-
Notifications
You must be signed in to change notification settings - Fork 24
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrated to Spring Boot 3 #862
Changes from all commits
1a82150
e718d57
d868e97
eb135bb
974f7a3
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -26,12 +26,18 @@ | |
*/ | ||
package org.alfresco.transformer.config; | ||
|
||
import org.apache.http.conn.ssl.NoopHostnameVerifier; | ||
import org.apache.http.conn.ssl.SSLConnectionSocketFactory; | ||
import org.apache.http.impl.client.CloseableHttpClient; | ||
import org.apache.http.impl.client.HttpClientBuilder; | ||
import org.apache.http.impl.client.HttpClients; | ||
import org.apache.http.ssl.SSLContextBuilder; | ||
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; | ||
import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; | ||
import org.apache.hc.client5.http.impl.classic.HttpClients; | ||
import org.apache.hc.client5.http.impl.io.BasicHttpClientConnectionManager; | ||
import org.apache.hc.client5.http.socket.ConnectionSocketFactory; | ||
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; | ||
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; | ||
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; | ||
import org.apache.hc.core5.http.config.Registry; | ||
import org.apache.hc.core5.http.config.RegistryBuilder; | ||
import org.apache.hc.core5.http.ssl.TLS; | ||
import org.apache.hc.core5.ssl.SSLContextBuilder; | ||
import org.springframework.beans.factory.annotation.Value; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
|
@@ -40,7 +46,6 @@ | |
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; | ||
import org.springframework.web.client.RestTemplate; | ||
|
||
import javax.net.ssl.SSLContext; | ||
import java.io.IOException; | ||
import java.io.InputStream; | ||
import java.security.KeyManagementException; | ||
|
@@ -120,11 +125,23 @@ private boolean isKeystoreConfigured() | |
} | ||
|
||
private RestTemplate createRestTemplateWithSslContext(SSLContextBuilder sslContextBuilder) throws NoSuchAlgorithmException, KeyManagementException { | ||
SSLContext sslContext = sslContextBuilder.build(); | ||
SSLConnectionSocketFactory sslContextFactory = hostNameVerificationDisabled ? new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE) | ||
: new SSLConnectionSocketFactory(sslContext); | ||
final SSLConnectionSocketFactoryBuilder sslConnectionSocketFactoryBuilder = | ||
SSLConnectionSocketFactoryBuilder.create() | ||
.setSslContext(sslContextBuilder.build()) | ||
.setTlsVersions(TLS.V_1_2, TLS.V_1_3); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We have such restriction implemented in Repo, so adding it here would make it consistent in my opinion. |
||
if (hostNameVerificationDisabled) { | ||
sslConnectionSocketFactoryBuilder.setHostnameVerifier(NoopHostnameVerifier.INSTANCE); | ||
} | ||
final SSLConnectionSocketFactory sslConnectionSocketFactory = sslConnectionSocketFactoryBuilder.build(); | ||
|
||
final Registry<ConnectionSocketFactory> sslSocketFactoryRegistry = | ||
RegistryBuilder.<ConnectionSocketFactory> create() | ||
.register("https", sslConnectionSocketFactory) | ||
.build(); | ||
|
||
final BasicHttpClientConnectionManager sslConnectionManager = new BasicHttpClientConnectionManager(sslSocketFactoryRegistry); | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It's either this - basic, or poolable. I don't think we use poolable "perks" in transform-core at all, so I chose a basic option. |
||
|
||
HttpClientBuilder httpClientBuilder = HttpClients.custom().setSSLSocketFactory(sslContextFactory); | ||
HttpClientBuilder httpClientBuilder = HttpClients.custom().setConnectionManager(sslConnectionManager); | ||
CloseableHttpClient httpClient = httpClientBuilder.build(); | ||
ClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient); | ||
return new RestTemplate(requestFactory); | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just providing int would lead to using a deprecated constructor.