fix CryptographerImpl

bhuism · Nov 25, 2024 · cde5b67 · cde5b67
1 parent eff705e
commit cde5b67
Show file tree

Hide file tree

Showing 18 changed files with 11,887 additions and 89 deletions.
diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
@@ -58,12 +58,12 @@ jobs:
       - name: Run the Maven verify phase
         run: mvn --batch-mode --update-snapshots verify
 
-#      - name: Extract metadata (tags, labels) for Docker
-#        id: meta
-#        if: github.event_name != 'pull_request'
-#        uses: docker/metadata-action@v5
-#        with:
-#          images: ghcr.io/ictu/pseudoniemenservice
+      #      - name: Extract metadata (tags, labels) for Docker
+      #        id: meta
+      #        if: github.event_name != 'pull_request'
+      #        uses: docker/metadata-action@v5
+      #        with:
+      #          images: ghcr.io/ictu/pseudoniemenservice
 
       - name: Login to GHCR
         uses: docker/login-action@v3
@@ -95,26 +95,26 @@ jobs:
             --platform linux/${{ matrix.platform }} \
             --report-output-dir ./report.toml \
             --publish
-#
-#      - name: Set up JDK
-#        uses: actions/setup-java@v4
-#        with:
-#          java-version: '21'
-#          distribution: "liberica"
-#          cache: maven
-
-#      - name: Build Native with Maven
-#        if: github.event_name != 'pull_request'
-#        run: mvn -ntp -B clean install spring-boot:build-image -Dspring-boot.build-image.imageName=ghcr.io/ictu/pseudoniemenservice:latest
-#
-#      - name: Build with Maven
-#        if: github.event_name == 'pull_request'
-#        run: mvn -ntp -B clean install
-#
-#      - name: Push docker image
-#        if: github.event_name != 'pull_request'
-#        run: |
-#          docker push --platform ${{ matrix.platform }} ghcr.io/ictu/pseudoniemenservice:lates
+  #
+  #      - name: Set up JDK
+  #        uses: actions/setup-java@v4
+  #        with:
+  #          java-version: '21'
+  #          distribution: "liberica"
+  #          cache: maven
+
+  #      - name: Build Native with Maven
+  #        if: github.event_name != 'pull_request'
+  #        run: mvn -ntp -B clean install spring-boot:build-image -Dspring-boot.build-image.imageName=ghcr.io/ictu/pseudoniemenservice:latest
+  #
+  #      - name: Build with Maven
+  #        if: github.event_name == 'pull_request'
+  #        run: mvn -ntp -B clean install
+  #
+  #      - name: Push docker image
+  #        if: github.event_name != 'pull_request'
+  #        run: |
+  #          docker push --platform ${{ matrix.platform }} ghcr.io/ictu/pseudoniemenservice:lates
 
   merge:
     runs-on: ubuntu-latest

diff --git a/pom.xml b/pom.xml
@@ -15,7 +15,6 @@
     <description>Demo project for Spring Boot</description>
     <properties>
         <java.version>21</java.version>
-        <swaggerui.version>5.18.2</swaggerui.version>
     </properties>
     <dependencies>
         <dependency>
@@ -40,11 +39,6 @@
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.webjars</groupId>
-            <artifactId>swagger-ui</artifactId>
-            <version>${swaggerui.version}</version>
-        </dependency>
     </dependencies>
 
     <build>

diff --git a/src/main/java/nl/ictu/controller/IndexController.java b/src/main/java/nl/ictu/controller/IndexController.java
@@ -24,7 +24,7 @@ public GitProperties getGitProperties() {
 
     @GetMapping("/")
     public String redirectToSwaggerUi(final HttpServletRequest httpServletRequest) {
-        return "redirect:webjars/swagger-ui/3.38.0/index.html?url=/v1/openapi.yaml";
+        return "redirect:/swagger-ui/index.html";
     }
 
 }
diff --git a/src/main/java/nl/ictu/controller/v1/ExchangeIdentifier.java b/src/main/java/nl/ictu/controller/v1/ExchangeIdentifier.java
@@ -1,8 +1,8 @@
 package nl.ictu.controller.v1;
 
 import nl.ictu.psuedoniemenservice.generated.server.api.ExchangeIdentifierApi;
+import nl.ictu.psuedoniemenservice.generated.server.model.WsExchangeIdentifierForIdentifierRequest;
 import nl.ictu.psuedoniemenservice.generated.server.model.WsExchangeTokenForIdentifier200Response;
-import nl.ictu.psuedoniemenservice.generated.server.model.WsGetTokenRequest;
 import nl.ictu.psuedoniemenservice.generated.server.model.WsIdentifier;
 import nl.ictu.psuedoniemenservice.generated.server.model.WsIdentifierTypes;
 import org.springframework.http.ResponseEntity;
@@ -11,8 +11,9 @@
 @RestController
 public class ExchangeIdentifier implements ExchangeIdentifierApi, VersionOneController {
 
+
     @Override
-    public ResponseEntity<WsExchangeTokenForIdentifier200Response> exchangeIdentifierForIdentifier(final WsGetTokenRequest wsGetTokenRequest) {
+    public ResponseEntity<WsExchangeTokenForIdentifier200Response> exchangeIdentifierForIdentifier(final WsExchangeIdentifierForIdentifierRequest wsExchangeIdentifierForIdentifierRequest) {
 
         final WsIdentifier wsIdentifier = new WsIdentifier()
             .identifierType(WsIdentifierTypes.BSN)

diff --git a/src/main/java/nl/ictu/controller/v1/ExchangeToken.java b/src/main/java/nl/ictu/controller/v1/ExchangeToken.java
@@ -1,26 +1,41 @@
 package nl.ictu.controller.v1;
 
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
 import nl.ictu.psuedoniemenservice.generated.server.api.ExchangeTokenApi;
 import nl.ictu.psuedoniemenservice.generated.server.model.WsExchangeTokenForIdentifier200Response;
 import nl.ictu.psuedoniemenservice.generated.server.model.WsExchangeTokenForIdentifierRequest;
-import nl.ictu.psuedoniemenservice.generated.server.model.WsIdentifier;
-import nl.ictu.psuedoniemenservice.generated.server.model.WsIdentifierTypes;
+import nl.ictu.psuedoniemenservice.generated.server.model.WsGetTokenRequest;
+import nl.ictu.service.Cryptographer;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RestController;
 
+@RequiredArgsConstructor
 @RestController
 public class ExchangeToken implements ExchangeTokenApi, VersionOneController {
 
+    private final Cryptographer cryptographer;
+
+    @SneakyThrows
     @Override
     public ResponseEntity<WsExchangeTokenForIdentifier200Response> exchangeTokenForIdentifier(final WsExchangeTokenForIdentifierRequest wsExchangeTokenForIdentifierRequest) {
 
-        final WsIdentifier wsIdentifier = new WsIdentifier()
-            .identifierType(WsIdentifierTypes.BSN)
-            .identifierValue("123456789");
+        final String encodedToken = cryptographer.decrypt(wsExchangeTokenForIdentifierRequest.getToken());
+
+        final WsGetTokenRequest decodedToken = TokenHelper.decode(encodedToken);
+
+        if (!decodedToken.getReceiverOin().equals(wsExchangeTokenForIdentifierRequest.getReceiverOin())) {
+            throw new RuntimeException("ReceiverOIN not the same");
+        }
+
+        if (!decodedToken.getRequesterOin().equals(wsExchangeTokenForIdentifierRequest.getRequesterOin())) {
+            throw new RuntimeException("RequesterOIN not the same");
+        }
+
 
         final WsExchangeTokenForIdentifier200Response wsExchangeTokenForIdentifier200Response = new WsExchangeTokenForIdentifier200Response();
 
-        wsExchangeTokenForIdentifier200Response.identifier(wsIdentifier);
+        wsExchangeTokenForIdentifier200Response.setIdentifier(decodedToken.getIdentifier());
 
         return ResponseEntity.ok(wsExchangeTokenForIdentifier200Response);
 

diff --git a/src/main/java/nl/ictu/controller/v1/GetToken.java b/src/main/java/nl/ictu/controller/v1/GetToken.java
@@ -1,22 +1,30 @@
 package nl.ictu.controller.v1;
 
+import lombok.RequiredArgsConstructor;
+import lombok.SneakyThrows;
 import nl.ictu.psuedoniemenservice.generated.server.api.GetTokenApi;
 import nl.ictu.psuedoniemenservice.generated.server.model.WsGetToken200Response;
 import nl.ictu.psuedoniemenservice.generated.server.model.WsGetTokenRequest;
+import nl.ictu.service.Cryptographer;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RestController;
 
-import java.util.UUID;
-
 @RestController
+@RequiredArgsConstructor
 public class GetToken implements GetTokenApi, VersionOneController {
+
+    private final Cryptographer cryptographer;
+
+    @SneakyThrows
     @Override
     public ResponseEntity<WsGetToken200Response> getToken(final WsGetTokenRequest wsGetTokenRequest) {
-
         final WsGetToken200Response wsGetToken200Response = new WsGetToken200Response();
 
-        wsGetToken200Response.token(UUID.randomUUID().toString());
+        final String plainTextToken = TokenHelper.encode(wsGetTokenRequest);
+
+        wsGetToken200Response.token(cryptographer.encrypt(plainTextToken));
 
         return ResponseEntity.ok(wsGetToken200Response);
     }
+
 }
diff --git a/src/main/java/nl/ictu/controller/v1/IdentifierHelper.java b/src/main/java/nl/ictu/controller/v1/IdentifierHelper.java
@@ -0,0 +1,28 @@
+package nl.ictu.controller.v1;
+
+import nl.ictu.psuedoniemenservice.generated.server.model.WsIdentifier;
+import nl.ictu.psuedoniemenservice.generated.server.model.WsIdentifierTypes;
+
+public final class IdentifierHelper {
+
+    private final static String DELIMITER = ":";
+
+    public static String encode(final WsIdentifier wsIdentifier) {
+        return wsIdentifier.getIdentifierType().name() + DELIMITER + wsIdentifier.getIdentifierValue();
+    }
+
+    public static WsIdentifier decode(final String encoded) {
+
+        final String[] parts = encoded.split(DELIMITER);
+
+        final WsIdentifier wsIdentifier = new WsIdentifier();
+
+        wsIdentifier.identifierType(WsIdentifierTypes.fromValue(parts[0]));
+
+        wsIdentifier.identifierValue(parts[1]);
+
+        return wsIdentifier;
+
+    }
+
+}
diff --git a/src/main/java/nl/ictu/controller/v1/TokenHelper.java b/src/main/java/nl/ictu/controller/v1/TokenHelper.java
@@ -0,0 +1,38 @@
+package nl.ictu.controller.v1;
+
+import nl.ictu.psuedoniemenservice.generated.server.model.WsGetTokenRequest;
+
+import java.util.StringJoiner;
+
+public final class TokenHelper {
+
+    private static final String DELIMITER = "_";
+
+    public static String encode(final WsGetTokenRequest wsGetTokenRequest) {
+
+        final StringJoiner joiner = new StringJoiner(DELIMITER);
+
+        joiner.add(wsGetTokenRequest.getReceiverOin());
+        joiner.add(wsGetTokenRequest.getIdentifier().getIdentifierType() + wsGetTokenRequest.getIdentifier().getIdentifierValue());
+
+        final String encodedToken = wsGetTokenRequest.getRequesterOin() + DELIMITER + IdentifierHelper.encode(wsGetTokenRequest.getIdentifier()) + DELIMITER + wsGetTokenRequest.getReceiverOin();
+
+        return encodedToken;
+
+    }
+
+    public static WsGetTokenRequest decode(final String encodedToken) {
+
+        final String[] parts = encodedToken.split(DELIMITER);
+
+        final WsGetTokenRequest wsGetTokenRequest = new WsGetTokenRequest();
+
+        wsGetTokenRequest.setRequesterOin(parts[0]);
+        wsGetTokenRequest.setIdentifier(IdentifierHelper.decode(parts[1]));
+        wsGetTokenRequest.setReceiverOin(parts[2]);
+
+        return wsGetTokenRequest;
+
+    }
+
+}
diff --git a/src/main/java/nl/ictu/service/AESHelper.java b/src/main/java/nl/ictu/service/AESHelper.java
@@ -0,0 +1,49 @@
+package nl.ictu.service;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.GCMParameterSpec;
+import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
+
+public final class AESHelper {
+
+    final private static int KEY_LENGTH = 256;
+
+    final public static int IV_LENGTH = 12;
+
+    final private static int TAG_LENGTH = 128;
+
+    final private static String CIPHER = "AES/GCM/NoPadding";
+
+    final private static SecureRandom secureRandom = new SecureRandom();
+
+    // Method to generate a random AES key
+    public static SecretKey generateKey() throws NoSuchAlgorithmException {
+        KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
+        keyGenerator.init(KEY_LENGTH); // 128-bit AES encryption
+        return keyGenerator.generateKey();
+    }
+
+    // Method to generate a random Initialization Vector (IV)
+    public static GCMParameterSpec generateIV() {
+        byte[] iv = new byte[IV_LENGTH]; // AES block size is 16 bytes
+        secureRandom.nextBytes(iv);
+
+        final GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(TAG_LENGTH, iv);
+
+        return gcmParameterSpec;
+    }
+
+    public static GCMParameterSpec createIVfromValues(byte[] iv) {
+        final GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(TAG_LENGTH, iv);
+        return gcmParameterSpec;
+    }
+
+    public static Cipher createCipher() throws NoSuchPaddingException, NoSuchAlgorithmException {
+        return Cipher.getInstance(CIPHER);
+    }
+
+}
diff --git a/src/main/java/nl/ictu/service/Cryptographer.java b/src/main/java/nl/ictu/service/Cryptographer.java
@@ -0,0 +1,15 @@
+package nl.ictu.service;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.NoSuchAlgorithmException;
+
+public interface Cryptographer {
+
+    String encrypt(String plaintext) throws IllegalBlockSizeException, BadPaddingException, InvalidAlgorithmParameterException, InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException;
+
+    String decrypt(String ciphertext) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidAlgorithmParameterException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException;
+}