Made check endpoints from signing service visible, prepared next rele…

…ase 4.12.2.

src/main/java/ch/admin/bag/covidcertificate/authorization/AuthorizationInterceptorConfig.java

@@ -17,7 +17,10 @@ public class AuthorizationInterceptorConfig implements WebMvcConfigurer {
             "/swagger-ui/**",
             "/v3/api-docs/**",
             "/api/v1/revocation-list",
-            "/api/v1/ping");
+            "/api/v1/ping",
+            "/api/v1/signing/ping",
+            "/api/v1/signing/health",
+            "/api/v1/signing/info");
 
     private final AuthorizationInterceptor interceptor;
 

src/main/java/ch/admin/bag/covidcertificate/client/signing/SigningClient.java

@@ -10,4 +10,9 @@ public interface SigningClient {
 
     void cleanKeyIdentifierCache();
 
+    String callPing();
+
+    String callHealth();
+
+    String callInfo();
 }

src/main/java/ch/admin/bag/covidcertificate/client/signing/internal/DefaultSigningClient.java

@@ -43,6 +43,15 @@ public class DefaultSigningClient implements SigningClient {
     @Value("${cc-signing-service.kid-url}")
     private String kidUrl;
 
+    @Value("${cc-signing-service.ping-url}")
+    private String pingUrl;
+
+    @Value("${cc-signing-service.health-url}")
+    private String healthUrl;
+
+    @Value("${cc-signing-service.info-url}")
+    private String infoUrl;
+
     public DefaultSigningClient(@Qualifier("signingServiceRestTemplate") RestTemplate restTemplate) {
         this.restTemplate = restTemplate;
     }
@@ -131,4 +140,39 @@ private String buildKidUrl(String url, Integer slotNumber, String kid) {
                 .pathSegment(slotNumber.toString(), kid)
                 .build().toString();
     }
+
+    public String callPing() {
+        return this.sendGetRequestWithUrl(pingUrl);
+    }
+
+    public String callHealth() {
+        return this.sendGetRequestWithUrl(healthUrl);
+    }
+
+    public String callInfo() {
+        return this.sendGetRequestWithUrl(infoUrl);
+    }
+
+    private String sendGetRequestWithUrl(String url) {
+        long start = System.currentTimeMillis();
+        log.info("Call signing service with url {}", url);
+
+        try {
+            ResponseEntity<String> result = restTemplate.exchange(
+                    url,
+                    HttpMethod.GET,
+                    new HttpEntity<>(new HttpHeaders()),
+                    String.class
+            );
+            long end = System.currentTimeMillis();
+            log.info("Call of signing service url {} finished with result {} within {} ms.",
+                    url,
+                    result.getStatusCode(),
+                    end - start);
+            return result.getBody();
+        } catch (RestClientException e) {
+            log.error("Connection with signing service {} could not be established.", url, e);
+            throw e;
+        }
+    }
 }

src/main/java/ch/admin/bag/covidcertificate/client/signing/internal/MockSigningClient.java

@@ -30,7 +30,7 @@ public boolean verifySignature(VerifySignatureRequestDto verifySignatureRequestD
     }
 
     @SneakyThrows
-    public String getKeyIdentifier(Integer slotNumber, String certificateAlias){
+    public String getKeyIdentifier(Integer slotNumber, String certificateAlias) {
         var outputStream = new ByteArrayOutputStream();
         new HexEncoder().encode(UUID.randomUUID().toString().getBytes(), 0, 8, outputStream);
         return outputStream.toString();
@@ -40,4 +40,19 @@ public String getKeyIdentifier(Integer slotNumber, String certificateAlias){
     public void cleanKeyIdentifierCache() {
         log.info("Mocking Cache Cleanup");
     }
+
+    @Override
+    public String callPing() {
+        return "mocked answer of ping";
+    }
+
+    @Override
+    public String callHealth() {
+        return "mocked answer of health";
+    }
+
+    @Override
+    public String callInfo() {
+        return "mocked answer of info";
+    }
 }

src/main/java/ch/admin/bag/covidcertificate/web/controller/SigningHealthController.java

@@ -0,0 +1,35 @@
+package ch.admin.bag.covidcertificate.web.controller;
+
+import ch.admin.bag.covidcertificate.client.signing.SigningClient;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+/**
+ * Controller to check signing service health using the standard actuator and ping endpoints.
+ */
+@RestController
+@RequestMapping("/api/v1/signing")
+@RequiredArgsConstructor
+@Slf4j
+public class SigningHealthController {
+
+    private final SigningClient signingClient;
+
+    @GetMapping("/ping")
+    public String checkPingOfSigningService() {
+        return this.signingClient.callPing();
+    }
+
+    @GetMapping("/health")
+    public String checkHealthOfSigningService() {
+        return this.signingClient.callHealth();
+    }
+
+    @GetMapping("/info")
+    public String checkInfoOfSigningService() {
+        return this.signingClient.callInfo();
+    }
+}

src/main/java/ch/admin/bag/covidcertificate/web/security/WebSecurityConfig.java

@@ -29,13 +29,16 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
     protected void configure(HttpSecurity http) throws Exception {
         http.requestMatchers().
                 antMatchers("/actuator/**",
-                            "/swagger-ui.html",
-                            "/swagger-ui/**",
-                            "/v3/api-docs/**",
-                            "/api/v1/revocation-list",
-                            "/api/v1/ping").
-                    and().
-                    authorizeRequests().anyRequest().permitAll();
+                        "/swagger-ui.html",
+                        "/swagger-ui/**",
+                        "/v3/api-docs/**",
+                        "/api/v1/revocation-list",
+                        "/api/v1/ping",
+                        "/api/v1/signing/ping",
+                        "/api/v1/signing/health",
+                        "/api/v1/signing/info").
+                and().
+                authorizeRequests().anyRequest().permitAll();
     }
 
     @Bean

src/main/resources/application-abn.yml

@@ -71,6 +71,9 @@ cc-signing-service:
   url: "https://covidcertificate-signing-a.bag.admin.ch/bag-vaccinecer-webapp/sign"
   verify-url: "https://covidcertificate-signing-a.bag.admin.ch/bag-vaccinecer-webapp/sign/verify"
   kid-url: "https://covidcertificate-signing-a.bag.admin.ch/bag-vaccinecer-webapp/sign/configuration/kid"
+  ping-url: "https://covidcertificate-signing-a.bag.admin.ch/bag-vaccinecer-webapp/ping"
+  health-url: "https://covidcertificate-signing-a.bag.admin.ch/bag-vaccinecer-webapp/actuator/health"
+  info-url: "https://covidcertificate-signing-a.bag.admin.ch/bag-vaccinecer-webapp/actuator/info"
 
 cc-printing-service:
   url: "https://cc-printing-service.abn.app.cfap02.atlantica.admin.ch/api/v1/print"

src/main/resources/application-dev.yml

@@ -77,6 +77,9 @@ cc-signing-service:
   url: "https://covidcertificate-signing-d.bag.admin.ch/bag-vaccinecer-webapp/sign"
   verify-url: "https://covidcertificate-signing-d.bag.admin.ch/bag-vaccinecer-webapp/sign/verify"
   kid-url: "https://covidcertificate-signing-d.bag.admin.ch/bag-vaccinecer-webapp/sign/configuration/kid"
+  ping-url: "https://covidcertificate-signing-d.bag.admin.ch/bag-vaccinecer-webapp/ping"
+  health-url: "https://covidcertificate-signing-d.bag.admin.ch/bag-vaccinecer-webapp/actuator/health"
+  info-url: "https://covidcertificate-signing-d.bag.admin.ch/bag-vaccinecer-webapp/actuator/info"
 
 cc-printing-service:
   url: "https://cc-printing-service.dev.app.cfap02.atlantica.admin.ch/api/v1/print"

src/main/resources/application-local.yml

@@ -79,13 +79,19 @@ cc-management-service:
 
 cc-signing-service:
   #When started as spring boot application
-#  url: "https://localhost:9090/sign"
-#  verify-url: "https://localhost:9090/sign/verify"
-#  kid-url: "https://localhost:9090/sign/configuration/kid"
+  url: "https://localhost:9090/sign"
+  verify-url: "https://localhost:9090/sign/verify"
+  kid-url: "https://localhost:9090/sign/configuration/kid"
+  ping-url: "https://localhost:9090/ping"
+  health-url: "https://localhost:9090/actuator/health"
+  info-url: "https://localhost:9090/actuator/info"
   #When started with tomcat
-  url: "https://localhost:8443/cc-signing/sign"
-  verify-url: "https://localhost:8443/cc-signing/sign/verify"
-  kid-url: "https://localhost:8443/cc-signing/sign/configuration/kid"
+#  url: "https://localhost:8443/cc-signing/sign"
+#  verify-url: "https://localhost:8443/cc-signing/sign/verify"
+#  kid-url: "https://localhost:8443/cc-signing/sign/configuration/kid"
+#  ping-url: "https://localhost:8443/cc-signing/ping"
+#  health-url: "https://localhost:8443/cc-signing/actuator/health"
+#  info-url: "https://localhost:8443/cc-signing/actuator/info"
 
 cc-printing-service:
   url: "http://localhost:8124/api/v1/print"

src/main/resources/application-prod.yml

@@ -74,6 +74,9 @@ cc-signing-service:
   url: "https://covidcertificate-signing.bag.admin.ch/bag-vaccinecer-webapp/sign"
   verify-url: "https://covidcertificate-signing.bag.admin.ch/bag-vaccinecer-webapp/sign/verify"
   kid-url: "https://covidcertificate-signing.bag.admin.ch/bag-vaccinecer-webapp/sign/configuration/kid"
+  ping-url: "https://covidcertificate-signing.bag.admin.ch/bag-vaccinecer-webapp/ping"
+  health-url: "https://covidcertificate-signing.bag.admin.ch/bag-vaccinecer-webapp/actuator/health"
+  info-url: "https://covidcertificate-signing.bag.admin.ch/bag-vaccinecer-webapp/actuator/info"
 
 cc-printing-service:
   url: "https://cc-printing-service.app.cfap02.atlantica.admin.ch/api/v1/print"