CODEWITHSUNDEEP
sslhttpsapache-camelself-signed
Katty Chiale
Katty Chiale

Reputation: 53

SSL self signed apache camel https4

I try comunicate with server that has a self signed SSL certificate.

My route configuration :

    .setHeader(Exchange.HTTP_METHOD, constant("GET"))
    .to("https4://192.168.3.15:3000/getFile")
    .marshal(xmlJsonFormat)
    .process("camelProcessor")
    .to(mongodb:mongoBean?database=eicas&collection=sales&operation=insert)
    .to("log:Ok:Se guardo un registro Venta fija")
    .doCatch(IllegalArgumentException.class)
    .to("log:org.apache.camel.example?level=DEBUG")
    .to("log:error?showCaughtException=true&showStackTrace=true");

And I don't know how set de ssl self signed. Do we have any idea?

Upvotes: 2

Views: 4368

Answers (3)

Bernard Hauzeur
Bernard Hauzeur

Reputation: 2403

Trying the above I got: "PKIX path building failed: unable to find valid certification path to requested target" and this proposed solution does not let me configure every session dynamically.

I finally found the solution for a fully dynamic (per HTTP session) SSL configuration, and documented it at Apache camel SSL connection to restful service

Upvotes: 0

Franco Aronne
Franco Aronne

Reputation: 21

try this: 

private static class InsecureX509TrustManager extends X509ExtendedTrustManager {
        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
            //Do nothing

        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }



private Endpoint setupSSLConext(CamelContext camelContext) throws Exception {
        String[] methodValidator = ReaderXmlVenta.URL_VENTA_FIJA.split(":");
        if(methodValidator[0].compareTo("https4") == 0) {
            HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class);

            httpComponent.setX509HostnameVerifier(NoopHostnameVerifier.INSTANCE);

            TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
            X509ExtendedTrustManager extendedTrustManager = new InsecureX509TrustManager();
            trustManagersParameters.setTrustManager(extendedTrustManager);

            SSLContextParameters sslContextParameters = new SSLContextParameters();
            sslContextParameters.setTrustManagers(trustManagersParameters);
            httpComponent.setSslContextParameters(sslContextParameters);

            //This is important to make your cert skip CN/Hostname checks
            httpComponent.setX509HostnameVerifier((s, sslSession) -> {
                //I don't mind just return true for all or you can add your own logic
                logger.info(s + sslSession);
                return true;
            });

            return httpComponent.createEndpoint( FileUtilsVenta.setDatesQueryAternity("https4://192.168.3.15:3000/getFile"));
        }else{
            HttpComponent httpComponent = camelContext.getComponent("http4", HttpComponent.class);
            return httpComponent.createEndpoint("https4://192.168.3.15:3000/getFile");
        }

    }

and call the setupSSLConext in to like this :

.setHeader(Exchange.HTTP_METHOD, constant("GET"))
                .to(setupSSLConext(getCamelContext()))
                .marshal(xmlJsonFormat)
                .process("camelProcessor")
                .to(mongodb:mongoBean?database=eicas&collection=sales&operation=insert)
                .to("log:Ok:Se guardo un registro Venta fija")
                .doCatch(IllegalArgumentException.class)
                .to("log:org.apache.camel.example?level=DEBUG")
                .to("log:error?showCaughtException=true&showStackTrace=true");

Upvotes: 0

Themis Pyrgiotis
Themis Pyrgiotis

Reputation: 896

See section "Setting up SSL for HTTP Client" of http://camel.apache.org/http4.html

I achieved that with XML DSL as follows:

<sslContextParameters id="sslContext" xmlns="http://camel.apache.org/schema/blueprint"> 
    <trustManagers>
      <keyStore resource="your-certificate"/>                   
    </trustManagers>                
</sslContextParameters>

<bean id="http-ssl" class="org.apache.camel.component.http4.HttpComponent">
    <property name="sslContextParameters" ref="sslContext"/>
</bean>

<route>
    ...
    <to uri="http-ssl://192.168.3.15:3000/getFile"/>
    ..
</route>

Upvotes: 3

Related Questions