From 23cd052cd9dd1a9575c25d67f82103f1356b473c Mon Sep 17 00:00:00 2001
From: kcichonczyk <88378534+kcichonczyk@users.noreply.github.com>
Date: Wed, 29 Mar 2023 13:45:01 +0200
Subject: [PATCH] [ACS-4460] add no hostname verification remove
com.google.collections dependencies (#770)
---
deprecated/alfresco-transformer-base/pom.xml | 9 +++----
.../transformer/config/MTLSConfig.java | 13 ++++++++-
engines/aio/pom.xml | 4 +++
engines/base/pom.xml | 10 +++----
.../transform/base/config/MTLSConfig.java | 27 +++++++++++++++++--
5 files changed, 50 insertions(+), 13 deletions(-)
diff --git a/deprecated/alfresco-transformer-base/pom.xml b/deprecated/alfresco-transformer-base/pom.xml
index f45e51b3..66d6d8b8 100644
--- a/deprecated/alfresco-transformer-base/pom.xml
+++ b/deprecated/alfresco-transformer-base/pom.xml
@@ -70,15 +70,14 @@
org.messaginghub
pooled-jms
-
- com.google.collections
- google-collections
- 1.0
-
org.apache.httpcomponents
httpclient
+
+ com.google.guava
+ guava
+
diff --git a/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java b/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
index 1ba8f01c..86867ae6 100644
--- a/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
+++ b/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
@@ -26,8 +26,10 @@
*/
package org.alfresco.transformer.config;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.beans.factory.annotation.Value;
@@ -70,6 +72,9 @@ public class MTLSConfig {
@Value("${client.ssl.trust-store-type:}")
private String trustStoreType;
+ @Value("${client.ssl.hostname-verification-disabled:false}")
+ private boolean hostNameVerificationDisabled;
+
@Bean
public RestTemplate restTemplate(SSLContextBuilder apacheSSLContextBuilder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
{
@@ -117,7 +122,13 @@ public class MTLSConfig {
private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = sslContextBuilder.build();
SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
- CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
+
+ HttpClientBuilder httpClientBuilder = HttpClients.custom().setSSLSocketFactory(sslContextFactory);
+ if(hostNameVerificationDisabled)
+ {
+ httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
+ }
+ CloseableHttpClient httpClient = httpClientBuilder.build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}
diff --git a/engines/aio/pom.xml b/engines/aio/pom.xml
index 2ed122a2..bbad7659 100644
--- a/engines/aio/pom.xml
+++ b/engines/aio/pom.xml
@@ -129,6 +129,10 @@
test-jar
test
+
+ com.google.guava
+ guava
+
diff --git a/engines/base/pom.xml b/engines/base/pom.xml
index 0a640f64..7e4f8e54 100644
--- a/engines/base/pom.xml
+++ b/engines/base/pom.xml
@@ -56,6 +56,11 @@
+
+ com.google.guava
+ guava
+
+
org.dom4j
dom4j
@@ -78,11 +83,6 @@
org.messaginghub
pooled-jms
-
- com.google.collections
- google-collections
- 1.0
-
ch.qos.logback
logback-classic
diff --git a/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java b/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
index cb41f568..a7830169 100644
--- a/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
+++ b/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
@@ -29,8 +29,10 @@ package org.alfresco.transform.base.config;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import org.alfresco.transform.base.WebClientBuilderAdjuster;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.beans.factory.annotation.Value;
@@ -45,7 +47,9 @@ import reactor.netty.http.client.HttpClient;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
@@ -77,6 +81,9 @@ public class MTLSConfig {
@Value("${client.ssl.trust-store-type:}")
private String trustStoreType;
+ @Value("${client.ssl.hostname-verification-disabled:false}")
+ private boolean hostNameVerificationDisabled;
+
@Bean
public WebClientBuilderAdjuster webClientBuilderAdjuster(SslContextBuilder nettySslContextBuilder)
{
@@ -158,13 +165,29 @@ public class MTLSConfig {
private HttpClient createHttpClientWithSslContext(SslContextBuilder sslContextBuilder) throws SSLException {
SslContext sslContext = sslContextBuilder.build();
- return HttpClient.create().secure(p -> p.sslContext(sslContext));
+ return HttpClient.create().secure(p -> p.sslContext(sslContext).handlerConfigurator(handler -> {
+ SSLEngine sslEngine = handler.engine();
+ SSLParameters sslParameters = sslEngine.getSSLParameters();
+ if(hostNameVerificationDisabled)
+ {
+ sslParameters.setEndpointIdentificationAlgorithm(null);
+ } else {
+ sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+ }
+ sslEngine.setSSLParameters(sslParameters);
+ }));
}
private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = sslContextBuilder.build();
SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
- CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
+
+ HttpClientBuilder httpClientBuilder = HttpClients.custom().setSSLSocketFactory(sslContextFactory);
+ if(hostNameVerificationDisabled)
+ {
+ httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
+ }
+ CloseableHttpClient httpClient = httpClientBuilder.build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}