From a8985e6a2b5d1ac87ebd3b7a746fd199559a3bef Mon Sep 17 00:00:00 2001
From: djmil <andriy@djmil.dev>
Date: Thu, 17 Aug 2023 21:12:59 +0200
Subject: [PATCH] SprinBoot: Secure HTTPS Clinet with POJO

---
 .../cordacheckers/pojo/holdingIdentity.java   |   6 ++
 .../cordacheckers/pojo/virtualNodes.java      |   6 ++
 .../djmil/cordacheckers/pojo/virtualnode.java |   8 +++
 .../src/main/resources/application.properties |   2 +
 .../main/resources/keystore/truststore.p12    | Bin 0 -> 1142 bytes
 .../CordacheckersApplicationTests.java        |  59 +++++++++++-------
 6 files changed, 60 insertions(+), 21 deletions(-)
 create mode 100644 backend/src/main/java/djmil/cordacheckers/pojo/holdingIdentity.java
 create mode 100644 backend/src/main/java/djmil/cordacheckers/pojo/virtualNodes.java
 create mode 100644 backend/src/main/java/djmil/cordacheckers/pojo/virtualnode.java
 create mode 100644 backend/src/main/resources/keystore/truststore.p12

diff --git a/backend/src/main/java/djmil/cordacheckers/pojo/holdingIdentity.java b/backend/src/main/java/djmil/cordacheckers/pojo/holdingIdentity.java
new file mode 100644
index 0000000..1a35303
--- /dev/null
+++ b/backend/src/main/java/djmil/cordacheckers/pojo/holdingIdentity.java
@@ -0,0 +1,6 @@
+package djmil.cordacheckers.pojo;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public record holdingIdentity(String x500Name, String shortHash) { }
diff --git a/backend/src/main/java/djmil/cordacheckers/pojo/virtualNodes.java b/backend/src/main/java/djmil/cordacheckers/pojo/virtualNodes.java
new file mode 100644
index 0000000..207227a
--- /dev/null
+++ b/backend/src/main/java/djmil/cordacheckers/pojo/virtualNodes.java
@@ -0,0 +1,6 @@
+package djmil.cordacheckers.pojo;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public record virtualNodes(holdingIdentity holdingIdentity) { }
diff --git a/backend/src/main/java/djmil/cordacheckers/pojo/virtualnode.java b/backend/src/main/java/djmil/cordacheckers/pojo/virtualnode.java
new file mode 100644
index 0000000..9662886
--- /dev/null
+++ b/backend/src/main/java/djmil/cordacheckers/pojo/virtualnode.java
@@ -0,0 +1,8 @@
+package djmil.cordacheckers.pojo;
+
+import java.util.List;
+
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+
+@JsonIgnoreProperties(ignoreUnknown = true)
+public record virtualnode(List<virtualNodes> virtualNodes) { }
diff --git a/backend/src/main/resources/application.properties b/backend/src/main/resources/application.properties
index 8b13789..585b43b 100644
--- a/backend/src/main/resources/application.properties
+++ b/backend/src/main/resources/application.properties
@@ -1 +1,3 @@
 
+trust.store=classpath:keystore/truststore.p12
+trust.store.password=test123
\ No newline at end of file
diff --git a/backend/src/main/resources/keystore/truststore.p12 b/backend/src/main/resources/keystore/truststore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..b7d4ef4a246a2a257c05df4010f4c6cc001accdb
GIT binary patch
literal 1142
zcmV-+1d01Ff&_8`0Ru3C1RMqlDuzgg_YDCD0ic2e4FrM&2{3{L1u%jH0R{;whDe6@
z4FLxRpn?PPFoFZ_0s#Opf&=FU2`Yw2hW8Bt2LUi<1_>&LNQU<f0R;^(Sui*T2`Yw2
zhW8Bt1q?7N1QeU842Mt?n}HZn%@3%l=YrG0_(=i+ClCSwATSID2r7n1hW8Bu2?YQ!
z9R>+thDZTr0|Wso1Q7oO4wLM$AGxo=?)f^UKyZM918|#6Z%ni~Wob!&iOABUmkCP)
zYhG~<!j7o)vf;(Z`I8VyxFe`0(kO+cG8(w%V#ULf9#4l~n&e05ypW(V?H1$W(7!WA
z(UB(@mWcWUKS$}{ra*sd=)`mWWza%Ejo*e8q`w6lJe`642QFyeToz1Fk=jE(+$}IE
zurU7UL;!pICg@+WB>~KsteB*o`J;-&o@xKd5|Vb}8u_ts#m=`{BOGk&_XB<UPEV|>
zw#8!}L4!!mjqECgk)8#$*zXu9YpRQ2$^9!%Et7-XPJBZEdPdgBn@rHc=tPH!V>LU}
zLCgZt9)kRLNGwo=m9a+q*Y816Nxv{b^lQx>OiJtXxhmxAuI{!W^a?l-d@(QWqfTMu
z?VMQv+&2q7<+{Uo*oa@RTU)}?tj@rpCm1>%2#m;>riy81EhzoK_)ZXb(JA<$9;#l}
zy?^*P2H$pKvi}R)pvo>1Qs;^0+G>47#+0zRRWD?35kNn!Bcsqo)C@{LpndFeT~jtd
z0KoIDcSY3DGdKcNCUZPRohNwF5`8<=Trm*n*RVbg%`cIhnq!A3p}vX`1=*bbSHB|t
zxE(PMw<@n@m4?j4`>$O?%OC!aj>th$#6E1JpBr=9BR3o*ranmIhND%}(>7VH0(7Z>
zxsAcb6n36mqT)e^=UCQk<Q+p-Ax15?i~=UY%LjT?*f`DQg^UYx(F|V*U1WB4&M-8Y
zzynY$Uc-7zGeh^@4%5{tGl8Gr)Ho^{yhcWQ6o%Qx7E_MZ?U?cPBiu`rPr}v=y~>=a
znNPa6XN!M}STl~}8BBI*WuCQj=P0Pg2`QGTpCr?tB@x(#zc)#bv>pD^8@_(R_4lp4
zLxtnIMVaM(6(nO#4CC>wcq^f|en?_KtV6WRNj8Y`QI$<n!&lUbV2i`iz=yt9_(AWn
ztzUbl&SFh`+H)p<mzZEn)TaEj!5aQCIn*;i#aDy}D>w8RlDC5n`=Cm*P(i&|EgJw~
zJ$c&>omcbEffHB<C^fz_<y_MRze}FNi!m?<zx<Nn!Fek^)n6a9pT7WeJ)Z$@b?c=8
zZ6GM%d-AsEEAN->lANk}4{o(0vti1U8!T0&hUP`s(D?^2HaD0+2`v@hOc-Jk)qn@x
z9*-(iY+Nb8sgiGtU@%NF2T9qmAT5AH@Kbi7@?bDcFflL<1_@w>NC9O71OfpC00bZ|
zgeO>d2Wn2%J<$6USIm>(h5j13)=LN7*U9Dg>$T_v6hRsJE^Q)b(^W{WAs+m=^M-pL
IT>=6p5LbQ$wEzGB

literal 0
HcmV?d00001

diff --git a/backend/src/test/java/djmil/cordacheckers/CordacheckersApplicationTests.java b/backend/src/test/java/djmil/cordacheckers/CordacheckersApplicationTests.java
index f434f23..ff59269 100644
--- a/backend/src/test/java/djmil/cordacheckers/CordacheckersApplicationTests.java
+++ b/backend/src/test/java/djmil/cordacheckers/CordacheckersApplicationTests.java
@@ -1,5 +1,6 @@
 package djmil.cordacheckers;
 
+import java.io.IOException;
 import java.security.GeneralSecurityException;
 
 import javax.net.ssl.SSLContext;
@@ -14,9 +15,10 @@ import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
 import org.apache.hc.core5.http.config.Registry;
 import org.apache.hc.core5.http.config.RegistryBuilder;
 import org.apache.hc.core5.ssl.SSLContexts;
-import org.apache.hc.core5.ssl.TrustStrategy;
 import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.core.io.Resource;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
@@ -25,22 +27,29 @@ import org.springframework.http.ResponseEntity;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
 import org.springframework.web.client.RestTemplate;
 
+import djmil.cordacheckers.pojo.holdingIdentity;
+import djmil.cordacheckers.pojo.virtualnode;
+
 import static org.assertj.core.api.Assertions.assertThat;
 
 
 @SpringBootTest
 class CordacheckersApplicationTests {
 
+    @Value("${trust.store}")
+    private Resource trustStore;
+
+    @Value("${trust.store.password}")
+    private String trustStorePassword;
+
 	@Test
 	void contextLoads() {
 	}
 
 	@Test
-	void givenAcceptingAllCertificates_whenHttpsUrlIsConsumed_thenOk() throws GeneralSecurityException {
-
-		final TrustStrategy acceptingTrustStrategy = (cert, authType) -> true;
+	void givenAcceptOnlyCACertificates_whenHttpsUrlIsConsumed_thenOk() throws GeneralSecurityException, IOException {
 		final SSLContext sslContext = SSLContexts.custom()
-			.loadTrustMaterial(null, acceptingTrustStrategy)
+			.loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray())
 			.build();
 		final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
 		final Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory> create()
@@ -54,26 +63,34 @@ class CordacheckersApplicationTests {
 			.setConnectionManager(connectionManager)
 			.build();
 
-
-            // create headers
-            HttpHeaders headers = new HttpHeaders();
-            headers.setBasicAuth("admin", "admin");
-
-            // String authStr = "username:password";
-            // String base64Creds = Base64.getEncoder().encodeToString(authStr.getBytes());
-            // headers.add("Authorization", "Basic " + base64Creds);
-
-            // create request
-            final HttpEntity<String> request = new HttpEntity<>(headers);
-
-
 		final HttpComponentsClientHttpRequestFactory requestFactory =
 			new HttpComponentsClientHttpRequestFactory(httpClient);
-		final ResponseEntity<String> response = new RestTemplate(requestFactory)
-			.exchange("https://localhost:8888/api/v1/virtualnode", HttpMethod.GET, request, String.class);
+		//requestFactory.setReadTimeout(readTimeout);
+		//requestFactory.setConnectTimeout(connectTimeout);
+
+
+		// Request authorization header
+		HttpHeaders headers = new HttpHeaders();
+		headers.setBasicAuth("admin", "admin");
+
+		// String authStr = "username:password";
+		// String base64Creds = Base64.getEncoder().encodeToString(authStr.getBytes());
+		// headers.add("Authorization", "Basic " + base64Creds);
+		
+		// Request
+		final HttpEntity<String> request = new HttpEntity<>(headers);
+
+		final ResponseEntity<virtualnode> response = new RestTemplate(requestFactory)
+			.exchange("https://localhost:8888/api/v1/virtualnode", HttpMethod.GET, request, virtualnode.class);
 
 		assertThat(response.getStatusCode()).isEqualTo(HttpStatus.OK);
+		assertThat(response.hasBody());
 
-		System.out.println("UNSWER: " + response.getBody());
+		virtualnode vNode = response.getBody();
+		assertThat(vNode != null);
+		assertThat(vNode.virtualNodes().size() == 5);
+
+		holdingIdentity identity = vNode.virtualNodes().get(0).holdingIdentity();
+		assertThat(identity.x500Name().contains("NotaryRep1"));
 	}
 }