inteligr8/alfresco-transform-core
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-transform-core.git synced 2025-07-31 17:38:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

[ACS-4460] add no hostname verification remove com.google.collections dependencies (#770)

Browse Source
This commit is contained in:
kcichonczyk
2023-03-29 13:45:01 +02:00
committed by GitHub
parent 9223dc170d
commit 23cd052cd9
5 changed files with 50 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
engines/base/pom.xml
View File

@@ -56,6 +56,11 @@
</exclusions>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
</dependency>
<dependency>
<groupId>org.dom4j</groupId>
<artifactId>dom4j</artifactId>
@@ -78,11 +83,6 @@
<groupId>org.messaginghub</groupId>
<artifactId>pooled-jms</artifactId>
</dependency>
<dependency>
<groupId>com.google.collections</groupId>
<artifactId>google-collections</artifactId>
<version>1.0</version>
</dependency>
<dependency>
<groupId>ch.qos.logback</groupId>
<artifactId>logback-classic</artifactId>

27
engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
View File

@@ -29,8 +29,10 @@ package org.alfresco.transform.base.config;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import org.alfresco.transform.base.WebClientBuilderAdjuster;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.springframework.beans.factory.annotation.Value;
@@ -45,7 +47,9 @@ import reactor.netty.http.client.HttpClient;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import java.io.IOException;
import java.io.InputStream;
@@ -77,6 +81,9 @@ public class MTLSConfig {
@Value("${client.ssl.trust-store-type:}")
private String trustStoreType;
@Value("${client.ssl.hostname-verification-disabled:false}")
private boolean hostNameVerificationDisabled;
@Bean
public WebClientBuilderAdjuster webClientBuilderAdjuster(SslContextBuilder nettySslContextBuilder)
{
@@ -158,13 +165,29 @@ public class MTLSConfig {
private HttpClient createHttpClientWithSslContext(SslContextBuilder sslContextBuilder) throws SSLException {
SslContext sslContext = sslContextBuilder.build();
return HttpClient.create().secure(p -> p.sslContext(sslContext));
return HttpClient.create().secure(p -> p.sslContext(sslContext).handlerConfigurator(handler -> {
SSLEngine sslEngine = handler.engine();
SSLParameters sslParameters = sslEngine.getSSLParameters();
if(hostNameVerificationDisabled)
{
sslParameters.setEndpointIdentificationAlgorithm(null);
} else {
sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
}
sslEngine.setSSLParameters(sslParameters);
}));
}
private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws NoSuchAlgorithmException, KeyManagementException {
SSLContext sslContext = sslContextBuilder.build();
SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
HttpClientBuilder httpClientBuilder = HttpClients.custom().setSSLSocketFactory(sslContextFactory);
if(hostNameVerificationDisabled)
{
httpClientBuilder.setSSLHostnameVerifier(new NoopHostnameVerifier());
}
CloseableHttpClient httpClient = httpClientBuilder.build();
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
return new RestTemplate(requestFactory);
}