Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
Spoke too soon. It should look something like this: -- View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5768073.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
I think I finally have it working. Not certain it's the ideal solution. But it works and it took me a long time navigating through the debugger to figure things out. My route definition was then from("direct:start").transform(simple("FRED")).to("https4://172.30.228.23:8444/InformaCast/RESTServices/V1/Admin/System/ldap/isLdapConfigured?*sslContextParameters=mydumbtrustmanager*"); The key is the implementation of X509TrustManager and when overriding the methods just make certain they don't throw the CertificateException. -- View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5768072.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
My class that implements HttpClientConfigurer now looks like this from your suggestions: and it still doesn't work. My createRegistry() looks like this: @Override I added a jndi.properties file that looks like this: My uri now looks like this https4://172.30.228.23:8444/InformaCast/RESTServices/V1/Admin/System/ldap/isLdapConfigured?x509HostnameVerifier=*allHostnameVerifier*&httpClientConfigurer=*monteTrustingConfigurer* So I thought I now have all of my ducks in a row. But my sslContext created in configureHttpClient() still isn't calling my isTrusted() method. There must be something I'm still missing for the HttpComponent that isn't matching the uri arguments for x509HostnameVerifier and httpClientConfigurer to my registry. I've done a deep dive into the source code of HttpComponent.java with a debugger. when coming out of createEndpoint() in the source code the endpoint variable appears to at least partially be configured correctly. endpoint.endpointUri="https4://172.30.228.23:8444/InformaCast/RESTServices/V1/Admin/System/ldap/isLdapConfigured?httpClientConfigurer=monteTrustingConfigurer&x509HostnameVerifier=allHostnameVerifier" endpoint.httpClientConfigurer is set to an instance of my class that implements the above configureHttpClient(), TrustingHttpClientConfigurer. endpoint.*component*.httpClientConfigurer is null (which might be OK if it's only used as the default) endpoint.*component*.x509HostnameVerifier is set to BROWSER_COMPATIBLE (this isn't what I want, but again, may just be a default). But I don't see my override value org.apache.http.conn.ssl.AllowAllHostnameVerifier() Now looking at endpoint.camelContext.registry endpoint.camelContext.registry.context.delegate.defaultInitCtx.bindings.0 monteTrustingConfigurer = instance of TrustingHttpClientConfigurer endpoint.camelContext.registry.context.delegate.defaultInitCtx.bindings.1 java.naming.factory.initial = org.apache.camel.util.jndi.CamelInitialContextFactory endpoint.camelContext.registry.context.delegate.defaultInitCtx.bindings.2 allHostnameVerifier = ALLOW_ALL Does anyone see what other little nuggets of knowledge I'm missing? -- View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5768038.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
I just checked the code of your HttpClientconfigurer, you didn’t set the httpClientBuilder with the SSLConnectionSocketFactory instance that you just created. -- Willem Jiang Red Hat, Inc. Web: http://www.redhat.com Blog: http://willemjiang.blogspot.com (English) http://jnn.iteye.com (Chinese) Twitter: willemjiang Weibo: 姜宁willem On June 6, 2015 at 5:48:31 AM, jspyeatt (john.pye...@singlewire.com) wrote: > Like several similar posts I've seen I need to allow self-signed certs for > https4 (2.15.2). Mine isn't working. > > I've created an implementation of HttpClientConfigurer that allows any > host/cert. Below is the implementation of configureHttpClient(). > > @Override > public void configureHttpClient(HttpClientBuilder httpClientBuilder) { > log.debug("configureHttpClient()"); > try { > SSLContextBuilder builder = new SSLContextBuilder(); > builder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { > @Override > * public boolean isTrusted(X509Certificate[] a, String b) > throws CertificateException { > log.debug("isTrusted() returns true"); > return true; > }* > }); > > SSLContext sslContext = builder.build(); > > SSLConnectionSocketFactory sslsf = new > SSLConnectionSocketFactory(sslContext, new > TrustEverythingHostnameVerifier()); > } catch (Exception e) { > log.error(e,e); > throw new IllegalStateException("Unable to configure > TrustingHttpClientConfigurer", e); > } > } > > > Then in an implementation of CameltestSupport I've overridden > createRegistry(). > @Override > protected JndiRegistry createRegistry() throws Exception { > JndiRegistry jndi = super.createRegistry(); > log.info("createRegistry()"); > > *jndi.bind("MyConfigurer", new TrustingHttpClientConfigurer());* > Object o = > jndi.lookup(TrustingHttpClientConfigurer.HTTP_CLIENT_CONFIGURER); > log.debug("object type: " + o.getClass().getCanonicalName()); > return jndi; > } > > Then in my createRouteBuilder() it contains... > > return new RouteBuilder() { > public void configure() { > > log.debug("CONFIGURE"); > * > HttpComponent httpComponent = context.getComponent("https4", > HttpComponent.class); > httpComponent.setHttpClientConfigurer(new > TrustingHttpClientConfigurer()); > > log.info("CCC " + > context.getRegistry().lookupByName("MyConfigurer")); > > from("direct:start").transform(simple("FRED")).to("https4://172.30.253.94:8444/services?httpClientConfigurer=#MyConfigurer";* > > } > }; > > public void testSimple() throws Exception { > HttpComponent comp = > template.getCamelContext().getComponent("https4", HttpComponent.class); > * log.info("DDD " + > comp.getHttpClientConfigurer().getClass().getCanonicalName());* > template.sendBody("direct:start", "FRED"); > > } > > When the test runs I do get > *DDD com.singlewire.monte.eh.config.TrustingHttpClientConfigurer* which is > what I would expect. > > However test is failing with the obligatory > javax.net.ssl.SSLHandshakeException. This is what I would expect given that > the component isn't calling my version of isTrusted(X509Certificate[] a, > String b) created during TrustingHttpClientConfigurer.configureHttpClient(). > I know this because I never see the debug message indicating that it was > called. > > > So it's as if during execution of my route the configurator is being > ignored. > > I've tried ?httpClientConfigurer=#MyConfigurer > I've tried ?httpClientConfigurer=MyConfigurer > > I've tried forcing things like this. > HttpComponent httpComponent = context.getComponent("https4", > HttpComponent.class); > httpComponent.setHttpClientConfigurer(new TrustingHttpClientConfigurer()); > > Nothing seems to work. Any guidance would be greatly appreciated. > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922.html > > Sent from the Camel - Users mailing list archive at Nabble.com. >
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
It looks like you are not setting the httpClientBuilder argument with your ssl configuration. Can you have a relook at the method configureHttpClient you have overridden ? -- View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5767993.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
This still isn't working. It is as though it isn't recognizing my registry during runtime. In my unit test I've overrided createRegistry() because I'm not using spring as your example solution does. @Override protected JndiRegistry createRegistry() throws Exception { JndiRegistry jndi = super.createRegistry(); log.info("createRegistry()"); *jndi.bind("allHostname", new org.apache.http.conn.ssl.AllowAllHostnameVerifier());* return jndi; } Then it doesn't appear that the allHostname object is available during the test in http4://. Do you have any ideas why my object isn't available during runtime? My jndi.properties file looks like this: java.naming.factory.initial = org.apache.camel.util.jndi.CamelInitialContextFactory -- View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922p5767991.html Sent from the Camel - Users mailing list archive at Nabble.com.
Re: https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
To do this, I just declare a bean like this: try { > SSLContextBuilder builder = new SSLContextBuilder(); > builder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { > @Override > *public boolean isTrusted(X509Certificate[] a, String b) > throws CertificateException { > log.debug("isTrusted() returns true"); > return true; > }* > }); > > SSLContext sslContext = builder.build(); > > SSLConnectionSocketFactory sslsf = new > SSLConnectionSocketFactory(sslContext, new > TrustEverythingHostnameVerifier()); > } catch (Exception e) { > log.error(e,e); > throw new IllegalStateException("Unable to configure > TrustingHttpClientConfigurer", e); > } > } > > > Then in an implementation of CameltestSupport I've overridden > createRegistry(). > @Override > protected JndiRegistry createRegistry() throws Exception { > JndiRegistry jndi = super.createRegistry(); > log.info("createRegistry()"); > > *jndi.bind("MyConfigurer", new TrustingHttpClientConfigurer());* > Object o = > jndi.lookup(TrustingHttpClientConfigurer.HTTP_CLIENT_CONFIGURER); > log.debug("object type: " + o.getClass().getCanonicalName()); > return jndi; > } > > Then in my createRouteBuilder() it contains... > > return new RouteBuilder() { > public void configure() { > > log.debug("CONFIGURE"); > * > HttpComponent httpComponent = > context.getComponent("https4", > HttpComponent.class); > httpComponent.setHttpClientConfigurer(new > TrustingHttpClientConfigurer()); > > log.info("CCC " + > context.getRegistry().lookupByName("MyConfigurer")); > > from("direct:start").transform(simple("FRED")).to("https4:// > 172.30.253.94:8444/services?httpClientConfigurer=#MyConfigurer";* > } > }; > > public void testSimple() throws Exception { > HttpComponent comp = > template.getCamelContext().getComponent("https4", HttpComponent.class); > *log.info("DDD " + > comp.getHttpClientConfigurer().getClass().getCanonicalName());* > template.sendBody("direct:start", "FRED"); > > } > > When the test runs I do get > *DDD com.singlewire.monte.eh.config.TrustingHttpClientConfigurer* which is > what I would expect. > > However test is failing with the obligatory > javax.net.ssl.SSLHandshakeException. This is what I would expect given that > the component isn't calling my version of isTrusted(X509Certificate[] a, > String b) created during > TrustingHttpClientConfigurer.configureHttpClient(). > I know this because I never see the debug message indicating that it was > called. > > > So it's as if during execution of my route the configurator is being > ignored. > > I've tried ?httpClientConfigurer=#MyConfigurer > I've tried ?httpClientConfigurer=MyConfigurer > > I've tried forcing things like this. > HttpComponent httpComponent = context.getComponent("https4", > HttpComponent.class); > httpComponent.setHttpClientConfigurer(new TrustingHttpClientConfigurer()); > > Nothing seems to work. Any guidance would be greatly appreciated. > > > > -- > View this message in context: > http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922.html > Sent from the Camel - Users mailing list archive at Nabble.com. >
https4 2.15.2 not recognizing my httpClientConfigurer endpoint option
Like several similar posts I've seen I need to allow self-signed certs for https4 (2.15.2). Mine isn't working. I've created an implementation of HttpClientConfigurer that allows any host/cert. Below is the implementation of configureHttpClient(). @Override public void configureHttpClient(HttpClientBuilder httpClientBuilder) { log.debug("configureHttpClient()"); try { SSLContextBuilder builder = new SSLContextBuilder(); builder.loadTrustMaterial(null, new TrustSelfSignedStrategy() { @Override *public boolean isTrusted(X509Certificate[] a, String b) throws CertificateException { log.debug("isTrusted() returns true"); return true; }* }); SSLContext sslContext = builder.build(); SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, new TrustEverythingHostnameVerifier()); } catch (Exception e) { log.error(e,e); throw new IllegalStateException("Unable to configure TrustingHttpClientConfigurer", e); } } Then in an implementation of CameltestSupport I've overridden createRegistry(). @Override protected JndiRegistry createRegistry() throws Exception { JndiRegistry jndi = super.createRegistry(); log.info("createRegistry()"); *jndi.bind("MyConfigurer", new TrustingHttpClientConfigurer());* Object o = jndi.lookup(TrustingHttpClientConfigurer.HTTP_CLIENT_CONFIGURER); log.debug("object type: " + o.getClass().getCanonicalName()); return jndi; } Then in my createRouteBuilder() it contains... return new RouteBuilder() { public void configure() { log.debug("CONFIGURE"); * HttpComponent httpComponent = context.getComponent("https4", HttpComponent.class); httpComponent.setHttpClientConfigurer(new TrustingHttpClientConfigurer()); log.info("CCC " + context.getRegistry().lookupByName("MyConfigurer")); from("direct:start").transform(simple("FRED")).to("https4://172.30.253.94:8444/services?httpClientConfigurer=#MyConfigurer";* } }; public void testSimple() throws Exception { HttpComponent comp = template.getCamelContext().getComponent("https4", HttpComponent.class); *log.info("DDD " + comp.getHttpClientConfigurer().getClass().getCanonicalName());* template.sendBody("direct:start", "FRED"); } When the test runs I do get *DDD com.singlewire.monte.eh.config.TrustingHttpClientConfigurer* which is what I would expect. However test is failing with the obligatory javax.net.ssl.SSLHandshakeException. This is what I would expect given that the component isn't calling my version of isTrusted(X509Certificate[] a, String b) created during TrustingHttpClientConfigurer.configureHttpClient(). I know this because I never see the debug message indicating that it was called. So it's as if during execution of my route the configurator is being ignored. I've tried ?httpClientConfigurer=#MyConfigurer I've tried ?httpClientConfigurer=MyConfigurer I've tried forcing things like this. HttpComponent httpComponent = context.getComponent("https4", HttpComponent.class); httpComponent.setHttpClientConfigurer(new TrustingHttpClientConfigurer()); Nothing seems to work. Any guidance would be greatly appreciated. -- View this message in context: http://camel.465427.n5.nabble.com/https4-2-15-2-not-recognizing-my-httpClientConfigurer-endpoint-option-tp5767922.html Sent from the Camel - Users mailing list archive at Nabble.com.