You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by jspyeatt <jo...@singlewire.com> on 2015/06/05 23:48:18 UTC
https4 2.15.2 not recognizing my httpClientConfigurer endpoint
option
Like several similar posts I've seen I need to allow self-signed certs for
https4 (2.15.2). Mine isn't working.
I've created an implementation of HttpClientConfigurer that allows any
host/cert. Below is the implementation of configureHttpClient().
@Override
public void configureHttpClient(HttpClientBuilder httpClientBuilder) {
log.debug("configureHttpClient()");
try {
SSLContextBuilder builder = new SSLContextBuilder();
builder.loadTrustMaterial(null, new TrustSelfSignedStrategy() {
@Override
* public boolean isTrusted(X509Certificate[] a, String b)
throws CertificateException {
log.debug("isTrusted() returns true");
return true;
}*
});
SSLContext sslContext = builder.build();
SSLConnectionSocketFactory sslsf = new
SSLConnectionSocketFactory(sslContext, new
TrustEverythingHostnameVerifier());
} catch (Exception e) {
log.error(e,e);
throw new IllegalStateException("Unable to configure
TrustingHttpClientConfigurer", e);
}
}
Then in an implementation of CameltestSupport I've overridden
createRegistry().
@Override
protected JndiRegistry createRegistry() throws Exception {
JndiRegistry jndi = super.createRegistry();
log.info("createRegistry()");
*jndi.bind("MyConfigurer", new TrustingHttpClientConfigurer());*
Object o =
jndi.lookup(TrustingHttpClientConfigurer.HTTP_CLIENT_CONFIGURER);
log.debug("object type: " + o.getClass().getCanonicalName());
return jndi;
}
Then in my createRouteBuilder() it contains...
return new RouteBuilder() {
public void configure() {
log.debug("CONFIGURE");
*
HttpComponent httpComponent = context.getComponent("https4",
HttpComponent.class);
httpComponent.setHttpClientConfigurer(new
TrustingHttpClientConfigurer());
log.info("CCC " +
context.getRegistry().lookupByName("MyConfigurer"));
from("direct:start").transform(simple("FRED")).to("https4://172.30.253.94:8444/services?httpClientConfigurer=#MyConfigurer";*
}
};
public void testSimple() throws Exception {
HttpComponent comp =
template.getCamelContext().getComponent("https4", HttpComponent.class);
* log.info("DDD " +
comp.getHttpClientConfigurer().getClass().getCanonicalName());*
template.sendBody("direct:start", "FRED");
}
When the test runs I do get
*DDD com.singlewire.monte.eh.config.TrustingHttpClientConfigurer* which is
what I would expect.
However test is failing with the obligatory
javax.net.ssl.SSLHandshakeException. This is what I would expect given that
the component isn't calling my version of isTrusted(X509Certificate[] a,
String b) created during TrustingHttpClientConfigurer.configureHttpClient().
I know this because I never see the debug message indicating that it was
called.
So it's as if during execution of my route the configurator is being
ignored.
I've tried ?httpClientConfigurer=#MyConfigurer
I've tried ?httpClientConfigurer=MyConfigurer
I've tried forcing things like this.
HttpComponent httpComponent = context.getComponent("https4",
HttpComponent.class);
httpComponent.setHttpClientConfigurer(new TrustingHttpClientConfigurer());
Nothing seems to work. Any guidance would be greatly appreciated.
--
View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint
option
Posted by jspyeatt <jo...@singlewire.com>.
Spoke too soon. It should look something like this:
--
View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5768073.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint
option
Posted by jspyeatt <jo...@singlewire.com>.
I think I finally have it working. Not certain it's the ideal solution. But
it works and it took me a long time navigating through the debugger to
figure things out.
My route definition was then
from("direct:start").transform(simple("FRED")).to("https4://172.30.228.23:8444/InformaCast/RESTServices/V1/Admin/System/ldap/isLdapConfigured?*sslContextParameters=mydumbtrustmanager*");
The key is the implementation of X509TrustManager and when overriding the
methods just make certain they don't throw the CertificateException.
--
View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5768072.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint
option
Posted by jspyeatt <jo...@singlewire.com>.
My class that implements HttpClientConfigurer now looks like this from your
suggestions: and it still doesn't work.
My createRegistry() looks like this:
@Override
I added a jndi.properties file that looks like this:
My uri now looks like this
https4://172.30.228.23:8444/InformaCast/RESTServices/V1/Admin/System/ldap/isLdapConfigured?x509HostnameVerifier=*allHostnameVerifier*&httpClientConfigurer=*monteTrustingConfigurer*
So I thought I now have all of my ducks in a row. But my sslContext created
in configureHttpClient() still isn't calling my isTrusted() method.
There must be something I'm still missing for the HttpComponent that isn't
matching the uri arguments for x509HostnameVerifier and httpClientConfigurer
to my registry.
I've done a deep dive into the source code of HttpComponent.java with a
debugger.
when coming out of createEndpoint() in the source code the endpoint variable
appears to at least partially be configured correctly.
endpoint.endpointUri="https4://172.30.228.23:8444/InformaCast/RESTServices/V1/Admin/System/ldap/isLdapConfigured?httpClientConfigurer=monteTrustingConfigurer&x509HostnameVerifier=allHostnameVerifier"
endpoint.httpClientConfigurer is set to an instance of my class that
implements the above configureHttpClient(), TrustingHttpClientConfigurer.
endpoint.*component*.httpClientConfigurer is null (which might be OK if
it's only used as the default)
endpoint.*component*.x509HostnameVerifier is set to BROWSER_COMPATIBLE (this
isn't what I want, but again, may just be a default). But I don't see my
override value org.apache.http.conn.ssl.AllowAllHostnameVerifier()
Now looking at endpoint.camelContext.registry
endpoint.camelContext.registry.context.delegate.defaultInitCtx.bindings.0
monteTrustingConfigurer = instance of TrustingHttpClientConfigurer
endpoint.camelContext.registry.context.delegate.defaultInitCtx.bindings.1
java.naming.factory.initial =
org.apache.camel.util.jndi.CamelInitialContextFactory
endpoint.camelContext.registry.context.delegate.defaultInitCtx.bindings.2
allHostnameVerifier = ALLOW_ALL
Does anyone see what other little nuggets of knowledge I'm missing?
--
View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5768038.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer
endpoint option
Posted by Willem Jiang <wi...@gmail.com>.
I just checked the code of your HttpClientconfigurer, you didn’t set the httpClientBuilder with the SSLConnectionSocketFactory instance that you just created.
--
Willem Jiang
Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang
Weibo: 姜宁willem
On June 6, 2015 at 5:48:31 AM, jspyeatt (john.pyeatt@singlewire.com) wrote:
> Like several similar posts I've seen I need to allow self-signed certs for
> https4 (2.15.2). Mine isn't working.
>
> I've created an implementation of HttpClientConfigurer that allows any
> host/cert. Below is the implementation of configureHttpClient().
>
> @Override
> public void configureHttpClient(HttpClientBuilder httpClientBuilder) {
> log.debug("configureHttpClient()");
> try {
> SSLContextBuilder builder = new SSLContextBuilder();
> builder.loadTrustMaterial(null, new TrustSelfSignedStrategy() {
> @Override
> * public boolean isTrusted(X509Certificate[] a, String b)
> throws CertificateException {
> log.debug("isTrusted() returns true");
> return true;
> }*
> });
>
> SSLContext sslContext = builder.build();
>
> SSLConnectionSocketFactory sslsf = new
> SSLConnectionSocketFactory(sslContext, new
> TrustEverythingHostnameVerifier());
> } catch (Exception e) {
> log.error(e,e);
> throw new IllegalStateException("Unable to configure
> TrustingHttpClientConfigurer", e);
> }
> }
>
>
> Then in an implementation of CameltestSupport I've overridden
> createRegistry().
> @Override
> protected JndiRegistry createRegistry() throws Exception {
> JndiRegistry jndi = super.createRegistry();
> log.info("createRegistry()");
>
> *jndi.bind("MyConfigurer", new TrustingHttpClientConfigurer());*
> Object o =
> jndi.lookup(TrustingHttpClientConfigurer.HTTP_CLIENT_CONFIGURER);
> log.debug("object type: " + o.getClass().getCanonicalName());
> return jndi;
> }
>
> Then in my createRouteBuilder() it contains...
>
> return new RouteBuilder() {
> public void configure() {
>
> log.debug("CONFIGURE");
> *
> HttpComponent httpComponent = context.getComponent("https4",
> HttpComponent.class);
> httpComponent.setHttpClientConfigurer(new
> TrustingHttpClientConfigurer());
>
> log.info("CCC " +
> context.getRegistry().lookupByName("MyConfigurer"));
>
> from("direct:start").transform(simple("FRED")).to("https4://172.30.253.94:8444/services?httpClientConfigurer=#MyConfigurer";*
> }
> };
>
> public void testSimple() throws Exception {
> HttpComponent comp =
> template.getCamelContext().getComponent("https4", HttpComponent.class);
> * log.info("DDD " +
> comp.getHttpClientConfigurer().getClass().getCanonicalName());*
> template.sendBody("direct:start", "FRED");
>
> }
>
> When the test runs I do get
> *DDD com.singlewire.monte.eh.config.TrustingHttpClientConfigurer* which is
> what I would expect.
>
> However test is failing with the obligatory
> javax.net.ssl.SSLHandshakeException. This is what I would expect given that
> the component isn't calling my version of isTrusted(X509Certificate[] a,
> String b) created during TrustingHttpClientConfigurer.configureHttpClient().
> I know this because I never see the debug message indicating that it was
> called.
>
>
> So it's as if during execution of my route the configurator is being
> ignored.
>
> I've tried ?httpClientConfigurer=#MyConfigurer
> I've tried ?httpClientConfigurer=MyConfigurer
>
> I've tried forcing things like this.
> HttpComponent httpComponent = context.getComponent("https4",
> HttpComponent.class);
> httpComponent.setHttpClientConfigurer(new TrustingHttpClientConfigurer());
>
> Nothing seems to work. Any guidance would be greatly appreciated.
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint
option
Posted by Ravindra Godbole <go...@gmail.com>.
It looks like you are not setting the httpClientBuilder argument with your
ssl configuration. Can you have a relook at the method configureHttpClient
you have overridden ?
--
View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5767993.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint
option
Posted by jspyeatt <jo...@singlewire.com>.
This still isn't working. It is as though it isn't recognizing my registry
during runtime.
In my unit test I've overrided createRegistry() because I'm not using spring
as your example solution does.
@Override
protected JndiRegistry createRegistry() throws Exception {
JndiRegistry jndi = super.createRegistry();
log.info("createRegistry()");
*jndi.bind("allHostname", new
org.apache.http.conn.ssl.AllowAllHostnameVerifier());*
return jndi;
}
Then it doesn't appear that the allHostname object is available during the
test in http4://.....
Do you have any ideas why my object isn't available during runtime?
My jndi.properties file looks like this:
java.naming.factory.initial =
org.apache.camel.util.jndi.CamelInitialContextFactory
--
View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5767991.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
Posted by Ryan Moquin <fr...@gmail.com>.
To do this, I just declare a bean like this:
<bean id="allHostname"
class="org.apache.http.conn.ssl.AllowAllHostnameVerifier
And then use it on the endpoint like this:
?x509HostnameVerifier=allHostname
Works without any issues.
Ryan
On Fri, Jun 5, 2015, 5:48 PM jspyeatt <jo...@singlewire.com> wrote:
> Like several similar posts I've seen I need to allow self-signed certs for
> https4 (2.15.2). Mine isn't working.
>
> I've created an implementation of HttpClientConfigurer that allows any
> host/cert. Below is the implementation of configureHttpClient().
>
> @Override
> public void configureHttpClient(HttpClientBuilder httpClientBuilder) {
> log.debug("configureHttpClient()");
> try {
> SSLContextBuilder builder = new SSLContextBuilder();
> builder.loadTrustMaterial(null, new TrustSelfSignedStrategy() {
> @Override
> * public boolean isTrusted(X509Certificate[] a, String b)
> throws CertificateException {
> log.debug("isTrusted() returns true");
> return true;
> }*
> });
>
> SSLContext sslContext = builder.build();
>
> SSLConnectionSocketFactory sslsf = new
> SSLConnectionSocketFactory(sslContext, new
> TrustEverythingHostnameVerifier());
> } catch (Exception e) {
> log.error(e,e);
> throw new IllegalStateException("Unable to configure
> TrustingHttpClientConfigurer", e);
> }
> }
>
>
> Then in an implementation of CameltestSupport I've overridden
> createRegistry().
> @Override
> protected JndiRegistry createRegistry() throws Exception {
> JndiRegistry jndi = super.createRegistry();
> log.info("createRegistry()");
>
> *jndi.bind("MyConfigurer", new TrustingHttpClientConfigurer());*
> Object o =
> jndi.lookup(TrustingHttpClientConfigurer.HTTP_CLIENT_CONFIGURER);
> log.debug("object type: " + o.getClass().getCanonicalName());
> return jndi;
> }
>
> Then in my createRouteBuilder() it contains...
>
> return new RouteBuilder() {
> public void configure() {
>
> log.debug("CONFIGURE");
> *
> HttpComponent httpComponent =
> context.getComponent("https4",
> HttpComponent.class);
> httpComponent.setHttpClientConfigurer(new
> TrustingHttpClientConfigurer());
>
> log.info("CCC " +
> context.getRegistry().lookupByName("MyConfigurer"));
>
> from("direct:start").transform(simple("FRED")).to("https4://
> 172.30.253.94:8444/services?httpClientConfigurer=#MyConfigurer";*
> }
> };
>
> public void testSimple() throws Exception {
> HttpComponent comp =
> template.getCamelContext().getComponent("https4", HttpComponent.class);
> * log.info("DDD " +
> comp.getHttpClientConfigurer().getClass().getCanonicalName());*
> template.sendBody("direct:start", "FRED");
>
> }
>
> When the test runs I do get
> *DDD com.singlewire.monte.eh.config.TrustingHttpClientConfigurer* which is
> what I would expect.
>
> However test is failing with the obligatory
> javax.net.ssl.SSLHandshakeException. This is what I would expect given that
> the component isn't calling my version of isTrusted(X509Certificate[] a,
> String b) created during
> TrustingHttpClientConfigurer.configureHttpClient().
> I know this because I never see the debug message indicating that it was
> called.
>
>
> So it's as if during execution of my route the configurator is being
> ignored.
>
> I've tried ?httpClientConfigurer=#MyConfigurer
> I've tried ?httpClientConfigurer=MyConfigurer
>
> I've tried forcing things like this.
> HttpComponent httpComponent = context.getComponent("https4",
> HttpComponent.class);
> httpComponent.setHttpClientConfigurer(new TrustingHttpClientConfigurer());
>
> Nothing seems to work. Any guidance would be greatly appreciated.
>
>
>
> --
> View this message in context:
> http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>