javajack · January 7, 2020 05:18
diff --git a/RetrofitConfig.java b/RetrofitConfig.java
 package com.ms.pwm.retail.bank;

 import java.security.KeyManagementException;
 import java.security.NoSuchAlgorithmException;
 import java.security.cert.CertificateException;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocketFactory;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 import okhttp3.OkHttpClient;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import retrofit2.Retrofit;
 import retrofit2.converter.jackson.JacksonConverterFactory;

 @Configuration
 public class RetrofitConfig {

    @Value("${api.base.url}")
    private String apiBaseUrl;

    @Value("${api.ignore.ssl}")
    private Boolean apiIgnoreSsl;

    @Bean
    public Retrofit retrofit() {
        OkHttpClient client;
        if (apiIgnoreSsl) {
            client = getUnsafeOkHttpClient();
        } else {
            client = new OkHttpClient.Builder().build();
        }
        JacksonConverterFactory converterFactory
                = JacksonConverterFactory.create();

        return new Retrofit.Builder()
                .client(client)
                .baseUrl(apiBaseUrl)
                .addConverterFactory(converterFactory)
                .build();
    }

    private OkHttpClient getUnsafeOkHttpClient() {
        try {
            // Create a trust manager that does not validate certificate chains
            final TrustManager[] trustAllCerts = new TrustManager[]{
                new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                    }

                    @Override
                    public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
                    }

                    @Override
                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
                        return new java.security.cert.X509Certificate[]{};
                    }
                }
            };

            // Install the all-trusting trust manager
            final SSLContext sslContext = SSLContext.getInstance("SSL");
            sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

            // Create an ssl socket factory with our all-trusting manager
            final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

            OkHttpClient.Builder builder = new OkHttpClient.Builder();
            builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
            builder.hostnameVerifier((String hostname, SSLSession session) -> true);

            OkHttpClient okHttpClient = builder.build();
            return okHttpClient;
        } catch (KeyManagementException | NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }
 }
	package com.ms.pwm.retail.bank;

	import java.security.KeyManagementException;
	import java.security.NoSuchAlgorithmException;
	import java.security.cert.CertificateException;
	import javax.net.ssl.SSLContext;
	import javax.net.ssl.SSLSession;
	import javax.net.ssl.SSLSocketFactory;
	import javax.net.ssl.TrustManager;
	import javax.net.ssl.X509TrustManager;
	import okhttp3.OkHttpClient;
	import org.springframework.beans.factory.annotation.Value;
	import org.springframework.context.annotation.Bean;
	import org.springframework.context.annotation.Configuration;
	import retrofit2.Retrofit;
	import retrofit2.converter.jackson.JacksonConverterFactory;

	@Configuration
	public class RetrofitConfig {

	@Value("${api.base.url}")
	private String apiBaseUrl;

	@Value("${api.ignore.ssl}")
	private Boolean apiIgnoreSsl;

	@Bean
	public Retrofit retrofit() {
	OkHttpClient client;
	if (apiIgnoreSsl) {
	client = getUnsafeOkHttpClient();
	} else {
	client = new OkHttpClient.Builder().build();
	}
	JacksonConverterFactory converterFactory
	= JacksonConverterFactory.create();

	return new Retrofit.Builder()
	.client(client)
	.baseUrl(apiBaseUrl)
	.addConverterFactory(converterFactory)
	.build();
	}

	private OkHttpClient getUnsafeOkHttpClient() {
	try {
	// Create a trust manager that does not validate certificate chains
	final TrustManager[] trustAllCerts = new TrustManager[]{
	new X509TrustManager() {
	@Override
	public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
	}

	@Override
	public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) throws CertificateException {
	}

	@Override
	public java.security.cert.X509Certificate[] getAcceptedIssuers() {
	return new java.security.cert.X509Certificate[]{};
	}
	}
	};

	// Install the all-trusting trust manager
	final SSLContext sslContext = SSLContext.getInstance("SSL");
	sslContext.init(null, trustAllCerts, new java.security.SecureRandom());

	// Create an ssl socket factory with our all-trusting manager
	final SSLSocketFactory sslSocketFactory = sslContext.getSocketFactory();

	OkHttpClient.Builder builder = new OkHttpClient.Builder();
	builder.sslSocketFactory(sslSocketFactory, (X509TrustManager) trustAllCerts[0]);
	builder.hostnameVerifier((String hostname, SSLSession session) -> true);

	OkHttpClient okHttpClient = builder.build();
	return okHttpClient;
	} catch (KeyManagementException \| NoSuchAlgorithmException e) {
	throw new RuntimeException(e);
	}
	}
	}