Fixed a multitude of issues with the proxy

ffabb5cf · Martin Weise · 5aaa61f7 · ffabb5cf · ffabb5cf · ffabb5cf
Unverified Commit ffabb5cf authored May 9, 2023 by Martin Weise
--- a/.dev/.gitignore
+++ b/.dev/.gitignore
+server.key
+tmp.p12
\ No newline at end of file
--- a/.dev/auth.keystore
+++ b/.dev/auth.keystore
--- a/.dev/chain.jks
+++ b/.dev/chain.jks
--- a/.dev/gateway-service.crt
+++ b/.dev/gateway-service.crt
+-----BEGIN CERTIFICATE-----
+MIIDUzCCAjugAwIBAgIECRFhYDANBgkqhkiG9w0BAQsFADBJMQswCQYDVQQGEwJB
+VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQDEw5J
+bnRlcm1lZGlhdGVDQTAeFw0yMzA1MDkwNzEyMTZaFw0yMzA4MDcwNzEyMTZaMEox
+CzAJBgNVBAYTAkFUMRAwDgYDVQQKEwdUVSBXaWVuMQ8wDQYDVQQLEwZEUy1JRlMx
+GDAWBgNVBAMTD2dhdGV3YXktc2VydmljZTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBANggN8zp4TwEh6S2dsBgxu/eHoAMKapJiP5yQZ3XD2/+EN4e5yVM
+kth95MsMM4NufnBsq4sfOWmD+0R9Ig0eN7Qo6IiW8IhWmcGTFfdHEx8lhbzDr0Mm
+WVSULsA2WS2UOilErmlANRRJfq0VnoSDxbvdXsm4FWglTcsNTnRcaKm3okQgq89N
+e1sGa8b38OsONOVjTh/cAo6t0O60cyBL3FffJKifRi6xJv82jkCI3px3ZCk5o/zF
+eYT6eBRWTqhaVLuuWqhpCc4Wi5XjF9/imUAMtxU9zMl6H4U1dRS1eeGYZm++iQv3
+lnwTx6lxerfQx07cE1TVAWUUgod6L9cQIHsCAwEAAaNCMEAwHQYDVR0OBBYEFNpe
+d5r17TPn+9Gm3bBgZv6FJMHnMB8GA1UdIwQYMBaAFF5md9arqKs42p+WjhWXGwgV
+MmDKMA0GCSqGSIb3DQEBCwUAA4IBAQBVeWc0Fmy+T87FfagMyR2Xtl+43eOS33bl
+RJ5pSFt9do3fPjLeegwpLUDfkXwpyRVIRCH5qob5cPB8GFPqxmATaiXOvTUhw5Om
+Z3EXRlGZslEKrKVx1nWW+PMTOLWZcLg8WTJaLqbHSRD9dPlL3rWrc5vHu9vNrqN3
+A2aOCaZ8kXb8Mp+dLnsajCDgoAwd/TuchPphkuxE3uQ+4Le4VXpSIVGEVydR+dnV
+3wocWiq5PiIg8IEs+2DlwKah7AKdiL66oDaSiv6JZjMvdKE0g7aocWGBvesoqaFw
+zABZTzWo2TdkNjN2db+N9L3jtvWwhiwLvNh81wF2Lt1baT9Zk1in
+-----END CERTIFICATE-----
--- a/.dev/generate-jks.sh
+++ b/.dev/generate-jks.sh
@@ -6,13 +6,13 @@ STORE_PASS=password
 KEY_PASS=password

 declare -A services
+services[443]=gateway
+services[8443]=authentication
 services[9091]=container
 services[9092]=database
 services[9093]=query
 services[9094]=table
-services[9095]=gateway
 services[9096]=identifier
-services[9097]=authentication
 services[9098]=user
 services[9099]=metadata

@@ -43,7 +43,14 @@ function sign () {

 function crt () {
  echo "... export $1 certificate"
-  keytool -exportcert -alias "$1" -rfc -storepass ${STORE_PASS} -keystore "$2" > "./$1.crt"
+  keytool -exportcert -alias "$1" -rfc -storepass ${STORE_PASS} -keystore "$2" > "$3"
+}
+
+function key () {
+  echo "... export $1 key"
+  rm -f ./tmp.12 && keytool -importkeystore -srckeystore "$2" -destkeystore ./tmp.p12 -deststoretype PKCS12 \
+    -srcalias "$1" -srcstorepass ${STORE_PASS} -deststorepass ${STORE_PASS} -destkeypass ${STORE_PASS}
+  openssl pkcs12 -in ./tmp.p12 -nodes -nocerts -out server.key -password pass:${STORE_PASS}
 }

 function move () {
@@ -85,13 +92,11 @@ echo "Generating the certificate key pairs"
 for key in "${!services[@]}"; do
  generate "${services[$key]}" "service"
 done
-generate "ui"

 echo "Sign the certificates with intermediate certificate"
 for key in "${!services[@]}"; do
  sign "${services[$key]}" "service"
 done
-sign "ui"

 echo "Export the trusted keystore"
 keytool -export -alias intermediate -storepass ${STORE_PASS} | keytool -import -alias intermediate \
@@ -100,14 +105,20 @@ keytool -export -alias root -storepass ${STORE_PASS} | keytool -import -alias ro
  -storepass ${STORE_PASS} -trustcacerts -noprompt

 echo "Export CRTs"
-crt root ./chain.jks
-crt intermediate ./chain.jks
+crt root ./chain.jks ./root.crt
+crt intermediate ./chain.jks ./intermediate.crt
+crt gateway-service ./server.keystore ./gateway-service.crt
+cp ./gateway-service.crt ../dbrepo-gateway-service/server.crt
+cat ./root.crt ./intermediate.crt ./gateway-service.crt > ../dbrepo-gateway-service/fullchain.crt
+
+echo "Export private key"
+key gateway-service ./server.keystore
+cp ./server.key ../dbrepo-gateway-service/server.key

 echo "Copy the JKS(s)"
 for key in "${!services[@]}"; do
  move "${services[$key]}" "service"
 done
-move "ui"

 echo "Create the authentication service JKS"
 echo "... import private key into the key store"

--- a/.dev/intermediate.crt
+++ b/.dev/intermediate.crt
-----BEGIN CERTIFICATE-----
-MIIDaDCCAlCgAwIBAgIECTYCTTANBgkqhkiG9w0BAQsFADBBMQswCQYDVQQGEwJB
-VDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMQ8wDQYDVQQDEwZS
-b290Q0EwHhcNMjMwNTA4MTgyNjQ2WhcNMjMwODA2MTgyNjQ2WjBJMQswCQYDVQQG
-EwJBVDEQMA4GA1UEChMHVFUgV2llbjEPMA0GA1UECxMGRFMtSUZTMRcwFQYDVQQD
-Ew5JbnRlcm1lZGlhdGVDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AKPTnhNdSjVJvRT6jBQuNWOYAeukC1hVAAuiOtU6QqQANFLRHACFQGs/QJkh1LRt
-HoNvN2W0EEljUQ5pgSym76xPXCg38OYmsV4w0gcSe34QyCCWkB82eBi48MEmsb6s
-x7n3uM+SaSwaFqxZFTQszsEVOJcnfRDBhYkT3juiuW0HzmMCuDa/V1sl1HgxbKRc
-zEXEk3PjDY12gsYNzF1jgB33Nwh692npdBca5MXJ+Gi0zvnM+1JgrfIYayC37+ZF
-UG10LYTSV4rG4NS9UzF/cBK9naddMgCgqIMGHnU5Z5N+PNPiHZ4WkX4Xf4Zu1WTg
-YGlsVjgNKTX6CYytrRwbWKUCAwEAAaNgMF4wHQYDVR0OBBYEFF5md9arqKs42p+W
-jhWXGwgVMmDKMAsGA1UdDwQEAwICBDAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
-MBaAFJ0un4jfS4HiMAw/U+dkuiXFsX8DMA0GCSqGSIb3DQEBCwUAA4IBAQCCyhop
-e3l6rF19EdiS5wjGE3YJl0FPYVjFVcmSXaNXaYh+v5rxyQN9Tv7kPN3EOTeWkj+n
-Lbhls7hpJa2ydmmcPXEDF/+Bn5cgRcCh/ayk8/W5WaxIX7dkFYKmFE/+CkXDSpGN
-kawYi99eDaB8wZbGh+SNN7oZpS6kg4L5WqrE4vrrrBMhZuUINFymbzybX4WMRZKr
-9n9G3RenYXVSJvWxyQAe/GuWrsO1xDpwz/k6zeMf0qYXAStbIIC3QK3tsRnRf/F9
-A8QKjOS/25k0waMDFPZ7p5T/Xay50uYGXG1BSHILta5IQ5vr7BzGi4u8pgyiDA4V
-PIDnZiCN3dbPUPnB
-----END CERTIFICATE-----
--- a/.dev/server.keystore
+++ b/.dev/server.keystore
--- a/.gitignore
+++ b/.gitignore
@@ -34,6 +34,7 @@ fda-ui/

 # X509
 root.crt
+intermediate.crt

 # scanning
 .trivy/trivy-*.json

--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -55,13 +55,6 @@ build-database-service:
  script:
    - "make build-database-service"

-build-gateway-service:
-  stage: build-backend
-  needs:
-    - build-metadata-db
-  script:
-    - "make build-gateway-service"
-
 build-query-service:
  stage: build-backend
  needs:
@@ -279,7 +272,6 @@ build-docker:
    - build-identifier-service
    - build-container-service
    - build-database-service
-    - build-gateway-service
    - build-query-service
    - build-table-service
    - build-metadata-service

--- a/dbrepo-authentication-service/auth.keystore
+++ b/dbrepo-authentication-service/auth.keystore
--- a/dbrepo-authentication-service/server.keystore
+++ b/dbrepo-authentication-service/server.keystore
--- a/dbrepo-broker-service/Dockerfile
+++ b/dbrepo-broker-service/Dockerfile
@@ -5,9 +5,7 @@ MAINTAINER Martin Weise <martin.weise@tuwien.ac.at>
 ###### SECOND STAGE ######
 FROM rabbitmq:3-management-alpine as runtime

-ENV PYTHONUNBUFFERED=1
-ENV JWT_PUBKEY=public-key
-ENV JWT_CERT=cert
+ENV RABBITMQ_DEFAULT_VHOST=dbrepo

 RUN apk --no-cache add curl

@@ -15,6 +13,9 @@ COPY ./rabbitmq.conf /etc/rabbitmq/rabbitmq.conf

 WORKDIR /app

+ENV JWT_PUBKEY=public-key
+ENV JWT_CERT=cert
+
 COPY ./init.sh ./init.sh
 COPY ./service_ready /usr/bin/service_ready
 COPY ./docker-entrypoint.sh ./docker-entrypoint.sh

--- a/dbrepo-container-service/Dockerfile
+++ b/dbrepo-container-service/Dockerfile
@@ -41,8 +41,9 @@ RUN chmod +x /usr/bin/service_ready

 HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD service_ready

+COPY ./server.keystore ./server.keystore
 COPY --from=build ./rest-service/target/rest-service-*.jar ./container-service.jar

 EXPOSE 9091

-ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "./container-service.jar"]
+ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-Djavax.net.ssl.trustStore=/app/server.keystore", "-Djavax.net.ssl.trustStorePassword=password", "-jar", "./container-service.jar"]
--- a/dbrepo-container-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-container-service/rest-service/src/main/resources/application-local.yml
@@ -24,6 +24,7 @@ spring:
    loadbalancer.ribbon.enabled: false
  rabbitmq:
    host: localhost
+    virtual-host: dbrepo
    username: fda
    password: fda
 management.endpoints.web.exposure.include: health,info,prometheus

--- a/dbrepo-container-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-container-service/rest-service/src/main/resources/application.yml
@@ -24,6 +24,7 @@ spring:
    loadbalancer.ribbon.enabled: false
  rabbitmq:
    host: broker-service
+    virtual-host: dbrepo
    username: "${BROKER_USERNAME}"
    password: "${BROKER_PASSWORD}"
 management.endpoints.web.exposure.include: health,info,prometheus

--- a/dbrepo-container-service/server.keystore
+++ b/dbrepo-container-service/server.keystore
--- a/dbrepo-database-service/Dockerfile
+++ b/dbrepo-database-service/Dockerfile
@@ -43,8 +43,9 @@ RUN chmod +x /usr/bin/service_ready

 HEALTHCHECK --interval=10s --timeout=5s --retries=12 CMD service_ready

+COPY ./server.keystore ./server.keystore
 COPY --from=build ./rest-service/target/rest-service-*.jar ./database-service.jar

 EXPOSE 9092

-ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true", "-jar", "./database-service.jar"]
+ENTRYPOINT ["java", "-Dlog4j2.formatMsgNoLookups=true",  "-Djavax.net.ssl.trustStore=/app/server.keystore", "-Djavax.net.ssl.trustStorePassword=password",  "-jar", "./database-service.jar"]
--- a/dbrepo-database-service/rest-service/src/main/resources/application-local.yml
+++ b/dbrepo-database-service/rest-service/src/main/resources/application-local.yml
@@ -24,6 +24,7 @@ spring:
    loadbalancer.ribbon.enabled: false
  rabbitmq:
    host: localhost
+    virtual-host: dbrepo
    username: fda
    password: fda
 management.endpoints.web.exposure.include: health,info,prometheus

--- a/dbrepo-database-service/rest-service/src/main/resources/application.yml
+++ b/dbrepo-database-service/rest-service/src/main/resources/application.yml
@@ -24,6 +24,7 @@ spring:
    loadbalancer.ribbon.enabled: false
  rabbitmq:
    host: broker-service
+    virtual-host: dbrepo
    username: "${BROKER_USERNAME}"
    password: "${BROKER_PASSWORD}"
 management.endpoints.web.exposure.include: health,info,prometheus

--- a/dbrepo-database-service/server.keystore
+++ b/dbrepo-database-service/server.keystore