feat(dimse): add configure TLS

.env.template

@@ -50,7 +50,7 @@ DIMSE_TLS=false
 DIMSE_TLS_NULL=false
 DIMSE_TLS_3DES=false
 DIMSE_TLS_AES=false
-DIMSE_TLS_CIPHER=false
+DIMSE_TLS_CIPHER=""
 
 DIMSE_TLS13=false
 DIMSE_TLS12=false
@@ -62,11 +62,11 @@ DIMSE_TLS_PROTOCOL=""
 DIMSE_TLS_EIA_HTTPS=false
 DIMSE_TLS_EIA_LDAPS=false
 DIMSE_TLS_NOAUTH=false
-DIMSE_KEY_STORE="resource:key.p12"
+DIMSE_KEY_STORE="./config/certs/key.p12"
 DIMSE_KEY_STORE_TYPE="PKCS12"
 DIMSE_KEY_STORE_PASS="secret"
 DIMSE_KEY_PASS="secret"
-DIMSE_TRUST_STORE="resource:cacerts.p12"
+DIMSE_TRUST_STORE="./config/certs/cacerts.p12"
 DIMSE_TRUST_STORE_TYPE="PKCS12"
 DIMSE_TRUST_STORE_PASS="secret"
 

config/certs/cacerts.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIETDCCAzSgAwIBAgIBATANBgkqhkiG9w0BAQ0FADBMMQswCQYDVQQGEwJGUjET
+MBEGA1UECgwKSUhFIEV1cm9wZTEWMBQGA1UEAwwNSUhFIEV1cm9wZSBDQTEQMA4G
+A1UECwwHR2F6ZWxsZTAeFw0xODExMjcxMDIxMzNaFw0yODExMjcxMDIxMzNaMEwx
+CzAJBgNVBAYTAkZSMRMwEQYDVQQKDApJSEUgRXVyb3BlMRYwFAYDVQQDDA1JSEUg
+RXVyb3BlIENBMRAwDgYDVQQLDAdHYXplbGxlMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAgL2wiZ455v/TPmzyKltdTZ0CZjOobLOKPX01OiMoc7g+1E6j
+42G+YV+kLoUnI7KcicgSpaePwIRLSGjn2bNkaN4cipeFOxFUe/ERe1vmGOrEH9S2
+UkfjIp1YDOeLXS25KUMALSYINQJP2QbzYS+Mb8+3s3ZcVFp/NMc7MHKAfch0bQ/t
+dFvPDizApgDTQOxAI4JaNRmQs0ZCqZKtRvfP3eQYDVH4F5/Vv1CjaVo63cvlxZXS
+XisaqMI5ZjOe8nN6O3DBEk9Y9xHAG0oA5nn9rPUPOX9hnjzjrbVu1gyU+HSoKTfu
+BirXmn+zZuVSKCs6Ata+qvqd3kZUuE8PcfaH+wIDAQABo4IBNzCCATMwPwYDVR0f
+BDgwNjA0oDKgMIYuaHR0cHM6Ly9nYXplbGxlLmloZS5uZXQvcGtpL2NybC8yNjU2
+L2NhY3JsLmNybDA9BglghkgBhvhCAQQEMBYuaHR0cHM6Ly9nYXplbGxlLmloZS5u
+ZXQvcGtpL2NybC8yNjU2L2NhY3JsLmNybDA9BglghkgBhvhCAQMEMBYuaHR0cHM6
+Ly9nYXplbGxlLmloZS5uZXQvcGtpL2NybC8yNjU2L2NhY3JsLmNybDAOBgNVHQ8B
+Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUHkNztFX9Kq1foeyK
+JomUMG1iOY8wHwYDVR0jBBgwFoAUHkNztFX9Kq1foeyKJomUMG1iOY8wEQYJYIZI
+AYb4QgEBBAQDAgAHMA0GCSqGSIb3DQEBDQUAA4IBAQAdIrd4GCHpC7d9MSSVx/hJ
++FFxVf6Due5k9EnFVv1grVwb8WevWzuHWPC6WmGkQPBYuNd8FExBsUNo2Pkb1IMx
+ASIII24TPOjRGU+FRttZR1WuQ2yOBDyURtupf4Vkj5XQZT9H6fT+6qPLqy3NFa3p
+pZqF6SAZ16Zdu4wBNn5f0kOYWdLzqmTQ/S+vgB3a1mIjIW6KtplVK0rcqrZECqRY
+44nMaGGidqwN9gUAG+zim7o5u3quN0pJ4FNy8inmSAcgUU7GYaddGaY1SmhvmUFI
+abIGzfFg7C1k0WkMHkKH9n1u4slp6L6lP1c7jedT7VRLpM9HXwDc/FsBaTlAHAHo
+-----END CERTIFICATE-----

config/certs/cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDzCCAvegAwIBAgICBLMwDQYJKoZIhvcNAQENBQAwTDELMAkGA1UEBhMCRlIx
+EzARBgNVBAoMCklIRSBFdXJvcGUxFjAUBgNVBAMMDUlIRSBFdXJvcGUgQ0ExEDAO
+BgNVBAsMB0dhemVsbGUwHhcNMjIwOTMwMDkyNDUwWhcNMzIwOTMwMDkyNDUwWjA1
+MQswCQYDVQQGEwJBVDEUMBIGA1UECgwLZGNtNGNoZS5vcmcxEDAOBgNVBAMMB2Rj
+bTRjaGUwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM3CUEycbpdXJ8VaCrnz
+L+5p3PXREF+Tm0Spl1WznYyBvoH+PBtZOL1iBOQL2hC45du43dF9CZt+SUARJCko
+pLjn4zkZs9xbdwAK/mWGD9EeHAKDzTQjCdz3ksWG6AGzGi1QrIEchHZaIZmPrFnO
+nOF4wrIDKK1l+gOE6Ln1WNnxAgMBAAGjggGUMIIBkDApBgNVHREEIjAgggwqLmo0
+Y2FyZS5jb22CECoubGFuLmo0Y2FyZS5jb20wPwYDVR0fBDgwNjA0oDKgMIYuaHR0
+cHM6Ly9nYXplbGxlLmloZS5uZXQvcGtpL2NybC8yNjU2L2NhY3JsLmNybDA9Bglg
+hkgBhvhCAQQEMBYuaHR0cHM6Ly9nYXplbGxlLmloZS5uZXQvcGtpL2NybC8yNjU2
+L2NhY3JsLmNybDA9BglghkgBhvhCAQMEMBYuaHR0cHM6Ly9nYXplbGxlLmloZS5u
+ZXQvcGtpL2NybC8yNjU2L2NhY3JsLmNybDAMBgNVHRMBAf8EAjAAMB0GA1UdDgQW
+BBQZiTCcwCgXNwlDMzV/NIJoRJKPrDAfBgNVHSMEGDAWgBQeQ3O0Vf0qrV+h7Iom
+iZQwbWI5jzAOBgNVHQ8BAf8EBAMCBPAwEQYJYIZIAYb4QgEBBAQDAgXgMDMGA1Ud
+JQQsMCoGCCsGAQUFBwMCBggrBgEFBQcDBAYKKwYBBAGCNxQCAgYIKwYBBQUHAwEw
+DQYJKoZIhvcNAQENBQADggEBAH/YvASwaDjtKezbiRxxNdpUCqxolFOuphWncXsz
+/yxYCjZYWjIQmlLaM9o9ohApN6ZiiVDct8Ccqd+sM5kvhymzWzASTtpreHZpJDQv
+vhpug1Sr8i2rEOixHktZ6A7T5nDcf2NPW5i27LXvELpIXiCH1pN/1/+B4WnJdUyM
+040iWdEayJ599jMDw7H2EcedyzrlUEBqv/XGSbf7YPaMaTHtz4lcFQDu5u9NInQE
+l7yThtOqZEnAPOEEiwg42R5rHRUb3IXLkuQG6QkuZ0luKSRKrOkyftzL8V7nlZE3
+STdLjxYVqm8CQaV1IGEn0UcPjOrD+nwuyEPoVbNyNOuLDos=
+-----END CERTIFICATE-----

config/certs/key.pem

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQDNwlBMnG6XVyfFWgq58y/uadz10RBfk5tEqZdVs52Mgb6B/jwb
+WTi9YgTkC9oQuOXbuN3RfQmbfklAESQpKKS45+M5GbPcW3cACv5lhg/RHhwCg800
+Iwnc95LFhugBsxotUKyBHIR2WiGZj6xZzpzheMKyAyitZfoDhOi59VjZ8QIDAQAB
+AoGAQ3cJnj0Sk+PbYf22k6b12d3zOdR9YmFDIV3cBZk5uNbX0Ma8DZmRHaOUh/OM
+4jvF/mfcr3IoosfjG7MjIK23aGTjM4NFwFlK/0YnDq3E7+mubFi3HsGuE6o8+1Xh
+ORV73ehvJvS2jhpk9BSGmT+GWC6vCcFSgisV1Sl/OYnhLHsCQQDtnhkpjnwn7OjR
+/wCACI249udFPfzqoFxQQrwtKRTTK4IoifNnAeLUx+KLJDXZu7/jSzgYFXn+w1Ca
+JxFbPQ/rAkEA3a1FvtJTjgXsWD+UbcfE1pLq2cdjMeXCuKOMWG9EYbwaiXvz36Es
+Ayqp139JG1vCPzemtUn/ERSEPJEZcCKikwJAXW1UJ2rGlkwoHqlM4Qp77sXlmOwO
+jZIPud8Dbh5A+eaZfqb+9Plg3pjZEixioAGaKRxiKdYH6YuSHYpO4LjZkQJAH93B
+se2wPzFQyVrSbnmSLTpPcmD8PHcH59zy1t+f1+Dfe7YK17Hmjsn6QlU04C7vnIDW
+gScS+JSXcdF186226wJAUNESMxhtyl8uS6T7QIJ2R0Bl2tbMzfgnd4KafRoiT3Qi
+63P+fof3fhx1nIbyxybzeMdu6XGWPDIH3jDSxyDFoA==
+-----END RSA PRIVATE KEY-----

dimse.config.class.js

@@ -60,11 +60,23 @@ class DimseConfig {
         this.tlsEiaHttps = env.get("DIMSE_TLS_EIA_HTTPS").default("false").asBool();
         this.tlsEiaLdaps = env.get("DIMSE_TLS_EIA_LDAPS").default("false").asBool();
         this.tlsNoAuth = env.get("DIMSE_TLS_NOAUTH").default("false").asBool();
-        this.keyStore = env.get("DIMSE_KEY_STORE").default("resource:key.p12").asString();
+        this.keyStore = env.get("DIMSE_KEY_STORE").default(
+            path.normalize(
+                path.join(
+                    __dirname,
+                    "./config/certs/key.p12"
+                )
+            )
+        ).asString();
         this.keyStoreType = env.get("DIMSE_KEY_STORE_TYPE").default("PKCS12").asString();
         this.keyStorePass = env.get("DIMSE_KEY_STORE_PASS").default("secret").asString();
         this.keyPass = env.get("DIMSE_KEY_PASS").default(this.keyStorePass).asString();
-        this.trustStore = env.get("DIMSE_TRUST_STORE").default("resource:cacerts.p12").asString();
+        this.trustStore = env.get("DIMSE_TRUST_STORE").default(path.normalize(
+            path.join(
+                __dirname,
+                "./config/certs/cacerts.p12"
+            )
+        )).asString();
         this.trustStoreType = env.get("DIMSE_TRUST_STORE_TYPE").default("PKCS12").asString();
         this.trustStorePass = env.get("DIMSE_TRUST_STORE_PASS").default("secret").asString();
     }

dimse/index.js

@@ -21,6 +21,8 @@ const fileExist = require("@root/utils/file/fileExist");
 const { JsCGetScp } = require("./c-get");
 const { JsStgCmtScp } = require("./stgcmt");
 const { raccoonConfig } = require("@root/config-class");
+const { Connection$EndpointIdentificationAlgorithm } = require("@dcm4che/net/Connection$EndpointIdentificationAlgorithm");
+const { default: SSLManagerFactory } = require("@dcm4che/net/SSLManagerFactory");
 
 class DcmQrScp {
     device = new Device("dcmqrscp");
@@ -68,7 +70,7 @@ class DcmQrScp {
         await dicomServiceRegistry.addDicomService(new JsCGetScp().getPatientStudyOnlyLevel());
         await dicomServiceRegistry.addDicomService(new JsCGetScp().getCompositeLevel());
         // #endregion
-        
+
         return dicomServiceRegistry;
     }
 
@@ -110,14 +112,14 @@ class DcmQrScp {
     configureRemoteConnections() {
         let aeFile = path.normalize(
             path.join(
-                __dirname, 
+                __dirname,
                 "../config/ae-prod.properties"
             )
         );
         if (!fileExist.sync(aeFile)) {
             aeFile = path.normalize(
                 path.join(
-                    __dirname, 
+                    __dirname,
                     "../config/ae.properties"
                 )
             );
@@ -127,7 +129,7 @@ class DcmQrScp {
         let itemsIter = itemsSet.iteratorSync();
 
         let item;
-        while(itemsIter.hasNextSync()) {
+        while (itemsIter.hasNextSync()) {
             item = itemsIter.nextSync();
             /** @type {string} */
             let aet = item.getKeySync();
@@ -142,7 +144,7 @@ class DcmQrScp {
                 remote.setPortSync(parseInt(hostPortCiphers[1]));
                 remote.setTlsCipherSuitesSync(ciphers);
                 this.remoteConnections[aet] = remote;
-            } catch(e) {
+            } catch (e) {
                 console.error(e);
                 throw new (`Invalid entry in ${aeFile}: ${aet}=${value}`);
             }
@@ -159,7 +161,7 @@ class DcmQrScp {
     configureConnection() {
         this.connection.setReceivePDULengthSync(raccoonConfig.dicomDimseConfig.maxPduLenRcv);
         this.connection.setSendPDULengthSync(raccoonConfig.dicomDimseConfig.maxPduLenSnd);
-        
+
         if (raccoonConfig.dicomDimseConfig.notAsync) {
             this.connection.setMaxOpsInvokedSync(1);
             this.connection.setMaxOpsPerformedSync(1);
@@ -190,8 +192,89 @@ class DcmQrScp {
         this.connection.setSendBufferSizeSync(raccoonConfig.dicomDimseConfig.soSndBuffer);
         this.connection.setReceiveBufferSizeSync(raccoonConfig.dicomDimseConfig.soRcvBuffer);
         this.connection.setTcpNoDelaySync(raccoonConfig.dicomDimseConfig.tcpDelay);
+        this.configureTls();
     }
 
+    configureTls() {
+        if (!this.configureTlsCipher())
+            return;
+
+        if (raccoonConfig.dicomDimseConfig.tls13) {
+            this.connection.setTlsProtocolsSync(["TLSv1.3"]);
+        } else if (raccoonConfig.dicomDimseConfig.tls12) {
+            this.connection.setTlsProtocolsSync(["TLSv1.2"]);
+        } else if (raccoonConfig.dicomDimseConfig.tls11) {
+            this.connection.setTlsProtocolsSync(["TLSv1.1"]);
+        } else if (raccoonConfig.dicomDimseConfig.tls1) {
+            this.connection.setTlsProtocolsSync(["TLSv1"]);
+        } else if (raccoonConfig.dicomDimseConfig.ssl3) {
+            this.connection.setTlsProtocolsSync(["SSLv3"]);
+        } else if (raccoonConfig.dicomDimseConfig.ssl2Hello) {
+            this.connection.setTlsProtocolsSync(["SSLv2Hello", "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2"]);
+        } else if (raccoonConfig.dicomDimseConfig.tlsProtocol) {
+            this.connection.setTlsProtocolsSync([raccoonConfig.dicomDimseConfig.tlsProtocol]);
+        }
+
+        if (raccoonConfig.dicomDimseConfig.tlsEiaHttps) {
+            this.connection.setTlsEndpointIdentificationAlgorithmSync(Connection$EndpointIdentificationAlgorithm.HTTPS);
+        } else if (raccoonConfig.dicomDimseConfig.tlsEiaLdaps) {
+            this.connection.setTlsEndpointIdentificationAlgorithmSync(Connection$EndpointIdentificationAlgorithm.LDAPS);
+        }
+
+        this.connection.setTlsNeedClientAuthSync(!raccoonConfig.dicomDimseConfig.tlsNoAuth);
+
+        let device = this.connection.getDeviceSync();
+        try {
+            if (!raccoonConfig.dicomDimseConfig.keyStore) {
+                device.setKeyManagerSync(
+                    SSLManagerFactory.createKeyManagerSync(
+                        raccoonConfig.dicomDimseConfig.keyStoreType,
+                        raccoonConfig.dicomDimseConfig.keyStore,
+                        raccoonConfig.dicomDimseConfig.keyStorePass,
+                        raccoonConfig.dicomDimseConfig.keyPass
+                    )
+                );
+            }
+            device.setTrustManagerSync(
+                SSLManagerFactory.createTrustManagerSync(
+                    raccoonConfig.dicomDimseConfig.trustStoreType,
+                    raccoonConfig.dicomDimseConfig.trustStore,
+                    raccoonConfig.dicomDimseConfig.trustStorePass
+                )
+            );
+        } catch (e) {
+            throw new Error(e);
+        }
+    }
+
+    configureTlsCipher() {
+        if (raccoonConfig.dicomDimseConfig.tls) {
+            this.connection.setTlsCipherSuitesSync(
+                [
+                    "SSL_RSA_WITH_NULL_SHA",
+                    "TLS_RSA_WITH_AES_128_CBC_SHA",
+                    "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+                ]
+            );
+        } else if (raccoonConfig.dicomDimseConfig.tlsNull) {
+            this.connection.setTlsCipherSuitesSync(["SSL_RSA_WITH_NULL_SHA"]);
+
+        } else if (raccoonConfig.dicomDimseConfig.tls3Des) {
+            this.connection.setTlsCipherSuitesSync(["SSL_RSA_WITH_3DES_EDE_CBC_SHA"]);
+
+        } else if (raccoonConfig.dicomDimseConfig.tlsAes) {
+            this.connection.setTlsCipherSuitesSync(
+                [
+                    "TLS_RSA_WITH_AES_128_CBC_SHA",
+                    "SSL_RSA_WITH_3DES_EDE_CBC_SHA"
+                ]
+            );
+        } else if (raccoonConfig.dicomDimseConfig.tlsCipher) {
+            this.connection.setTlsCipherSuitesSync([raccoonConfig.dicomDimseConfig.tlsCipher]);
+        }
+
+        return this.connection.isTlsSync();
+    }
 }
 
 module.exports.DcmQrScp = DcmQrScp;

models/DICOM/dcm4che/wrapper/java/io/Reader.d.ts

@@ -106,14 +106,6 @@ export declare class ReaderClass extends JavaClass {
      * @return original return type: 'void'
      */
     resetSync(): void;
-    /**
-     * @return original return type: 'boolean'
-     */
-    ready(): Promise<boolean>;
-    /**
-     * @return original return type: 'boolean'
-     */
-    readySync(): boolean;
     /**
      * @return original return type: 'java.io.Reader'
      */
@@ -122,6 +114,14 @@ export declare class ReaderClass extends JavaClass {
      * @return original return type: 'java.io.Reader'
      */
     static nullReaderSync(): Reader | null;
+    /**
+     * @return original return type: 'boolean'
+     */
+    ready(): Promise<boolean>;
+    /**
+     * @return original return type: 'boolean'
+     */
+    readySync(): boolean;
     /**
      * @param var0 original type: 'long'
      * @param var1 original type: 'int'