Merge pull request #21 from OSGP/feature/FDP-2217

FDP-2217: Implement mutual TLS
OSGP · Jun 7, 2024 · 8806573 · 8806573
2 parents d1ee37a + 669d23e
commit 8806573
Show file tree

Hide file tree

Showing 6 changed files with 150 additions and 7 deletions.
diff --git a/application/build.gradle.kts b/application/build.gradle.kts
@@ -1,3 +1,5 @@
+import org.springframework.boot.gradle.tasks.bundling.BootJar
+
 // SPDX-FileCopyrightText: Contributors to the GXF project
 //
 // SPDX-License-Identifier: Apache-2.0
@@ -27,6 +29,11 @@ dependencies {
     jacocoAggregation(project(":application"))
 }
 
+tasks.withType<BootJar> {
+    // Exclude test keys and certificates
+    exclude("ssl/*.pem")
+}
+
 tasks.withType<org.springframework.boot.gradle.tasks.bundling.BootBuildImage> {
     imageName.set("ghcr.io/osgp/sng-coap-http-proxy:$version")
     if (project.hasProperty("publishImage")) {

diff --git a/application/src/main/resources/application-dev.yaml b/application/src/main/resources/application-dev.yaml
@@ -5,11 +5,13 @@
 server:
   port: 8181
 
-management:
-  endpoints:
-    web:
-      exposure:
-        include: prometheus
+# Local testing certificates
+mutual-tls:
+  keystore:
+    private-key: "classpath:ssl/dev-proxy-key.pem"
+    certificate: "classpath:ssl/dev-proxy-cert.pem"
+  truststore:
+    certificate: "classpath:ssl/dev-device-service-cert.pem"
 
 config:
   coap:
@@ -24,8 +26,8 @@ config:
     preferred-block-size: 1024
 
   http:
-    url: "http://localhost:9000"
-    connection-timeout: 5000ms
+    url: "https://localhost:9000"
+    connection-timeout: "5000ms"
 
   udp:
     udp-receive-buffer-size: 8192

diff --git a/application/src/main/resources/application.yaml b/application/src/main/resources/application.yaml
@@ -2,6 +2,22 @@
 #
 #SPDX-License-Identifier: Apache-2.0
 
+# Default server ssl bundle
+spring:
+  ssl:
+    bundle:
+      pem:
+        coap-http-proxy:
+          keystore:
+            private-key: "${mutual-tls.keystore.private-key}"
+            certificate: "${mutual-tls.keystore.certificate}"
+          truststore:
+            certificate: "${mutual-tls.truststore.certificate}"
+
+config:
+  http:
+    ssl-bundle: "coap-http-proxy"
+
 management:
   endpoints:
     web:

diff --git a/application/src/main/resources/ssl/dev-device-service-cert.pem b/application/src/main/resources/ssl/dev-device-service-cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsTCCA5mgAwIBAgIUY0NujZU+uRqek0Fi6QoY1Qo4AKAwDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCTkwxEzARBgNVBAgMCkdlbGRlcmxhbmQxDzANBgNVBAcM
+BkFybmhlbTESMBAGA1UECgwJQWxsaWFuZGVyMQswCQYDVQQLDAJJVDESMBAGA1UE
+AwwJbG9jYWxob3N0MB4XDTI0MDYwNzEwNTExMVoXDTM0MDYwNTEwNTExMVowaDEL
+MAkGA1UEBhMCTkwxEzARBgNVBAgMCkdlbGRlcmxhbmQxDzANBgNVBAcMBkFybmhl
+bTESMBAGA1UECgwJQWxsaWFuZGVyMQswCQYDVQQLDAJJVDESMBAGA1UEAwwJbG9j
+YWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA86nNd5UwicED
+H861toiRZLsol3m11GVBGXBYLNlDE6gK0Ib9ST7tf3sV/desa9JnQdGJn5xSZf0H
+RKShs2u3aB2vdY1ZTeBnadIaekNLVil92Ug4fPBqhgaNQgHWf12vZS9Im97JfULT
+AmBGJN2u5p1otkX9gqPD8IHV51hVplrXyUEpiShib/KFcG4POyr0b6RGBBShcxNm
+ll0t57/jIQq50qOf0altFNDMe3OSeUsHepxhPIPDW0voN4eOogdfkaL5YvJ3lBg4
+hoasVhwmr4/k+C5REYT8bbzQIAuK2E28R/6rBm2qclzvC500pyEb3PxLQnDsui+a
+GnMgxOr+D+3YbqmQsxlTodfktThG8g3uT0WULjmF3WAxOlitYMEXb6U08+NwZJA0
+hfPPVxovkkNUTTVDKaecv/k90R6c7qhE0pQojkdb7/px6j4zJgORX4zAXyo8UUrA
+OLhB0BMrUrjaDSUtMmmPwch5ps6gwSEUYQZPchG9H7h1U8Har4EpBFVB/+qdJ+VX
++eBYtf6wJk1pT0wEn0rBXs/B/aThWVjcCIk+yP84FWiGLqcQ5owmgtHYqiqWiUzH
+GI5ZZk5pZt3E9aOelkUDyXIOhKzGi6mCQ2oCQYVFId57opD16jBNwo8WWAnhuqNN
+gNechnnegK+QacU3zHvrJUqoKgkZ3y0CAwEAAaNTMFEwHQYDVR0OBBYEFM8HC5y9
+pI1VSahRWDuCuyW1BjSbMB8GA1UdIwQYMBaAFM8HC5y9pI1VSahRWDuCuyW1BjSb
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADQ2nWBuiyNU/2my
+QaaMTajKHtl4jynH4qhQnYypxd6pTeI2/a5AQpe+5O+lLdeiizhue/5T+119j8DM
+ZedmZskFhP9vhXt/6m50TqwuxkGNXxKbdpEvLSjhdepuFIAkh7yT3sMe5ivSSXjh
+HqqHOZ7Yn/3nbCUPhsrmc3bEXsbsILOHpJjUNyyoxCv/MnSAMeGTZddd1zvVSbz9
++pmZmkPOR1osmNcaFiw3klbRnz2ckt64Ds7Ea2+WuWmWEKUllgDcSO1wmYTjUzFK
+xdb1HqhORFsi2KUW/Zk4JQPxedehImLrs07uMJUjBaBn1FgO60yDLFAFQwYUAYKm
+MhYUuG32k23Ywx7fM495Le6exRpjGu/ZniYQyz1nKzuobQNrEIjTHFGGmaqJfzu4
+030Jq8dvi1Pi+HNIqnTOcmxEzvfj3ie4aBzGjTNPAI1O94doUxGf5EcD330fYIKG
+xo8Rkqv+uV48jiZ/2cG+e5NAktuiBOiYq28QP+2RnkLH2S2WPN9Qmk7Norb20Gs8
+V4hH/EMt6Qduh0X5vLNg8gKy6cIuqlmSQ2cMNKMXNaCwSvRuDOnJt/Ko2lKAWc6r
+uPlh9grkF5EvfoPAG47kdlclyzChVPvNIIsWE9WT7mQ30RORSffjqXdG55F/Igf/
+Idj2vIFKNQlLkpMPSANa2B1u1/mH
+-----END CERTIFICATE-----
diff --git a/application/src/main/resources/ssl/dev-proxy-cert.pem b/application/src/main/resources/ssl/dev-proxy-cert.pem
@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFsTCCA5mgAwIBAgIUQz2Jfjg4JkSsca8BVSafqt8mB0cwDQYJKoZIhvcNAQEL
+BQAwaDELMAkGA1UEBhMCTkwxEzARBgNVBAgMCkdlbGRlcmxhbmQxDzANBgNVBAcM
+BkFybmhlbTESMBAGA1UECgwJQWxsaWFuZGVyMQswCQYDVQQLDAJJVDESMBAGA1UE
+AwwJbG9jYWxob3N0MB4XDTI0MDYwNzEwNTExMVoXDTM0MDYwNTEwNTExMVowaDEL
+MAkGA1UEBhMCTkwxEzARBgNVBAgMCkdlbGRlcmxhbmQxDzANBgNVBAcMBkFybmhl
+bTESMBAGA1UECgwJQWxsaWFuZGVyMQswCQYDVQQLDAJJVDESMBAGA1UEAwwJbG9j
+YWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApGs2eERv8/XM
+FwN1B8puQLT7+b1rnxYKQZqblpPQwmb15ytWaVVBgDWaJV7re/ZeXD+B3wB0bo6j
+X1xx4o6Ue25GTdQajTnD2/Oy8VATbTV45gyHqNfz6ourP7Bkt4xzeBjFYHTwLKKt
+IOjHD7zgZ8ih74xpSeeUabsVz0zYI9URI6hSt8iRvti8ibCsWxvaO3lbLT87m+Ht
+4cUg+j0phHQ3k/HU8KqtReKJCpSrBq9eyPAU1of4AXP/iMDi7vw5+iPPqtUKfpgN
+dRwxiCnopjnUwIUbZ7G1U805zu6zEjOTlZNI0uTnNT24b2k79Ml05Qy+zn/3RPrh
+16raHv0R3x9ZrE5I/GP3XX6sWEVrKjTsftkOFkCJACm/idtMoqOSrM/5bVTPBpMS
+j7hjvO65CwgbfBeR1v+NUzpk+aFTglL72WI6bT28xhZLZb+xPu0DTilB5bfWUNmB
+GewThY1uQdeq4n3bsPQeneXighba2oM4rkDQ15E/UML7qKDrCjs8vNSYzaG+PAjL
+5ADxKkrM+KrSNiEUjPwAZvCF47XFsUEM5UTYggvoxIk90HAPG42zxklYRnA15BkL
+yPMsduDZ4cf65goZWkXrLNkUoVYdEx1Bcfp2uJjeiE8X6dyIPAdEHvdkfRK8EGd8
+HFXuGjYcHSFAikZRyF9fc7nhiUfK/d0CAwEAAaNTMFEwHQYDVR0OBBYEFPNQWmxE
+JCyHMgO8Yz5ACAbRWwbUMB8GA1UdIwQYMBaAFPNQWmxEJCyHMgO8Yz5ACAbRWwbU
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAJKb79cLWd+8iBGW
+5XW3ThAuLoMxVdTHWYScMXfSxB9hnG+Xac+v5/2Fe1wGMcSII05SwUnveiUFlj3V
+9PPOOmKk1xlLXuXu3WEhotBt3MWywjf2GIrtF4uOLUvWajgBu8ASiXBOcw8my0fd
+FUNwmNkxiqcgr9UvbYoeaTG594Jmp+we7P9OZO0NCHMHfsRPC2Qsz1F3AJfy1jAI
+hm4JJvHvIAfBqxP+Z/SJTZP1xAXSS7JyzGGEz+H6ZLJabjd0kW/FIa0C4Lm8pHNH
+qeFwLjQTMocFUaTLkbZVD2vPsGsl8PmzpWTt04EWd03kQGnFWtp4J9Gd1FQWPYMQ
+zNYKvwmDKq9odQTViNzU6xHQmwo+mZM17KqRwkqKRPmXYH6mtqdpmxKEWynkWhwQ
+jfBsJfqfJqrSfVyID0IbxZIAEgD2MOcH8KET8iImdvZyQcHC0NWJF8EDVvwnG2If
+4oAlfKIwSxe4FQ0pG01MCGnWwncQt76d75k7fs1FO9DORCCYQdDxcI8M1uwzdxJG
+1UQ/WbRxSlKalAwgzP8rL9LTA9naVR7FDjZTBaP3JJHcI7cEwkYiGDxYdFzjy8b2
+dU5fGUoSNoWABVIGAQxpDlNqS4AZaQQxA9g7KHBUuLXaDvnG59yK36g0YlQBUbyh
+7mN89Z4HwosPDcA5cIfi/Wie/kfZ
+-----END CERTIFICATE-----
diff --git a/application/src/main/resources/ssl/dev-proxy-key.pem b/application/src/main/resources/ssl/dev-proxy-key.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCkazZ4RG/z9cwX
+A3UHym5AtPv5vWufFgpBmpuWk9DCZvXnK1ZpVUGANZolXut79l5cP4HfAHRujqNf
+XHHijpR7bkZN1BqNOcPb87LxUBNtNXjmDIeo1/Pqi6s/sGS3jHN4GMVgdPAsoq0g
+6McPvOBnyKHvjGlJ55RpuxXPTNgj1REjqFK3yJG+2LyJsKxbG9o7eVstPzub4e3h
+xSD6PSmEdDeT8dTwqq1F4okKlKsGr17I8BTWh/gBc/+IwOLu/Dn6I8+q1Qp+mA11
+HDGIKeimOdTAhRtnsbVTzTnO7rMSM5OVk0jS5Oc1PbhvaTv0yXTlDL7Of/dE+uHX
+qtoe/RHfH1msTkj8Y/ddfqxYRWsqNOx+2Q4WQIkAKb+J20yio5Ksz/ltVM8GkxKP
+uGO87rkLCBt8F5HW/41TOmT5oVOCUvvZYjptPbzGFktlv7E+7QNOKUHlt9ZQ2YEZ
+7BOFjW5B16rifduw9B6d5eKCFtragziuQNDXkT9QwvuooOsKOzy81JjNob48CMvk
+APEqSsz4qtI2IRSM/ABm8IXjtcWxQQzlRNiCC+jEiT3QcA8bjbPGSVhGcDXkGQvI
+8yx24Nnhx/rmChlaRess2RShVh0THUFx+na4mN6ITxfp3Ig8B0Qe92R9ErwQZ3wc
+Ve4aNhwdIUCKRlHIX19zueGJR8r93QIDAQABAoICAAz92A/l5SG1/ZJ2SGLyn3EX
+S+S2egCX8CdcZShfVYAS53caFnRxaIujUKLczpxyLGUQyJKGGZfFx19zhsp+dnmP
++QKmfJLwVPX2L4tqnB+wOWAWGTRhx0kfEEuSmiFjD0RWqBFAftzMCC7g7cpkI9LX
+iIIiNQyXqENi0Beb9w/SbWME+8Tqq9IpvoYJCClqeJKOpYIcVw8GFF2XTbfa1C2+
+NXOyyLRb4XVI791T6h/3r0nkfIUHY9+Q2p4OkwU2uAm4QYJlCIoAZOnTbeTYM4+f
+jgcd+BB4EH+cEvyzTEInLKVwPfFvZbHa3A4Dlu73PyMSdX42ys3wHp8ZBdir1E5N
+qh2WRT9Y8ZGAw9WJT7kUVABAxkGZY/94VSZtng+56vZNDqTpawjjCUjApnRl25tG
+7RkGON2D8KTks6FQp66UASS9SBDyBa4ntHYb0v+eI/zmAxlst2ljL4URh7gAy6OR
+3swq/+tRTRN5hK87zHoOuclHwyraZXq5hF/EgdTGWuF3M/G1qPHDQnJHzqMkanPm
+0zrkOlW67u4NiqsSzNAq9cQrG39fEN8caZzhOi/0m1mzq1vDAIQkh2bP+zDU3LVL
+JB/ky/Y9QzsMZB3btUpt9PstdyKFTsRPnShU9SNCtE2fbWCl1c98D6DSXlKB6874
+bIoeCFhi9yrU3i85qYJ5AoIBAQDZYltasxPK2Czz70EtLBFeWaikHZhqD4kAI8MJ
+ZA3L8l4uYkcc11QPHYD50+wappI/YGyuPsVY7TNu3nNrzuhwC4b6lR+8Tgu5P7jZ
+GQIVl2QvBz+YCe3fKnxG1sA86Va3KrJjw3ntKPu3m2s++6UegRYV9ZqHS1pyNDHz
+i5L7mB4vrVYMByYi7Lz2R8p4IAVVmYLyBTuOEMrxeYrxAyDF6W22THIUQRwycxI5
+tI2yzVBnXaNFetjZ6lKNhzVr2QwEUn6XIpv5cuEM0vYULSU2jCsCoWGX7vsTX/RZ
+BjKSf70JWS6q+SJIi+04Zko91kWyR5jyLatmxFywAb2wppNpAoIBAQDBoDsHNiuG
+ZNXNX76NROgy64uqEscLkWlnKrQmFgumeTJVEPcUDyGhsmdVLtL5zMCQQZ1u8OCc
+noJgwUg9RXW6Kvg/7vvsdIYZTemNhKSu3t8KLSoNnTHjJSWM+Y+Y+AUxDUa3b8uw
+2ff9GxMclfKM1G6HDprcbkTceNipO10WeMACZTH1FgTNuWf6zyEglgmo+/UHzgLZ
+nsQJZOW4ZwskkSvihbo1mCrJVyr6tcVaXjuQVSQ8EJb+5ykeMrOD+vtE15fWokWh
+g3tpOmbkZaND77da66ghgx7S7rECp5XKwgBuRdWxWmHLhIfaYp9AQa2ES5oIl6hB
+AZjlmHzPNixVAoIBAGdyQczomQuXUdUHTvnDFcTTX8gxeT1HhUd2vTJz1YjvHlhu
+Vi7oXU0QGjdI3PtVtxTHuxA0OM93mVkyLLTp8nyXT7VhT4fZkASoyTsuhmpl77vd
+dCrS1sqzOg6v1S1nUOe7Psbw182/CgI2yJNhRxM8FJmAlfe6KSFdq0OdcOWfXwYL
+M35nzIMkK0v7n+MIQeGZOtIXIV8aqKi+0RqeBXOJALeWq1buIQ/06IBjZmbnA1Md
+ITxIGHei5YQKCqb205we8bTUOGs9etESdx3k2eeaTkFjMMEPbZWrvOi8ZUaH2Rpg
+wS+FfQYO6GVFcCD7HZGYNrVQfFdcLEtpmK4+prkCggEAC1MMwMI5T3XsT0OvSGHk
+Vr4SABNzEskhaghEWwnlCoqCGBmS6dhstiFSC9hePH/uL0G3LHroGCDpLTGAwRyj
+4wyKUmruzwiNo0M8SqucWiHs15KGqB8ugMN2a8VY0bCH1TOalDX0qtZEu8fumThn
+5Da0dC+1fPjyDBcBTPyM2DidukYi4tuz0jhqzW9514cO75Q044z3+7RecNI24U8d
+hrj64RfDKUlKD1aKy/j/nuZuA2YHZX/u5N+uNvbuKuTt9zvIxKPfALBI8oGY7PjI
+0LtfdPDdd4BMuDd/oNEeYKpyDgEFm4bWu2l37JziBYcR1+/4BVKhY5PtVlhRzGi1
+tQKCAQEAoBVaaLEEfHrcNVS7m+2sGFQdTaOZalwepV8TfPekk25/S6H3tp5QMdUD
+18CQT1U2b0vQAn+zon1Wey5yqhNZHqaSIUCo07hBkAIyEV31bGa3Xn2bqRFbdgna
+MJiRcQJ99lYtknDF9WF3dd19Szqlc49e6aVT2aJZsmWh74YUEM6WXmOOLKKcVrPE
+2rQDkN6S/oaXBAsh5Vz/PN6cEDlGx+MkXQ3q9b5Xw27m0zStXxZrwBjSwhUdjOD7
+V3RWHePRjlR7pPpxPxal9dJxYOT35dkALOsa+UTWRMS3e4/0yU7jGF1BsdioWwex
+GeQDPl/PZMayJ7wjD6slJbxa/HSmgA==
+-----END PRIVATE KEY-----