Release v2.1.6 branch (#15)

* Fixes for 2.1.6

Fix bug for access check on denied response
Added resetCircuitBreakers method
Added HL7Utils.maskSegments() method
Added javadoc to HubClientFault
Updated pom.xml to latest spring version
Added unit test for maskSegments()
Added call to maskSegments for setProcessError

.classpath

@@ -11,6 +11,7 @@
 		<attributes>
 			<attribute name="test" value="true"/>
 			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="optional" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="src" output="target/classes" path="src/main/java">
@@ -22,6 +23,7 @@
 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="optional" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-17">

pom.xml

@@ -5,7 +5,7 @@
   <parent>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-parent</artifactId>
-    <version>3.3.4</version>
+    <version>3.3.5</version>
     <relativePath/>
     <!-- lookup parent from repository -->
   </parent>
@@ -16,9 +16,9 @@
        release branch is labeled <major>.<minor>.<patch>-izgw-core-SNAPSHOT 
        main branch is labeled <major>.<minor>.<patch>-izgw-core-RELEASE 
   -->
-  <version>2.1.3-izgw-core-SNAPSHOT</version>
+  <version>2.1.6-izgw-core-SNAPSHOT</version>
   <packaging>jar</packaging>
-  <name>IZ Gateway Core 2.0</name>
+  <name>IZ Gateway Core 2.1.6</name>
   <description>IZ Gateway Core contains the core code for the IZ Gateway Hub and Transformation services</description>
   <distributionManagement>
     <repository>
@@ -35,9 +35,10 @@
     <project.build.finalName>${project.artifactId}-${project.version}-${timestamp}</project.build.finalName>
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <project.java.package>${project.groupId}</project.java.package>
-    <!-- 17 needs a certified encryption module -->
-    <timestamp>${maven.build.timestamp}</timestamp>
-    <skipDependencyCheck>false</skipDependencyCheck>
+	<spring-security.version>6.3.4</spring-security.version>
+	<spring.version>6.2.0</spring.version>
+	<spring-framework.version>6.2.0</spring-framework.version>
+	<netty.version>4.1.115.Final</netty.version>
   </properties>
   <dependencies>
     <dependency>
@@ -147,17 +148,17 @@
       <groupId>org.bouncycastle</groupId>
       <!-- add -debug to get debug jars -->
       <artifactId>bc-fips</artifactId>
-      <version>1.0.2.5</version>
+      <version>2.0.0</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bcpkix-fips</artifactId>
-      <version>1.0.7</version>
+      <version>2.0.7</version>
     </dependency>
     <dependency>
       <groupId>org.bouncycastle</groupId>
       <artifactId>bctls-fips</artifactId>
-      <version>1.0.19</version>
+      <version>2.0.19</version>
     </dependency>
     <dependency>
       <groupId>org.codehaus.janino</groupId>
@@ -175,12 +176,12 @@
     <dependency>
       <groupId>org.springdoc</groupId>
       <artifactId>springdoc-openapi-starter-webflux-ui</artifactId>
-      <version>[2.2.0,)</version>
+      <version>2.6.0</version>
     </dependency>
     <dependency>
       <groupId>org.springdoc</groupId>
       <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-      <version>[2.2.0,)</version>
+      <version>2.6.0</version>
     </dependency>
     <dependency>
       <groupId>org.springframework</groupId>

src/main/java/gov/cdc/izgateway/common/HealthService.java

@@ -37,4 +37,12 @@ public static void setServerName(String serverName) {
 	public static void setBuildName(String build) {
 		health.setBuildName(build);
 	}
+
+	public static void setDatabase(String url) {
+		if (health.getDatabase() == null) {
+			health.setDatabase(url);
+		} else {
+			health.setDatabase(health.getDatabase() + ", " + url);
+		}
+	}
 }

src/main/java/gov/cdc/izgateway/configuration/AppProperties.java

@@ -21,6 +21,11 @@ public class AppProperties {
 	@Getter
 	@Value("${server.mode:prod}")
 	private String serverMode;
+
+	@Getter
+	@Value("${spring.database:jpa}")
+	private String databaseType;
+
 	@Getter
 	private final ScheduledExecutorService scheduler = 
 		Executors.newSingleThreadScheduledExecutor(r -> new Thread(r, "Background-Scheduler"));

src/main/java/gov/cdc/izgateway/logging/event/Health.java

@@ -85,7 +85,11 @@ public class Health {
 	@JsonProperty 
 	@Schema(description="Host name as known by the operating system")
 	private String hostname;
-
+
+	@JsonProperty
+	@Schema(description="The database in use")
+	private String database;
+
     public Health() {
         started = new Date(ManagementFactory.getRuntimeMXBean().getStartTime());
         environment = SystemUtils.getDestTypeAsString();
@@ -113,6 +117,7 @@ private Health(Health that) {
         this.requestVolume = that.requestVolume;
         this.successVolume = that.successVolume;
         this.hostname = that.hostname;
+        this.database = that.database;
     }
 
     public Health copy() {

src/main/java/gov/cdc/izgateway/logging/event/TransactionData.java

@@ -30,7 +30,6 @@
 import lombok.extern.slf4j.Slf4j;
 
 import org.apache.commons.lang3.StringUtils;
-
 import java.util.Date;
 import java.util.Map;
 import java.util.TreeMap;
@@ -653,12 +652,13 @@ private String getFirstFieldComponent(String[] parts, int index) {
     }
 
     public void setProcessError(String summary, String detail) {
-        processErrorSummary = summary;
-        processErrorDetail = detail;
+        processErrorSummary = HL7Utils.maskSegments(summary);
+        processErrorDetail = HL7Utils.maskSegments(detail);
         hasProcessError = !StringUtils.isAllEmpty(summary, detail);
     }
 
-    public void setProcessError(Exception fault) {
+
+	public void setProcessError(Exception fault) {
         FaultSupport s = null;
 		if (fault instanceof UnsupportedOperationFault f) {
 			setMessageType(MessageType.INVALID_REQUEST);

src/main/java/gov/cdc/izgateway/model/ICertificateStatus.java

@@ -5,6 +5,7 @@
 import java.security.cert.CertificateEncodingException;
 import java.security.cert.X509Certificate;
 import java.sql.Timestamp;
+import java.util.Date;
 import java.util.ServiceConfigurationError;
 
 import jakarta.xml.bind.DatatypeConverter;
@@ -23,13 +24,13 @@ public interface ICertificateStatus {
 
 	void setCertSerialNumber(String certificateSerialNumber);
 
-	Timestamp getLastCheckedTimeStamp();
+	Date getLastCheckedTimeStamp();
 
-	void setLastCheckedTimeStamp(Timestamp lastCheckedTimeStamp);
+	void setLastCheckedTimeStamp(Date lastCheckedTimeStamp);
 
-	Timestamp getNextCheckTimeStamp();
+	Date getNextCheckTimeStamp();
 
-	void setNextCheckTimeStamp(Timestamp nextCheckTimeStamp);
+	void setNextCheckTimeStamp(Date nextCheckTimeStamp);
 
 	String getLastCheckStatus();
 

src/main/java/gov/cdc/izgateway/model/IEndpointStatus.java

@@ -25,6 +25,8 @@ public interface IEndpointStatus extends IEndpoint {
 	int getStatusId();
 
 	void setDestId(String destId);
+
+	int getDestTypeId();
 
 	void setDestUri(String destUri);
 

src/main/java/gov/cdc/izgateway/model/RetryStrategy.java

@@ -24,7 +24,7 @@ public enum RetryStrategy {
      * The IIS is not responsive for some reason. This may be due to networking infrastructure (Internet)
      * failures between the IZ Gateway and the IIS, or it may be related to routine or emergency IIS
      * maintenance.  Check the IIS Status before attempting a retry.  Some errors (e.g. DNS not found,
-     * expired certificates) will not disappear without human intervention.
+     * expired certificates, or invalid response data) will not disappear without human intervention.
      */
     CHECK_IIS_STATUS("Check IIS Status before Retry", HttpStatus.BAD_GATEWAY),
 

src/main/java/gov/cdc/izgateway/repository/EndpointStatusRepository.java

@@ -12,13 +12,14 @@
 public interface EndpointStatusRepository {
 	public static final String[] INCLUDE_ALL = new String[0];
 
-	List<IEndpointStatus> findAll();
+	List<? extends IEndpointStatus> findAll();
 	IEndpointStatus findById(String id);
 	IEndpointStatus saveAndFlush(IEndpointStatus status);
 	boolean removeById(String id);
 
-	List<IEndpointStatus> find(int maxQuarterHours, String[] include);
+	List<? extends IEndpointStatus> find(int maxQuarterHours, String[] include);
 	boolean refresh();
+	void resetCircuitBreakers();
 	IEndpointStatus newEndpointStatus();
 	IEndpointStatus newEndpointStatus(IDestination dest);
 }

src/main/java/gov/cdc/izgateway/security/AccessControlValve.java

@@ -122,7 +122,7 @@ public boolean accessAllowed(HttpServletRequest req, HttpServletResponse resp) {
         if (Boolean.FALSE.equals(check)) {  // NOSONAR Null is still possible here, SONAR flags it as always true
 	        log.error("Access denied to protected URL {} address by {} at {}", path, user, host);
 	        resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-	        return true;
+	        return false;
         } 
 
         if (isSwagger(path, user)) {

src/main/java/gov/cdc/izgateway/security/AccessController.java

@@ -91,15 +91,13 @@ public Set<String> getUsersInGroup(@PathVariable String group) {
 
 	@Operation(summary="Add a user to blacklist", description="Add the specified user to the blacklist")
 	@PostMapping("/access/blacklist")
-	public IAccessControl addUserToBlackList(@RequestParam String user
-	) {
+	public IAccessControl addUserToBlackList(@RequestParam String user) {
 		return service.addUserToBlacklist(user);
 	}
 
 	@Operation(summary="Delete a user from the blacklist", description="Delete the specified user from the blacklist")
 	@DeleteMapping("/access/blacklist")
-	public IAccessControl removeUserFromBlackList(@RequestParam String user
-	) {
+	public IAccessControl removeUserFromBlackList(@RequestParam String user) {
 		return service.removeUserFromBlacklist(user);
 	}
 

src/main/java/gov/cdc/izgateway/service/impl/EndpointStatusService.java

@@ -29,10 +29,10 @@ public List<String> getHosts() {
     	return l;
     }
 
-    public List<IEndpointStatus> findAll() {
+    public List<? extends IEndpointStatus> findAll() {
         return endpointStatusRepository.find(1, EndpointStatusRepository.INCLUDE_ALL);
     }
-	public List<IEndpointStatus> find(int count, String[] include) {
+	public List<? extends IEndpointStatus> find(int count, String[] include) {
 		return endpointStatusRepository.find(count, include);
 	}
 
@@ -62,4 +62,8 @@ public boolean refresh() {
 	public boolean removeById(String id) {
 		return endpointStatusRepository.removeById(id);
 	}
+
+	public void resetCircuitBreakers() {
+		endpointStatusRepository.resetCircuitBreakers();
+	}
 }

src/main/java/gov/cdc/izgateway/soap/MockMessage.java

@@ -153,9 +153,14 @@ public enum MockMessage {
 			HttpStatus.BAD_REQUEST),
 
 	TC_24H(MediaType.APPLICATION_XML, MockMessageText.TC_24H_TEXT,
-			HttpStatus.BAD_REQUEST), TC_UNKF(MockMessage::simulateFault,
+			HttpStatus.BAD_REQUEST), 
+
+	TC_24I(MockMessageText.TC_24I_TEXT),
+
+	TC_UNKF(MockMessage::simulateFault,
 					MockMessageText.TC_UNKF_TEXT);
 
+
 	public static final MockMessage TC_FORCE_TIMEOUT = TC_13C;
 	private static int retryableRequestCount = 0;
 	/**
@@ -596,19 +601,21 @@ private MockMessageText() {
 			+ "<soap:Fault><soap:Code><soap:Value>soap:Receiver</soap:Value></soap:Code>"
 			+ "<soap:Reason><soap:Text>Invalid Username, Password or FacilityID</soap:Text></soap:Reason><soap:Detail>"
 			+ "<ns3:SecurityFault xmlns:ns3='urn:cdc:iisb:2014'>"
-			+ "<ns3:Code>401</ns3:Code>" + "<ns3:Reason>Security</ns3:Reason>" // Change
-																				// from
-																				// required
-																				// "Security"
-																				// to
-																				// "Security
-																				// Fault"
+			+ "<ns3:Code>401</ns3:Code><ns3:Reason>Security</ns3:Reason>" 
 			+ "<ns3:Detail>Invalid Username, Password or FacilityID</ns3:Detail>"
 			+ "</ns3:SecurityFault>"
 			+ "</soap:Detail></soap:Fault></soap:Envelope>";
 
 	static final String TC_24H_TEXT = "This is not a SOAP Fault nor is it XML";
 
+	static final String TC_24I_TEXT = "MSH|^~\\&|IRIS IIS|IRIS||IZG|20220205||RSP^K11^RSP_K11|20210330093013AZQ231|P|2.5.1|||||||||Z32^CDCPHINVS\r"
+			+ "MSA|AA|20210330093013AZQ231||0||0^Message Accepted^HL70357" + Character.valueOf((char)0x13)
+			+ "QAK|20210330093013AZQ231|NF|Z34^Request Complete Immunization history^CDCPHINVS\r"
+			+ "QPD|Z34^Request Immunization History^CDCPHINVS|20210330093013IA231|112258-9^^^IA^MR|"
+			+ "JohnsonIZG^JamesIZG^AndrewIZG^^^^L|LeungIZG^SarahIZG^^^^^M|20160414|M|"
+			+ "Main Street&&123^^Adel^IA^50003^^L|^PRN^PH^^^555^5551111|Y|1\r";
+
+
 	static final String TC_UNKF_TEXT = "Unknown Exception";
 
 	static final String TC_22B_TEXT = ENVELOPE + "" + "<soap:Fault>"

src/main/java/gov/cdc/izgateway/soap/SoapControllerBase.java

@@ -580,6 +580,7 @@ protected ResponseEntity<FaultMessage> handleFault(Fault fault) {
 		logFault(fault);
 		FaultMessage faultMessage = new FaultMessage(fault, messageNamespace);
 		faultMessage.updateAction(isHub());
+		logResponseMessage(faultMessage);
 		return new ResponseEntity<>(faultMessage, HttpStatus.INTERNAL_SERVER_ERROR);
 	}