2014-01-23 141 views
2

我有一個要求,暫時禁用駱駝2.12中的證書驗證。我引用當前提供的證書無效,並收到以下異常測試Web服務 -在駱駝2.12中禁用駱駝證書驗證

 SSLContext ctx = SSLContext.getInstance("SSL"); 
     ctx.init(null, new TrustManager[] { tm }, null); 

     SSLSocketFactory ssf = new SSLSocketFactory(ctx, 
       SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 
     ClientConnectionManager ccm = client.getConnectionManager(); 
     SchemeRegistry sr = ccm.getSchemeRegistry(); 
     sr.register(new Scheme("https4", 443, ssf)); 
-

Exception in route: sun.security.validator.ValidatorException: PKIX path building  failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 

很多,我上找到的例子SO圍繞創建HttpClientConfigurer,做這個旋轉

這些解決方案需要一個版本configureHttpClient(HttpClient的HC)方法,其採用org.apache.http.client.HttpClient的。在我的駱駝版本中,此方法需要org.apache.commons.httpclient.HttpClient,並且沒有提及getConnectionManager()

我試過JVM設置com.sun.net.ssl.checkRevocation = false,但這沒有效果。

回答

0

好的,我終於成功實現了這個目標 - 這要感謝很多發佈內容,這些內容有助於我嘗試做的一些細節,特別感謝this posting。需要設置一個ClientConnectionManager:

我使用代理安全網址 - - -

https4://someURL?proxyAuthHost=proxy.company.com&proxyAuthPort=8080&proxyAuthScheme=http 

創建組件訪問URL

import org.apache.camel.component.http4.HttpComponent; 
... 
final HttpComponent myComponent = new HttpComponent(); 
myComponent.setClientConnectionManager(new PoolingClientConnectionManager()); 
myComponent.setHttpClientConfigurer(new myHttpClientConfigurer()); 

注意用駱駝2.12.1一步一步只有當代碼在第317行向HttpComponent中拋出NPE時才變得清楚 -

SchemeRegistry registry = clientConnectionManager.getSchemeRegistry(); 

myHttpClientConfigurer.java

import org.apache.camel.component.http4.HttpClientConfigurer; 
import org.apache.http.client.HttpClient; 
... 
public class myHttpClientConfigurer implements HttpClientConfigurer { 

    @Override 
    public void configureHttpClient(HttpClient hc) { 
     try { 
      Properties properties = loadProperties(); 
      KeyStore trustStore = KeyStore.getInstance("JKS"); 
      final String javaKeystoreFile = getJavaKeystoreFile(properties); 
      final String keystorePassword = getKeystorePassword(properties); 
      trustStore.load(new FileInputStream(javaKeystoreFile), keystorePassword.toCharArray()); 

      KeyManagerFactory keyFactory = KeyManagerFactory.getInstance("SunX509"); 
      keyFactory.init(trustStore, keystorePassword.toCharArray()); 

      TrustManagerFactory trustFactory = TrustManagerFactory.getInstance("SunX509"); 
      trustFactory.init(trustStore); 

      SSLContext sslcontext = SSLContext.getInstance("TLS"); 
      sslcontext.init(keyFactory.getKeyManagers(), trustFactory.getTrustManagers(), null); 

      TrustStrategy trustStrategy = new TrustStrategy() { 

       @Override 
       public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { 
        return true; 
       } 

      }; 

      SSLSocketFactory factory = new SSLSocketFactory(SSLSocketFactory.TLS, trustStore, keystorePassword, trustStore, null, trustStrategy, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); 

      SchemeRegistry registry = hc.getConnectionManager().getSchemeRegistry(); 
      registry.register(new Scheme("https", 443, factory)); 

     catch ... 
} 

注意,雖然URL指定的 「https4」,該新計劃()是 「https」 開頭。這似乎是我在調試器中執行HttpComponent代碼後才能使其工作的唯一方法。

0

我有殘疾驗證如下:

import org.apache.camel.CamelContext; 
import org.apache.camel.builder.RouteBuilder; 
import org.apache.camel.component.http4.HttpComponent; 
import org.apache.camel.impl.DefaultCamelContext; 
import org.apache.camel.util.jndi.JndiContext; 
import org.apache.camel.util.jsse.KeyStoreParameters; 
import org.apache.camel.util.jsse.SSLContextParameters; 
import org.apache.camel.util.jsse.TrustManagersParameters; 
import org.apache.http.conn.ssl.AllowAllHostnameVerifier; 

public class Sample { 
    public static void main(String args[]) throws Exception{  
    JndiContext jndiContext = new JndiContext(); 
    jndiContext.bind("x509HostnameVerifier", new AllowAllHostnameVerifier()); 
    CamelContext context = new DefaultCamelContext(jndiContext); 
    context.addRoutes(new RouteBuilder() { 
     private void configurate(){ 
      KeyStoreParameters trust_ksp = new KeyStoreParameters(); 
      trust_ksp.setResource("keystore/keystore.jks"); 
      trust_ksp.setPassword("qweqwe"); 
      TrustManagersParameters trustp = new TrustManagersParameters(); 
      trustp.setKeyStore(trust_ksp); 
      SSLContextParameters scp = new SSLContextParameters(); 
      scp.setTrustManagers(trustp); 
      HttpComponent httpComponent = getContext().getComponent("https4", HttpComponent.class); 
      httpComponent.setSslContextParameters(scp); 
     }   
      public void configure() throws Exception { 
       configurate(); 
        from("file://test_folder") 
        .setHeader("SOAPAction", constant("/Action")) 
        .to("https4://localhost?x509HostnameVerifier=x509HostnameVerifier&authUsername=user&authPassword=pasword");  
     } 
    }); 

    context.start(); 
    Thread.sleep(600000); 
    context.stop(); 

    }