[ACS-4459] Investigate and extend/universalize current custom Solr mTLS implementation in Repository (#1735)

* ACS-4459 Add new HttpClient Factory for Mutual TLS and implement it for Transform Service * ACS-4462 Add e2e for MTLS
2025-10-01 14:41:46 +00:00 · 2023-03-30 13:43:42 +02:00
parent 5bb96729fc
commit fab591eb9b
18 changed files with 634 additions and 65 deletions
--- a/repository/src/test/java/org/alfresco/MTLSTestSuite.java
+++ b/repository/src/test/java/org/alfresco/MTLSTestSuite.java
@@ -0,0 +1,39 @@
+/*
+ * #%L
+ * Alfresco Repository
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+package org.alfresco;
+
+import org.alfresco.repo.security.mtls.LocalTransformClientWithMTLSIntegrationTest;
+import org.junit.experimental.categories.Categories;
+import org.junit.runner.RunWith;
+import org.junit.runners.Suite;
+
+@RunWith (Categories.class)
+@Suite.SuiteClasses({
+        LocalTransformClientWithMTLSIntegrationTest.class
+})
+public class MTLSTestSuite
+{
+}
--- a/repository/src/test/java/org/alfresco/repo/content/transform/RemoteTransformerClientTest.java
+++ b/repository/src/test/java/org/alfresco/repo/content/transform/RemoteTransformerClientTest.java
@@ -25,6 +25,7 @@
 */
 package org.alfresco.repo.content.transform;

+import org.alfresco.httpclient.HttpClientConfig;
 import org.alfresco.service.cmr.repository.ContentReader;
 import org.alfresco.service.cmr.repository.ContentWriter;
 import org.alfresco.util.Pair;
@@ -79,7 +80,7 @@ public class RemoteTransformerClientTest
    @Mock private StatusLine mockStatusLine;
    @Mock private HttpEntity mockReqEntity;

-    @Spy private RemoteTransformerClient remoteTransformerClient = new RemoteTransformerClient("TRANSFORMER", "http://localhost:1234/test");
+    @Spy private RemoteTransformerClient remoteTransformerClient = new RemoteTransformerClient("TRANSFORMER", "http://localhost:1234/test", new HttpClientConfig());

    private String sourceMimetype = "application/msword";
    private String sourceExtension = "doc";
--- a/repository/src/test/java/org/alfresco/repo/security/mtls/LocalTransformClientWithMTLSIntegrationTest.java
+++ b/repository/src/test/java/org/alfresco/repo/security/mtls/LocalTransformClientWithMTLSIntegrationTest.java
@@ -0,0 +1,53 @@
+/*
+ * #%L
+ * Alfresco Repository
+ * %%
+ * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail.  Otherwise, the software is
+ * provided under the following open source license terms:
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ * #L%
+ */
+
+package org.alfresco.repo.security.mtls;
+
+
+import org.alfresco.repo.rendition2.LocalTransformClientIntegrationTest;
+import org.alfresco.repo.rendition2.RenditionService2;
+import org.junit.BeforeClass;
+
+/**
+ * Integration tests for {@link RenditionService2} with mtls enabled
+ */
+public class LocalTransformClientWithMTLSIntegrationTest extends LocalTransformClientIntegrationTest
+{
+    @BeforeClass
+    public static void before()
+    {
+        local();
+
+        System.setProperty("localTransform.core-aio.url", "https://localhost:8090/");
+        System.setProperty("httpclient.config.transform.mTLSEnabled", "true");
+        System.setProperty("ssl-keystore.password", "password");
+        System.setProperty("ssl-truststore.password", "password");
+        System.setProperty("metadata-keystore.password", "password");
+        System.setProperty("metadata-keystore.aliases", "metadata");
+        System.setProperty("metadata-keystore.metadata.password", "password");
+    }
+
+}
--- a/repository/src/test/java/org/alfresco/transform/registry/LocalTransformServiceRegistryConfigTest.java
+++ b/repository/src/test/java/org/alfresco/transform/registry/LocalTransformServiceRegistryConfigTest.java
@@ -2,7 +2,7 @@
 * #%L
 * Alfresco Repository
 * %%
- * Copyright (C) 2005 - 2022 Alfresco Software Limited
+ * Copyright (C) 2005 - 2023 Alfresco Software Limited
 * %%
 * This file is part of the Alfresco software.
 * If the software was purchased under a paid Alfresco license, the terms of
@@ -26,6 +26,12 @@
 package org.alfresco.transform.registry;

 import com.fasterxml.jackson.databind.ObjectMapper;
+
+import org.alfresco.encryption.KeyResourceLoader;
+import org.alfresco.encryption.ssl.SSLEncryptionParameters;
+import org.alfresco.httpclient.GetRequest;
+import org.alfresco.httpclient.HttpClient4Factory;
+import org.alfresco.httpclient.HttpClientConfig;
 import org.alfresco.repo.content.MimetypeMap;
 import org.alfresco.repo.content.transform.AbstractLocalTransform;
 import org.alfresco.repo.content.transform.LocalPipelineTransform;
@@ -38,15 +44,23 @@ import org.alfresco.transform.config.TransformOption;
 import org.alfresco.transform.config.TransformOptionGroup;
 import org.alfresco.transform.config.TransformOptionValue;
 import org.alfresco.transform.config.Transformer;
+import org.alfresco.util.ApplicationContextHelper;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.logging.log4j.Level;
 import org.apache.logging.log4j.core.config.Configurator;
 import org.junit.Before;
 import org.junit.Test;
 import org.mockito.Mock;
+import org.mockito.Mockito;
 import org.mockito.MockitoAnnotations;
 import org.quartz.CronExpression;
+import org.springframework.context.ApplicationContext;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.client.RestTemplate;

 import java.io.IOException;
 import java.util.ArrayList;
@@ -265,7 +279,7 @@ public class LocalTransformServiceRegistryConfigTest extends TransformRegistryMo
     */
    private void retrieveLocalTransformList(String path)
    {
-        CombinedConfig combinedConfig = new CombinedConfig(log, registry);
+        CombinedConfig combinedConfig = new CombinedConfig(log, registry, registry.getHttpClientConfig());
        combinedConfig.addLocalConfig(path);
        combinedConfig.register(registry);

@@ -388,7 +402,7 @@ public class LocalTransformServiceRegistryConfigTest extends TransformRegistryMo

    private void register(String path) throws IOException
    {
-        CombinedConfig combinedConfig = new CombinedConfig(log, registry);
+        CombinedConfig combinedConfig = new CombinedConfig(log, registry, registry.getHttpClientConfig());
        combinedConfig.addLocalConfig(path);
        combinedConfig.register((TransformServiceRegistryImpl)registry);
    }
@@ -928,4 +942,5 @@ public class LocalTransformServiceRegistryConfigTest extends TransformRegistryMo
                -1,"image/png", Collections.emptyMap(), null);
        assertNotNull("Should supported csv to png", pipelineTransform);
    }
+
 }
--- a/repository/src/test/resources/test/alfresco/test-renditions-context.xml
+++ b/repository/src/test/resources/test/alfresco/test-renditions-context.xml
@@ -8,6 +8,13 @@
      parent="baseTransformationRenderingEngine">
   </bean>

+   <bean id="httpClientConfigTransform" class="org.alfresco.httpclient.HttpClientConfig" init-method="init" >
+      <property name="sslEncryptionParameters" ref="sslEncryptionParameters" />
+      <property name="keyResourceLoader" ref="springKeyResourceLoader" />
+      <property name="properties" ref="global-properties" />
+      <property name="serviceName" value="transform" />
+   </bean>
+
 <!-- Keep it simple. Disable retries when the mimetype is wrong and we can transform what it is actually -->
   <bean id="localTransformServiceRegistry" class="org.alfresco.repo.content.transform.LocalTransformServiceRegistry" >
      <property name="jsonObjectMapper" ref="localTransformServiceRegistryJsonObjectMapper" />
@@ -20,6 +27,7 @@
      <property name="mimetypeService" ref="MimetypeService" />
      <property name="strictMimeTypeCheck" value="${transformer.strict.mimetype.check}"/>
      <property name="retryTransformOnDifferentMimeType" value="false"/>
+      <property name="httpClientConfig" ref="httpClientConfigTransform" />
   </bean>

 </beans>