Initial Commit

Dockerfile

@@ -0,0 +1,13 @@
+FROM maven:3-openjdk-11 as build
+COPY . /usr/src/app
+COPY settings.xml /root/.m2/
+WORKDIR /usr/src/app
+RUN mvn -DskipTests install
+
+FROM ubuntu:20.04
+RUN apt-get update && apt-get install -y nginx openjdk-11-jdk clamdscan
+RUN service nginx restart
+
+COPY --from=build /usr/src/app/target/cwa-registration.jar /opt/app/
+WORKDIR /opt/app
+CMD ["java", "-jar", "cwa-registration.jar"]

pom.xml

@@ -0,0 +1,204 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.tsystems.mms.cwa.registration</groupId>
+    <artifactId>cwa-registration</artifactId>
+    <version>1.0.0-SNAPSHOT</version>
+    <packaging>jar</packaging>
+
+    <properties>
+        <start-class>com.tsystems.mms.cwa.registration.RegistrationApplication</start-class>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <maven.compiler.source>11</maven.compiler.source>
+        <maven.compiler.target>11</maven.compiler.target>
+        <spring.boot.version>2.5.2</spring.boot.version>
+        <spring-cloud.version>3.0.3</spring-cloud.version>
+        <keycloak.version>14.0.0</keycloak.version>
+        <mainClass>com.tsystems.mms.cwa.registration.RegistrationApplication</mainClass>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-vault-config</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-bootstrap</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-actuator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>io.micrometer</groupId>
+            <artifactId>micrometer-registry-prometheus</artifactId>
+            <version>1.7.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-spring-security-adapter</artifactId>
+        </dependency>
+        <dependency>
+           <groupId>org.liquibase</groupId>
+           <artifactId>liquibase-core</artifactId>
+           <version>4.4.1</version>
+        </dependency>
+        <dependency>
+            <groupId>org.modelmapper</groupId>
+            <artifactId>modelmapper</artifactId>
+            <version>2.4.4</version>
+        </dependency>
+        <dependency>
+           <groupId>com.opencsv</groupId>
+           <artifactId>opencsv</artifactId>
+           <version>5.5</version>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-io</artifactId>
+            <version>1.3.2</version>
+        </dependency>
+        <dependency>
+            <groupId>org.postgresql</groupId>
+            <artifactId>postgresql</artifactId>
+            <version>42.2.23</version>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.projectlombok</groupId>
+            <artifactId>lombok</artifactId>
+            <version>1.18.20</version>
+            <scope>compile</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <version>4.13.2</version>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <dependencyManagement>
+        <dependencies>
+            <dependency>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-dependencies</artifactId>
+                <version>${spring.boot.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-vault-dependencies</artifactId>
+                <version>${spring-cloud.version}</version>
+                <type>pom</type>
+                <scope>import</scope>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak.bom</groupId>
+                <artifactId>keycloak-adapter-bom</artifactId>
+                <version>${keycloak.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-starter-bootstrap</artifactId>
+                <version>${spring-cloud.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-spring-boot-starter</artifactId>
+                <version>${keycloak.version}</version>
+            </dependency>
+            <dependency>
+                <groupId>org.keycloak</groupId>
+                <artifactId>keycloak-spring-security-adapter</artifactId>
+                <version>${keycloak.version}</version>
+            </dependency>
+        </dependencies>
+    </dependencyManagement>
+
+    <build>
+        <finalName>${project.artifactId}</finalName>
+        <plugins>
+            <plugin>
+                <groupId>org.liquibase</groupId>
+                <artifactId>liquibase-maven-plugin</artifactId>
+                <version>4.4.1</version>
+                <configuration>
+                    <changeLogFile>db/changelog/changelog-master.yaml</changeLogFile>
+                </configuration>
+                <dependencies>
+                    <dependency>
+                        <groupId>org.postgresql</groupId>
+                        <artifactId>postgresql</artifactId>
+                        <version>42.2.23</version>
+                    </dependency>
+                    <dependency>
+                        <groupId>org.hibernate</groupId>
+                        <artifactId>hibernate-core</artifactId>
+                        <version>5.5.3.Final</version>
+                    </dependency>
+                </dependencies>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>
+                        <manifest>
+                            <addClasspath>true</addClasspath>
+                            <mainClass>${mainClass}</mainClass>
+                        </manifest>
+                    </archive>
+                </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>${spring.boot.version}</version>
+                <configuration>
+                    <mainClass>${mainClass}</mainClass>
+                </configuration>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

readme.md

@@ -0,0 +1,144 @@
+# CWA Testcenter registration 
+- Registration website
+  - input necessary data to register a new ~~testcenter~~ as of 21.07. only partner registrations are required 
+  - file upload (no executables) 
+    - as of 28.07. virus scan on document upload?
+- Exportservice
+  - ~~as of 16.07. export has to be secured with Basic Auth~~
+  - as of 28.07. keycloak authentication is mandatory
+  - as of 22.07. created as ISO formatted timestamp
+  - add UTF-8 with BOM to exported csv
+  - download all uploaded files via http as one zip file
+- Database access via HashiCorp Vault (provided)
+
+## Requirements/Validation
+- unique email address
+- Required fields:
+  - E-Mail für Kontakt
+  - Name Teststelle/Betreiber 
+  - Adresse: Straße, PLZ, Ort
+  - Häkchen für RAT-Nachweis 
+  - Software vorhanden (ja  Auswahl verfügbare Partner; nein  Portal)
+- Optional fields
+  - Ansprechpartner;Telefonnummer;
+  - Teststellen-ID,
+  - Häkchen für Arzt oder Apotheker; 
+  - Betriebene Testcentren; 
+  - Anzahl Tests pro Tag
+- allowed documents types: pdf, jpg
+
+# CWA Export function
+- CSV Export per http(s)
+- Basic Authentication for Export 
+
+## Systemcontext
+
+```plantuml
+@startuml SystemContext
+title System context
+
+component ServiceNow #gray
+actor partner #gray
+actor "be-user" as user #gray
+
+cloud otc {   
+   rectangle context {
+      [cwa-registration] as cwa
+      () "testcenter" as reg
+      () "export" as export
+      () "documents" as docs          
+   }
+   database postgreSQL as db #lightGray
+   component Vault #lightGray
+   component KeyCloak as keycloak #lightGray
+}
+
+partner -> reg
+reg - cwa
+
+cwa -down-> db
+cwa -down-> keycloak
+
+cwa - export
+cwa - docs
+ServiceNow -[hidden]down-> user
+export <- ServiceNow
+docs <- user
+
+[ServiceNow] -[hidden]down-> Vault
+cwa -down-> Vault
+
+@enduml
+```
+![](SystemContext.svg)
+
+## Development
+- run local vault instance
+```shell
+  set VAULT_ADDR=http://localhost:8200
+  vault partner init
+  vault secrets enable -path=secret/ kv
+  vault kv put secret/cwa-registration \ 
+    spring.datasource.username=testcenter \
+    spring.datasource.password='#Telekom01' \
+    spring.datasource.url=jdbc:postgresql://localhost:5432/testcenter
+```
+
+- run local postgresql instance:
+<code>docker run -it --rm --network some-network postgres psql -h some-postgres -U postgres</code
+ ```sql
+  CREATE USER testcenter WITH PASSWORD '#Telekom01';
+  CREATE DATABASE testcenter;
+  GRANT ALL PRIVILEGES ON DATABASE testcenter TO testcenter;
+ ```
+
+- run local keycloak instance
+```docker run -p 8080:8080 jboss/keycloak```
+```docker exec <CONTAINER> /opt/jboss/keycloak/bin/add-user-keycloak.sh -u <USERNAME> -p <PASSWORD>```
+```docker restart <CONTAINER>```
+
+- create new realm `cwa-registration`
+- create client `cwa-registration`
+- create client roles `CWA_CSV_EXPORT_USER` and `CWA_ATTACHMENT_EXPORT_USER`
+- create users and assigne roles
+
+### Database
+```plantuml source="src/main/doc/database.puml" 
+```
+
+### Configuration
+|Key| Description|
+---|---
+|PostreSQL Datasource|
+|```spring.datasource.url```| JDBC connection string |
+|```spring.datasource.username```| database user |
+|```spring.datasource.password```| database password |
+|Registration Application|
+|```config.downloadUrl```| URL for downloading attached documents.|
+|```config.role.attachment_export```| "CWA_ATTACHMENT_EXPORT_USER"|
+|```config.role.partner_export```| "CWA_CSV_EXPORT_USER"|
+|```config.solution-file-location```| Path to file containing registered test software solutions |
+|```config.role.partner_export```| Keycloak role for partner csv export |
+|```config.role.attachment_export``` | Keycloak role for document download |
+|KeyCloak|
+|```keycloak.realm``` | cwa-registration |
+|```keycloak.credentials.secret```| Client secret|
+|```keycloak.auth-server-url``` | http://localhost:8180/auth|
+|```keycloak.resource```| cwa-registration
+|```keycloak.ssl-required```| external|
+|```keycloak.use-resource-role-mappings```|true|
+
+## Usage
+1. Registration: https://<server>:<port>/partner/new 
+2. Export: https://<server>:<port>/partner/export[?since=yyyy-MM-ddThh:mm]
+```curl -i -u admin:top_secret http://localhost:8080/partner/export```
+3. Document bundle download: https://<server>:<port>/partner/export/attachment?id=[UUID]
+  ```curl -i -u admin:top_secret http://localhost:8080/partner/export/attachment```
+
+### Todos
+- Deliverable: Dockerimage -> @dire
+- Deployment -> @dire
+- Split deployment artefacts for registration and download
+- virus detection during document upload (?)
+-- ClamAV licence required (proxy?)
+-- McAfee appliance 

src/main/doc/database.puml

@@ -0,0 +1,29 @@
+@startuml Database
+!define table(x) class x << (T,#FFAAAA) >>
+!define primary_key(x) <u>x</u>
+hide methods
+hide stereotypes
+
+title Database Model
+table(PARTNER) {
+  primary_key(ID)
+}
+
+table(ATTACHMENTS) {
+  primary_key(ID)
+  PARTNER_ID
+}
+
+table(DOCUMENTS) {
+  primary_key(ID)
+  ATTACHMENT_ID
+}
+
+ATTACHMENTS::PARTNER_ID -> PARTNER::ID
+DOCUMENTS::ATTACHMENT_ID -> ATTACHMENTS::ID
+
+table(EXPORTS) {
+    ISSUED_BY
+}
+
+@enduml