Use disableSslProperty when creating Feign http cients. Fixes 2652. (#2654)

spring-cloud-netflix-core/src/main/java/org/springframework/cloud/netflix/feign/FeignAutoConfiguration.java

@@ -118,7 +118,7 @@ public class FeignAutoConfiguration {
 				ApacheHttpClientConnectionManagerFactory connectionManagerFactory,
 				FeignHttpClientProperties httpClientProperties) {
 			final HttpClientConnectionManager connectionManager = connectionManagerFactory
-					.newConnectionManager(false, httpClientProperties.getMaxConnections(),
+					.newConnectionManager(httpClientProperties.isDisableSslValidation(), httpClientProperties.getMaxConnections(),
 							httpClientProperties.getMaxConnectionsPerRoute(),
 							httpClientProperties.getTimeToLive(),
 							httpClientProperties.getTimeToLiveUnit(), registryBuilder);
@@ -185,7 +185,8 @@ public class FeignAutoConfiguration {
 										   ConnectionPool connectionPool, FeignHttpClientProperties httpClientProperties) {
 			Boolean followRedirects = httpClientProperties.isFollowRedirects();
 			Integer connectTimeout = httpClientProperties.getConnectionTimeout();
-			this.okHttpClient = httpClientFactory.createBuilder(false).
+			Boolean disableSslValidation = httpClientProperties.isDisableSslValidation();
+			this.okHttpClient = httpClientFactory.createBuilder(disableSslValidation).
 					connectTimeout(connectTimeout, TimeUnit.MILLISECONDS).
 					followRedirects(followRedirects).
 					connectionPool(connectionPool).build();

spring-cloud-netflix-core/src/test/java/org/springframework/cloud/netflix/feign/FeignHttpClientConfigurationTests.java

+/*
+ * Copyright 2013-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.springframework.cloud.netflix.feign;
+
+import java.lang.reflect.Field;
+import javax.net.ssl.SSLContextSpi;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.X509TrustManager;
+import org.apache.http.config.Lookup;
+import org.apache.http.conn.HttpClientConnectionManager;
+import org.apache.http.conn.socket.ConnectionSocketFactory;
+import org.apache.http.impl.conn.DefaultHttpClientConnectionOperator;
+import org.junit.After;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.cloud.ClassPathExclusions;
+import org.springframework.cloud.FilteredClassPathRunner;
+import org.springframework.cloud.commons.httpclient.HttpClientConfiguration;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.util.ReflectionUtils;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+/**
+ * @author Ryan Baxter
+ */
+@RunWith(FilteredClassPathRunner.class)
+@ClassPathExclusions({ "ribbon-loadbalancer-{version:\\d.*}.jar" })
+public class FeignHttpClientConfigurationTests {
+
+	private ConfigurableApplicationContext context;
+
+	@Before
+	public void setUp() {
+		context = new SpringApplicationBuilder().properties("debug=true","feign.httpclient.disableSslValidation=true").web(false)
+				.sources(HttpClientConfiguration.class, FeignAutoConfiguration.class).run();
+	}
+
+	@After
+	public void tearDown() {
+		if(context != null) {
+			context.close();
+		}
+	}
+
+	@Test
+	public void disableSslTest() throws Exception {
+		HttpClientConnectionManager connectionManager = context.getBean(HttpClientConnectionManager.class);
+		Lookup<ConnectionSocketFactory> socketFactoryRegistry = getConnectionSocketFactoryLookup(connectionManager);
+		assertNotNull(socketFactoryRegistry.lookup("https"));
+		assertNull(this.getX509TrustManager(socketFactoryRegistry).getAcceptedIssuers());
+	}
+
+	private Lookup<ConnectionSocketFactory> getConnectionSocketFactoryLookup(HttpClientConnectionManager connectionManager) {
+		DefaultHttpClientConnectionOperator connectionOperator = (DefaultHttpClientConnectionOperator)this.getField(connectionManager, "connectionOperator");
+		return (Lookup)this.getField(connectionOperator, "socketFactoryRegistry");
+	}
+
+	private X509TrustManager getX509TrustManager(Lookup<ConnectionSocketFactory> socketFactoryRegistry) {
+		ConnectionSocketFactory connectionSocketFactory = (ConnectionSocketFactory)socketFactoryRegistry.lookup("https");
+		SSLSocketFactory sslSocketFactory = (SSLSocketFactory)this.getField(connectionSocketFactory, "socketfactory");
+		SSLContextSpi sslContext = (SSLContextSpi)this.getField(sslSocketFactory, "context");
+		return (X509TrustManager)this.getField(sslContext, "trustManager");
+	}
+
+	protected <T> Object getField(Object target, String name) {
+		Field field = ReflectionUtils.findField(target.getClass(), name);
+		ReflectionUtils.makeAccessible(field);
+		Object value = ReflectionUtils.getField(field, target);
+		return value;
+	}
+
+}

spring-cloud-netflix-core/src/test/java/org/springframework/cloud/netflix/feign/FeignOkHttpConfigurationTests.java

+/*
+ * Copyright 2013-2018 the original author or authors.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.springframework.cloud.netflix.feign;
+
+import okhttp3.OkHttpClient;
+
+import java.lang.reflect.Field;
+import javax.net.ssl.HostnameVerifier;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.cloud.ClassPathExclusions;
+import org.springframework.cloud.FilteredClassPathRunner;
+import org.springframework.cloud.commons.httpclient.HttpClientConfiguration;
+import org.springframework.cloud.commons.httpclient.OkHttpClientFactory;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.util.ReflectionUtils;
+
+/**
+ * @author Ryan Baxter
+ */
+@RunWith(FilteredClassPathRunner.class)
+@ClassPathExclusions({ "ribbon-loadbalancer-{version:\\d.*}.jar" })
+public class FeignOkHttpConfigurationTests {
+
+	private ConfigurableApplicationContext context;
+
+	@Before
+	public void setUp() {
+		context = new SpringApplicationBuilder().properties("debug=true","feign.httpclient.disableSslValidation=true",
+				"feign.okhttp.enabled=true", "feign.httpclient.enabled=false").web(false)
+				.sources(HttpClientConfiguration.class, FeignAutoConfiguration.class).run();
+	}
+
+	@After
+	public void tearDown() {
+		if(context != null) {
+			context.close();
+		}
+	}
+
+	@Test
+	public void disableSslTest() throws Exception {
+		OkHttpClient httpClient = context.getBean(OkHttpClient.class);
+		HostnameVerifier hostnameVerifier = (HostnameVerifier)this.getField(httpClient, "hostnameVerifier");
+		Assert.assertTrue(OkHttpClientFactory.TrustAllHostnames.class.isInstance(hostnameVerifier));
+	}
+
+	protected <T> Object getField(Object target, String name) {
+		Field field = ReflectionUtils.findField(target.getClass(), name);
+		ReflectionUtils.makeAccessible(field);
+		Object value = ReflectionUtils.getField(field, target);
+		return value;
+	}
+}