SSL ์ฐ๊ฒฐ ์ ์๋ช
๋ CA ์ธ์ฆ์๊ฐ truststore์ ์กด์ฌํ์ง ์๋ ๊ฒฝ์ฐ ์๋์ผ๋ก ๊ฐฑ์ ํ๋ Java ์ฝ๋ ์์ ๋ ๋ค์๊ณผ ๊ฐ์ต๋๋ค.
String url = "https://example.com";
HttpClient httpClient = null;
try {
SSLContext sslContext = SSLContexts.createDefault();
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslSocketFactory).build();
PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(socketFactoryRegistry);
httpClient = HttpClients.custom().setConnectionManager(connectionManager).build();
HttpGet httpGet = new HttpGet(url);
HttpResponse response = httpClient.execute(httpGet);
HttpEntity entity = response.getEntity();
EntityUtils.consume(entity);
} catch (SSLHandshakeException e) {
Throwable cause = e.getCause();
if (cause instanceof CertificateException) {
CertificateException ce = (CertificateException) cause;
if (ce.getMessage().contains("PKIX path building failed")) {
X509Certificate[] certs = ((PKIXCertPathBuilderException) ce.getCause()).getCertPath().getCertificates().toArray(new X509Certificate[0]);
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
for (int i = 0; i < certs.length; i++) {
X509Certificate cert = certs[i];
keyStore.setCertificateEntry("alias-" + i, cert);
}
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(keyStore);
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(keyStore, null).build();
SSLConnectionSocketFactory sslSocketFactory = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
httpClient = HttpClients.custom().setSSLSocketFactory(sslSocketFactory).setConnectionManager(connectionManager).build();
response = httpClient.execute(httpGet);
entity = response.getEntity();
EntityUtils.consume(entity);
}
}
} catch (Exception e) {
// ์๋ฌ ์ฒ๋ฆฌ๋ฅผ ์ํํฉ๋๋ค.
throw new RuntimeException("Error initializing HttpClient", e);
}
์ ์ฝ๋์์๋ HttpClient๋ฅผ ์์ฑํ๋ ๋์ค SSLHandshakeException์ด ๋ฐ์ํ๋ ๊ฒฝ์ฐ, PKIX path building failed ์์ธ๊ฐ ๋ฐ์ํ๋์ง ํ์ธํฉ๋๋ค. ๋ง์ฝ ํด๋น ์์ธ๊ฐ ๋ฐ์ํ๋ค๋ฉด, ์์ธ์ ํฌํจ๋ CertificateException์์ CA ์ธ์ฆ์๋ฅผ ์ถ์ถํฉ๋๋ค. ์ดํ KeyStore๋ฅผ ์์ฑํ์ฌ CA ์ธ์ฆ์๋ฅผ ์ถ๊ฐํ๊ณ , TrustManagerFactory๋ฅผ ์์ฑํฉ๋๋ค. TrustManagerFactory์ init() ๋ฉ์๋๋ฅผ ์ฌ์ฉํ์ฌ keyStore๋ฅผ ์ค์ ํฉ๋๋ค. SSLContextBuilder๋ฅผ ์ฌ์ฉํ์ฌ SSLContext๋ฅผ ์์ฑํ๊ณ , SSLConnectionSocketFactory๋ฅผ ์์ฑํฉ๋๋ค. ๋ง์ง๋ง์ผ๋ก HttpClient๋ฅผ ์์ฑํฉ๋๋ค.
์ ์ฝ๋์์๋ HttpClient์ ์์ฑ์ด ์คํจํ ๊ฒฝ์ฐ์๋ ์์ธ ์ฒ๋ฆฌ๋ฅผ ์ํํ์์ต๋๋ค. ์ด๋ฅผ ์ํด try-catch ๋ธ๋ก์ ์ฌ์ฉํ์ฌ ์์ธ ์ฒ๋ฆฌ๋ฅผ ์ํํ์์ต๋๋ค.
'๋ณด์,์ธ์ฆ,๋คํธ์ํฌ ๊ด๋ จ' ์นดํ ๊ณ ๋ฆฌ์ ๋ค๋ฅธ ๊ธ
[Spring Boot] SSL ์ธ์ฆ ํ๋ฆ ์์ฝ (0) | 2023.04.05 |
---|---|
๊ธฐ์ ํด๋ผ์ฐ๋ ํ๊ฒฝ ๊ตฌ์ฑ IP ๋์ญ๋ ์ฌ์ฉ ๊ด๋ จ (0) | 2023.04.04 |
[SPRING BOOT] SSL ์ธ์ฆ์ ์ ๋ขฐ์ฑ ํ์ธ ์ ์ฐจ (0) | 2023.04.04 |
SSL ์ธ์ฆ์ ๊ด๋ฆฌ ๋ฐฉ์ (0) | 2023.04.04 |