Apache Camel ProducerTemplate忽略SSL证书检查

问题描述 投票:1回答:2

我正在使用Apache Camel使用SOAP服务,并且该服务托管在自签名证书上以用于开发目的。

我尝试将证书导入密钥库但失败了,因为证书没有有效的CN。

我试图忽略证书错误或信任所有证书。我如何使用producerTemplate来做到这一点。

        Exchange exchangeRequest = producerTemplate.request(endpoint,
            new Processor() {
                public void process(Exchange exchange) throws Exception {
                    exchange.getIn().setBody(payload);
                    if (headermap != null && headermap.size() > 0) {
                        exchange.getIn().setHeaders(headermap);
                    }
                    if (soapHeader != null && !soapHeader.equals("")) {
                        exchange.getIn()
                                .setHeader(
                                        SpringWebserviceConstants.SPRING_WS_SOAP_HEADER,
                                        soapHeader);
                    }
                }
            });
java ssl apache-camel
2个回答
0
投票

不确定我用Camel方式做了什么,但这对我有用。刚刚编写了一个使用JAVA信任所有证书的方法,并在使用Camel ProducerTemplate发出请求之前调用它。

public void trustall() throws NoSuchAlgorithmException, KeyManagementException, IOException {
    TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
        public java.security.cert.X509Certificate[] getAcceptedIssuers() {
            return null;
        }

        public void checkClientTrusted(X509Certificate[] certs, String authType) {
        }

        public void checkServerTrusted(X509Certificate[] certs, String authType) {
        }
    } };

    // Install the all-trusting trust manager
    SSLContext sc = SSLContext.getInstance("SSL");
    sc.init(null, trustAllCerts, new java.security.SecureRandom());
    HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

    // Create all-trusting host name verifier
    HostnameVerifier allHostsValid = new HostnameVerifier() {
        @Override
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }

    };

    // Install the all-trusting host verifier
    HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);

    URL url = new URL(endpoint);
    URLConnection con = url.openConnection();
    Reader reader = new InputStreamReader(con.getInputStream());
    while (true) {
        int ch = reader.read();
        if (ch == -1) {
            break;
        }
        System.out.print((char) ch);
    }
}

0
投票

试图使用Samy answer作为消费者,但它不起作用。这是trustAllCerts的客户端变体(函数样式,因为我使用的是Talend Open Studio):

java.util.function.Consumer<org.apache.cxf.service.factory.AbstractServiceFactoryBean> trustAllCerts = sfb -> {
    TrustManager[] trustAllCerts_ = new TrustManager[] {
        new X509TrustManager() {
            @Override
            public X509Certificate[] getAcceptedIssuers() {    return null;}
            @Override
            public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {}
            @Override
            public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {}
        }
    };
    org.apache.cxf.Bus theBus = org.apache.cxf.bus.CXFBusFactory.getThreadDefaultBus();
    ((FactoryBeanListenerManager)theBus.getExtension(FactoryBeanListenerManager.class))
    .addListener((evnt, sfb_, args) -> {
        if (evnt != org.apache.cxf.service.factory.FactoryBeanListener.Event.CLIENT_CREATED) return;
        TLSClientParameters tlsParams = new TLSClientParameters();
        tlsParams.setTrustManagers(trustAllCerts_);
        tlsParams.setDisableCNCheck(true);
        WebClient.getConfig((WebClient)args[0]).getHttpConduit().setTlsClientParameters(tlsParams);
    });
    sfb.setBus(theBus);
};

推荐问答