Spring RestTemplate 关闭 SSL 验证
目录
适用于 Apache HttpClient
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.boot.web.client.RestTemplateCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
/**
* @author zhiwen95
* @date 2022/06/16
*/
@Configuration
public class RestTemplateConfiguration {
@Autowired
private List<RestTemplateCustomizer> customizers;
@Bean
public RestTemplate restTemplate() {
return new RestTemplateBuilder(customizers.toArray(new RestTemplateCustomizer[0]))
.requestFactory(() -> {
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
try {
disableSslVerification(requestFactory);
} catch (Exception e) {
throw new RuntimeException(e);
}
return requestFactory;
})
.build();
}
private void disableSslVerification(HttpComponentsClientHttpRequestFactory requestFactory) throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
TrustStrategy acceptingTrustStrategy = (x509Certificates, s) -> true;
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier());
CloseableHttpClient httpClient = HttpClients.custom().setSSLHostnameVerifier(NoopHostnameVerifier.INSTANCE).setSSLSocketFactory(csf).build();
requestFactory.setHttpClient(httpClient);
}
}
适用于 OkHttp3
import okhttp3.OkHttpClient;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.client.RestTemplateBuilder;
import org.springframework.boot.web.client.RestTemplateCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.OkHttp3ClientHttpRequestFactory;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
/**
* @author zhiwen95
* @date 2022/06/16
*/
@Configuration
public class RestTemplateConfiguration {
static final TrustManager[] TRUST_MANAGERS = new TrustManager[]{
new X509TrustManager() {
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {
}
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new java.security.cert.X509Certificate[]{};
}
}
};
@Autowired
private List<RestTemplateCustomizer> customizers;
@Bean
public RestTemplate restTemplate() {
return new RestTemplateBuilder(customizers.toArray(new RestTemplateCustomizer[0]))
.requestFactory(() -> {
final OkHttpClient.Builder builder = new OkHttpClient.Builder();
try {
disableSslVerification(builder);
} catch (Exception e) {
throw new RuntimeException(e);
}
return new OkHttp3ClientHttpRequestFactory(builder
.build());
})
.build();
}
private void disableSslVerification(OkHttpClient.Builder builder) throws NoSuchAlgorithmException, KeyManagementException {
final SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null, TRUST_MANAGERS, new java.security.SecureRandom());
final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();
builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) TRUST_MANAGERS[0]);
builder.hostnameVerifier((hostname, session) -> true);
}
}