[ACS-4460] configure beans for WebClient.Builder and RestTemplate

2025-05-12 17:04:48 +00:00 · 2023-02-23 17:37:13 +01:00 · 2023-02-23 17:37:13 +01:00 · 4c77021796
commit 4c77021796
parent 88b8b851b2
1 changed files with 70 additions and 41 deletions
--- a/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
+++ b/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
@ -35,6 +35,7 @@ import org.apache.http.ssl.SSLContextBuilder;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Scope;
 import org.springframework.core.io.Resource;
 import org.springframework.http.client.ClientHttpRequestFactory;
 import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
@ -58,51 +59,81 @@ import java.security.cert.CertificateException;
@Configuration
 public class MTLSConfig {
-    @Value("${server.ssl.enabled:false}")
+    @Value("${client.ssl.key-store:#{null}}")
    boolean sslEnabled;
    @Value("${server.ssl.key.store:}")
    private Resource keyStoreResource;
-    @Value("${server.ssl.key.password:}")
+    @Value("${client.ssl.key-store-password:}")
    private char[] keyPassword;
    @Value("${server.ssl.key.store.password:}")
    private char[] keyStorePassword;
-    @Value("${server.ssl.key.store.type:}")
+    @Value("${client.ssl.key-store-type:}")
    private String keyStoreType;
-    @Value("${server.ssl.trust.store:}")
+    @Value("${client.ssl.trust-store:#{null}}")
    private Resource trustStoreResource;
-    @Value("${server.ssl.trust.store.password:}")
+    @Value("${client.ssl.trust-store-password:}")
    private char[] trustStorePassword;
-    @Value("${server.ssl.trust.store.type:}")
+    @Value("${client.ssl.trust-store-type:}")
    private String trustStoreType;
-    @Bean
+    @Bean()
-    public WebClient.Builder clientBuilder() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException {
+    @Scope("prototype")
-        if(sslEnabled)
+    public WebClient.Builder clientBuilder() throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException, UnrecoverableKeyException
    {
-            HttpClient httpClient = getHttpClientWithMTLS();
+        if(isTlsOrMtlsConfigured())
-            return WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient));
+        {
            return createWebClientBuilderWithSslContext();
        } else {
            return WebClient.builder();
        }
    }
-    private HttpClient getHttpClientWithMTLS() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+    @Bean
    public RestTemplate restTemplate() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
    {
        if(isTlsOrMtlsConfigured())
        {
            return createRestTemplateWithSslContext();
        } else {
            return new RestTemplate();
        }
    }
    private boolean isTlsOrMtlsConfigured()
    {
        return isTruststoreConfigured() || isKeystoreConfigured();
    }
    private boolean isTruststoreConfigured()
    {
        return trustStoreResource != null;
    }
    private boolean isKeystoreConfigured()
    {
        return keyStoreResource != null;
    }
    private WebClient.Builder createWebClientBuilderWithSslContext() throws UnrecoverableKeyException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException
    {
        SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
        if(isKeystoreConfigured())
        {
            KeyManagerFactory keyManagerFactory = initKeyManagerFactory();
            sslContextBuilder.keyManager(keyManagerFactory);
        }
        if(isTruststoreConfigured())
        {
            TrustManagerFactory trustManagerFactory = initTrustManagerFactory();
            sslContextBuilder.trustManager(trustManagerFactory);
        }
-        SslContext sslContext = SslContextBuilder.forClient()
+        SslContext sslContext = sslContextBuilder.build();
-                .trustManager(trustManagerFactory)
+        HttpClient httpClient = HttpClient.create().secure(p -> p.sslContext(sslContext));
-                .keyManager(keyManagerFactory)
+        return WebClient.builder().clientConnector(new ReactorClientHttpConnector(httpClient));
                .build();
        return HttpClient.create().secure(p -> p.sslContext(sslContext));
    }
    private TrustManagerFactory initTrustManagerFactory() throws NoSuchAlgorithmException, KeyStoreException, IOException, CertificateException
@ -113,10 +144,11 @@ public class MTLSConfig {
        return trustManagerFactory;
    }
-    private KeyManagerFactory initKeyManagerFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+    private KeyManagerFactory initKeyManagerFactory() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException
    {
        KeyStore clientKeyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
-        keyManagerFactory.init(clientKeyStore, keyPassword);
+        keyManagerFactory.init(clientKeyStore, keyStorePassword);
        return keyManagerFactory;
    }
@ -130,25 +162,22 @@ public class MTLSConfig {
        return keyStore;
    }
-    @Bean
+    private RestTemplate createRestTemplateWithSslContext() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException
    public RestTemplate restTemplate() throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
    {
-        if(sslEnabled)
+        SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
        {
            return getRestTemplateWithMTLS();
        } else {
            return new RestTemplate();
        }
    }
-    private RestTemplate getRestTemplateWithMTLS() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, KeyManagementException, UnrecoverableKeyException
+        if(isKeystoreConfigured())
        {
            KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
-        SSLContext sslContext = new SSLContextBuilder()
+            sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword);
-                .loadKeyMaterial(keyStore, keyPassword)
+        }
                .loadTrustMaterial(trustStoreResource.getURL(), trustStorePassword)
                .build();
        if(isTruststoreConfigured())
        {
            sslContextBuilder.loadTrustMaterial(trustStoreResource.getURL(), trustStorePassword);
        }
        SSLContext sslContext = sslContextBuilder.build();
        SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
        CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
        ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);