Spring Boot RestTemplate no SSL check

Posted on by Paul Sterl

Problem

By default the Spring RestTempalte and the swagger OpenAPI client does an SSL check. This is usually not required on the test system, as so the goal is to remove the SSL check from the Spring Boot Rest Template.

Remote host closed connection during handshake; nested exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

RestTemplate

@Bean
public RestTemplate restTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
    final RestTemplate restTemplate = new RestTemplate(sslFactory());
    return restTemplate;
}

@Bean
public HttpComponentsClientHttpRequestFactory sslFactory() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
    final TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

    final SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
                    .loadTrustMaterial(null, acceptingTrustStrategy)
                    .build();

    final SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);

    final CloseableHttpClient httpClient = HttpClients.custom()
                    .setMaxConnPerRoute(250)
                    .setMaxConnTotal(250)
                    .setSSLSocketFactory(csf)
                    // during the SSL check we have also the verification of the host name,
                    // this can be skipped to like this:
                    .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
                    .build();

    final HttpComponentsClientHttpRequestFactory requestFactory =
                    new HttpComponentsClientHttpRequestFactory();

    requestFactory.setHttpClient(httpClient);

    return requestFactory;
}

Apache HTTP Client pom.xml

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
</dependency>

Swagger OpenAPI Client

Furthermore sometimes it is required to remove the SSL check from the OpenAPI Swagger ApiClient.

Use the Spring RestTemplate for Swagger Client

Add the following flag: -Dio.swagger.parser.util.RemoteUrl.trustAll=true 

Configure Swagger Client

// If a using spring rest template assign here the RestTemplate
final XyzApi result = new XyzApi(new ApiClient(restTemplate));
<plugin>
    <groupId>org.openapitools</groupId>
    <artifactId>openapi-generator-maven-plugin</artifactId>
    <executions>
        <execution>
            <id>xyz-client</id>
          <goals>
            <goal>generate</goal>
          </goals>
          <configuration>
          	    <!-- use Spring RestTemaplte, optional -->
                <library>resttemplate</library>
	            <!-- skip SSL check -->
                <environmentVariables>
                    <io.swagger.parser.util.RemoteUrl.trustAll>true</io.swagger.parser.util.RemoteUrl.trustAll>
                </environmentVariables>

Links

  • https://pragmaticintegrator.wordpress.com/2017/08/13/small-hack-to-avoid-ssl-validation-in-spring-resttemplate/
  • http://progressivecoder.com/avoid-ssl-validation-spring-boot-resttemplate/
  • https://dev.to/mnpaa/disable-skip-ssl-validation-in-springboot-resttemplate-1ec2
  • https://github.com/swagger-api/swagger-codegen/wiki/FAQ#is-there-a-way-to-disable-certificate-verification

  0 people found this article useful

Paul Sterl has written 52 articles

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>