在 Camel 2.12 中禁用 Camel 证书验证

问题描述 投票:0回答:3

我需要在 Camel 2.12 中暂时禁用证书验证。我正在引用一个测试 Web 服务,该服务当前提供无效证书并出现以下异常 -

Exception in route: sun.security.validator.ValidatorException: PKIX path building     failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

我在 SO 上找到的许多示例都围绕创建 HttpClientConfigurer 并执行此操作 -

        SSLContext ctx = SSLContext.getInstance("SSL"); 
        ctx.init(null, new TrustManager[] { tm }, null); 

        SSLSocketFactory ssf = new SSLSocketFactory(ctx, 
                SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 
        ClientConnectionManager ccm = client.getConnectionManager(); 
        SchemeRegistry sr = ccm.getSchemeRegistry(); 
        sr.register(new Scheme("https4", 443, ssf));

这些解决方案需要一个采用 org.apache.http.client.HttpClientconfigureHttpClient(HttpClient hc) 方法版本。在我的 Camel 版本中,此方法采用 org.apache.commons.httpclient.HttpClient,并且没有引用 getConnectionManager()

我尝试过 JVM 设置 com.sun.net.ssl.checkReplication=false,但这没有效果。

java ssl ssl-certificate apache-camel
3个回答
0
投票

我认为您正在使用 camel-http 组件,您需要使用 camel-http4 组件。

0
投票

好吧,我终于成功了——感谢那里的许多帖子,这些帖子对我尝试做的事情的一些细节有所帮助,特别感谢这篇帖子。逐步使用 Camel 2.12.1 -

代理背后的我的安全 URL -

https4://someURL?proxyAuthHost=proxy.company.com&proxyAuthPort=8080&proxyAuthScheme=http

创建访问 URL 的组件 -

import org.apache.camel.component.http4.HttpComponent;
...
final HttpComponent myComponent = new HttpComponent();
myComponent.setClientConnectionManager(new PoolingClientConnectionManager());
myComponent.setHttpClientConfigurer(new myHttpClientConfigurer());

注意:只有当代码在第 317 行在 HttpComponent 中抛出 NPE 时,设置 ClientConnectionManager 的需要才变得清晰 -

SchemeRegistry registry = clientConnectionManager.getSchemeRegistry();

myHttpClientConfigurer.java

 import org.apache.camel.component.http4.HttpClientConfigurer;
 import org.apache.http.client.HttpClient;
 ...
 public class myHttpClientConfigurer implements HttpClientConfigurer {

    @Override
    public void configureHttpClient(HttpClient hc) {
        try {
            Properties properties = loadProperties();
            KeyStore trustStore = KeyStore.getInstance("JKS");
            final String javaKeystoreFile = getJavaKeystoreFile(properties);
            final String keystorePassword = getKeystorePassword(properties);
            trustStore.load(new FileInputStream(javaKeystoreFile), keystorePassword.toCharArray());

            KeyManagerFactory keyFactory = KeyManagerFactory.getInstance("SunX509");
            keyFactory.init(trustStore, keystorePassword.toCharArray());

            TrustManagerFactory trustFactory = TrustManagerFactory.getInstance("SunX509");
            trustFactory.init(trustStore);

            SSLContext sslcontext = SSLContext.getInstance("TLS");
            sslcontext.init(keyFactory.getKeyManagers(), trustFactory.getTrustManagers(), null);

            TrustStrategy trustStrategy = new TrustStrategy() {

                @Override
                public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException {
                    return true;
                }

            };

            SSLSocketFactory factory = new SSLSocketFactory(SSLSocketFactory.TLS, trustStore, keystorePassword, trustStore, null, trustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);

            SchemeRegistry registry = hc.getConnectionManager().getSchemeRegistry();
            registry.register(new Scheme("https", 443, factory));

        catch ...
 }

请注意,虽然 URL 指定“https4”,但 new Schedule() 是“https”。在调试器中单步执行 HttpComponent 代码后,这似乎是我可以让它工作的唯一方法。

-2
投票

我已禁用验证,如下所示:

import org.apache.camel.CamelContext;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.camel.impl.DefaultCamelContext;
import org.apache.camel.util.jndi.JndiContext;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.util.jsse.SSLContextParameters;
import org.apache.camel.util.jsse.TrustManagersParameters;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;

public class Sample {
    public static void main(String args[]) throws Exception{     
     JndiContext jndiContext = new JndiContext();
     jndiContext.bind("x509HostnameVerifier", new AllowAllHostnameVerifier());
     CamelContext context = new DefaultCamelContext(jndiContext);   
     context.addRoutes(new RouteBuilder() {
         private void configurate(){
            KeyStoreParameters trust_ksp = new KeyStoreParameters();
            trust_ksp.setResource("keystore/keystore.jks");
            trust_ksp.setPassword("qweqwe");
            TrustManagersParameters trustp = new TrustManagersParameters();
            trustp.setKeyStore(trust_ksp);
            SSLContextParameters scp = new SSLContextParameters();
            scp.setTrustManagers(trustp);
            HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class);
            httpComponent.setSslContextParameters(scp);
         }          
             public void configure() throws Exception {
                 configurate();
                     from("file://test_folder")
                     .setHeader("SOAPAction", constant("/Action"))
                     .to("https4://localhost?x509HostnameVerifier=x509HostnameVerifier&authUsername=user&authPassword=pasword");    
        }
    });

     context.start();
     Thread.sleep(600000);
     context.stop();

    }
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.