feat: Scheduling with ShedLock

dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/resources/db/migration/hsqldb/V0_7__shedlock.sql

@@ -0,0 +1,8 @@
+CREATE TABLE t_shedlock (
+    NAME       VARCHAR(64),
+    LOCK_UNTIL TIMESTAMP(3) NULL,
+    LOCKED_AT  TIMESTAMP(3) NULL,
+    LOCKED_BY  VARCHAR(255),
+    CONSTRAINT PK_SHEDLOCK
+        PRIMARY KEY (name)
+);

dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/resources/db/migration/pgsql/V0_7__shedlock.sql

@@ -0,0 +1,8 @@
+CREATE TABLE t_shedlock (
+    NAME       VARCHAR(64),
+    LOCK_UNTIL TIMESTAMP(3) NULL,
+    LOCKED_AT  TIMESTAMP(3) NULL,
+    LOCKED_BY  VARCHAR(255),
+    CONSTRAINT PK_SHEDLOCK
+        PRIMARY KEY (name)
+);

dpppt-backend-sdk/dpppt-backend-sdk-data/src/main/resources/db/migration/pgsql_cluster/V0_7__shedlock.sql

@@ -0,0 +1,8 @@
+CREATE TABLE t_shedlock (
+    NAME       VARCHAR(64),
+    LOCK_UNTIL TIMESTAMP(3) NULL,
+    LOCKED_AT  TIMESTAMP(3) NULL,
+    LOCKED_BY  VARCHAR(255),
+    CONSTRAINT PK_SHEDLOCK
+        PRIMARY KEY (name)
+);

dpppt-backend-sdk/dpppt-backend-sdk-ws/pom.xml

@@ -114,6 +114,16 @@
 			<artifactId>jackson-datatype-protobuf</artifactId>
 		</dependency>
 
+		<!-- ShedLock  -->
+		<dependency>
+			<groupId>net.javacrumbs.shedlock</groupId>
+			<artifactId>shedlock-provider-jdbc-template</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>net.javacrumbs.shedlock</groupId>
+			<artifactId>shedlock-spring</artifactId>
+		</dependency>
+
 	</dependencies>
 
 	<build>

dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/config/WSBaseConfig.java

@@ -17,13 +17,9 @@
 import com.hubspot.jackson.datatype.protobuf.ProtobufModule;
 import io.jsonwebtoken.SignatureAlgorithm;
 import io.jsonwebtoken.security.Keys;
-import java.security.KeyPair;
-import java.time.Duration;
-import java.time.ZoneOffset;
-import java.util.List;
-import java.util.Map;
-import java.util.TimeZone;
-import javax.sql.DataSource;
+import net.javacrumbs.shedlock.core.LockProvider;
+import net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider;
+import net.javacrumbs.shedlock.spring.annotation.SchedulerLock;
 import org.dpppt.backend.sdk.data.JDBCRedeemDataServiceImpl;
 import org.dpppt.backend.sdk.data.RedeemDataService;
 import org.dpppt.backend.sdk.data.gaen.FakeKeyService;
@@ -33,13 +29,7 @@
 import org.dpppt.backend.sdk.ws.controller.GaenV2Controller;
 import org.dpppt.backend.sdk.ws.filter.ResponseWrapperFilter;
 import org.dpppt.backend.sdk.ws.insertmanager.InsertManager;
-import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.AssertKeyFormat;
-import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceMatchingJWTClaimsForExposed;
-import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceMatchingJWTClaimsForExposedNextDay;
-import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceRetentionPeriod;
-import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.EnforceValidRollingPeriod;
-import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.RemoveFakeKeys;
-import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.RemoveKeysFromFuture;
+import org.dpppt.backend.sdk.ws.insertmanager.insertionfilters.*;
 import org.dpppt.backend.sdk.ws.insertmanager.insertionmodifier.IOSLegacyProblemRPLT144Modifier;
 import org.dpppt.backend.sdk.ws.insertmanager.insertionmodifier.OldAndroid0RPModifier;
 import org.dpppt.backend.sdk.ws.interceptor.HeaderInjector;
@@ -60,22 +50,28 @@
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.http.converter.protobuf.ProtobufHttpMessageConverter;
+import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseBuilder;
 import org.springframework.jdbc.datasource.embedded.EmbeddedDatabaseType;
 import org.springframework.scheduling.annotation.EnableScheduling;
-import org.springframework.scheduling.annotation.SchedulingConfigurer;
+import org.springframework.scheduling.annotation.Scheduled;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
-import org.springframework.scheduling.config.CronTask;
-import org.springframework.scheduling.config.IntervalTask;
-import org.springframework.scheduling.config.ScheduledTaskRegistrar;
-import org.springframework.scheduling.support.CronTrigger;
+import org.springframework.util.StringUtils;
 import org.springframework.web.servlet.config.annotation.AsyncSupportConfigurer;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
+import javax.sql.DataSource;
+import java.security.KeyPair;
+import java.time.Duration;
+import java.util.List;
+import java.util.Map;
+
+import static net.javacrumbs.shedlock.provider.jdbctemplate.JdbcTemplateLockProvider.Configuration.builder;
+
 @Configuration
 @EnableScheduling
-public abstract class WSBaseConfig implements SchedulingConfigurer, WebMvcConfigurer {
+public abstract class WSBaseConfig implements WebMvcConfigurer {
 
   protected final Logger logger = LoggerFactory.getLogger(getClass());
 
@@ -144,6 +140,9 @@ public abstract class WSBaseConfig implements SchedulingConfigurer, WebMvcConfig
   @Value("${ws.app.gaen.timeskew:PT2h}")
   Duration timeSkew;
 
+  @Value("${datasource.schema:}")
+  String dataSourceSchema;
+
   @Autowired(required = false)
   ValidateRequest requestValidator;
 
@@ -380,20 +379,36 @@ public ThreadPoolTaskExecutor mvcTaskExecutor() {
     return taskExecutor;
   }
 
-  @Override
-  public void configureTasks(ScheduledTaskRegistrar taskRegistrar) {
-    taskRegistrar.addFixedRateTask(
-        new IntervalTask(
-            () -> {
-              logger.info("Start DB cleanup");
-              gaenDataService().cleanDB(Duration.ofDays(retentionDays));
-              redeemDataService().cleanDB(Duration.ofDays(2));
-              logger.info("DB cleanup up");
-            },
-            60 * 60 * 1000L));
-
-    var trigger = new CronTrigger("0 0 2 * * *", TimeZone.getTimeZone(ZoneOffset.UTC));
-    taskRegistrar.addCronTask(new CronTask(() -> fakeKeyService().updateFakeKeys(), trigger));
+  /**
+   * Creates a LockProvider for ShedLock.
+   *
+   * @param dataSource JPA datasource
+   * @return LockProvider
+   */
+  @Bean
+  public LockProvider lockProvider(DataSource dataSource) {
+    String schema = StringUtils.isEmpty(dataSourceSchema) ? "t_shedlock" : dataSourceSchema + ".t_shedlock";
+    return new JdbcTemplateLockProvider(builder()
+            .withTableName(schema)
+            .withJdbcTemplate(new JdbcTemplate(dataSource))
+            .usingDbTime()
+            .build()
+    );
+  }
+
+  @Scheduled(fixedRate = 60 * 60 * 1000L, initialDelay = 60 * 1000L)
+  @SchedulerLock(name = "cleanData", lockAtLeastFor = "PT0S", lockAtMostFor = "1800000")
+  public void scheduleCleanData() {
+    logger.info("Start DB cleanup");
+    gaenDataService().cleanDB(Duration.ofDays(retentionDays));
+    redeemDataService().cleanDB(Duration.ofDays(2));
+    logger.info("DB cleanup up");
+  }
+
+  @Scheduled(cron = "0 0 2 * * *")
+  @SchedulerLock(name = "updateFakeKeys", lockAtLeastFor = "PT0S", lockAtMostFor = "1800000")
+  public void scheduleUpdateFakeKeys() {
+    fakeKeyService().updateFakeKeys();
   }
 
   @Override

dpppt-backend-sdk/dpppt-backend-sdk-ws/src/main/java/org/dpppt/backend/sdk/ws/controller/GaenV2Controller.java

@@ -147,7 +147,7 @@ public GaenV2Controller(
   }
 
   // GET for Key Download
-  @GetMapping(value = "/exposed")
+  @GetMapping(value = "/exposed", produces = "application/zip")
   @Documentation(
       description = "Requests keys published _after_ lastKeyBundleTag.",
       responses = {

dpppt-backend-sdk/owasp/suppressions.xml

@@ -0,0 +1,6 @@
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+	<suppress>
+		<notes>see https://github.com/jeremylong/DependencyCheck/issues/1827></notes>
+		<cve>CVE-2018-1258</cve>
+	</suppress>
+</suppressions>

dpppt-backend-sdk/pom.xml

@@ -28,13 +28,15 @@
 
 		<jackson-version>2.11.1</jackson-version>
 		<jsonwebtoken-version>0.11.2</jsonwebtoken-version>
+		<log4j-version>2.13.3</log4j-version>
 		<protobuf-java-version>3.12.1</protobuf-java-version>
 		<spring-boot-version>2.3.5.RELEASE</spring-boot-version>
 		<testcontainers-version>1.15.0-rc2</testcontainers-version>
 
 		<itCoverageAgent></itCoverageAgent>
 
 		<build-helper-maven-plugin.version>3.2.0</build-helper-maven-plugin.version>
+		<owasp.version>6.0.2</owasp.version>
 
 		<sonar.host.url>https://sonarcloud.io</sonar.host.url>
 		<sonar.organization>${env.SONAR_ORGANIZATION}</sonar.organization>
@@ -175,6 +177,18 @@
 				<version>${jackson-version}</version>
 			</dependency>
 
+			<!-- ShedLock  -->
+			<dependency>
+				<groupId>net.javacrumbs.shedlock</groupId>
+				<artifactId>shedlock-provider-jdbc-template</artifactId>
+				<version>${shedlock.version}</version>
+			</dependency>
+			<dependency>
+				<groupId>net.javacrumbs.shedlock</groupId>
+				<artifactId>shedlock-spring</artifactId>
+				<version>${shedlock.version}</version>
+			</dependency>
+
 			<dependency>
 				<groupId>org.bouncycastle</groupId>
 				<artifactId>bcpkix-jdk15on</artifactId>
@@ -204,6 +218,30 @@
 				<artifactId>snakeyaml</artifactId>
 				<version>1.27</version>
 			</dependency>
+
+			<dependency>
+				<groupId>org.apache.logging.log4j</groupId>
+				<artifactId>log4j-api</artifactId>
+				<version>${log4j-version}</version>
+			</dependency>
+			<dependency>
+				<groupId>org.apache.logging.log4j</groupId>
+				<artifactId>log4j-to-slf4j</artifactId>
+				<version>${log4j-version}</version>
+			</dependency>
+
+			<dependency>
+				<groupId>com.google.guava</groupId>
+				<artifactId>guava</artifactId>
+				<version>29.0-jre</version>
+			</dependency>
+
+			<dependency>
+				<groupId>com.nimbusds</groupId>
+				<artifactId>nimbus-jose-jwt</artifactId>
+				<version>9.0.1</version>
+			</dependency>
+
 		</dependencies>
 	</dependencyManagement>
 
@@ -438,6 +476,23 @@
 					</execution>
 				</executions>
 			</plugin>
+			<plugin>
+				<groupId>org.owasp</groupId>
+				<artifactId>dependency-check-maven</artifactId>
+				<configuration>
+					<suppressionFile>./owasp/suppressions.xml</suppressionFile>
+					<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
+				</configuration>
+				<executions>
+					<execution>
+						<id>validate</id>
+						<phase>validate</phase>
+						<goals>
+							<goal>check</goal>
+						</goals>
+					</execution>
+				</executions>
+			</plugin>
 		</plugins>
 		<pluginManagement>
 			<plugins>
@@ -506,6 +561,11 @@
 					<artifactId>protoc-jar-maven-plugin</artifactId>
 					<version>3.11.4</version>
 				</plugin>
+				<plugin>
+					<groupId>org.owasp</groupId>
+					<artifactId>dependency-check-maven</artifactId>
+					<version>${owasp.version}</version>
+				</plugin>
 			</plugins>
 		</pluginManagement>
 	</build>