Merge remote-tracking branch 'origin/issues/32_GECCO_FHIR_Server_https'

into develop

Author: hhund

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/ApacheRestfulClientFactoryWithTlsConfig.java

@@ -5,6 +5,7 @@
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
@@ -28,6 +29,7 @@
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.client.ProxyAuthenticationStrategy;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.ssl.SSLContexts;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,6 +52,8 @@ public class ApacheRestfulClientFactoryWithTlsConfig extends RestfulClientFactor
 	private final KeyStore keyStore;
 	private final char[] keyStorePassword;
 
+	private final Map<String, ApacheHttpClient> clientByServerBase = new HashMap<>();
+
 	public ApacheRestfulClientFactoryWithTlsConfig(FhirContext fhirContext, KeyStore trustStore, KeyStore keyStore,
 			char[] keyStorePassword)
 	{
@@ -61,11 +65,21 @@ public ApacheRestfulClientFactoryWithTlsConfig(FhirContext fhirContext, KeyStore
 	}
 
 	@Override
-	protected synchronized ApacheHttpClient getHttpClient(String theServerBase)
+	protected synchronized ApacheHttpClient getHttpClient(String serverBase)
 	{
-		logger.info("Returning new ApacheHttpClient for ServerBase {}", theServerBase);
-
-		return new ApacheHttpClient(getNativeHttpClient(), new StringBuilder(theServerBase), null, null, null, null);
+		if (clientByServerBase.containsKey(serverBase))
+		{
+			logger.debug("Reusing ApacheHttpClient for ServerBase {}", serverBase);
+			return clientByServerBase.get(serverBase);
+		}
+		else
+		{
+			logger.debug("Returning new ApacheHttpClient for ServerBase {}", serverBase);
+			ApacheHttpClient client = new ApacheHttpClient(getNativeHttpClient(), new StringBuilder(serverBase), null,
+					null, null, null);
+			clientByServerBase.put(serverBase, client);
+			return client;
+		}
 	}
 
 	@Override
@@ -119,8 +133,14 @@ protected SSLContext getSslContext()
 	{
 		try
 		{
-			return SSLContexts.custom().loadTrustMaterial(trustStore, null).loadKeyMaterial(keyStore, keyStorePassword)
-					.build();
+			SSLContextBuilder custom = SSLContexts.custom();
+
+			if (trustStore != null)
+				custom = custom.loadTrustMaterial(trustStore, null);
+			if (keyStore != null && keyStorePassword != null)
+				custom = custom.loadKeyMaterial(keyStore, keyStorePassword);
+
+			return custom.build();
 		}
 		catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e)
 		{

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/FttpClientFactory.java

@@ -80,6 +80,11 @@ public void testConnection()
 	private final Path trustStorePath;
 	private final Path certificatePath;
 	private final Path privateKeyPath;
+	private final char[] privateKeyPassword;
+
+	private final int connectTimeout;
+	private final int socketTimeout;
+	private final int connectionRequestTimeout;
 
 	private final String fttpServerBase;
 	private final String fttpBasicAuthUsername;
@@ -89,24 +94,21 @@ public void testConnection()
 	private final String fttpStudy;
 	private final String fttpTarget;
 
-	private final int connectTimeout;
-	private final int socketTimeout;
-	private final int connectionRequestTimeout;
-
-	private final String proxySchemeHostPort;
+	private final String proxyUrl;
 	private final String proxyUsername;
 	private final String proxyPassword;
 
 	private final boolean hapiClientVerbose;
 
-	public FttpClientFactory(Path trustStorePath, Path certificatePath, Path privateKeyPath, int connectTimeout,
-			int socketTimeout, int connectionRequestTimeout, String fttpBasicAuthUsername, String fttpBasicAuthPassword,
-			String fttpServerBase, String fttpApiKey, String fttpStudy, String fttpTarget, String proxySchemeHostPort,
-			String proxyUsername, String proxyPassword, boolean hapiClientVerbose)
+	public FttpClientFactory(Path trustStorePath, Path certificatePath, Path privateKeyPath, char[] privateKeyPassword,
+			int connectTimeout, int socketTimeout, int connectionRequestTimeout, String fttpBasicAuthUsername,
+			String fttpBasicAuthPassword, String fttpServerBase, String fttpApiKey, String fttpStudy, String fttpTarget,
+			String proxyUrl, String proxyUsername, String proxyPassword, boolean hapiClientVerbose)
 	{
 		this.trustStorePath = trustStorePath;
 		this.certificatePath = certificatePath;
 		this.privateKeyPath = privateKeyPath;
+		this.privateKeyPassword = privateKeyPassword;
 
 		this.connectTimeout = connectTimeout;
 		this.socketTimeout = socketTimeout;
@@ -120,7 +122,7 @@ public FttpClientFactory(Path trustStorePath, Path certificatePath, Path private
 		this.fttpStudy = fttpStudy;
 		this.fttpTarget = fttpTarget;
 
-		this.proxySchemeHostPort = proxySchemeHostPort;
+		this.proxyUrl = proxyUrl;
 		this.proxyUsername = proxyUsername;
 		this.proxyPassword = proxyPassword;
 
@@ -133,8 +135,11 @@ public void onContextRefreshedEvent(ContextRefreshedEvent event)
 		try
 		{
 			logger.info(
-					"Testing connection to fTTP with {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, fttpServerBase: {}, fttpApiKey: {}, fttpStudy: {}, fttpTarget: {}}",
-					trustStorePath, certificatePath, privateKeyPath, fttpServerBase, fttpApiKey, fttpStudy, fttpTarget);
+					"Testing connection to fTTP with {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {},"
+							+ " basicAuthUsername {}, basicAuthPassword {}, serverBase: {}, apiKey: {}, study: {}, target: {}, proxyUrl {}, proxyUsername, proxyPassword {}}",
+					trustStorePath, certificatePath, privateKeyPath, privateKeyPassword != null ? "***" : "null",
+					fttpBasicAuthUsername, fttpBasicAuthPassword != null ? "***" : "null", fttpServerBase, fttpApiKey,
+					fttpStudy, fttpTarget, proxyUrl, proxyUsername, proxyPassword != null ? "***" : "null");
 
 			getFttpClient().testConnection();
 		}
@@ -166,11 +171,11 @@ protected FttpClient createFttpClient()
 		char[] keyStorePassword = UUID.randomUUID().toString().toCharArray();
 
 		logger.debug("Creating key-store from {} and {}", certificatePath.toString(), privateKeyPath.toString());
-		KeyStore keyStore = readKeyStore(certificatePath, privateKeyPath, keyStorePassword);
+		KeyStore keyStore = readKeyStore(certificatePath, privateKeyPath, privateKeyPassword, keyStorePassword);
 
 		return new FttpClientImpl(trustStore, keyStore, keyStorePassword, connectTimeout, socketTimeout,
 				connectionRequestTimeout, fttpBasicAuthUsername, fttpBasicAuthPassword, fttpServerBase, fttpApiKey,
-				fttpStudy, fttpTarget, proxySchemeHostPort, proxyUsername, proxyPassword, hapiClientVerbose);
+				fttpStudy, fttpTarget, proxyUrl, proxyUsername, proxyPassword, hapiClientVerbose);
 	}
 
 	private KeyStore readTrustStore(Path trustPath)
@@ -185,11 +190,11 @@ private KeyStore readTrustStore(Path trustPath)
 		}
 	}
 
-	private KeyStore readKeyStore(Path certificatePath, Path keyPath, char[] keyStorePassword)
+	private KeyStore readKeyStore(Path certificatePath, Path keyPath, char[] keyPassword, char[] keyStorePassword)
 	{
 		try
 		{
-			PrivateKey privateKey = PemIo.readPrivateKeyFromPem(keyPath);
+			PrivateKey privateKey = PemIo.readPrivateKeyFromPem(keyPath, keyPassword);
 			X509Certificate certificate = PemIo.readX509CertificateFromPem(certificatePath);
 
 			return CertificateHelper.toJksKeyStore(privateKey, new Certificate[] { certificate },

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/FttpClientImpl.java

@@ -10,15 +10,13 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.commons.lang3.StringUtils;
 import org.hl7.fhir.r4.model.Base64BinaryType;
 import org.hl7.fhir.r4.model.CapabilityStatement;
 import org.hl7.fhir.r4.model.Identifier;
 import org.hl7.fhir.r4.model.Parameters;
 import org.hl7.fhir.r4.model.Parameters.ParametersParameterComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.InitializingBean;
 
 import ca.uhn.fhir.context.FhirContext;
 import ca.uhn.fhir.rest.api.Constants;
@@ -29,7 +27,7 @@
 import ca.uhn.fhir.rest.client.interceptor.BasicAuthInterceptor;
 import ca.uhn.fhir.rest.client.interceptor.LoggingInterceptor;
 
-public class FttpClientImpl implements FttpClient, InitializingBean
+public class FttpClientImpl implements FttpClient
 {
 	private static final Logger logger = LoggerFactory.getLogger(FttpClientImpl.class);
 
@@ -38,6 +36,7 @@ public class FttpClientImpl implements FttpClient, InitializingBean
 	private final IRestfulClientFactory clientFactory;
 
 	private final String fttpServerBase;
+
 	private final String fttpBasicAuthUsername;
 	private final String fttpBasicAuthPassword;
 
@@ -49,21 +48,22 @@ public class FttpClientImpl implements FttpClient, InitializingBean
 
 	public FttpClientImpl(KeyStore trustStore, KeyStore keyStore, char[] keyStorePassword, int connectTimeout,
 			int socketTimeout, int connectionRequestTimeout, String fttpBasicAuthUsername, String fttpBasicAuthPassword,
-			String fttpServerBase, String fttpApiKey, String fttpStudy, String fttpTarget, String proxySchemeHostPort,
+			String fttpServerBase, String fttpApiKey, String fttpStudy, String fttpTarget, String proxyUrl,
 			String proxyUsername, String proxyPassword, boolean hapiClientVerbose)
 	{
 		clientFactory = createClientFactory(trustStore, keyStore, keyStorePassword, connectTimeout, socketTimeout,
 				connectionRequestTimeout);
 
 		this.fttpServerBase = fttpServerBase;
+
 		this.fttpBasicAuthUsername = fttpBasicAuthUsername;
 		this.fttpBasicAuthPassword = fttpBasicAuthPassword;
 
 		this.fttpApiKey = fttpApiKey;
 		this.fttpStudy = fttpStudy;
 		this.fttpTarget = fttpTarget;
 
-		configureProxy(clientFactory, proxySchemeHostPort, proxyUsername, proxyPassword);
+		configureProxy(clientFactory, proxyUrl, proxyUsername, proxyPassword);
 
 		this.hapiClientVerbose = hapiClientVerbose;
 	}
@@ -88,14 +88,14 @@ protected ApacheRestfulClientFactoryWithTlsConfig createClientFactory(KeyStore t
 		return hapiClientFactory;
 	}
 
-	private void configureProxy(IRestfulClientFactory clientFactory, String proxySchemeHostPort, String proxyUsername,
+	private void configureProxy(IRestfulClientFactory clientFactory, String proxyUrl, String proxyUsername,
 			String proxyPassword)
 	{
-		if (StringUtils.isNotBlank(proxySchemeHostPort))
+		if (proxyUrl != null && !proxyUrl.isBlank())
 		{
 			try
 			{
-				URL url = new URL(proxySchemeHostPort);
+				URL url = new URL(proxyUrl);
 				clientFactory.setProxy(url.getHost(), url.getPort());
 				clientFactory.setProxyCredentials(proxyUsername, proxyPassword);
 
@@ -109,15 +109,6 @@ private void configureProxy(IRestfulClientFactory clientFactory, String proxySch
 		}
 	}
 
-	@Override
-	public void afterPropertiesSet() throws Exception
-	{
-		Objects.requireNonNull(fttpServerBase, "fttpServerBase");
-		Objects.requireNonNull(fttpApiKey, "fttpApiKey");
-		Objects.requireNonNull(fttpStudy, "fttpStudy");
-		Objects.requireNonNull(fttpTarget, "fttpTarget");
-	}
-
 	@Override
 	public Optional<String> getCrrPseudonym(String dicSourceAndPseudonym)
 	{

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/GeccoClient.java

@@ -0,0 +1,24 @@
+package de.netzwerk_universitaetsmedizin.codex.processes.data_transfer.client;
+
+import java.nio.file.Path;
+
+import ca.uhn.fhir.context.FhirContext;
+import ca.uhn.fhir.rest.client.api.IGenericClient;
+import de.netzwerk_universitaetsmedizin.codex.processes.data_transfer.client.fhir.GeccoFhirClient;
+
+public interface GeccoClient
+{
+	FhirContext getFhirContext();
+
+	void testConnection();
+
+	GeccoFhirClient getFhirClient();
+
+	Path getSearchBundleOverride();
+
+	IGenericClient getGenericFhirClient();
+
+	String getLocalIdentifierValue();
+
+	boolean shouldUseChainedParameterNotLogicalReference();
+}