Merge/main into 2.22 (#1808)

* Bump spring-boot.version from 2.6.6 to 2.6.7 (#1804) Bumps `spring-boot.version` from 2.6.6 to 2.6.7. Updates `spring-boot-dependencies` from 2.6.6 to 2.6.7 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.6.6...v2.6.7) Updates `spring-boot-starter` from 2.6.6 to 2.6.7 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.6.6...v2.6.7) Updates `spring-boot-starter-log4j2` from 2.6.6 to 2.6.7 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.6.6...v2.6.7) Updates `spring-boot-starter-web` from 2.6.6 to 2.6.7 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.6.6...v2.6.7) Updates `spring-boot-starter-test` from 2.6.6 to 2.6.7 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.6.6...v2.6.7) Updates `spring-boot-maven-plugin` from 2.6.6 to 2.6.7 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](spring-projects/spring-boot@v2.6.6...v2.6.7) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-dependencies dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-log4j2 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-web dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-test dependency-type: direct:development update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-maven-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump protobuf.version from 3.20.0 to 3.20.1 (#1805) Bumps `protobuf.version` from 3.20.0 to 3.20.1. Updates `protobuf-java` from 3.20.0 to 3.20.1 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py) - [Commits](https://github.com/protocolbuffers/protobuf/commits) Updates `protobuf-java-util` from 3.20.0 to 3.20.1 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/generate_changelog.py) - [Commits](https://github.com/protocolbuffers/protobuf/commits) --- updated-dependencies: - dependency-name: com.google.protobuf:protobuf-java dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: com.google.protobuf:protobuf-java-util dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Bump checkstyle from 10.1 to 10.2 (#1807) Bumps [checkstyle](https://github.com/checkstyle/checkstyle) from 10.1 to 10.2. - [Release notes](https://github.com/checkstyle/checkstyle/releases) - [Commits](checkstyle/checkstyle@checkstyle-10.1...checkstyle-10.2) --- updated-dependencies: - dependency-name: com.puppycrawl.tools:checkstyle dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Feature/revocation etag (#1806) * rename package * fetch etag via http HEAD * code coverage * update docs * add ETag repository + service * add ConstructorWithParams * abort further processing if DCC etag exists already * store DCC etag when revocation list was fetched * keep latest DCC etag in memory to be able to store it after successful payload storage * fix link to Zenko CloudServer * test cover DccRevocationListService * RetentionPolicyTestRevocation * package private makes it easier to test * more code coverage Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
corona-warn-app · Apr 26, 2022 · 781e7ea · 781e7ea
1 parent 286e2cf
commit 781e7ea
Show file tree

Hide file tree

Showing 24 changed files with 461 additions and 88 deletions.
diff --git a/README.md b/README.md
@@ -222,4 +222,4 @@ Please see the [detailed licensing information](https://api.reuse.software/info/
 
 [Postgres]: https://www.postgresql.org/
 
-[Zenko CloudServer]: https://github.com/scality/cloudserver
+[Zenko CloudServer]: https://www.zenko.io/cloudserver/
diff --git a/...istence/src/main/java/app/coronawarn/server/common/persistence/domain/RevocationEtag.java b/...istence/src/main/java/app/coronawarn/server/common/persistence/domain/RevocationEtag.java
@@ -0,0 +1,35 @@
+package app.coronawarn.server.common.persistence.domain;
+
+import org.springframework.data.annotation.Id;
+
+public class RevocationEtag {
+
+  @Id
+  private String path;
+
+  private String etag;
+
+  public RevocationEtag() {
+  }
+
+  public RevocationEtag(final String path, final String etag) {
+    this.path = path;
+    this.etag = etag;
+  }
+
+  public String getEtag() {
+    return etag;
+  }
+
+  public String getPath() {
+    return path;
+  }
+
+  public void setEtag(final String etag) {
+    this.etag = etag;
+  }
+
+  public void setPath(final String path) {
+    this.path = path;
+  }
+}
diff --git a/...java/app/coronawarn/server/common/persistence/repository/DccRevocationEtagRepository.java b/...java/app/coronawarn/server/common/persistence/repository/DccRevocationEtagRepository.java
@@ -0,0 +1,16 @@
+package app.coronawarn.server.common.persistence.repository;
+
+import app.coronawarn.server.common.persistence.domain.RevocationEtag;
+import org.springframework.data.jdbc.repository.query.Modifying;
+import org.springframework.data.jdbc.repository.query.Query;
+import org.springframework.data.repository.PagingAndSortingRepository;
+import org.springframework.data.repository.query.Param;
+import org.springframework.stereotype.Repository;
+
+@Repository
+public interface DccRevocationEtagRepository extends PagingAndSortingRepository<RevocationEtag, String> {
+
+  @Modifying
+  @Query("INSERT INTO revocation_etag (path, etag) VALUES (:path, :etag)")
+  void save(@Param("path") String path, @Param("etag") String etag);
+}
diff --git a/.../main/java/app/coronawarn/server/common/persistence/service/DccRevocationListService.java b/.../main/java/app/coronawarn/server/common/persistence/service/DccRevocationListService.java
@@ -1,8 +1,11 @@
 package app.coronawarn.server.common.persistence.service;
 
+import static java.util.stream.StreamSupport.stream;
 import static org.springframework.data.util.StreamUtils.createStreamFromIterator;
 
 import app.coronawarn.server.common.persistence.domain.RevocationEntry;
+import app.coronawarn.server.common.persistence.domain.RevocationEtag;
+import app.coronawarn.server.common.persistence.repository.DccRevocationEtagRepository;
 import app.coronawarn.server.common.persistence.repository.DccRevocationListRepository;
 import io.micrometer.core.annotation.Timed;
 import java.util.Collection;
@@ -16,10 +19,28 @@
 public class DccRevocationListService {
 
   private static final Logger logger = LoggerFactory.getLogger(DccRevocationListService.class);
+
   private final DccRevocationListRepository repository;
 
-  public DccRevocationListService(final DccRevocationListRepository repository) {
+  private final DccRevocationEtagRepository etagRepository;
+
+  public DccRevocationListService(final DccRevocationListRepository repository,
+      final DccRevocationEtagRepository etagRepository) {
     this.repository = repository;
+    this.etagRepository = etagRepository;
+  }
+
+  /**
+   * Check if given ETag already exists in DB.
+   *
+   * @param etag to be checked
+   * @return <code>true</code> if and only if the ETag is stored in DB, <code>false</code> otherwise
+   */
+  public boolean etagExists(final String etag) {
+    if (etag == null) {
+      return false;
+    }
+    return stream(etagRepository.findAll().spliterator(), false).anyMatch(e -> etag.equals(e.getEtag()));
   }
 
   /**
@@ -28,8 +49,7 @@ public DccRevocationListService(final DccRevocationListRepository repository) {
    * @return list of DCCRevocationEntries
    */
   public Collection<RevocationEntry> getRevocationListEntries() {
-    return createStreamFromIterator(repository.findAll().iterator())
-        .collect(Collectors.toList());
+    return createStreamFromIterator(repository.findAll().iterator()).collect(Collectors.toList());
   }
 
   /**
@@ -47,6 +67,19 @@ public void store(final Collection<RevocationEntry> revocationEntries) {
     logger.info("{} Revocation list entries saved!", revocationEntries.size());
   }
 
+  /**
+   * Stores given ETag.
+   *
+   * @param etag to be stored
+   */
+  @Transactional
+  public void store(final RevocationEtag etag) {
+    if (etagRepository.existsById(etag.getPath())) {
+      etagRepository.deleteById(etag.getPath());
+    }
+    etagRepository.save(etag.getPath(), etag.getEtag());
+  }
+
   public void truncate() {
     repository.truncate();
   }

diff --git a/...n/persistence/src/test/java/app/coronawarn/server/common/persistence/TestApplication.java b/...n/persistence/src/test/java/app/coronawarn/server/common/persistence/TestApplication.java
@@ -2,6 +2,7 @@
 
 import app.coronawarn.server.common.persistence.domain.config.TekFieldDerivations;
 import app.coronawarn.server.common.persistence.repository.CheckInProtectedReportsRepository;
+import app.coronawarn.server.common.persistence.repository.DccRevocationEtagRepository;
 import app.coronawarn.server.common.persistence.repository.DccRevocationListRepository;
 import app.coronawarn.server.common.persistence.repository.DiagnosisKeyRepository;
 import app.coronawarn.server.common.persistence.repository.FederationBatchInfoRepository;
@@ -24,23 +25,26 @@
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
+@SuppressWarnings("removal")
 @SpringBootApplication
 @Configuration
 public class TestApplication {
 
   @Bean
-  ValidDiagnosisKeyFilter validDiagnosisKeyFilter() {
-    return new ValidDiagnosisKeyFilter();
+  DccRevocationListService createDccRevocationListService(final DccRevocationListRepository repository,
+      final DccRevocationEtagRepository etagRepository) {
+    return new DccRevocationListService(repository, etagRepository);
   }
 
   @Bean
-  KeySharingPoliciesChecker keySharingPoliciesChecker() {
-    return new KeySharingPoliciesChecker();
+  DiagnosisKeyService createDiagnosisKeyService(final DiagnosisKeyRepository keyRepository) {
+    return new DiagnosisKeyService(keyRepository, validDiagnosisKeyFilter());
   }
 
   @Bean
-  DiagnosisKeyService createDiagnosisKeyService(DiagnosisKeyRepository keyRepository) {
-    return new DiagnosisKeyService(keyRepository, validDiagnosisKeyFilter());
+  FederationBatchInfoService createFederationBatchInfoService(
+      final FederationBatchInfoRepository federationBatchInfoRepository) {
+    return new FederationBatchInfoService(federationBatchInfoRepository);
   }
 
   @Bean
@@ -55,21 +59,18 @@ FederationUploadKeyService createFederationUploadKeyService() {
   }
 
   @Bean
-  FederationBatchInfoService createFederationBatchInfoService(
-      FederationBatchInfoRepository federationBatchInfoRepository) {
-    return new FederationBatchInfoService(federationBatchInfoRepository);
+  StatisticsDownloadService createStatisticsDownloadService(final StatisticsDownloadRepository repository) {
+    return new StatisticsDownloadService(repository);
   }
 
   @Bean
-  StatisticsDownloadService createStatisticsDownloadService(StatisticsDownloadRepository repository) {
-    return new StatisticsDownloadService(repository);
+  KeySharingPoliciesChecker keySharingPoliciesChecker() {
+    return new KeySharingPoliciesChecker();
   }
 
   @Bean
-  TraceTimeIntervalWarningService traceTimeIntervalWarningService(
-      TraceTimeIntervalWarningRepository timeIntervalWarningRepository,
-      CheckInProtectedReportsRepository checkInProtectedReportsRepository) throws NoSuchAlgorithmException {
-    return new TraceTimeIntervalWarningService(timeIntervalWarningRepository, checkInProtectedReportsRepository);
+  YamlPropertySourceFactory propertySourceFactory() {
+    return new YamlPropertySourceFactory();
   }
 
   @Bean
@@ -78,12 +79,14 @@ TekFieldDerivations tekFieldDerivations() {
   }
 
   @Bean
-  YamlPropertySourceFactory propertySourceFactory() {
-    return new YamlPropertySourceFactory();
+  TraceTimeIntervalWarningService traceTimeIntervalWarningService(
+      final TraceTimeIntervalWarningRepository timeIntervalWarningRepository,
+      final CheckInProtectedReportsRepository checkInProtectedReportsRepository) throws NoSuchAlgorithmException {
+    return new TraceTimeIntervalWarningService(timeIntervalWarningRepository, checkInProtectedReportsRepository);
   }
 
   @Bean
-  DccRevocationListService createDccRevocationListService(DccRevocationListRepository repository) {
-    return new DccRevocationListService(repository);
+  ValidDiagnosisKeyFilter validDiagnosisKeyFilter() {
+    return new ValidDiagnosisKeyFilter();
   }
 }
diff --git a/...nce/src/test/java/app/coronawarn/server/common/persistence/domain/RevocationEtagTest.java b/...nce/src/test/java/app/coronawarn/server/common/persistence/domain/RevocationEtagTest.java
@@ -0,0 +1,18 @@
+package app.coronawarn.server.common.persistence.domain;
+
+import static org.junit.Assert.assertEquals;
+
+import org.junit.jupiter.api.Test;
+
+class RevocationEtagTest {
+
+  @Test
+  void testConstructorWithParams() {
+    RevocationEtag fixture = new RevocationEtag("", "");
+    assertEquals("", fixture.getPath());
+    assertEquals("", fixture.getEtag());
+    RevocationEtag fixture2 = new RevocationEtag("foo", "bar");
+    assertEquals("foo", fixture2.getPath());
+    assertEquals("bar", fixture2.getEtag());
+  }
+}
diff --git a/...t/java/app/coronawarn/server/common/persistence/service/DccRevocationListServiceTest.java b/...t/java/app/coronawarn/server/common/persistence/service/DccRevocationListServiceTest.java
@@ -1,9 +1,11 @@
 package app.coronawarn.server.common.persistence.service;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import app.coronawarn.server.common.persistence.domain.RevocationEntry;
+import app.coronawarn.server.common.persistence.domain.RevocationEtag;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -34,4 +36,22 @@ void testStore() {
     assertEquals(1, actKeys.size());
     assertTrue(Arrays.equals("foo".getBytes(), actKeys.iterator().next().getKid()));
   }
+
+  @Test
+  void testStoreEtag() {
+    final RevocationEtag some = new RevocationEtag();
+    some.setEtag("foo");
+    some.setPath("bar");
+
+    service.store(some);
+    service.store(some);
+
+    assertTrue(service.etagExists("foo"));
+    assertFalse(service.etagExists("42"));
+  }
+
+  @Test
+  void testEtagExists() {
+    assertFalse(service.etagExists(null));
+  }
 }
diff --git a/docs/DISTRIBUTION.md b/docs/DISTRIBUTION.md
@@ -346,7 +346,14 @@ The resulting certificates list is converted to Protobuf format by [`DigitalSign
 
 Digital Signing Certificates are distributed on CDN on the following path: `ehn-dgc/dscs`.
 
-### App Features
+### Certificate Revocation
+
+The revoked certificates are provided by IBM/Ubirch.
+
+- Prod: `https://de.crl.dscg.ubirch.com`
+- Test: `https://de.crl.test.dscg.ubirch.com`
+
+## App Features
 
 Starting with version 2.8 there is now the possibility to submit encrypted check-ins. For clients to check whether this feature is enabled on the cwa-server a new app feature [```EVREG_UNENCRYPTED_CHECKINS_ENABLED```](../services/distribution/src/main/resources/application.yaml) is introduced.
 
@@ -356,6 +363,6 @@ Starting with version 2.8 there is now the possibility to submit encrypted check
         value: ${EVREG_UNENCRYPTED_CHECKINS_ENABLED:0}
 ```
 
-#### Additional Note
+### Additional Note
 
 **Not to be confused** with [```UNENCRYPTED_CHECKINS_ENABLED```](../services/submission/src/main/resources/application.yaml) from the **submission service**, which indicates whether submission still accepts default check-ins or only accepts encrypted check-ins and is of type `Boolean`.
diff --git a/pom.xml b/pom.xml
@@ -47,13 +47,13 @@
     <sonar.projectKey>${sonar.organization}_cwa-${project.artifactId}</sonar.projectKey>
 
     <!-- https://spring.io/projects/spring-boot -->
-    <spring-boot.version>2.6.6</spring-boot.version>
+    <spring-boot.version>2.6.7</spring-boot.version>
     <!-- https://spring.io/projects/spring-cloud#release-trains -->
     <spring-cloud.version>2021.0.1</spring-cloud.version>
     <!-- If you update spring-cloud, see if it references the correct spring-vault-core version again, then remove the following: -->
     <spring-vault-core.version>2.3.2</spring-vault-core.version>
     <spring-retry.version>1.3.3</spring-retry.version>
-    <protobuf.version>3.20.0</protobuf.version>
+    <protobuf.version>3.20.1</protobuf.version>
     <json-simple.version>1.1.1</json-simple.version>
     <everit-json.version>1.5.1</everit-json.version>
     <commons-beanutils.version>1.9.4</commons-beanutils.version>
@@ -74,7 +74,7 @@
     <junit.version>4.13.2</junit.version>
     <tomcat.version>9.0.62</tomcat.version>
     <findify-s3mock.version>0.2.6</findify-s3mock.version>
-    <checkstyle.version>10.1</checkstyle.version>
+    <checkstyle.version>10.2</checkstyle.version>
     <semver4j.version>3.1.0</semver4j.version>
     <upokecenter-cbor.version>4.5.2</upokecenter-cbor.version>
   </properties>

diff --git a/...n/server/services/distribution/assembly/component/DccRevocationListStructureProvider.java b/...n/server/services/distribution/assembly/component/DccRevocationListStructureProvider.java
@@ -3,6 +3,7 @@
 import static app.coronawarn.server.services.distribution.assembly.component.DigitalCertificatesStructureProvider.EXPORT_BIN;
 
 import app.coronawarn.server.common.persistence.domain.RevocationEntry;
+import app.coronawarn.server.common.persistence.domain.RevocationEtag;
 import app.coronawarn.server.common.persistence.service.DccRevocationListService;
 import app.coronawarn.server.services.distribution.assembly.structure.Writable;
 import app.coronawarn.server.services.distribution.assembly.structure.WritableOnDisk;
@@ -60,7 +61,11 @@ public DccRevocationListStructureProvider(CryptoProvider cryptoProvider,
   public void fetchDccRevocationList() {
     try {
       Optional<List<RevocationEntry>> revocationEntryList = dccRevocationClient.getDccRevocationList();
-      revocationEntryList.ifPresent(revocationList -> dccRevocationListService.store(revocationList));
+      final RevocationEtag etag = new RevocationEtag(CHUNK, dccRevocationClient.getETag());
+      revocationEntryList.ifPresent(revocationList -> {
+        dccRevocationListService.store(revocationList);
+        dccRevocationListService.store(etag);
+      });
     } catch (FetchDccListException e) {
       logger.error("Fetching DCC Revocation List failed. ", e);
     } catch (Exception e) {
@@ -138,7 +143,7 @@ private List<DirectoryOnDisk> getDccRevocationYDirectories(
     return yhashDirectories;
   }
 
-  private Optional<Writable<WritableOnDisk>> getDccRevocationKidTypeChunk(
+  Optional<Writable<WritableOnDisk>> getDccRevocationKidTypeChunk(
       List<RevocationEntry> yhashRevocationEntryList) {
     ArchiveOnDisk kidArchive = new ArchiveOnDisk(CHUNK);
 
@@ -158,7 +163,7 @@ private Optional<Writable<WritableOnDisk>> getDccRevocationKidTypeChunk(
     return Optional.empty();
   }
 
-  private Optional<Writable<WritableOnDisk>> getDccRevocationKidListArchive() {
+  Optional<Writable<WritableOnDisk>> getDccRevocationKidListArchive() {
     ArchiveOnDisk kidArchive = new ArchiveOnDisk(KID_ARCHIVE);
     Map<Integer, List<RevocationEntry>> revocationEntriesByKidAndHash =
         dccRevocationListService.getRevocationListEntries()
@@ -179,7 +184,7 @@ private Optional<Writable<WritableOnDisk>> getDccRevocationKidListArchive() {
     return Optional.empty();
   }
 
-  private Optional<Writable<WritableOnDisk>> getDccRevocationKidTypeArchive(List<RevocationEntry> revocationEntries) {
+  Optional<Writable<WritableOnDisk>> getDccRevocationKidTypeArchive(List<RevocationEntry> revocationEntries) {
 
     ArchiveOnDisk kidTypeArchive = new ArchiveOnDisk(distributionServiceConfig.getOutputFileName());
     try {

diff --git a/...on/src/main/java/app/coronawarn/server/services/distribution/dcc/DccRevocationClient.java b/...on/src/main/java/app/coronawarn/server/services/distribution/dcc/DccRevocationClient.java
@@ -7,4 +7,6 @@
 public interface DccRevocationClient {
 
   Optional<List<RevocationEntry>> getDccRevocationList() throws FetchDccListException;
+
+  String getETag() throws FetchDccListException;
 }