Configurer Retrofit ssl avec un jks

Ajouts des dependences maven :



      com.squareup.retrofit2
      retrofit
    
    
      com.squareup.retrofit2
      converter-jackson
    
    
      com.squareup.okhttp3
      logging-interceptor
    
    
      com.squareup.retrofit2
      converter-scalars
    
    
      com.fasterxml.jackson.datatype
      jackson-datatype-jsr310</code><code>

com.squareup.retrofit2

retrofit

com.squareup.retrofit2

converter-jackson

com.squareup.okhttp3

logging-interceptor

com.squareup.retrofit2

converter-scalars

com.fasterxml.jackson.datatype

jackson-datatype-jsr310</code><code>

Voici la classe de config :



import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.time.Duration;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import okhttp3.OkHttpClient;
import okhttp3.logging.HttpLoggingInterceptor;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import retrofit2.Retrofit;
import retrofit2.converter.jackson.JacksonConverterFactory;
import retrofit2.converter.scalars.ScalarsConverterFactory;

@Configuration
public class GedConfig {

  @Value("${wps.ged}")
  String gedUrl;
  @Value("${wps.jks.path}")
  private String pathJks;
  @Value("${wps.jks.password}")
  private String passwordJks;

  @Bean
  public Retrofit retrofitGedConfig() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException,
                                             UnrecoverableKeyException, KeyManagementException {
    String url = (StringUtils.endsWith(gedUrl, "/")) ? StringUtils.substringBeforeLast(gedUrl, "/") : gedUrl;

    return new Retrofit.Builder()
            .client(buildOkHttpClient())
            .baseUrl(url)
            .addConverterFactory(ScalarsConverterFactory.create())
            .addConverterFactory(JacksonConverterFactory.create(
                    new ObjectMapper().registerModule(new JavaTimeModule()).disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)))
            .build();
  }

  @SuppressWarnings({"java:S5527", "java:S3510"})
  private OkHttpClient buildOkHttpClient() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException,
                                                  UnrecoverableKeyException, KeyManagementException {
    KeyStore keyStore = readKeyStore(new File(pathJks), passwordJks);
    SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
    TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
    trustManagerFactory.init(keyStore);
    KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
    keyManagerFactory.init(keyStore, passwordJks.toCharArray());
    sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());

    OkHttpClient.Builder builder = new OkHttpClient.Builder().connectTimeout(Duration.ofMinutes(3)).readTimeout(Duration.ofSeconds(60));
    builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustManagerFactory.getTrustManagers()[0]);

    HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();
    interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);
    return builder.addInterceptor(interceptor).build();
  }

  private KeyStore readKeyStore(File keystoreFile, String password) throws KeyStoreException, IOException, CertificateException,
                                                                           NoSuchAlgorithmException {
    KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
    try (InputStream fis = new FileInputStream(keystoreFile)) {
      ks.load(fis, password.toCharArray());
    }
    return ks;
  }

}

import com.fasterxml.jackson.databind.DeserializationFeature;

import com.fasterxml.jackson.databind.ObjectMapper;

import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;

import java.io.File;

import java.io.FileInputStream;

import java.io.IOException;

import java.io.InputStream;

import java.security.KeyManagementException;

import java.security.KeyStore;

import java.security.KeyStoreException;

import java.security.NoSuchAlgorithmException;

import java.security.SecureRandom;

import java.security.UnrecoverableKeyException;

import java.security.cert.CertificateException;

import java.time.Duration;

import javax.net.ssl.KeyManagerFactory;

import javax.net.ssl.SSLContext;

import javax.net.ssl.TrustManagerFactory;

import javax.net.ssl.X509TrustManager;

import okhttp3.OkHttpClient;

import okhttp3.logging.HttpLoggingInterceptor;

import org.apache.commons.lang3.StringUtils;

import org.springframework.beans.factory.annotation.Value;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import retrofit2.Retrofit;

import retrofit2.converter.jackson.JacksonConverterFactory;

import retrofit2.converter.scalars.ScalarsConverterFactory;

@Configuration

public class GedConfig {

@Value("${wps.ged}")

String gedUrl;

@Value("${wps.jks.path}")

private String pathJks;

@Value("${wps.jks.password}")

private String passwordJks;

@Bean

public Retrofit retrofitGedConfig() throws IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException,

UnrecoverableKeyException, KeyManagementException {

String url = (StringUtils.endsWith(gedUrl, "/")) ? StringUtils.substringBeforeLast(gedUrl, "/") : gedUrl;

return new Retrofit.Builder()

.client(buildOkHttpClient())

.baseUrl(url)

.addConverterFactory(ScalarsConverterFactory.create())

.addConverterFactory(JacksonConverterFactory.create(

new ObjectMapper().registerModule(new JavaTimeModule()).disable(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES)))

.build();

}

@SuppressWarnings({"java:S5527", "java:S3510"})

private OkHttpClient buildOkHttpClient() throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException,

UnrecoverableKeyException, KeyManagementException {

KeyStore keyStore = readKeyStore(new File(pathJks), passwordJks);

SSLContext sslContext = SSLContext.getInstance("TLSv1.2");

TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

trustManagerFactory.init(keyStore);

KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

keyManagerFactory.init(keyStore, passwordJks.toCharArray());

sslContext.init(keyManagerFactory.getKeyManagers(), trustManagerFactory.getTrustManagers(), new SecureRandom());

OkHttpClient.Builder builder = new OkHttpClient.Builder().connectTimeout(Duration.ofMinutes(3)).readTimeout(Duration.ofSeconds(60));

builder.sslSocketFactory(sslContext.getSocketFactory(), (X509TrustManager) trustManagerFactory.getTrustManagers()[0]);

HttpLoggingInterceptor interceptor = new HttpLoggingInterceptor();

interceptor.setLevel(HttpLoggingInterceptor.Level.BODY);

return builder.addInterceptor(interceptor).build();

}

private KeyStore readKeyStore(File keystoreFile, String password) throws KeyStoreException, IOException, CertificateException,

NoSuchAlgorithmException {

KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());

try (InputStream fis = new FileInputStream(keystoreFile)) {

ks.load(fis, password.toCharArray());

}

return ks;

}

Configurer Retrofit ssl avec un jks

Article qui pourraient vous intéréser :

Articles récents

Archives

Catégories