Merge pull request #130 from Fraunhofer-AISEC/fix/est-fixes

EST fixes and examples overhaul

Author: milux

Dockerfile

@@ -23,4 +23,8 @@ WORKDIR "/root"
 # Ports to expose
 EXPOSE 8080 29292
 ENTRYPOINT ["java"]
-CMD ["--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector"]
+CMD ["--add-exports=java.base/sun.security.x509=ALL-UNNAMED", \
+"--add-exports=java.base/sun.security.pkcs=ALL-UNNAMED", \
+"--add-exports=java.base/sun.security.pkcs10=ALL-UNNAMED", \
+"--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector", \
+"--spring.config.location=classpath:application.yml,optional:/root/etc/application.yml"]

examples/src/main/resources/etc/application.yml

@@ -1,15 +1,6 @@
-logging:
-  level:
-    root: info
+#logging:
+#  level:
 #    de.fhg.aisec: debug
-    # Use for IDSCP2 debugging
-#    de.fhg.aisec.ids.idscp2: trace
-#    de.fhg.aisec.ids.camel.idscp2: trace
-
-spring:
-  web:
-    resources:
-      static-locations: classpath:/www/
 
 ids-multipart:
   daps-bean-name: rootDaps

examples/src/main/resources/etc/client-keystore.p12

@@ -1,6 +1,6 @@
 server.keyStorePassword=password
-server.keyStoreResource=etc/consumer-keystore.p12
+server.keyStoreResource=etc/server-keystore.p12
 client.keyStorePassword=password
-client.keyStoreResource=etc/provider-keystore.p12
+client.keyStoreResource=etc/client-keystore.p12
 trustStorePassword=password
 trustStoreResource=etc/truststore.p12

examples/src/main/resources/etc/consumer-keystore.p12

@@ -1,31 +1,27 @@
 version: '3'
 services:
 
-  ids-core:
+  tc-core:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/consumer-keystore.p12
-      - ../etc/provider-keystore.p12:/root/etc/provider-keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/server-keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/client-keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ../etc/tls.properties:/root/etc/tls.properties
       - ./example-idscp2-localloop.xml:/root/deploy/example-idscp2-localloop.xml
     ports:
       - "8080:8080"
-    environment:
-      TC_DAPS_URL: "https://daps-dev.aisec.fraunhofer.de/v4"
     networks:
       example-internal:
         aliases:
-          - consumer-core
-          - provider-core
+          - tc-core-server
+          - tc-core-client
 
 networks:
   example-internal:

examples/src/main/resources/etc/provider-keystore.p12

@@ -52,7 +52,7 @@
                 <simple>Message at $simple{date:now:yyyy-MM-dd HH:mm:ss}</simple>
             </setBody>
             <log message="Sending message body &quot;${body}&quot;..."/>
-            <to uri="idscp2client://consumer-core:9292/?sslContextParameters=#clientSslContext" />
+            <to uri="idscp2client://tc-core-server:9292/?sslContextParameters=#clientSslContext" />
         </route>
 
         <route id="receiveTime">

examples/src/main/resources/etc/server-keystore.p12

@@ -1,18 +1,16 @@
 version: '3'
 services:
 
-  consumer-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-uc-server.xml:/root/deploy/example-multipart-uc-server.xml
       - ./make-contract.xml:/root/deploy/make-contract.xml
@@ -23,18 +21,16 @@ services:
     profiles:
       - server
 
-  provider-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-uc-client.xml:/root/deploy/example-multipart-uc-client.xml
     ports:

examples/src/main/resources/etc/settings.mapdb

@@ -32,7 +32,7 @@
             </setProperty>
             <process ref="contractRequestCreationProcessor" />
             <process ref="idsMultiPartOutputProcessor" />
-            <to uri="https://consumer-core:28282/usageControl?sslContextParameters=#rootClientSslContext" />
+            <to uri="https://tc-core-server:28282/usageControl?sslContextParameters=#rootClientSslContext" />
             <process ref="idsMultiPartInputProcessor" />
             <process ref="idsMessageTypeExtractionProcessor" />
             <choice>
@@ -41,7 +41,7 @@
                     <log message="### Handle ContractResponseMessage ###" />
                     <process ref="contractResponseProcessor" />
                     <process ref="idsMultiPartOutputProcessor" />
-                    <to uri="https://consumer-core:28282/usageControl?sslContextParameters=#rootClientSslContext" />
+                    <to uri="https://tc-core-server:28282/usageControl?sslContextParameters=#rootClientSslContext" />
                     <process ref="idsMultiPartInputProcessor" />
                     <process ref="idsMessageTypeExtractionProcessor" />
                     <choice>
@@ -76,7 +76,7 @@
             </setProperty>
             <process ref="artifactRequestCreationProcessor" />
             <process ref="idsMultiPartOutputProcessor" />
-            <to uri="https://consumer-core:28282/usageControl?sslContextParameters=#rootClientSslContext" />
+            <to uri="https://tc-core-server:28282/usageControl?sslContextParameters=#rootClientSslContext" />
             <process ref="idsMultiPartInputProcessor" />
             <process ref="idsMessageTypeExtractionProcessor" />
             <choice>

examples/src/main/resources/etc/settings2.mapdb

@@ -9,7 +9,7 @@
 
     <camel:sslContextParameters id="serverSslContext" certAlias="1">
         <camel:keyManagers keyPassword="password">
-            <camel:keyStore resource="etc/provider-keystore.p12" password="password"/>
+            <camel:keyStore resource="etc/client-keystore.p12" password="password"/>
         </camel:keyManagers>
         <camel:trustManagers>
             <camel:keyStore resource="etc/truststore.p12" password="password"/>

examples/src/main/resources/etc/tls.properties

@@ -1,18 +1,16 @@
 version: '3'
 services:
 
-  consumer-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-server.xml:/root/deploy/example-multipart-server.xml
     ports:
@@ -22,18 +20,16 @@ services:
     profiles:
       - server
 
-  provider-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-multipart-client.xml:/root/deploy/example-multipart-client.xml
     ports:

examples/src/main/resources/etc/truststore.p12

@@ -28,7 +28,7 @@
             <from uri="timer://tenSecondsTimer?fixedRate=true&amp;period=10000"/>
             <process ref="descriptionRequestCreationProcessor"/>
             <process ref="idsMultiPartOutputProcessor"/>
-            <to uri="https://consumer-core:28282/selfInformation?sslContextParameters=#rootClientSslContext"/>
+            <to uri="https://tc-core-server:28282/selfInformation?sslContextParameters=#rootClientSslContext"/>
             <process ref="idsMultiPartInputProcessor"/>
             <log message="Server self-description:\n${body}"/>
         </route>

examples/src/main/resources/example-getting-started/compose.yaml

@@ -1,48 +1,40 @@
 version: '3'
 services:
 
-  provider-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-server.xml:/root/deploy/example-idscp2-server.xml
       - ./make-contract.xml:/root/deploy/make-contract.xml
     ports:
       - "8080:8080"
-    environment:
-      TC_DAPS_URL: "https://daps-dev.aisec.fraunhofer.de/v4"
     networks:
       - ids-wide
     profiles:
       - server
 
-  consumer-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-client.xml:/root/deploy/example-idscp2-client.xml
     ports:
       - "8081:8080"
-    environment:
-      TC_DAPS_URL: "https://daps-dev.aisec.fraunhofer.de/v4"
     networks:
       - ids-wide
       - provider-internal

examples/src/main/resources/example-getting-started/example-idscp2-localloop.xml

@@ -27,14 +27,14 @@
                 <constant>https://example.com/some_artifact</constant>
             </setProperty>
             <process ref="contractRequestCreationProcessor" />
-            <to uri="idscp2client://provider-core:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
+            <to uri="idscp2client://tc-core-server:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
             <process ref="idsMessageTypeExtractionProcessor"/>
             <choice>
                 <when>
                     <simple>${exchangeProperty.ids-type} == 'ContractResponseMessage'</simple>
                     <log message="### Handle ContractResponseMessage ###"/>
                     <process ref="contractResponseProcessor"/>
-                    <to uri="idscp2client://provider-core:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
+                    <to uri="idscp2client://tc-core-server:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
                     <process ref="idsMessageTypeExtractionProcessor"/>
                     <choice>
                         <when>
@@ -63,7 +63,7 @@
                 <constant>https://example.com/some_artifact</constant>
             </setProperty>
             <process ref="artifactRequestCreationProcessor" />
-            <to uri="idscp2client://provider-core:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
+            <to uri="idscp2client://tc-core-server:29292?awaitResponse=true&amp;connectionShareId=ucConnection&amp;sslContextParameters=#clientSslContext&amp;useIdsMessages=true"/>
             <process ref="idsMessageTypeExtractionProcessor"/>
             <choice>
                 <when>

examples/src/main/resources/example-ids-multipart-uc/compose.yaml

@@ -9,7 +9,7 @@
 
     <camel:sslContextParameters id="serverSslContext" certAlias="1">
         <camel:keyManagers keyPassword="password">
-            <camel:keyStore resource="etc/provider-keystore.p12" password="password"/>
+            <camel:keyStore resource="etc/keystore.p12" password="password"/>
         </camel:keyManagers>
         <camel:trustManagers>
             <camel:keyStore resource="etc/truststore.p12" password="password"/>

examples/src/main/resources/example-ids-multipart-uc/example-multipart-uc-client.xml

@@ -1,37 +1,37 @@
 version: '3'
 services:
 
-  # The core platform, mounts docker control socket and route definition into the image
-  provider-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/provider-keystore.p12
+      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
-      - ./example-idscp2-server-broadcast.xml:/root/deploy/example-idscp2-server.xml
+      - ./example-idscp2-server-broadcast.xml:/root/deploy/example-idscp2-server-broadcast.xml
     ports:
       - "8080:8080"
     networks:
       - ids-wide
     profiles:
       - server
 
-  # The core platform, mounts docker control socket and route definition into the image
-  consumer-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
+      - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/consumer-keystore.p12
+      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
-      - ./example-idscp2-client-broadcast.xml:/root/deploy/example-idscp2-client.xml
+      - ./example-idscp2-client-broadcast.xml:/root/deploy/example-idscp2-client-broadcast.xml
     ports:
       - "8081:8080"
     networks:

examples/src/main/resources/example-ids-multipart-uc/make-contract.xml

@@ -1,18 +1,16 @@
 version: '3'
 services:
 
-  consumer-core:
+  tc-core-server:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings.mapdb:/root/etc/settings.mapdb
-      - ../etc/consumer-keystore.p12:/root/etc/keystore.p12
+      - ../etc/server-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-server.xml:/root/deploy/example-idscp2-server.xml
     ports:
@@ -22,18 +20,16 @@ services:
     profiles:
       - server
 
-  provider-core:
+  tc-core-client:
     image: fraunhoferaisec/trusted-connector-core:${EXAMPLE_TAG:-develop}
     tty: true
     stdin_open: true
-    command: [ "--class-path", "./jars/*", "de.fhg.aisec.ids.TrustedConnector",
-               "--spring.config.location=/root/etc/application.yml" ]
     volumes:
       - /var/run/docker.sock:/var/run/docker.sock
       - ../etc/application.yml:/root/etc/application.yml
       - ../deploy/allow-all-flows.pl:/root/deploy/allow-all-flows.pl
       - ../etc/settings2.mapdb:/root/etc/settings.mapdb
-      - ../etc/provider-keystore.p12:/root/etc/keystore.p12
+      - ../etc/client-keystore.p12:/root/etc/keystore.p12
       - ../etc/truststore.p12:/root/etc/truststore.p12
       - ./example-idscp2-client.xml:/root/deploy/example-idscp2-client.xml
     ports: