Skip to content

Commit

Permalink
Merge pull request #14 from saragluna/xiada/refactor-jca-sample
Browse files Browse the repository at this point in the history 
Refactor the jca sample projects
  • Loading branch information
@moarychan
moarychan authored Mar 5, 2025
2 parents e6475e4 + 8114c3b commit a6bcf27
Show file tree
Hide file tree
Showing 3 changed files with 18 additions and 36 deletions.
44 changes: 9 additions & 35 deletions ...les-client/src/main/java/com/azure/spring/sample/keyvault/jca/WebClientConfiguration.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,55 +3,29 @@

package com.azure.spring.sample.keyvault.jca;

import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import org.springframework.boot.ssl.SslBundle;
import org.springframework.boot.ssl.SslBundles;
import org.springframework.boot.autoconfigure.web.reactive.function.client.WebClientSsl;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.reactive.ClientHttpConnector;
import org.springframework.http.client.reactive.ReactorClientHttpConnector;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.netty.http.client.HttpClient;

import javax.net.ssl.KeyManager;
import javax.net.ssl.TrustManagerFactory;

@Configuration
public class WebClientConfiguration {

private final SslBundles sslBundles;

public WebClientConfiguration(SslBundles sslBundles) {
this.sslBundles = sslBundles;
}

@Bean
public WebClient webClientWithTLS() throws Exception {
return buildWebClientEnableTls(false);
public WebClient webClientWithTLS(WebClientSsl ssl) throws Exception {
return buildWebClientEnableTls(false, ssl);
}

@Bean
public WebClient webClientWithMTLS() throws Exception {
return buildWebClientEnableTls(true);
public WebClient webClientWithMTLS(WebClientSsl ssl) throws Exception {
return buildWebClientEnableTls(true, ssl);
}

private WebClient buildWebClientEnableTls(boolean enableMtls) throws Exception {
SslBundle sslBundle = sslBundles.getBundle("clientBundle");
KeyManager keyManager = enableMtls ? sslBundle.getManagers().getKeyManagers()[0] : null;
TrustManagerFactory trustManagerFactory = InsecureTrustManagerFactory.INSTANCE;
SslContext sslContext = SslContextBuilder
.forClient()
.keyManager(keyManager)
.trustManager(trustManagerFactory)
.build();
HttpClient httpClient = HttpClient.create()
.secure(sslSpec -> sslSpec.sslContext(sslContext));
ClientHttpConnector connector = new ReactorClientHttpConnector(httpClient);
private WebClient buildWebClientEnableTls(boolean enableMtls, WebClientSsl ssl) throws Exception {
String sslBundleName = enableMtls ? "mtlsClientBundle" : "tlsClientBundle";
return WebClient.builder().baseUrl("https://localhost:8444")
.clientConnector(connector)
.build();
.apply(ssl.fromBundle(sslBundleName))
.build();
}

}
8 changes: 7 additions & 1 deletion ...zure-starter-keyvault-jca/keyvault-ssl-bundles-client/src/main/resources/application.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,13 @@ spring:
ssl:
bundle:
keyvault:
clientBundle:
tlsClientBundle:
truststore:
keyvault-ref: keyvault1
mtlsClientBundle:
key:
alias: client
for-client-auth: true
keystore:
keyvault-ref: keyvault2
truststore:
Expand Down
2 changes: 2 additions & 0 deletions ...zure-starter-keyvault-jca/keyvault-ssl-bundles-server/src/main/resources/application.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,5 +36,7 @@ server:
port: 8444
ssl:
bundle: serverBundle
# comment out the following line to enable client authentication
# client-auth: NEED
logging.level:
com.azure.security.keyvault.jca.KeyVaultKeyStore: debug

0 comments on commit a6bcf27

Please sign in to comment.