You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@camel.apache.org by garethahealy <ga...@gmail.com> on 2015/04/03 22:15:54 UTC

Jetty HTTPS 2way

I am trying to make a rest call, via HTTPS and have 2way auth. I originally
tried to do this with CXF[1], but due to an issue with the conduit not
attaching, have moved to a jetty endpoint.

I have the below config for the jetty endpoint:

<bean id="keyStoreParameters"
class="org.apache.camel.util.jsse.KeyStoreParameters">
    <property name="resource"
value="${http.certs.location}/client-keystore.jks"/>
    <property name="password" value="${http.keyManagers.password}"/>
</bean>

<bean id="truststoreParameters"
class="org.apache.camel.util.jsse.KeyStoreParameters">
    <property name="resource"
value="${http.certs.location}/client-truststore.jks"/>
    <property name="password" value="${http.trustManagers.password}"/>
</bean>

<bean id="trustManagersParameters"
class="org.apache.camel.util.jsse.TrustManagersParameters">
    <property name="keyStore" ref="truststoreParameters"/>
</bean>

<bean id="keyManagersParameters"
class="org.apache.camel.util.jsse.KeyManagersParameters">
    <property name="keyStore" ref="keyStoreParameters"/>
    <property name="keyPassword" value="${http.keyManagers.password}"/>
</bean>

<bean id="sslContextParameters"
class="org.apache.camel.util.jsse.SSLContextParameters">
    <property name="keyManagers" ref="keyManagersParameters"/>
    <property name="trustManagers" ref="trustManagersParameters"/>
</bean>

<bean id="jetty"
class="org.apache.camel.component.jetty.JettyHttpComponent">
    <property name="sslContextParameters" ref="sslContextParameters"/>
</bean>

And make the call as per:

<log message="${body} sent to jetty"/>
<convertBodyTo type="java.lang.String"/>
<to
uri="jetty://{{fuse.rest.transport}}://{{fuse.rest.host}}:{{fuse.rest.port}}/rest/fuse"/>

But i still get cert issues. I know the certs are correct and that i am
pointing to the correct stores as i have a simple java class that proves
this works. I've put SSL in debug[2], but am not sure what a lot of it
means. The main thing that sticks out is:

CamelJettyClient(0x73d8db54)-4716, WRITE: TLSv1.2 Handshake, length = 48
CamelJettyClient(0x73d8db54)-4712, called closeInbound()
CamelJettyClient(0x73d8db54)-4712, fatal error: 80: Inbound closed before
receiving peer's close_notify: possible truncation attack?
javax.net.ssl.SSLException: Inbound closed before receiving peer's
close_notify: possible truncation attack?
%% Invalidated:  [Session-35, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]

This is for camel 2.12.

Have i missed something on the config side?

[1]
http://cxf.547215.n5.nabble.com/Camel-CXF-HTTPS-http-tlsClientParameters-not-attaching-td5755601.html
[2] https://gist.github.com/garethahealy/0144444fcfe6d59eb53b



--
View this message in context: http://camel.465427.n5.nabble.com/Jetty-HTTPS-2way-tp5765296.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: Jetty HTTPS 2way

Posted by garethahealy <ga...@gmail.com>.

Hi Willem,

I am using Fuse 6.1-redhat-379.

Cheers.



--
View this message in context: http://camel.465427.n5.nabble.com/Jetty-HTTPS-2way-tp5765296p5765502.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: Jetty HTTPS 2way

Posted by Willem Jiang <wi...@gmail.com>.

Which of CXF version are you using?

If I remember right CXF fix some SSLv3 issue last year within the version of 2.7.x, I’m not sure if it can cause the issue that you faced.

--  
Willem Jiang

Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang  
Weibo: 姜宁willem

On April 7, 2015 at 4:35:14 PM, garethahealy (garethahealy@gmail.com) wrote:
> Hi Willem,
>  
> Switched to camel-http4 and works.
>  
> Cheers.
>  
>  
>  
> --
> View this message in context: http://camel.465427.n5.nabble.com/Jetty-HTTPS-2way-tp5765296p5765431.html  
> Sent from the Camel - Users mailing list archive at Nabble.com.
>

Re: Jetty HTTPS 2way

Posted by garethahealy <ga...@gmail.com>.

Hi Willem,

Switched to camel-http4 and works. 

Cheers.



--
View this message in context: http://camel.465427.n5.nabble.com/Jetty-HTTPS-2way-tp5765296p5765431.html
Sent from the Camel - Users mailing list archive at Nabble.com.

Re: Jetty HTTPS 2way

Posted by Willem Jiang <wi...@gmail.com>.

It looks like some thing is wrong when doing the TLSv1.2 Handshake. 
Can you try to use camel-http or camel-http4 to do the same thing?

--  
Willem Jiang

Red Hat, Inc.
Web: http://www.redhat.com
Blog: http://willemjiang.blogspot.com (English)
http://jnn.iteye.com (Chinese)
Twitter: willemjiang  
Weibo: 姜宁willem



On April 4, 2015 at 4:17:21 AM, garethahealy (garethahealy@gmail.com) wrote:
> I am trying to make a rest call, via HTTPS and have 2way auth. I originally
> tried to do this with CXF[1], but due to an issue with the conduit not
> attaching, have moved to a jetty endpoint.
>  
> I have the below config for the jetty endpoint:
>  
> > class="org.apache.camel.util.jsse.KeyStoreParameters">
> > value="${http.certs.location}/client-keystore.jks"/>
>  
>  
>  
> > class="org.apache.camel.util.jsse.KeyStoreParameters">
> > value="${http.certs.location}/client-truststore.jks"/>
>  
>  
>  
> > class="org.apache.camel.util.jsse.TrustManagersParameters">
>  
>  
>  
> > class="org.apache.camel.util.jsse.KeyManagersParameters">
>  
>  
>  
>  
> > class="org.apache.camel.util.jsse.SSLContextParameters">
>  
>  
>  
>  
> > class="org.apache.camel.component.jetty.JettyHttpComponent">
>  
>  
>  
> And make the call as per:
>  
>  
>  
> > uri="jetty://{{fuse.rest.transport}}://{{fuse.rest.host}}:{{fuse.rest.port}}/rest/fuse"/>  
>  
> But i still get cert issues. I know the certs are correct and that i am
> pointing to the correct stores as i have a simple java class that proves
> this works. I've put SSL in debug[2], but am not sure what a lot of it
> means. The main thing that sticks out is:
>  
> CamelJettyClient(0x73d8db54)-4716, WRITE: TLSv1.2 Handshake, length = 48
> CamelJettyClient(0x73d8db54)-4712, called closeInbound()
> CamelJettyClient(0x73d8db54)-4712, fatal error: 80: Inbound closed before
> receiving peer's close_notify: possible truncation attack?
> javax.net.ssl.SSLException: Inbound closed before receiving peer's
> close_notify: possible truncation attack?
> %% Invalidated: [Session-35, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA]
>  
> This is for camel 2.12.
>  
> Have i missed something on the config side?
>  
> [1]
> http://cxf.547215.n5.nabble.com/Camel-CXF-HTTPS-http-tlsClientParameters-not-attaching-td5755601.html  
> [2] https://gist.github.com/garethahealy/0144444fcfe6d59eb53b
>  
>  
>  
> --
> View this message in context: http://camel.465427.n5.nabble.com/Jetty-HTTPS-2way-tp5765296.html  
> Sent from the Camel - Users mailing list archive at Nabble.com.
>