Created
January 29, 2021 01:29
-
-
Save ageofsys/08408cd6e107d665762a30d5e22df0a5 to your computer and use it in GitHub Desktop.
RestTemplate, HttpClient 사용 시
SSL 관련 보안 기능들을 무력화 시키는 코드
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package kr.co.cmtinfo.soildlp.client.mcafee.webgateway; | |
import org.apache.commons.codec.binary.Base64; | |
import org.apache.http.client.HttpClient; | |
import org.apache.http.config.Registry; | |
import org.apache.http.config.RegistryBuilder; | |
import org.apache.http.conn.socket.ConnectionSocketFactory; | |
import org.apache.http.conn.socket.PlainConnectionSocketFactory; | |
import org.apache.http.conn.ssl.NoopHostnameVerifier; | |
import org.apache.http.conn.ssl.SSLConnectionSocketFactory; | |
import org.apache.http.impl.client.HttpClientBuilder; | |
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; | |
import org.apache.http.ssl.SSLContextBuilder; | |
import org.junit.jupiter.api.DisplayName; | |
import org.junit.jupiter.api.Test; | |
import org.springframework.boot.test.context.SpringBootTest; | |
import org.springframework.http.*; | |
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; | |
import org.springframework.web.client.RestTemplate; | |
import javax.net.ssl.SSLContext; | |
import java.nio.charset.StandardCharsets; | |
import java.security.KeyManagementException; | |
import java.security.KeyStoreException; | |
import java.security.NoSuchAlgorithmException; | |
import java.security.cert.X509Certificate; | |
import static org.junit.jupiter.api.Assertions.assertEquals; | |
/** | |
* @author Yongsu Son | |
*/ | |
@SpringBootTest | |
public class IgnoreSslValidationErrorTest { | |
@Test | |
@DisplayName("should ignore ssl certification validation error") | |
void shouldIgnoreSslCertificationValidationError() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException { | |
HttpClientBuilder httpClientBuilder = HttpClientBuilder.create(); | |
// 모든 인증서를 신뢰하도록 설정한다 | |
SSLContext sslContext = new SSLContextBuilder() | |
.loadTrustMaterial(null, (X509Certificate[] chain, String authType) -> true).build(); | |
httpClientBuilder.setSSLContext(sslContext); | |
// Https 인증 요청시 호스트네임 유효성 검사를 진행하지 않게 한다. | |
SSLConnectionSocketFactory sslSocketFactory | |
= new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); | |
Registry<ConnectionSocketFactory> socketFactoryRegistry | |
= RegistryBuilder.<ConnectionSocketFactory>create() | |
.register("http", PlainConnectionSocketFactory.getSocketFactory()) | |
.register("https", sslSocketFactory).build(); | |
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry); | |
httpClientBuilder.setConnectionManager(connMgr); | |
// RestTemplate 와 HttpClient 연결 | |
HttpClient httpClient = httpClientBuilder.build(); | |
HttpComponentsClientHttpRequestFactory requestFactory = | |
new HttpComponentsClientHttpRequestFactory(); | |
requestFactory.setHttpClient(httpClient); | |
RestTemplate restTemplate = new RestTemplate(requestFactory); | |
// API 기본 인증 헤드 생성 | |
HttpHeaders headers = new HttpHeaders() {{ | |
String auth = "user:password"; | |
byte[] encodedAuth = Base64.encodeBase64( | |
auth.getBytes(StandardCharsets.US_ASCII) ); | |
String authHeader = "Basic " + new String( encodedAuth ); | |
set( "Authorization", authHeader ); | |
}}; | |
ResponseEntity<String> responseEntity | |
= restTemplate.exchange("https://192.168.0.77:77/lucky7", | |
HttpMethod.POST, new HttpEntity<>(headers), String.class); | |
assertEquals(HttpStatus.OK, responseEntity.getStatusCode()); | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment