merge

navikt · Apr 16, 2024 · 31a61b6 · 31a61b6
2 parents 99b1d03 + eb8efdd
commit 31a61b6
Show file tree

Hide file tree

Showing 15 changed files with 112 additions and 38 deletions.
diff --git a/.github/workflows/jobs.yaml b/.github/workflows/jobs.yaml
@@ -21,13 +21,13 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: "Pull push docker image"
         run: "docker pull ghcr.io/curl/curl-container/curl:master && docker tag ghcr.io/curl/curl-container/curl:master ghcr.io/${{ github.repository }}/curl:master && docker push ghcr.io/${{ github.repository }}/curl:master"
-      - name: "Naisjob Readmail"
-        uses: "nais/deploy/actions/deploy@v1"
-        env:
-          APIKEY: "${{ secrets.NAIS_DEPLOY_APIKEY }}"
-          CLUSTER: "dev-fss"
-          RESOURCE: ".nais/naisjob-readmail.yaml"
-          IMAGE: "ghcr.io/${{ github.repository }}/curl:master"
+      #- name: "Naisjob Readmail"
+      #  uses: "nais/deploy/actions/deploy@v1"
+      #  env:
+      #    APIKEY: "${{ secrets.NAIS_DEPLOY_APIKEY }}"
+      #    CLUSTER: "dev-fss"
+      #    RESOURCE: ".nais/naisjob-readmail.yaml"
+      #    IMAGE: "ghcr.io/${{ github.repository }}/curl:master"
       - name: "Naisjob CpaSync"
         uses: "nais/deploy/actions/deploy@v1"
         env:

diff --git a/.nais/ebms-send-in-prod.yaml b/.nais/ebms-send-in-prod.yaml
@@ -11,6 +11,21 @@ spec:
       enabled: true
   webproxy: true
   image: {{image}}
+  liveness:
+    path: "/internal/health/liveness"
+    port: 8080
+    initialDelay: 30
+    timeout: 10
+    failureThreshold: 10
+  readiness:
+    path: "/internal/health/readiness"
+    port: 8080
+    initialDelay: 30
+    timeout: 10
+    failureThreshold: 10
+  prometheus:
+    enabled: true
+    path: /prometheus
   replicas:
     min: 1
     max: 1

diff --git a/.nais/ebms-send-in.yaml b/.nais/ebms-send-in.yaml
@@ -11,6 +11,21 @@ spec:
       enabled: true
   webproxy: true
   image: {{image}}
+  liveness:
+    path: "/internal/health/liveness"
+    port: 8080
+    initialDelay: 30
+    timeout: 10
+    failureThreshold: 10
+  readiness:
+    path: "/internal/health/readiness"
+    port: 8080
+    initialDelay: 30
+    timeout: 10
+    failureThreshold: 10
+  prometheus:
+    enabled: true
+    path: /prometheus
   replicas:
     min: 2
     max: 6

diff --git a/cpa-repo/src/main/kotlin/no/nav/emottak/cpa/validation/SertifikatValidering.kt b/cpa-repo/src/main/kotlin/no/nav/emottak/cpa/validation/SertifikatValidering.kt
@@ -91,6 +91,7 @@ class SertifikatValidering(
         try {
             builder.build(pkixParams) as PKIXCertPathBuilderResult
         } catch (e: CertPathBuilderException) {
+            log.warn("Sertifikatvalidering feilet <${certificate.serialNumber}> <${certificate.subjectX500Principal.name}> utstedt av <${certificate.issuerX500Principal.name}>", e)
             throw CertificateValidationException("Sertifikatvalidering feilet for sertifikat utstedt av <${certificate.issuerX500Principal.name}>", e)
         }
     }

diff --git a/cpa-repo/src/main/kotlin/no/nav/emottak/cpa/validation/TrustStoreExt.kt b/cpa-repo/src/main/kotlin/no/nav/emottak/cpa/validation/TrustStoreExt.kt
@@ -5,9 +5,13 @@ import no.nav.emottak.util.isSelfSigned
 import java.security.cert.X509Certificate
 
 fun KeyStore.getTrustedRootCerts(): Set<X509Certificate> {
-    return this.getPublicCertificates().values.filter { isSelfSigned(it) }.toSet()
+    return this.getPublicCertificates().values.filter { isSelfSigned(it) }.toSet().onEach {
+        log.info("Loaded root certificate: <${it.serialNumber}> <${it.subjectX500Principal.name}> <${it.issuerX500Principal}>")
+    }
 }
 
 internal fun KeyStore.getIntermediateCerts(): Set<X509Certificate> {
-    return this.getPublicCertificates().values.filter { !isSelfSigned(it) }.toSet()
+    return this.getPublicCertificates().values.filter { !isSelfSigned(it) }.toSet().onEach {
+        log.info("Loaded intermediate certificate: <${it.serialNumber}> <${it.subjectX500Principal.name}> <${it.issuerX500Principal}>")
+    }
 }
diff --git a/cpa-repo/src/test/kotlin/no/nav/emottak/cpa/validation/SertifikatValideringTest.kt b/cpa-repo/src/test/kotlin/no/nav/emottak/cpa/validation/SertifikatValideringTest.kt
@@ -29,6 +29,7 @@ class SertifikatValideringTest : FunSpec({
         every {
             crlChecker.getCRLRevocationInfo(any(), any())
         } just runs
+        System.setProperty("TRUSTSTORE_PATH", "truststore.p12")
         val sertifikatValidering = SertifikatValidering(crlChecker, trustStoreConfig)
 
         withData(

diff --git a/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/App.kt b/ebms-provider/src/main/kotlin/no/nav/emottak/ebms/App.kt
@@ -236,12 +236,12 @@ suspend fun ApplicationCall.respondEbmsDokument(ebmsDokument: EbMSDocument) {
     if (ebmsDokument.dokumentType() == DokumentType.ACKNOWLEDGMENT) {
         log.info("Successfuly processed Payload Message")
     }
-    val ebxml = Base64.getMimeEncoder().encodeToString(ebmsDokument.dokument.asString().toByteArray())
 
     this.response.headers.apply {
         this.append(MimeHeaders.CONTENT_TYPE, ContentType.Text.Xml.toString())
     }
     if (ebmsDokument.dokumentType() == DokumentType.PAYLOAD) {
+        val ebxml = Base64.getMimeEncoder().encodeToString(ebmsDokument.dokument.asString().toByteArray())
         val ebxmlFormItem = PartData.FormItem(
             ebxml,
             {},
@@ -278,7 +278,8 @@ suspend fun ApplicationCall.respondEbmsDokument(ebmsDokument: EbMSDocument) {
         )
     } else {
         this.response.headers.append(MimeHeaders.CONTENT_TYPE, ContentType.Text.Xml.toString())
-        this.response.headers.append(MimeHeaders.CONTENT_TRANSFER_ENCODING, "base64")
-        this.respondText(status = HttpStatusCode.OK, text = ebxml)
+        this.response.headers.append(MimeHeaders.CONTENT_TRANSFER_ENCODING, "8bit")
+        this.response.headers.append(MimeHeaders.SOAP_ACTION, "ebXML")
+        this.respondText(status = HttpStatusCode.OK, text = ebmsDokument.dokument.asString())
     }
 }
diff --git a/ebms-provider/src/test/kotlin/no/nav/emottak/ebms/EbmsRoutFellesIT.kt b/ebms-provider/src/test/kotlin/no/nav/emottak/ebms/EbmsRoutFellesIT.kt
@@ -16,7 +16,6 @@ import io.mockk.coVerify
 import io.mockk.just
 import io.mockk.mockk
 import io.mockk.runs
-import no.nav.emottak.cpa.decodeBase64Mime
 import no.nav.emottak.ebms.ebxml.errorList
 import no.nav.emottak.ebms.ebxml.messageHeader
 import no.nav.emottak.ebms.processing.ProcessingService
@@ -94,7 +93,7 @@ abstract class EbmsRoutFellesIT(val endpoint: String) {
     @Test
     fun `Feil på signature should answer with Feil Signal`() = validationTestApp {
         val response = client.post("/ebms", validMultipartRequest.asHttpRequest())
-        val envelope = xmlMarshaller.unmarshal(response.bodyAsText().decodeBase64Mime(), Envelope::class.java)
+        val envelope = xmlMarshaller.unmarshal(response.bodyAsText(), Envelope::class.java)
         with(envelope.assertErrorAndGet().error.first()) {
             Assertions.assertEquals("Signature Fail", this.description.value)
             Assertions.assertEquals(

diff --git a/ebms-provider/src/test/kotlin/no/nav/emottak/ebms/EbmsRouteAsyncIT.kt b/ebms-provider/src/test/kotlin/no/nav/emottak/ebms/EbmsRouteAsyncIT.kt
@@ -11,7 +11,6 @@ import io.mockk.coVerify
 import io.mockk.every
 import io.mockk.mockkObject
 import no.nav.emottak.constants.SMTPHeaders
-import no.nav.emottak.cpa.decodeBase64Mime
 import no.nav.emottak.ebms.ebxml.acknowledgment
 import no.nav.emottak.ebms.ebxml.messageHeader
 import no.nav.emottak.ebms.validation.MimeHeaders
@@ -36,7 +35,7 @@ class EbmsRouteAsyncIT : EbmsRoutFellesIT("/ebms") {
         coVerify(exactly = 1) {
             processingService.processAsync(any(), any())
         }
-        val envelope = xmlMarshaller.unmarshal(response.bodyAsText().decodeBase64Mime(), Envelope::class.java)
+        val envelope = xmlMarshaller.unmarshal(response.bodyAsText(), Envelope::class.java)
         envelope.assertAcknowledgmen()
         assertEquals(HttpStatusCode.OK, response.status)
     }

diff --git a/ebms-provider/src/test/kotlin/no/nav/emottak/ebms/validation/MimeValidationIT.kt b/ebms-provider/src/test/kotlin/no/nav/emottak/ebms/validation/MimeValidationIT.kt
@@ -92,7 +92,7 @@ class MimeValidationIT {
         } returns validationResult
 
         val response = client.post("/ebms", validMultipartRequest.asHttpRequest())
-        val envelope = xmlMarshaller.unmarshal(response.bodyAsText().decodeBase64Mime(), Envelope::class.java)
+        val envelope = xmlMarshaller.unmarshal(response.bodyAsText(), Envelope::class.java)
         with(envelope.assertErrorAndGet().error.first()) {
             assertEquals("Signature Fail", this.description?.value)
             assertEquals(ErrorCode.SECURITY_FAILURE.value, this.errorCode)
@@ -107,7 +107,7 @@ class MimeValidationIT {
         } returns validationResult
 
         val response = client.post("/ebms", validMultipartRequest.asHttpRequest())
-        val envelope = xmlMarshaller.unmarshal(response.bodyAsText().decodeBase64Mime(), Envelope::class.java)
+        val envelope = xmlMarshaller.unmarshal(response.bodyAsText(), Envelope::class.java)
         with(envelope.assertErrorAndGet().error.first()) {
             assertEquals("Signature Fail", this.description?.value)
             assertEquals(

diff --git a/ebms-send-in/build.gradle.kts b/ebms-send-in/build.gradle.kts
@@ -58,6 +58,7 @@ dependencies {
     implementation(libs.labai.jsr305x.annotations)
     implementation(libs.bundles.exposed)
     implementation(libs.bundles.logging)
+    implementation(libs.bundles.prometheus)
     implementation(libs.ebxml.protokoll)
     implementation(libs.emottak.payload.xsd)
     implementation(libs.jaxb.runtime)

diff --git a/ebms-send-in/src/main/kotlin/no/nav/emottak/ebms/App.kt b/ebms-send-in/src/main/kotlin/no/nav/emottak/ebms/App.kt
@@ -8,6 +8,7 @@ import io.ktor.server.application.install
 import io.ktor.server.auth.Authentication
 import io.ktor.server.auth.authenticate
 import io.ktor.server.engine.embeddedServer
+import io.ktor.server.metrics.micrometer.MicrometerMetrics
 import io.ktor.server.netty.Netty
 import io.ktor.server.plugins.contentnegotiation.ContentNegotiation
 import io.ktor.server.request.receive
@@ -16,6 +17,8 @@ import io.ktor.server.response.respondText
 import io.ktor.server.routing.get
 import io.ktor.server.routing.post
 import io.ktor.server.routing.routing
+import io.micrometer.prometheus.PrometheusConfig
+import io.micrometer.prometheus.PrometheusMeterRegistry
 import no.nav.emottak.auth.AZURE_AD_AUTH
 import no.nav.emottak.auth.AuthConfig
 import no.nav.emottak.fellesformat.addressing
@@ -34,6 +37,8 @@ import org.xmlsoap.schemas.soap.envelope.Envelope
 
 internal val log = LoggerFactory.getLogger("no.nav.emottak.ebms.App")
 fun main() {
+    // val database = Database(mapHikariConfig(DatabaseConfig()))
+    // database.migrate()
     System.setProperty("io.ktor.http.content.multipart.skipTempFile", "true")
     embeddedServer(Netty, port = 8080, module = Application::ebmsSendInModule, configure = {
         this.maxChunkSize = 100000
@@ -47,6 +52,10 @@ fun Application.ebmsSendInModule() {
     install(Authentication) {
         tokenValidationSupport(AZURE_AD_AUTH, AuthConfig.getEbmsSendInConfig())
     }
+    val appMicrometerRegistry = PrometheusMeterRegistry(PrometheusConfig.DEFAULT)
+    install(MicrometerMetrics) {
+        registry = appMicrometerRegistry
+    }
     routing {
         get("/testFrikortEndepunkt") {
             val testCpaString = String(this::class.java.classLoader.getResource("frikortRequest.xml")!!.readBytes())
@@ -64,14 +73,7 @@ fun Application.ebmsSendInModule() {
                 frikortsporring(wrapMessageInEIFellesFormat(request))
             }.onSuccess {
                 log.info(request.marker(), "Payload ${request.payloadId} videresendt til fagsystem")
-                call.respond(
-                    SendInResponse(
-                        request.messageId,
-                        request.conversationId,
-                        it.eiFellesformat.addressing(request.addressing.from),
-                        marshal(it.eiFellesformat.msgHead).toByteArray()
-                    )
-                )
+                call.respond(SendInResponse(request.messageId, request.conversationId, it.eiFellesformat.addressing(request.addressing.from), marshal(it.eiFellesformat.msgHead).toByteArray()))
             }.onFailure {
                 log.error(request.marker(), "Payload ${request.payloadId} videresending feilet", it)
                 call.respond(HttpStatusCode.BadRequest, it.localizedMessage)
@@ -83,5 +85,7 @@ fun Application.ebmsSendInModule() {
                 call.respondText("Hello world, but securely")
             }
         }
+
+        registerHealthEndpoints(appMicrometerRegistry)
     }
 }
diff --git a/ebms-send-in/src/main/kotlin/no/nav/emottak/ebms/Routes.kt b/ebms-send-in/src/main/kotlin/no/nav/emottak/ebms/Routes.kt
@@ -0,0 +1,22 @@
+package no.nav.emottak.ebms
+
+import io.ktor.server.application.call
+import io.ktor.server.response.respond
+import io.ktor.server.response.respondText
+import io.ktor.server.routing.Routing
+import io.ktor.server.routing.get
+import io.micrometer.prometheus.PrometheusMeterRegistry
+
+fun Routing.registerHealthEndpoints(
+    collectorRegistry: PrometheusMeterRegistry
+) {
+    get("/internal/health/liveness") {
+        call.respondText("I'm alive! :)")
+    }
+    get("/internal/health/readiness") {
+        call.respondText("I'm ready! :)")
+    }
+    get("/prometheus") {
+        call.respond(collectorRegistry.scrape())
+    }
+}
diff --git a/felles/src/main/kotlin/no/nav/emottak/crypto/KeyStore.kt b/felles/src/main/kotlin/no/nav/emottak/crypto/KeyStore.kt
@@ -2,7 +2,6 @@ package no.nav.emottak.crypto
 
 import java.io.ByteArrayInputStream
 import java.io.FileInputStream
-import java.io.FileNotFoundException
 import java.security.KeyPair
 import java.security.KeyStore
 import java.security.PrivateKey
@@ -11,6 +10,7 @@ import java.security.cert.X509Certificate
 import java.util.HashMap
 import org.bouncycastle.jce.provider.BouncyCastleProvider
 import org.slf4j.LoggerFactory
+import java.io.File
 
 internal val log = LoggerFactory.getLogger("no.nav.emottak.crypto.KeyStore")
 interface KeyStoreConfig {
@@ -33,11 +33,18 @@ class KeyStore(private val keyStoreConfig: KeyStoreConfig) {
         val keyStore = KeyStore.getInstance(keyStoreConfig.keyStoreStype)
         val fileContent =
             try {
-                FileInputStream(storePath)
-            } catch (e: FileNotFoundException) {
+                log.debug("Getting store file from $storePath")
+                if (File(storePath).exists()) {
+                    log.debug("Getting store file from file <$storePath>")
+                    FileInputStream(storePath)
+                } else {
+                    log.debug("Getting store file from resources <$storePath>")
+                    ByteArrayInputStream(this::class.java.classLoader.getResourceAsStream(storePath).readBytes())
+                }
+            } catch (e: Exception) {
                 //TODO Kast exception om keystore ikke kan leses
-                log.error("Unable to load keystore $storePath falling back to truststore",e)
-                ByteArrayInputStream(this::class.java.classLoader.getResourceAsStream("truststore.p12").readBytes())
+                log.error("Unable to load keystore $storePath falling back to truststore", e)
+                ByteArrayInputStream(this::class.java.classLoader.getResourceAsStream("truststore_test.p12").readBytes())
             }
         keyStore!!.load(fileContent, storePass)
         return keyStore

diff --git a/smtp-listeners/src/main/kotlin/no/nav/emottak/smtp/Routes.kt b/smtp-listeners/src/main/kotlin/no/nav/emottak/smtp/Routes.kt
@@ -303,12 +303,17 @@ fun Folder.batchDelete(batchSize: Int) { // fixme: Skriv en test for denne før
 fun Folder.deleteAll() {
     if (this is IMAPFolder) {
         if (isOpen) close()
-        val deleteMeFolder = getFolder("DeleteMe")
-        if (!deleteMeFolder.exists()) create(HOLDS_MESSAGES)
-        this.renameTo(deleteMeFolder)
-        deleteMeFolder.delete(true)
-        log.info("${this.fullName} deleted.")
-        return
+        if (name.lowercase().contains("inbox")) {
+            val deleteMeFolder = getFolder("DeleteMe")
+            if (!deleteMeFolder.exists()) create(HOLDS_MESSAGES)
+            this.renameTo(deleteMeFolder)
+            deleteMeFolder.delete(true)
+            log.info("${this.fullName} deleted.")
+        } else {
+            delete(true)
+            log.info("${this.fullName} deleted.")
+        }
+    } else {
+        log.warn("DeleteAll strategy only valid for IMAP")
     }
-    log.warn("DeleteAll strategy only valid for IMAP")
 }