Created
August 28, 2017 09:30
-
-
Save libetl/91062004669acf799c5661730ae261b9 to your computer and use it in GitHub Desktop.
Disable RestTemplate certificate validation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package foo.bar.config; | |
import org.apache.http.conn.ssl.SSLConnectionSocketFactory; | |
import org.springframework.context.annotation.Bean; | |
import org.springframework.context.annotation.Configuration; | |
import org.springframework.context.annotation.Profile; | |
import org.springframework.web.client.RestTemplate; | |
import javax.net.ssl.SSLContext; | |
import javax.net.ssl.TrustManager; | |
import javax.net.ssl.X509TrustManager; | |
import java.lang.reflect.Field; | |
import java.net.ProtocolException; | |
import java.security.KeyManagementException; | |
import java.security.NoSuchAlgorithmException; | |
import java.util.HashMap; | |
import java.util.List; | |
import java.util.Map; | |
@Configuration | |
@Profile("noSslSecurity") | |
class IgnoreCertificateValidation { | |
@Bean | |
public boolean disableValidation (List<RestTemplate> restTemplates) throws ProtocolException, NoSuchAlgorithmException, KeyManagementException { | |
TrustManager[] tm = {new X509TrustManager() { | |
public boolean isClientTrusted(java.security.cert.X509Certificate[] chain){ return true; } | |
public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){ return true; } | |
public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; } | |
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String input) {} | |
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String input) {}}}; | |
SSLContext sslContext = SSLContext.getInstance("SSL"); | |
sslContext.init(null, tm, new java.security.SecureRandom()); | |
Object sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, (s, sslSession) -> true); | |
restTemplates.forEach(restTemplate -> | |
((Map)$($($($($($(restTemplate.getRequestFactory(), | |
"requestFactory"), | |
"httpClient"), | |
"connManager"), | |
"connectionOperator"), | |
"socketFactoryRegistry"), | |
"map", true)).put("https", sslConnectionSocketFactory)); | |
return true; | |
} | |
private <T> T $(Object source, String fieldName) { | |
return $(source, fieldName, false); | |
} | |
private <T> T $(Object source, String fieldName, boolean map) { | |
try { | |
Field field = source.getClass().getDeclaredField(fieldName); | |
field.setAccessible(true); | |
return (T) field.get(source); | |
} catch (IllegalAccessException | NoSuchFieldException e) { | |
try { | |
Field field = source.getClass().getField(fieldName); | |
field.setAccessible(true); | |
return (T) field.get(source); | |
} catch (IllegalAccessException | NoSuchFieldException e1) { | |
try { | |
if (source.getClass().getSuperclass() == null) { | |
return map ? (T) new HashMap<>() : (T) source; | |
} | |
Field field = source.getClass().getSuperclass().getDeclaredField(fieldName); | |
field.setAccessible(true); | |
return (T) field.get(source); | |
} catch (IllegalAccessException | NoSuchFieldException e2) { | |
return map ? (T) new HashMap<>() : (T) source; | |
} | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment