[ACS-4460] add no hostname verification remove com.google.collections dependencies (#770)

2025-05-12 17:04:48 +00:00 · 2023-03-29 13:45:01 +02:00 · 2023-03-29 13:45:01 +02:00 · 23cd052cd9
commit 23cd052cd9
parent 9223dc170d
5 changed files with 50 additions and 13 deletions
--- a/deprecated/alfresco-transformer-base/pom.xml
+++ b/deprecated/alfresco-transformer-base/pom.xml
@ -70,15 +70,14 @@
            <groupId>org.messaginghub</groupId>
            <artifactId>pooled-jms</artifactId>
        </dependency>
-        <dependency>
-            <groupId>com.google.collections</groupId>
-            <artifactId>google-collections</artifactId>
-            <version>1.0</version>
-        </dependency>
        <dependency>
            <groupId>org.apache.httpcomponents</groupId>
            <artifactId>httpclient</artifactId>
        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
    </dependencies>

    <build>
--- a/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
+++ b/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
@ -26,8 +26,10 @@
 */
 package org.alfresco.transformer.config;

+import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.ssl.SSLContextBuilder;
 import org.springframework.beans.factory.annotation.Value;
@ -70,6 +72,9 @@ public class MTLSConfig {
    @Value("${client.ssl.trust-store-type:}")
    private String trustStoreType;

+    @Value("${client.ssl.hostname-verification-disabled:false}")
+    private boolean hostNameVerificationDisabled;
+
    @Bean
    public RestTemplate restTemplate(SSLContextBuilder apacheSSLContextBuilder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
    {
@ -117,7 +122,13 @@ public class MTLSConfig {
    private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = sslContextBuilder.build();
        SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
-        CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
+
+        HttpClientBuilder httpClientBuilder = HttpClients.custom().setSSLSocketFactory(sslContextFactory);
+        if(hostNameVerificationDisabled)
+        {
+            httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
+        }
+        CloseableHttpClient httpClient = httpClientBuilder.build();
        ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
        return new RestTemplate(requestFactory);
    }
--- a/engines/aio/pom.xml
+++ b/engines/aio/pom.xml
@ -129,6 +129,10 @@
            <type>test-jar</type>
            <scope>test</scope>
        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
     </dependencies>

    <build>
--- a/engines/base/pom.xml
+++ b/engines/base/pom.xml
@ -56,6 +56,11 @@
            </exclusions>
        </dependency>

+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
+
        <dependency>
            <groupId>org.dom4j</groupId>
            <artifactId>dom4j</artifactId>
@ -78,11 +83,6 @@
            <groupId>org.messaginghub</groupId>
            <artifactId>pooled-jms</artifactId>
        </dependency>
-        <dependency>
-            <groupId>com.google.collections</groupId>
-            <artifactId>google-collections</artifactId>
-            <version>1.0</version>
-        </dependency>
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
--- a/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
+++ b/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
@ -29,8 +29,10 @@ package org.alfresco.transform.base.config;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import org.alfresco.transform.base.WebClientBuilderAdjuster;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.ssl.SSLContextBuilder;
 import org.springframework.beans.factory.annotation.Value;
@ -45,7 +47,9 @@ import reactor.netty.http.client.HttpClient;

 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.net.ssl.TrustManagerFactory;
 import java.io.IOException;
 import java.io.InputStream;
@ -77,6 +81,9 @@ public class MTLSConfig {
    @Value("${client.ssl.trust-store-type:}")
    private String trustStoreType;

+    @Value("${client.ssl.hostname-verification-disabled:false}")
+    private boolean hostNameVerificationDisabled;
+
    @Bean
    public WebClientBuilderAdjuster webClientBuilderAdjuster(SslContextBuilder nettySslContextBuilder)
    {
@ -158,13 +165,29 @@ public class MTLSConfig {

    private HttpClient createHttpClientWithSslContext(SslContextBuilder sslContextBuilder) throws SSLException {
        SslContext sslContext = sslContextBuilder.build();
-        return HttpClient.create().secure(p -> p.sslContext(sslContext));
+        return HttpClient.create().secure(p -> p.sslContext(sslContext).handlerConfigurator(handler -> {
+            SSLEngine sslEngine = handler.engine();
+            SSLParameters sslParameters = sslEngine.getSSLParameters();
+            if(hostNameVerificationDisabled)
+            {
+                sslParameters.setEndpointIdentificationAlgorithm(null);
+            } else {
+                sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+            }
+            sslEngine.setSSLParameters(sslParameters);
+        }));
    }

    private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sslContext = sslContextBuilder.build();
        SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
-        CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
+
+        HttpClientBuilder httpClientBuilder = HttpClients.custom().setSSLSocketFactory(sslContextFactory);
+        if(hostNameVerificationDisabled)
+        {
+            httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
+        }
+        CloseableHttpClient httpClient = httpClientBuilder.build();
        ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
        return new RestTemplate(requestFactory);
    }