Merge pull request #7 from OSGP/feature/FDP-94

FDP-94: Add option to not use organisation certificates
OSGP · Nov 23, 2023 · e53e543 · e53e543
2 parents 29bd978 + 91110ac
commit e53e543
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 10 deletions.
diff --git a/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java b/application/src/main/java/org/gxf/soapbridge/soap/endpoints/SoapEndpoint.java
@@ -94,15 +94,19 @@ public void handleRequest(
     }
 
     String organisationName = null;
-    if (request.getAttribute(DEFAULT_REQUEST_ATTR_NAME)
-            instanceof final SecurityContext securityContext
-        && securityContext.getAuthentication().getPrincipal() instanceof final User organisation) {
-      organisationName = organisation.getUsername();
-    }
-    if (organisationName == null) {
-      LOGGER.error("Unable to find client certificate, returning 500.");
-      createErrorResponse(response);
-      return;
+    if(soapConfiguration.getUseOrganisationFromRequest()) {
+      if (request.getAttribute(DEFAULT_REQUEST_ATTR_NAME)
+              instanceof final SecurityContext securityContext
+              && securityContext.getAuthentication().getPrincipal() instanceof final User organisation) {
+        organisationName = organisation.getUsername();
+      }
+      if (organisationName == null) {
+        LOGGER.error("Unable to find client certificate, returning 500.");
+        createErrorResponse(response);
+        return;
+      }
+    } else {
+      organisationName = "";
     }
 
     // Cache the incoming connection.

diff --git a/...rc/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt b/...rc/main/kotlin/org/gxf/soapbridge/configuration/properties/SoapConfigurationProperties.kt
@@ -18,6 +18,15 @@ class SoapConfigurationProperties(
      * Timeouts for specific functions.
      */
     val customTimeouts: Map<String, Int> = emptyMap(),
+    /**
+     * TODO Can we search for certificates on both sides
+     *
+     * Property to set common name based on the organisation on requests published to Kafka.
+     *
+     * If set to false the other listening proxy doesn't search for certificates by [org.gxf.soapbridge.valueobjects.ProxyServerRequestMessage.commonName].
+     * Instead, the other proxy will generate a new ssl context.
+     */
+    val useOrganisationFromRequest: Boolean = true,
     val callEndpoint: SoapEndpointConfiguration,
 )
 

diff --git a/application/src/test/java/org/gxf/soapbridge/soap/clients/SoapClientTest.java b/application/src/test/java/org/gxf/soapbridge/soap/clients/SoapClientTest.java
@@ -37,6 +37,7 @@ class SoapClientTest {
           HostnameVerificationStrategy.BROWSER_COMPATIBLE_HOSTNAMES,
           45,
           new HashMap<>(),
+          true,
           new SoapEndpointConfiguration("localhost", 443, "https"));
 
   @InjectMocks SoapClient soapClient;
@@ -61,7 +62,7 @@ void shouldSendSoapRequestAndKafkaResponse() throws Exception {
   }
 
   @Test
-  void shoudDisconnectWhenSoapRequestFails() throws Exception {
+  void shouldDisconnectWhenSoapRequestFails() throws Exception {
     // arrange
     final HttpsURLConnection connection = setupFailingConnectionMock();
     Mockito.when(