You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by Magnus Palmér <ma...@gmail.com> on 2011/08/02 08:54:31 UTC
Re: Disable CertificateValidation when Routing to HTTPS endpoint
OK, forgot to post that I found solution to my problem, it is based on some
of postings I've found but unfortunately I don't remember which one.
Still, I had to modify it to get it to work for me so here is how I did it,
in case someone else runs into the same problem:
(javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated)
>
> In the Spring applicationContext.xml:
<bean id="myHttpClientConfigurerTrustAllCACerts"
class="packagename.HttpClientConfigurerTrustAllCACerts" />
And in my route:
https4:
example.org/webservice?httpClientConfigurer=myHttpClientConfigurerTrustAllCACerts
My httpClientConfigurer (excluding package declaration)
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import org.apache.camel.component.http4.HttpClientConfigurer;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.log4j.Logger;
public class HttpClientConfigurerTrustAllCACerts implements
HttpClientConfigurer {
private final static Logger logger = Logger
.getLogger(HttpClientConfigurerTrustAllCACerts.class);
HttpComponent httpComponent;
public HttpClientConfigurerTrustAllCACerts() {
}
public void configureHttpClient(org.apache.http.client.HttpClient
client) {
X509TrustManager tm = new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
};
try {
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, new TrustManager[] { tm }, null);
SSLSocketFactory ssf = new SSLSocketFactory(ctx,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
ClientConnectionManager ccm = client.getConnectionManager();
SchemeRegistry sr = ccm.getSchemeRegistry();
sr.register(new Scheme("https4", 443, ssf));
} catch (NoSuchAlgorithmException e) {
logger.error(e);
} catch (KeyManagementException e) {
logger.error(e);
}
}
}
2011/6/22 Magnus Palmér <ma...@gmail.com>
> Hi,
>
> I was just about to ask a similiar question after being up all night trying
> to get my https4 URI to work.
>
> I get this:
>
>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>
>
> There are several posts to be found via Google, some specific for Camel,
> and I've tried several others but must be missing something.
> Can't find a complete working example for self signed certificates though.
> I am at a loss right now after trying out a lot of different approaches.
> If anyone could point me in the right direction so I can get a fresh start
> again I will be most thankful.
> (Using Camel 2.7.2)
>
> Kind regards, Magnus Palmér
>
> P.S. Yes, I've seen this:
> http://camel.465427.n5.nabble.com/Using-HTTPS-in-camel-http-when-remote-side-has-self-signed-cert-td473876.html
> I've also read the http://camel.apache.org/http4.html
> Tried to make something out of the test sourcecode for http4 but so far
> failed.
> Also read this:
> http://stackoverflow.com/questions/5706166/apache-camel-http-and-ssl
>
>
> 2011/6/22 ychawla <pr...@yahoo.com>
>
>> Does the server require a client certificate? If so, you need to get the
>> Certificate Authority to provide you one.
>>
>> If the server just has an SSL Server certificate that is not in your
>> truststore, you can use HTTP conduit to configure your truststore to
>> accept
>> the certificate or add the certificate to your default truststore.
>>
>> More info on CXF and HTTP Conduit here:
>>
>>
>> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>>
>> --
>> View this message in context:
>> http://camel.465427.n5.nabble.com/Disable-CertificateValidation-when-Routing-to-HTTPS-endpoint-tp4431968p4512855.html
>> Sent from the Camel - Users mailing list archive at Nabble.com.
>>
>
>
>
> --
> --
> Brgds, Magnus Palmér
> +46736845680
>
>
Re: Disable CertificateValidation when Routing to HTTPS endpoint
Posted by contactreji <co...@gmail.com>.
I tried this solution but I get this error while I start my application. Can
you provide me a clue on this?
Logs below
Stacktrace
---------------------------------------------------------------------------------------------------------------------------------------"}
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:396)
at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at
org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at
org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at
org.apache.camel.component.http4.HttpProducer.executeMethod(HttpProducer.java:306)
at
org.apache.camel.component.http4.HttpProducer.process(HttpProducer.java:178)
at
org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
at org.apache.camel.processor.SendProcessor.process(SendProcessor.java:145)
at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
at
org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:542)
at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:197)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:120)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)
at
org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:197)
at
org.apache.camel.component.timer.TimerConsumer.sendTimerExchange(TimerConsumer.java:192)
at
org.apache.camel.component.timer.TimerConsumer$1.run(TimerConsumer.java:76)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
... 33 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
... 39 common frames omitted
-----
Reji Mathews
Sr. Developer - Middleware Integration / SOA ( Open Source - Apache Camel & Jboss Fuse ESB | Mule ESB )
LinkedIn - http://in.linkedin.com/pub/reji-mathews/31/9a2/40a
Twitter - reji_mathews
--
View this message in context: http://camel.465427.n5.nabble.com/Disable-CertificateValidation-when-Routing-to-HTTPS-endpoint-tp4431968p5805703.html
Sent from the Camel - Users mailing list archive at Nabble.com.