Feign 调用https 忽略ssl

Weinigb
1,645 阅读1分钟

1、业务场景

在对接华为的网管系统的时候 由于网管系统只能使用https进行调用 且内网环境下不需要过多的安全校验 故采取忽略ssl验证的方式进行实现

2、报错原因

image.png

3、解决方法

3.1、新增 openfeign 配置类

package com.baolu.wc.config;  
  
import feign.Client;  
import feign.Logger;  
import org.apache.http.conn.ssl.NoopHostnameVerifier;  
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;  
import org.apache.http.ssl.SSLContexts;  
import org.springframework.context.annotation.Bean;  
import org.springframework.context.annotation.Configuration;  
  
import javax.net.ssl.SSLContext;  
import javax.net.ssl.SSLSocketFactory;  
  
/**  
 * @author zhouyongbin  
 */
 @Configuration  
public class SslConfiguration {  
  
    @Bean  
    public Client feignClient() {  
        return new Client.Default(getSSLSocketFactory(), new NoopHostnameVerifier());  
    }  
    @Bean  
    Logger.Level feignLoggerLevel() {  
        return Logger.Level.FULL;  
    }  
    private SSLSocketFactory getSSLSocketFactory() {  
        try {  
            SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build();  
            return sslContext.getSocketFactory();  
        } catch (Exception ex) {  
            throw new RuntimeException(ex);  
        }  
    }  
  
}

3.2、通过工具类进行手动屏蔽ssl

调用: SslUtils.ignoreSsl() 方法 在feign远程调用之前调用

package com.baolu.wc.utils;  
  
import javax.net.ssl.*;  
import java.security.cert.CertificateException;  
import java.security.cert.X509Certificate;  
  
public class SslUtils {  
    private static void trustAllHttpsCertificates() throws Exception {  
        TrustManager[] trustAllCerts = new TrustManager[1];  
        TrustManager tm = new miTM();  
        trustAllCerts[0] = tm;  
        SSLContext sc = SSLContext.getInstance("SSL");  
        sc.init(null, trustAllCerts, null);  
        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());  
    }  
  
    static class miTM implements TrustManager, X509TrustManager {  
        public X509Certificate[] getAcceptedIssuers() {  
            return null;  
        }  
  
        public boolean isServerTrusted(X509Certificate[] certs) {  
            return true;  
        }  
  
        public boolean isClientTrusted(X509Certificate[] certs) {  
            return true;  
        }  
  
        public void checkServerTrusted(X509Certificate[] certs, String authType)  
                throws CertificateException {  
            return;  
        }  
  
        public void checkClientTrusted(X509Certificate[] certs, String authType)  
                throws CertificateException {  
            return;  
        }  
    }  
  
    /**  
     * 忽略HTTPS请求的SSL证书,必须在openConnection之前调用  
     *  
     * @throws Exception  
     */    public static void ignoreSsl() throws Exception {  
        HostnameVerifier hv = new HostnameVerifier() {  
            public boolean verify(String urlHostName, SSLSession session) {  
                System.out.println("Warning: URL Host: " + urlHostName + " vs. " + session.getPeerHost());  
                return true;            }  
        };  
        trustAllHttpsCertificates();  
        HttpsURLConnection.setDefaultHostnameVerifier(hv);  
    }  
}
avatar
文章
阅读
粉丝