CodeGen – Pauls Blog https://sterl.org Thu, 17 Jun 2021 09:23:18 +0000 de hourly 1 https://wordpress.org/?v=6.8.3 Spring Boot RestTemplate no SSL check https://sterl.org/2019/06/spring-boot-resttemplate-no-ssl-check/ https://sterl.org/2019/06/spring-boot-resttemplate-no-ssl-check/#respond Sun, 16 Jun 2019 18:56:00 +0000 https://sterl.org/?p=662 Problem

By default the Spring RestTempalte and the swagger OpenAPI client does an SSL check. This is usually not required on the test system, as so the goal is to remove the SSL check from the Spring Boot Rest Template.

Remote host closed connection during handshake; nested exception is javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

RestTemplate

@Bean
public RestTemplate restTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
    final RestTemplate restTemplate = new RestTemplate(sslFactory());
    return restTemplate;
}

@Bean
public HttpComponentsClientHttpRequestFactory sslFactory() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
    final TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;

    final SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
                    .loadTrustMaterial(null, acceptingTrustStrategy)
                    .build();

    final SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);

    final CloseableHttpClient httpClient = HttpClients.custom()
                    .setMaxConnPerRoute(250)
                    .setMaxConnTotal(250)
                    .setSSLSocketFactory(csf)
                    // during the SSL check we have also the verification of the host name,
                    // this can be skipped to like this:
                    .setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE)
                    .build();

    final HttpComponentsClientHttpRequestFactory requestFactory =
                    new HttpComponentsClientHttpRequestFactory();

    requestFactory.setHttpClient(httpClient);

    return requestFactory;
}

Apache HTTP Client pom.xml

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

<dependency>
    <groupId>org.apache.httpcomponents</groupId>
    <artifactId>httpclient</artifactId>
</dependency>

Swagger OpenAPI Client

Furthermore sometimes it is required to remove the SSL check from the OpenAPI Swagger ApiClient.

Use the Spring RestTemplate for Swagger Client

Add the following flag: -Dio.swagger.parser.util.RemoteUrl.trustAll=true 

Configure Swagger Client

// If a using spring rest template assign here the RestTemplate
final XyzApi result = new XyzApi(new ApiClient(restTemplate));
<plugin>
    <groupId>org.openapitools</groupId>
    <artifactId>openapi-generator-maven-plugin</artifactId>
    <executions>
        <execution>
            <id>xyz-client</id>
          <goals>
            <goal>generate</goal>
          </goals>
          <configuration>
          	    <!-- use Spring RestTemaplte, optional -->
                <library>resttemplate</library>
	            <!-- skip SSL check -->
                <environmentVariables>
                    <io.swagger.parser.util.RemoteUrl.trustAll>true</io.swagger.parser.util.RemoteUrl.trustAll>
                </environmentVariables>

Links

  • https://pragmaticintegrator.wordpress.com/2017/08/13/small-hack-to-avoid-ssl-validation-in-spring-resttemplate/
  • http://progressivecoder.com/avoid-ssl-validation-spring-boot-resttemplate/
  • https://dev.to/mnpaa/disable-skip-ssl-validation-in-springboot-resttemplate-1ec2
  • https://github.com/swagger-api/swagger-codegen/wiki/FAQ#is-there-a-way-to-disable-certificate-verification

]]> https://sterl.org/2019/06/spring-boot-resttemplate-no-ssl-check/feed/ 0