Problem
By default the Spring RestTempalte and the swagger OpenAPI client does an SSL check. This is usually not required on the test system, as so the goal is to remove the SSL check from the Spring Boot Rest Template.
Remote host closed connection during handshake; nested exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
RestTemplate
@Bean public RestTemplate restTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException { final RestTemplate restTemplate = new RestTemplate(sslFactory()); return restTemplate; } @Bean public HttpComponentsClientHttpRequestFactory sslFactory() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException { final TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true; final SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom() .loadTrustMaterial(null, acceptingTrustStrategy) .build(); final SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext); final CloseableHttpClient httpClient = HttpClients.custom() .setMaxConnPerRoute(250) .setMaxConnTotal(250) .setSSLSocketFactory(csf) // during the SSL check we have also the verification of the host name, // this can be skipped to like this: .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE) .build(); final HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); requestFactory.setHttpClient(httpClient); return requestFactory; }
Apache HTTP Client pom.xml
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> </dependency>
Swagger OpenAPI Client
Furthermore sometimes it is required to remove the SSL check from the OpenAPI Swagger ApiClient.
Use the Spring RestTemplate for Swagger Client
Add the following flag: -Dio.swagger.parser.util.RemoteUrl.trustAll=true
Configure Swagger Client
// If a using spring rest template assign here the RestTemplate final XyzApi result = new XyzApi(new ApiClient(restTemplate));
<plugin> <groupId>org.openapitools</groupId> <artifactId>openapi-generator-maven-plugin</artifactId> <executions> <execution> <id>xyz-client</id> <goals> <goal>generate</goal> </goals> <configuration> <!-- use Spring RestTemaplte, optional --> <library>resttemplate</library> <!-- skip SSL check --> <environmentVariables> <io.swagger.parser.util.RemoteUrl.trustAll>true</io.swagger.parser.util.RemoteUrl.trustAll> </environmentVariables>
Links
- https://pragmaticintegrator.wordpress.com/2017/08/13/small-hack-to-avoid-ssl-validation-in-spring-resttemplate/
- http://progressivecoder.com/avoid-ssl-validation-spring-boot-resttemplate/
- https://dev.to/mnpaa/disable-skip-ssl-validation-in-springboot-resttemplate-1ec2
- https://github.com/swagger-api/swagger-codegen/wiki/FAQ#is-there-a-way-to-disable-certificate-verification