diff --git a/.github/workflows/ci-dependency-check.yml b/.github/workflows/ci-dependency-check.yml
index b70c32f..601390c 100644
--- a/.github/workflows/ci-dependency-check.yml
+++ b/.github/workflows/ci-dependency-check.yml
@@ -15,7 +15,7 @@ jobs:
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-main.yml b/.github/workflows/ci-main.yml
index 6afcb19..4616072 100644
--- a/.github/workflows/ci-main.yml
+++ b/.github/workflows/ci-main.yml
@@ -6,11 +6,11 @@ on:
- main
jobs:
build:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
@@ -46,11 +46,11 @@ jobs:
APP_PACKAGES_USERNAME: ${{ github.actor }}
APP_PACKAGES_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
license:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-pullrequest.yml b/.github/workflows/ci-pullrequest.yml
index 558aa10..f577089 100644
--- a/.github/workflows/ci-pullrequest.yml
+++ b/.github/workflows/ci-pullrequest.yml
@@ -7,11 +7,11 @@ on:
- reopened
jobs:
build:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-release-notes.yml b/.github/workflows/ci-release-notes.yml
index b155d77..2fd0c68 100644
--- a/.github/workflows/ci-release-notes.yml
+++ b/.github/workflows/ci-release-notes.yml
@@ -5,7 +5,7 @@ on:
- created
jobs:
release-notes:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-release.yml b/.github/workflows/ci-release.yml
index 9af8f11..2ced4ac 100644
--- a/.github/workflows/ci-release.yml
+++ b/.github/workflows/ci-release.yml
@@ -5,11 +5,11 @@ on:
- created
jobs:
release:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/.github/workflows/ci-sonar.yml b/.github/workflows/ci-sonar.yml
index 90171d4..5e7dcc4 100644
--- a/.github/workflows/ci-sonar.yml
+++ b/.github/workflows/ci-sonar.yml
@@ -10,11 +10,11 @@ on:
- reopened
jobs:
sonar:
- runs-on: ubuntu-20.04
+ runs-on: ubuntu-latest
steps:
- uses: actions/setup-java@v2
with:
- java-version: 11
+ java-version: 17
distribution: adopt
- uses: actions/checkout@v2
with:
diff --git a/owasp/suppressions.xml b/owasp/suppressions.xml
index 5f48248..3fd8b02 100644
--- a/owasp/suppressions.xml
+++ b/owasp/suppressions.xml
@@ -1,29 +1,7 @@
- see https://github.com/jeremylong/DependencyCheck/issues/1827>
- CVE-2018-1258
-
-
- see https://github.com/jeremylong/DependencyCheck/issues/2952
- CVE-2011-2732
- CVE-2011-2731
- CVE-2012-5055
-
-
- see https://tomcat.apache.org/security-9.html#Apache_Tomcat_9.x_vulnerabilities vulnerability is fixed in tomcat 9.0.38
- CVE-2020-13943
-
-
- H2 is not used by this project.
- CVE-2021-23463
-
-
- False Positive, Should match only up to 5.3.2 (excluding) but we have 5.6.3
- CVE-2020-5408
-
-
- False Positive, Should match only up to 1.32 (excluding) but we have 1.33
- CVE-2022-38752
+ no YAML content from users is parsed within this service
+ CVE-2022-1471
diff --git a/pom.xml b/pom.xml
index 2202b32..351edba 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,9 +4,16 @@
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
4.0.0
+
+ org.springframework.cloud
+ spring-cloud-starter-parent
+ 2022.0.1
+
+
+
eu.europa.ec.dgc
ddcc-gateway-lib
- latest
+ 2.0.0
jar
ddcc-gateway-lib
@@ -17,26 +24,22 @@
- 11
- 11
+ 17
+ 17
UTF-8
UTF-8
- 7.3.0
- 2.7.5
- 3.1.4
- 11.10
- 1.70
+ 8.0.2
+ 1.72
1.18.24
1.5.3.Final
2.11.0
4.5.2
- 2.13.4
- 2.13.4.2
4.10.0
- 3.2.0
- 3.0.0-M7
+ 3.2.1
+ 3.9.1.2184
+ 3.0.0-M8
0.8.8
@@ -73,47 +76,21 @@
org.springframework.boot
- spring-boot-starter-web
- ${spring.boot.version}
+ spring-boot-starter
true
-
-
- org.yaml
- snakeyaml
-
-
- com.fasterxml.jackson.core
- jackson-databind
-
-
-
-
-
- org.yaml
- snakeyaml
- 1.33
org.springframework.boot
spring-boot-configuration-processor
- ${spring.boot.version}
true
org.springframework.cloud
spring-cloud-starter-openfeign
- ${spring.cloud.version}
-
-
- org.springframework
- spring-web
-
-
io.github.openfeign
feign-httpclient
- ${feign.version}
org.mapstruct
@@ -124,11 +101,10 @@
org.projectlombok
lombok
provided
- ${lombok.version}
org.bouncycastle
- bcpkix-jdk15on
+ bcpkix-jdk18on
${bcpkix.version}
@@ -144,25 +120,15 @@
com.fasterxml.jackson.core
jackson-databind
- ${jackson.databind.version}
com.fasterxml.jackson.datatype
jackson-datatype-jsr310
- ${jackson.version}
-
-
- com.fasterxml.jackson.core
- jackson-databind
-
-
-
org.springframework.boot
spring-boot-starter-test
test
- ${spring.boot.version}
com.squareup.okhttp3
@@ -245,6 +211,7 @@
codestyle/checkstyle.xml
target/**/*
+ **/springbootworkaroundforks/*
true
true
warning
@@ -296,7 +263,7 @@
org.springframework.boot
spring-boot-configuration-processor
- ${spring.boot.version}
+ ${project.parent.parent.version}
diff --git a/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java b/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
index b8ef808..6344ad1 100644
--- a/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
+++ b/src/main/java/eu/europa/ec/dgc/DgcLibAutoConfiguration.java
@@ -20,11 +20,11 @@
package eu.europa.ec.dgc;
+import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.Configuration;
-@Configuration
+@AutoConfiguration
@ComponentScan("eu.europa.ec.dgc")
@EnableConfigurationProperties
public class DgcLibAutoConfiguration {
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java
index 3c86504..347b794 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayConnectorUtils.java
@@ -40,6 +40,7 @@
import eu.europa.ec.dgc.signing.SignedStringMessageParser;
import eu.europa.ec.dgc.utils.CertificateUtils;
import feign.FeignException;
+import jakarta.annotation.PostConstruct;
import java.io.IOException;
import java.io.Serializable;
import java.nio.charset.StandardCharsets;
@@ -55,7 +56,6 @@
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
-import javax.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.Setter;
@@ -70,6 +70,7 @@
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
@@ -227,7 +228,7 @@ public List fetchCertificatesAndVerifyByTrustAnchor(
HashMap, List> queryParameterMap)
throws DgcGatewayConnectorException {
List downloadedCertificates;
- HttpStatus responseStatus;
+ HttpStatusCode responseStatus;
try {
if (properties.isEnableDdccSupport()) {
// clone and modify parameter map to only get certs of requested type
@@ -300,7 +301,7 @@ public List fetchTrustedIssuersAndVerifyByTrustAnchor(
if (responseEntity.getStatusCode() != HttpStatus.OK || downloadedTrustedIssuers == null) {
throw new DgcGatewayConnectorUtils.DgcGatewayConnectorException(
- responseEntity.getStatusCodeValue(), "Download of TrustedIssuers failed.");
+ responseEntity.getStatusCode().value(), "Download of TrustedIssuers failed.");
} else {
log.info("Got Response from DGCG, Downloaded TrustedIssuers: {}",
downloadedTrustedIssuers.size());
@@ -332,7 +333,7 @@ public List fetchTrustedReferencesAndVerifyByUploadCertificate
if (responseEntity.getStatusCode() != HttpStatus.OK || downloadedTrustedReferences == null) {
throw new DgcGatewayConnectorUtils.DgcGatewayConnectorException(
- responseEntity.getStatusCodeValue(), "Download of TrustedReferences failed.");
+ responseEntity.getStatusCode().value(), "Download of TrustedReferences failed.");
} else {
log.info("Got Response from DGCG, Downloaded TrustedReferences: {}",
downloadedTrustedReferences.size());
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java
index 9063fc1..99532fd 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayCountryListDownloadConnector.java
@@ -23,13 +23,13 @@
import eu.europa.ec.dgc.gateway.connector.client.DgcGatewayConnectorRestClient;
import eu.europa.ec.dgc.gateway.connector.config.DgcGatewayConnectorConfigProperties;
import feign.FeignException;
+import jakarta.annotation.PostConstruct;
import java.security.Security;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
-import javax.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
index d32cd35..9da43fa 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayDownloadConnector.java
@@ -34,6 +34,7 @@
import eu.europa.ec.dgc.gateway.connector.model.TrustedReference;
import eu.europa.ec.dgc.signing.SignedCertificateMessageParser;
import feign.FeignException;
+import jakarta.annotation.PostConstruct;
import java.io.Serializable;
import java.security.Security;
import java.time.LocalDateTime;
@@ -44,7 +45,6 @@
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
-import javax.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
@@ -55,6 +55,7 @@
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Scope;
import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
import org.springframework.http.ResponseEntity;
import org.springframework.scheduling.annotation.EnableScheduling;
import org.springframework.stereotype.Service;
@@ -282,7 +283,7 @@ private void fetchTrustListAndVerifyByCscaAndUpload() throws DgcGatewayConnector
log.info("Fetching TrustList from DGCG");
List downloadedCertificates;
- HttpStatus responseStatus;
+ HttpStatusCode responseStatus;
try {
if (properties.isEnableDdccSupport()) {
// clone and modify parameter map to only get certs of requested type
@@ -345,7 +346,7 @@ private void fetchTrustedCertificatesAndVerifyByTrustAnchorOrCscaAndUpload() thr
if (responseEntity.getStatusCode() != HttpStatus.OK || responseEntity.getBody() == null) {
throw new DgcGatewayConnectorUtils.DgcGatewayConnectorException(
- responseEntity.getStatusCodeValue(), "Download of TrustedCertificates failed.");
+ responseEntity.getStatusCode().value(), "Download of TrustedCertificates failed.");
} else {
log.info("Got Response from DGCG, Downloaded Trusted Certificates: {}", responseEntity.getBody().size());
}
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java
index b65917b..127e8eb 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayRevocationListUploadConnector.java
@@ -31,6 +31,7 @@
import eu.europa.ec.dgc.signing.SignedStringMessageBuilder;
import eu.europa.ec.dgc.utils.CertificateUtils;
import feign.FeignException;
+import jakarta.annotation.PostConstruct;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -39,7 +40,6 @@
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import javax.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java
index a1fe1a3..9f64340 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayTrustedIssuerDownloadConnector.java
@@ -23,6 +23,7 @@
import eu.europa.ec.dgc.gateway.connector.config.DgcGatewayConnectorConfigProperties;
import eu.europa.ec.dgc.gateway.connector.model.QueryParameter;
import eu.europa.ec.dgc.gateway.connector.model.TrustedIssuer;
+import jakarta.annotation.PostConstruct;
import java.io.Serializable;
import java.security.Security;
import java.time.LocalDateTime;
@@ -31,7 +32,6 @@
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
-import javax.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java
index 7893be8..ed4dc34 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayUploadConnector.java
@@ -28,6 +28,7 @@
import eu.europa.ec.dgc.signing.SignedCertificateMessageBuilder;
import eu.europa.ec.dgc.utils.CertificateUtils;
import feign.FeignException;
+import jakarta.annotation.PostConstruct;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -36,7 +37,6 @@
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import javax.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleDownloadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleDownloadConnector.java
index ed10657..a4f8358 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleDownloadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleDownloadConnector.java
@@ -141,7 +141,7 @@ private void fetchValidationRulesAndVerify(String countryCode)
if (responseEntity.getStatusCode() != HttpStatus.OK || downloadedValidationRules == null) {
throw new DgcGatewayConnectorUtils.DgcGatewayConnectorException(
- responseEntity.getStatusCodeValue(), "Download of TrustListItems failed.");
+ responseEntity.getStatusCode().value(), "Download of TrustListItems failed.");
} else {
log.info("Got Response from DGCG, Downloaded ValidationRules: {}", downloadedValidationRules.size());
}
diff --git a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java
index 9be6a41..ab991a7 100644
--- a/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java
+++ b/src/main/java/eu/europa/ec/dgc/gateway/connector/DgcGatewayValidationRuleUploadConnector.java
@@ -28,6 +28,7 @@
import eu.europa.ec.dgc.signing.SignedStringMessageBuilder;
import eu.europa.ec.dgc.utils.CertificateUtils;
import feign.FeignException;
+import jakarta.annotation.PostConstruct;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
@@ -36,7 +37,6 @@
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
-import javax.annotation.PostConstruct;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
diff --git a/src/main/resources/META-INF/spring.factories b/src/main/resources/META-INF/spring.factories
deleted file mode 100644
index 2ac5bc2..0000000
--- a/src/main/resources/META-INF/spring.factories
+++ /dev/null
@@ -1 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=eu.europa.ec.dgc.DgcLibAutoConfiguration
diff --git a/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
new file mode 100644
index 0000000..bd2794c
--- /dev/null
+++ b/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports
@@ -0,0 +1 @@
+eu.europa.ec.dgc.DgcLibAutoConfiguration