[US TRTL-246] feedback PR : modification of SSL configuration for Interco

644d4a63 · NOUMANE · Makhtar DIAGNE · bffa9448 · 644d4a63 · 644d4a63
Commit 644d4a63 authored Aug 19, 2020 by NOUMANE Committed by Makhtar DIAGNE Sep 18, 2020
--- a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java
+++ b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/BaseWebClientFactory.java
@@ -46,9 +46,6 @@ import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;

-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManagerFactory;
-
 import org.springframework.http.client.reactive.ClientHttpConnector;
 import org.springframework.http.client.reactive.ReactorClientHttpConnector;
 import org.springframework.util.Assert;
@@ -56,6 +53,9 @@ import org.springframework.util.ResourceUtils;
 import org.springframework.util.StringUtils;
 import org.springframework.web.reactive.function.client.WebClient;

+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManagerFactory;
+
 import fr.gouv.vitamui.commons.api.exception.ApplicationServerException;
 import fr.gouv.vitamui.commons.api.logger.VitamUILogger;
 import fr.gouv.vitamui.commons.api.logger.VitamUILoggerFactory;
@@ -150,8 +150,14 @@ public class BaseWebClientFactory implements WebClientFactory {
            SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
            sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE);

-            if (ks != null && restClientConfig.isKeystoreNeeded()) {
-                sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray()));
+            if (restClientConfig.isNoClientAuthentication()) {
+                LOGGER.warn("By deactivating the authentication client we deprive ourselves of two-way authentication.");
+
+            } else {
+                if (ks != null) {
+                    sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray()));
+                }
+
            }

            if (restClientConfig.getSslConfiguration().isHostnameVerification()) {

--- a/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java
+++ b/commons/commons-rest/src/main/java/fr/gouv/vitamui/commons/rest/client/configuration/RestClientConfiguration.java
@@ -59,7 +59,7 @@ public class RestClientConfiguration {

    private boolean secure;

-    private boolean keystoreNeeded = true;
+    private boolean noClientAuthentication = false;

    private SSLConfiguration sslConfiguration;