From 644d4a630e9f85e756236d210b588be5fcb3cec9 Mon Sep 17 00:00:00 2001 From: NOUMANE <ahmed.noumane@xelians.fr> Date: Wed, 19 Aug 2020 14:49:58 +0200 Subject: [PATCH] [US TRTL-246] feedback PR : modification of SSL configuration for Interco --- .../rest/client/BaseWebClientFactory.java | 16 +++++++++++----- .../configuration/RestClientConfiguration.java | 2 +- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java index 269bfc0f..ad6faf2b 100644 --- a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java +++ b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java @@ -46,9 +46,6 @@ import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.TrustManagerFactory; - import org.springframework.http.client.reactive.ClientHttpConnector; import org.springframework.http.client.reactive.ReactorClientHttpConnector; import org.springframework.util.Assert; @@ -56,6 +53,9 @@ import org.springframework.util.ResourceUtils; import org.springframework.util.StringUtils; import org.springframework.web.reactive.function.client.WebClient; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.TrustManagerFactory; + import fr.gouv.vitamui.commons.api.exception.ApplicationServerException; import fr.gouv.vitamui.commons.api.logger.VitamUILogger; import fr.gouv.vitamui.commons.api.logger.VitamUILoggerFactory; @@ -150,8 +150,14 @@ public class BaseWebClientFactory implements WebClientFactory { SslContextBuilder sslContextBuilder = SslContextBuilder.forClient(); sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE); - if (ks != null && restClientConfig.isKeystoreNeeded()) { - sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray())); + if (restClientConfig.isNoClientAuthentication()) { + LOGGER.warn("By deactivating the authentication client we deprive ourselves of two-way authentication."); + + } else { + if (ks != null) { + sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray())); + } + } if (restClientConfig.getSslConfiguration().isHostnameVerification()) { diff --git a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java index 8c878f21..1299fb58 100644 --- a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java +++ b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java @@ -59,7 +59,7 @@ public class RestClientConfiguration { private boolean secure; - private boolean keystoreNeeded = true; + private boolean noClientAuthentication = false; private SSLConfiguration sslConfiguration; -- GitLab