diff --git a/mailstore-connector/src/com/axonivy/connector/oauth/ssl/SSLContextConfigure.java b/mailstore-connector/src/com/axonivy/connector/oauth/ssl/SSLContextConfigure.java index 0266abb..7f0eee2 100644 --- a/mailstore-connector/src/com/axonivy/connector/oauth/ssl/SSLContextConfigure.java +++ b/mailstore-connector/src/com/axonivy/connector/oauth/ssl/SSLContextConfigure.java @@ -21,6 +21,8 @@ import com.axonivy.connector.mailstore.constant.Constants; import com.axonivy.connector.mailstore.enums.StartTLS; +import ch.ivyteam.ivy.ssl.client.restricted.SslClientSettings; + public class SSLContextConfigure { private static final SSLContextConfigure INSTANCE = new SSLContextConfigure(); private SSLContextConfigure() {} @@ -37,16 +39,17 @@ public boolean isStartTLSEnabled(Properties properties) { || BooleanUtils.toBoolean(properties.getProperty(StartTLS.REQUIRED.getProperty())); } + @SuppressWarnings("restriction") public void addIvyTrustStoreToCurrentContext() throws NoSuchAlgorithmException, KeyStoreException, CertificateException, IOException, KeyManagementException { TrustManagerFactory tmFactory = initDefaultTrustManagerFactory(); // Backup default Certificates X509TrustManager defaultX509CertTM = getFirstX509TrustManagerFromFactory(tmFactory); - TrustStoreFileReader trustStoreFileReader = new TrustStoreFileReader(); - try (InputStream trustStoreStream = new FileInputStream(trustStoreFileReader.getTrustFile())) { - KeyStore ivyTrustStore = KeyStore.getInstance(KeyStore.getDefaultType()); - ivyTrustStore.load(trustStoreStream, trustStoreFileReader.getTrustPassword()); + var currentSSLClientSettings = SslClientSettings.instance(); + try (InputStream trustStoreStream = new FileInputStream(currentSSLClientSettings.getTrustStoreFile())) { + KeyStore ivyTrustStore = KeyStore.getInstance(currentSSLClientSettings.getTrustStoreType()); + ivyTrustStore.load(trustStoreStream, currentSSLClientSettings.getTrustStorePassword()); tmFactory = getDefaultAlgorithm(); tmFactory.init(ivyTrustStore); X509TrustManager ivyTrustManager = getFirstX509TrustManagerFromFactory(tmFactory); diff --git a/mailstore-connector/src/com/axonivy/connector/oauth/ssl/TrustStoreFileReader.java b/mailstore-connector/src/com/axonivy/connector/oauth/ssl/TrustStoreFileReader.java deleted file mode 100644 index cf21141..0000000 --- a/mailstore-connector/src/com/axonivy/connector/oauth/ssl/TrustStoreFileReader.java +++ /dev/null @@ -1,59 +0,0 @@ -package com.axonivy.connector.oauth.ssl; - -import static com.axonivy.connector.mailstore.constant.Constants.DEFAULT_CONFIGURATION_FOLDER; -import static com.axonivy.connector.mailstore.constant.Constants.DEFAULT_IVY_FILE; - -import java.io.File; -import java.io.IOException; -import java.util.Optional; -import java.util.Properties; - -import org.apache.commons.lang3.StringUtils; - -import ch.ivyteam.config.ConfigFile; -import ch.ivyteam.ivy.config.IFileAccess; -import ch.ivyteam.ivy.environment.Ivy; - -@SuppressWarnings("restriction") -public class TrustStoreFileReader extends ConfigFile { - private static final char[] DEFAULT_PASSWORD = "changeit".toCharArray(); - private static final String DEFAULT_FILE_NAME = "truststore.p12"; - private static final String SSL_TRUSTSTORE_FILE_KEY = "SSL.Client.TrustStore.File"; - private static final String SSL_TRUSTSTORE_PASS_KEY = "SSL.Client.TrustStore.Password"; - private Properties properties; - - public TrustStoreFileReader() { - super(new File(DEFAULT_CONFIGURATION_FOLDER), DEFAULT_IVY_FILE); - getProperties(); - } - - public File getTrustFile() { - String filePath = readPropertyValue(SSL_TRUSTSTORE_FILE_KEY, DEFAULT_FILE_NAME); - File store = new File(filePath); - if (!store.isAbsolute()) { - store = IFileAccess.instance().getConfigFile(DEFAULT_FILE_NAME).toFile(); - } - return store; - } - - public char[] getTrustPassword() { - String pass = readPropertyValue(SSL_TRUSTSTORE_PASS_KEY); - if (StringUtils.isAllBlank(pass)) { - return DEFAULT_PASSWORD; - } - return pass.toCharArray(); - } - - private String readPropertyValue(String key, String... defaultValue) { - var defaultProperty = defaultValue.length == 0 ? StringUtils.EMPTY : defaultValue[0]; - return Optional.ofNullable(properties).map(pro -> pro.getProperty(key)).orElse(defaultProperty); - } - - private void getProperties() { - try { - properties = readAsProperties(); - } catch (IOException e) { - Ivy.log().error("Failed to read ivy config as properties", e); - } - } -}