feat:support TSF certificate manager.

1 month ago · e4c3416651
parent dae43959ea
commit e4c3416651
2 changed files with 16 additions and 14 deletions
--- a/spring-cloud-tencent-examples/tsf-example/consumer-demo/src/main/java/com/tencent/cloud/tsf/demo/consumer/ConsumerApplication.java
+++ b/spring-cloud-tencent-examples/tsf-example/consumer-demo/src/main/java/com/tencent/cloud/tsf/demo/consumer/ConsumerApplication.java
@ -26,9 +26,8 @@ import javax.net.ssl.SSLContext;
 import org.apache.hc.client5.http.impl.classic.HttpClients;
 import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
 import org.apache.hc.client5.http.io.HttpClientConnectionManager;
-import org.apache.hc.client5.http.ssl.DefaultClientTlsStrategy;
-import org.apache.hc.client5.http.ssl.HostnameVerificationPolicy;
 import org.apache.hc.client5.http.ssl.NoopHostnameVerifier;
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory;
 import org.apache.hc.core5.ssl.SSLContextBuilder;

 import org.springframework.boot.SpringApplication;
@ -60,10 +59,10 @@ public class ConsumerApplication {
 		SSLContext sslContext = sslBundles.getBundle("tsf").createSslContext();
 		SSLContext.setDefault(sslContext);
 		return PoolingHttpClientConnectionManagerBuilder.create()
-				.setTlsSocketStrategy(new DefaultClientTlsStrategy(
+				.setSSLSocketFactory(new SSLConnectionSocketFactory(
 						sslContext,
-						HostnameVerificationPolicy.CLIENT,
-						NoopHostnameVerifier.INSTANCE))
+						NoopHostnameVerifier.INSTANCE
+				))
 				.build();
 	}

@ -74,10 +73,10 @@ public class ConsumerApplication {
 				.loadTrustMaterial(null, (chain, authType) -> true)
 				.build();
 		return PoolingHttpClientConnectionManagerBuilder.create()
-				.setTlsSocketStrategy(new DefaultClientTlsStrategy(
+				.setSSLSocketFactory(new SSLConnectionSocketFactory(
 						sslContext,
-						HostnameVerificationPolicy.CLIENT,
-						NoopHostnameVerifier.INSTANCE))
+						NoopHostnameVerifier.INSTANCE
+				))
 				.build();
 	}

--- a/spring-cloud-tencent-plugin-starters/spring-cloud-starter-tencent-tsf-tls-plugin/src/main/java/com/tencent/cloud/plugin/tsf/tls/TlsReadyApplicationListener.java
+++ b/spring-cloud-tencent-plugin-starters/spring-cloud-starter-tencent-tsf-tls-plugin/src/main/java/com/tencent/cloud/plugin/tsf/tls/TlsReadyApplicationListener.java
@ -25,6 +25,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;

 import org.springframework.boot.context.event.ApplicationStartedEvent;
+import org.springframework.boot.ssl.NoSuchSslBundleException;
 import org.springframework.boot.ssl.SslBundles;
 import org.springframework.cloud.context.refresh.ContextRefresher;
 import org.springframework.context.ApplicationListener;
@ -45,12 +46,14 @@ public class TlsReadyApplicationListener implements ApplicationListener<Applicat
 		SslBundles sslBundles = ApplicationContextAwareUtils.getBeanIfExists(SslBundles.class);
 		ContextRefresher contextRefresher = ApplicationContextAwareUtils.getBeanIfExists(ContextRefresher.class);
 		try {
-			if (sslBundles != null && contextRefresher != null && isSet.compareAndSet(false, true)
-					&& sslBundles.getBundleNames().contains("tsf")) {
-				sslBundles.addBundleUpdateHandler("tsf", sslBundle -> contextRefresher.refresh());
-			}
-			else if (sslBundles != null && !sslBundles.getBundleNames().contains("tsf")) {
-				log.warn("tsf ssl bundle is not registered.");
+			if (sslBundles != null && contextRefresher != null && isSet.compareAndSet(false, true)) {
+				try {
+					sslBundles.getBundle("tsf");
+					sslBundles.addBundleUpdateHandler("tsf", sslBundle -> contextRefresher.refresh());
+				}
+				catch (NoSuchSslBundleException e) {
+					log.warn("tsf ssl bundle is not registered.");
+				}
 			}
 		}
 		catch (Throwable throwable) {