xit-java
/
mens-traffic-parent
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: ssl bypass add

Browse Source
dev
gitea-관리자 1 year ago
parent 754e1411c4
commit 7a00ff2be0
3 changed files with 89 additions and 9 deletions
Show Stats Download Patch File Download Diff File

2
mens-api/src/main/java/kr/xit/biz/sisul/service/BizSisulService.java
Unescape Escape View File

@ -83,7 +83,7 @@ public class BizSisulService extends EgovAbstractServiceImpl implements IBizSisu
// 템플릿 정보 조회 // 템플릿 정보 조회
final List<FmcInfExcel> fmcExcels = parsingFmcExcel(fileReq.getFiles()[0]); final List<FmcInfExcel> fmcExcels = parsingFmcExcel(fileReq.getFiles()[0]);
TmplatManage tmpDTO = mapper.selectDeptInfoByTmplId( final TmplatManage tmpDTO = mapper.selectDeptInfoByTmplId(
fmcExcels.get(0).getTmplatId()) fmcExcels.get(0).getTmplatId())
.orElseThrow(() -> BizRuntimeException.create("템플릿 정보를 찾을 수 없습니다.")); .orElseThrow(() -> BizRuntimeException.create("템플릿 정보를 찾을 수 없습니다."));

64
mens-core/src/main/java/kr/xit/core/spring/config/support/HttpsConnectorConfig.java
Unescape Escape View File

@ -1,5 +1,14 @@
package kr.xit.core.spring.config.support; package kr.xit.core.spring.config.support;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import kr.xit.core.exception.BizRuntimeException;
import org.apache.catalina.Context; import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector; import org.apache.catalina.connector.Connector;
import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityCollection;
@ -31,7 +40,8 @@ import org.springframework.context.annotation.Configuration;
* *
* </pre> * </pre>
*/ */
@ConditionalOnProperty(value = "server.ssl.enabled", havingValue = "true", matchIfMissing = false) //@ConditionalOnProperty(value = "server.ssl.enabled", havingValue = "true", matchIfMissing = false)
@ConditionalOnProperty(value = "server.http")
@Configuration @Configuration
public class HttpsConnectorConfig { public class HttpsConnectorConfig {
@Value("${server.port}") @Value("${server.port}")
@ -44,6 +54,11 @@ public class HttpsConnectorConfig {
public ServletWebServerFactory servletContainer() { public ServletWebServerFactory servletContainer() {
TomcatServletWebServerFactory tomcat = null; TomcatServletWebServerFactory tomcat = null;
try {
ignoreSsl();
} catch (Exception e) {
throw BizRuntimeException.create(e.getMessage());
}
if(SSL_REDIRECT){ if(SSL_REDIRECT){
tomcat = new TomcatServletWebServerFactory() { tomcat = new TomcatServletWebServerFactory() {
@ -72,4 +87,51 @@ public class HttpsConnectorConfig {
if(SSL_REDIRECT) connector.setRedirectPort(SSL_PORT); if(SSL_REDIRECT) connector.setRedirectPort(SSL_PORT);
return connector; return connector;
} }
public void ignoreSsl() throws Exception {
HostnameVerifier hv = new HostnameVerifier() {
@Override
public boolean verify(String urlHostName, SSLSession session) {
return true;
}
};
trustAllHttpsCertificates();
HttpsURLConnection.setDefaultHostnameVerifier(hv);
}
private static void trustAllHttpsCertificates() throws Exception {
TrustManager[] trustAllCerts = new TrustManager[1];
TrustManager tm = new miTM();
trustAllCerts[0] = tm;
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, null);
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
static class miTM implements TrustManager, X509TrustManager {
@Override
public void checkClientTrusted(X509Certificate[] chain, String authType)
throws CertificateException {
}
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public boolean isServerTrusted(X509Certificate[] certs) {
return true;
}
public boolean isClientTrusted(X509Certificate[] certs) {
return true;
}
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {
return;
}
}
} }

32
mens-core/src/main/java/kr/xit/core/spring/config/support/WebClientConfig.java
Unescape Escape View File

@ -3,10 +3,15 @@ package kr.xit.core.spring.config.support;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import io.netty.channel.ChannelOption; import io.netty.channel.ChannelOption;
import io.netty.handler.logging.LogLevel; import io.netty.handler.logging.LogLevel;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.timeout.ReadTimeoutHandler; import io.netty.handler.timeout.ReadTimeoutHandler;
import io.netty.handler.timeout.WriteTimeoutHandler; import io.netty.handler.timeout.WriteTimeoutHandler;
import java.time.Duration; import java.time.Duration;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLException;
import kr.xit.core.exception.BizRuntimeException;
import kr.xit.core.spring.util.error.ClientError; import kr.xit.core.spring.util.error.ClientError;
import kr.xit.core.spring.util.error.ServerError; import kr.xit.core.spring.util.error.ServerError;
import lombok.RequiredArgsConstructor; import lombok.RequiredArgsConstructor;
@ -92,13 +97,26 @@ public class WebClientConfig {
*/ */
@Bean @Bean
public HttpClient defaultHttpClient() { public HttpClient defaultHttpClient() {
return HttpClient.create(connectionProvider()) try {
.wiretap(this.getClass().getCanonicalName(), LogLevel.DEBUG, AdvancedByteBufFormat.TEXTUAL) // SSL check bypass
.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, connectTimeout) SslContext sslContext = SslContextBuilder
.responseTimeout(Duration.ofMillis(this.connectTimeout)) .forClient()
.doOnConnected(conn -> .trustManager(InsecureTrustManagerFactory.INSTANCE)
conn.addHandlerLast(new ReadTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS)) .build();
.addHandlerLast(new WriteTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS)));
return HttpClient.create(connectionProvider())
.secure(t -> t.sslContext(sslContext))
.wiretap(this.getClass().getCanonicalName(), LogLevel.DEBUG,
AdvancedByteBufFormat.TEXTUAL)
.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, connectTimeout)
.responseTimeout(Duration.ofMillis(this.connectTimeout))
.doOnConnected(conn ->
conn.addHandlerLast(new ReadTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS))
.addHandlerLast(
new WriteTimeoutHandler(readTimeout, TimeUnit.MILLISECONDS)));
}catch(SSLException se){
throw BizRuntimeException.create(se.getMessage());
}
} }
/** /**

Write Preview
Loading…
Cancel
Save