inteligr8/alfresco-transform-core
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-transform-core.git synced 2025-05-12 17:04:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-4460] MTLSConfig refactor, add ssl context beans

Browse Source
This commit is contained in:
kcichonczyk 2023-03-14 14:17:22 +01:00
parent ad0d4c68f0
commit 0abe3c1f89
2 changed files with 67 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
View File

@ -79,27 +79,61 @@ public class MTLSConfig {
@Bean() @Bean()
@Scope("prototype") @Scope("prototype")
public WebClient.Builder clientBuilder() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException public WebClient.Builder clientBuilder(SslContextBuilder nettySslContextBuilder) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException
{ {
if(isTlsOrMtlsConfigured()) if(isTlsOrMtlsConfigured())
{ {
return createWebClientBuilderWithSslContext(); return createWebClientBuilderWithSslContext(nettySslContextBuilder);
} else { } else {
return WebClient.builder(); return WebClient.builder();
} }
} }
@Bean @Bean
public RestTemplate restTemplate() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException public RestTemplate restTemplate(SSLContextBuilder apacheSSLContextBuilder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
{ {
if(isTlsOrMtlsConfigured()) if(isTlsOrMtlsConfigured())
{ {
return createRestTemplateWithSslContext(); return createRestTemplateWithSslContext(apacheSSLContextBuilder);
} else { } else {
return new RestTemplate(); return new RestTemplate();
} }
} }
@Bean
public SSLContextBuilder apacheSSLContextBuilder() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
if(isKeystoreConfigured())
{
KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword);
}
if(isTruststoreConfigured())
{
sslContextBuilder.loadTrustMaterial(trustStoreResource.getURL(), trustStorePassword);
}
return sslContextBuilder;
}
@Bean
public SslContextBuilder nettySslContextBuilder() throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if(isKeystoreConfigured())
{
KeyManagerFactory keyManagerFactory = initKeyManagerFactory();
sslContextBuilder.keyManager(keyManagerFactory);
}
if(isTruststoreConfigured())
{
TrustManagerFactory trustManagerFactory = initTrustManagerFactory();
sslContextBuilder.trustManager(trustManagerFactory);
}
return sslContextBuilder;
}
private boolean isTlsOrMtlsConfigured() private boolean isTlsOrMtlsConfigured()
{ {
return isTruststoreConfigured() || isKeystoreConfigured(); return isTruststoreConfigured() || isKeystoreConfigured();
@ -115,27 +149,32 @@ public class MTLSConfig {
return keyStoreResource != null; return keyStoreResource != null;
} }
private WebClient.Builder createWebClientBuilderWithSslContext() throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException private WebClient.Builder createWebClientBuilderWithSslContext(SslContextBuilder sslContextBuilder) throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException
{ {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
if(isKeystoreConfigured())
{
KeyManagerFactory keyManagerFactory = initKeyManagerFactory();
sslContextBuilder.keyManager(keyManagerFactory);
}
if(isTruststoreConfigured())
{
TrustManagerFactory trustManagerFactory = initTrustManagerFactory();
sslContextBuilder.trustManager(trustManagerFactory);
}
SslContext sslContext = sslContextBuilder.build(); SslContext sslContext = sslContextBuilder.build();
HttpClient httpClient = HttpClient.create().secure(p -> p.sslContext(sslContext)); HttpClient httpClient = HttpClient.create().secure(p -> p.sslContext(sslContext));
return WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient)); return WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient));
} }
private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException
{
SSLContext sslContext = sslContextBuilder.build();
SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}
private KeyStore getKeyStore(String keyStoreType, Resource keyStoreResource, char[] keyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
{
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
try (InputStream keyStoreInputStream = keyStoreResource.getInputStream())
{
keyStore.load(keyStoreInputStream, keyStorePassword);
}
return keyStore;
}
private TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException private TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException
{ {
KeyStore trustStore = getKeyStore(trustStoreType, trustStoreResource, trustStorePassword); KeyStore trustStore = getKeyStore(trustStoreType, trustStoreResource, trustStorePassword);
@ -151,36 +190,4 @@ public class MTLSConfig {
keyManagerFactory.init(clientKeyStore, keyStorePassword); keyManagerFactory.init(clientKeyStore, keyStorePassword);
return keyManagerFactory; return keyManagerFactory;
} }
private KeyStore getKeyStore(String keyStoreType, Resource keyStoreResource, char[] keyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
{
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
try (InputStream keyStoreInputStream = keyStoreResource.getInputStream())
{
keyStore.load(keyStoreInputStream, keyStorePassword);
}
return keyStore;
}
private RestTemplate createRestTemplateWithSslContext() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException
{
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
if(isKeystoreConfigured())
{
KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword);
}
if(isTruststoreConfigured())
{
sslContextBuilder.loadTrustMaterial(trustStoreResource.getURL(), trustStorePassword);
}
SSLContext sslContext = sslContextBuilder.build();
SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}
} }

16
engines/base/src/test/java/org/alfresco/transform/base/MtlsTestUtils.java
View File

@ -22,19 +22,21 @@ import java.security.cert.CertificateException;
public class MtlsTestUtils { public class MtlsTestUtils {
private static final boolean MTLS_ENABLED = Boolean.parseBoolean(System.getProperty("test-mtls-enabled"));
public static boolean isMtlsEnabled() public static boolean isMtlsEnabled()
{ {
return Boolean.parseBoolean(System.getProperty("mtls-enabled")); return MTLS_ENABLED;
} }
public static CloseableHttpClient httpClientWithMtls() throws NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException public static CloseableHttpClient httpClientWithMtls() throws NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException
{ {
String keyStoreFile = System.getProperty("mtls-keystore-file"); String keyStoreFile = System.getProperty("test-client-keystore-file");
String keyStoreType = System.getProperty("mtls-keystore-type"); String keyStoreType = System.getProperty("test-client-keystore-type");
char[] keyStorePassword = System.getProperty("mtls-keystore-password").toCharArray(); char[] keyStorePassword = System.getProperty("test-client-keystore-password").toCharArray();
String trustStoreFile = System.getProperty("mtls-truststore-file"); String trustStoreFile = System.getProperty("test-client-truststore-file");
String trustStoreType = System.getProperty("mtls-truststore-type"); String trustStoreType = System.getProperty("test-client-truststore-type");
char[] trustStorePassword = System.getProperty("mtls-truststore-password").toCharArray(); char[] trustStorePassword = System.getProperty("test-client-truststore-password").toCharArray();
SSLContextBuilder sslContextBuilder = new SSLContextBuilder(); SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
KeyStore keyStore = KeyStore.getInstance(keyStoreType); KeyStore keyStore = KeyStore.getInstance(keyStoreType);