Opprette kontrakt mellom processor og payload

Co-authored-by: Thomas Burnett <[email protected]>
Co-authored-by: Alexander Petrov <[email protected]>
Co-authored-by: Chris Olsen <[email protected]>

.gitignore

@@ -40,3 +40,5 @@ build
 buildSrc/
 ebms-provider/out/
 cpa-repo/out/
+felles/out/
+payload-processor/out/

cpa-repo/build.gradle.kts

@@ -35,6 +35,7 @@ tasks.register<Wrapper>("wrapper") {
 }
 
 dependencies {
+    implementation(project(":felles"))
     implementation("io.ktor:ktor-server-core:2.3.4")
     implementation("io.ktor:ktor-server-netty:2.3.4")
     implementation("com.github.labai:labai-jsr305x-annotations:0.0.2")

cpa-repo/src/main/kotlin/no/nav/emottak/cpa/config/DatabaseConfig.kt

@@ -1,7 +1,7 @@
 package no.nav.emottak.cpa.config
 
 import com.zaxxer.hikari.HikariConfig
-import no.nav.emottak.cpa.fromEnv
+import no.nav.emottak.util.fromEnv
 
 private const val prefix = "NAIS_DATABASE_CPA_REPO_CPA_REPO_DB"
 

felles/build.gradle.kts

@@ -0,0 +1,39 @@
+/*
+ * This file was generated by the Gradle 'init' task.
+ */
+val githubPassword: String by project
+
+plugins {
+    kotlin("jvm") version "1.9.0"
+    kotlin("plugin.serialization") version "1.9.0"
+}
+
+repositories {
+    mavenCentral()
+    maven {
+        name = "GitHubPackages"
+        url = uri("https://maven.pkg.github.com/navikt/ebxml-protokoll")
+        credentials {
+            username = "x-access-token"
+            password = githubPassword
+        }
+    }
+}
+
+tasks.register<Wrapper>("wrapper") {
+    gradleVersion="8.1.1"
+}
+
+dependencies {
+    implementation("no.nav.emottak:ebxml-protokoll:0.0.4")
+    implementation("com.zaxxer:HikariCP:5.0.1")
+    implementation("org.flywaydb:flyway-core:9.16.3")
+    implementation("ch.qos.logback:logback-classic:1.4.11")
+    implementation("io.ktor:ktor-serialization-kotlinx-json:2.3.4")
+    api("org.bouncycastle:bcprov-jdk18on:1.76")
+    api("org.bouncycastle:bcpkix-jdk18on:1.76")
+    testImplementation("org.junit.jupiter:junit-jupiter-api:5.8.1")
+    testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine:5.8.1")
+
+    runtimeOnly("org.postgresql:postgresql:42.6.0")
+}

felles/src/main/kotlin/no/nav/emottak/melding/model/Payload.kt

@@ -0,0 +1,37 @@
+package no.nav.emottak.melding.model
+
+import kotlinx.serialization.Serializable
+
+
+@Serializable
+data class PayloadRequest(
+    val header: Header,
+    val payload: ByteArray
+)
+
+@Serializable
+data class PayloadResponse(
+    val processedPayload: ByteArray,
+    val error: Error? = null
+)
+
+@Serializable
+data class Error(val message:String)
+
+
+@Serializable
+data class Header(
+    val messageId: String,
+    val conversationId: String,
+    val cpaId: String,
+    val to: Party,
+    val from: Party,
+    val service: String,
+    val action: String
+)
+
+@Serializable
+data class Party(
+    val herID: String,
+    val role: String
+)

cpa-repo/src/main/kotlin/no/nav/emottak/cpa/EnvUtils.kt → felles/src/main/kotlin/no/nav/emottak/util/EnvUtils.kt

@@ -1,7 +1,7 @@
-package no.nav.emottak.cpa
+package no.nav.emottak.util
 
 fun getEnvVar(varName: String, defaultValue: String? = null) =
-    System.getProperty(varName) ?: System.getenv(varName) ?: defaultValue ?: throw RuntimeException("Environment: Missing required variable \"$varName\"")
+    System.getenv(varName) ?: System.getProperty(varName) ?: defaultValue ?: throw RuntimeException("Environment: Missing required variable \"$varName\"")
 
 fun String.fromEnv(): String =
     getEnvVar(this)

felles/src/main/kotlin/no/nav/emottak/util/crypto/DecryptionException.kt

@@ -0,0 +1,4 @@
+package no.nav.emottak.util.crypto
+
+class DecryptionException(override val message: String) : Exception(message) {
+}

payload-processor/src/main/kotlin/no/nav/emottak/melding/process/Dekryptering.kt → felles/src/main/kotlin/no/nav/emottak/util/crypto/Dekryptering.kt

@@ -1,9 +1,6 @@
-package no.nav.emottak.melding.process
+package no.nav.emottak.util.crypto
+
 
-import io.ktor.server.plugins.BadRequestException
-import no.nav.emottak.melding.model.Melding
-import no.nav.emottak.util.getDekrypteringKey
-import no.nav.emottak.util.getPrivateCertificates
 import org.bouncycastle.asn1.x500.X500Name
 import org.bouncycastle.cms.CMSEnvelopedData
 import org.bouncycastle.cms.KeyTransRecipientId
@@ -19,18 +16,6 @@ import java.security.cert.X509Certificate
 import kotlin.io.encoding.Base64
 import kotlin.io.encoding.ExperimentalEncodingApi
 
-private val dekryptering = Dekryptering()
-
-fun dekrypter(byteArray: ByteArray) = dekryptering.dekrypter(byteArray, false)
-fun dekrypter(byteArray: ByteArray, isBase64: Boolean) = dekryptering.dekrypter(byteArray, isBase64)
-
-fun Melding.dekrypter(isBase64: Boolean = false): Melding {
-    return this.copy(
-        processedPayload = dekryptering.dekrypter(this.processedPayload, isBase64),
-        dekryptert = true
-    )
-}
-
 class Dekryptering {
 
     init {
@@ -59,7 +44,7 @@ class Dekryptering {
 
 
     private fun getDeenvelopedContent(recipient: RecipientInformation, key: PrivateKey): ByteArray {
-        return recipient.getContent(JceKeyTransEnvelopedRecipient(key)) ?: throw BadRequestException("Meldingen er tom.")
+        return recipient.getContent(JceKeyTransEnvelopedRecipient(key)) ?: throw DecryptionException("Meldingen er tom.")
     }
 
     private fun getPrivateKeyMatch(recipient: RecipientInformation): PrivateKey {
@@ -72,9 +57,9 @@ class Dekryptering {
                 issuer == certificateIssuer && cert.serialNumber == rid.serialNumber
             }.firstOrNull { entry ->
                 return getDekrypteringKey(entry.key)
-            } ?: throw BadRequestException("Fant ingen gyldige privatsertifikat for dekryptering")
+            } ?: throw DecryptionException("Fant ingen gyldige privatsertifikat for dekryptering")
         }
-        throw BadRequestException("Fant ikke riktig sertifikat for mottaker: ")
+        throw DecryptionException("Fant ikke riktig sertifikat for mottaker: ")
     }
 
 }

payload-processor/src/main/kotlin/no/nav/emottak/util/KeyStoreUtil.kt → felles/src/main/kotlin/no/nav/emottak/util/crypto/KeyStoreUtil.kt

@@ -1,5 +1,6 @@
-package no.nav.emottak.util
+package no.nav.emottak.util.crypto
 
+import no.nav.emottak.util.getEnvVar
 import java.io.ByteArrayInputStream
 import java.io.FileInputStream
 import java.io.FileNotFoundException
@@ -14,12 +15,11 @@ private val keystorePass = getEnvVar("KEYSTORE_PWD", "123456789")
 private val keystoreType = getEnvVar("KEYSTORE_TYPE", "PKCS12")
 
 internal val keyStoreUtil = KeyStoreUtil()
+fun getSignerCertificate(alias: String) = keyStoreUtil.getCertificate(alias)
+fun getSignerKey(alias: String) = keyStoreUtil.getKey(alias)
 
-internal fun getSignerCertificate(alias: String) = keyStoreUtil.getCertificate(alias)
-internal fun getSignerKey(alias: String) = keyStoreUtil.getKey(alias)
-
-internal fun getDekrypteringKey(alias: String) = keyStoreUtil.getKey(alias) as PrivateKey
-internal fun getPrivateCertificates() = keyStoreUtil.getPrivateCertificates()
+fun getDekrypteringKey(alias: String) = keyStoreUtil.getKey(alias) as PrivateKey
+fun getPrivateCertificates() = keyStoreUtil.getPrivateCertificates()
 
 internal class KeyStoreUtil {
 

felles/src/main/kotlin/no/nav/emottak/util/signatur/AlgorithmNotSupportedException.kt

@@ -0,0 +1,4 @@
+package no.nav.emottak.util.signatur
+
+class AlgorithmNotSupportedException(override val message: String) : Exception(message) {
+}

payload-processor/src/main/kotlin/no/nav/emottak/util/signatur/AlgorithmValidator.kt → felles/src/main/kotlin/no/nav/emottak/util/signatur/AlgorithmValidator.kt

@@ -1,6 +1,5 @@
 package no.nav.emottak.util.signatur
 
-import io.ktor.server.plugins.BadRequestException
 import javax.xml.crypto.dsig.DigestMethod
 import javax.xml.crypto.dsig.Reference
 import javax.xml.crypto.dsig.SignatureMethod
@@ -11,7 +10,7 @@ private const val SIGNATURE_ALGORITHM_DEFAULT = "http://www.w3.org/2000/09/xmlds
 private const val ALGORITHM_TYPE_SIGNATURE = "Signature"
 private const val ALGORITHM_TYPE_DIGEST = "Message digest"
 
-internal fun validateAlgorithms(
+fun validateAlgorithms(
     signedInfo: SignedInfo,
     minimumSignatureAlgorithm: String = SIGNATURE_ALGORITHM_DEFAULT,
     minimumDigestAlgorithm: String = DIGEST_ALGORITHM_DEFAULT
@@ -62,19 +61,19 @@ private fun validateMinimum(algorithmList: List<String>, algorithm: String, mini
 
 private fun isMinimumAlgorithmSupported(minIndex: Int, minimum: String, type: String) {
     if (minIndex < 0) {
-        throw BadRequestException("Unsupported specified minimum $type algorithm: $minimum")
+        throw AlgorithmNotSupportedException("Unsupported specified minimum $type algorithm: $minimum")
     }
 }
 
 private fun isAlgorithmSupported(index: Int, algorithm: String, type: String) {
     if (index < 0) {
-        throw BadRequestException("Unsupported $type algorithm: $algorithm")
+        throw AlgorithmNotSupportedException("Unsupported $type algorithm: $algorithm")
     }
 }
 
 private fun isAlgorithmLessThanMinimum(index: Int, minIndex: Int, algorithm: String, minimum: String, type: String) {
     if (index < minIndex) {
-        throw BadRequestException(
+        throw AlgorithmNotSupportedException(
             "$type algorithm ($algorithm) is less than the specified minimum $type algorithm: $minimum"
         )
     }

payload-processor/build.gradle.kts

@@ -48,8 +48,6 @@ dependencies {
     implementation("io.ktor:ktor-client-cio:2.3.4")
     implementation("jakarta.xml.bind:jakarta.xml.bind-api:4.0.0", )
     implementation("org.glassfish.jaxb:jaxb-runtime:4.0.3")
-    implementation("org.bouncycastle:bcprov-jdk18on:1.76")
-    implementation("org.bouncycastle:bcpkix-jdk18on:1.76")
     implementation("ch.qos.logback:logback-classic:1.4.11")
     implementation("io.micrometer:micrometer-registry-prometheus:1.11.3")
 

payload-processor/src/main/kotlin/no/nav/emottak/melding/Processor.kt

@@ -3,8 +3,8 @@ package no.nav.emottak.melding
 import no.nav.emottak.melding.model.Melding
 import no.nav.emottak.melding.model.PayloadRequest
 import no.nav.emottak.melding.model.PayloadResponse
+import no.nav.emottak.melding.model.dekrypter
 import no.nav.emottak.melding.process.dekomprimer
-import no.nav.emottak.melding.process.dekrypter
 import no.nav.emottak.melding.process.komprimer
 import no.nav.emottak.melding.process.krypter
 import no.nav.emottak.melding.process.signer

felles/src/main/kotlin/no/nav/emottak/melding/model/Melding.kt → payload-processor/src/main/kotlin/no/nav/emottak/melding/model/Melding.kt

@@ -1,6 +1,7 @@
 package no.nav.emottak.melding.model
 
 import kotlinx.serialization.Serializable
+import no.nav.emottak.util.crypto.Dekryptering
 
 @Serializable
 data class Melding(
@@ -21,35 +22,14 @@ data class Melding(
         processedPayload = payloadRequest.payload)
 }
 
-@Serializable
-data class PayloadRequest(
-    val header: Header,
-    val payload: ByteArray
-)
-
-@Serializable
-data class PayloadResponse(
-    val processedPayload: ByteArray,
-    val error: Error? = null
-)
-
-@Serializable
-data class Error(val message:String)
+val dekryptering = Dekryptering()
 
+fun dekrypter(byteArray: ByteArray) = dekryptering.dekrypter(byteArray, false)
+fun dekrypter(byteArray: ByteArray, isBase64: Boolean) = dekryptering.dekrypter(byteArray, isBase64)
 
-@Serializable
-data class Header(
-    val messageId: String,
-    val conversationId: String,
-    val cpaId: String,
-    val to: Party,
-    val from: Party,
-    val service: String,
-    val action: String
-)
-
-@Serializable
-data class Party(
-    val herID: String,
-    val role: String
-)
+fun Melding.dekrypter(isBase64: Boolean = false): Melding {
+    return this.copy(
+        processedPayload = dekryptering.dekrypter(this.processedPayload, isBase64),
+        dekryptert = true
+    )
+}

payload-processor/src/main/kotlin/no/nav/emottak/melding/process/SignaturVerifisering.kt

@@ -7,6 +7,7 @@ import no.nav.emottak.util.retrieveXMLSignature
 import no.nav.emottak.util.signatur.validateAlgorithms
 import no.nav.emottak.util.createDocument
 import no.nav.emottak.util.getByteArrayFromDocument
+import no.nav.emottak.util.signatur.AlgorithmNotSupportedException
 import org.w3c.dom.Document
 import java.io.ByteArrayInputStream
 import javax.xml.crypto.dsig.XMLSignatureException
@@ -45,6 +46,8 @@ class SignaturVerifisering {
             }
         } catch (signatureException: XMLSignatureException) {
             throw signatureException
+        } catch (algorithmNotSupported: AlgorithmNotSupportedException) {
+            throw BadRequestException(algorithmNotSupported.message,algorithmNotSupported)
         }
     }
 

payload-processor/src/main/kotlin/no/nav/emottak/melding/process/Signering.kt

@@ -1,8 +1,8 @@
 package no.nav.emottak.melding.process
 
 import no.nav.emottak.melding.model.Melding
-import no.nav.emottak.util.getSignerCertificate
-import no.nav.emottak.util.getSignerKey
+import no.nav.emottak.util.crypto.getSignerCertificate
+import no.nav.emottak.util.crypto.getSignerKey
 import no.nav.emottak.util.createDocument
 import no.nav.emottak.util.getByteArrayFromDocument
 import org.w3c.dom.Document

payload-processor/src/test/kotlin/no/nav/emottak/melding/process/DekrypteringTest.kt

@@ -1,7 +1,9 @@
 package no.nav.emottak.melding.process
 
+import no.nav.emottak.melding.model.dekrypter
 import org.junit.jupiter.api.Assertions.assertTrue
 import org.junit.jupiter.api.BeforeAll
+import org.junit.jupiter.api.Disabled
 import org.junit.jupiter.api.Test
 
 class DekrypteringTest {
@@ -14,7 +16,7 @@ class DekrypteringTest {
 
         val expectedOutput = createInputstreamFromFile("src/test/resources/xml/testfil.xml").readBytes()
 
-        assertTrue(expectedOutput.contentEquals(dekryptert))
+        assertTrue(expectedOutput.contentEquals(dekryptert.also { println("dekryptert" + String(dekryptert)) }).also { println("expected" + String(expectedOutput))  })
 
     }