reworked gecco client creation, added support for tls and encrypted keys

The private key for the fTTP connection can now be encrypted
The connection to the GECCO FHIR server can now use tls with optional
client certificate authentication.
Connections to fTTP and GECCo FHIR server can use forwarding proxies.

closes #32

Author: hhund

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/ApacheRestfulClientFactoryWithTlsConfig.java

@@ -5,6 +5,7 @@
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.UnrecoverableKeyException;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
@@ -28,6 +29,7 @@
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.client.ProxyAuthenticationStrategy;
 import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+import org.apache.http.ssl.SSLContextBuilder;
 import org.apache.http.ssl.SSLContexts;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -50,6 +52,8 @@ public class ApacheRestfulClientFactoryWithTlsConfig extends RestfulClientFactor
 	private final KeyStore keyStore;
 	private final char[] keyStorePassword;
 
+	private final Map<String, ApacheHttpClient> clientByServerBase = new HashMap<>();
+
 	public ApacheRestfulClientFactoryWithTlsConfig(FhirContext fhirContext, KeyStore trustStore, KeyStore keyStore,
 			char[] keyStorePassword)
 	{
@@ -61,11 +65,21 @@ public ApacheRestfulClientFactoryWithTlsConfig(FhirContext fhirContext, KeyStore
 	}
 
 	@Override
-	protected synchronized ApacheHttpClient getHttpClient(String theServerBase)
+	protected synchronized ApacheHttpClient getHttpClient(String serverBase)
 	{
-		logger.info("Returning new ApacheHttpClient for ServerBase {}", theServerBase);
-
-		return new ApacheHttpClient(getNativeHttpClient(), new StringBuilder(theServerBase), null, null, null, null);
+		if (clientByServerBase.containsKey(serverBase))
+		{
+			logger.debug("Reusing ApacheHttpClient for ServerBase {}", serverBase);
+			return clientByServerBase.get(serverBase);
+		}
+		else
+		{
+			logger.debug("Returning new ApacheHttpClient for ServerBase {}", serverBase);
+			ApacheHttpClient client = new ApacheHttpClient(getNativeHttpClient(), new StringBuilder(serverBase), null,
+					null, null, null);
+			clientByServerBase.put(serverBase, client);
+			return client;
+		}
 	}
 
 	@Override
@@ -119,8 +133,14 @@ protected SSLContext getSslContext()
 	{
 		try
 		{
-			return SSLContexts.custom().loadTrustMaterial(trustStore, null).loadKeyMaterial(keyStore, keyStorePassword)
-					.build();
+			SSLContextBuilder custom = SSLContexts.custom();
+
+			if (trustStore != null)
+				custom = custom.loadTrustMaterial(trustStore, null);
+			if (keyStore != null && keyStorePassword != null)
+				custom = custom.loadKeyMaterial(keyStore, keyStorePassword);
+
+			return custom.build();
 		}
 		catch (KeyManagementException | NoSuchAlgorithmException | KeyStoreException | UnrecoverableKeyException e)
 		{

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/FttpClientFactory.java

@@ -82,6 +82,10 @@ public void testConnection()
 	private final Path privateKeyPath;
 	private final char[] privateKeyPassword;
 
+	private final int connectTimeout;
+	private final int socketTimeout;
+	private final int connectionRequestTimeout;
+
 	private final String fttpServerBase;
 	private final String fttpBasicAuthUsername;
 	private final String fttpBasicAuthPassword;
@@ -90,10 +94,6 @@ public void testConnection()
 	private final String fttpStudy;
 	private final String fttpTarget;
 
-	private final int connectTimeout;
-	private final int socketTimeout;
-	private final int connectionRequestTimeout;
-
 	private final String proxySchemeHostPort;
 	private final String proxyUsername;
 	private final String proxyPassword;
@@ -135,9 +135,10 @@ public void onContextRefreshedEvent(ContextRefreshedEvent event)
 		try
 		{
 			logger.info(
-					"Testing connection to fTTP with {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {}, fttpServerBase: {}, fttpApiKey: {}, fttpStudy: {}, fttpTarget: {}}",
+					"Testing connection to fTTP with {trustStorePath: {}, certificatePath: {}, privateKeyPath: {}, privateKeyPassword: {}, fttpBasicAuthUsername {}, fttpBasicAuthPassword {}, fttpServerBase: {}, fttpApiKey: {}, fttpStudy: {}, fttpTarget: {}}",
 					trustStorePath, certificatePath, privateKeyPath, privateKeyPassword != null ? "***" : "null",
-					fttpServerBase, fttpApiKey, fttpStudy, fttpTarget);
+					fttpBasicAuthUsername, fttpBasicAuthPassword != null ? "***" : "null", fttpServerBase, fttpApiKey,
+					fttpStudy, fttpTarget);
 
 			getFttpClient().testConnection();
 		}

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/FttpClientImpl.java

@@ -10,15 +10,13 @@
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
-import org.apache.commons.lang3.StringUtils;
 import org.hl7.fhir.r4.model.Base64BinaryType;
 import org.hl7.fhir.r4.model.CapabilityStatement;
 import org.hl7.fhir.r4.model.Identifier;
 import org.hl7.fhir.r4.model.Parameters;
 import org.hl7.fhir.r4.model.Parameters.ParametersParameterComponent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.InitializingBean;
 
 import ca.uhn.fhir.context.FhirContext;
 import ca.uhn.fhir.rest.api.Constants;
@@ -29,7 +27,7 @@
 import ca.uhn.fhir.rest.client.interceptor.BasicAuthInterceptor;
 import ca.uhn.fhir.rest.client.interceptor.LoggingInterceptor;
 
-public class FttpClientImpl implements FttpClient, InitializingBean
+public class FttpClientImpl implements FttpClient
 {
 	private static final Logger logger = LoggerFactory.getLogger(FttpClientImpl.class);
 
@@ -38,6 +36,7 @@ public class FttpClientImpl implements FttpClient, InitializingBean
 	private final IRestfulClientFactory clientFactory;
 
 	private final String fttpServerBase;
+
 	private final String fttpBasicAuthUsername;
 	private final String fttpBasicAuthPassword;
 
@@ -56,6 +55,7 @@ public FttpClientImpl(KeyStore trustStore, KeyStore keyStore, char[] keyStorePas
 				connectionRequestTimeout);
 
 		this.fttpServerBase = fttpServerBase;
+
 		this.fttpBasicAuthUsername = fttpBasicAuthUsername;
 		this.fttpBasicAuthPassword = fttpBasicAuthPassword;
 
@@ -91,7 +91,7 @@ protected ApacheRestfulClientFactoryWithTlsConfig createClientFactory(KeyStore t
 	private void configureProxy(IRestfulClientFactory clientFactory, String proxySchemeHostPort, String proxyUsername,
 			String proxyPassword)
 	{
-		if (StringUtils.isNotBlank(proxySchemeHostPort))
+		if (proxySchemeHostPort != null && !proxySchemeHostPort.isBlank())
 		{
 			try
 			{
@@ -109,15 +109,6 @@ private void configureProxy(IRestfulClientFactory clientFactory, String proxySch
 		}
 	}
 
-	@Override
-	public void afterPropertiesSet() throws Exception
-	{
-		Objects.requireNonNull(fttpServerBase, "fttpServerBase");
-		Objects.requireNonNull(fttpApiKey, "fttpApiKey");
-		Objects.requireNonNull(fttpStudy, "fttpStudy");
-		Objects.requireNonNull(fttpTarget, "fttpTarget");
-	}
-
 	@Override
 	public Optional<String> getCrrPseudonym(String dicSourceAndPseudonym)
 	{

codex-process-data-transfer/src/main/java/de/netzwerk_universitaetsmedizin/codex/processes/data_transfer/client/GeccoClient.java

@@ -0,0 +1,24 @@
+package de.netzwerk_universitaetsmedizin.codex.processes.data_transfer.client;
+
+import java.nio.file.Path;
+
+import ca.uhn.fhir.context.FhirContext;
+import ca.uhn.fhir.rest.client.api.IGenericClient;
+import de.netzwerk_universitaetsmedizin.codex.processes.data_transfer.client.fhir.GeccoFhirClient;
+
+public interface GeccoClient
+{
+	FhirContext getFhirContext();
+
+	void testConnection();
+
+	GeccoFhirClient getFhirClient();
+
+	Path getSearchBundleOverride();
+
+	IGenericClient getGenericFhirClient();
+
+	String getLocalIdentifierValue();
+
+	boolean shouldUseChainedParameterNotLogicalReference();
+}