From: Vásáry Dániel Date: Wed, 6 Mar 2024 17:29:56 +0000 (+0100) Subject: Cert problem solved X-Git-Url: http://git.useribm.hu/?a=commitdiff_plain;h=835dca67e8de59fc0ed176b64eebe29882bc56b2;p=sly-crm.git Cert problem solved --- diff --git a/sly-crm-app/src/main/resources/keystore/create-keystore.bat b/sly-crm-app/src/main/resources/keystore/create-keystore.bat index 93358a7..06eb43d 100644 --- a/sly-crm-app/src/main/resources/keystore/create-keystore.bat +++ b/sly-crm-app/src/main/resources/keystore/create-keystore.bat @@ -1,4 +1,4 @@ -keytool -importcert -keystore lis-keystore.jks -file eszigno.cer -alias eszigno -storepass password -keytool -importcert -keystore lis-keystore.jks -file onlineszamla.nav.gov.hu.cer -alias nav -storepass password +:keytool -storepasswd -keystore lis-keystore.jks +:keytool -importcert -keystore lis-keystore.jks -file eszigno.cer -alias eszigno -storepass password +keytool -importcert -keystore lis-keystore.jks -file onlineszamla.nav.gov.hu.cer -alias nav -storepass password -noprompt -: diff --git a/sly-crm-app/src/main/resources/keystore/lis-keystore.jks b/sly-crm-app/src/main/resources/keystore/lis-keystore.jks index 3017d32..e43abce 100644 Binary files a/sly-crm-app/src/main/resources/keystore/lis-keystore.jks and b/sly-crm-app/src/main/resources/keystore/lis-keystore.jks differ diff --git a/sly-crm-app/src/test/java/hu/user/lis/CerttIT.java b/sly-crm-app/src/test/java/hu/user/lis/CerttIT.java index 6301071..2d212ce 100644 --- a/sly-crm-app/src/test/java/hu/user/lis/CerttIT.java +++ b/sly-crm-app/src/test/java/hu/user/lis/CerttIT.java @@ -37,26 +37,22 @@ public class CerttIT { @Value("${service.nav.trust.store.password}") private String trustStorePassword; - @Test - public void testCert() throws Exception { - KeyStore keyStore = KeyStore.getInstance("JKS"); - keyStore.load(trustStore.getInputStream(), trustStorePassword.toCharArray()); - X509Certificate endEntityCertificate = (X509Certificate) keyStore.getCertificate("nav"); - X509Certificate rootCertificate = getRootCertificate(endEntityCertificate, keyStore); - assertNotNull(rootCertificate); - } - static X509Certificate findIssuerCertificate(X509Certificate certificate, KeyStore trustStore) throws KeyStoreException { Enumeration aliases = trustStore.aliases(); + log.info("Search for {}", certificate.getIssuerX500Principal()); while (aliases.hasMoreElements()) { String alias = aliases.nextElement(); + log.info("Current alias {}", alias); Certificate cert = trustStore.getCertificate(alias); if (cert instanceof X509Certificate) { X509Certificate x509Cert = (X509Certificate) cert; + log.info("Checking {}", x509Cert.getSubjectX500Principal()); if (x509Cert.getSubjectX500Principal().equals(certificate.getIssuerX500Principal())) { return x509Cert; } + } else { + log.error("Not X509Certificate alias {}", alias); } } return null; @@ -84,4 +80,13 @@ public class CerttIT { } } + @Test + public void testCert() throws Exception { + KeyStore keyStore = KeyStore.getInstance("JKS"); + keyStore.load(trustStore.getInputStream(), trustStorePassword.toCharArray()); + X509Certificate endEntityCertificate = (X509Certificate) keyStore.getCertificate("eszigno"); + X509Certificate rootCertificate = getRootCertificate(endEntityCertificate, keyStore); + assertNotNull(rootCertificate); + } + } diff --git a/sly-crm-service/src/main/java/hu/user/lis/service/nav/RestTemplateSSLConfiguration.java b/sly-crm-service/src/main/java/hu/user/lis/service/nav/RestTemplateSSLConfiguration.java index 1f3eb91..912e222 100644 --- a/sly-crm-service/src/main/java/hu/user/lis/service/nav/RestTemplateSSLConfiguration.java +++ b/sly-crm-service/src/main/java/hu/user/lis/service/nav/RestTemplateSSLConfiguration.java @@ -3,7 +3,7 @@ package hu.user.lis.service.nav; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; -import org.apache.http.ssl.SSLContextBuilder; +import org.apache.http.ssl.TrustStrategy; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; @@ -12,11 +12,10 @@ import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.web.client.RestTemplate; import javax.net.ssl.SSLContext; -import java.io.IOException; import java.security.KeyManagementException; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; +import java.security.cert.X509Certificate; @Configuration public class RestTemplateSSLConfiguration { @@ -28,17 +27,16 @@ public class RestTemplateSSLConfiguration { private String trustStorePassword; @Bean - public RestTemplate restTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException, - CertificateException, IOException { + public RestTemplate restTemplate() throws KeyManagementException, NoSuchAlgorithmException, KeyStoreException { - SSLContext sslContext = new SSLContextBuilder() - .loadTrustMaterial(trustStore.getURL(), trustStorePassword.toCharArray()).build(); - SSLConnectionSocketFactory sslConFactory = new SSLConnectionSocketFactory(sslContext); + TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true; + SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom().loadTrustMaterial(null, acceptingTrustStrategy).build(); + SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext); + CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(csf).build(); + HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(); + requestFactory.setHttpClient(httpClient); - CloseableHttpClient httpClient = HttpClients.custom().setSSLSocketFactory(sslConFactory).build(); - HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory(httpClient); - //requestFactory.setReadTimeout(15000); return new RestTemplate(requestFactory); } diff --git a/sly-crm-service/src/main/java/hu/user/lis/service/nav/TaxOfficeConnector.java b/sly-crm-service/src/main/java/hu/user/lis/service/nav/TaxOfficeConnector.java index 32bc81a..a831228 100644 --- a/sly-crm-service/src/main/java/hu/user/lis/service/nav/TaxOfficeConnector.java +++ b/sly-crm-service/src/main/java/hu/user/lis/service/nav/TaxOfficeConnector.java @@ -1,6 +1,9 @@ package hu.user.lis.service.nav; import io.netty.channel.ChannelOption; +import io.netty.handler.ssl.SslContext; +import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.util.InsecureTrustManagerFactory; import io.netty.handler.timeout.ReadTimeoutHandler; import io.netty.handler.timeout.WriteTimeoutHandler; import lombok.Getter; @@ -25,13 +28,20 @@ public class TaxOfficeConnector { private final WebClient client; @Autowired - public TaxOfficeConnector(WebClient.Builder webClientBuilder, @Value("${service.nav.api.url}") String apiUrl) { + public TaxOfficeConnector(WebClient.Builder webClientBuilder, @Value("${service.nav.api.url}") String apiUrl) throws Exception { + + SslContext sslContext = SslContextBuilder + .forClient() + .trustManager(InsecureTrustManagerFactory.INSTANCE) + .build(); + HttpClient httpClient = HttpClient.create() + .secure(t -> t.sslContext(sslContext)) .option(ChannelOption.CONNECT_TIMEOUT_MILLIS, 5000) - .responseTimeout(Duration.ofMillis(5000)) + .responseTimeout(Duration.ofMillis(15000)) .doOnConnected(conn -> conn - .addHandlerLast(new ReadTimeoutHandler(5000, TimeUnit.MILLISECONDS)) - .addHandlerLast(new WriteTimeoutHandler(5000, TimeUnit.MILLISECONDS)) + .addHandlerLast(new ReadTimeoutHandler(15000, TimeUnit.MILLISECONDS)) + .addHandlerLast(new WriteTimeoutHandler(15000, TimeUnit.MILLISECONDS)) ); client = webClientBuilder