SSL self signed apache camel https4

Question

I try comunicate with server that has a self signed SSL certificate.

My route configuration :

    .setHeader(Exchange.HTTP_METHOD, constant("GET"))
    .to("https4://192.168.3.15:3000/getFile")
    .marshal(xmlJsonFormat)
    .process("camelProcessor")
    .to(mongodb:mongoBean?database=eicas&collection=sales&operation=insert)
    .to("log:Ok:Se guardo un registro Venta fija")
    .doCatch(IllegalArgumentException.class)
    .to("log:org.apache.camel.example?level=DEBUG")
    .to("log:error?showCaughtException=true&showStackTrace=true");

And I don't know how set de ssl self signed. Do we have any idea?

score 3 · Answer 1 · answered May 29 '18 at 07:21

3

See section "Setting up SSL for HTTP Client" of http://camel.apache.org/http4.html

I achieved that with XML DSL as follows:

<sslContextParameters id="sslContext" xmlns="http://camel.apache.org/schema/blueprint"> 
    <trustManagers>
      <keyStore resource="your-certificate"/>                   
    </trustManagers>                
</sslContextParameters>

<bean id="http-ssl" class="org.apache.camel.component.http4.HttpComponent">
    <property name="sslContextParameters" ref="sslContext"/>
</bean>

<route>
    ...
    <to uri="http-ssl://192.168.3.15:3000/getFile"/>
    ..
</route>

answered May 29 '18 at 07:21

Themis Pyrgiotis

876
5
15

Thanks for you response. The certificate of keystore, how i generate it? – Katty Chiale May 29 '18 at 14:23
You will get it from the server that has this self signed certificate. – Themis Pyrgiotis May 30 '18 at 06:47

score 0 · Answer 2 · answered Jun 01 '18 at 18:56

try this:

private static class InsecureX509TrustManager extends X509ExtendedTrustManager {
        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
            //Do nothing

        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
            //Do nothing

        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }



private Endpoint setupSSLConext(CamelContext camelContext) throws Exception {
        String[] methodValidator = ReaderXmlVenta.URL_VENTA_FIJA.split(":");
        if(methodValidator[0].compareTo("https4") == 0) {
            HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class);

            httpComponent.setX509HostnameVerifier(NoopHostnameVerifier.INSTANCE);

            TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
            X509ExtendedTrustManager extendedTrustManager = new InsecureX509TrustManager();
            trustManagersParameters.setTrustManager(extendedTrustManager);

            SSLContextParameters sslContextParameters = new SSLContextParameters();
            sslContextParameters.setTrustManagers(trustManagersParameters);
            httpComponent.setSslContextParameters(sslContextParameters);

            //This is important to make your cert skip CN/Hostname checks
            httpComponent.setX509HostnameVerifier((s, sslSession) -> {
                //I don't mind just return true for all or you can add your own logic
                logger.info(s + sslSession);
                return true;
            });

            return httpComponent.createEndpoint( FileUtilsVenta.setDatesQueryAternity("https4://192.168.3.15:3000/getFile"));
        }else{
            HttpComponent httpComponent = camelContext.getComponent("http4", HttpComponent.class);
            return httpComponent.createEndpoint("https4://192.168.3.15:3000/getFile");
        }

    }

and call the setupSSLConext in to like this :

.setHeader(Exchange.HTTP_METHOD, constant("GET"))
                .to(setupSSLConext(getCamelContext()))
                .marshal(xmlJsonFormat)
                .process("camelProcessor")
                .to(mongodb:mongoBean?database=eicas&collection=sales&operation=insert)
                .to("log:Ok:Se guardo un registro Venta fija")
                .doCatch(IllegalArgumentException.class)
                .to("log:org.apache.camel.example?level=DEBUG")
                .to("log:error?showCaughtException=true&showStackTrace=true");

score 0 · Answer 3 · answered Feb 10 '19 at 23:38

Trying the above I got: "PKIX path building failed: unable to find valid certification path to requested target" and this proposed solution does not let me configure every session dynamically.

I finally found the solution for a fully dynamic (per HTTP session) SSL configuration, and documented it at Apache camel SSL connection to restful service

SSL self signed apache camel https4

3 Answers3