@Configuration
public class FeignSSLBalanceConfig {
private static final Logger LOGGER = LoggerFactory.getLogger(FeignSSLBalanceConfig.class);
@Value("${server.ssl.key-store}")
String keyStoreFileName;
@Value("${server.ssl.key-store-password}")
String keyStorePassword;
@Value("${server.ssl.trust-store}")
String trustStoreFileName;
@Value("${server.ssl.trust-store-password}")
String trustStorePassword;
@Autowired
private AesCiperServiceUtil aesCiperServiceUtil;
/**
* Feign SSL重写
*
* @param loadBalancerClient loadBalancerClient
* @param httpClient httpClient
* @param loadBalancerClientFactory loadBalancerClientFactory
* @return Client
* @throws UnrecoverableKeyException UnrecoverableKeyException
* @throws CertificateOperationException CertificateOperationException
*/
@Bean
public Client feignClient(LoadBalancerClient loadBalancerClient, HttpClient httpClient,
LoadBalancerClientFactory loadBalancerClientFactory)
throws UnrecoverableKeyException, CertificateOperationException {
CodeCCUtils.info(LOGGER, "init balance feignClient start...");
String keyStorePwd = aesCiperServiceUtil.decryptStr(keyStorePassword);
String trustStorePwd = aesCiperServiceUtil.decryptStr(trustStorePassword);
try {
Client client = new Client.Default(
SSLUtil.getSSLContext(keyStoreFileName, keyStorePwd, trustStoreFileName, trustStorePwd)
.getSocketFactory(),
HostnameVerifierUtil.getHostnameVerifier());
return new FeignBlockingLoadBalancerClient(client, loadBalancerClient, loadBalancerClientFactory);
} finally {
keyStorePwd = null;
trustStorePwd = null;
}
}
}
/**
* 非负载均衡feign客户端配置
*
* @since 2021-09-15
*/
@Configuration
public class FeignSSLDefaultConfig {
private static final org.slf4j.Logger LOGGER = LoggerFactory.getLogger(FeignSSLDefaultConfig.class);
@Value("${server.ssl.key-store}")
String keyStoreFileName;
@Value("${server.ssl.key-store-password}")
String keyStorePassword;
@Value("${server.ssl.trust-store}")
String trustStoreFileName;
@Value("${server.ssl.trust-store-password}")
String trustStorePassword;
@Autowired
private AesCiperServiceUtil aesCiperServiceUtil;
/**
* 重写Feign.Builder,启用SSL模式
*
* @return Feign.Builder
* @throws IOException IOException
* @throws UnrecoverableKeyException UnrecoverableKeyException
* @throws CertificateOperationException 自定义证书操作异常
*/
@Bean
public Feign.Builder feignBuilder() throws UnrecoverableKeyException, IOException, CertificateOperationException {
final Client trustSSLSockets = client();
return Feign.builder().client(trustSSLSockets);
}
/**
* 重写Feign.Client,启用SSL模式
*
* @return Feign.Client
* @throws UnrecoverableKeyException UnrecoverableKeyException
* @throws CertificateOperationException CertificateOperationException
*/
@Bean
public Client client() throws UnrecoverableKeyException, CertificateOperationException {
CodeCCUtils.info(LOGGER, "init default feignClient start...");
String keyStorePwd = aesCiperServiceUtil.decryptStr(keyStorePassword);
String trustStorePwd = aesCiperServiceUtil.decryptStr(trustStorePassword);
try {
return new Client.Default(
SSLUtil.getSSLContext(keyStoreFileName, keyStorePwd, trustStoreFileName, trustStorePwd)
.getSocketFactory(),
HostnameVerifierUtil.getHostnameVerifier());
} finally {
keyStorePwd = null;
trustStorePwd = null;
}
}
/**
* 重写Logger.Level
*
* @return Logger.Level
* @see [类、类#方法、类#成员]
*/
@Bean
Logger.Level feignLoggerLevel() {
return Logger.Level.FULL;
}
}
更多内容关注微信公众号 ”前后端技术精选“,或者语雀,里面有更多知识:www.yuque.com/riverzmm/uu… 《安全》
