feat: ssl bypass add

1 year ago · 7a00ff2be0
parent 754e1411c4
commit 7a00ff2be0
3 changed files with 89 additions and 9 deletions
--- a/mens-api/src/main/java/kr/xit/biz/sisul/service/BizSisulService.java
+++ b/mens-api/src/main/java/kr/xit/biz/sisul/service/BizSisulService.java
@ -83,7 +83,7 @@ public class BizSisulService extends EgovAbstractServiceImpl implements IBizSisu
        // 템플릿 정보 조회
        final List<FmcInfExcel> fmcExcels = parsingFmcExcel(fileReq.getFiles()[0]);
-        TmplatManage tmpDTO = mapper.selectDeptInfoByTmplId(
+        final TmplatManage tmpDTO = mapper.selectDeptInfoByTmplId(
                fmcExcels.get(0).getTmplatId())
            .orElseThrow(() -> BizRuntimeException.create("템플릿 정보를 찾을 수 없습니다."));
--- a/mens-core/src/main/java/kr/xit/core/spring/config/support/HttpsConnectorConfig.java
+++ b/mens-core/src/main/java/kr/xit/core/spring/config/support/HttpsConnectorConfig.java
@ -1,5 +1,14 @@
 package kr.xit.core.spring.config.support;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import kr.xit.core.exception.BizRuntimeException;
 import org.apache.catalina.Context;
 import org.apache.catalina.connector.Connector;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
@ -31,7 +40,8 @@ import org.springframework.context.annotation.Configuration;
 *
 * </pre>
 */
-@ConditionalOnProperty(value = "server.ssl.enabled", havingValue = "true", matchIfMissing = false)
+//@ConditionalOnProperty(value = "server.ssl.enabled", havingValue = "true", matchIfMissing = false)
@ConditionalOnProperty(value = "server.http")
@Configuration
 public class HttpsConnectorConfig {
    @Value("${server.port}")
@ -44,6 +54,11 @@ public class HttpsConnectorConfig {
    public ServletWebServerFactory servletContainer() {
 		TomcatServletWebServerFactory tomcat = null;
 		try {
 			ignoreSsl();
 		} catch (Exception e) {
 			throw BizRuntimeException.create(e.getMessage());
 		}
 		if(SSL_REDIRECT){
 			tomcat = new TomcatServletWebServerFactory() {
@ -72,4 +87,51 @@ public class HttpsConnectorConfig {
        if(SSL_REDIRECT)	connector.setRedirectPort(SSL_PORT);
        return connector;
    }
 	public void ignoreSsl() throws Exception {
 		HostnameVerifier hv = new HostnameVerifier() {
 			@Override
 			public boolean verify(String urlHostName, SSLSession session) {
 				return true;
 			}
 		};
 		trustAllHttpsCertificates();
 		HttpsURLConnection.setDefaultHostnameVerifier(hv);
 	}
 	private static void trustAllHttpsCertificates() throws Exception {
 		TrustManager[] trustAllCerts = new TrustManager[1];
 		TrustManager tm = new miTM();
 		trustAllCerts[0] = tm;
 		SSLContext sc = SSLContext.getInstance("SSL");
 		sc.init(null, trustAllCerts, null);
 		HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
 	}
 	static class miTM implements TrustManager, X509TrustManager {
 		@Override
 		public void checkClientTrusted(X509Certificate[] chain, String authType)
 			throws CertificateException {
 		}
 		public X509Certificate[] getAcceptedIssuers() {
 			return null;
 		}
 		public boolean isServerTrusted(X509Certificate[] certs) {
 			return true;
 		}
 		public boolean isClientTrusted(X509Certificate[] certs) {
 			return true;
 		}
 		public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
 			return;
 		}
 	}
 }
--- a/mens-core/src/main/java/kr/xit/core/spring/config/support/WebClientConfig.java
+++ b/mens-core/src/main/java/kr/xit/core/spring/config/support/WebClientConfig.java
@ -3,10 +3,15 @@ package kr.xit.core.spring.config.support;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import io.netty.channel.ChannelOption;
 import io.netty.handler.logging.LogLevel;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
 import io.netty.handler.timeout.ReadTimeoutHandler;
 import io.netty.handler.timeout.WriteTimeoutHandler;
 import java.time.Duration;
 import java.util.concurrent.TimeUnit;
 import javax.net.ssl.SSLException;
 import kr.xit.core.exception.BizRuntimeException;
 import kr.xit.core.spring.util.error.ClientError;
 import kr.xit.core.spring.util.error.ServerError;
 import lombok.RequiredArgsConstructor;
@ -92,13 +97,26 @@ public class WebClientConfig {
     */
    @Bean
    public HttpClient defaultHttpClient() {
        try {
            // SSL check bypass
            SslContext sslContext = SslContextBuilder
                .forClient()
                .trustManager(InsecureTrustManagerFactory.INSTANCE)
                .build();
            return HttpClient.create(connectionProvider())
-            .wiretap(this.getClass().getCanonicalName(), LogLevel.DEBUG, AdvancedByteBufFormat.TEXTUAL)
+                .secure(t -> t.sslContext(sslContext))
                .wiretap(this.getClass().getCanonicalName(), LogLevel.DEBUG,
                    AdvancedByteBufFormat.TEXTUAL)
                .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, connectTimeout)
                .responseTimeout(Duration.ofMillis(this.connectTimeout))
                .doOnConnected(conn ->
                    conn.addHandlerLast(new ReadTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS))
-                    .addHandlerLast(new WriteTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS)));
+                        .addHandlerLast(
                            new WriteTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS)));
        }catch(SSLException se){
            throw BizRuntimeException.create(se.getMessage());
        }
    }
    /**