From c7df2c5bb38a3cad1df0f1cbed5d238bca852cfa Mon Sep 17 00:00:00 2001
From: kcichonczyk <88378534+kcichonczyk@users.noreply.github.com>
Date: Thu, 23 Mar 2023 14:53:37 +0100
Subject: [PATCH] [ACS-4839] Add mtls config in the deprecated module (#758)
---
deprecated/alfresco-transformer-base/pom.xml | 4 +
.../transformer/config/MTLSConfig.java | 134 ++++++++++++++++++
.../transform/base/config/MTLSConfig.java | 1 -
3 files changed, 138 insertions(+), 1 deletion(-)
create mode 100644 deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
diff --git a/deprecated/alfresco-transformer-base/pom.xml b/deprecated/alfresco-transformer-base/pom.xml
index 04720d4e..38270cda 100644
--- a/deprecated/alfresco-transformer-base/pom.xml
+++ b/deprecated/alfresco-transformer-base/pom.xml
@@ -75,6 +75,10 @@
google-collections
1.0
+
+ org.apache.httpcomponents
+ httpclient
+
diff --git a/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java b/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
new file mode 100644
index 00000000..1ba8f01c
--- /dev/null
+++ b/deprecated/alfresco-transformer-base/src/main/java/org/alfresco/transformer/config/MTLSConfig.java
@@ -0,0 +1,134 @@
+/*
+ * #%L
+ * Alfresco Transform Core
+ * %%
+ * Copyright (C) 2005 - 2023 Alfresco Software Limited
+ * %%
+ * This file is part of the Alfresco software.
+ * -
+ * If the software was purchased under a paid Alfresco license, the terms of
+ * the paid license agreement will prevail. Otherwise, the software is
+ * provided under the following open source license terms:
+ * -
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * -
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Lesser General Public License for more details.
+ * -
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see .
+ * #L%
+ */
+package org.alfresco.transformer.config;
+
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.ssl.SSLContextBuilder;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.io.Resource;
+import org.springframework.http.client.ClientHttpRequestFactory;
+import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
+import org.springframework.web.client.RestTemplate;
+
+import javax.net.ssl.SSLContext;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+
+@Deprecated
+@Configuration
+public class MTLSConfig {
+
+ @Value("${client.ssl.key-store:#{null}}")
+ private Resource keyStoreResource;
+
+ @Value("${client.ssl.key-store-password:}")
+ private char[] keyStorePassword;
+
+ @Value("${client.ssl.key-store-type:}")
+ private String keyStoreType;
+
+ @Value("${client.ssl.trust-store:#{null}}")
+ private Resource trustStoreResource;
+
+ @Value("${client.ssl.trust-store-password:}")
+ private char[] trustStorePassword;
+
+ @Value("${client.ssl.trust-store-type:}")
+ private String trustStoreType;
+
+ @Bean
+ public RestTemplate restTemplate(SSLContextBuilder apacheSSLContextBuilder) throws IOException, CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, UnrecoverableKeyException
+ {
+ if(isTlsOrMtlsConfigured())
+ {
+ return createRestTemplateWithSslContext(apacheSSLContextBuilder);
+ } else {
+ return new RestTemplate();
+ }
+ }
+
+ @Bean
+ public SSLContextBuilder apacheSSLContextBuilder() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException, UnrecoverableKeyException {
+ SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+ if(isKeystoreConfigured())
+ {
+ KeyStore keyStore = getKeyStore(keyStoreType, keyStoreResource, keyStorePassword);
+ sslContextBuilder.loadKeyMaterial(keyStore, keyStorePassword);
+ }
+ if(isTruststoreConfigured())
+ {
+ sslContextBuilder
+ .setKeyStoreType(trustStoreType)
+ .loadTrustMaterial(trustStoreResource.getURL(), trustStorePassword);
+ }
+
+ return sslContextBuilder;
+ }
+
+ private boolean isTlsOrMtlsConfigured()
+ {
+ return isTruststoreConfigured() || isKeystoreConfigured();
+ }
+
+ private boolean isTruststoreConfigured()
+ {
+ return trustStoreResource != null;
+ }
+
+ private boolean isKeystoreConfigured()
+ {
+ return keyStoreResource != null;
+ }
+
+ private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws NoSuchAlgorithmException, KeyManagementException {
+ SSLContext sslContext = sslContextBuilder.build();
+ SSLConnectionSocketFactory sslContextFactory = new SSLConnectionSocketFactory(sslContext);
+ CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslContextFactory).build();
+ ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
+ return new RestTemplate(requestFactory);
+ }
+
+ private KeyStore getKeyStore(String keyStoreType, Resource keyStoreResource, char[] keyStorePassword) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException
+ {
+ KeyStore keyStore = KeyStore.getInstance(keyStoreType);
+ try (InputStream keyStoreInputStream = keyStoreResource.getInputStream())
+ {
+ keyStore.load(keyStoreInputStream, keyStorePassword);
+ }
+ return keyStore;
+ }
+}
diff --git a/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java b/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
index d231623f..cb41f568 100644
--- a/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
+++ b/engines/base/src/main/java/org/alfresco/transform/base/config/MTLSConfig.java
@@ -41,7 +41,6 @@ import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.web.client.RestTemplate;
-import org.springframework.web.reactive.function.client.WebClient;
import reactor.netty.http.client.HttpClient;
import javax.net.ssl.KeyManagerFactory;