diff --git a/.gitignore b/.gitignore
index db34913cd64cb7f8fdc88959f1391644319387f4..523b6211145ff3907f7717f26cb13c51b917bcd7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,7 +6,7 @@ HELP.md
!**/src/test/**/target/
doc/**/*.pdf
.m2/
-!.m2/settings.xml
+!.m2/ci_settings.xml
.mvn/
### STS ###
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 595ecc99720c4b12696ffa5f3d01da6b708c4d25..89f529039d8b29db74176a73fdd2e8e1a2a52c44 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,24 +1,16 @@
-image: dimage-base-release.repo-ex.zcdi.dataport.de/sdks/maven:3.9.2-java-21
+image: maven:3.9.9-eclipse-temurin-21-alpine
variables:
MAVEN_DEPLOY_CLI_OPTS: "--no-transfer-progress -DskipTests"
MAVEN_CLI_OPTS: >-
- -s .m2/settings.xml --batch-mode
- -Dmaven.repo.local=.m2/repository
+ -s .m2/ci_settings.xml --batch-mode
-Dmaven.plugin.validation=brief
- HTTP_PROXY_HOST: $DATAPORT_PROXY
- HTTP_PROXY_PORT: 3128
- HTTP_PROXY: $DATAPORT_PROXY:$HTTP_PROXY_PORT
- HTTPS_PROXY: $HTTP_PROXY
- http_proxy: $HTTP_PROXY
- https_proxy: $HTTP_PROXY
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
DOCKER_DRIVER: overlay2
services:
- - name: kopsh-docker-dockerhub.repo-ex.zcdi.dataport.de/docker:dind
- alias: docker
+ - docker:24.0.5-dind
cache:
paths:
@@ -27,61 +19,93 @@ cache:
stages:
- build
- - deploy
- - image
+ - test
+ - publish
-test:
+build:
stage: build
script:
- - echo "mvn test $MAVEN_CLI_OPTS"
- - mvn help:effective-settings $MAVEN_CLI_OPTS
- - mvn test $MAVEN_CLI_OPTS
+ - mvn clean compile $MAVEN_CLI_OPTS
artifacts:
paths:
- target/*.jar
-deploy_to_artifactory:
- stage: deploy
- when: manual
+test:
+ stage: test
script:
- - echo "mvn deploy -P artifactory-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS"
- - mvn deploy -P artifactory-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
- only:
- - main
+ - mvn test $MAVEN_CLI_OPTS
+
+verify:
+ stage: test
+ script:
+ - mvn verify $MAVEN_CLI_OPTS
+
+.get-version:
+ before_script:
+ - export PROJECT_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout $MAVEN_CLI_OPTS)
+ - export PROJECT_ARTIFACTID=$(mvn help:evaluate -Dexpression=project.artifactId -q -DforceStdout $MAVEN_CLI_OPTS)
+ - export NEXUS_IMAGE_PREFIX="docker.ozg-sh.de/${PROJECT_ARTIFACTID}"
-deploy_to_nexus:
- stage: deploy
+# Merge request jobs
+push-merge-request-image-gitlab:
+ stage: publish
+ extends: .get-version
+ script:
+ - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:MR-${CI_MERGE_REQUEST_IID}-${PROJECT_VERSION}"
+ - mvn deploy -Pgitlab-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
+ rules:
+ - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
+ when: never # Step disabled until gitlab container registry works
+
+push-merge-request-image-nexus:
+ stage: publish
+ extends: .get-version
+ script:
+ - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:MR-${CI_MERGE_REQUEST_IID}-${PROJECT_VERSION}"
+ - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
+ rules:
+ - if: $CI_PIPELINE_SOURCE == 'merge_request_event'
when: manual
+
+# Snapshot jobs
+push-snapshot-image-gitlab:
+ stage: publish
+ extends: .get-version
script:
- - echo "mvn deploy -P nexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS"
- - mvn deploy -P nexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
- only:
- - main
+ - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:main-${PROJECT_VERSION},${CI_REGISTRY_IMAGE}:snapshot-latest"
+ - mvn deploy -Pgitlab-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
+ # only:
+ # - main
+ rules:
+ - when: never # Step disabled until gitlab container registry works
-push_docker_image_to_nexus:
- stage: image
+push-snapshot-image-nexus:
+ stage: publish
+ extends: .get-version
script:
- - echo "Push docker image to nexus ($Nexus_REPO_USER)"
- - |
- mvn install spring-boot:build-image \
- $MAVEN_CLI_OPTS $MAVEN_DEPLOY_CLI_OPTS \
- -DdockerRegistryHost=docker.ozg-sh.de \
- -DdockerRegistryUsername=$Nexus_REPO_USER \
- -DdockerRegistryPassword=$Nexus_REPO_PASS \
- -Dspring-boot.build-image.publish=true
+ - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:main-${PROJECT_VERSION},${NEXUS_IMAGE_PREFIX}:snapshot-latest"
+ - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
only:
- main
-push_docker_image_to_artifactory:
- stage: image
+# Release jobs
+push-release-image-gitlab:
+ stage: publish
+ extends: .get-version
script:
- - echo "Push docker image to artifactory ($Artifactory_REPO_USER)"
- - |
- mvn install spring-boot:build-image \
- $MAVEN_CLI_OPTS $MAVEN_DEPLOY_CLI_OPTS \
- -DdockerRegistryHost=kopsh-docker.repo-ex.zcdi.dataport.de \
- -DdockerRegistryUsername=$Artifactory_REPO_USER \
- -DdockerRegistryPassword=$Artifactory_REPO_PASS \
- -Dspring-boot.build-image.publish=true
- only:
- - main
+ - mvn versions:set -DnewVersion=${CI_COMMIT_TAG} $MAVEN_CLI_OPTS
+ - export IMAGE_TAGS="${CI_REGISTRY_IMAGE}:release-${CI_COMMIT_TAG},${CI_REGISTRY_IMAGE}:latest"
+ - mvn deploy -Pgitlab-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
+ rules:
+ - if: $CI_COMMIT_TAG
+ when: never # Step disabled until gitlab container registry works
+
+push-release-image-nexus:
+ stage: publish
+ extends: .get-version
+ script:
+ - mvn versions:set -DnewVersion=${CI_COMMIT_TAG} $MAVEN_CLI_OPTS
+ - export IMAGE_TAGS="${NEXUS_IMAGE_PREFIX}:release-${CI_COMMIT_TAG},${NEXUS_IMAGE_PREFIX}:latest"
+ - mvn deploy -Pnexus-deploy $MAVEN_DEPLOY_CLI_OPTS $MAVEN_CLI_OPTS
+ rules:
+ - if: $CI_COMMIT_TAG
diff --git a/.m2/ci_settings.xml b/.m2/ci_settings.xml
new file mode 100644
index 0000000000000000000000000000000000000000..53e79119335a57ac75b3b0177dafc6f97c6042d0
--- /dev/null
+++ b/.m2/ci_settings.xml
@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd"
+ xmlns="http://maven.apache.org/SETTINGS/1.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+ <localRepository>.m2/repository</localRepository>
+
+ <servers>
+ <server>
+ <id>ozg-nexus</id>
+ <username>${env.NEXUS_USER}</username>
+ <password>${env.NEXUS_PASSWORD}</password>
+ </server>
+ <server>
+ <id>ozg-snapshots-nexus</id>
+ <username>${env.NEXUS_USER}</username>
+ <password>${env.NEXUS_PASSWORD}</password>
+ </server>
+ <server>
+ <id>codesh-gitlab-maven</id>
+ <configuration>
+ <httpHeaders>
+ <property>
+ <name>Job-Token</name>
+ <value>${CI_JOB_TOKEN}</value>
+ </property>
+ </httpHeaders>
+ </configuration>
+ </server>
+ </servers>
+ <profiles>
+ <profile>
+ <id>ci-default</id>
+ <activation>
+ <activeByDefault>true</activeByDefault>
+ </activation>
+ <repositories>
+ <repository>
+ <id>codesh-gitlab-maven</id>
+ <url>${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/maven</url>
+ </repository>
+ <repository>
+ <id>ozg-nexus</id>
+ <name>ozg-releases</name>
+ <url>https://nexus.ozg-sh.de/repository/ozg-releases/</url>
+ </repository>
+ <repository>
+ <id>ozg-snapshots-nexus</id>
+ <name>ozg-snapshots</name>
+ <url>https://nexus.ozg-sh.de/repository/ozg-snapshots/</url>
+ <snapshots>
+ <enabled>true</enabled>
+ </snapshots>
+ </repository>
+ </repositories>
+ </profile>
+ </profiles>
+</settings>
\ No newline at end of file
diff --git a/.m2/settings.xml b/.m2/settings.xml
deleted file mode 100644
index f080d570990c3bc3d0ee5589003fd96d01b05172..0000000000000000000000000000000000000000
--- a/.m2/settings.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<settings xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.2.0 http://maven.apache.org/xsd/settings-1.2.0.xsd"
- xmlns="http://maven.apache.org/SETTINGS/1.2.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <localRepository>.m2/repository</localRepository>
-
- <servers>
- <server>
- <id>artifactory</id>
- <username>${env.Artifactory_REPO_USER}</username>
- <password>${env.Artifactory_REPO_PASS}</password>
- </server>
- <server>
- <id>artifactory-snapshots</id>
- <username>${env.Artifactory_REPO_USER}</username>
- <password>${env.Artifactory_REPO_PASS}</password>
- </server>
- <server>
- <id>ozg-nexus</id>
- <username>${env.Nexus_REPO_USER}</username>
- <password>${env.Nexus_REPO_PASS}</password>
- </server>
- <server>
- <id>ozg-snapshots-nexus</id>
- <username>${env.Nexus_REPO_USER}</username>
- <password>${env.Nexus_REPO_PASS}</password>
- </server>
- </servers>
- <profiles>
- <profile>
- <id>local-build</id>
- <repositories>
- <repository>
- <id>artifactory</id>
- <name>artifactory</name>
- <url>https://repo-ex.zcdi.dataport.de:443/artifactory/kopsh-maven-virt/</url>
- </repository>
- <repository>
- <id>artifactory-snapshots</id>
- <name>artifactory-snapshots</name>
- <url>https://repo-ex.zcdi.dataport.de:443/artifactory/kopsh-maven-virt/</url>
- <snapshots>
- <enabled>true</enabled>
- </snapshots>
- </repository>
- </repositories>
- </profile>
- </profiles>
- <activeProfiles>
- <activeProfile>local-build</activeProfile>
- </activeProfiles>
- <proxies>
- <proxy>
- <id>dataport-proxy</id>
- <active>true</active>
- <protocol>http</protocol>
- <host>${env.DATAPORT_PROXY}</host>
- <port>3128</port>
- <nonProxyHosts>localhost|127.0.0.1|*.dataport.de</nonProxyHosts>
- </proxy>
- </proxies>
-</settings>
diff --git a/build/assembly.xml b/build/assembly.xml
index 33259bf894104ed94b84d23154341ab06ea1072e..79c7b94b1d84643745f3ef32c6f81f8d7f12b794 100644
--- a/build/assembly.xml
+++ b/build/assembly.xml
@@ -29,9 +29,9 @@
<directory>${project.basedir}/src/main/resources/store</directory>
<outputDirectory>/</outputDirectory>
<includes>
- <include>john_smith_xta_tester.p12</include>
+ <include>xta-test-client-john-smith_keystore.p12</include>
<include>xta-test-server_keystore.p12</include>
- <include>xta-test-server_truststore.jks</include>
+ <include>xta-test_truststore.jks</include>
</includes>
</fileSet>
</fileSets>
diff --git a/build/resources/application-local.yml b/build/resources/application-local.yml
index 56e45ef748a9d29da9da05035da9695d63df787a..49cc6e1cb8e602572d0aeb94cb74120e3e52ce4d 100644
--- a/build/resources/application-local.yml
+++ b/build/resources/application-local.yml
@@ -15,10 +15,10 @@ server:
key-store-password: password
key-store-type: pkcs12
# Alias im KeyStore
- key-alias: xta-test-application
+ key-alias: xta-test-server
key-password: password
# enthaelt alle vertrauenswuerdigen Zertifikate oder Oberzertifikate
- trust-store: ./xta-test-server_truststore.jks
+ trust-store: ./xta-test_truststore.jks
trust-store-password: password
trust-store-type: JKS
client-auth: want
diff --git a/doc/bedienungsanleitung.adoc b/doc/bedienungsanleitung.adoc
index aef7299b4da479ffc3f6d4fe139686b74291aa9f..5e1a1f07c056fd4124142e0b85c3ba38691ae0f0 100644
--- a/doc/bedienungsanleitung.adoc
+++ b/doc/bedienungsanleitung.adoc
@@ -214,8 +214,7 @@ Die WSDL-Datei ist immer unter der Adresse des Services mit dem Zusatz ?wsdl auf
Für die Kommunikation mittels HTTPs ist ein Client-Zertifikat notwendig, um den Client gegenüber der Testumgebung zu authentifizieren. Innerhalb der ZIP-Dateien der Testumgebung sind bereits mehrere Zertifikate und Keystores hinterlegt, die für die Kommunikation mit der Testumgebung genutzt werden können:
-* john_smith_xta_tester.p12 - Dieser Keystore beinhaltet ein Client-Zertifikat, das für die Kommunikation mit der Testumgebung verwendet werden kann. Sofern die Testumgebung in der Standardkonfiguration gestartet wurde, stuft die Umgebung das Zertifikat als vertrauenswürdig ein.
-* jane_doe_xta_tester.p12 - Dieser Keystore beinhaltet ein Client-Zertifikat, das für die Kommunikation mit der Testumgebung verwendet werden kann. Sofern die Testumgebung in der Standardkonfiguration gestartet wurde, stuft die Umgebung das Zertifikat als vertrauenswürdig ein.
+* xta-test-client-john-smith_keystore.p12 - Dieser Keystore beinhaltet ein Client-Zertifikat, das für die Kommunikation mit der Testumgebung verwendet werden kann. Sofern die Testumgebung in der Standardkonfiguration gestartet wurde, stuft die Umgebung das Zertifikat als vertrauenswürdig ein.
=== Test mit SoapUI
diff --git a/pom.xml b/pom.xml
index 5aa6652498554ac4e2b3a57202278649920a32a4..82a9b76e5b3931685785e32fed87170b376fc83e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,31 +4,29 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-parent</artifactId>
- <version>3.3.4</version>
+ <groupId>de.ozgcloud.common</groupId>
+ <artifactId>ozgcloud-common-parent</artifactId>
+ <version>4.6.0</version>
</parent>
<groupId>de.ozgcloud.xta</groupId>
<artifactId>xta-test-server</artifactId>
- <version>1.7.0-SNAPSHOT</version>
+ <version>1.8.0-SNAPSHOT</version>
<packaging>jar</packaging>
<name>XTA Test Server</name>
<description>A XTA Server for testing a client implementation.</description>
<properties>
- <java.version>21</java.version>
<maven.compiler.source>${java.version}</maven.compiler.source>
<maven.compiler.target>${java.version}</maven.compiler.target>
<!-- build versions -->
- <jacoco.version>0.8.12</jacoco.version>
- <log4j2.version>2.20.0</log4j2.version>
+ <log4j2.version>2.23.1</log4j2.version>
<cxf.version>4.0.5</cxf.version>
- <cxf-xjc.version>4.0.0</cxf-xjc.version>
- <lombok.version>1.18.34</lombok.version>
- <springdoc.version>2.1.0</springdoc.version>
- <org.mapstruct.version>1.6.0</org.mapstruct.version>
+ <cxf-xjc.version>4.0.2</cxf-xjc.version>
+ <springdoc.version>2.6.0</springdoc.version>
+
+ <wsdl.version>2.1.1</wsdl.version>
<!-- Build settings -->
<timestamp>${maven.build.timestamp}</timestamp>
@@ -44,13 +42,6 @@
<asciidoctorj.diagram.version>2.3.1</asciidoctorj.diagram.version>
<asciidoctorj.pdf.version>2.3.18</asciidoctorj.pdf.version>
<jruby.version>9.4.8.0</jruby.version>
- <wsdl.version>2.1.1</wsdl.version>
-
- <!-- Docker image -->
- <dockerHost>http://docker:2375</dockerHost>
- <dockerRegistryUsername>?</dockerRegistryUsername>
- <dockerRegistryPassword>?</dockerRegistryPassword>
- <dockerRegistryHost>docker.ozg-sh.de</dockerRegistryHost>
</properties>
<dependencyManagement>
@@ -63,12 +54,12 @@
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk18on</artifactId>
- <version>1.78.1</version>
+ <version>1.79</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson</groupId>
<artifactId>jackson-bom</artifactId>
- <version>2.18.0</version>
+ <version>2.18.1</version>
<type>pom</type>
<scope>import</scope>
</dependency>
@@ -119,6 +110,14 @@
<artifactId>spring-security-config</artifactId>
</dependency>
+ <!-- Mapstruct -->
+ <dependency>
+ <groupId>org.mapstruct</groupId>
+ <artifactId>mapstruct</artifactId>
+ <version>${mapstruct.version}</version>
+ </dependency>
+
+ <!-- Jackson Fasterxml -->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
@@ -135,41 +134,6 @@
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
</dependency>
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- </dependency>
- <dependency>
- <groupId>commons-io</groupId>
- <artifactId>commons-io</artifactId>
- <version>2.16.1</version>
- </dependency>
- <dependency>
- <groupId>org.mapstruct</groupId>
- <artifactId>mapstruct</artifactId>
- <version>${org.mapstruct.version}</version>
- </dependency>
- <dependency>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-thymeleaf</artifactId>
- <exclusions>
-
- <exclusion>
- <groupId>org.springframework.boot</groupId>
- <artifactId>spring-boot-starter-logging</artifactId>
- </exclusion>
- </exclusions>
- </dependency>
- <dependency>
- <groupId>nz.net.ultraq.thymeleaf</groupId>
- <artifactId>thymeleaf-layout-dialect</artifactId>
- </dependency>
-
- <dependency>
- <groupId>org.projectlombok</groupId>
- <artifactId>lombok</artifactId>
- <optional>true</optional>
- </dependency>
<!-- spring boot log4j2 -->
<dependency>
@@ -197,7 +161,7 @@
<artifactId>log4j-jcl</artifactId>
<version>${log4j2.version}</version>
</dependency>
- <!-- Jul is used in all embedded tomcats. All that apps should be runned
+ <!-- Jul is used in all embedded tomcats. All that apps should be run
with parameter -->
<!-- -Djava.util.logging.manager=org.apache.logging.log4j.jul.LogManager -->
<dependency>
@@ -282,52 +246,10 @@
</exclusion>
</exclusions>
</dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-core</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.mockito</groupId>
- <artifactId>mockito-junit-jupiter</artifactId>
- <scope>test</scope>
- </dependency>
- <dependency>
- <groupId>org.junit.jupiter</groupId>
- <artifactId>junit-jupiter-engine</artifactId>
- <scope>test</scope>
- </dependency>
</dependencies>
<build>
<finalName>${project.artifactId}-${project.version}</finalName>
- <defaultGoal>process-resources</defaultGoal>
- <resources>
- <resource>
- <directory>src/main/resources</directory>
- <filtering>true</filtering>
- <includes>
- <include>application*.yml</include>
- <include>banner.txt</include>
- <include>WEB-INF</include>
- </includes>
- </resource>
- <resource>
- <directory>src/main/resources</directory>
- <filtering>false</filtering>
- <excludes>
- <exclude>application*.yml</exclude>
- <exclude>banner.txt</exclude>
- <exclude>wsdl</exclude>
- </excludes>
- </resource>
- </resources>
- <testResources>
- <testResource>
- <directory>src/test/resources</directory>
- <filtering>false</filtering>
- </testResource>
- </testResources>
<plugins>
<plugin>
<groupId>org.codehaus.mojo</groupId>
@@ -476,10 +398,6 @@
</execution>
</executions>
</plugin>
- <plugin>
- <groupId>com.amashchenko.maven.plugin</groupId>
- <artifactId>gitflow-maven-plugin</artifactId>
- </plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-resources-plugin</artifactId>
@@ -491,110 +409,40 @@
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
- <classifier>exec</classifier>
- <excludes>
- <exclude>
- <groupId>org.projectlombok</groupId>
- <artifactId>lombok</artifactId>
- </exclude>
- </excludes>
- <addResources>true</addResources>
- <layers>
- <enabled>true</enabled>
- </layers>
<additionalProperties>
<wsdl.version>${wsdl.version}</wsdl.version>
</additionalProperties>
<image>
- <name>${dockerRegistryHost}/${project.artifactId}:${project.version}</name>
<env>
<HTTP_PROXY>${env.HTTP_PROXY}</HTTP_PROXY>
<HTTPS_PROXY>${env.HTTP_PROXY}</HTTPS_PROXY>
- <BP_JVM_VERSION>${java.version}</BP_JVM_VERSION>
</env>
</image>
- <docker>
- <publishRegistry>
- <url>${dockerRegistryHost}</url>
- <username>${dockerRegistryUsername}</username>
- <password>${dockerRegistryPassword}</password>
- </publishRegistry>
- </docker>
</configuration>
<executions>
<execution>
- <id>repackage</id>
- <configuration>
- <classifier>exec</classifier>
- </configuration>
+ <phase>install</phase>
<goals>
<goal>build-image-no-fork</goal>
- <goal>build-info</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-compiler-plugin</artifactId>
- <configuration>
- <release>${java.version}</release>
- <annotationProcessorPaths>
- <path>
- <groupId>org.projectlombok</groupId>
- <artifactId>lombok</artifactId>
- <version>${lombok.version}</version>
- </path>
- <path>
- <groupId>org.mapstruct</groupId>
- <artifactId>mapstruct-processor</artifactId>
- <version>${org.mapstruct.version}</version>
- </path>
- </annotationProcessorPaths>
- <compilerArgs>
- <compilerArg>
- -Amapstruct.defaultComponentModel=spring
- </compilerArg>
- <compilerArg>
- -Amapstruct.unmappedTargetPolicy=WARN
- </compilerArg>
- <!--Sorgt dafür, dass Parameternamen erhalten bleiben -->
- <compilerArg>
- -parameters
- </compilerArg>
- </compilerArgs>
-
- <encoding>${project.build.sourceEncoding}</encoding>
- <generatedSourcesDirectory>${basedir}/generated/main/java</generatedSourcesDirectory>
- <generatedTestSourcesDirectory>
- ${basedir}/generated/test/java
- </generatedTestSourcesDirectory>
- </configuration>
+ <artifactId>maven-failsafe-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-eclipse-plugin</artifactId>
- <version>2.10</version>
- <configuration>
- <downloadSources>true</downloadSources>
- <downloadJavadocs>false</downloadJavadocs>
- </configuration>
+ <artifactId>maven-surefire-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-surefire-plugin</artifactId>
- <configuration>
- <includes>
- <include>**/*Test.java</include>
- <include>**/*ITCase.java</include>
- </includes>
- </configuration>
+ <artifactId>maven-compiler-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
- <!-- version is defined in parent pom -->
- <version>${jacoco.version}</version>
</plugin>
<plugin>
<groupId>org.cyclonedx</groupId>
@@ -610,47 +458,6 @@
</executions>
</plugin>
</plugins>
- <pluginManagement>
- <plugins>
- <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself. -->
- <plugin>
- <groupId>org.eclipse.m2e</groupId>
- <artifactId>lifecycle-mapping</artifactId>
- <version>1.0.0</version>
- <configuration>
- <lifecycleMappingMetadata>
- <pluginExecutions>
- <pluginExecution>
- <pluginExecutionFilter>
- <groupId>org.asciidoctor</groupId>
- <artifactId>asciidoctor-maven-plugin</artifactId>
- <versionRange>[2.2.1,)</versionRange>
- <goals>
- <goal>process-asciidoc</goal>
- </goals>
- </pluginExecutionFilter>
- </pluginExecution>
- </pluginExecutions>
- </lifecycleMappingMetadata>
- </configuration>
- </plugin>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-jar-plugin</artifactId>
- <version>3.4.1</version>
- <configuration>
- <archive>
- <addMavenDescriptor>false</addMavenDescriptor>
- </archive>
- </configuration>
- </plugin>
- <plugin>
- <groupId>com.amashchenko.maven.plugin</groupId>
- <artifactId>gitflow-maven-plugin</artifactId>
- <version>1.18.0</version>
- </plugin>
- </plugins>
- </pluginManagement>
</build>
<profiles>
@@ -863,68 +670,62 @@
</build>
</profile>
+ <!-- Deployment Profiles -->
<profile>
- <id>owasp</id>
+ <id>gitlab-deploy</id>
+ <activation>
+ <activeByDefault>false</activeByDefault>
+ </activation>
<build>
<plugins>
<plugin>
- <groupId>org.owasp</groupId>
- <artifactId>dependency-check-maven</artifactId>
- <version>8.3.1</version>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
- <failBuildOnCVSS>8.0</failBuildOnCVSS>
- <junitFailOnCVSS>8.0</junitFailOnCVSS>
- <formats>JUNIT,HTML,JSON</formats>
- <scanPlugins>false</scanPlugins>
+ <image>
+ <name>${CI_REGISTRY_IMAGE}/${project.artifactId}</name>
+ <tags>${IMAGE_TAGS}</tags>
+ <publish>true</publish>
+ </image>
+ <docker>
+ <publishRegistry>
+ <url>code.schleswig-holstein.de</url>
+ <username>${CI_REGISTRY_USER}</username>
+ <password>${CI_REGISTRY_PASSWORD}</password>
+ </publishRegistry>
+ </docker>
</configuration>
- <executions>
- <execution>
- <goals>
- <goal>check</goal>
- </goals>
- </execution>
- </executions>
</plugin>
</plugins>
</build>
</profile>
-
- <!-- Deployment Profiles -->
- <profile>
- <id>artifactory-deploy</id>
- <activation>
- <activeByDefault>false</activeByDefault>
- </activation>
- <distributionManagement>
- <repository>
- <id>artifactory</id>
- <name>artifactory</name>
- <url>https://repo-ex.zcdi.dataport.de:443/artifactory/kopsh-maven-virt/</url>
- </repository>
- <snapshotRepository>
- <id>artifactory-snapshots</id>
- <name>artifactory-snapshots</name>
- <url>https://repo-ex.zcdi.dataport.de:443/artifactory/kopsh-maven-virt/</url>
- </snapshotRepository>
- </distributionManagement>
- </profile>
<profile>
<id>nexus-deploy</id>
<activation>
<activeByDefault>false</activeByDefault>
</activation>
- <distributionManagement>
- <repository>
- <id>ozg-nexus</id>
- <name>ozg-releases</name>
- <url>https://nexus.ozg-sh.de/repository/ozg-releases/</url>
- </repository>
- <snapshotRepository>
- <id>ozg-snapshots-nexus</id>
- <name>ozg-snapshots</name>
- <url>https://nexus.ozg-sh.de/repository/ozg-snapshots/</url>
- </snapshotRepository>
- </distributionManagement>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.springframework.boot</groupId>
+ <artifactId>spring-boot-maven-plugin</artifactId>
+ <configuration>
+ <image>
+ <name>docker.ozg-sh.de/${project.artifactId}</name>
+ <tags>${IMAGE_TAGS}</tags>
+ <publish>true</publish>
+ </image>
+ <docker>
+ <publishRegistry>
+ <url>docker.ozg-sh.de</url>
+ <username>${NEXUS_USER}</username>
+ <password>${NEXUS_PASSWORD}</password>
+ </publishRegistry>
+ </docker>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
</profile>
</profiles>
</project>
diff --git a/soapui/XTA-soapui-project.xml b/soapui/XTA-soapui-project.xml
index 2d192601d123889f5ce4e913c67821768cb54d30..4b43308389bb29ee99ec0ed0269a5b7d4f7a0e7d 100644
--- a/soapui/XTA-soapui-project.xml
+++ b/soapui/XTA-soapui-project.xml
@@ -3358,7 +3358,7 @@ eine Nachricht für die synchrone Weiterleitung übergeben wurde, die nur für d
<xs:documentation>Diese Exception wird allgemein geworfen, wenn ein technisches Problem im XTA-WS aufgetreten ist. Sie kann z. B. durch ein Problem beim Zugriff auf die interne Datenbank des XTA-Servers ausgelöst worden sein.</xs:documentation>
</xs:annotation>
</xs:element>
-</xs:schema>]]></con:content><con:type>http://www.w3.org/2001/XMLSchema</con:type></con:part></con:definitionCache><con:endpoints><con:endpoint>http://localhost:8080/xta/ws</con:endpoint><con:endpoint>https://localhost:8443/MB_XTA-WS</con:endpoint><con:endpoint>https://localhost:8881</con:endpoint></con:endpoints><con:operation id="638fc8ad-4e98-4cf6-be0c-e2638749cfe3" isOneWay="false" action="http://www.xta.de/XTA/CancelMessage" name="cancelMessage" bindingOperationName="cancelMessage" type="Request-Response" inputName="" receivesAttachments="false" sendsAttachments="false" anonymous="optional"><con:settings/><con:call id="9e166713-c453-4f91-b18b-81229ae9f636" name="CancelMessage" sslKeystore="john_smith_xta_tester.p12" useWsAddressing="true"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><xml-fragment/></con:setting><con:setting id="WsdlSettings@enable-mtom">true</con:setting><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@force_mtom">true</con:setting></con:settings><con:encoding>UTF-8</con:encoding><con:endpoint>https://localhost:8443/MB_XTA-WS/XTA210managementPort.svc</con:endpoint><con:request><![CDATA[<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tran="http://www.osci.eu/ws/2014/10/transport" xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:add="http://www.w3.org/2005/08/addressing">\r
+</xs:schema>]]></con:content><con:type>http://www.w3.org/2001/XMLSchema</con:type></con:part></con:definitionCache><con:endpoints><con:endpoint>http://localhost:8080/xta/ws</con:endpoint><con:endpoint>https://localhost:8443/MB_XTA-WS</con:endpoint><con:endpoint>https://localhost:8881</con:endpoint></con:endpoints><con:operation id="638fc8ad-4e98-4cf6-be0c-e2638749cfe3" isOneWay="false" action="http://www.xta.de/XTA/CancelMessage" name="cancelMessage" bindingOperationName="cancelMessage" type="Request-Response" inputName="" receivesAttachments="false" sendsAttachments="false" anonymous="optional"><con:settings/><con:call id="9e166713-c453-4f91-b18b-81229ae9f636" name="CancelMessage" sslKeystore="xta-test-client-john-smith_keystore.p12" useWsAddressing="true"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><xml-fragment/></con:setting><con:setting id="WsdlSettings@enable-mtom">true</con:setting><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@force_mtom">true</con:setting></con:settings><con:encoding>UTF-8</con:encoding><con:endpoint>https://localhost:8443/MB_XTA-WS/XTA210managementPort.svc</con:endpoint><con:request><![CDATA[<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tran="http://www.osci.eu/ws/2014/10/transport" xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:add="http://www.w3.org/2005/08/addressing">\r
<soap:Header>\r
<tran:Author>\r
<tran:Identifier type="xoev" name="SoapUI" category="dbs:testumgebung">?</tran:Identifier>
@@ -3368,7 +3368,7 @@ eine Nachricht für die synchrone Weiterleitung übergeben wurde, die nur für d
<soap:Body>\r
<add:MessageID>urn:de:xta:messageid:xta-tester:b9f971c1-133e-4c33-91da-117a668f4343</add:MessageID>\r
</soap:Body>\r
-</soap:Envelope>]]></con:request><con:credentials><con:authType>No Authorization</con:authType></con:credentials><con:jmsConfig JMSDeliveryMode="PERSISTENT"/><con:jmsPropertyConfig/><con:wsaConfig mustUnderstand="NONE" version="200508" action="http://www.xta.de/XTA/CancelMessage" addDefaultAction="true" addDefaultTo="true" generateMessageId="true"/><con:wsrmConfig version="1.2"/></con:call></con:operation><con:operation id="ed63891c-c43a-4476-8208-f37771b9a239" isOneWay="false" action="http://www.xta.de/XTA/CheckAccountActive" name="checkAccountActive" bindingOperationName="checkAccountActive" type="Request-Response" inputName="" receivesAttachments="false" sendsAttachments="false" anonymous="optional"><con:settings/><con:call id="246c0286-5928-43a6-ab33-56b93f9308b3" name="CheckAccountActive" sslKeystore="john_smith_xta_tester.p12" useWsAddressing="true"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><xml-fragment/></con:setting><con:setting id="WsdlSettings@enable-mtom">true</con:setting><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@force_mtom">true</con:setting></con:settings><con:encoding>UTF-8</con:encoding><con:endpoint>https://localhost:9443/MB_XTA-WS/XTA210managementPort.svc</con:endpoint><con:request><![CDATA[<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tran="http://www.osci.eu/ws/2014/10/transport" xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">\r
+</soap:Envelope>]]></con:request><con:credentials><con:authType>No Authorization</con:authType></con:credentials><con:jmsConfig JMSDeliveryMode="PERSISTENT"/><con:jmsPropertyConfig/><con:wsaConfig mustUnderstand="NONE" version="200508" action="http://www.xta.de/XTA/CancelMessage" addDefaultAction="true" addDefaultTo="true" generateMessageId="true"/><con:wsrmConfig version="1.2"/></con:call></con:operation><con:operation id="ed63891c-c43a-4476-8208-f37771b9a239" isOneWay="false" action="http://www.xta.de/XTA/CheckAccountActive" name="checkAccountActive" bindingOperationName="checkAccountActive" type="Request-Response" inputName="" receivesAttachments="false" sendsAttachments="false" anonymous="optional"><con:settings/><con:call id="246c0286-5928-43a6-ab33-56b93f9308b3" name="CheckAccountActive" sslKeystore="xta-test-client-john-smith_keystore.p12" useWsAddressing="true"><con:settings><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@request-headers"><xml-fragment/></con:setting><con:setting id="WsdlSettings@enable-mtom">true</con:setting><con:setting id="com.eviware.soapui.impl.wsdl.WsdlRequest@force_mtom">true</con:setting></con:settings><con:encoding>UTF-8</con:encoding><con:endpoint>https://localhost:9443/MB_XTA-WS/XTA210managementPort.svc</con:endpoint><con:request><![CDATA[<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tran="http://www.osci.eu/ws/2014/10/transport" xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">\r
<soap:Header>\r
<tran:Author>\r
<tran:Identifier type="xoev" name="SoapUI" category="dbs:testumgebung">?</tran:Identifier>\r
@@ -10846,4 +10846,4 @@ if (action[0..1] == "\\\"") {
</ns:ContentContainer>
</ns:GenericContentContainer>
</soapenv:Body>
-</soapenv:Envelope>]]></con:responseContent><con:wsaConfig mustUnderstand="NONE" version="200508" action="http://www.osci.eu/ws/2008/05/transport/urn/messageTypes/MsgBoxFetchRequest"/></con:response><con:dispatchConfig/></con:mockOperation></con:mockService><con:properties/><con:afterLoadScript/><con:wssContainer><con:crypto><con:source>../src/main/resources/store/john_smith_xta_tester.p12</con:source><con:password>password</con:password><con:type>KEYSTORE</con:type></con:crypto><con:crypto><con:source>../src/main/resources/store/xta-test-server_keystore.p12</con:source><con:password>password</con:password><con:type>TRUSTSTORE</con:type></con:crypto></con:wssContainer><con:oAuth2ProfileContainer/><con:oAuth1ProfileContainer/><con:sensitiveInformation/></con:soapui-project>
\ No newline at end of file
+</soapenv:Envelope>]]></con:responseContent><con:wsaConfig mustUnderstand="NONE" version="200508" action="http://www.osci.eu/ws/2008/05/transport/urn/messageTypes/MsgBoxFetchRequest"/></con:response><con:dispatchConfig/></con:mockOperation></con:mockService><con:properties/><con:afterLoadScript/><con:wssContainer><con:crypto><con:source>../src/main/resources/store/xta-test-client-john-smith_keystore.p12</con:source><con:password>password</con:password><con:type>KEYSTORE</con:type></con:crypto><con:crypto><con:source>../src/main/resources/store/xta-test-server_keystore.p12</con:source><con:password>password</con:password><con:type>TRUSTSTORE</con:type></con:crypto></con:wssContainer><con:oAuth2ProfileContainer/><con:oAuth1ProfileContainer/><con:sensitiveInformation/></con:soapui-project>
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
index e13006c90cb420758d85e9d002be913ef9edbde6..475239245aa22c11d6f26c2feb973b72746b34e8 100644
--- a/src/main/resources/application.yml
+++ b/src/main/resources/application.yml
@@ -17,10 +17,10 @@ server:
key-store-password: password
key-store-type: pkcs12
# Alias im KeyStore
- key-alias: xta-test-application
+ key-alias: xta-test-server
key-password: password
# enthaelt alle vertrauenswuerdigen Zertifikate
- trust-store: classpath:store/xta-test-server_truststore.jks
+ trust-store: classpath:store/xta-test_truststore.jks
trust-store-password: password
trust-store-type: JKS
# want, need, none; see org.springframework.boot.web.server.ClientAuth
diff --git a/src/main/resources/store/.gitignore b/src/main/resources/store/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..e1980119d66205dfba5f0d5be03b86376bb7c839
--- /dev/null
+++ b/src/main/resources/store/.gitignore
@@ -0,0 +1,4 @@
+*.crt
+*.csr
+*.key
+*.slr
\ No newline at end of file
diff --git a/src/main/resources/store/ca-openssl.cnf b/src/main/resources/store/ca-openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..63ba8d8f5de6d40496a6545b094732048b555cf3
--- /dev/null
+++ b/src/main/resources/store/ca-openssl.cnf
@@ -0,0 +1,23 @@
+[req]
+default_bits = 2048
+distinguished_name = req_distinguished_name
+req_extensions = v3_ca
+prompt = no
+
+[req_distinguished_name]
+C = DE
+ST = XTATestState
+L = XTATestCity
+O = XTATestOrg
+OU = XTATestOrgUnit
+CN = XTA Test Root CA
+
+[ v3_ca ]
+# Basic Constraints
+basicConstraints = critical, CA:true, pathlen:0
+
+# Key Usage
+keyUsage = critical, digitalSignature, keyCertSign, cRLSign
+
+# Netscape Cert Type
+nsCertType = sslCA
\ No newline at end of file
diff --git a/src/main/resources/store/client-openssl.cnf b/src/main/resources/store/client-openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..2914eaa2893cfcb394c825e30394294f22466d79
--- /dev/null
+++ b/src/main/resources/store/client-openssl.cnf
@@ -0,0 +1,20 @@
+[ req ]
+default_bits = 2048
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+prompt = no
+
+[ req_distinguished_name ]
+C = DE
+ST = XTACity
+L = XTACountry
+O = XTAOrg
+OU = XTAOrgUnit
+CN = XTA Test Client
+
+[ req_ext ]
+authorityKeyIdentifier=keyid,issuer
+keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment, keyAgreement
+extendedKeyUsage = clientAuth
+basicConstraints=CA:FALSE
+nsCertType = client
\ No newline at end of file
diff --git a/src/main/resources/store/generate.sh b/src/main/resources/store/generate.sh
new file mode 100755
index 0000000000000000000000000000000000000000..5906a971e08e0a30faab5ed083c30c6f4ab71de0
--- /dev/null
+++ b/src/main/resources/store/generate.sh
@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -e
+
+STORE_PASS=password
+ISSUER_ALIAS=xta-test-root-ca
+TRUST_STORE_JKS=xta-test_truststore.jks
+
+if [ ! -f $ISSUER_ALIAS.key ] || [ ! -f $ISSUER_ALIAS.crt ]; then
+ rm $TRUST_STORE_JKS || true
+ echo "[1.0] Generate key for the Xta-Root-CA (Root CA key or crt not found)"
+ openssl genrsa -out $ISSUER_ALIAS.key 2048
+ echo "[1.1] Generate a self-signed certificate for the Xta-Root-CA"
+ openssl req -x509 -new -nodes -key $ISSUER_ALIAS.key -sha256 -days 4000 -out $ISSUER_ALIAS.crt -config ca-openssl.cnf -extensions v3_ca
+else
+ echo "[1.0] Root CA found. Skipping generation."
+fi
+
+if [ ! -f $TRUST_STORE_JKS ]; then
+ echo "[2.0] Import Root CA into Xta-Server-Truststore"
+ keytool -importcert -alias $ISSUER_ALIAS -keystore $TRUST_STORE_JKS -storetype JKS -storepass "$STORE_PASS" -file $ISSUER_ALIAS.crt -noprompt
+else
+ echo "[2.0] Xta-Server-Truststore found. Skipping generation."
+fi
+
+function generate_keystore_with_signed_certificate {
+ local step_num="$1"
+ local key_alias="$2"
+ local key_cn="$3"
+ local ext_config_file="$4"
+ local keystore_args=( -keystore "${key_alias}_keystore.p12" -storepass "$STORE_PASS" -storetype PKCS12 )
+ rm "$key_alias"_keystore.p12 || true
+ echo "[$step_num.0] Generate a keystore for $key_cn"
+ keytool -genkeypair "${keystore_args[@]}" -alias "$key_alias" -keyalg RSA -keysize 2048 -validity 3900 -dname "CN=$key_cn, OU=XtaTestOrgUnit, O=XtaTestOrg, L=XtaTestCity, S=XtaTestState, C=DE"
+ keytool -importcert "${keystore_args[@]}" -alias $ISSUER_ALIAS -file $ISSUER_ALIAS.crt -noprompt
+
+ echo "[$step_num.1] Generate a certificate signing request for $key_cn"
+ keytool -certreq "${keystore_args[@]}" -alias "$key_alias" -file "$key_alias.csr"
+
+ echo "[$step_num.2] Sign the certificate with the Root CA using $ext_config_file"
+ openssl x509 -req -in "$key_alias.csr" -out "$key_alias.crt" -CA $ISSUER_ALIAS.crt -CAkey $ISSUER_ALIAS.key -CAcreateserial -days 3900 -sha256 -extfile "$ext_config_file" -extensions req_ext
+ rm "$key_alias.csr" || true
+
+ echo "[$step_num.3] Import the signed certificate into the keystore with alias $key_alias"
+ keytool -importcert "${keystore_args[@]}" -alias "$key_alias" -file "$key_alias.crt" -noprompt
+ rm "$key_alias.crt" || true
+ keytool -delete "${keystore_args[@]}" -alias $ISSUER_ALIAS -noprompt
+}
+
+generate_keystore_with_signed_certificate "3" xta-test-server "XTA Test Server" server-openssl.cnf
+generate_keystore_with_signed_certificate "4" xta-test-client-john-smith "XTA Test Client John Smith" client-openssl.cnf
+generate_keystore_with_signed_certificate "5" xta-test-client-jane-doe "XTA Test Client Jane Doe" client-openssl.cnf
\ No newline at end of file
diff --git a/src/main/resources/store/jane_doe_xta_tester.p12 b/src/main/resources/store/jane_doe_xta_tester.p12
deleted file mode 100644
index f745dc02ab3dc0e9bb25a83ee0e9542ad3851c65..0000000000000000000000000000000000000000
Binary files a/src/main/resources/store/jane_doe_xta_tester.p12 and /dev/null differ
diff --git a/src/main/resources/store/john_smith_xta_tester.p12 b/src/main/resources/store/john_smith_xta_tester.p12
deleted file mode 100644
index a727395694185315016bfccc2fd42e17749e4592..0000000000000000000000000000000000000000
Binary files a/src/main/resources/store/john_smith_xta_tester.p12 and /dev/null differ
diff --git a/src/main/resources/store/server-openssl.cnf b/src/main/resources/store/server-openssl.cnf
new file mode 100644
index 0000000000000000000000000000000000000000..7b1a0f2c6b8c0fe32e9dc03e2aac2c1d3f73b599
--- /dev/null
+++ b/src/main/resources/store/server-openssl.cnf
@@ -0,0 +1,25 @@
+[req]
+default_bits = 2048
+distinguished_name = req_distinguished_name
+req_extensions = req_ext
+prompt = no
+
+[req_distinguished_name]
+C = YourCountry
+ST = YourState
+L = YourCity
+O = YourOrg
+OU = YourOrgUnit
+CN = your.server.com
+
+[req_ext]
+subjectAltName = @alt_names
+keyUsage = critical, digitalSignature, nonRepudiation, keyEncipherment, keyAgreement
+extendedKeyUsage = serverAuth
+basicConstraints = CA:FALSE
+subjectKeyIdentifier = hash
+
+[alt_names]
+DNS.1 = localhost
+IP.1 = 127.0.0.1
+DNS.2 = docker
\ No newline at end of file
diff --git a/src/main/resources/store/show_certs.sh b/src/main/resources/store/show_certs.sh
new file mode 100755
index 0000000000000000000000000000000000000000..3cc8bbb9488fa502c51d3939c235a7c5a7647956
--- /dev/null
+++ b/src/main/resources/store/show_certs.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+ISSUER_ALIAS=xta-test-root-ca
+STORE_PASS=password
+
+function show_cert_by_alias {
+ local key_alias="$1"
+ keytool -exportcert -alias "$key_alias" -keystore "${key_alias}_keystore.p12" -file "${key_alias}.crt" -storepass "$STORE_PASS"
+ openssl x509 -in "${key_alias}.crt" -text -noout
+ rm "${key_alias}.crt" || true
+}
+
+openssl x509 -in "${ISSUER_ALIAS}.crt" -text -noout
+
+show_cert_by_alias xta-test-server
+show_cert_by_alias xta-test-client-john-smith
+
diff --git a/src/main/resources/store/xta-test-client-jane-doe_keystore.p12 b/src/main/resources/store/xta-test-client-jane-doe_keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..0c0a1b20ac2922debfbbb7d973ddcdf6ecf068fc
Binary files /dev/null and b/src/main/resources/store/xta-test-client-jane-doe_keystore.p12 differ
diff --git a/src/main/resources/store/xta-test-client-john-smith_keystore.p12 b/src/main/resources/store/xta-test-client-john-smith_keystore.p12
new file mode 100644
index 0000000000000000000000000000000000000000..dab946317cc45fd93bf87b573e959fa86c0c1afa
Binary files /dev/null and b/src/main/resources/store/xta-test-client-john-smith_keystore.p12 differ
diff --git a/src/main/resources/store/xta-test-server_keystore.p12 b/src/main/resources/store/xta-test-server_keystore.p12
index da0a1928782d51ed779ccdd59f8fa0e55db88834..b8937afa04dd5fa9322ac86830f990bbe4ec6f48 100644
Binary files a/src/main/resources/store/xta-test-server_keystore.p12 and b/src/main/resources/store/xta-test-server_keystore.p12 differ
diff --git a/src/main/resources/store/xta-test-server_truststore.jks b/src/main/resources/store/xta-test-server_truststore.jks
deleted file mode 100644
index 0935b1e776a77b5caa7e8cfc4a6a02a9881d03b7..0000000000000000000000000000000000000000
Binary files a/src/main/resources/store/xta-test-server_truststore.jks and /dev/null differ
diff --git a/src/main/resources/store/xta-test_truststore.jks b/src/main/resources/store/xta-test_truststore.jks
new file mode 100644
index 0000000000000000000000000000000000000000..d3d62904abc6726da06f54b5cd083406e15d5444
Binary files /dev/null and b/src/main/resources/store/xta-test_truststore.jks differ
diff --git a/src/test/resources/application.yml b/src/test/resources/application.yml
index 3b93649c12db7fe0c15b08331ed4073608be207c..bec9257f4fbbfca804fb88b4821db63d7fad0528 100644
--- a/src/test/resources/application.yml
+++ b/src/test/resources/application.yml
@@ -10,10 +10,10 @@ server:
key-store-password: password
key-store-type: pkcs12
# Alias im KeyStore
- key-alias: xta-test-application
+ key-alias: xta-test-server
key-password: password
# enthaelt alle vertrauenswuerdigen Zertifikate
- trust-store: classpath:store/xta-test-server_truststore.jks
+ trust-store: classpath:store/xta-test_truststore.jks
trust-store-password: password
trust-store-type: JKS
# want, need, none; see org.springframework.boot.web.server.ClientAuth