Skip to content
This repository has been archived by the owner on May 16, 2023. It is now read-only.

Commit

Permalink
Feat add vault (#108)
Browse files Browse the repository at this point in the history 
* fixed tests
updated spring boot to 2.4.1
updated spring cloud to 2020

* Added Vault Keystore to properties

* Update bootstrap-cloud.yaml

* Update application-cloud.yml

* Update ci-master.yml

* Update Dockerfile

* Update application-cloud.yml

* fix ci

* version bump
  • Loading branch information
@mschulte-tsi
mschulte-tsi authored Apr 8, 2021
1 parent 641ce49 commit eb9c21b
Show file tree
Hide file tree
Showing 10 changed files with 127 additions and 39 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM gcr.io/distroless/java:11
FROM gcr.io/distroless/java-debian10:11
COPY target/*.jar app.jar
COPY scripts/Dpkg.java Dpkg.java
RUN ["java", "Dpkg.java"]
Expand Down
19 changes: 16 additions & 3 deletions pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,16 +31,16 @@
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<!-- dependencies -->
<spring.boot.version>2.3.0.RELEASE</spring.boot.version>
<spring.cloud.version>Hoxton.SR4</spring.cloud.version>
<spring.boot.version>2.4.1</spring.boot.version>
<spring.cloud.version>2020.0.0</spring.cloud.version>
<keycloak.version>10.0.1</keycloak.version>
<lombok.version>1.18.12</lombok.version>
<springdoc.version>1.3.9</springdoc.version>
<!-- plugins -->
<plugin.checkstyle.version>3.1.1</plugin.checkstyle.version>
<plugin.sonar.version>3.6.1.1688</plugin.sonar.version>
<plugin.jacoco.version>0.8.5</plugin.jacoco.version>
<guava.version>29.0-jre</guava.version>
<guava.version>30.0-jre</guava.version>
<sonar.coverage.exclusions>
**/VerificationPortalApplication.java,
**/SecurityConfig.java,
Expand Down Expand Up @@ -99,6 +99,14 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-vault-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-bootstrap</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
Expand Down Expand Up @@ -169,6 +177,11 @@
<artifactId>spring-session-core</artifactId>
<version>2.3.0.RELEASE</version>
</dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
</dependencies>

<build>
Expand Down
7 changes: 7 additions & 0 deletions src/main/resources/application-cloud.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
cwa-verification-server:
ssl:
hostname-verify: false
key-store: ${SSL_PORTAL_KEYSTORE_PATH}
key-store-password: ${SSL_PORTAL_KEYSTORE_PASSWORD}
trust-store: ${SSL_PORTAL_TRUSTSTORE_PATH}
trust-store-password: ${SSL_PORTAL_TRUSTSTORE_PASSWORD}
4 changes: 3 additions & 1 deletion src/main/resources/application.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,9 @@
spring:
application:
name: cwa-verification-portal

cloud:
vault:
enabled: false
feign:
client:
config:
Expand Down
30 changes: 30 additions & 0 deletions src/main/resources/bootstrap-cloud.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
---
spring:
application:
name: cwa-verification-portal
cloud:
vault:
ssl:
trust-store: file:${SSL_VAULT_TRUSTSTORE_PATH}
trust-store-password: ${SSL_VAULT_TRUSTSTORE_PASSWORD}
enabled: true
generic:
enabled: false
kv:
enabled: true
backend: ${VAULT_BACKEND}
profile-separator: '/'
application-name: 'cwa-verification-portal'
default-context: ''
profiles: cloud
fail-fast: true
authentication: KUBERNETES
kubernetes:
role: ${VAULT_ROLE}
kubernetes-path: kubernetes
service-account-token-file: /var/run/secrets/kubernetes.io/serviceaccount/token
uri: ${VAULT_URI}
connection-timeout: 5000
read-timeout: 15000
config:
order: -10
5 changes: 5 additions & 0 deletions src/main/resources/bootstrap.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
spring:
cloud:
vault:
enabled: false
49 changes: 36 additions & 13 deletions src/test/java/app/coronawarn/verification/portal/VerificationPortalHttpFilterTest.java
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,28 @@
/*
* Corona-Warn-App / cwa-verification-portal
*
* (C) 2021, T-Systems International GmbH
*
* Deutsche Telekom AG and all other contributors /
* copyright owners license this file to you under the Apache
* License, Version 2.0 (the "License"); you may not use this
* file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package app.coronawarn.verification.portal;

import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;

import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.ExtendWith;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.test.context.SpringBootTest;
Expand All @@ -12,12 +32,15 @@
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.mock.web.MockServletContext;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.context.junit.jupiter.SpringExtension;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@RunWith(SpringRunner.class)
import static org.junit.Assert.assertEquals;

@ExtendWith(SpringExtension.class)
@SpringBootTest(classes = VerificationPortalHttpFilter.class)
@TestPropertySource(properties = {"host-header.whitelist=localhost,localhost:8081", "pod.ip=127.0.0.1", "pod.port=8081"})
@EnableConfigurationProperties
Expand All @@ -43,7 +66,7 @@ public void doFilterReturnsOkForValidHost() throws IOException, ServletException
MockHttpServletRequest request = new MockHttpServletRequest(new MockServletContext());
request.addHeader(HttpHeaders.HOST, VALID_HOST);
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatus());
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
}

@Test
Expand All @@ -52,7 +75,7 @@ public void doFilterReturnsOkForValidHostAndPort() throws IOException, ServletEx
MockHttpServletRequest request = new MockHttpServletRequest(new MockServletContext());
request.addHeader(HttpHeaders.HOST, VALID_HOST_PORT);
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatus());
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
}

@Test
Expand All @@ -61,7 +84,7 @@ public void doFilterReturnsOkForValidPodIPAndHost() throws IOException, ServletE
MockHttpServletRequest request = new MockHttpServletRequest(new MockServletContext());
request.addHeader(HttpHeaders.HOST, POD_HOST + ":" + POD_PORT);
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_OK, response.getStatus());
assertEquals(HttpServletResponse.SC_OK, response.getStatus());
}

@Test
Expand All @@ -70,7 +93,7 @@ public void doFilterReturnsBadRequestForValidPodPort() throws IOException, Servl
MockHttpServletRequest request = new MockHttpServletRequest(new MockServletContext());
request.addHeader(HttpHeaders.HOST, POD_HOST + ":" + INVALID_POD_PORT);
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
}

@Test
Expand All @@ -80,15 +103,15 @@ public void doFilterReturnsBadRequestWhenXForwardedHostHeaderInRequest() throws
request.addHeader(HttpHeaders.HOST, VALID_HOST);
request.addHeader(X_FORWARDED_HOST_HEADER, INVALID_HOST);
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
}

@Test
public void doFilterReturnsBadRequestWhenHostHeaderNotInRequest() throws IOException, ServletException {
MockHttpServletResponse response = new MockHttpServletResponse();
MockHttpServletRequest request = new MockHttpServletRequest(new MockServletContext());
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
}

@Test
Expand All @@ -97,7 +120,7 @@ public void doFilterReturnsBadRequestWhenHostHeaderIsNotValid() throws IOExcepti
MockHttpServletRequest request = new MockHttpServletRequest(new MockServletContext());
request.addHeader(HttpHeaders.HOST, INVALID_HOST);
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
}

@Test
Expand All @@ -106,7 +129,7 @@ public void doFilterReturnsBadRequestWhenPortInHostHeaderNotValid() throws IOExc
MockHttpServletRequest request = new MockHttpServletRequest(new MockServletContext());
request.addHeader(HttpHeaders.HOST, VALID_HOST + ":" + INVALID_PORT);
verificationPortalHttpFilter.doFilter(request, response, new MockFilterChain());
Assert.assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
assertEquals(HttpServletResponse.SC_BAD_REQUEST, response.getStatus());
}

}
27 changes: 15 additions & 12 deletions .../java/app/coronawarn/verification/portal/controller/VerificationPortalControllerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,14 @@
import java.util.Collections;
import lombok.extern.slf4j.Slf4j;
import static org.hamcrest.Matchers.equalTo;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import static org.mockito.ArgumentMatchers.any;

import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.Mockito;

import static org.mockito.BDDMockito.*;
import static org.mockito.Mockito.when;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
Expand All @@ -44,14 +47,13 @@
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;


@Slf4j
@RunWith(SpringRunner.class)
@WebMvcTest(VerificationPortalController.class)
@TestPropertySource(properties = {"rateLimiting.enabled=true", "rateLimiting.seconds=30"})
@ContextConfiguration(classes = VerificationPortalController.class)
Expand All @@ -70,7 +72,7 @@ public class VerificationPortalControllerTest extends ServletUnitTestingSupport
@Autowired
private MockMvc mockMvc;

@Before
@BeforeEach
public void setup() {
httpSessionCsrfTokenRepository = new HttpSessionCsrfTokenRepository();
csrfToken = httpSessionCsrfTokenRepository.generateToken(new MockHttpServletRequest());
Expand Down Expand Up @@ -189,14 +191,15 @@ public void testIfRateLimitExceptionIsHandledCorrectly() throws Exception {
.andExpect(status().isTooManyRequests());
}

@Test(expected = Exception.class)
@Test
@WithMockKeycloakAuth(name = "tester2", value = "Role_Test")
public void testIfAnyOtherExceptionIsJustForwared() throws Exception {
Mockito.doThrow(new Exception("Dummy Exception")).when(teleTanService).createTeleTan(any(String.class));

mockMvc.perform(post("/cwa/teletan")
.sessionAttr(TOKEN_ATTR_NAME, csrfToken).param(csrfToken.getParameterName(), csrfToken.getToken())
.sessionAttr(TELETAN_NAME, TELETAN_VALUE).param(TELETAN_NAME, TELETAN_VALUE));
given(teleTanService.createTeleTan(any(String.class))).willAnswer( invocation -> { throw new Exception("Dummy Exception"); });
Assertions.assertThrows(Exception.class, () -> {
mockMvc.perform(post("/cwa/teletan")
.sessionAttr(TOKEN_ATTR_NAME, csrfToken).param(csrfToken.getParameterName(), csrfToken.getToken())
.sessionAttr(TELETAN_NAME, TELETAN_VALUE).param(TELETAN_NAME, TELETAN_VALUE));
});
}

}
15 changes: 9 additions & 6 deletions .../app/coronawarn/verification/portal/controller/VerificationPortalErrorControllerTest.java
View file
Original file line number Diff line number Diff line change
@@ -1,21 +1,23 @@
package app.coronawarn.verification.portal.controller;

import app.coronawarn.verification.portal.VerificationPortalApplication;
import com.c4_soft.springaddons.security.oauth2.test.annotations.keycloak.WithMockKeycloakAuth;
import com.c4_soft.springaddons.security.oauth2.test.mockmvc.ServletUnitTestingSupport;
import lombok.extern.slf4j.Slf4j;
import static org.hamcrest.Matchers.equalTo;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;

import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringRunner;
import org.springframework.test.web.servlet.MockMvc;
import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.*;
Expand All @@ -24,7 +26,8 @@
import javax.servlet.RequestDispatcher;

@Slf4j
@RunWith(SpringRunner.class)
//@SpringBootTest
@AutoConfigureMockMvc
@WebMvcTest(VerificationPortalController.class)
@TestPropertySource(properties = {"rateLimiting.enabled=true", "rateLimiting.seconds=30"})
@ContextConfiguration(classes = VerificationPortalErrorController.class)
Expand All @@ -50,7 +53,7 @@ public class VerificationPortalErrorControllerTest extends ServletUnitTestingSup
@Autowired
private MockMvc mockMvc;

@Before
@BeforeEach
public void setup() {
httpSessionCsrfTokenRepository = new HttpSessionCsrfTokenRepository();
csrfToken = httpSessionCsrfTokenRepository.generateToken(new MockHttpServletRequest());
Expand Down
8 changes: 5 additions & 3 deletions src/test/java/app/coronawarn/verification/portal/service/TeleTanServiceTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,19 @@
import app.coronawarn.verification.portal.client.TeleTan;
import app.coronawarn.verification.portal.client.VerificationServerClient;
import lombok.extern.slf4j.Slf4j;
import org.junit.Before;
import org.junit.Test;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
import org.mockito.InjectMocks;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.MockitoAnnotations;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.test.context.SpringBootTest;

import static org.assertj.core.api.Assertions.assertThat;

@Slf4j
@SpringBootTest
public class TeleTanServiceTest
{
public static final String TEST_TELE_TAN = "FE9A5MAK6C";
Expand All @@ -47,7 +49,7 @@ public class TeleTanServiceTest
@Mock
private VerificationServerClient clientMock;

@Before
@BeforeEach
public void setUp() {
MockitoAnnotations.initMocks(this);
}
Expand Down

0 comments on commit eb9c21b

Please sign in to comment.