mirror of
https://github.com/Alfresco/alfresco-transform-core.git
synced 2025-05-12 17:04:48 +00:00
[ACS-4460] MTLSConfig refactor, add ssl context beans
This commit is contained in:
kcichonczyk
parent
ad0d4c68f0
commit
0abe3c1f89
@ -79,27 +79,61 @@ public class MTLSConfig {
|
||||
|
||||
@Bean()
|
||||
@Scope("prototype")
|
||||
public WebClient.Builder clientBuilder() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException
|
||||
public WebClient.Builder clientBuilder(SslContextBuilder nettySslContextBuilder) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException
|
||||
{
|
||||
if(isTlsOrMtlsConfigured())
|
||||
{
|
||||
return createWebClientBuilderWithSslContext();
|
||||
return createWebClientBuilderWithSslContext(nettySslContextBuilder);
|
||||
} else {
|
||||
return WebClient.builder();
|
||||
}
|
||||
}
|
||||
|
||||
@Bean
|
||||
public RestTemplate restTemplate() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
|
||||
public RestTemplate restTemplate(SSLContextBuilder apacheSSLContextBuilder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
|
||||
{
|
||||
if(isTlsOrMtlsConfigured())
|
||||
{
|
||||
return createRestTemplateWithSslContext();
|
||||
return createRestTemplateWithSslContext(apacheSSLContextBuilder);
|
||||
} else {
|
||||
return new RestTemplate();
|
||||
}
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SSLContextBuilder apacheSSLContextBuilder() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
|
||||
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
|
||||
if(isKeystoreConfigured())
|
||||
{
|
||||
KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
|
||||
sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword);
|
||||
}
|
||||
if(isTruststoreConfigured())
|
||||
{
|
||||
sslContextBuilder.loadTrustMaterial(trustStoreResource.getURL(), trustStorePassword);
|
||||
}
|
||||
|
||||
return sslContextBuilder;
|
||||
}
|
||||
|
||||
@Bean
|
||||
public SslContextBuilder nettySslContextBuilder() throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
|
||||
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
|
||||
if(isKeystoreConfigured())
|
||||
{
|
||||
KeyManagerFactory keyManagerFactory = initKeyManagerFactory();
|
||||
sslContextBuilder.keyManager(keyManagerFactory);
|
||||
}
|
||||
|
||||
if(isTruststoreConfigured())
|
||||
{
|
||||
TrustManagerFactory trustManagerFactory = initTrustManagerFactory();
|
||||
sslContextBuilder.trustManager(trustManagerFactory);
|
||||
}
|
||||
|
||||
return sslContextBuilder;
|
||||
}
|
||||
|
||||
private boolean isTlsOrMtlsConfigured()
|
||||
{
|
||||
return isTruststoreConfigured() || isKeystoreConfigured();
|
||||
@ -115,27 +149,32 @@ public class MTLSConfig {
|
||||
return keyStoreResource != null;
|
||||
}
|
||||
|
||||
private WebClient.Builder createWebClientBuilderWithSslContext() throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException
|
||||
private WebClient.Builder createWebClientBuilderWithSslContext(SslContextBuilder sslContextBuilder) throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException
|
||||
{
|
||||
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
|
||||
|
||||
if(isKeystoreConfigured())
|
||||
{
|
||||
KeyManagerFactory keyManagerFactory = initKeyManagerFactory();
|
||||
sslContextBuilder.keyManager(keyManagerFactory);
|
||||
}
|
||||
|
||||
if(isTruststoreConfigured())
|
||||
{
|
||||
TrustManagerFactory trustManagerFactory = initTrustManagerFactory();
|
||||
sslContextBuilder.trustManager(trustManagerFactory);
|
||||
}
|
||||
|
||||
SslContext sslContext = sslContextBuilder.build();
|
||||
HttpClient httpClient = HttpClient.create().secure(p -> p.sslContext(sslContext));
|
||||
return WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient));
|
||||
}
|
||||
|
||||
private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException
|
||||
{
|
||||
SSLContext sslContext = sslContextBuilder.build();
|
||||
SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
|
||||
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
|
||||
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
return new RestTemplate(requestFactory);
|
||||
}
|
||||
|
||||
private KeyStore getKeyStore(String keyStoreType, Resource keyStoreResource, char[] keyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
|
||||
{
|
||||
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
|
||||
try (InputStream keyStoreInputStream = keyStoreResource.getInputStream())
|
||||
{
|
||||
keyStore.load(keyStoreInputStream, keyStorePassword);
|
||||
}
|
||||
return keyStore;
|
||||
}
|
||||
|
||||
private TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException
|
||||
{
|
||||
KeyStore trustStore = getKeyStore(trustStoreType, trustStoreResource, trustStorePassword);
|
||||
@ -151,36 +190,4 @@ public class MTLSConfig {
|
||||
keyManagerFactory.init(clientKeyStore, keyStorePassword);
|
||||
return keyManagerFactory;
|
||||
}
|
||||
|
||||
private KeyStore getKeyStore(String keyStoreType, Resource keyStoreResource, char[] keyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
|
||||
{
|
||||
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
|
||||
try (InputStream keyStoreInputStream = keyStoreResource.getInputStream())
|
||||
{
|
||||
keyStore.load(keyStoreInputStream, keyStorePassword);
|
||||
}
|
||||
return keyStore;
|
||||
}
|
||||
|
||||
private RestTemplate createRestTemplateWithSslContext() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException
|
||||
{
|
||||
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
|
||||
|
||||
if(isKeystoreConfigured())
|
||||
{
|
||||
KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
|
||||
sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword);
|
||||
}
|
||||
|
||||
if(isTruststoreConfigured())
|
||||
{
|
||||
sslContextBuilder.loadTrustMaterial(trustStoreResource.getURL(), trustStorePassword);
|
||||
}
|
||||
|
||||
SSLContext sslContext = sslContextBuilder.build();
|
||||
SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
|
||||
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
|
||||
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||
return new RestTemplate(requestFactory);
|
||||
}
|
||||
}
|
||||
|
||||
@ -22,19 +22,21 @@ import java.security.cert.CertificateException;
|
||||
|
||||
public class MtlsTestUtils {
|
||||
|
||||
private static final boolean MTLS_ENABLED = Boolean.parseBoolean(System.getProperty("test-mtls-enabled"));
|
||||
|
||||
public static boolean isMtlsEnabled()
|
||||
{
|
||||
return Boolean.parseBoolean(System.getProperty("mtls-enabled"));
|
||||
return MTLS_ENABLED;
|
||||
}
|
||||
|
||||
public static CloseableHttpClient httpClientWithMtls() throws NoSuchAlgorithmException, KeyManagementException, UnrecoverableKeyException, KeyStoreException, IOException, CertificateException
|
||||
{
|
||||
String keyStoreFile = System.getProperty("mtls-keystore-file");
|
||||
String keyStoreType = System.getProperty("mtls-keystore-type");
|
||||
char[] keyStorePassword = System.getProperty("mtls-keystore-password").toCharArray();
|
||||
String trustStoreFile = System.getProperty("mtls-truststore-file");
|
||||
String trustStoreType = System.getProperty("mtls-truststore-type");
|
||||
char[] trustStorePassword = System.getProperty("mtls-truststore-password").toCharArray();
|
||||
String keyStoreFile = System.getProperty("test-client-keystore-file");
|
||||
String keyStoreType = System.getProperty("test-client-keystore-type");
|
||||
char[] keyStorePassword = System.getProperty("test-client-keystore-password").toCharArray();
|
||||
String trustStoreFile = System.getProperty("test-client-truststore-file");
|
||||
String trustStoreType = System.getProperty("test-client-truststore-type");
|
||||
char[] trustStorePassword = System.getProperty("test-client-truststore-password").toCharArray();
|
||||
|
||||
SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
|
||||
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user