Feat: Add Certificate Revocation Endpoints (#141)

* Add Controller and DTO for DCC Revocation * Adapt to latest version of specification * Update Hash Types * Update API Endpoints * Add Persistence Model and DB Changelog * Update Controller * Update Format of Hash * Add Controller Logic for Upload and Delete * Add Download for Single Batches Add Download for BatchList Add Upload for Batches Add Delete for Batches Add Cleanup Job Update DB Schema Snapshot * Add Default Value to Config File * Checkstyle * Fix Dependencies * Update Spring Boot to 2.6.1 * Add Suppression for H2 CVE * Update DGC-Lib * Add Revocation Dto to Coverage Exclusion
eu-digital-green-certificates · Dec 16, 2021 · 9a41326 · 9a41326
1 parent 2d7e296
commit 9a41326
Show file tree

Hide file tree

Showing 24 changed files with 2,853 additions and 204 deletions.
diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
@@ -11,12 +11,20 @@
     <cve>CVE-2012-5055</cve>
   </suppress>
   <suppress>
-    <notes>see https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities vulnerability is fixed in tomcat 9.0.38</notes>
+    <notes>see https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities vulnerability is fixed in
+      tomcat 9.0.38
+    </notes>
     <cve>CVE-2020-13943</cve>
   </suppress>
   <suppress>
-    <notes>see https://nvd.nist.gov/vuln/detail/CVE-2020-10693 vulnerability is fixed in hibernate validator 6.0.20/ 6.1.5 - we are using 6.2.0.FINAL</notes>
+    <notes>see https://nvd.nist.gov/vuln/detail/CVE-2020-10693 vulnerability is fixed in hibernate validator 6.0.20/
+      6.1.5 - we are using 6.2.0.FINAL
+    </notes>
     <cve>CVE-2020-10693</cve>
   </suppress>
-
+  <suppress>
+    <notes>H2 is only used for Unit Testing. Version 2.x includes major breaking changes.</notes>
+    <cve>CVE-2021-23463</cve>
+  </suppress>
+
 </suppressions>
diff --git a/pom.xml b/pom.xml
@@ -7,7 +7,7 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.5.7</version>
+        <version>2.6.1</version>
         <relativePath/>
     </parent>
 
@@ -43,31 +43,26 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
         <!-- dependencies -->
-        <owasp.version>6.1.6</owasp.version>
-        <spring.boot.version>2.5.7</spring.boot.version>
-        <spring.test.version>5.3.9</spring.test.version>
-        <spring.security.version>5.5.1</spring.security.version>
-        <lombok.version>1.18.20</lombok.version>
-        <liquibase.version>4.4.2</liquibase.version>
-        <springdoc.version>1.5.10</springdoc.version>
-        <junit.version>5.7.2</junit.version>
+        <owasp.version>6.5.0</owasp.version>
+        <spring.security.version>5.6.0</spring.security.version>
+        <lombok.version>1.18.22</lombok.version>
+        <liquibase.version>4.6.2</liquibase.version>
+        <springdoc.version>1.6.0</springdoc.version>
         <mapstruct.version>1.4.2.Final</mapstruct.version>
-        <mockito.version>3.11.2</mockito.version>
-        <bcpkix.version>1.69</bcpkix.version>
+        <mockito.version>4.1.0</mockito.version>
+        <bcpkix.version>1.70</bcpkix.version>
         <semver4j.version>3.1.0</semver4j.version>
-        <json-schema.version>1.13.0</json-schema.version>
-        <shedlock.version>4.25.0</shedlock.version>
-        <spring.cloud.version>2020.0.3</spring.cloud.version>
+        <json-schema.version>1.14.0</json-schema.version>
+        <shedlock.version>4.30.0</shedlock.version>
+        <spring.cloud.version>2021.0.0</spring.cloud.version>
         <slf4j.version>1.7.32</slf4j.version>
-        <log4j2.version>2.15.0</log4j2.version>
+        <log4j2.version>2.16.0</log4j2.version>
         <!-- plugins -->
         <plugin.maven-assembly.version>3.3.0</plugin.maven-assembly.version>
         <plugin.checkstyle.version>3.1.2</plugin.checkstyle.version>
-        <plugin.sonar.version>3.9.0.2155</plugin.sonar.version>
+        <plugin.sonar.version>3.9.1.2184</plugin.sonar.version>
         <plugin.jacoco.version>0.8.7</plugin.jacoco.version>
         <plugin.os-maven.version>1.7.0</plugin.os-maven.version>
-        <junit-platform.version>1.7.2</junit-platform.version>
-        <surefire.version>3.0.0-M5</surefire.version>
         <!-- license -->
         <license.projectName>EU Digital Green Certificate Gateway Service / dgc-gateway</license.projectName>
         <license.inceptionYear>2021</license.inceptionYear>
@@ -154,7 +149,7 @@
         <dependency>
             <groupId>eu.europa.ec.dgc</groupId>
             <artifactId>dgc-lib</artifactId>
-            <version>1.1.3</version>
+            <version>1.1.7</version>
         </dependency>
         <dependency>
             <groupId>com.vdurmont</groupId>
@@ -318,7 +313,7 @@
             <plugin>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-maven-plugin</artifactId>
-                <version>${spring.boot.version}</version>
+                <version>${project.parent.version}</version>
                 <configuration>
                     <profiles>dev</profiles>
                     <wait>5000</wait>
@@ -375,6 +370,7 @@
                     <excludes>
                         <exclude>**/DgcGatewayApplication.java</exclude>
                         <exclude>**/restapi/dto/*</exclude>
+                        <exclude>**/restapi/dto/**/*</exclude>
                         <exclude>**/restapi/mapper/*</exclude>
                         <exclude>**/repository/*</exclude>
                         <exclude>**/model/*</exclude>

diff --git a/src/main/java/eu/europa/ec/dgc/gateway/config/DgcConfigProperties.java b/src/main/java/eu/europa/ec/dgc/gateway/config/DgcConfigProperties.java
@@ -37,6 +37,8 @@ public class DgcConfigProperties {
 
     private JrcConfig jrc = new JrcConfig();
 
+    private Revocation revocation = new Revocation();
+
     @Getter
     @Setter
     public static class JrcConfig {
@@ -77,4 +79,10 @@ public static class HeaderFields {
             private String distinguishedName;
         }
     }
+
+    @Getter
+    @Setter
+    public static class Revocation {
+        private int deleteThreshold = 14;
+    }
 }
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/entity/RevocationBatchEntity.java b/src/main/java/eu/europa/ec/dgc/gateway/entity/RevocationBatchEntity.java
@@ -0,0 +1,112 @@
+/*-
+ * ---license-start
+ * EU Digital Green Certificate Gateway Service / dgc-gateway
+ * ---
+ * Copyright (C) 2021 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package eu.europa.ec.dgc.gateway.entity;
+
+import java.time.ZonedDateTime;
+import javax.persistence.Column;
+import javax.persistence.Entity;
+import javax.persistence.EnumType;
+import javax.persistence.Enumerated;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
+import javax.persistence.Index;
+import javax.persistence.Lob;
+import javax.persistence.Table;
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+@Getter
+@Setter
+@Entity
+@Table(name = "revocation_batch", indexes = @Index(columnList = "batchId"))
+@AllArgsConstructor
+@NoArgsConstructor
+public class RevocationBatchEntity {
+
+    @Id
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    @Column(name = "id")
+    private Long id;
+
+    /**
+     * ID of the Batch.
+     */
+    @Column(name = "batchId", nullable = false, length = 36, unique = true)
+    private String batchId;
+
+    /**
+     * ISO 3166 Alpha-2 Country Code.
+     * (plus code "EU" for administrative European Union entries).
+     */
+    @Column(name = "country", nullable = false, length = 2)
+    private String country;
+
+    /**
+     * Timestamp of the Batch when it was added or deleted.
+     */
+    @Column(name = "changed", nullable = false)
+    private ZonedDateTime changed = ZonedDateTime.now();
+
+    /**
+     * Timestamp when the Batch will expire.
+     */
+    @Column(name = "expires", nullable = false)
+    private ZonedDateTime expires;
+
+    /**
+     * Flag that indicates whether this batch was already deleted.
+     */
+    @Column(name = "deleted", nullable = false)
+    private Boolean deleted = false;
+
+    /**
+     * Type of Revocation Hashes.
+     */
+    @Column(name = "type", nullable = false)
+    @Enumerated(EnumType.STRING)
+    private RevocationHashType type;
+
+    /**
+     * The KID of the Key used to sign the CMS.
+     */
+    @Column(name = "kid", length = 12)
+    private String kid;
+
+    /**
+     * The Signed CMS with the batch.
+     */
+    @Column(name = "signed_batch", length = 1_024_000)
+    @Lob
+    private String signedBatch;
+
+    /**
+     * Available types of Hash.
+     */
+    public enum RevocationHashType {
+        SIGNATURE,
+        UCI,
+        COUNTRYCODEUCI
+    }
+
+}
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/entity/RevocationBatchProjection.java b/src/main/java/eu/europa/ec/dgc/gateway/entity/RevocationBatchProjection.java
@@ -0,0 +1,35 @@
+/*-
+ * ---license-start
+ * EU Digital Green Certificate Gateway Service / dgc-gateway
+ * ---
+ * Copyright (C) 2021 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package eu.europa.ec.dgc.gateway.entity;
+
+import java.time.ZonedDateTime;
+
+public interface RevocationBatchProjection {
+
+    String getBatchId();
+
+    String getCountry();
+
+    ZonedDateTime getChanged();
+
+    Boolean getDeleted();
+
+}
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/model/RevocationBatchDownload.java b/src/main/java/eu/europa/ec/dgc/gateway/model/RevocationBatchDownload.java
@@ -0,0 +1,35 @@
+/*-
+ * ---license-start
+ * EU Digital Green Certificate Gateway Service / dgc-gateway
+ * ---
+ * Copyright (C) 2021 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package eu.europa.ec.dgc.gateway.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+@Data
+@NoArgsConstructor
+@AllArgsConstructor
+public class RevocationBatchDownload {
+
+    private String batchId;
+
+    private String signedCms;
+}
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/model/RevocationBatchList.java b/src/main/java/eu/europa/ec/dgc/gateway/model/RevocationBatchList.java
@@ -0,0 +1,47 @@
+/*-
+ * ---license-start
+ * EU Digital Green Certificate Gateway Service / dgc-gateway
+ * ---
+ * Copyright (C) 2021 T-Systems International GmbH and all other contributors
+ * ---
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ * ---license-end
+ */
+
+package eu.europa.ec.dgc.gateway.model;
+
+import java.time.ZonedDateTime;
+import java.util.List;
+import lombok.AllArgsConstructor;
+import lombok.Data;
+
+@Data
+public class RevocationBatchList {
+
+    private Boolean more;
+
+    private List<RevocationBatchListItem> batches;
+
+    @Data
+    @AllArgsConstructor
+    public static class RevocationBatchListItem {
+
+        private String batchId;
+
+        private String country;
+
+        private ZonedDateTime date;
+
+        private Boolean deleted;
+    }
+}