Merge branch 'main' into dependabot/maven/dependabot-dependency-updat…

…es-f1d6381dc8

.github/workflows/code-format.yml

@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 11
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '11'
           distribution: 'temurin'

.github/workflows/code-quality.yml

@@ -15,22 +15,22 @@ jobs:
     name: Run unit tests and Sonar analysis
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 17
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 17
           distribution: 'temurin'
       - name: Cache SonarCloud packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Cache Maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -42,28 +42,26 @@ jobs:
         # note that we deliberately turn off the OWASP dependency checker here, it will run in a separate job,
         # such that its results can be viewed independently of what Sonar has to say
         run: |
-          mvn -B verify sonar:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true
+          mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=siemens_LightweightCmpRa -Ddependency-check.skip=true
 
   analyze_dependencies_owasp:
     name: Check dependencies with OWASP
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: Set up JDK 11
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: 11
           distribution: 'temurin'
       - name: Cache Maven packages
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
       - name: Analyze dependencies
-        env:
-          NVD_API_KEY: ${{ secrets.NVD_TOKEN }}
         # this will run the OWASP dependency checker only
-        run: mvn -B verify -DskipTests
+        run: mvn -B verify -DskipTests -DnvdApiKey=${{ secrets.NVD_TOKEN }}

.github/workflows/licence-compliance.yml

@@ -9,9 +9,9 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up JDK 11
-        uses: actions/setup-java@v3
+        uses: actions/setup-java@v4
         with:
           java-version: '11'
           distribution: 'temurin'

CHANGELOG.md

@@ -134,4 +134,6 @@ fix: update some dependencies
 
 feat: add nested message support to CmpCaMock
 
+### 4.0.3 (Jun 19 2024)
 
+fix: update dependencies to CmpRaComponent

README.md

@@ -73,7 +73,7 @@ The component needs to be installed into the local maven repository:
 ```bash
 git clone https://github.com/siemens/cmp-ra-component.git
 cd cmp-ra-component
-mvn clean install -DskipTests=true
+mvn clean install -DskipTests=true -Dgpg.skip
 cd ..
 ```
 
@@ -96,6 +96,17 @@ This includes running unit tests, which may also be invoked explicitly by
 mvn test
 ```
 
+## Updating the Lightweight CMP RA
+
+In case the software has already been installed before,
+for updating it is sufficient to execute
+
+```bash
+git pull
+mvn clean install -DskipTests=true -Dgpg.skip
+```
+in both directories.
+
 ## Running the RA
 
 Example YAML configuration files can be found at

doc/config/README.md

@@ -465,6 +465,13 @@ the EE and RA configurations are consistent for all types of requests.
 To this end it can be helpful to differentiate via certificate profiles.
 
 
+Note: If the `VerificationContext` is configured with MAC-based protection,
+the RA must use the same credentials as `OutputCredentials`.
+In this case, the configuration of the `OutputCredentials` object is ignored
+and the credentials from the `VerificationContext` are used for protecting outgoing messages.
+If a validation error occurs at the RA, the `OutputCredentials` are used to protect the error message.
+
+
 ##### The `SignatureCredentialContext` object
 
 The **`SignatureCredentialContext`** object holds the values needed

pom.xml

@@ -7,7 +7,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>com.siemens.pki</groupId>
 	<artifactId>LightweightCmpRa</artifactId>
-	<version>4.0.2</version>
+	<version>4.0.3</version>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<parent.basedir>.</parent.basedir>
@@ -107,7 +107,7 @@
 			<plugin>
 				<groupId>org.owasp</groupId>
 				<artifactId>dependency-check-maven</artifactId>
-				<version>9.2.0</version>
+				<version>10.0.2</version>
 				<executions>
 					<execution>
 						<goals>
@@ -172,7 +172,7 @@
 		<dependency>
 			<groupId>com.siemens.pki</groupId>
 			<artifactId>CmpRaComponent</artifactId>
-			<version>4.1.2</version>
+			<version>4.1.4</version>
 		</dependency>
 		<dependency>
 			<groupId>jakarta.xml.bind</groupId>

src/main/java/com/siemens/pki/lightweightcmpra/configuration/NestedEndpointContextImpl.java

@@ -35,6 +35,17 @@ public class NestedEndpointContextImpl implements NestedEndpointContext {
 
     private CredentialContextImpl OutputCredentials;
 
+    private String recipient;
+
+    public void setRecipient(String recipient) {
+        this.recipient = recipient;
+    }
+
+    @Override
+    public String getRecipient() {
+        return recipient;
+    }
+
     private Pattern recipientPatternAsPattern;
 
     @Override

src/main/java/com/siemens/pki/lightweightcmpra/main/RA.java

@@ -78,7 +78,7 @@ void set(final T val) {
         }
     }
 
-    private static ArrayList<RA> raList;
+    private static ArrayList<RA> raList = new ArrayList<>();
 
     /**
      * @param args command line arguments. Call with &lt;name of XML/YAML/JSON
@@ -90,35 +90,35 @@ public static void main(final String[] args) throws Exception {
             System.err.println("call with <name of YAML/JSON config file>");
             return;
         }
-        raList = new ArrayList<>(args.length);
-        // start RAs
-        for (final String actConfigFile : args) {
-            raList.add(new RA(actConfigFile));
+        synchronized (raList) {
+            // start RAs
+            for (final String actConfigFile : args) {
+                raList.add(new RA(actConfigFile));
+            }
         }
     }
 
     /**
      * stop all RA instances, used for unit tests
      */
     public static void stopAllRas() {
-        for (; ; ) {
-            if (raList.isEmpty()) {
-                break;
-            }
-            raList.remove(0).stop();
+        synchronized (raList) {
+            raList.forEach(RA::stop);
+            raList.clear();
         }
     }
 
     private DownstreamInterface downstreamInterface;
     private String configFile;
+    private Map<CertProfileBodyTypeTupel, UpstreamInterface> upstreamInterfaceMap;
 
     private RA(final String actConfigFile) throws Exception {
         configFile = actConfigFile;
 
         try {
             final ConfigurationImpl configuration = YamlConfigLoader.loadConfig(configFile, ConfigurationImpl.class);
             final DeferredSupplier<CmpRaInterface> raHolder = new DeferredSupplier<>();
-            final Map<CertProfileBodyTypeTupel, UpstreamInterface> upstreamInterfaceMap = new HashMap<>();
+            upstreamInterfaceMap = new HashMap<>();
             final UpstreamExchange upstreamExchange = (request, certProfile, bodyTypeOfFirstRequest) -> {
                 final CertProfileBodyTypeTupel key = new CertProfileBodyTypeTupel(certProfile, bodyTypeOfFirstRequest);
                 UpstreamInterface upstreamInterface = upstreamInterfaceMap.get(key);
@@ -146,6 +146,7 @@ private void stop() {
         if (downstreamInterface != null) {
             downstreamInterface.stop();
         }
+        upstreamInterfaceMap.values().forEach(UpstreamInterface::stop);
         System.out.println("RA configured with " + configFile + " stopped");
     }
 }

src/main/java/com/siemens/pki/lightweightcmpra/upstream/UpstreamInterface.java

@@ -36,4 +36,6 @@ interface AsyncResponseHandler {
      *            the callback
      */
     void setDelayedResponseHandler(AsyncResponseHandler asyncResponseHandler);
+
+    void stop();
 }

src/main/java/com/siemens/pki/lightweightcmpra/upstream/offline/CmpFileOfflineClient.java

@@ -45,6 +45,7 @@ public class CmpFileOfflineClient implements UpstreamInterface {
 
     private final File outputDirectory;
     private AsyncResponseHandler asyncResponseHandler;
+    private TimerTask timerTask;
 
     /**
      *
@@ -66,14 +67,14 @@ public CmpFileOfflineClient(final OfflineFileClientConfig config) throws IOExcep
         }
         final long pollInterval = config.getInputDirectoryPollcycle() * 1000L;
         final Timer pollTimer = new Timer(true);
-        final TimerTask task = new TimerTask() {
+        timerTask = new TimerTask() {
 
             @Override
             public void run() {
                 pollInputDirectory();
             }
         };
-        pollTimer.schedule(task, new Date(System.currentTimeMillis() + pollInterval), pollInterval);
+        pollTimer.schedule(timerTask, new Date(System.currentTimeMillis() + pollInterval), pollInterval);
     }
 
     @Override
@@ -118,4 +119,9 @@ private void pollInputDirectory() {
             }
         }
     }
+
+    @Override
+    public void stop() {
+        timerTask.cancel();
+    }
 }

src/main/java/com/siemens/pki/lightweightcmpra/upstream/online/CmpCoapClient.java

@@ -53,4 +53,9 @@ public byte[] apply(final byte[] message, final String certProfile) {
     public void setDelayedResponseHandler(final AsyncResponseHandler asyncResponseHandler) {
         // no async response expected
     }
+
+    @Override
+    public void stop() {
+        client.shutdown();
+    }
 }

src/main/java/com/siemens/pki/lightweightcmpra/upstream/online/CmpHttpClient.java

@@ -107,4 +107,10 @@ public byte[] apply(final byte[] message, final String certProfile) {
     public void setDelayedResponseHandler(final AsyncResponseHandler asyncResponseHandler) {
         // no async response expected
     }
+
+    @Override
+    public void stop() {
+        // nothing to do
+
+    }
 }

src/test/java/com/siemens/pki/lightweightcmpclient/test/CmpTestcaseBase.java

@@ -22,7 +22,6 @@
 import com.siemens.pki.lightweightcmpra.test.framework.TestUtils;
 import com.siemens.pki.lightweightcmpra.util.ConfigFileLoader;
 import java.io.File;
-import java.security.GeneralSecurityException;
 import java.security.Security;
 import org.junit.AfterClass;
 import org.junit.Before;
@@ -34,8 +33,7 @@ public class CmpTestcaseBase {
     public static final File CONFIG_DIRECTORY =
             new File("./src/test/java/com/siemens/pki/lightweightcmpra/test/config");
 
-    protected static void initTestbed(final String... namesOfRaConfigFile)
-            throws Exception, GeneralSecurityException, InterruptedException {
+    protected static void initTestbed(final String... namesOfRaConfigFile) throws Exception {
         for (final String nameOfRaConfigFile : namesOfRaConfigFile) {
             RA.main(new String[] {nameOfRaConfigFile});
         }

src/test/java/com/siemens/pki/lightweightcmpclient/test/DelayedEnrollmentTestcaseBase.java

@@ -17,6 +17,8 @@
  */
 package com.siemens.pki.lightweightcmpclient.test;
 
+import static org.junit.Assert.assertTrue;
+
 import com.siemens.pki.lightweightcmpra.main.RA;
 import com.siemens.pki.lightweightcmpra.test.framework.TestUtils;
 import java.security.GeneralSecurityException;
@@ -48,13 +50,13 @@ public void setUpDelayedEnrollmentDirs() throws Exception {
         TestUtils.deleteAllFilesIn("./target/CmpTest/Downstream", "./target/CmpTest/Upstream");
     }
 
-    @Test
-    public void testCrWithPolling() throws Exception {
-        enrollWithConfig("DelayedClientEnrollmentConfigWithHttpAndSignature.yaml");
+    @Test(timeout = 60000L)
+    public void testCrWithPolling() {
+        assertTrue(enrollWithConfig("DelayedClientEnrollmentConfigWithHttpAndSignature.yaml"));
     }
 
-    @Test
-    public void testRrWithPolling() throws Exception {
-        revokeWithConfigAndCert("DelayedClientEnrollmentConfigWithHttpAndSignature.yaml");
+    @Test(timeout = 60000L)
+    public void testRrWithPolling() {
+        assertTrue(revokeWithConfigAndCert("DelayedClientEnrollmentConfigWithHttpAndSignature.yaml"));
     }
 }