Menu
Feign client in our app is communicating with a self-signed server. We are able to make Feign client use the custom truststore using the property javax.net.ssl.trustStore system property.
But because my app also communicates with standard CA certified sites, the default truststore shouldn't be overridden.
How can I use the custom truststore without using javax.net.ssl.trustStore system property? Or else how can I have my Feign client use the truststore from a property other than standard javax.net.ssl.trustStore system property?
868
This is how i used FeignClient with keystore and truststore
FeignClient Configuration
@Configuration
public class TestClientConfig {
@Bean
public Client feignClient() {
Client trustSSLSockets = new Client.Default(getSSLSocketFactory(), new NoopHostnameVerifier());
return trustSSLSockets;
}
private SSLSocketFactory getSSLSocketFactory() {
try {
TrustStrategy acceptingTrustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
//Do your validations
return true;
}
};
String allPassword = "123456";
SSLContext sslContext = SSLContextBuilder
.create()
// .loadKeyMaterial(ResourceUtils.getFile("classpath:keystore.p12"), allPassword.toCharArray(), allPassword.toCharArray())
.loadKeyMaterial(ResourceUtils.getFile("classpath:keystore.jks"), allPassword.toCharArray(), allPassword.toCharArray())
.loadTrustMaterial(ResourceUtils.getFile("classpath:truststore.jks"), allPassword.toCharArray())
.build();
return sslContext.getSocketFactory();
} catch (Exception exception) {
throw new RuntimeException(exception);
}
}
}
Interface
@FeignClient(name = "Test", url = "https://localhost:8443",configuration=TestClientConfig.class)
public interface TestClient {
@RequestMapping(method = RequestMethod.GET,value = "/hello")
String getHello();
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
