import java.io.FileInputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.stream.Collectors;
-import org.oransc.policyagent.configuration.ImmutableWebClientConfig;
+import javax.net.ssl.KeyManagerFactory;
+
import org.oransc.policyagent.configuration.WebClientConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
private static final AtomicInteger sequenceNumber = new AtomicInteger();
private final WebClientConfig clientConfig;
static KeyStore clientTrustStore = null;
+ private boolean sslEnabled = true;
public AsyncRestClient(String baseUrl) {
- this(baseUrl,
- ImmutableWebClientConfig.builder().isTrustStoreUsed(false).trustStore("").trustStorePassword("").build());
+ this(baseUrl, null);
+ this.sslEnabled = false;
}
public AsyncRestClient(String baseUrl, WebClientConfig config) {
return clientTrustStore;
}
- private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass)
+ private SslContext createSslContextRejectingUntrustedPeers(String trustStorePath, String trustStorePass,
+ KeyManagerFactory keyManager)
throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
final KeyStore trustStore = getTrustStore(trustStorePath, trustStorePass);
final X509Certificate[] certificates = certificateList.toArray(new X509Certificate[certificateList.size()]);
return SslContextBuilder.forClient() //
+ .keyManager(keyManager) //
.trustManager(certificates) //
.build();
}
- private SslContext createSslContext()
+ private SslContext createSslContext(KeyManagerFactory keyManager)
throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
if (this.clientConfig.isTrustStoreUsed()) {
return createSslContextRejectingUntrustedPeers(this.clientConfig.trustStore(),
- this.clientConfig.trustStorePassword());
+ this.clientConfig.trustStorePassword(), keyManager);
} else {
// Trust anyone
return SslContextBuilder.forClient() //
+ .keyManager(keyManager) //
.trustManager(InsecureTrustManagerFactory.INSTANCE) //
.build();
}
}
- private WebClient createWebClient(String baseUrl, SslContext sslContext) {
- ConnectionProvider connectionProvider = ConnectionProvider.newConnection();
- TcpClient tcpClient = TcpClient.create(connectionProvider) //
+ private TcpClient createTcpClientSecure(SslContext sslContext) {
+ return TcpClient.create(ConnectionProvider.newConnection()) //
.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10_000) //
.secure(c -> c.sslContext(sslContext)) //
+ .doOnConnected(connection -> {
+ connection.addHandlerLast(new ReadTimeoutHandler(30));
+ connection.addHandlerLast(new WriteTimeoutHandler(30));
+ });
+ }
+ private TcpClient createTcpClientInsecure() {
+ return TcpClient.create(ConnectionProvider.newConnection()) //
+ .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 10_000) //
.doOnConnected(connection -> {
connection.addHandlerLast(new ReadTimeoutHandler(30));
connection.addHandlerLast(new WriteTimeoutHandler(30));
});
+ }
+
+ private WebClient createWebClient(String baseUrl, TcpClient tcpClient) {
HttpClient httpClient = HttpClient.from(tcpClient);
ReactorClientHttpConnector connector = new ReactorClientHttpConnector(httpClient);
-
ExchangeStrategies exchangeStrategies = ExchangeStrategies.builder() //
.codecs(configurer -> configurer.defaultCodecs().maxInMemorySize(-1)) //
.build();
-
return WebClient.builder() //
.clientConnector(connector) //
.baseUrl(baseUrl) //
private Mono<WebClient> getWebClient() {
if (this.webClient == null) {
try {
- SslContext sslContext = createSslContext();
- this.webClient = createWebClient(this.baseUrl, sslContext);
+ if (this.sslEnabled) {
+ final KeyManagerFactory keyManager =
+ KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ final KeyStore keyStore = KeyStore.getInstance(this.clientConfig.keyStoreType());
+ final String keyStoreFile = this.clientConfig.keyStore();
+ final String keyStorePassword = this.clientConfig.keyStorePassword();
+ final String keyPassword = this.clientConfig.keyPassword();
+ try (final InputStream inputStream = new FileInputStream(keyStoreFile)) {
+ keyStore.load(inputStream, keyStorePassword.toCharArray());
+ }
+ keyManager.init(keyStore, keyPassword.toCharArray());
+ SslContext sslContext = createSslContext(keyManager);
+ TcpClient tcpClient = createTcpClientSecure(sslContext);
+ this.webClient = createWebClient(this.baseUrl, tcpClient);
+ } else {
+ TcpClient tcpClient = createTcpClientInsecure();
+ this.webClient = createWebClient(this.baseUrl, tcpClient);
+ }
} catch (Exception e) {
logger.error("Could not create WebClient {}", e.getMessage());
return Mono.error(e);
@Value("${app.filepath}")
private String localConfigurationFilePath;
+ @Value("${server.ssl.key-store-type}")
+ private String sslKeyStoreType = "";
+
+ @Value("${server.ssl.key-store-password}")
+ private String sslKeyStorePassword = "";
+
+ @Value("${server.ssl.key-store}")
+ private String sslKeyStore = "";
+
+ @Value("${server.ssl.key-password}")
+ private String sslKeyPassword = "";
+
@Value("${app.webclient.trust-store-used}")
private boolean sslTrustStoreUsed = false;
public WebClientConfig getWebClientConfig() {
return ImmutableWebClientConfig.builder() //
+ .keyStoreType(this.sslKeyStoreType) //
+ .keyStorePassword(this.sslKeyStorePassword) //
+ .keyStore(this.sslKeyStore) //
+ .keyPassword(this.sslKeyPassword) //
.isTrustStoreUsed(this.sslTrustStoreUsed) //
.trustStore(this.sslTrustStore) //
.trustStorePassword(this.sslTrustStorePassword) //
Code Review / nonrtric.git / commitdiff