseEntity<Void> response; try { - response = restTemplate.exchange("/admin/realms/dbrepo/users", HttpMethod.POST, new HttpEntity<>(data, headers), Void.class); + response = restTemplate.exchange("/api/auth/admin/realms/dbrepo/users", HttpMethod.POST, new HttpEntity<>(data, headers), Void.class); } catch (ResourceAccessException | HttpServerErrorException.ServiceUnavailable e) { log.error("Failed to create user: {}", e.getMessage()); throw new RemoteUnavailableException("Failed to create user", e); diff --git a/fda-user-service/services/src/main/java/at/tuwien/repository/jpa/RealmRepository.java b/fda-user-service/services/src/main/java/at/tuwien/repository/jpa/RealmRepository.java deleted file mode 100644 index db0443c0a78c3c8c2d653edf15901c9a3f2e4686..0000000000000000000000000000000000000000 --- a/fda-user-service/services/src/main/java/at/tuwien/repository/jpa/RealmRepository.java +++ /dev/null @@ -1,14 +0,0 @@ -package at.tuwien.repository.jpa; - -import at.tuwien.entities.auth.Realm; -import org.springframework.data.jpa.repository.JpaRepository; -import org.springframework.stereotype.Repository; - -import java.util.Optional; - -@Repository -public interface RealmRepository extends JpaRepository<Realm, String> { - - Optional<Realm> findByName(String name); - -} diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/RealmService.java b/fda-user-service/services/src/main/java/at/tuwien/service/RealmService.java deleted file mode 100644 index fc3f15f2880c009c9cbbbe034f36e7ac5fbbd6ae..0000000000000000000000000000000000000000 --- a/fda-user-service/services/src/main/java/at/tuwien/service/RealmService.java +++ /dev/null @@ -1,10 +0,0 @@ -package at.tuwien.service; - -import at.tuwien.entities.auth.Realm; -import at.tuwien.exception.RealmNotFoundException; - -public interface RealmService { - Realm find(String name) throws RealmNotFoundException; - - Realm update(String name) throws RealmNotFoundException; -} diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java b/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java index abf06036cb4eac51fe001e25e938dc90f8b5bf99..a44429ae15846283fe9a6efca7a7cb5a6856c342 100644 --- a/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java +++ b/fda-user-service/services/src/main/java/at/tuwien/service/UserService.java @@ -1,13 +1,10 @@ package at.tuwien.service; import at.tuwien.api.auth.SignupRequestDto; -import at.tuwien.entities.container.Container; import at.tuwien.entities.user.User; -import at.tuwien.exception.RealmNotFoundException; import at.tuwien.exception.RemoteUnavailableException; import at.tuwien.exception.UserNotFoundException; -import java.security.Principal; import java.util.List; public interface UserService { @@ -28,7 +25,15 @@ public interface UserService { */ User findByUsername(String username) throws UserNotFoundException; - User create(SignupRequestDto data) throws RealmNotFoundException, RemoteUnavailableException, UserNotFoundException; + /** + * Create a user in the authentication service. + * + * @param data The user data. + * @return The user, if successful. + * @throws RemoteUnavailableException + * @throws UserNotFoundException + */ + User create(SignupRequestDto data) throws RemoteUnavailableException, UserNotFoundException; /** * Finds a user by id. diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/impl/RealmServiceImpl.java b/fda-user-service/services/src/main/java/at/tuwien/service/impl/RealmServiceImpl.java deleted file mode 100644 index 249876f68dd6d70830025e69f3c93b4e57d5e09a..0000000000000000000000000000000000000000 --- a/fda-user-service/services/src/main/java/at/tuwien/service/impl/RealmServiceImpl.java +++ /dev/null @@ -1,43 +0,0 @@ -package at.tuwien.service.impl; - -import at.tuwien.entities.auth.Realm; -import at.tuwien.exception.RealmNotFoundException; -import at.tuwien.repository.jpa.RealmRepository; -import at.tuwien.service.RealmService; -import lombok.extern.log4j.Log4j2; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Service; - -import java.util.Optional; - -@Log4j2 -@Service -public class RealmServiceImpl implements RealmService { - - final RealmRepository realmRepository; - - @Autowired - public RealmServiceImpl(RealmRepository realmRepository) { - this.realmRepository = realmRepository; - } - - @Override - public Realm find(String name) throws RealmNotFoundException { - final Optional<Realm> optional = realmRepository.findByName(name); - if (optional.isEmpty()) { - log.error("Failed to find realm with name '{}'", name); - throw new RealmNotFoundException("Failed to find realm"); - } - return optional.get(); - } - - @Override - public Realm update(String name) throws RealmNotFoundException { - final Realm realm = find("master"); - realm.setSslRequired("NONE"); - final Realm entity = realmRepository.save(realm); - log.info("Disabled SSL for realm with name '{}'", name); - return entity; - } - -} diff --git a/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java b/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java index 50bbea2634ad74620f38e0edd15fa130f63033be..177ce3f4534b1853647f6f4fd1db510bfaf5a768 100644 --- a/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java +++ b/fda-user-service/services/src/main/java/at/tuwien/service/impl/UserServiceImpl.java @@ -4,10 +4,9 @@ import at.tuwien.api.auth.CreateUserDto; import at.tuwien.api.auth.SignupRequestDto; import at.tuwien.api.auth.TokenDto; import at.tuwien.entities.user.User; -import at.tuwien.exception.RealmNotFoundException; import at.tuwien.exception.RemoteUnavailableException; import at.tuwien.exception.UserNotFoundException; -import at.tuwien.gateway.AuthenticationServiceGateway; +import at.tuwien.gateway.GatewayServiceGateway; import at.tuwien.mapper.UserMapper; import at.tuwien.repository.jpa.UserRepository; import at.tuwien.service.UserService; @@ -24,11 +23,11 @@ public class UserServiceImpl implements UserService { private final UserMapper userMapper; private final UserRepository userRepository; - private final AuthenticationServiceGateway authenticationServiceGateway; + private final GatewayServiceGateway authenticationServiceGateway; @Autowired public UserServiceImpl(UserMapper userMapper, UserRepository userRepository, - AuthenticationServiceGateway authenticationServiceGateway) { + GatewayServiceGateway authenticationServiceGateway) { this.userMapper = userMapper; this.userRepository = userRepository; this.authenticationServiceGateway = authenticationServiceGateway; @@ -50,8 +49,7 @@ public class UserServiceImpl implements UserService { } @Override - public User create(SignupRequestDto data) throws RealmNotFoundException, RemoteUnavailableException, - UserNotFoundException { + public User create(SignupRequestDto data) throws RemoteUnavailableException, UserNotFoundException { final TokenDto dto = authenticationServiceGateway.getToken(); log.debug("obtained authentication token"); final CreateUserDto userDto = userMapper.signupRequestDtoToCreateUserDto(data);