feat:support TSF certificate manager.

pull/1716/head
Haotian Zhang 2 weeks ago
parent dae43959ea
commit e4c3416651

@ -26,9 +26,8 @@ import javax.net.ssl.SSLContext;
import org.apache.hc.client5.http.impl.classic.HttpClients;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.io.HttpClientConnectionManager;
import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy;
import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
import org.apache.hc.core5.ssl.SSLContextBuilder;
import org.springframework.boot.SpringApplication;
@ -60,10 +59,10 @@ public class ConsumerApplication {
SSLContext sslContext = sslBundles.getBundle("tsf").createSslContext();
SSLContext.setDefault(sslContext);
return PoolingHttpClientConnectionManagerBuilder.create()
.setTlsSocketStrategy(new DefaultClientTlsStrategy(
.setSSLSocketFactory(new SSLConnectionSocketFactory(
sslContext,
HostnameVerificationPolicy.CLIENT,
NoopHostnameVerifier.INSTANCE))
NoopHostnameVerifier.INSTANCE
))
.build();
}
@ -74,10 +73,10 @@ public class ConsumerApplication {
.loadTrustMaterial(null, (chain, authType) -> true)
.build();
return PoolingHttpClientConnectionManagerBuilder.create()
.setTlsSocketStrategy(new DefaultClientTlsStrategy(
.setSSLSocketFactory(new SSLConnectionSocketFactory(
sslContext,
HostnameVerificationPolicy.CLIENT,
NoopHostnameVerifier.INSTANCE))
NoopHostnameVerifier.INSTANCE
))
.build();
}

@ -25,6 +25,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.context.event.ApplicationStartedEvent;
import org.springframework.boot.ssl.NoSuchSslBundleException;
import org.springframework.boot.ssl.SslBundles;
import org.springframework.cloud.context.refresh.ContextRefresher;
import org.springframework.context.ApplicationListener;
@ -45,12 +46,14 @@ public class TlsReadyApplicationListener implements ApplicationListener<Applicat
SslBundles sslBundles = ApplicationContextAwareUtils.getBeanIfExists(SslBundles.class);
ContextRefresher contextRefresher = ApplicationContextAwareUtils.getBeanIfExists(ContextRefresher.class);
try {
if (sslBundles != null && contextRefresher != null && isSet.compareAndSet(false, true)
&& sslBundles.getBundleNames().contains("tsf")) {
sslBundles.addBundleUpdateHandler("tsf", sslBundle -> contextRefresher.refresh());
}
else if (sslBundles != null && !sslBundles.getBundleNames().contains("tsf")) {
log.warn("tsf ssl bundle is not registered.");
if (sslBundles != null && contextRefresher != null && isSet.compareAndSet(false, true)) {
try {
sslBundles.getBundle("tsf");
sslBundles.addBundleUpdateHandler("tsf", sslBundle -> contextRefresher.refresh());
}
catch (NoSuchSslBundleException e) {
log.warn("tsf ssl bundle is not registered.");
}
}
}
catch (Throwable throwable) {

Loading…
Cancel
Save