Skip to content

Instantly share code, notes, and snippets.

@ageofsys

ageofsys/IgnoreSslValidationErrorTest.java

Created January 29, 2021 01:29
Show Gist options
  • Save ageofsys/08408cd6e107d665762a30d5e22df0a5 to your computer and use it in GitHub Desktop.
Save ageofsys/08408cd6e107d665762a30d5e22df0a5 to your computer and use it in GitHub Desktop.
Download ZIP
RestTemplate, HttpClient 사용 시 SSL 관련 보안 기능들을 무력화 시키는 코드
Raw
IgnoreSslValidationErrorTest.java
package kr.co.cmtinfo.soildlp.client.mcafee.webgateway;
import org.apache.commons.codec.binary.Base64;
import org.apache.http.client.HttpClient;
import org.apache.http.config.Registry;
import org.apache.http.config.RegistryBuilder;
import org.apache.http.conn.socket.ConnectionSocketFactory;
import org.apache.http.conn.socket.PlainConnectionSocketFactory;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
import org.apache.http.ssl.SSLContextBuilder;
import org.junit.jupiter.api.DisplayName;
import org.junit.jupiter.api.Test;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.http.*;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import java.nio.charset.StandardCharsets;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import static org.junit.jupiter.api.Assertions.assertEquals;
/**
* @author Yongsu Son
*/
@SpringBootTest
public class IgnoreSslValidationErrorTest {
@Test
@DisplayName("should ignore ssl certification validation error")
void shouldIgnoreSslCertificationValidationError() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
// 모든 인증서를 신뢰하도록 설정한다
SSLContext sslContext = new SSLContextBuilder()
.loadTrustMaterial(null, (X509Certificate[] chain, String authType) -> true).build();
httpClientBuilder.setSSLContext(sslContext);
// Https 인증 요청시 호스트네임 유효성 검사를 진행하지 않게 한다.
SSLConnectionSocketFactory sslSocketFactory
= new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry
= RegistryBuilder.<ConnectionSocketFactory>create()
.register("http", PlainConnectionSocketFactory.getSocketFactory())
.register("https", sslSocketFactory).build();
PoolingHttpClientConnectionManager connMgr = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
httpClientBuilder.setConnectionManager(connMgr);
// RestTemplate 와 HttpClient 연결
HttpClient httpClient = httpClientBuilder.build();
HttpComponentsClientHttpRequestFactory requestFactory =
new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
RestTemplate restTemplate = new RestTemplate(requestFactory);
// API 기본 인증 헤드 생성
HttpHeaders headers = new HttpHeaders() {{
String auth = "user:password";
byte[] encodedAuth = Base64.encodeBase64(
auth.getBytes(StandardCharsets.US_ASCII) );
String authHeader = "Basic " + new String( encodedAuth );
set( "Authorization", authHeader );
}};
ResponseEntity<String> responseEntity
= restTemplate.exchange("https://192.168.0.77:77/lucky7",
HttpMethod.POST, new HttpEntity<>(headers), String.class);
assertEquals(HttpStatus.OK, responseEntity.getStatusCode());
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment