From b809a2da0258b5df45398bb46c552c8fd1364536 Mon Sep 17 00:00:00 2001 From: Paul-Christian Volkmer Date: Wed, 24 Apr 2024 08:22:13 +0200 Subject: refactor: move custom rest template init to config class --- .../pseudonym/GpasPseudonymGenerator.java | 112 ++------------------- 1 file changed, 10 insertions(+), 102 deletions(-) (limited to 'src/main/java/dev/dnpm/etl') diff --git a/src/main/java/dev/dnpm/etl/processor/pseudonym/GpasPseudonymGenerator.java b/src/main/java/dev/dnpm/etl/processor/pseudonym/GpasPseudonymGenerator.java index c7c07f2..77caa77 100644 --- a/src/main/java/dev/dnpm/etl/processor/pseudonym/GpasPseudonymGenerator.java +++ b/src/main/java/dev/dnpm/etl/processor/pseudonym/GpasPseudonymGenerator.java @@ -23,40 +23,17 @@ import ca.uhn.fhir.context.FhirContext; import ca.uhn.fhir.parser.IParser; import dev.dnpm.etl.processor.config.GPasConfigProperties; import org.apache.commons.lang3.StringUtils; -import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; -import org.apache.hc.client5.http.impl.classic.HttpClients; -import org.apache.hc.client5.http.impl.io.BasicHttpClientConnectionManager; -import org.apache.hc.client5.http.socket.ConnectionSocketFactory; -import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.core5.http.config.Registry; -import org.apache.hc.core5.http.config.RegistryBuilder; import org.hl7.fhir.r4.model.Identifier; import org.hl7.fhir.r4.model.Parameters; import org.hl7.fhir.r4.model.Parameters.ParametersParameterComponent; import org.hl7.fhir.r4.model.StringType; import org.jetbrains.annotations.NotNull; -import org.jetbrains.annotations.Nullable; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.*; -import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.retry.support.RetryTemplate; import org.springframework.web.client.RestTemplate; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManagerFactory; -import java.io.BufferedInputStream; -import java.io.FileInputStream; -import java.io.IOException; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; - public class GpasPseudonymGenerator implements Generator { private final static FhirContext r4Context = FhirContext.forR4(); @@ -68,33 +45,13 @@ public class GpasPseudonymGenerator implements Generator { private final RestTemplate restTemplate; - private SSLContext customSslContext; - public GpasPseudonymGenerator(GPasConfigProperties gpasCfg, RetryTemplate retryTemplate, RestTemplate restTemplate) { this.retryTemplate = retryTemplate; + this.restTemplate = restTemplate; this.gPasUrl = gpasCfg.getUri(); this.psnTargetDomain = gpasCfg.getTarget(); httpHeader = getHttpHeaders(gpasCfg.getUsername(), gpasCfg.getPassword()); - try { - if (StringUtils.isNotBlank(gpasCfg.getSslCaLocation())) { - customSslContext = getSslContext(gpasCfg.getSslCaLocation()); - log.warn(String.format("%s has been initialized with SSL certificate %s. This is deprecated in favor of including Root CA.", - this.getClass().getName(), gpasCfg.getSslCaLocation())); - - if (customSslContext == null) { - this.restTemplate = restTemplate; - } else { - this.restTemplate = getCustomRestTemplate(); - } - } else { - this.restTemplate = restTemplate; - } - } catch (IOException | KeyManagementException | KeyStoreException | CertificateException | - NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - log.debug(String.format("%s has been initialized", this.getClass().getName())); } @@ -104,7 +61,7 @@ public class GpasPseudonymGenerator implements Generator { var gPasRequestBody = getGpasRequestBody(id); var responseEntity = getGpasPseudonym(gPasRequestBody); var gPasPseudonymResult = (Parameters) r4Context.newJsonParser() - .parseResource(responseEntity.getBody()); + .parseResource(responseEntity.getBody()); return unwrapPseudonym(gPasPseudonymResult); } @@ -118,9 +75,9 @@ public class GpasPseudonymGenerator implements Generator { } final var identifier = (Identifier) parameters.get().getPart().stream() - .filter(a -> a.getName().equals("pseudonym")) - .findFirst() - .orElseGet(ParametersParameterComponent::new).getValue(); + .filter(a -> a.getName().equals("pseudonym")) + .findFirst() + .orElseGet(ParametersParameterComponent::new).getValue(); // pseudonym return sanitizeValue(identifier.getValue()); @@ -149,8 +106,8 @@ public class GpasPseudonymGenerator implements Generator { try { responseEntity = retryTemplate.execute( - ctx -> restTemplate.exchange(gPasUrl, HttpMethod.POST, requestEntity, - String.class)); + ctx -> restTemplate.exchange(gPasUrl, HttpMethod.POST, requestEntity, + String.class)); if (responseEntity.getStatusCode().is2xxSuccessful()) { log.debug("API request succeeded. Response: {}", responseEntity.getStatusCode()); @@ -162,16 +119,16 @@ public class GpasPseudonymGenerator implements Generator { return responseEntity; } catch (Exception unexpected) { throw new PseudonymRequestFailed( - "API request due unexpected error unsuccessful gPas unsuccessful.", unexpected); + "API request due unexpected error unsuccessful gPas unsuccessful.", unexpected); } } protected String getGpasRequestBody(String id) { var requestParameters = new Parameters(); requestParameters.addParameter().setName("target") - .setValue(new StringType().setValue(psnTargetDomain)); + .setValue(new StringType().setValue(psnTargetDomain)); requestParameters.addParameter().setName("original") - .setValue(new StringType().setValue(id)); + .setValue(new StringType().setValue(id)); final IParser iParser = r4Context.newJsonParser(); return iParser.encodeResourceToString(requestParameters); } @@ -188,53 +145,4 @@ public class GpasPseudonymGenerator implements Generator { headers.setBasicAuth(gPasUserName, gPasPassword); return headers; } - - /** - * Read SSL root certificate and return SSLContext - * - * @param certificateLocation file location to root certificate (PEM) - * @return initialized SSLContext - * @throws IOException file cannot be read - * @throws CertificateException in case we have an invalid certificate of type X.509 - * @throws KeyStoreException keystore cannot be initialized - * @throws NoSuchAlgorithmException missing trust manager algorithmus - * @throws KeyManagementException key management failed at init SSLContext - */ - @Nullable - protected SSLContext getSslContext(String certificateLocation) - throws IOException, CertificateException, KeyStoreException, KeyManagementException, NoSuchAlgorithmException { - - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - - FileInputStream fis = new FileInputStream(certificateLocation); - X509Certificate ca = (X509Certificate) CertificateFactory.getInstance("X.509") - .generateCertificate(new BufferedInputStream(fis)); - - ks.load(null, null); - ks.setCertificateEntry(Integer.toString(1), ca); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance( - TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(ks); - - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, tmf.getTrustManagers(), null); - - return sslContext; - } - - protected RestTemplate getCustomRestTemplate() { - final var sslsf = new SSLConnectionSocketFactory(customSslContext); - final Registry socketFactoryRegistry = RegistryBuilder.create() - .register("https", sslsf).register("http", new PlainConnectionSocketFactory()).build(); - - final BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager( - socketFactoryRegistry); - final CloseableHttpClient httpClient = HttpClients.custom() - .setConnectionManager(connectionManager).build(); - - final HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory( - httpClient); - return new RestTemplate(requestFactory); - } } -- cgit v1.2.3