OZG-7092 refactor token validation properties

3273062a · OZGCloud · 033fc831 · 3273062a · 3273062a · 3273062a
Commit 3273062a authored 7 months ago by OZGCloud
--- a/token-checker-server/src/main/java/de/ozgcloud/token/saml/ConfigurationEntity.java
+++ b/token-checker-server/src/main/java/de/ozgcloud/token/saml/ConfigurationEntity.java
@@ -18,53 +18,71 @@
 * unter der Lizenz sind dem Lizenztext zu entnehmen.
 */
-package de.ozgcloud.token.saml;
+package de.ozgcloud.token;
+import java.util.List;
 import java.util.Map;
+import jakarta.validation.Valid;
 import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.Resource;
-import org.springframework.validation.annotation.Validated;
-import lombok.AllArgsConstructor;
 import lombok.Getter;
-import lombok.NoArgsConstructor;
 import lombok.Setter;
 import lombok.ToString;
+@Setter
+@Getter
+@Configuration
+@ConfigurationProperties(prefix = TokenValidationProperties.PREFIX)
+public class TokenValidationProperties {
+	static final String PREFIX = "ozgcloud.token.check";
+	/**
+	 * List of entities. A ConfigurationEntity contains the necessary information for verifying and decrypting saml tokens.
+	 */
+	@NotEmpty
+	@Valid
+	private List<TokenValidationProperty> entities;
 	@Getter
 	@Setter
-@NoArgsConstructor
-@AllArgsConstructor
 	@ToString
-@Validated
+	public static class TokenValidationProperty {
-public class ConfigurationEntity {
 		/**
 		 * The id of the Identity Provider, this is also the issuer value.
 		 */
 		@NotEmpty
 		private String idpEntityId;
 		/**
 		 * The encryption key
 		 */
 		@NotEmpty
 		private Resource key;
 		/**
 		 * The encryption certificate
 		 */
 		@NotEmpty
 		private Resource certificate;
 		/**
 		 * The url or the actual SAML Metadata file received from the idp
 		 */
 		@NotEmpty
 		private Resource metadata;
 		/**
-	 * Use the user id as Postkorbhandle. For Mu
+		 * Use the user id as Postkorbhandle. For Muk
 		 */
-	private Boolean useIdAsPostfachId = Boolean.FALSE;
+		private boolean userIdAsPostfachId = false;
 		/**
 		 * The mappings the PostfachHandle and the TrustLevel. The value of the mapping
 		 * the name of the attribute in the SamlResponse that represents these values.
@@ -73,3 +91,4 @@ public class ConfigurationEntity {
 		@NotNull
 		private Map<String, String> mappings;
 	}
+}
--- a/token-checker-server/src/main/resources/application-local.yml
+++ b/token-checker-server/src/main/resources/application-local.yml
@@ -18,7 +18,7 @@ ozgcloud:
          key: "classpath:test2-enc.key"
          certificate: "classpath:test2-enc.crt"
          metadata: "classpath:metadata/muk-idp-e4k.xml"
-          useIdAsPostkorbHandle: true
+          userIdAsPostfachId: true
          mappings:
            trustLevel: "ElsterVertrauensniveauAuthentifizierung"
 server:

--- a/token-checker-server/src/test/java/de/ozgcloud/token/TokenCheckPropertiesITCase.java
+++ b/token-checker-server/src/test/java/de/ozgcloud/token/TokenCheckPropertiesITCase.java
@@ -30,7 +30,7 @@ import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.test.context.TestPropertySource;
 @SpringBootTest(classes = { TokenCheckTestConfiguration.class })
-class TokenCheckPropertiesITCase {
+class TokenValidationPropertiesITCase {
 	private static final String URL = "https=//infra-pre-id.bayernportal.de/idp";
 	private static final String TRUST_LEVEL_KEY = "trustLevel";
 	private static final String TRUST_LEVEL_VALUE = "urn=oid:1.2.3.4";
@@ -40,27 +40,27 @@ class TokenCheckPropertiesITCase {
 	@DisplayName("Test loading token checker configuration")
 	@Nested
 	@TestPropertySource(properties = {
-			TokenCheckProperties.PREFIX + ".entities[0].idpEntityId=" + TokenCheckPropertiesITCase.URL,
+			TokenValidationProperties.PREFIX + ".entities[0].idpEntityId=" + TokenValidationPropertiesITCase.URL,
-			TokenCheckProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key",
+			TokenValidationProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key",
-			TokenCheckProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt",
+			TokenValidationProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt",
-			TokenCheckProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml",
+			TokenValidationProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml",
-			TokenCheckProperties.PREFIX + ".entities[0].mappings.postfachId=" + TokenCheckPropertiesITCase.POSTFACH_ID_VALUE,
+			TokenValidationProperties.PREFIX + ".entities[0].mappings.postfachId=" + TokenValidationPropertiesITCase.POSTFACH_ID_VALUE,
-			TokenCheckProperties.PREFIX + ".entities[0].mappings.trustLevel=" + TokenCheckPropertiesITCase.TRUST_LEVEL_VALUE
+			TokenValidationProperties.PREFIX + ".entities[0].mappings.trustLevel=" + TokenValidationPropertiesITCase.TRUST_LEVEL_VALUE
 	})
 	class TestLoadingConfiguration {
 		@Autowired
-		private TokenCheckProperties tokenCheckProperties;
+		private TokenValidationProperties tokenValidationProperties;
 		@Nested
 		class TestInitialization {
 			@Test
 			void shouldHaveProperties() {
-				assertThat(tokenCheckProperties).isNotNull();
+				assertThat(tokenValidationProperties).isNotNull();
 			}
 			@Test
 			void shouldHaveEntities() {
-				assertThat(tokenCheckProperties.getEntities()).isNotNull();
+				assertThat(tokenValidationProperties.getEntities()).isNotNull();
 			}
 		}
@@ -68,68 +68,68 @@ class TokenCheckPropertiesITCase {
 		class TestLoadedEntity {
 			@Test
 			void shouldHaveIdpEntityId() {
-				assertThat(tokenCheckProperties.getEntities().getFirst().getIdpEntityId()).isEqualTo(URL);
+				assertThat(tokenValidationProperties.getEntities().getFirst().getIdpEntityId()).isEqualTo(URL);
 			}
 			@Test
 			void shouldHaveDevEncKey() {
-				assertThat(tokenCheckProperties.getEntities().getFirst().getKey()).isNotNull();
+				assertThat(tokenValidationProperties.getEntities().getFirst().getKey()).isNotNull();
 			}
 			@Test
 			void shouldHaveDevEncCrt() {
-				assertThat(tokenCheckProperties.getEntities().getFirst().getCertificate()).isNotNull();
+				assertThat(tokenValidationProperties.getEntities().getFirst().getCertificate()).isNotNull();
 			}
 			@Test
 			void shouldHaveMetadata() {
-				assertThat(tokenCheckProperties.getEntities().getFirst().getMetadata()).isNotNull();
+				assertThat(tokenValidationProperties.getEntities().getFirst().getMetadata()).isNotNull();
 			}
 			@Test
 			void shouldHavePostkorbHandleMapping() {
-				assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).containsEntry(POSTFACH_ID_KEY, POSTFACH_ID_VALUE);
+				assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).containsEntry(POSTFACH_ID_KEY, POSTFACH_ID_VALUE);
 			}
 			@Test
 			void shouldNotHaveUseIdAsPostkorbHandle() {
-				assertThat(tokenCheckProperties.getEntities().getFirst().getUseIdAsPostfachId()).isFalse();
+				assertThat(tokenValidationProperties.getEntities().getFirst().getUserIdAsPostfachId()).isFalse();
 			}
 			@Test
 			void shouldHaveConfiguredTrustLevelMapping() {
-				assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).containsEntry(TRUST_LEVEL_KEY, TRUST_LEVEL_VALUE);
+				assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).containsEntry(TRUST_LEVEL_KEY, TRUST_LEVEL_VALUE);
 			}
 		}
 	}
 	@DisplayName("Test loading mapping")
 	@TestPropertySource(properties = {
-			TokenCheckProperties.PREFIX + ".entities[0].idpEntityId=" + URL,
+			TokenValidationProperties.PREFIX + ".entities[0].idpEntityId=" + URL,
-			TokenCheckProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key",
+			TokenValidationProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key",
-			TokenCheckProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt",
+			TokenValidationProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt",
-			TokenCheckProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml",
+			TokenValidationProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml",
-			TokenCheckProperties.PREFIX + ".entities[0]use-id-as-postfach-id=true",
+			TokenValidationProperties.PREFIX + ".entities[0]use-id-as-postfach-id=true",
-			TokenCheckProperties.PREFIX + ".entities[0].mappings.test=test2",
+			TokenValidationProperties.PREFIX + ".entities[0].mappings.test=test2",
 	})
 	@Nested
 	class TestLoadingMappingConfiguration {
 		@Autowired
-		private TokenCheckProperties tokenCheckProperties;
+		private TokenValidationProperties tokenValidationProperties;
 		@Test
 		void shouldHaveUseIdAsPostfachId() {
-			assertThat(tokenCheckProperties.getEntities().getFirst().getUseIdAsPostfachId()).isTrue();
+			assertThat(tokenValidationProperties.getEntities().getFirst().getUserIdAsPostfachId()).isTrue();
 		}
 		@Test
 		void shouldHaveConfiguredTestMapping() {
-			assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).containsEntry("test", "test2");
+			assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).containsEntry("test", "test2");
 		}
 		@Test
 		void shouldNotHavePostkorbHandleMapping() {
-			assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).doesNotContain(entry(POSTFACH_ID_KEY,
+			assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).doesNotContain(entry(POSTFACH_ID_KEY,
 					POSTFACH_ID_VALUE));
 		}
 	}