inteligr8/alfresco-transform-core
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-transform-core.git synced 2025-05-12 17:04:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-4460] introduce mTLS when communicating with SFS (T-Engines communicating with SFS), added WebClient Builder as a bean

Browse Source
This commit is contained in:
kcichonczyk 2023-02-13 19:27:18 +01:00
parent e3737c977f
commit 139a18f8ac
1 changed files with 35 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
View File

@ -65,54 +65,53 @@ public class MTLSConfig {
@Value("${filestore-url}") @Value("${filestore-url}")
private String url; private String url;
@Value("${server.ssl.enabled}") @Value("${server.ssl.enabled:false}")
boolean sslEnabled; boolean sslEnabled;
@Value("${server.ssl.key.store}") @Value("${server.ssl.key.store:}")
private Resource keyStoreResource; private Resource keyStoreResource;
//TODO: use some hashing algorithm @Value("${server.ssl.key.password:}")
@Value("${server.ssl.key.password}")
private char[] keyPassword; private char[] keyPassword;
//TODO: use some hashing algorithm @Value("${server.ssl.key.store.password:}")
@Value("${server.ssl.key.store.password}")
private char[] keyStorePassword; private char[] keyStorePassword;
@Value("${server.ssl.key.store.type}") @Value("${server.ssl.key.store.type:}")
private String keyStoreType; private String keyStoreType;
@Value("${server.ssl.trust.store}") @Value("${server.ssl.trust.store:}")
private Resource trustStoreResource; private Resource trustStoreResource;
//TODO: use some hashing algorithm @Value("${server.ssl.trust.store.password:}")
@Value("${server.ssl.trust.store.password}")
private char[] trustStorePassword; private char[] trustStorePassword;
@Value("${server.ssl.trust.store.type}") @Value("${server.ssl.trust.store.type:}")
private String trustStoreType; private String trustStoreType;
@Bean @Bean
public WebClient client() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException public WebClient client(WebClient.Builder clientBuilder)
{
return clientBuilder.baseUrl(url.endsWith("/") ? url : url + "/")
.defaultHeader(CONTENT_TYPE, APPLICATION_JSON_VALUE)
.defaultHeader(ACCEPT, APPLICATION_JSON_VALUE)
.build();
}
@Bean
public WebClient.Builder clientBuilder() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException
{ {
if(sslEnabled) if(sslEnabled)
{ {
HttpClient httpClient = getHttpClientWithMTLS(); HttpClient httpClient = getHttpClientWithMTLS();
return WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient));
return WebClient.builder().baseUrl(url.endsWith("/") ? url : url + "/")
.defaultHeader(CONTENT_TYPE, APPLICATION_JSON_VALUE)
.defaultHeader(ACCEPT, APPLICATION_JSON_VALUE)
.clientConnector(new ReactorClientHttpConnector(httpClient))
.build();
} else { } else {
return WebClient.builder().baseUrl(url.endsWith("/") ? url : url + "/") return WebClient.builder();
.defaultHeader(CONTENT_TYPE, APPLICATION_JSON_VALUE)
.defaultHeader(ACCEPT, APPLICATION_JSON_VALUE)
.build();
} }
} }
private HttpClient getHttpClientWithMTLS() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { private HttpClient getHttpClientWithMTLS() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException
{
KeyManagerFactory keyManagerFactory = initKeyManagerFactory(); KeyManagerFactory keyManagerFactory = initKeyManagerFactory();
TrustManagerFactory trustManagerFactory = initTrustManagerFactory(); TrustManagerFactory trustManagerFactory = initTrustManagerFactory();
@ -121,34 +120,38 @@ public class MTLSConfig {
.keyManager(keyManagerFactory) .keyManager(keyManagerFactory)
.build(); .build();
HttpClient httpClient = HttpClient.create().secure(p -> p.sslContext(sslContext)); return HttpClient.create().secure(p -> p.sslContext(sslContext));
return httpClient;
} }
private TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException { private TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException
{
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
KeyStore trustStore = getKeyStore(trustStoreType, trustStoreResource, trustStorePassword); KeyStore trustStore = getKeyStore(trustStoreType, trustStoreResource, trustStorePassword);
trustManagerFactory.init(trustStore); trustManagerFactory.init(trustStore);
return trustManagerFactory; return trustManagerFactory;
} }
private KeyManagerFactory initKeyManagerFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { private KeyManagerFactory initKeyManagerFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException
{
KeyStore clientKeyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword); KeyStore clientKeyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyStoreType); KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(keyStoreType);
keyManagerFactory.init(clientKeyStore, keyPassword); keyManagerFactory.init(clientKeyStore, keyPassword);
return keyManagerFactory; return keyManagerFactory;
} }
private KeyStore getKeyStore(String keyStoreType, Resource keyStoreResource, char[] keyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException { private KeyStore getKeyStore(String keyStoreType, Resource keyStoreResource, char[] keyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
{
KeyStore keyStore = KeyStore.getInstance(keyStoreType); KeyStore keyStore = KeyStore.getInstance(keyStoreType);
try (InputStream keyStoreInputStream = keyStoreResource.getInputStream()) { try (InputStream keyStoreInputStream = keyStoreResource.getInputStream())
{
keyStore.load(keyStoreInputStream, keyStorePassword); keyStore.load(keyStoreInputStream, keyStorePassword);
} }
return keyStore; return keyStore;
} }
@Bean @Bean
public RestTemplate restTemplate() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException { public RestTemplate restTemplate() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
{
if(sslEnabled) if(sslEnabled)
{ {
return getRestTemplateWithMTLS(); return getRestTemplateWithMTLS();
@ -157,7 +160,8 @@ public class MTLSConfig {
} }
} }
private RestTemplate getRestTemplateWithMTLS() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException { private RestTemplate getRestTemplateWithMTLS() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException
{
KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword); KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
SSLContext sslContext = new SSLContextBuilder() SSLContext sslContext = new SSLContextBuilder()
.loadKeyMaterial(keyStore, keyPassword) .loadKeyMaterial(keyStore, keyPassword)