diff --git a/pom.xml b/pom.xml index d656c7b..9ddfd24 100644 --- a/pom.xml +++ b/pom.xml @@ -16,7 +16,7 @@ release branch is labeled ..-izgw-core-SNAPSHOT main branch is labeled ..-izgw-core-RELEASE --> - 2.2.0-IGDD-1765_optional_mtls_plus_jwt-SNAPSHOT + 2.1.5-IGDD-1765_optional_mtls_plus_jwt-SNAPSHOT jar IZ Gateway Core 2.0 IZ Gateway Core contains the core code for the IZ Gateway Hub and Transformation services diff --git a/src/main/java/gov/cdc/izgateway/logging/info/EndPointInfo.java b/src/main/java/gov/cdc/izgateway/logging/info/EndPointInfo.java index f6b4dd6..ac2dfd4 100644 --- a/src/main/java/gov/cdc/izgateway/logging/info/EndPointInfo.java +++ b/src/main/java/gov/cdc/izgateway/logging/info/EndPointInfo.java @@ -46,10 +46,6 @@ public abstract class EndPointInfo extends HostInfo implements Serializable { @JsonProperty protected String organization; - /* - TODO: Discuss during code review. serialNumber changes to String because info - in the JWT that we use for serialNumber is not always a number. - */ @Schema(description="The serial number associated with the with certificate on the endpoint.") @JsonProperty protected String serialNumber; diff --git a/src/main/java/gov/cdc/izgateway/security/AccessControlValve.java b/src/main/java/gov/cdc/izgateway/security/AccessControlValve.java index 6ff99fd..c71c066 100644 --- a/src/main/java/gov/cdc/izgateway/security/AccessControlValve.java +++ b/src/main/java/gov/cdc/izgateway/security/AccessControlValve.java @@ -120,7 +120,7 @@ public boolean accessAllowed(HttpServletRequest req, HttpServletResponse resp) { if (Boolean.FALSE.equals(check)) { // NOSONAR Null is still possible here, SONAR flags it as always true log.error("Access denied to protected URL {} address by {} at {}", path, user, host); resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED); - return false; // TODO: PCahill - discuss at code review - I assume this should be false here + return false; } if (isSwagger(path, user)) { diff --git a/src/main/java/gov/cdc/izgateway/soap/net/MessageSender.java b/src/main/java/gov/cdc/izgateway/soap/net/MessageSender.java index 014143c..991ffae 100644 --- a/src/main/java/gov/cdc/izgateway/soap/net/MessageSender.java +++ b/src/main/java/gov/cdc/izgateway/soap/net/MessageSender.java @@ -508,10 +508,7 @@ public static void logDestinationCertificates(HttpURLConnection con) { if (destination.isConnected() && con instanceof HttpsURLConnection conx) { try { X509Certificate[] certs = (X509Certificate[]) conx.getServerCertificates(); - // TODO Paul - Principal related code - // need to fix this - may need to break out source and destination info because destination won't have a principal' destination.setCertificate(certs[0]); - // destination.setPrincipal(RequestContext.getPrincipal()); destination.setCipherSuite(conx.getCipherSuite()); destination.setConnected(true); } catch (SSLPeerUnverifiedException | IllegalStateException ex) { diff --git a/src/main/resources/sample.puml b/src/main/resources/sample.puml deleted file mode 100644 index 39b2e89..0000000 --- a/src/main/resources/sample.puml +++ /dev/null @@ -1,35 +0,0 @@ -@startuml -class JwtSharedSecretPrincipalProvider { - - String sharedSecret - + createPrincipalFromJwt(HttpServletRequest request): IzgPrincipal - - parseJwt(String authHeader): Claims - - buildPrincipal(Claims claims): IzgPrincipal - - extractScopes(Claims claims): TreeSet -} - -class IzgPrincipal { - String name - String organization - Date validFrom - Date validTo - String serialNumber - String issuer - List audience - Set scopes - Set roles - + getSerialNumberHex(): String -} - -class JWTPrincipal { - + getSerialNumberHex(): String - - isUUID(String string): boolean -} - -class CertPrincipal { - + getSerialNumberHex(): String -} - -JwtSharedSecretPrincipalProvider --> IzgPrincipal -IzgPrincipal <|-- JWTPrincipal -IzgPrincipal <|-- CertPrincipal -@enduml \ No newline at end of file