Update Context.json (#100)

* Update Context.json

* Update UnitTests

* CodeSmells

context/context.json

@@ -12,28 +12,35 @@
  },
  "endpoints": {
  "claim": {
- "url": "https://issuance-dgca-test.cfapps.eu10.hana.ondemand.com/dgca-issuance-service/dgci/wallet/claim",
+ "url": "https://dgca-issuance-web-eu-test.cfapps.eu10.hana.ondemand.com/dgca-issuance-service/dgci/wallet/claim",
  "pubKeys": [
  "lKdU1EbQubxyDDm2q3N8KclZ2C94Num3xXjG0pk+3eI=",
  "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
  ]
  },
  "countryList": {
- "url": "https://dgca-businessrule-service.cfapps.eu10.hana.ondemand.com/countrylist",
+ "url": "https://dgca-businessrule-service-eu-test.cfapps.eu10.hana.ondemand.com/countrylist",
  "pubKeys": [
  "lKdU1EbQubxyDDm2q3N8KclZ2C94Num3xXjG0pk+3eI=",
  "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
  ]
  },
  "rules": {
- "url": "https://dgca-businessrule-service.cfapps.eu10.hana.ondemand.com/rules",
+ "url": "https://dgca-businessrule-service-eu-test.cfapps.eu10.hana.ondemand.com/rules",
  "pubKeys": [
  "lKdU1EbQubxyDDm2q3N8KclZ2C94Num3xXjG0pk+3eI=",
  "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
  ]
  },
  "valuesets": {
- "url": "https://dgca-businessrule-service.cfapps.eu10.hana.ondemand.com/valuesets",
+ "url": "https://dgca-businessrule-service-eu-test.cfapps.eu10.hana.ondemand.com/valuesets",
+ "pubKeys": [
+ "lKdU1EbQubxyDDm2q3N8KclZ2C94Num3xXjG0pk+3eI=",
+ "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="
+ ]
+ },
+ "revocation": {
+ "url": "https://dgca-revocation-service-eu-test.cfapps.eu10.hana.ondemand.com",
  "pubKeys": [
  "lKdU1EbQubxyDDm2q3N8KclZ2C94Num3xXjG0pk+3eI=",
  "r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="

owasp/suppressions.xml

@@ -36,5 +36,34 @@
  <suppress>
  <notes>H2 is only used for Unit Testing. Version 2.x includes major breaking changes.</notes>
  <cve>CVE-2021-23463</cve>
+ <cve>CVE-2018-14335</cve>
+ </suppress>
+ <suppress>
+ <notes>see https://github.com/jeremylong/DependencyCheck/issues/1827></notes>
+ <cve>CVE-2018-1258</cve>
+ </suppress>
+ <suppress>
+ <notes>see https://github.com/jeremylong/DependencyCheck/issues/2952</notes>
+ <cve>CVE-2011-2732</cve>
+ <cve>CVE-2011-2731</cve>
+ <cve>CVE-2012-5055</cve>
+ </suppress>
+ <suppress>
+ <!-- spring-boot and spring are excluded from cfenv artifact. Related issues can be omitted. -->
+ <notes><![CDATA[file name: java-cfenv-boot-2.3.0.jar]]></notes>
+ <sha1>da214a6f44ee5811c97f3b53a6dda31edf25ac9e</sha1>
+ <cve>CVE-2016-9878</cve>
+ <cve>CVE-2018-1270</cve>
+ <cve>CVE-2018-1271</cve>
+ <cve>CVE-2018-1272</cve>
+ <cve>CVE-2020-5421</cve>
+ </suppress>
+ <suppress>
+ <!-- Vulnerability impacts WebFlux apps only and can be ignored here. -->
+ <cve>CVE-2021-22118</cve>
+ </suppress>
+ <suppress>
+ <notes>Feature is not enabled in tomcat</notes>
+ <cve>CVE-2022-23181</cve>
  </suppress>
 </suppressions>

pom.xml

@@ -3,6 +3,12 @@
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
 
  <modelVersion>4.0.0</modelVersion>
+ <parent>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-starter-parent</artifactId>
+ <version>2.6.8</version>
+ <relativePath/> <!-- lookup parent from repository -->
+ </parent>
 
  <groupId>eu.europa.ec.dgc</groupId>
  <artifactId>dgca-issuance-service</artifactId>
@@ -24,26 +30,26 @@
  <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
  <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
  <!-- dependencies -->
- <dgclib.version>1.1.10</dgclib.version>
+ <dgclib.version>1.3.1</dgclib.version>
  <owasp.version>6.5.3</owasp.version>
- <spring.boot.version>2.6.3</spring.boot.version>
+ <spring.boot.version>2.6.8</spring.boot.version>
+ <spring.test.version>5.3.19</spring.test.version>
+ <spring.security.version>5.7.1</spring.security.version>
  <hibernate.version>5.6.5.Final</hibernate.version>
- <spring.test.version>5.3.12</spring.test.version>
- <spring.security.version>5.6.0</spring.security.version>
- <lombok.version>1.18.22</lombok.version>
- <liquibase.version>4.6.2</liquibase.version>
+ <lombok.version>1.18.22</lombok.version>
+ <liquibase.version>4.9.1</liquibase.version>
  <hcert-kotlin.version>1.2.0</hcert-kotlin.version>
- <kotlin.version>1.5.10</kotlin.version>
- <springdoc.version>1.6.0</springdoc.version>
- <junit.version>5.8.1</junit.version>
+ <kotlin.version>1.6.21</kotlin.version>
+ <springdoc.version>1.6.7</springdoc.version>
+ <junit.version>5.8.2</junit.version>
  <mapstruct.version>1.4.2.Final</mapstruct.version>
  <mockito.version>4.1.0</mockito.version>
  <bcpkix.version>1.70</bcpkix.version>
  <okhttp.version>4.9.2</okhttp.version>
  <shedlock.version>4.30.0</shedlock.version>
  <sap.cloud.sdk.version>3.60.0</sap.cloud.sdk.version>
  <slf4j.version>1.7.32</slf4j.version>
- <h2.version>2.1.210</h2.version>
+ <h2.version>2.1.212</h2.version>
  <!-- plugins -->
  <plugin.checkstyle.version>3.1.2</plugin.checkstyle.version>
  <plugin.sonar.version>3.6.1.1688</plugin.sonar.version>
@@ -130,6 +136,10 @@
  </dependencies>
  </dependencyManagement>
  <dependencies>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-core</artifactId>
+ </dependency>
  <dependency>
  <groupId>eu.europa.ec.dgc</groupId>
  <artifactId>dgc-lib</artifactId>
@@ -181,15 +191,17 @@
  <version>${junit.version}</version>
  <scope>test</scope>
  </dependency>
- <dependency>
- <groupId>org.junit.vintage</groupId>
- <artifactId>junit-vintage-engine</artifactId>
- <version>5.7.0</version>
- </dependency>
+
  <dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-test</artifactId>
  <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>org.junit.vintage</groupId>
+ <artifactId>junit-vintage-engine</artifactId>
+ </exclusion>
+ </exclusions>
  </dependency>
  <dependency>
  <groupId>org.springframework</groupId>
@@ -248,7 +260,7 @@
  <dependency>
  <groupId>org.jetbrains.kotlinx</groupId>
  <artifactId>kotlinx-serialization-json</artifactId>
- <version>1.2.1</version>
+ <version>1.3.3</version>
  </dependency>
  <dependency>
  <groupId>org.jetbrains.kotlin</groupId>
@@ -258,7 +270,7 @@
  <dependency>
  <groupId>org.jetbrains.kotlinx</groupId>
  <artifactId>kotlinx-datetime-jvm</artifactId>
- <version>0.2.1</version>
+ <version>0.3.3</version>
  </dependency>
  <dependency>
  <groupId>com.augustcellars.cose</groupId>
@@ -289,7 +301,7 @@
  <dependency>
  <groupId>com.google.code.gson</groupId>
  <artifactId>gson</artifactId>
- <version>2.8.6</version>
+ <version>2.9.0</version>
  </dependency>
  <dependency>
  <groupId>com.sap.cloud.sdk.cloudplatform</groupId>

src/main/java/eu/europa/ec/dgc/issuance/config/IssuanceConfigProperties.java

@@ -50,6 +50,8 @@ public class IssuanceConfigProperties {
  * JSON file that is provided to /context endpoint.
  */
  private String contextFile;
+ private String contextData = "";
+
  @NotNull
  private Expiration expiration;
 

src/main/java/eu/europa/ec/dgc/issuance/restapi/controller/ContextController.java

@@ -28,6 +28,6 @@ public class ContextController {
  )
  @GetMapping(value = "")
  public ResponseEntity<JsonNode> context() {
- return ResponseEntity.ok(contextService.getContextDefintion());
+ return ResponseEntity.ok(contextService.getContextDefinition());
  }
 }

src/main/java/eu/europa/ec/dgc/issuance/service/ContextService.java

@@ -27,31 +27,43 @@ public class ContextService {
  */
  @PostConstruct
  public void loadContextFile() {
- if (issuanceConfigProperties.getContextFile() != null
- && issuanceConfigProperties.getContextFile().length() > 0) {
- File contextFile = new File(issuanceConfigProperties.getContextFile());
- if (!contextFile.isFile()) {
- throw new IllegalArgumentException("configured context file can not be found: " + contextFile);
+ if (issuanceConfigProperties.getContextData().isEmpty()) {
+ if (issuanceConfigProperties.getContextFile() != null
+ && issuanceConfigProperties.getContextFile().length() > 0) {
+ File contextFile = new File(issuanceConfigProperties.getContextFile());
+ if (!contextFile.isFile()) {
+ throw new IllegalArgumentException("configured context file can not be found: " + contextFile);
+ }
+ ObjectMapper mapper = new ObjectMapper();
+ try {
+ contextDefinition = mapper.readTree(contextFile);
+ log.info("context file loaded from: " + contextFile);
+ } catch (IOException e) {
+ throw new IllegalArgumentException("can not read json context file: " + contextFile, e);
+ }
+ } else {
+ log.warn("the context json file not configured (property: issuance.contextFile)."
+ + " The empty context file is generated instead");
+ JsonNodeFactory jsonNodeFactory = JsonNodeFactory.instance;
+ ObjectNode contextObj = jsonNodeFactory.objectNode();
+ contextObj.set("Origin", jsonNodeFactory.textNode(issuanceConfigProperties.getCountryCode()));
+ contextObj.set("versions", jsonNodeFactory.objectNode());
+ contextDefinition = contextObj;
  }
+ } else {
  ObjectMapper mapper = new ObjectMapper();
  try {
- contextDefinition = mapper.readTree(contextFile);
- log.info("context file loaded from: " + contextFile);
+ contextDefinition = mapper.readTree(issuanceConfigProperties.getContextData());
+ log.info("context file loaded from Environment variable 'ContextData'");
  } catch (IOException e) {
- throw new IllegalArgumentException("can not read json context file: " + contextFile, e);
+ throw new IllegalArgumentException("can not read json from Environment variable 'ContextData'", e);
  }
- } else {
- log.warn("the context json file not configured (property: issuance.contextFile)."
- + " The empty context file is generated instead");
- JsonNodeFactory jsonNodeFactory = JsonNodeFactory.instance;
- ObjectNode contextObj = jsonNodeFactory.objectNode();
- contextObj.set("Origin", jsonNodeFactory.textNode(issuanceConfigProperties.getCountryCode()));
- contextObj.set("versions", jsonNodeFactory.objectNode());
- contextDefinition = contextObj;
  }
+
+
  }
 
- public JsonNode getContextDefintion() {
+ public JsonNode getContextDefinition() {
  return contextDefinition;
  }
 }

src/test/java/eu/europa/ec/dgc/issuance/EncodingTest.java

@@ -26,12 +26,12 @@
 import java.nio.charset.StandardCharsets;
 import java.security.MessageDigest;
 import java.util.UUID;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
-import static org.junit.Assert.assertArrayEquals;
-import static org.junit.Assert.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertEquals;
 
-public class EncodingTest {
+class EncodingTest {
 
  public static final String TEST_TAN = "U7ULCYZY";
  public static final String TEST_TAN_HASHED = "avmGz38ugM7uBePwKKlvh3IB8+7O+WFhQEbjIxhTxgY=";
@@ -40,21 +40,21 @@ public class EncodingTest {
  public static final String TEST_DGCI_REP = "NW393C1D87A44870V7TTFQMYC";
 
  @Test
- public void testCreateSHA256Hash() throws Exception {
+ void testCreateSHA256Hash() {
  String output = HashUtil.sha256Base64(TEST_TAN);
  assertEquals(TEST_TAN_HASHED, output);
  }
 
  @Test
- public void dgciEncoding() throws Exception {
+ void dgciEncoding() {
  UUID uuid = UUID.fromString(TEST_UUID);
  String dgciRep = DgciUtil.encodeDgci(uuid);
  assertEquals(25, dgciRep.length());
  assertEquals(TEST_DGCI_REP, dgciRep);
  }
 
  @Test
- public void testBase64URL() throws Exception {
+ void testBase64URL() throws Exception {
  String dgci= "URN:UVCI:V1:DE:NW513NLDH01JY3JCMU4M67WOHA";
  MessageDigest digest = MessageDigest.getInstance("SHA-256");
  byte[] hash = digest.digest(dgci.getBytes(StandardCharsets.UTF_8));

src/test/java/eu/europa/ec/dgc/issuance/GenerateWalletRequestTest.java

@@ -34,12 +34,12 @@
 import java.security.Signature;
 import java.security.SignatureException;
 import java.util.Base64;
-import org.junit.Test;
+import org.junit.jupiter.api.Test;
 
-public class GenerateWalletRequestTest {
+class GenerateWalletRequestTest {
  // This can be used to generate valid json structure for claim
  @Test
- public void testGenerateWalletRequest() throws Exception {
+ void testGenerateWalletRequest() throws Exception {
  // Please adapt this to your certificate (the values can be get from browser network log
  // see POST /dgci
  // and PUT /dgci/{id}
@@ -93,7 +93,7 @@ private void createClaimSignature(ClaimRequest claimRequest, PrivateKey privateK
  }
 
  @Test
- public void testGenerateWalletRequestEC() throws Exception {
+ void testGenerateWalletRequestEC() throws Exception {
  // Please adapt this to your certificate (the values can be get from browser network log
  // see POST /dgci
  // and PUT /dgci/{id}

src/test/java/eu/europa/ec/dgc/issuance/restapi/controller/ContextControllerTest.java

@@ -0,0 +1,31 @@
+package eu.europa.ec.dgc.issuance.restapi.controller;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.AutoConfigureMockMvc;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.http.MediaType;
+import org.springframework.test.web.servlet.MockMvc;
+
+import static org.junit.jupiter.api.Assertions.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.content;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+@SpringBootTest
+@AutoConfigureMockMvc
+class ContextControllerTest {
+
+ @Autowired
+ private MockMvc mockMvc;
+
+ @Test
+ void getContext() throws Exception {
+ mockMvc.perform(get("/context"))
+ .andExpect(status().isOk())
+ .andExpect(content().contentType(MediaType.APPLICATION_JSON))
+ .andExpect(content().json("{\"Origin\":\"DE\",\"versions\":{}}"));
+
+ }
+
+}

src/test/java/eu/europa/ec/dgc/issuance/service/ContextServiceTest.java

@@ -0,0 +1,26 @@
+package eu.europa.ec.dgc.issuance.service;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+@SpringBootTest(
+ properties = {
+ "issuance.contextData = {\"test\":\"Data\"}"
+ }
+)
+class ContextServiceTest {
+
+ @Autowired
+ ContextService contextService;
+
+ @Test
+ void getContextFromEnvironment() {
+ JsonNode json = contextService.getContextDefinition();
+ assertEquals("{\"test\":\"Data\"}",json.toString());
+ }
+
+}