Feign忽略https接口调用SSL证书验证

最新推荐文章于 2024-07-26 15:54:32 发布

菜菌

最新推荐文章于 2024-07-26 15:54:32 发布

阅读量8.3k

点赞数 8

文章标签： Feign https SSL SpringBoot

本文链接：https://blog.csdn.net/qq_36599564/article/details/116176888

版权

报错信息：
ERROR javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No subject alternative names matching IP address 10.25.193.111 found

Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.25.193.111 found

这是feign请求https接口因为SSL证书校验报的错，我们如果想忽略证书校验，可以采用下面这个方法:

// SearchClient 调用接口
public interface SearchClient {
    @RequestLine("POST /testPost")
    JSONObject testPost();
}

import feign.Feign;
import feign.Logger;
import feign.Request;
import feign.codec.Encoder;
import feign.jackson.JacksonDecoder;
import feign.jackson.JacksonEncoder;
import feign.slf4j.Slf4jLogger;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import xxx.IgnoreHttpsSSLClient;

// SearchClient Feign接口调用构建初始化
@Configuration
public class FeignConfig {
	@Bean
	public SearchClient searchClient(IgnoreHttpsSSLClient ignoreHttpsSSLClient) {
	    return Feign.builder()
	       .encoder(new JacksonEncoder())
	       .decoder(new JacksonDecoder())
	       .logLevel(Logger.Level.FULL)
	       .logger(new Slf4jLogger(SearchClient.class))
	       .client(ignoreHttpsSSLClient.feignClient())
	       .options(new Request.Options(60000, 60000))
	       .target(SearchClient.class, "https://10.25.193.111:443/");
	}
}

import feign.Client;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

@Configuration
public class IgnoreHttpsSSLClient {

    @Bean
    @ConditionalOnMissingBean
    public Client feignClient() {
        try {
            SSLContext ctx = SSLContext.getInstance("SSL");
            X509TrustManager tm = new X509TrustManager() {
                @Override
                public void checkClientTrusted(X509Certificate[] chain,String authType) throws CertificateException {
                }

                @Override
                public void checkServerTrusted(X509Certificate[] chain,String authType) throws CertificateException {
                }

                @Override
                public X509Certificate[] getAcceptedIssuers() {
                    return null;
                }
            };
            ctx.init(null, new TrustManager[]{tm}, null);
            return new Client.Default(ctx.getSocketFactory(), (hostname, session) -> true);
        } catch (Exception e) {
            return null;
        }
    }
}

我这里是手动创建的SearchClient，如以上代码，将自定义的Client传入SearchClient初始化构建方法中，即可生效，忽略SSL证书校验。

如果你的Feign是使用注解方式构建初始化的，可如下配置，例如：

@FeignClient(value = "testFeignClient", url = "https://10.25.193.111:443/", configuration = TestFeignClientConfig.class)
public interface TestFeignClient {
	@RequestLine("POST /testPost")
    JSONObject testPost();
}

public class TestFeignClientConfig {
	
	// 加载自定义Client
	@Bean
    @ConditionalOnBean(IgnoreHttpsSSLClient.class)
    public Client generateClient(IgnoreHttpsSSLClient ignoreHttpsSSLClient) {
        return ignoreHttpsSSLClient.feignClient();
    }
}