From 644d4a630e9f85e756236d210b588be5fcb3cec9 Mon Sep 17 00:00:00 2001
From: NOUMANE <ahmed.noumane@xelians.fr>
Date: Wed, 19 Aug 2020 14:49:58 +0200
Subject: [PATCH] [US TRTL-246] feedback PR :   modification of SSL
 configuration for Interco

---
 .../rest/client/BaseWebClientFactory.java        | 16 +++++++++++-----
 .../configuration/RestClientConfiguration.java   |  2 +-
 2 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java
index 269bfc0f..ad6faf2b 100644
--- a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java
+++ b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java
@@ -46,9 +46,6 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManagerFactory;
-
 import org.springframework.http.client.reactive.ClientHttpConnector;
 import org.springframework.http.client.reactive.ReactorClientHttpConnector;
 import org.springframework.util.Assert;
@@ -56,6 +53,9 @@ import org.springframework.util.ResourceUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.reactive.function.client.WebClient;
 
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
+
 import fr.gouv.vitamui.commons.api.exception.ApplicationServerException;
 import fr.gouv.vitamui.commons.api.logger.VitamUILogger;
 import fr.gouv.vitamui.commons.api.logger.VitamUILoggerFactory;
@@ -150,8 +150,14 @@ public class BaseWebClientFactory implements WebClientFactory {
             SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
             sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE);
 
-            if (ks != null && restClientConfig.isKeystoreNeeded()) {
-                sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray()));
+            if (restClientConfig.isNoClientAuthentication()) {
+                LOGGER.warn("By deactivating the authentication client we deprive ourselves of two-way authentication.");
+
+            } else {
+                if (ks != null) {
+                    sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray()));
+                }
+
             }
 
             if (restClientConfig.getSslConfiguration().isHostnameVerification()) {
diff --git a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java
index 8c878f21..1299fb58 100644
--- a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java
+++ b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java
@@ -59,7 +59,7 @@ public class RestClientConfiguration {
 
     private boolean secure;
 
-    private boolean keystoreNeeded = true;
+    private boolean noClientAuthentication = false;
 
     private SSLConfiguration sslConfiguration;
 
-- 
GitLab