Skip to content

Instantly share code, notes, and snippets.

@libetl

libetl/IgnoreCertificateValidation.java

Created August 28, 2017 09:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save libetl/91062004669acf799c5661730ae261b9 to your computer and use it in GitHub Desktop.
Save libetl/91062004669acf799c5661730ae261b9 to your computer and use it in GitHub Desktop.
Download ZIP
Disable RestTemplate certificate validation
Raw
IgnoreCertificateValidation.java
package foo.bar.config;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Profile;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.lang.reflect.Field;
import java.net.ProtocolException;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Configuration
@Profile("noSslSecurity")
class IgnoreCertificateValidation {
@Bean
public boolean disableValidation (List<RestTemplate> restTemplates) throws ProtocolException, NoSuchAlgorithmException, KeyManagementException {
TrustManager[] tm = {new X509TrustManager() {
public boolean isClientTrusted(java.security.cert.X509Certificate[] chain){ return true; }
public boolean isServerTrusted(java.security.cert.X509Certificate[] chain){ return true; }
public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null; }
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String input) {}
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String input) {}}};
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, tm, new java.security.SecureRandom());
Object sslConnectionSocketFactory = new SSLConnectionSocketFactory(sslContext, (s, sslSession) -> true);
restTemplates.forEach(restTemplate ->
((Map)$($($($($($(restTemplate.getRequestFactory(),
"requestFactory"),
"httpClient"),
"connManager"),
"connectionOperator"),
"socketFactoryRegistry"),
"map", true)).put("https", sslConnectionSocketFactory));
return true;
}
private <T> T $(Object source, String fieldName) {
return $(source, fieldName, false);
}
private <T> T $(Object source, String fieldName, boolean map) {
try {
Field field = source.getClass().getDeclaredField(fieldName);
field.setAccessible(true);
return (T) field.get(source);
} catch (IllegalAccessException | NoSuchFieldException e) {
try {
Field field = source.getClass().getField(fieldName);
field.setAccessible(true);
return (T) field.get(source);
} catch (IllegalAccessException | NoSuchFieldException e1) {
try {
if (source.getClass().getSuperclass() == null) {
return map ? (T) new HashMap<>() : (T) source;
}
Field field = source.getClass().getSuperclass().getDeclaredField(fieldName);
field.setAccessible(true);
return (T) field.get(source);
} catch (IllegalAccessException | NoSuchFieldException e2) {
return map ? (T) new HashMap<>() : (T) source;
}
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment