Implement TLS truststore option property (Default vs SMP truststore)

c46cee52 · Joze RIHTARSIC · 6f895209 · c46cee52 · c46cee52 · c46cee52
Commit c46cee52 authored 2 years ago by Joze RIHTARSIC
--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/data/ui/enums/SMPPropertyEnum.java
@@ -40,7 +40,7 @@ public enum SMPPropertyEnum {
    SML_URL("bdmsl.integration.url", "http://localhost:8080/edelivery-sml", "BDMSL (SML) endpoint", false, false, false, URL),
    SML_TLS_DISABLE_CN_CHECK("bdmsl.integration.tls.disableCNCheck", "false", "If SML Url is HTTPs - Disable CN check if needed.", false, false, false, BOOLEAN),
    SML_TLS_SERVER_CERT_SUBJECT_REGEXP("bdmsl.integration.tls.serverSubjectRegex", ".*", "Regular expression for server TLS certificate subject verification  CertEx. .*CN=acc.edelivery.tech.ec.europa.eu.*.", false, false, false, REGEXP),
-    SML_TLS_TRUSTSTORE_TYPE("bdmsl.integration.tls.userSystemDefaultTruststore", "false", "If true use system default truststore for trusting TLS server certificate (Legacy behaviour to SMP 4.1 version), else use SMP truststore", false, false, false, BOOLEAN),
+    SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT("bdmsl.integration.tls.userSystemDefaultTruststore", "false", "If true use system default truststore for trusting TLS server certificate (Legacy behaviour to SMP 4.1 version), else use SMP truststore", false, false, false, BOOLEAN),
    SML_LOGICAL_ADDRESS("bdmsl.integration.logical.address", "http://localhost:8080/smp/", "Logical SMP endpoint which will be registered on SML when registering new domain", false, false, false, URL),
    SML_PHYSICAL_ADDRESS("bdmsl.integration.physical.address", "0.0.0.0", "Physical SMP endpoint which will be registered on SML when registering new domain.", false, false, false, STRING),
    // keystore truststore

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ConfigurationService.java
@@ -234,7 +234,7 @@ public class ConfigurationService {
    }

    public boolean useSystemTruststoreForTLS() {
-        Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_TRUSTSTORE_TYPE);
+        Boolean value = (Boolean) configurationDAO.getCachedPropertyValue(SML_TLS_TRUSTSTORE_USE_SYSTEM_DEFAULT);
        // by default is not forced
        return value != null && value;
    }

--- a/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java
+++ b/smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/sml/SmlConnector.java
@@ -362,7 +362,13 @@ public class SmlConnector implements ApplicationContextAware {
        tlsParams.setUseHttpsURLConnectionDefaultHostnameVerifier(false);
        tlsParams.setCertConstraints(createCertConstraint(configurationService.getSMLIntegrationServerCertSubjectRegExpPattern()));
        tlsParams.setDisableCNCheck(configurationService.smlDisableCNCheck());
-        tlsParams.setTrustManagers(truststoreService.getTrustManagers());
+        if(!configurationService.useSystemTruststoreForTLS()){
+            /**
+             * Sets the TrustManagers associated with this endpoint.
+             * This parameter may be set to null for system default behavior.
+             */
+            tlsParams.setTrustManagers(truststoreService.getTrustManagers());
+        }

        if (!clientCertAuthentication) {
            LOG.info("SML X509 certificate authentication with alias  {}.", smlClientAuthentication);