sermant-io · Sherlockhan · Aug 12, 2023 · Jan 5, 2023
diff --git a/.github/actions/common/spring/action.yml b/.github/actions/common/spring/action.yml
@@ -57,3 +57,11 @@ runs:
         key: ${{ runner.os }}-agent-${{ github.run_id }}
     - name: plugin change check
       uses: ./.github/actions/common/plugin-change-check
+    - name: change file version
+      # For build feign client ssl call config, according to springCloud version discriminate high and low config.
+      if: matrix.springCloudVersion == '2020.0.0' || matrix.springCloudVersion == '2021.0.0' || matrix.springCloudVersion == '2021.0.3'
+      shell: bash
+      run: |
+        mv sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign/feign-api/src/main/java/com/huaweicloud/spring/feign/api/configuration/FeignClientSslConfigurationLowVersion.java sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign/feign-api/src/main/java/com/huaweicloud/spring/feign/api/configuration/FeignClientSslConfigurationLowVersion.java.lowVersion
+        mv sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign/feign-api/src/main/java/com/huaweicloud/spring/feign/api/configuration/FeignClientSslConfigurationHighVersion.java.highVersion sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign/feign-api/src/main/java/com/huaweicloud/spring/feign/api/configuration/FeignClientSslConfigurationHighVersion.java
+        ls sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign/feign-api/src/main/java/com/huaweicloud/spring/feign/api/configuration
diff --git a/.github/actions/scenarios/spring/graceful/action.yml b/.github/actions/scenarios/spring/graceful/action.yml
@@ -19,12 +19,15 @@ runs:
         mvn package -Dspring.cloud.version=${{ matrix.springCloudVersion }} -Dspring.boot.version=${{ matrix.springBootVersion }} -DskipTests -P common-test${{ env.tailVersion }} --file sermant-integration-tests/spring-test/pom.xml
     - name: start provider that has closed graceful ability
       shell: bash
+      env:
+        servicecomb.service.enableSpringRegister: true
+        servicecomb.service.preferIpAddress: true
       run: |
         nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=feign -Dserver.port=8014 \
         -Dsermant_log_dir=${{ env.logDir }}/feign-provider-8014${{ env.tailVersion }} -jar \
         sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign${{ env.tailVersion }}/feign-provider${{ env.tailVersion }}/target/feign-provider${{ env.tailVersion }}.jar > ${{ env.logDir }}/feign-provider-8014.log 2>&1 &
         nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=rest -Dserver.port=8004 -jar \
-        -Dsermant_log_dir=${{ env.logDir }}/rest-provider${{ env.tailVersion }} \
+        -Dsermant_log_dir=${{ env.logDir }}/rest-provider-8004${{ env.tailVersion }} \
         sermant-integration-tests/spring-test/spring-common-demos/spring-common-resttemplate/rest-provider/target/rest-provider.jar > ${{ env.logDir }}/rest-provider-8004.log 2>&1 &
     - name: start applications that has opened graceful ability
       shell: bash
@@ -34,17 +37,20 @@ runs:
         grace.rule.enableGraceShutdown: true
         grace.rule.enableOfflineNotify: true
         grace.rule.warmUpTime: 600
+        servicecomb.service.enableSpringRegister: true
+        servicecomb.service.preferIpAddress: true
+      # graceful-rest-provider service port 8443 do not change, it special for springCloud Edgware.SR2 test ssl feature.
       run: |
         cp sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign${{ env.tailVersion }}/feign-provider${{ env.tailVersion }}/target/feign-provider${{ env.tailVersion }}.jar graceful-feign-provider${{ env.tailVersion }}.jar
-        nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=feign -Dserver.port=8013 -jar \
+        nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=feign -Dserver.port=8013 -Dserver.ssl.enabled=true -Dregister.service.secure=true -jar \
         -Dsermant_log_dir=${{ env.logDir }}/feign-provider${{ env.tailVersion }} -Dgrace.rule.httpServerPort=16777 \
         graceful-feign-provider${{ env.tailVersion }}.jar > ${{ env.logDir }}/feign-provider.log 2>&1 &
         nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=feign -Dserver.port=8015 -jar \
         -Dsermant_log_dir=${{ env.logDir }}/feign-consumer${{ env.tailVersion }} -Dgrace.rule.httpServerPort=16778 \
         sermant-integration-tests/spring-test/spring-common-demos/spring-common-feign${{ env.tailVersion }}/feign-consumer${{ env.tailVersion }}/target/feign-consumer${{ env.tailVersion }}.jar > ${{ env.logDir }}/feign-consumer.log 2>&1 &
 
         cp sermant-integration-tests/spring-test/spring-common-demos/spring-common-resttemplate/rest-provider/target/rest-provider.jar graceful-rest-provider.jar
-        nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=rest -Dserver.port=8003 -jar \
+        nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=rest -Dserver.port=8443 -Dserver.ssl.enabled=true -Dregister.service.secure=true -jar \
         -Dsermant_log_dir=${{ env.logDir }}/rest-provider${{ env.tailVersion }} -Dgrace.rule.httpServerPort=16779 \
         graceful-rest-provider.jar > ${{ env.logDir }}/rest-provider.log 2>&1 &
         nohup java -javaagent:sermant-agent-${{ env.sermantVersion }}/agent/sermant-agent.jar=appName=default -Dservice.meta.application=rest -Dserver.port=8005 -jar \

diff --git a/...n-tests/spring-test/spring-common-demos/spring-common-feign-1.5.x/feign-api-1.5.x/pom.xml b/...n-tests/spring-test/spring-common-demos/spring-common-feign-1.5.x/feign-api-1.5.x/pom.xml
@@ -41,5 +41,9 @@
             <version>1.0.0</version>
             <scope>provided</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.httpcomponents</groupId>
+            <artifactId>httpclient</artifactId>
+        </dependency>
     </dependencies>
 </project>
diff --git a/...gn-api-1.5.x/src/main/java/com/huaweicloud/spring/feign/api/HeaderMatchConfiguration.java b/...gn-api-1.5.x/src/main/java/com/huaweicloud/spring/feign/api/HeaderMatchConfiguration.java
@@ -17,17 +17,38 @@
 
 package com.huaweicloud.spring.feign.api;
 
+import feign.Client;
+import feign.Feign;
 import feign.RequestInterceptor;
 import feign.RequestTemplate;
 
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.cloud.netflix.feign.ribbon.CachingSpringLoadBalancerFactory;
+import org.springframework.cloud.netflix.feign.ribbon.LoadBalancerFeignClient;
+import org.springframework.cloud.netflix.ribbon.SpringClientFactory;
+import org.springframework.context.annotation.Bean;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
 /**
  * 针对header方法增加请求头判断是否可以匹配成功
  *
  * @author zhouss
  * @since 2022-07-29
  */
 public class HeaderMatchConfiguration implements RequestInterceptor {
+    private static final Logger LOGGER = LoggerFactory.getLogger(HeaderMatchConfiguration.class);
     private static final String KEY = "key";
+    private static SSLSocketFactory feignSocketFactory = null;
 
     @Override
     public void apply(RequestTemplate template) {
@@ -46,4 +67,69 @@ public void apply(RequestTemplate template) {
             template.header(KEY, "100");
         }
     }
+
+    /**
+     * 构建Feign Builder
+     *
+     * @param lbClientFactory LB工厂
+     * @param clientFactory client工厂
+     * @return Feign.Builder
+     */
+    @Bean
+    public Feign.Builder feignBuilder(CachingSpringLoadBalancerFactory lbClientFactory,
+            SpringClientFactory clientFactory) {
+        final Client sslClient = client(lbClientFactory, clientFactory);
+        return Feign.builder().client(sslClient);
+    }
+
+    /**
+     * 构建Feign client
+     *
+     * @param lbClientFactory LB工厂
+     * @param clientFactory client工厂
+     * @return client
+     */
+    @Bean
+    public Client client(CachingSpringLoadBalancerFactory lbClientFactory, SpringClientFactory clientFactory) {
+        if (feignSocketFactory == null) {
+            try {
+                feignSocketFactory = getFeignSslSocketFactory();
+            } catch (NoSuchAlgorithmException e) {
+                LOGGER.error("build ssl feign client failed for NoSuchAlgorithmException");
+            } catch (KeyManagementException e) {
+                LOGGER.error("build ssl feign client failed for KeyManagementException");
+            }
+        }
+        return new LoadBalancerFeignClient(new Client.Default(feignSocketFactory, new NoopHostnameVerifier()),
+                lbClientFactory, clientFactory);
+    }
+
+    private SSLSocketFactory getFeignSslSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
+        TrustManager[] trustManagers = new TrustManager[1];
+        TrustManager tm = new SslTrustManager();
+        trustManagers[0] = tm;
+        SSLContext sslContext = SSLContext.getInstance("SSL");
+        sslContext.init(null, trustManagers, null);
+        return sslContext.getSocketFactory();
+    }
+
+    /**
+     * 构建SSL Manager
+     *
+     * @since 2022-07-29
+     */
+    static class SslTrustManager implements TrustManager, X509TrustManager {
+        @Override
+        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[0];
+        }
+    }
 }
diff --git a/...n-demos/spring-common-feign-1.5.x/feign-provider-1.5.x/src/main/resources/application.yml b/...n-demos/spring-common-feign-1.5.x/feign-provider-1.5.x/src/main/resources/application.yml
@@ -1,5 +1,11 @@
 server:
   port: 8003
+  ssl:
+    enabled: false
+    key-store: classpath:private.pkcs12
+    key-store-password: 123456
+    key-store-type: pkcs12
+
 spring:
   application:
     name: feign-provider

diff --git a/...on-demos/spring-common-feign-1.5.x/feign-provider-1.5.x/src/main/resources/private.pkcs12 b/...on-demos/spring-common-feign-1.5.x/feign-provider-1.5.x/src/main/resources/private.pkcs12
diff --git a/...t-integration-tests/spring-test/spring-common-demos/spring-common-feign/feign-api/pom.xml b/...t-integration-tests/spring-test/spring-common-demos/spring-common-feign/feign-api/pom.xml
@@ -40,5 +40,9 @@
             <version>1.0.0</version>
             <scope>provided</scope>
         </dependency>
+      <dependency>
+        <groupId>org.apache.httpcomponents</groupId>
+        <artifactId>httpclient</artifactId>
+      </dependency>
     </dependencies>
 </project>
diff --git a/...c/main/java/com/huaweicloud/spring/feign/api/configuration/FeignClientConfigSslUtils.java b/...c/main/java/com/huaweicloud/spring/feign/api/configuration/FeignClientConfigSslUtils.java
@@ -0,0 +1,74 @@
+/*
+ * Copyright (C) 2023-2023 Huawei Technologies Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package com.huaweicloud.spring.feign.api.configuration;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509TrustManager;
+
+/**
+ * 构建feignClient SSL调用的FeignSocketFactory工具类
+ *
+ * @author chengyouling
+ * @since 2023-02-10
+ */
+public class FeignClientConfigSslUtils {
+    private FeignClientConfigSslUtils() {
+    }
+
+    /**
+     * 构建FeignSslSocketFactory
+     *
+     * @return SSLSocketFactory
+     * @throws NoSuchAlgorithmException NoSuchAlgorithmException
+     * @throws KeyManagementException KeyManagementException
+     */
+    public static SSLSocketFactory getFeignSslSocketFactory() throws NoSuchAlgorithmException, KeyManagementException {
+        TrustManager[] trustManagers = new TrustManager[1];
+        TrustManager tm = new FeignClientConfigSslUtils.SslTrustManager();
+        trustManagers[0] = tm;
+        SSLContext sslContext = SSLContext.getInstance("SSL");
+        sslContext.init(null, trustManagers, null);
+        return sslContext.getSocketFactory();
+    }
+
+    /**
+     * 构建SSL Manager
+     *
+     * @since 2022-07-29
+     */
+    static class SslTrustManager implements TrustManager, X509TrustManager {
+        @Override
+        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {
+        }
+
+        @Override
+        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {
+        }
+
+        @Override
+        public X509Certificate[] getAcceptedIssuers() {
+            return new X509Certificate[0];
+        }
+    }
+}
diff --git a/...ud/spring/feign/api/configuration/FeignClientSslConfigurationHighVersion.java.highVersion b/...ud/spring/feign/api/configuration/FeignClientSslConfigurationHighVersion.java.highVersion
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2023-2023 Huawei Technologies Co., Ltd. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+
+package com.huaweicloud.spring.feign.api.configuration;
+
+import feign.Client;
+import feign.Feign;
+
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.cloud.client.loadbalancer.LoadBalancerClient;
+import org.springframework.cloud.client.loadbalancer.LoadBalancerProperties;
+import org.springframework.cloud.loadbalancer.support.LoadBalancerClientFactory;
+import org.springframework.cloud.openfeign.loadbalancer.FeignBlockingLoadBalancerClient;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.security.KeyManagementException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.SSLSocketFactory;
+
+/**
+ * 针对springCloud 2020.0.0/2021.0.0/2021.0.3高版本FeignClient SSL请求证书认证处理
+ *
+ * @author chengyouling
+ * @since 2023-02-10
+ */
+@Configuration
+public class FeignClientSslConfigurationHighVersion {
+    private static SSLSocketFactory feignSocketFactory = null;
+    private static final Logger LOGGER = LoggerFactory.getLogger(FeignClientSslConfigurationHighVersion.class);
+
+    /**
+     * 构建Feign Builder
+     *
+     * @param loadBalancerClient loadBalancerClient
+     * @param properties balancerProperties
+     * @param factory clientFactory
+     * @return Client
+     */
+    @Bean
+    public Feign.Builder feignBuilder(LoadBalancerClient loadBalancerClient, LoadBalancerProperties properties,
+            LoadBalancerClientFactory factory) {
+        final Client sslClient = feignClient(loadBalancerClient, properties, factory);
+        return Feign.builder().client(sslClient);
+    }
+
+    /**
+     * 构建Feign client
+     *
+     * @param loadBalancerClient loadBalancerClient
+     * @param properties balancerProperties
+     * @param factory clientFactory
+     * @return Client
+     */
+    @Bean
+    public Client feignClient(LoadBalancerClient loadBalancerClient, LoadBalancerProperties properties,
+            LoadBalancerClientFactory factory) {
+        if (feignSocketFactory == null) {
+            try {
+                feignSocketFactory = FeignClientConfigSslUtils.getFeignSslSocketFactory();
+            } catch (NoSuchAlgorithmException e) {
+                LOGGER.error("build ssl feign client failed for NoSuchAlgorithmException");
+            } catch (KeyManagementException e) {
+                LOGGER.error("build ssl feign client failed for KeyManagementException");
+            }
+        }
+        return new FeignBlockingLoadBalancerClient(new Client.Default(feignSocketFactory, new NoopHostnameVerifier()),
+                loadBalancerClient, properties, factory);
+    }
+}