在Camel 2.12中禁用camel证书验证

时间:2014-01-23 19:24:37

标签: java ssl ssl-certificate apache-camel

我要求在Camel 2.12中临时禁用证​​书验证。我正在引用当前提供无效证书并获得以下异常的测试Web服务 - 

Exception in route: sun.security.validator.ValidatorException: PKIX path building     failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我在SO上发现的许多例子都围绕着创建一个HttpClientConfigurer并执行此操作 - 

        SSLContext ctx = SSLContext.getInstance("SSL"); 
        ctx.init(null, new TrustManager[] { tm }, null); 

        SSLSocketFactory ssf = new SSLSocketFactory(ctx, 
                SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 
        ClientConnectionManager ccm = client.getConnectionManager(); 
        SchemeRegistry sr = ccm.getSchemeRegistry(); 
        sr.register(new Scheme("https4", 443, ssf));

这些解决方案需要 configureHttpClient(HttpClient hc)方法的版本,该方法采用 org.apache.http.client.HttpClient 。在我的Camel版本中,此方法采用 org.apache.commons.httpclient.HttpClient ,并且没有引用 getConnectionManager()

我已尝试过JVM设置 com.sun.net.ssl.checkRevocation = false ,但这没有效果。

3 个答案:

答案 0 :(得分:0)

我认为您使用的是camel-http组件,您需要使用camel-http4组件。

答案 1 :(得分:0)

好的,我终于设法让这个工作 - 感谢那里的许多帖子帮助了我试图做的一些细节,特别感谢this posting。使用Camel 2.12.1 -

一步一步

我在代理服务器后面的安全网址 - 

https4://someURL?proxyAuthHost=proxy.company.com&proxyAuthPort=8080&proxyAuthScheme=http

创建组件以访问URL - 

import org.apache.camel.component.http4.HttpComponent;
...
final HttpComponent myComponent = new HttpComponent();
myComponent.setClientConnectionManager(new PoolingClientConnectionManager());
myComponent.setHttpClientConfigurer(new myHttpClientConfigurer());

注意:当代码在第317行的HttpComponent中抛出NPE时,只需设置ClientConnectionManager即可 - 

SchemeRegistry registry = clientConnectionManager.getSchemeRegistry();

<强> myHttpClientConfigurer.java 

 import org.apache.camel.component.http4.HttpClientConfigurer;
 import org.apache.http.client.HttpClient;
 ...
 public class myHttpClientConfigurer implements HttpClientConfigurer {

    @Override
    public void configureHttpClient(HttpClient hc) {
        try {
            Properties properties = loadProperties();
            KeyStore trustStore = KeyStore.getInstance("JKS");
            final String javaKeystoreFile = getJavaKeystoreFile(properties);
            final String keystorePassword = getKeystorePassword(properties);
            trustStore.load(new FileInputStream(javaKeystoreFile), keystorePassword.toCharArray());

            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance("SunX509");
            keyFactory.init(trustStore, keystorePassword.toCharArray());

            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance("SunX509");
            trustFactory.init(trustStore);

            SSLContext sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(keyFactory.getKeyManagers(), trustFactory.getTrustManagers(), null);

            TrustStrategy trustStrategy = new TrustStrategy() {

                @Override
                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    return true;
                }

            };

            SSLSocketFactory factory = new SSLSocketFactory(SSLSocketFactory.TLS, trustStore, keystorePassword, trustStore, null, trustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            SchemeRegistry registry = hc.getConnectionManager().getSchemeRegistry();
            registry.register(new Scheme("https", 443, factory));

        catch ...
 }

请注意,虽然网址指定“https4”,但新Scheme()为“https”。在调试器中单步执行 HttpComponent 代码之后,这似乎是我可以使它工作的唯一方法。

答案 2 :(得分:-2)

我已禁用验证,如下所示:

import org.apache.camel.CamelContext;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.camel.impl.DefaultCamelContext;
import org.apache.camel.util.jndi.JndiContext;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.util.jsse.SSLContextParameters;
import org.apache.camel.util.jsse.TrustManagersParameters;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;

public class Sample {
    public static void main(String args[]) throws Exception{     
     JndiContext jndiContext = new JndiContext();
     jndiContext.bind("x509HostnameVerifier", new AllowAllHostnameVerifier());
     CamelContext context = new DefaultCamelContext(jndiContext);   
     context.addRoutes(new RouteBuilder() {
         private void configurate(){
            KeyStoreParameters trust_ksp = new KeyStoreParameters();
            trust_ksp.setResource("keystore/keystore.jks");
            trust_ksp.setPassword("qweqwe");
            TrustManagersParameters trustp = new TrustManagersParameters();
            trustp.setKeyStore(trust_ksp);
            SSLContextParameters scp = new SSLContextParameters();
            scp.setTrustManagers(trustp);
            HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
            httpComponent.setSslContextParameters(scp);
         }          
             public void configure() throws Exception {
                 configurate();
                     from("file://test_folder")
                     .setHeader("SOAPAction", constant("/Action"))
                     .to("https4://localhost?x509HostnameVerifier=x509HostnameVerifier&authUsername=user&authPassword=pasword");    
        }
    });

     context.start();
     Thread.sleep(600000);
     context.stop();

    }
相关问题
最新问题