update production setup

This commit is contained in:
anhefti 2019-09-30 16:11:54 +02:00
parent 7eac2acb26
commit db29818ecd

View file

@ -22,6 +22,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.HttpClient; import org.apache.http.client.HttpClient;
import org.apache.http.conn.ssl.TrustAllStrategy;
import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder; import org.apache.http.ssl.SSLContextBuilder;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -156,9 +157,19 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
final String truststoreFilePath = env final String truststoreFilePath = env
.getProperty("server.ssl.trust-store", ""); .getProperty("server.ssl.trust-store", "");
SSLContext sslContext = null;
if (StringUtils.isBlank(truststoreFilePath)) { if (StringUtils.isBlank(truststoreFilePath)) {
throw new IllegalArgumentException("Missing trust-store file path");
} log.info("Securing outgoing calls without trust-store by trusting all certificates");
sslContext = org.apache.http.ssl.SSLContexts
.custom()
.loadTrustMaterial(null, new TrustAllStrategy())
.build();
} else {
log.info("Securing with defined trust-store");
final File trustStoreFile = ResourceUtils.getFile("file:" + truststoreFilePath); final File trustStoreFile = ResourceUtils.getFile("file:" + truststoreFilePath);
@ -175,11 +186,12 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter implements E
System.setProperty("javax.net.ssl.trustStore", truststoreFilePath); System.setProperty("javax.net.ssl.trustStore", truststoreFilePath);
System.setProperty("javax.net.ssl.trustStorePassword", String.valueOf(password)); System.setProperty("javax.net.ssl.trustStorePassword", String.valueOf(password));
final SSLContext sslContext = SSLContextBuilder sslContext = SSLContextBuilder
.create() .create()
.loadTrustMaterial(trustStoreFile, password) .loadTrustMaterial(trustStoreFile, password)
.setKeyStoreType("pkcs12") .setKeyStoreType("pkcs12")
.build(); .build();
}
final HttpClient client = HttpClients.custom() final HttpClient client = HttpClients.custom()
.setSSLContext(sslContext) .setSSLContext(sslContext)