我尝试与具有自签名证书服务器进行通信。
我的路由配置:
.setHeader(Exchange.HTTP_METHOD, constant("GET"))
.to("https4://192.168.3.15:3000/getFile")
.marshal(xmlJsonFormat)
.process("camelProcessor")
.to(mongodb:mongoBean?database=eicas&collection=sales&operation=insert)
.to("log:Ok:Se guardo un registro Venta fija")
.doCatch(IllegalArgumentException.class)
.to("log:org.apache.camel.example?level=DEBUG")
.to("log:error?showCaughtException=true&showStackTrace=true");
我不知道集德SSL自签署怎么样。难道我们有什么想法?
见http://camel.apache.org/http4.html的“设置SSL的HTTP客户端”
我实现了与XML DSL如下:
<sslContextParameters id="sslContext" xmlns="http://camel.apache.org/schema/blueprint">
<trustManagers>
<keyStore resource="your-certificate"/>
</trustManagers>
</sslContextParameters>
<bean id="http-ssl" class="org.apache.camel.component.http4.HttpComponent">
<property name="sslContextParameters" ref="sslContext"/>
</bean>
<route>
...
<to uri="http-ssl://192.168.3.15:3000/getFile"/>
..
</route>
尝试这个:
private static class InsecureX509TrustManager extends X509ExtendedTrustManager {
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
//Do nothing
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
//Do nothing
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
//Do nothing
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
//Do nothing
}
@Override
public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
//Do nothing
}
@Override
public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
//Do nothing
}
@Override
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
private Endpoint setupSSLConext(CamelContext camelContext) throws Exception {
String[] methodValidator = ReaderXmlVenta.URL_VENTA_FIJA.split(":");
if(methodValidator[0].compareTo("https4") == 0) {
HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class);
httpComponent.setX509HostnameVerifier(NoopHostnameVerifier.INSTANCE);
TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
X509ExtendedTrustManager extendedTrustManager = new InsecureX509TrustManager();
trustManagersParameters.setTrustManager(extendedTrustManager);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setTrustManagers(trustManagersParameters);
httpComponent.setSslContextParameters(sslContextParameters);
//This is important to make your cert skip CN/Hostname checks
httpComponent.setX509HostnameVerifier((s, sslSession) -> {
//I don't mind just return true for all or you can add your own logic
logger.info(s + sslSession);
return true;
});
return httpComponent.createEndpoint( FileUtilsVenta.setDatesQueryAternity("https4://192.168.3.15:3000/getFile"));
}else{
HttpComponent httpComponent = camelContext.getComponent("http4", HttpComponent.class);
return httpComponent.createEndpoint("https4://192.168.3.15:3000/getFile");
}
}
在调用setupSSLConext喜欢这样的:
.setHeader(Exchange.HTTP_METHOD, constant("GET"))
.to(setupSSLConext(getCamelContext()))
.marshal(xmlJsonFormat)
.process("camelProcessor")
.to(mongodb:mongoBean?database=eicas&collection=sales&operation=insert)
.to("log:Ok:Se guardo un registro Venta fija")
.doCatch(IllegalArgumentException.class)
.to("log:org.apache.camel.example?level=DEBUG")
.to("log:error?showCaughtException=true&showStackTrace=true");
尝试上述我:“PKIX路径建设失败:无法找到有效的认证路径请求的目标”,并this proposed solution不让我动态配置每个会话。
我终于找到了一个完全动态的(每个HTTP会话)SSL配置该溶液中,并记录它在Apache camel SSL connection to restful service