wip

.gitignore

@@ -0,0 +1,33 @@
+HELP.md
+target/
+!.mvn/wrapper/maven-wrapper.jar
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea/
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/

.mvn/wrapper/maven-wrapper.properties

@@ -0,0 +1,2 @@
+distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.6/apache-maven-3.9.6-bin.zip
+wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar

mvnw

@@ -0,0 +1,308 @@
+#!/bin/sh
+# ----------------------------------------------------------------------------
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#    https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+# ----------------------------------------------------------------------------
+
+# ----------------------------------------------------------------------------
+# Apache Maven Wrapper startup batch script, version 3.2.0
+#
+# Required ENV vars:
+# ------------------
+#   JAVA_HOME - location of a JDK home dir
+#
+# Optional ENV vars
+# -----------------
+#   MAVEN_OPTS - parameters passed to the Java VM when running Maven
+#     e.g. to debug Maven itself, use
+#       set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+#   MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+# ----------------------------------------------------------------------------
+
+if [ -z "$MAVEN_SKIP_RC" ] ; then
+
+  if [ -f /usr/local/etc/mavenrc ] ; then
+    . /usr/local/etc/mavenrc
+  fi
+
+  if [ -f /etc/mavenrc ] ; then
+    . /etc/mavenrc
+  fi
+
+  if [ -f "$HOME/.mavenrc" ] ; then
+    . "$HOME/.mavenrc"
+  fi
+
+fi
+
+# OS specific support.  $var _must_ be set to either true or false.
+cygwin=false;
+darwin=false;
+mingw=false
+case "$(uname)" in
+  CYGWIN*) cygwin=true ;;
+  MINGW*) mingw=true;;
+  Darwin*) darwin=true
+    # Use /usr/libexec/java_home if available, otherwise fall back to /Library/Java/Home
+    # See https://developer.apple.com/library/mac/qa/qa1170/_index.html
+    if [ -z "$JAVA_HOME" ]; then
+      if [ -x "/usr/libexec/java_home" ]; then
+        JAVA_HOME="$(/usr/libexec/java_home)"; export JAVA_HOME
+      else
+        JAVA_HOME="/Library/Java/Home"; export JAVA_HOME
+      fi
+    fi
+    ;;
+esac
+
+if [ -z "$JAVA_HOME" ] ; then
+  if [ -r /etc/gentoo-release ] ; then
+    JAVA_HOME=$(java-config --jre-home)
+  fi
+fi
+
+# For Cygwin, ensure paths are in UNIX format before anything is touched
+if $cygwin ; then
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=$(cygpath --unix "$JAVA_HOME")
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=$(cygpath --path --unix "$CLASSPATH")
+fi
+
+# For Mingw, ensure paths are in UNIX format before anything is touched
+if $mingw ; then
+  [ -n "$JAVA_HOME" ] && [ -d "$JAVA_HOME" ] &&
+    JAVA_HOME="$(cd "$JAVA_HOME" || (echo "cannot cd into $JAVA_HOME."; exit 1); pwd)"
+fi
+
+if [ -z "$JAVA_HOME" ]; then
+  javaExecutable="$(which javac)"
+  if [ -n "$javaExecutable" ] && ! [ "$(expr "\"$javaExecutable\"" : '\([^ ]*\)')" = "no" ]; then
+    # readlink(1) is not available as standard on Solaris 10.
+    readLink=$(which readlink)
+    if [ ! "$(expr "$readLink" : '\([^ ]*\)')" = "no" ]; then
+      if $darwin ; then
+        javaHome="$(dirname "\"$javaExecutable\"")"
+        javaExecutable="$(cd "\"$javaHome\"" && pwd -P)/javac"
+      else
+        javaExecutable="$(readlink -f "\"$javaExecutable\"")"
+      fi
+      javaHome="$(dirname "\"$javaExecutable\"")"
+      javaHome=$(expr "$javaHome" : '\(.*\)/bin')
+      JAVA_HOME="$javaHome"
+      export JAVA_HOME
+    fi
+  fi
+fi
+
+if [ -z "$JAVACMD" ] ; then
+  if [ -n "$JAVA_HOME"  ] ; then
+    if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
+      # IBM's JDK on AIX uses strange locations for the executables
+      JAVACMD="$JAVA_HOME/jre/sh/java"
+    else
+      JAVACMD="$JAVA_HOME/bin/java"
+    fi
+  else
+    JAVACMD="$(\unset -f command 2>/dev/null; \command -v java)"
+  fi
+fi
+
+if [ ! -x "$JAVACMD" ] ; then
+  echo "Error: JAVA_HOME is not defined correctly." >&2
+  echo "  We cannot execute $JAVACMD" >&2
+  exit 1
+fi
+
+if [ -z "$JAVA_HOME" ] ; then
+  echo "Warning: JAVA_HOME environment variable is not set."
+fi
+
+# traverses directory structure from process work directory to filesystem root
+# first directory with .mvn subdirectory is considered project base directory
+find_maven_basedir() {
+  if [ -z "$1" ]
+  then
+    echo "Path not specified to find_maven_basedir"
+    return 1
+  fi
+
+  basedir="$1"
+  wdir="$1"
+  while [ "$wdir" != '/' ] ; do
+    if [ -d "$wdir"/.mvn ] ; then
+      basedir=$wdir
+      break
+    fi
+    # workaround for JBEAP-8937 (on Solaris 10/Sparc)
+    if [ -d "${wdir}" ]; then
+      wdir=$(cd "$wdir/.." || exit 1; pwd)
+    fi
+    # end of workaround
+  done
+  printf '%s' "$(cd "$basedir" || exit 1; pwd)"
+}
+
+# concatenates all lines of a file
+concat_lines() {
+  if [ -f "$1" ]; then
+    # Remove \r in case we run on Windows within Git Bash
+    # and check out the repository with auto CRLF management
+    # enabled. Otherwise, we may read lines that are delimited with
+    # \r\n and produce $'-Xarg\r' rather than -Xarg due to word
+    # splitting rules.
+    tr -s '\r\n' ' ' < "$1"
+  fi
+}
+
+log() {
+  if [ "$MVNW_VERBOSE" = true ]; then
+    printf '%s\n' "$1"
+  fi
+}
+
+BASE_DIR=$(find_maven_basedir "$(dirname "$0")")
+if [ -z "$BASE_DIR" ]; then
+  exit 1;
+fi
+
+MAVEN_PROJECTBASEDIR=${MAVEN_BASEDIR:-"$BASE_DIR"}; export MAVEN_PROJECTBASEDIR
+log "$MAVEN_PROJECTBASEDIR"
+
+##########################################################################################
+# Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+# This allows using the maven wrapper in projects that prohibit checking in binary data.
+##########################################################################################
+wrapperJarPath="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar"
+if [ -r "$wrapperJarPath" ]; then
+    log "Found $wrapperJarPath"
+else
+    log "Couldn't find $wrapperJarPath, downloading it ..."
+
+    if [ -n "$MVNW_REPOURL" ]; then
+      wrapperUrl="$MVNW_REPOURL/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+    else
+      wrapperUrl="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+    fi
+    while IFS="=" read -r key value; do
+      # Remove '\r' from value to allow usage on windows as IFS does not consider '\r' as a separator ( considers space, tab, new line ('\n'), and custom '=' )
+      safeValue=$(echo "$value" | tr -d '\r')
+      case "$key" in (wrapperUrl) wrapperUrl="$safeValue"; break ;;
+      esac
+    done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
+    log "Downloading from: $wrapperUrl"
+
+    if $cygwin; then
+      wrapperJarPath=$(cygpath --path --windows "$wrapperJarPath")
+    fi
+
+    if command -v wget > /dev/null; then
+        log "Found wget ... using wget"
+        [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--quiet"
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            wget $QUIET "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        else
+            wget $QUIET --http-user="$MVNW_USERNAME" --http-password="$MVNW_PASSWORD" "$wrapperUrl" -O "$wrapperJarPath" || rm -f "$wrapperJarPath"
+        fi
+    elif command -v curl > /dev/null; then
+        log "Found curl ... using curl"
+        [ "$MVNW_VERBOSE" = true ] && QUIET="" || QUIET="--silent"
+        if [ -z "$MVNW_USERNAME" ] || [ -z "$MVNW_PASSWORD" ]; then
+            curl $QUIET -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
+        else
+            curl $QUIET --user "$MVNW_USERNAME:$MVNW_PASSWORD" -o "$wrapperJarPath" "$wrapperUrl" -f -L || rm -f "$wrapperJarPath"
+        fi
+    else
+        log "Falling back to using Java to download"
+        javaSource="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.java"
+        javaClass="$MAVEN_PROJECTBASEDIR/.mvn/wrapper/MavenWrapperDownloader.class"
+        # For Cygwin, switch paths to Windows format before running javac
+        if $cygwin; then
+          javaSource=$(cygpath --path --windows "$javaSource")
+          javaClass=$(cygpath --path --windows "$javaClass")
+        fi
+        if [ -e "$javaSource" ]; then
+            if [ ! -e "$javaClass" ]; then
+                log " - Compiling MavenWrapperDownloader.java ..."
+                ("$JAVA_HOME/bin/javac" "$javaSource")
+            fi
+            if [ -e "$javaClass" ]; then
+                log " - Running MavenWrapperDownloader.java ..."
+                ("$JAVA_HOME/bin/java" -cp .mvn/wrapper MavenWrapperDownloader "$wrapperUrl" "$wrapperJarPath") || rm -f "$wrapperJarPath"
+            fi
+        fi
+    fi
+fi
+##########################################################################################
+# End of extension
+##########################################################################################
+
+# If specified, validate the SHA-256 sum of the Maven wrapper jar file
+wrapperSha256Sum=""
+while IFS="=" read -r key value; do
+  case "$key" in (wrapperSha256Sum) wrapperSha256Sum=$value; break ;;
+  esac
+done < "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.properties"
+if [ -n "$wrapperSha256Sum" ]; then
+  wrapperSha256Result=false
+  if command -v sha256sum > /dev/null; then
+    if echo "$wrapperSha256Sum  $wrapperJarPath" | sha256sum -c > /dev/null 2>&1; then
+      wrapperSha256Result=true
+    fi
+  elif command -v shasum > /dev/null; then
+    if echo "$wrapperSha256Sum  $wrapperJarPath" | shasum -a 256 -c > /dev/null 2>&1; then
+      wrapperSha256Result=true
+    fi
+  else
+    echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available."
+    echo "Please install either command, or disable validation by removing 'wrapperSha256Sum' from your maven-wrapper.properties."
+    exit 1
+  fi
+  if [ $wrapperSha256Result = false ]; then
+    echo "Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised." >&2
+    echo "Investigate or delete $wrapperJarPath to attempt a clean download." >&2
+    echo "If you updated your Maven version, you need to update the specified wrapperSha256Sum property." >&2
+    exit 1
+  fi
+fi
+
+MAVEN_OPTS="$(concat_lines "$MAVEN_PROJECTBASEDIR/.mvn/jvm.config") $MAVEN_OPTS"
+
+# For Cygwin, switch paths to Windows format before running java
+if $cygwin; then
+  [ -n "$JAVA_HOME" ] &&
+    JAVA_HOME=$(cygpath --path --windows "$JAVA_HOME")
+  [ -n "$CLASSPATH" ] &&
+    CLASSPATH=$(cygpath --path --windows "$CLASSPATH")
+  [ -n "$MAVEN_PROJECTBASEDIR" ] &&
+    MAVEN_PROJECTBASEDIR=$(cygpath --path --windows "$MAVEN_PROJECTBASEDIR")
+fi
+
+# Provide a "standardized" way to retrieve the CLI args that will
+# work with both Windows and non-Windows executions.
+MAVEN_CMD_LINE_ARGS="$MAVEN_CONFIG $*"
+export MAVEN_CMD_LINE_ARGS
+
+WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+# shellcheck disable=SC2086 # safe args
+exec "$JAVACMD" \
+  $MAVEN_OPTS \
+  $MAVEN_DEBUG_OPTS \
+  -classpath "$MAVEN_PROJECTBASEDIR/.mvn/wrapper/maven-wrapper.jar" \
+  "-Dmaven.multiModuleProjectDirectory=${MAVEN_PROJECTBASEDIR}" \
+  ${WRAPPER_LAUNCHER} $MAVEN_CONFIG "$@"

mvnw.cmd

@@ -0,0 +1,205 @@
+@REM ----------------------------------------------------------------------------
+@REM Licensed to the Apache Software Foundation (ASF) under one
+@REM or more contributor license agreements.  See the NOTICE file
+@REM distributed with this work for additional information
+@REM regarding copyright ownership.  The ASF licenses this file
+@REM to you under the Apache License, Version 2.0 (the
+@REM "License"); you may not use this file except in compliance
+@REM with the License.  You may obtain a copy of the License at
+@REM
+@REM    https://www.apache.org/licenses/LICENSE-2.0
+@REM
+@REM Unless required by applicable law or agreed to in writing,
+@REM software distributed under the License is distributed on an
+@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+@REM KIND, either express or implied.  See the License for the
+@REM specific language governing permissions and limitations
+@REM under the License.
+@REM ----------------------------------------------------------------------------
+
+@REM ----------------------------------------------------------------------------
+@REM Apache Maven Wrapper startup batch script, version 3.2.0
+@REM
+@REM Required ENV vars:
+@REM JAVA_HOME - location of a JDK home dir
+@REM
+@REM Optional ENV vars
+@REM MAVEN_BATCH_ECHO - set to 'on' to enable the echoing of the batch commands
+@REM MAVEN_BATCH_PAUSE - set to 'on' to wait for a keystroke before ending
+@REM MAVEN_OPTS - parameters passed to the Java VM when running Maven
+@REM     e.g. to debug Maven itself, use
+@REM set MAVEN_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=y,address=8000
+@REM MAVEN_SKIP_RC - flag to disable loading of mavenrc files
+@REM ----------------------------------------------------------------------------
+
+@REM Begin all REM lines with '@' in case MAVEN_BATCH_ECHO is 'on'
+@echo off
+@REM set title of command window
+title %0
+@REM enable echoing by setting MAVEN_BATCH_ECHO to 'on'
+@if "%MAVEN_BATCH_ECHO%" == "on"  echo %MAVEN_BATCH_ECHO%
+
+@REM set %HOME% to equivalent of $HOME
+if "%HOME%" == "" (set "HOME=%HOMEDRIVE%%HOMEPATH%")
+
+@REM Execute a user defined script before this one
+if not "%MAVEN_SKIP_RC%" == "" goto skipRcPre
+@REM check for pre script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_pre.bat" call "%USERPROFILE%\mavenrc_pre.bat" %*
+if exist "%USERPROFILE%\mavenrc_pre.cmd" call "%USERPROFILE%\mavenrc_pre.cmd" %*
+:skipRcPre
+
+@setlocal
+
+set ERROR_CODE=0
+
+@REM To isolate internal variables from possible post scripts, we use another setlocal
+@setlocal
+
+@REM ==== START VALIDATION ====
+if not "%JAVA_HOME%" == "" goto OkJHome
+
+echo.
+echo Error: JAVA_HOME not found in your environment. >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+:OkJHome
+if exist "%JAVA_HOME%\bin\java.exe" goto init
+
+echo.
+echo Error: JAVA_HOME is set to an invalid directory. >&2
+echo JAVA_HOME = "%JAVA_HOME%" >&2
+echo Please set the JAVA_HOME variable in your environment to match the >&2
+echo location of your Java installation. >&2
+echo.
+goto error
+
+@REM ==== END VALIDATION ====
+
+:init
+
+@REM Find the project base dir, i.e. the directory that contains the folder ".mvn".
+@REM Fallback to current working directory if not found.
+
+set MAVEN_PROJECTBASEDIR=%MAVEN_BASEDIR%
+IF NOT "%MAVEN_PROJECTBASEDIR%"=="" goto endDetectBaseDir
+
+set EXEC_DIR=%CD%
+set WDIR=%EXEC_DIR%
+:findBaseDir
+IF EXIST "%WDIR%"\.mvn goto baseDirFound
+cd ..
+IF "%WDIR%"=="%CD%" goto baseDirNotFound
+set WDIR=%CD%
+goto findBaseDir
+
+:baseDirFound
+set MAVEN_PROJECTBASEDIR=%WDIR%
+cd "%EXEC_DIR%"
+goto endDetectBaseDir
+
+:baseDirNotFound
+set MAVEN_PROJECTBASEDIR=%EXEC_DIR%
+cd "%EXEC_DIR%"
+
+:endDetectBaseDir
+
+IF NOT EXIST "%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config" goto endReadAdditionalConfig
+
+@setlocal EnableExtensions EnableDelayedExpansion
+for /F "usebackq delims=" %%a in ("%MAVEN_PROJECTBASEDIR%\.mvn\jvm.config") do set JVM_CONFIG_MAVEN_PROPS=!JVM_CONFIG_MAVEN_PROPS! %%a
+@endlocal & set JVM_CONFIG_MAVEN_PROPS=%JVM_CONFIG_MAVEN_PROPS%
+
+:endReadAdditionalConfig
+
+SET MAVEN_JAVA_EXE="%JAVA_HOME%\bin\java.exe"
+set WRAPPER_JAR="%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.jar"
+set WRAPPER_LAUNCHER=org.apache.maven.wrapper.MavenWrapperMain
+
+set WRAPPER_URL="https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperUrl" SET WRAPPER_URL=%%B
+)
+
+@REM Extension to allow automatically downloading the maven-wrapper.jar from Maven-central
+@REM This allows using the maven wrapper in projects that prohibit checking in binary data.
+if exist %WRAPPER_JAR% (
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Found %WRAPPER_JAR%
+    )
+) else (
+    if not "%MVNW_REPOURL%" == "" (
+        SET WRAPPER_URL="%MVNW_REPOURL%/org/apache/maven/wrapper/maven-wrapper/3.2.0/maven-wrapper-3.2.0.jar"
+    )
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Couldn't find %WRAPPER_JAR%, downloading it ...
+        echo Downloading from: %WRAPPER_URL%
+    )
+
+    powershell -Command "&{"^
+		"$webclient = new-object System.Net.WebClient;"^
+		"if (-not ([string]::IsNullOrEmpty('%MVNW_USERNAME%') -and [string]::IsNullOrEmpty('%MVNW_PASSWORD%'))) {"^
+		"$webclient.Credentials = new-object System.Net.NetworkCredential('%MVNW_USERNAME%', '%MVNW_PASSWORD%');"^
+		"}"^
+		"[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; $webclient.DownloadFile('%WRAPPER_URL%', '%WRAPPER_JAR%')"^
+		"}"
+    if "%MVNW_VERBOSE%" == "true" (
+        echo Finished downloading %WRAPPER_JAR%
+    )
+)
+@REM End of extension
+
+@REM If specified, validate the SHA-256 sum of the Maven wrapper jar file
+SET WRAPPER_SHA_256_SUM=""
+FOR /F "usebackq tokens=1,2 delims==" %%A IN ("%MAVEN_PROJECTBASEDIR%\.mvn\wrapper\maven-wrapper.properties") DO (
+    IF "%%A"=="wrapperSha256Sum" SET WRAPPER_SHA_256_SUM=%%B
+)
+IF NOT %WRAPPER_SHA_256_SUM%=="" (
+    powershell -Command "&{"^
+       "$hash = (Get-FileHash \"%WRAPPER_JAR%\" -Algorithm SHA256).Hash.ToLower();"^
+       "If('%WRAPPER_SHA_256_SUM%' -ne $hash){"^
+       "  Write-Output 'Error: Failed to validate Maven wrapper SHA-256, your Maven wrapper might be compromised.';"^
+       "  Write-Output 'Investigate or delete %WRAPPER_JAR% to attempt a clean download.';"^
+       "  Write-Output 'If you updated your Maven version, you need to update the specified wrapperSha256Sum property.';"^
+       "  exit 1;"^
+       "}"^
+       "}"
+    if ERRORLEVEL 1 goto error
+)
+
+@REM Provide a "standardized" way to retrieve the CLI args that will
+@REM work with both Windows and non-Windows executions.
+set MAVEN_CMD_LINE_ARGS=%*
+
+%MAVEN_JAVA_EXE% ^
+  %JVM_CONFIG_MAVEN_PROPS% ^
+  %MAVEN_OPTS% ^
+  %MAVEN_DEBUG_OPTS% ^
+  -classpath %WRAPPER_JAR% ^
+  "-Dmaven.multiModuleProjectDirectory=%MAVEN_PROJECTBASEDIR%" ^
+  %WRAPPER_LAUNCHER% %MAVEN_CONFIG% %*
+if ERRORLEVEL 1 goto error
+goto end
+
+:error
+set ERROR_CODE=1
+
+:end
+@endlocal & set ERROR_CODE=%ERROR_CODE%
+
+if not "%MAVEN_SKIP_RC%"=="" goto skipRcPost
+@REM check for post script, once with legacy .bat ending and once with .cmd ending
+if exist "%USERPROFILE%\mavenrc_post.bat" call "%USERPROFILE%\mavenrc_post.bat"
+if exist "%USERPROFILE%\mavenrc_post.cmd" call "%USERPROFILE%\mavenrc_post.cmd"
+:skipRcPost
+
+@REM pause the script if MAVEN_BATCH_PAUSE is set to 'on'
+if "%MAVEN_BATCH_PAUSE%"=="on" pause
+
+if "%MAVEN_TERMINATE_CMD%"=="on" exit %ERROR_CODE%
+
+cmd /C exit /B %ERROR_CODE%

pom.xml

@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.2.5</version>
+        <relativePath/> <!-- lookup parent from repository -->
+    </parent>
+    <groupId>se.su.dsv</groupId>
+    <artifactId>studentportalen-poc</artifactId>
+    <version>0.0.1-SNAPSHOT</version>
+    <packaging>war</packaging>
+    <name>studentportalen-poc</name>
+    <description>studentportalen-poc</description>
+    <properties>
+        <java.version>21</java.version>
+    </properties>
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-jdbc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-oauth2-client</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.flywaydb</groupId>
+            <artifactId>flyway-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.flywaydb</groupId>
+            <artifactId>flyway-mysql</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-devtools</artifactId>
+            <scope>runtime</scope>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.mariadb.jdbc</groupId>
+            <artifactId>mariadb-java-client</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-tomcat</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.2.1</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>

src/main/java/se/su/dsv/studentportalenpoc/NewSubscription.java

@@ -0,0 +1,6 @@
+package se.su.dsv.studentportalenpoc;
+
+import java.util.UUID;
+
+public record NewSubscription(UUID id, String applicationServerKey) {
+}

src/main/java/se/su/dsv/studentportalenpoc/PushController.java

@@ -0,0 +1,136 @@
+package se.su.dsv.studentportalenpoc;
+
+import org.springframework.jdbc.core.simple.JdbcClient;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.io.IOException;
+import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.Principal;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECPoint;
+import java.util.Arrays;
+import java.util.Base64;
+import java.util.List;
+import java.util.UUID;
+
+@RestController
+@RequestMapping("/api/push")
+public class PushController {
+
+    private final JdbcClient jdbcClient;
+
+    public PushController(JdbcClient jdbcClient) {
+        this.jdbcClient = jdbcClient;
+    }
+
+    @PostMapping("/subscription")
+    public NewSubscription createSubscription(Principal loggedInUser)
+            throws NoSuchAlgorithmException, InvalidAlgorithmParameterException
+    {
+        UUID id = UUID.randomUUID();
+        KeyPairGenerator ec = KeyPairGenerator.getInstance("EC");
+        ec.initialize(new ECGenParameterSpec("secp256r1"));
+        KeyPair keyPair = ec.generateKeyPair();
+
+        save(loggedInUser, id, keyPair);
+        return new NewSubscription(id, encodeAsBase64Uncompressed((ECPublicKey) keyPair.getPublic()));
+    }
+
+    @PutMapping("/subscription/{id}")
+    public void updateSubscription(
+            @PathVariable("id") UUID id,
+            @RequestBody SubscriptionDetails subscriptionDetails)
+    {
+        String p256dh = subscriptionDetails.keys().p256dh();
+        byte[] decoded = Base64.getUrlDecoder().decode(p256dh);
+        byte[] x = Arrays.copyOfRange(decoded, 1, 33);
+        byte[] y = Arrays.copyOfRange(decoded, 33, 65);
+        BigInteger affineX = new BigInteger(1, x);
+        BigInteger affineY = new BigInteger(1, y);
+        ECPoint clientPublicW = new ECPoint(affineX, affineY);
+        
+        update(id, subscriptionDetails.endpoint(), subscriptionDetails.keys().auth(), clientPublicW);
+    }
+
+    @PostMapping("/subscription/send")
+    public void sendNotification(Principal loggedInUser) {
+        getSubscriptions(loggedInUser).forEach(subscription -> {
+            try {
+                SendPushMessage.sendPushMessage(subscription.applicationS(), subscription.applicationPublicW(), subscription.clientPublicW(), subscription.auth(), subscription.endpoint());
+            } catch (GeneralSecurityException | IOException | InterruptedException e) {
+                throw new RuntimeException(e);
+            }
+        });
+    }
+
+    private List<Subscription> getSubscriptions(Principal owner) {
+        return jdbcClient.sql("""
+                SELECT public_affine_x, public_affine_y, private_s, client_public_affine_x, client_public_affine_y, auth, endpoint
+                FROM subscriptions
+                WHERE owner = :owner AND endpoint IS NOT NULL
+                """)
+                .param("owner", owner.getName())
+                .query((rs, rowNum) -> {
+                    String endpoint = rs.getString("endpoint");
+                    String auth = rs.getString("auth");
+                    BigInteger applicationX = new BigInteger(rs.getString("public_affine_x"));
+                    BigInteger applicationY = new BigInteger(rs.getString("public_affine_y"));
+                    ECPoint applicationPublicW = new ECPoint(applicationX, applicationY);
+                    BigInteger applicationS = new BigInteger(rs.getString("private_s"));
+
+                    BigInteger clientX = new BigInteger(rs.getString("client_public_affine_x"));
+                    BigInteger clientY = new BigInteger(rs.getString("client_public_affine_y"));
+                    ECPoint clientPublicW = new ECPoint(clientX, clientY);
+                    return new Subscription(endpoint, auth, clientPublicW, applicationPublicW, applicationS);
+                })
+                .list();
+    }
+
+    private void update(UUID id, String endpoint, String auth, ECPoint clientPublicW) {
+        jdbcClient.sql("""
+                UPDATE subscriptions
+                SET endpoint = :endpoint, auth = :auth, client_public_affine_x = :x, client_public_affine_y = :y
+                WHERE id = :id
+                """)
+                .param("id", id.toString())
+                .param("endpoint", endpoint)
+                .param("auth", auth)
+                .param("x", clientPublicW.getAffineX().toString())
+                .param("y", clientPublicW.getAffineY().toString())
+                .update();
+    }
+
+    private void save(Principal owner, UUID id, KeyPair keyPair) {
+        ECPoint w = ((ECPublicKey) keyPair.getPublic()).getW();
+        jdbcClient.sql("INSERT INTO subscriptions (id, owner, public_affine_x, public_affine_y, private_s) VALUES (:id, :owner, :x, :y, :s)")
+                .param("id", id.toString())
+                .param("owner", owner.getName())
+                .param("x", w.getAffineX().toString())
+                .param("y", w.getAffineY().toString())
+                .param("s", ((ECPrivateKey) keyPair.getPrivate()).getS().toString())
+                .update();
+    }
+
+    private String encodeAsBase64Uncompressed(ECPublicKey aPublic) {
+        byte[] uncompressed = new byte[65];
+        uncompressed[0] = 0x04;
+        byte[] x = aPublic.getW().getAffineX().toByteArray();
+        byte[] y = aPublic.getW().getAffineY().toByteArray();
+        System.arraycopy(x, x.length == 33 ? 1 : 0, uncompressed, 1, x.length == 33 ? 32 : x.length);
+        System.arraycopy(y, y.length == 33 ? 1 : 0, uncompressed, 33, y.length == 33 ? 32 : y.length);
+        return Base64.getUrlEncoder().withoutPadding().encodeToString(uncompressed);
+    }
+
+}

src/main/java/se/su/dsv/studentportalenpoc/SendPushMessage.java

@@ -0,0 +1,289 @@
+package se.su.dsv.studentportalenpoc;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.algorithms.Algorithm;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyAgreement;
+import javax.crypto.Mac;
+import javax.crypto.spec.GCMParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.io.IOException;
+import java.math.BigInteger;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.nio.ByteBuffer;
+import java.nio.charset.StandardCharsets;
+import java.security.AlgorithmParameters;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECGenParameterSpec;
+import java.security.spec.ECParameterSpec;
+import java.security.spec.ECPoint;
+import java.security.spec.ECPrivateKeySpec;
+import java.security.spec.ECPublicKeySpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.InvalidParameterSpecException;
+import java.time.Duration;
+import java.time.Instant;
+import java.util.Arrays;
+import java.util.Base64;
+
+public class SendPushMessage {
+    public static final String WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM_CURVE = "secp256r1";
+    public static final String WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM = "EC";
+
+    public static void sendPushMessage(
+            BigInteger applicationPrivateKey,
+            ECPoint applicationPublicKey,
+            ECPoint clientP256dh,
+            String clientAuth,
+            String endpoint)
+            throws
+            GeneralSecurityException,
+            IOException, InterruptedException
+    {
+        PrivateKey privateKey = recreatePrivateKey(applicationPrivateKey);
+        PublicKey publicKey = recreatePublicKey(applicationPublicKey);
+
+        Instant now = Instant.now().plus(Duration.ofMinutes(60));
+
+        URI uri = URI.create(endpoint);
+        String audience = uri.getScheme() + "://" + uri.getHost();
+
+        String token = JWT.create()
+                .withAudience(audience)
+                .withExpiresAt(now)
+                .withSubject("mailto:andreass@dsv.su.se")
+                .sign(Algorithm.ECDSA256((ECKey) privateKey));
+        System.out.println(token);
+
+        String payload = "Still worky?";
+        final PublicKey p256dh = recreatePublicKey(clientP256dh);
+        System.out.println(toBase64(p256dh));
+        final byte[] auth = Base64.getUrlDecoder().decode(clientAuth);
+        byte[] encrypted = encrypt(payload, p256dh, auth);
+
+        HttpRequest httpRequest = HttpRequest.newBuilder()
+                .uri(uri)
+                .headers("Authorization", "vapid t=" + token + ", k=" + toBase64(publicKey))
+                .header("TTL", Long.toString(Duration.ofMinutes(5).toSeconds()))
+                .header("Content-Encoding", "aes128gcm")
+                .header("Content-Type", "application/octet-stream")
+                .POST(HttpRequest.BodyPublishers.ofByteArray(encrypted))
+                .build();
+
+        try (HttpClient httpClient = HttpClient.newHttpClient()) {
+            HttpResponse<String> httpResponse = httpClient.send(httpRequest, HttpResponse.BodyHandlers.ofString());
+            System.out.println(httpResponse);
+            System.out.println(httpResponse.headers());
+            System.out.println(httpResponse.body());
+        }
+    }
+
+    private static PrivateKey recreatePrivateKey(BigInteger applicationPrivateKey)
+            throws GeneralSecurityException
+    {
+        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        algorithmParameters.init(new ECGenParameterSpec(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM_CURVE));
+        ECParameterSpec parameterSpec = algorithmParameters.getParameterSpec(ECParameterSpec.class);
+
+        KeyFactory keyFactory = KeyFactory.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        return keyFactory.generatePrivate(new ECPrivateKeySpec(applicationPrivateKey, parameterSpec));
+    }
+
+    private static PublicKey recreatePublicKey(ECPoint publicKeyW)
+            throws GeneralSecurityException
+    {
+        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        algorithmParameters.init(new ECGenParameterSpec(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM_CURVE));
+        ECParameterSpec parameterSpec = algorithmParameters.getParameterSpec(ECParameterSpec.class);
+
+        KeyFactory keyFactory = KeyFactory.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        return keyFactory.generatePublic(new ECPublicKeySpec(publicKeyW, parameterSpec));
+    }
+
+    private static byte[] encrypt(final String payload, final PublicKey p256dh, final byte[] auth) throws
+            GeneralSecurityException
+    {
+        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
+        keyPairGenerator.initialize(new ECGenParameterSpec(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM_CURVE));
+        KeyPair local = keyPairGenerator.generateKeyPair();
+
+        byte[] salt = new byte[16];
+        new SecureRandom().nextBytes(salt);
+
+        byte[] ikm = webPushIKM(p256dh, auth, local);
+        return ece_encrypt(payload, local.getPublic(), salt, ikm);
+    }
+
+    private static byte[] webPushIKM(final PublicKey p256dh, final byte[] auth, final KeyPair local) throws GeneralSecurityException {
+        byte[] secret = generateSharedSecret(local.getPrivate(), p256dh);
+        byte[] info = concat("WebPush: info\0".getBytes(), encodeUncompressed(p256dh), encodeUncompressed(local.getPublic()));
+        return extractAndExpand(secret, auth, info, 32);
+    }
+
+    private static byte[] ece_encrypt(final String payload, final PublicKey publicKey, final byte[] salt, final byte[] ikm) throws
+            GeneralSecurityException
+    {
+        byte[] key = extractAndExpand(ikm, salt, "Content-Encoding: aes128gcm\0".getBytes(), 16);
+        byte[] none = extractAndExpand(ikm, salt, "Content-Encoding: nonce\0".getBytes(), 12);
+
+        byte[] rawPublicKey = encodeUncompressed(publicKey);
+        ByteBuffer buffer = ByteBuffer.allocate(4);
+        buffer.putInt(4096);
+        byte[] rs = buffer.array();
+        byte[] idlen = new byte[] { (byte) rawPublicKey.length };
+        byte[] header = concat(salt, rs, idlen, rawPublicKey);
+
+        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
+        cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, "AES"), new GCMParameterSpec(16 * 8, none));
+        byte[][] parts = {
+                header,
+                cipher.update(payload.getBytes(StandardCharsets.UTF_8)),
+                cipher.update(new byte[]{2}),
+                cipher.doFinal()
+        };
+        return concat(parts);
+    }
+
+    private static byte[] concat(final byte[]... arrays) {
+        int lastPos = 0;
+
+        byte[] combined = new byte[combinedLength(arrays)];
+
+        for (byte[] array : arrays) {
+            if (array == null) {
+                continue;
+            }
+
+            System.arraycopy(array, 0, combined, lastPos, array.length);
+
+            lastPos += array.length;
+        }
+
+        return combined;
+    }
+
+    private static int combinedLength(final byte[][] arrays) {
+        int combinedLength = 0;
+
+        for (byte[] array : arrays) {
+            if (array == null) {
+                continue;
+            }
+
+            combinedLength += array.length;
+        }
+
+        return combinedLength;
+    }
+
+    private static byte[] extractAndExpand(final byte[] ikm, final byte[] salt, final byte[] info, final int outputLength) {
+        return expand(extract(salt, ikm), info, outputLength);
+    }
+
+    private static byte[] extract(final byte[] salt, final byte[] ikm) {
+        try {
+            Mac hmacSHA256 = Mac.getInstance("HmacSHA256");
+            hmacSHA256.init(new SecretKeySpec(salt, "HmacSHA256"));
+            return hmacSHA256.doFinal(ikm);
+        } catch (InvalidKeyException e) {
+            throw new IllegalArgumentException("Invalid key material provided", e);
+        } catch (NoSuchAlgorithmException e) {
+            throw new Error(e);
+        }
+    }
+
+    private static byte[] expand(final byte[] pseudoRandomKey, final byte[] info, final int length) {
+        try {
+            Mac hmacSHA256 = Mac.getInstance("HmacSHA256");
+            hmacSHA256.reset();
+            hmacSHA256.init(new SecretKeySpec(pseudoRandomKey, "HmacSHA256"));
+            hmacSHA256.update(info);
+            hmacSHA256.update((byte) 0x01);
+            byte[] expanded = hmacSHA256.doFinal();
+            return Arrays.copyOfRange(expanded, 0, length);
+        } catch (NoSuchAlgorithmException | InvalidKeyException e) {
+            throw new IllegalStateException(e);
+        }
+    }
+
+    private static byte[] generateSharedSecret(final PrivateKey local, final PublicKey p256dh) throws
+            NoSuchAlgorithmException,
+            InvalidKeyException
+    {
+        KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH");
+        keyAgreement.init(local);
+        keyAgreement.doPhase(p256dh, true);
+        return keyAgreement.generateSecret();
+    }
+
+    private static String toBase64(final PublicKey publicKey) {
+        byte[] bytes = encodeUncompressed(publicKey);
+        return Base64.getUrlEncoder().withoutPadding().encodeToString(bytes);
+    }
+
+    private static byte[] encodeUncompressed(final PublicKey publicKey) {
+        ECPublicKey ecPublicKey = (ECPublicKey) publicKey;
+        byte[] bytes = new byte[65];
+        bytes[0] = 4; // uncompressed
+        byte[] x = ecPublicKey.getW().getAffineX().toByteArray();
+        byte[] y = ecPublicKey.getW().getAffineY().toByteArray();
+        System.arraycopy(x, x.length - 32, bytes, 1, 32);
+        System.arraycopy(y, y.length - 32, bytes, 1 + 32, 32);
+        return bytes;
+    }
+
+    private static PrivateKey decodeBase64ECPrivateKey(final String base64encodedPrivateKey) throws
+            NoSuchAlgorithmException,
+            InvalidParameterSpecException,
+            InvalidKeySpecException
+    {
+        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        algorithmParameters.init(new ECGenParameterSpec(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM_CURVE));
+        ECParameterSpec parameterSpec = algorithmParameters.getParameterSpec(ECParameterSpec.class);
+
+        byte[] decoded = Base64.getUrlDecoder().decode(base64encodedPrivateKey);
+        byte[] bytes = Arrays.copyOfRange(decoded, 1, 33);
+        ECPrivateKeySpec ecPublicKeySpec = new ECPrivateKeySpec(new BigInteger(decoded), parameterSpec);
+
+        KeyFactory keyFactory = KeyFactory.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        return keyFactory.generatePrivate(ecPublicKeySpec);
+    }
+
+    public static PublicKey decodeBase64ECPublicKey(String base64encodedPublicKey) throws
+            NoSuchAlgorithmException,
+            InvalidParameterSpecException,
+            InvalidKeySpecException
+    {
+        AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        algorithmParameters.init(new ECGenParameterSpec(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM_CURVE));
+        ECParameterSpec parameterSpec = algorithmParameters.getParameterSpec(ECParameterSpec.class);
+
+        ECPoint w = decodeW(base64encodedPublicKey);
+        ECPublicKeySpec ecPublicKeySpec = new ECPublicKeySpec(w, parameterSpec);
+
+        KeyFactory keyFactory = KeyFactory.getInstance(WEB_PUSH_APPLICATION_SERVER_KEY_ALGORITHM);
+        return keyFactory.generatePublic(ecPublicKeySpec);
+    }
+
+    private static ECPoint decodeW(final String base64encodedPublicKey) {
+        byte[] bytes = Base64.getUrlDecoder().decode(base64encodedPublicKey);
+        byte[] x = Arrays.copyOfRange(bytes, 1, 33);
+        byte[] y = Arrays.copyOfRange(bytes, 33, 65);
+
+        return new ECPoint(new BigInteger(1, x), new BigInteger(1, y));
+    }
+}

src/main/java/se/su/dsv/studentportalenpoc/ServletInitializer.java

@@ -0,0 +1,13 @@
+package se.su.dsv.studentportalenpoc;
+
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+public class ServletInitializer extends SpringBootServletInitializer {
+
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
+        return application.sources(StudentportalenPocApplication.class);
+    }
+
+}

src/main/java/se/su/dsv/studentportalenpoc/StudentportalenPocApplication.java

@@ -0,0 +1,34 @@
+package se.su.dsv.studentportalenpoc;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.web.SecurityFilterChain;
+
+import static org.springframework.security.config.Customizer.withDefaults;
+
+@SpringBootApplication
+public class StudentportalenPocApplication {
+
+    public static void main(String[] args) {
+        SpringApplication.run(StudentportalenPocApplication.class, args);
+    }
+
+    /**
+     * Secures the application with Oauth2
+     */
+    @Bean
+    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+        http
+            .csrf(crsf -> crsf.disable())
+            .authorizeHttpRequests(authorize -> authorize
+                    .requestMatchers("manifest.json").anonymous()
+                    .requestMatchers("sw.js").permitAll()
+                    .requestMatchers("images/**").permitAll()
+                    .anyRequest().authenticated())
+            .oauth2Login(withDefaults());
+        return http.build();
+    }
+}

src/main/java/se/su/dsv/studentportalenpoc/Subscription.java

@@ -0,0 +1,13 @@
+package se.su.dsv.studentportalenpoc;
+
+import java.math.BigInteger;
+import java.security.spec.ECPoint;
+
+public record Subscription(
+        String endpoint,
+        String auth,
+        ECPoint clientPublicW,
+        ECPoint applicationPublicW,
+        BigInteger applicationS)
+{
+}

src/main/java/se/su/dsv/studentportalenpoc/SubscriptionDetails.java

@@ -0,0 +1,5 @@
+package se.su.dsv.studentportalenpoc;
+
+public record SubscriptionDetails(String endpoint, Keys keys) {
+    public record Keys(String auth, String p256dh) {}
+}

src/main/resources/application.properties

@@ -0,0 +1 @@
+spring.application.name=studentportalen-poc

src/main/resources/db/migration/V1__subscriptions.sql

@@ -0,0 +1,11 @@
+CREATE TABLE subscriptions (
+    id UUID PRIMARY KEY,
+    owner TEXT NOT NULL,
+    public_affine_x TEXT NOT NULL,
+    public_affine_y TEXT NOT NULL,
+    private_s TEXT NOT NULL,
+    client_public_affine_x TEXT,
+    client_public_affine_y TEXT,
+    auth TEXT,
+    endpoint TEXT
+);

src/main/resources/static/index.html

@@ -0,0 +1,61 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Studentportalen [proof-of-concept progressive web app]</title>
+    <link rel="manifest" href="manifest.json">
+    <link rel="icon" href="images/icons/student-hat-32.png" type="image/png" sizes="32x32">
+    <link rel="icon" href="images/icons/student-hat-64.png" type="image/png" sizes="64x64">
+    <link rel="icon" href="images/icons/student-hat-128.png" type="image/png" sizes="128x128">
+    <link rel="icon" href="images/icons/student-hat-256.png" type="image/png" sizes="256x256">
+    <link rel="icon" href="images/icons/student-hat-512.png" type="image/png" sizes="512x512">
+</head>
+<body>
+<div id="sw">
+    <button id="subscribe">Subscribe to push notifications</button>
+    <button id="send">Send push notification</button>
+</div>
+<script>
+    async function doStuff() {
+        const registration = await navigator.serviceWorker.register('sw.js')
+
+        const button = document.getElementById('subscribe');
+        button.addEventListener('click', async () => {
+            const permission = await Notification.requestPermission();
+
+            if (permission !== 'granted') {
+                alert('Permission not granted for Notification');
+                throw new Error('Permission not granted for Notification');
+            }
+
+            const {applicationServerKey, id} = await fetch('api/push/subscription', {method:'POST'}).then(res => res.json());
+
+            const activeSubscription = await registration.pushManager.getSubscription();
+
+            if (activeSubscription) {
+                await activeSubscription.unsubscribe();
+            }
+
+            const subscription = await registration.pushManager.subscribe({
+                userVisibleOnly: true,
+                applicationServerKey: applicationServerKey
+            });
+            await fetch(`api/push/subscription/${id}`, {
+                method: 'PUT',
+                body: JSON.stringify(subscription),
+                headers: {
+                    'content-type': 'application/json'
+                }
+            });
+        });
+
+        document.getElementById('send').addEventListener('click', async () => {
+            await fetch('api/push/subscription/send', {method: 'POST'});
+        });
+    }
+
+    doStuff();
+</script>
+</body>
+</html>

src/main/resources/static/manifest.json

@@ -0,0 +1,32 @@
+{
+  "name": "Studentportalen Proof-of-Concept",
+  "icons": [
+    {
+      "src": "images/icons/student-hat-32.png",
+      "sizes": "32x32",
+      "type": "image/png"
+    },
+    {
+      "src": "images/icons/student-hat-64.png",
+      "sizes": "64x64",
+      "type": "image/png"
+    },
+    {
+      "src": "images/icons/student-hat-128.png",
+      "sizes": "128x128",
+      "type": "image/png"
+    },
+    {
+      "src": "images/icons/student-hat-256.png",
+      "sizes": "256x256",
+      "type": "image/png"
+    },
+    {
+      "src": "images/icons/student-hat-512.png",
+      "sizes": "512x512",
+      "type": "image/png"
+    }
+  ],
+  "start_url": "index.html",
+  "display": "fullscreen"
+}

src/main/resources/static/offline.html

@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Studentportalen [proof-of-concept progressive web app]</title>
+    <link rel="manifest" href="manifest.json">
+    <link rel="icon" href="images/icons/student-hat-32.png" type="image/png" sizes="32x32">
+    <link rel="icon" href="images/icons/student-hat-64.png" type="image/png" sizes="64x64">
+    <link rel="icon" href="images/icons/student-hat-128.png" type="image/png" sizes="128x128">
+    <link rel="icon" href="images/icons/student-hat-256.png" type="image/png" sizes="256x256">
+    <link rel="icon" href="images/icons/student-hat-512.png" type="image/png" sizes="512x512">
+</head>
+<body>
+<h1>Offline</h1>
+<p>Oh no, you are offline. Please check your internet connection.</p>
+</body>
+</html>

src/main/resources/static/sw.js

@@ -0,0 +1,40 @@
+self.addEventListener('install', function (event) {
+    console.log('Service Worker installing.', event);
+    caches.open('v1').then(function (cache) {
+        return cache.addAll([
+            'offline.html',
+        ]);
+    });
+});
+
+self.addEventListener('activate', function (event) {
+    console.log('Service Worker activating.', event);
+});
+
+self.addEventListener('push', /** @param {PushEvent} event */ function (event) {
+    console.log('Service Worker received message:', event);
+
+    const showPromise = self.registration.showNotification('Push message', {
+        body: event.data.text()
+    });
+
+    event.waitUntil(showPromise);
+});
+
+self.addEventListener('fetch', /** @param {FetchEvent} event */ async function (event) {
+    console.log('Service Worker fetching.', event);
+
+    const cache = await caches.open('v1');
+    const cachedResponse = await cache.match(event.request);
+
+    const fetchedResponse = fetch(event.request)
+        .then(function (networkResponse) {
+            cache.put(event.request, networkResponse.clone());
+            return networkResponse;
+        })
+        .catch(function () {
+            return cache.match('offline.html');
+        });
+
+    event.respondWith(cachedResponse || fetchedResponse);
+});

src/test/java/se/su/dsv/studentportalenpoc/StudentportalenPocApplicationTests.java

@@ -0,0 +1,13 @@
+package se.su.dsv.studentportalenpoc;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class StudentportalenPocApplicationTests {
+
+    @Test
+    void contextLoads() {
+    }
+
+}