Fix #1813: [Feature]: Add (m)TLS configuration of Callbacks (#1814)

docs/WebServices-Methods.md

@@ -127,15 +127,15 @@ REST endpoint: `POST /rest/v3/status`
 
 `GetSystemStatusResponse`
 
-| Type | Name | Description |
-|------|------|-------------|
-| `String` | `status` | A constant value "OK". |
-| `String` | `applicationName` | A name of the application, the default value is `powerauth`. The value may be overriden by setting`powerauth.service.applicationName` property.
-| `String` | `applicationDisplayName` | A human readable name of the application, default value is "PowerAuth Server". The value may be overriden by setting `powerauth.service.applicationDisplayName` property. |
-| `String` | `applicationEnvironment` | An identifier of the environment, by default, the value is empty. The value may be overriden by setting `powerauth.service.applicationEnvironment` property. |
-| `String` | `version` | Version of PowerAuth server. |
-| `String` | `buildTime` | Timestamp when the powerauth-server.war file was built. |
-| `DateTime` | `timestamp` | A current system timestamp. |
+| Type       | Name                     | Description                                                                                                                                                               |
+|------------|--------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `String`   | `status`                 | A constant value "OK".                                                                                                                                                    |
+| `String`   | `applicationName`        | A name of the application, the default value is `powerauth`. The value may be overriden by setting`powerauth.service.applicationName` property.                           |
+| `String`   | `applicationDisplayName` | A human readable name of the application, default value is "PowerAuth Server". The value may be overriden by setting `powerauth.service.applicationDisplayName` property. |
+| `String`   | `applicationEnvironment` | An identifier of the environment, by default, the value is empty. The value may be overriden by setting `powerauth.service.applicationEnvironment` property.              |
+| `String`   | `version`                | Version of PowerAuth server.                                                                                                                                              |
+| `String`   | `buildTime`              | Timestamp when the powerauth-server.war file was built.                                                                                                                   |
+| `DateTime` | `timestamp`              | A current system timestamp.                                                                                                                                               |
 
 ### Method 'getErrorCodeList'
 
@@ -1450,11 +1450,13 @@ The `authentication` parameter contains a JSON-based configuration for client TL
     "enabled": false,
     "useCustomKeyStore": false,
     "keyStoreLocation": "[keystore resource location]",
+    "keyStoreContent": "[keystore content encoded in Base64]",
     "keyStorePassword": "[keystore password]",
     "keyAlias": "[key alias]",
     "keyPassword": "[key password]",
     "useCustomTrustStore": false,
-    "trustStoreLocation": "[truststore resource location]", 
+    "trustStoreLocation": "[truststore resource location]",
+    "trustStoreContent": "[truststore content encoded in Base64]",
     "trustStorePassword": "[truststore password]"
   },
   "httpBasic": {
@@ -1549,11 +1551,13 @@ The `authentication` parameter contains a JSON-based configuration for client TL
     "enabled": false,
     "useCustomKeyStore": false,
     "keyStoreLocation": "[keystore resource location]",
+    "keyStoreContent": "[keystore content encoded in Base64]",
     "keyStorePassword": "[keystore password]",
     "keyAlias": "[key alias]",
     "keyPassword": "[key password]",
     "useCustomTrustStore": false,
-    "trustStoreLocation": "[truststore resource location]", 
+    "trustStoreLocation": "[truststore resource location]",
+    "trustStoreContent": "[truststore content encoded in Base64]",
     "trustStorePassword": "[truststore password]"
   },
   "httpBasic": {
@@ -1571,6 +1575,8 @@ The `authentication` parameter contains a JSON-based configuration for client TL
 }
 ```
 
+In case you do not want to modify the already set `keyStoreContent` or `trustStoreContent`, send a `null` value in request. For removing the existing `keyStoreContent` or `trustStoreContent` use an empty string.
+
 
 #### Response
 

powerauth-admin/src/main/java/io/getlime/security/app/admin/controller/ApplicationController.java

@@ -202,11 +202,13 @@ public String applicationUpdateCallback(@PathVariable("applicationId") String ap
                             model.put("auth_certificateEnabled", certificateAuth.isEnabled());
                             model.put("auth_useCustomKeyStore", certificateAuth.isUseCustomKeyStore());
                             model.put("auth_keyStoreLocation", certificateAuth.getKeyStoreLocation());
+                            model.put("auth_keyStoreContentSet", certificateAuth.isKeyStoreContentSet());
                             model.put("auth_keyStorePasswordSet", certificateAuth.isKeyStorePasswordSet());
                             model.put("auth_keyAlias", certificateAuth.getKeyAlias());
                             model.put("auth_keyPasswordSet", certificateAuth.isKeyPasswordSet());
                             model.put("auth_useCustomTrustStore", certificateAuth.isUseCustomTrustStore());
                             model.put("auth_trustStoreLocation", certificateAuth.getTrustStoreLocation());
+                            model.put("auth_trustStoreContentSet", certificateAuth.isTrustStoreContentSet());
                             model.put("auth_trustStorePasswordSet", certificateAuth.isTrustStorePasswordSet());
                         }
 
@@ -478,10 +480,9 @@ public String applicationUpdateCallbackAction(
     private String getErrorForAuthentication(Map<String, String> allParams) {
         String error = null;
         if ("on".equals(allParams.get("auth_useCustomKeyStore"))) {
-            if (!StringUtils.hasText(allParams.get("auth_keyStoreLocation"))
-                        || !StringUtils.hasText(allParams.get("auth_keyAlias"))) {
+            if (!StringUtils.hasText(allParams.get("auth_keyAlias"))) {
                 error = "Invalid keystore configuration";
-            } else {
+            } else if (StringUtils.hasText(allParams.get("auth_keyStoreLocation"))) {
                 try {
                     new URL(allParams.get("auth_keyStoreLocation"));
                 } catch (MalformedURLException ex) {
@@ -490,9 +491,7 @@ private String getErrorForAuthentication(Map<String, String> allParams) {
             }
         }
         if ("on".equals(allParams.get("auth_useCustomTrustStore"))) {
-            if (!StringUtils.hasText(allParams.get("auth_trustStoreLocation"))) {
-                error = "Invalid truststore configuration";
-            } else {
+            if (StringUtils.hasText(allParams.get("auth_trustStoreLocation"))) {
                 try {
                     new URL(allParams.get("auth_trustStoreLocation"));
                 } catch (MalformedURLException ex) {
@@ -631,7 +630,12 @@ private HttpAuthenticationPrivate prepareHttpAuthentication(Map<String, String>
             final HttpAuthenticationPrivate.Certificate certificateAuth = new HttpAuthenticationPrivate.Certificate();
             certificateAuth.setEnabled(true);
             certificateAuth.setUseCustomKeyStore("on".equals(allParams.get("auth_useCustomKeyStore")));
-            certificateAuth.setKeyStoreLocation(allParams.get("auth_keyStoreLocation"));
+            if (!allParams.get("auth_keyStoreLocation").isEmpty()) {
+                certificateAuth.setKeyStoreLocation(allParams.get("auth_keyStoreLocation"));
+            }
+            if (!allParams.get("auth_keyStoreContent").isEmpty()) {
+                certificateAuth.setKeyStoreContent(allParams.get("auth_keyStoreContent"));
+            }
             if ("true".equals(allParams.get("auth_keyStorePasswordChanged"))) {
                 certificateAuth.setKeyStorePassword(allParams.get("auth_keyStorePassword"));
             }
@@ -640,10 +644,15 @@ private HttpAuthenticationPrivate prepareHttpAuthentication(Map<String, String>
                 certificateAuth.setKeyPassword(allParams.get("auth_keyPassword"));
             }
             certificateAuth.setUseCustomTrustStore("on".equals(allParams.get("auth_useCustomTrustStore")));
-            certificateAuth.setTrustStoreLocation(allParams.get("auth_trustStoreLocation"));
+            if (!allParams.get("auth_trustStoreLocation").isEmpty()) {
+                certificateAuth.setKeyStoreLocation(allParams.get("auth_keyStoreLocation"));
+            }
             if ("true".equals(allParams.get("auth_trustStorePasswordChanged"))) {
                 certificateAuth.setTrustStorePassword(allParams.get("auth_trustStorePassword"));
             }
+            if (!allParams.get("auth_trustStoreContent").isEmpty()) {
+                certificateAuth.setTrustStoreContent(allParams.get("auth_trustStoreContent"));
+            }
             httpAuthentication.setCertificate(certificateAuth);
         }
         if ("on".equals(allParams.get("auth_httpBasicEnabled"))) {