我需要在 Camel 2.12 中暂时禁用证书验证。我正在引用一个测试 Web 服务,该服务当前提供无效证书并出现以下异常 -
Exception in route: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
我在 SO 上找到的许多示例都围绕创建 HttpClientConfigurer 并执行此操作 -
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https4", 443, ssf));
这些解决方案需要一个采用 org.apache.http.client.HttpClient 的 configureHttpClient(HttpClient hc) 方法版本。在我的 Camel 版本中,此方法采用 org.apache.commons.httpclient.HttpClient,并且没有引用 getConnectionManager()。
我尝试过 JVM 设置 com.sun.net.ssl.checkReplication=false,但这没有效果。
我认为您正在使用 camel-http 组件,您需要使用 camel-http4 组件。
好吧,我终于成功了——感谢那里的许多帖子,这些帖子对我尝试做的事情的一些细节有所帮助,特别感谢这篇帖子。逐步使用 Camel 2.12.1 -
代理背后的我的安全 URL -
https4://someURL?proxyAuthHost=proxy.company.com&proxyAuthPort=8080&proxyAuthScheme=http
创建访问 URL 的组件 -
import org.apache.camel.component.http4.HttpComponent;
...
final HttpComponent myComponent = new HttpComponent();
myComponent.setClientConnectionManager(new PoolingClientConnectionManager());
myComponent.setHttpClientConfigurer(new myHttpClientConfigurer());
注意:只有当代码在第 317 行在 HttpComponent 中抛出 NPE 时,设置 ClientConnectionManager 的需要才变得清晰 -
SchemeRegistry registry = clientConnectionManager.getSchemeRegistry();
myHttpClientConfigurer.java
import org.apache.camel.component.http4.HttpClientConfigurer;
import org.apache.http.client.HttpClient;
...
public class myHttpClientConfigurer implements HttpClientConfigurer {
@Override
public void configureHttpClient(HttpClient hc) {
try {
Properties properties = loadProperties();
KeyStore trustStore = KeyStore.getInstance("JKS");
final String javaKeystoreFile = getJavaKeystoreFile(properties);
final String keystorePassword = getKeystorePassword(properties);
trustStore.load(new FileInputStream(javaKeystoreFile), keystorePassword.toCharArray());
KeyManagerFactory keyFactory = KeyManagerFactory.getInstance("SunX509");
keyFactory.init(trustStore, keystorePassword.toCharArray());
TrustManagerFactory trustFactory = TrustManagerFactory.getInstance("SunX509");
trustFactory.init(trustStore);
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(keyFactory.getKeyManagers(), trustFactory.getTrustManagers(), null);
TrustStrategy trustStrategy = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
return true;
}
};
SSLSocketFactory factory = new SSLSocketFactory(SSLSocketFactory.TLS, trustStore, keystorePassword, trustStore, null, trustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
SchemeRegistry registry = hc.getConnectionManager().getSchemeRegistry();
registry.register(new Scheme("https", 443, factory));
catch ...
}
请注意,虽然 URL 指定“https4”,但 new Schedule() 是“https”。在调试器中单步执行 HttpComponent 代码后,这似乎是我可以让它工作的唯一方法。
我已禁用验证,如下所示:
import org.apache.camel.CamelContext;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.camel.impl.DefaultCamelContext;
import org.apache.camel.util.jndi.JndiContext;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.util.jsse.SSLContextParameters;
import org.apache.camel.util.jsse.TrustManagersParameters;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
public class Sample {
public static void main(String args[]) throws Exception{
JndiContext jndiContext = new JndiContext();
jndiContext.bind("x509HostnameVerifier", new AllowAllHostnameVerifier());
CamelContext context = new DefaultCamelContext(jndiContext);
context.addRoutes(new RouteBuilder() {
private void configurate(){
KeyStoreParameters trust_ksp = new KeyStoreParameters();
trust_ksp.setResource("keystore/keystore.jks");
trust_ksp.setPassword("qweqwe");
TrustManagersParameters trustp = new TrustManagersParameters();
trustp.setKeyStore(trust_ksp);
SSLContextParameters scp = new SSLContextParameters();
scp.setTrustManagers(trustp);
HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
httpComponent.setSslContextParameters(scp);
}
public void configure() throws Exception {
configurate();
from("file://test_folder")
.setHeader("SOAPAction", constant("/Action"))
.to("https4://localhost?x509HostnameVerifier=x509HostnameVerifier&authUsername=user&authPassword=pasword");
}
});
context.start();
Thread.sleep(600000);
context.stop();
}