1. 首頁
  2. 問答
  3. 如何使用camel和http-client 3重現javax.net.ssl.SSLHandshakeException並修復它

如何使用camel和http-client 3重現javax.net.ssl.SSLHandshakeException並修復它

2013-11-25 53 views
1

我有問題。我們與客戶有安全連接。本地所有請求都正常傳遞到遠程服務器。但在演示中,我們有相同的URL,但管理員配置的證書,看上去就像證書是拋出以下異常自簽名證書:如何使用camel和http-client 3重現javax.net.ssl.SSLHandshakeException並修復它

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed

我們使用駱駝2.10.1,HTTP客戶端(3)和碼頭作爲模擬器。如果我們改變只是1行,我們可以向真正的測試服務器或模擬器

<camelContext id="myCamelContext" trace="true" xmlns="http://camel.apache.org/schema/spring"> 
     <endpoint id="myServiceUrl" uri="${my.proxy.service.uri}"/> 
    </camelContext> 
<from uri="direct:my.service"/> 
<to ref="myServiceUrl"/> 


my.proxy.service.uri=jetty:http://simulator:18884/Transaction/

我發現在日誌中有如下記載:

INFO (main) [SslContextFactory] No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!

要求是罰款模擬器,但我試圖修復演示發出盲目,我發現解決方案接受所有證書,但它並沒有幫助:

import org.apache.camel.component.http.HttpClientConfigurer; 
import org.apache.commons.httpclient.HttpClient; 
import org.apache.http.conn.ClientConnectionManager; 
import org.apache.http.conn.scheme.Scheme; 
import org.apache.http.conn.scheme.SchemeRegistry; 
import org.apache.http.conn.ssl.SSLSocketFactory; 
import org.apache.http.impl.client.DefaultHttpClient; 
import org.apache.http.impl.conn.SingleClientConnManager; 
import org.slf4j.Logger; 
import org.slf4j.LoggerFactory; 


import javax.net.ssl.SSLContext; 
import javax.net.ssl.TrustManager; 
import javax.net.ssl.X509TrustManager; 
import java.security.SecureRandom; 
import java.security.cert.X509Certificate; 

public class MyHttpClientConfigurer implements HttpClientConfigurer { 
    protected final Logger l = LoggerFactory.getLogger(getClass()); 

    @Override 
    public void configureHttpClient(HttpClient httpClient) { 
l.debug("*******************"); 
     try { 
      SSLContext sslContext = SSLContext.getInstance("SSL"); 

// set up a TrustManager that trusts everything 
      sslContext.init(null, new TrustManager[]{new X509TrustManager() { 
       public X509Certificate[] getAcceptedIssuers() { 
        System.out.println("getAcceptedIssuers ============="); 
        return null; 
       } 

       public void checkClientTrusted(X509Certificate[] certs, 
               String authType) { 
        System.out.println("checkClientTrusted ============="); 
       } 

       public void checkServerTrusted(X509Certificate[] certs, 
               String authType) { 
        System.out.println("checkServerTrusted ============="); 
       } 
      }}, new SecureRandom()); 

      SSLSocketFactory sf = new SSLSocketFactory(sslContext); 
      Scheme httpsScheme = new Scheme("https", 443, sf); 
      SchemeRegistry schemeRegistry = new SchemeRegistry(); 
      schemeRegistry.register(httpsScheme); 

// apache HttpClient version >4.2 should use BasicClientConnectionManager 
//   ClientConnectionManager cm = new SingleClientConnManager(schemeRegistry); 
////   HttpClient httpClient = new DefaultHttpClient(cm); 
//   httpClient = new HttpClient(); 
//httpClient.setHttpConnectionManager(cm); 
     } catch (Exception e) { 
     } 

    } 
}

,並添加入路線

my.proxy.service.uri=jetty:http://simulator:18884/Transaction?httpClientConfigurerRef=myHttpClientConfigurer

,當我從我的本地機器都被炒到真正的測試服務器

https://testserver.***.com/Transaction

是好的,但在演示中,我們已經有了出現SSLHandshakeException

所以問題是:

  1. 如何在本地重現異常javax.net.ssl.SSLHandshakeException

  2. 如何修復

來源

2013-11-25 Dmitrii Borovoi

回答

0

我認爲當你嘗試訪問真正的測試服務器,你仍然需要「httpClientConfigurerRef = myHttpClientConfigurer」的選項添加到URI。

來源

2013-11-25 10:18:01

+0

我做到了,我看到這個選項被包含在日誌中的url中。也許我的解決方法不是很乾淨。我發現了另一個。如果它會幫助我發佈它 –

相關問題

 相關問題