- private boolean isCertificateEntry(KeyStore trustStore, String alias) {
- try {
- return trustStore.isCertificateEntry(alias);
- } catch (KeyStoreException e) {
- logger.error("Error reading truststore {}", e.getMessage());
- return false;
- }
- }
-
- private Certificate getCertificate(KeyStore trustStore, String alias) {
- try {
- return trustStore.getCertificate(alias);
- } catch (KeyStoreException e) {
- logger.error("Error reading truststore {}", e.getMessage());
- return null;
- }
- }
-
- private static synchronized KeyStore getTrustStore(String trustStorePath, String trustStorePass)
- throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
- if (clientTrustStore == null) {
- KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());
- store.load(new FileInputStream(ResourceUtils.getFile(trustStorePath)), trustStorePass.toCharArray());
- clientTrustStore = store;
- }
- return clientTrustStore;
- }
-
- private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass,
- KeyManagerFactory keyManager)
- throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
-
- final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
- List<Certificate> certificateList = Collections.list(trustStore.aliases()).stream() //
- .filter(alias -> isCertificateEntry(trustStore, alias)) //
- .map(alias -> getCertificate(trustStore, alias)) //
- .collect(Collectors.toList());
- final X509Certificate[] certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
-
- return SslContextBuilder.forClient() //
- .keyManager(keyManager) //
- .trustManager(certificates) //
- .build();
- }
-
- private SslContext createSslContext(KeyManagerFactory keyManager)
- throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
- if (this.clientConfig.isTrustStoreUsed()) {
- return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
- this.clientConfig.trustStorePassword(), keyManager);
- } else {
- // Trust anyone
- return SslContextBuilder.forClient() //
- .keyManager(keyManager) //
- .trustManager(InsecureTrustManagerFactory.INSTANCE) //
- .build();
- }
- }
-
- private TcpClient createTcpClientSecure(SslContext sslContext) {
- return TcpClient.create(ConnectionProvider.newConnection()) //
- .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10_000) //
- .secure(c -> c.sslContext(sslContext)) //
- .doOnConnected(connection -> {
- connection.addHandlerLast(new ReadTimeoutHandler(30));
- connection.addHandlerLast(new WriteTimeoutHandler(30));
- });