-keytool -importcert -keystore lis-keystore.jks -file eszigno.cer -alias eszigno -storepass password
-keytool -importcert -keystore lis-keystore.jks -file onlineszamla.nav.gov.hu.cer -alias nav -storepass password
+:keytool -storepasswd -keystore lis-keystore.jks
+:keytool -importcert -keystore lis-keystore.jks -file eszigno.cer -alias eszigno -storepass password
+keytool -importcert -keystore lis-keystore.jks -file onlineszamla.nav.gov.hu.cer -alias nav -storepass password -noprompt
-:
@Value("${service.nav.trust.store.password}")
private String trustStorePassword;
- @Test
- public void testCert() throws Exception {
- KeyStore keyStore = KeyStore.getInstance("JKS");
- keyStore.load(trustStore.getInputStream(), trustStorePassword.toCharArray());
- X509Certificate endEntityCertificate = (X509Certificate) keyStore.getCertificate("nav");
- X509Certificate rootCertificate = getRootCertificate(endEntityCertificate, keyStore);
- assertNotNull(rootCertificate);
- }
-
static X509Certificate findIssuerCertificate(X509Certificate certificate, KeyStore trustStore)
throws KeyStoreException {
Enumeration<String> aliases = trustStore.aliases();
+ log.info("Search for {}", certificate.getIssuerX500Principal());
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
+ log.info("Current alias {}", alias);
Certificate cert = trustStore.getCertificate(alias);
if (cert instanceof X509Certificate) {
X509Certificate x509Cert = (X509Certificate) cert;
+ log.info("Checking {}", x509Cert.getSubjectX500Principal());
if (x509Cert.getSubjectX500Principal().equals(certificate.getIssuerX500Principal())) {
return x509Cert;
}
+ } else {
+ log.error("Not X509Certificate alias {}", alias);
}
}
return null;
}
}
+ @Test
+ public void testCert() throws Exception {
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(trustStore.getInputStream(), trustStorePassword.toCharArray());
+ X509Certificate endEntityCertificate = (X509Certificate) keyStore.getCertificate("eszigno");
+ X509Certificate rootCertificate = getRootCertificate(endEntityCertificate, keyStore);
+ assertNotNull(rootCertificate);
+ }
+
}
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
-import org.apache.http.ssl.SSLContextBuilder;
+import org.apache.http.ssl.TrustStrategy;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.client.RestTemplate;
import javax.net.ssl.SSLContext;
-import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
@Configuration
public class RestTemplateSSLConfiguration {
private String trustStorePassword;
@Bean
- public RestTemplate restTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException,
- CertificateException, IOException {
+ public RestTemplate restTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException {
- SSLContext sslContext = new SSLContextBuilder()
- .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build();
- SSLConnectionSocketFactory sslConFactory = new SSLConnectionSocketFactory(sslContext);
+ TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
+ SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build();
+ SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
+ CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
+ HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
+ requestFactory.setHttpClient(httpClient);
- CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConFactory).build();
- HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
- //requestFactory.setReadTimeout(15000);
return new RestTemplate(requestFactory);
}
package hu.user.lis.service.nav;
import io.netty.channel.ChannelOption;
+import io.netty.handler.ssl.SslContext;
+import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.util.InsecureTrustManagerFactory;
import io.netty.handler.timeout.ReadTimeoutHandler;
import io.netty.handler.timeout.WriteTimeoutHandler;
import lombok.Getter;
private final WebClient client;
@Autowired
- public TaxOfficeConnector(WebClient.Builder webClientBuilder, @Value("${service.nav.api.url}") String apiUrl) {
+ public TaxOfficeConnector(WebClient.Builder webClientBuilder, @Value("${service.nav.api.url}") String apiUrl) throws Exception {
+
+ SslContext sslContext = SslContextBuilder
+ .forClient()
+ .trustManager(InsecureTrustManagerFactory.INSTANCE)
+ .build();
+
HttpClient httpClient = HttpClient.create()
+ .secure(t -> t.sslContext(sslContext))
.option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000)
- .responseTimeout(Duration.ofMillis(5000))
+ .responseTimeout(Duration.ofMillis(15000))
.doOnConnected(conn -> conn
- .addHandlerLast(new ReadTimeoutHandler(5000, TimeUnit.MILLISECONDS))
- .addHandlerLast(new WriteTimeoutHandler(5000, TimeUnit.MILLISECONDS))
+ .addHandlerLast(new ReadTimeoutHandler(15000, TimeUnit.MILLISECONDS))
+ .addHandlerLast(new WriteTimeoutHandler(15000, TimeUnit.MILLISECONDS))
);
client = webClientBuilder
https://git.useribm.hu / sly-crm.git / commitdiff