Commit 644d4a63 authored by NOUMANE's avatar NOUMANE Committed by Makhtar DIAGNE
Browse files

[US TRTL-246] feedback PR : modification of SSL configuration for Interco

parent bffa9448
...@@ -46,9 +46,6 @@ import java.security.KeyStoreException; ...@@ -46,9 +46,6 @@ import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException; import java.security.cert.CertificateException;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.springframework.http.client.reactive.ClientHttpConnector; import org.springframework.http.client.reactive.ClientHttpConnector;
import org.springframework.http.client.reactive.ReactorClientHttpConnector; import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.util.Assert; import org.springframework.util.Assert;
...@@ -56,6 +53,9 @@ import org.springframework.util.ResourceUtils; ...@@ -56,6 +53,9 @@ import org.springframework.util.ResourceUtils;
import org.springframework.util.StringUtils; import org.springframework.util.StringUtils;
import org.springframework.web.reactive.function.client.WebClient; import org.springframework.web.reactive.function.client.WebClient;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import fr.gouv.vitamui.commons.api.exception.ApplicationServerException; import fr.gouv.vitamui.commons.api.exception.ApplicationServerException;
import fr.gouv.vitamui.commons.api.logger.VitamUILogger; import fr.gouv.vitamui.commons.api.logger.VitamUILogger;
import fr.gouv.vitamui.commons.api.logger.VitamUILoggerFactory; import fr.gouv.vitamui.commons.api.logger.VitamUILoggerFactory;
...@@ -150,8 +150,14 @@ public class BaseWebClientFactory implements WebClientFactory { ...@@ -150,8 +150,14 @@ public class BaseWebClientFactory implements WebClientFactory {
SslContextBuilder sslContextBuilder = SslContextBuilder.forClient(); SslContextBuilder sslContextBuilder = SslContextBuilder.forClient();
sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE); sslContextBuilder = sslContextBuilder.clientAuth(ClientAuth.NONE);
if (ks != null && restClientConfig.isKeystoreNeeded()) { if (restClientConfig.isNoClientAuthentication()) {
sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray())); LOGGER.warn("By deactivating the authentication client we deprive ourselves of two-way authentication.");
} else {
if (ks != null) {
sslContextBuilder = sslContextBuilder.keyManager(createKeyManagerFactory(ks.getType(), ks.getKeyPath(), ks.getKeyPassword().toCharArray()));
}
} }
if (restClientConfig.getSslConfiguration().isHostnameVerification()) { if (restClientConfig.getSslConfiguration().isHostnameVerification()) {
......
...@@ -59,7 +59,7 @@ public class RestClientConfiguration { ...@@ -59,7 +59,7 @@ public class RestClientConfiguration {
private boolean secure; private boolean secure;
private boolean keystoreNeeded = true; private boolean noClientAuthentication = false;
private SSLConfiguration sslConfiguration; private SSLConfiguration sslConfiguration;
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment