diff --git a/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/EmailRouteBuilder.java b/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/EmailRouteBuilder.java index 8884d0c119..e47f2814a0 100644 --- a/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/EmailRouteBuilder.java +++ b/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/EmailRouteBuilder.java @@ -11,7 +11,9 @@ import jakarta.enterprise.context.ApplicationScoped; import jakarta.inject.Inject; import org.apache.camel.Predicate; -import org.apache.camel.builder.endpoint.dsl.HttpEndpointBuilderFactory; +import org.apache.camel.support.jsse.KeyStoreParameters; +import org.apache.camel.support.jsse.SSLContextParameters; +import org.apache.camel.support.jsse.TrustManagersParameters; import org.apache.http.conn.ssl.NoopHostnameVerifier; import java.util.Set; @@ -22,6 +24,7 @@ import static com.redhat.cloud.notifications.connector.email.constants.ExchangeProperty.FILTERED_USERS; import static com.redhat.cloud.notifications.connector.http.SslTrustAllManager.getSslContextParameters; import static org.apache.camel.LoggingLevel.INFO; +import static org.apache.camel.builder.endpoint.dsl.HttpEndpointBuilderFactory.HttpEndpointBuilder; @ApplicationScoped public class EmailRouteBuilder extends EngineToConnectorRouteBuilder { @@ -58,7 +61,7 @@ public void configureRoutes() { * Prepares the payload accepted by BOP and sends the request to * the service. */ - final HttpEndpointBuilderFactory.HttpEndpointBuilder bopEndpoint = this.setUpBOPEndpoint(); + final HttpEndpointBuilder bopEndpoint = this.setUpBOPEndpoint(); from(seda(ENGINE_TO_CONNECTOR)) .routeId(emailConnectorConfig.getConnectorName()) @@ -97,7 +100,7 @@ private Predicate shouldSkipEmail() { * BOP service's certificate. * @return the created endpoint. */ - protected HttpEndpointBuilderFactory.HttpEndpointBuilder setUpBOPEndpoint() { + protected HttpEndpointBuilder setUpBOPEndpoint() { // Remove the schema from the url to avoid the // "ResolveEndpointFailedException", which complaints about specifying // the schema twice. @@ -111,12 +114,27 @@ protected HttpEndpointBuilderFactory.HttpEndpointBuilder setUpBOPEndpoint() { } } - private HttpEndpointBuilderFactory.HttpEndpointBuilder setupRecipientResolverEndpoint() { + private HttpEndpointBuilder setupRecipientResolverEndpoint() { final String fullURL = emailConnectorConfig.getRecipientsResolverServiceURL() + "/internal/recipients-resolver"; + if (fullURL.startsWith("https")) { - return https(fullURL.replace("https://", "")) - .sslContextParameters(getSslContextParameters()) - .x509HostnameVerifier(NoopHostnameVerifier.INSTANCE); + HttpEndpointBuilder endpointBuilder = https(fullURL.replace("https://", "")); + if (emailConnectorConfig.getRecipientsResolverTrustStorePath().isPresent() && emailConnectorConfig.getRecipientsResolverTrustStorePassword().isPresent() && emailConnectorConfig.getRecipientsResolverTrustStoreType().isPresent()) { + + KeyStoreParameters keyStoreParameters = new KeyStoreParameters(); + keyStoreParameters.setResource(emailConnectorConfig.getRecipientsResolverTrustStorePath().get()); + keyStoreParameters.setPassword(emailConnectorConfig.getRecipientsResolverTrustStorePassword().get()); + keyStoreParameters.setType(emailConnectorConfig.getRecipientsResolverTrustStoreType().get()); + + TrustManagersParameters trustManagersParameters = new TrustManagersParameters(); + trustManagersParameters.setKeyStore(keyStoreParameters); + + SSLContextParameters sslContextParameters = new SSLContextParameters(); + sslContextParameters.setTrustManagers(trustManagersParameters); + + endpointBuilder.sslContextParameters(sslContextParameters); + } + return endpointBuilder; } else { return http(fullURL.replace("http://", "")); } diff --git a/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/config/EmailConnectorConfig.java b/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/config/EmailConnectorConfig.java index 4a79c62fa6..128f77882a 100644 --- a/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/config/EmailConnectorConfig.java +++ b/connector-email/src/main/java/com/redhat/cloud/notifications/connector/email/config/EmailConnectorConfig.java @@ -8,6 +8,7 @@ import org.eclipse.microprofile.config.inject.ConfigProperty; import java.util.Map; +import java.util.Optional; import static io.quarkus.runtime.LaunchMode.TEST; @@ -19,14 +20,17 @@ @Alternative @Priority(0) // The value doesn't matter. public class EmailConnectorConfig extends HttpConnectorConfig { + private static final String BOP_API_TOKEN = "notifications.connector.user-provider.bop.api_token"; private static final String BOP_CLIENT_ID = "notifications.connector.user-provider.bop.client_id"; private static final String BOP_ENV = "notifications.connector.user-provider.bop.env"; private static final String BOP_URL = "notifications.connector.user-provider.bop.url"; private static final String MAX_RECIPIENTS_PER_EMAIL = "notifications.connector.max-recipients-per-email"; private static final String RECIPIENTS_RESOLVER_USER_SERVICE_URL = "notifications.connector.recipients-resolver.url"; - private static final String NOTIFICATIONS_EMAILS_INTERNAL_ONLY_ENABLED = "notifications.emails-internal-only.enabled"; + private static final String RECIPIENTS_RESOLVER_TRUST_STORE_PATH = "clowder.endpoints.notifications-recipients-resolver-service.trust-store-path"; + private static final String RECIPIENTS_RESOLVER_TRUST_STORE_PASSWORD = "clowder.endpoints.notifications-recipients-resolver-service.trust-store-password"; + private static final String RECIPIENTS_RESOLVER_TRUST_STORE_TYPE = "clowder.endpoints.notifications-recipients-resolver-service.trust-store-type"; @ConfigProperty(name = BOP_API_TOKEN) String bopApiToken; @@ -49,6 +53,15 @@ public class EmailConnectorConfig extends HttpConnectorConfig { @ConfigProperty(name = NOTIFICATIONS_EMAILS_INTERNAL_ONLY_ENABLED, defaultValue = "false") boolean emailsInternalOnlyEnabled; + @ConfigProperty(name = RECIPIENTS_RESOLVER_TRUST_STORE_PATH) + Optional recipientsResolverTrustStorePath; + + @ConfigProperty(name = RECIPIENTS_RESOLVER_TRUST_STORE_PASSWORD) + Optional recipientsResolverTrustStorePassword; + + @ConfigProperty(name = RECIPIENTS_RESOLVER_TRUST_STORE_TYPE) + Optional recipientsResolverTrustStoreType; + @Override protected Map getLoggedConfiguration() { Map config = super.getLoggedConfiguration(); @@ -63,6 +76,8 @@ protected Map getLoggedConfiguration() { config.put(RECIPIENTS_RESOLVER_USER_SERVICE_URL, recipientsResolverServiceURL); config.put(MAX_RECIPIENTS_PER_EMAIL, maxRecipientsPerEmail); config.put(NOTIFICATIONS_EMAILS_INTERNAL_ONLY_ENABLED, emailsInternalOnlyEnabled); + config.put(RECIPIENTS_RESOLVER_TRUST_STORE_PATH, recipientsResolverTrustStorePath); + config.put(RECIPIENTS_RESOLVER_TRUST_STORE_TYPE, recipientsResolverTrustStoreType); /* * /!\ WARNING /!\ @@ -105,6 +120,18 @@ public void setEmailsInternalOnlyEnabled(boolean emailsInternalOnlyEnabled) { this.emailsInternalOnlyEnabled = emailsInternalOnlyEnabled; } + public Optional getRecipientsResolverTrustStorePath() { + return recipientsResolverTrustStorePath; + } + + public Optional getRecipientsResolverTrustStorePassword() { + return recipientsResolverTrustStorePassword; + } + + public Optional getRecipientsResolverTrustStoreType() { + return recipientsResolverTrustStoreType; + } + /** * This method throws an {@link IllegalStateException} if it is invoked with a launch mode different from * {@link io.quarkus.runtime.LaunchMode#TEST TEST}. It should be added to methods that allow overriding a