Hi All, adding the configuration for mutual authentication for HTTPS connection in camel route using https4 component. Hope this helps as a reference for people in need of similar configurations.
<sslContextParameters xmlns="http://camel.apache.org/schema/spring"; id="sslContextParameterss"> <keyManagers keyPassword="changeit"> <!--client.keystore for client --> <keyStore resource="C:\\gateway\\conf\\client.keystore" password="changeit" type="pkcs12" /> </keyManagers> <!--common.truststore contains certificate of both client and server"--> <trustManagers> <keyStore resource="C:\\gateway\\conf\\common.truststore" password="changeit"/> </trustManagers> </sslContextParameters> use the above ssl context parameters in the route as mentioned below : <route> <from ..../> ... ... <to uri="https4://<IP_ADDRESS>:<PORT>/MutualAuthentication/MutuallySecuredServlet?sslContextParametersRef=#sslContextParameterss"/> </route> hope this helps. On Wed, Apr 3, 2019 at 11:24 AM Rohan Emmanuel <rohan.emmanue...@gmail.com> wrote: > Wang Yan, > thanks a lot for the clarification. Much appreciated. > I was able to get this working with one way authentication as per your > suggestion. My webserver (wildfly) was verifying CLIENT and it was failing. > When i changed the webserver configuration to not VERIFY the client, the > handshake was successful and i was able to invoke the servlet. > > In case of two -way authentication, i would need to have keystore on the > client side as well correct? how to configure truststore as well as > keystore on the route(which in my case is the client trying to establish > connection to web server)? > > > > > On Mon, Apr 1, 2019 at 8:27 PM Wang Yan <wyan...@gmail.com> wrote: > >> Ok in this case you just need truststore , it should cotain server >> certifcate of <IP_ADDRESS> >> >> you could use >> >> .to("https4://<IP_ADDRESS>:<PORT_NUMBER>/MutualAuthentication/MutuallySecuredServlet"); >> >> instead of >> >> .to("https4://<IP_ADDRESS>:<PORT_NUMBER>/MutualAuthentication/MutuallySecuredServlet?sslContextParameters=sslContextParameters"); >> >> >> >> >> You could do something like below to set SSL for Http4 in your code , it >> should work >> >> private void configureSslForHttp4(){ >> KeyStoreParameters ksp = new KeyStoreParameters(); >> ksp.setResource(truststoreLocation); >> ksp.setPassword(truststorePassword); >> TrustManagersParameters tmp = new TrustManagersParameters(); >> tmp.setKeyStore(ksp); >> SSLContextParameters scp = new SSLContextParameters(); >> scp.setTrustManagers(tmp); >> HttpComponent httpComponent = getContext().getComponent("https4", >> HttpComponent.class); >> httpComponent.setSslContextParameters(scp); >> } >> ---------- Forwarded message --------- >> From: Rohan Emmanuel [via Camel] <ml+s465427n5832635...@n5.nabble.com> >> Date: Mon, Apr 1, 2019 at 4:39 PM >> Subject: Re: HTTP4s handshake exception >> To: W.Y <wyan...@gmail.com> >> >> >> PS: keystore is to keep you own server's a pair of keys, truststore is to >> keep the remote server's certificate(public key) which you trust >> you could use one file for both , or you could separate them in two files. >> in your case, it is truststore file >> >> no, httpclient is not calling my route over https >> my route is the one which is invoking web application over SSL >> my route looks like this, hence the question >> i assume this is valid use case. >> I was not able to find any sample in this regard . please point me in the >> correct direction. >> >> >> >> from("netty4:tcp://127.0.0.1:9992?allowDefaultCodec=false >> <http://127.0.0.1:9992/?allowDefaultCodec=false> >> > ") >> > .setHeader(Exchange.HTTP_METHOD, >> > constant(HttpMethods.GET)) >> > >> > >> >> .to("https4://<IP_ADDRESS>:<PORT_NUMBER>/MutualAuthentication/MutuallySecuredServlet?sslContextParameters=sslContextParameters"); >> >> >> On Mon, Apr 1, 2019 at 7:03 PM Wang Yan <[hidden email] >> <http:///user/SendEmail.jtp?type=node&node=5832635&i=0>> wrote: >> >> > httpclient calling your route over https >> > >> > i assume you only using one way ssl. in this case at your route side's >> > code, you just need keystore, you could skip truststore setting >> > >> > the httpclient code which is calling your route, it need to set up >> > truststore >> > >> > >> > ---------- Forwarded message --------- >> > From: Rohan Emmanuel [via Camel] <[hidden email] >> <http:///user/SendEmail.jtp?type=node&node=5832635&i=1>> >> > Date: Mon, Apr 1, 2019 at 10:26 AM >> > Subject: Re: HTTP4s handshake exception >> > To: W.Y <[hidden email] >> <http:///user/SendEmail.jtp?type=node&node=5832635&i=2>> >> > >> > >> > where exactly i should specify trust store resource location while >> > configuring HTTP4s? >> > >> > KeyStoreParameters class provides setResouce , similarly ,how to specify >> > trust store ? >> > >> > On Sun, Mar 31, 2019 at 11:17 AM Rohan Emmanuel <[hidden email] >> > <http:///user/SendEmail.jtp?type=node&node=5832624&i=0>> >> > wrote: >> > >> > > any clues on the reasons for getting "java.net.SocketException: >> Software >> > > caused connection abort: recv failed" >> > > when using http4s? >> > > >> > > >> > > On Sun, Mar 31, 2019 at 10:08 AM Rohan Emmanuel < >> > > [hidden email] <http:// >> /user/SendEmail.jtp?type=node&node=5832624&i=1>> >> > wrote: >> > > >> > >> Can anyone point me to working HTTPS sample please? >> > >> >> > >> >> > >> On Sat, Mar 30, 2019 at 3:32 PM Rohan Emmanuel < >> > >> [hidden email] <http:// >> /user/SendEmail.jtp?type=node&node=5832624&i=2>> >> >> > wrote: >> > >> >> > >>> still getting Handshake exception:] >> > >>> not sure where i am going wrong >> > >>> >> > >>> java.net.SocketException: Software caused connection abort: recv >> failed >> > >>> at java.net.SocketInputStream.socketRead0(Native Method) >> ~[?:1.8.0_101] >> > >>> at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) >> > >>> ~[?:1.8.0_101] >> > >>> at java.net.SocketInputStream.read(SocketInputStream.java:170) >> > >>> ~[?:1.8.0_101] >> > >>> at java.net.SocketInputStream.read(SocketInputStream.java:141) >> > >>> ~[?:1.8.0_101] >> > >>> at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) >> > >>> ~[?:1.8.0_101] >> > >>> at sun.security.ssl.InputRecord.read(InputRecord.java:503) >> > ~[?:1.8.0_101] >> > >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) >> > >>> ~[?:1.8.0_101] >> > >>> at >> > >>> >> > >> > >> >> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) >> >> > >> > >>> ~[?:1.8.0_101] >> > >>> at >> > >>> >> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) >> > >>> ~[?:1.8.0_101] >> > >>> at >> > >>> >> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) >> > >>> ~[?:1.8.0_101] >> > >>> >> > >>> On Sat, Mar 30, 2019 at 2:28 PM Wang Yan <[hidden email] >> > <http:///user/SendEmail.jtp?type=node&node=5832624&i=3>> wrote: >> > >>> >> > >>>> You could do something like this to set SSL for Http4 >> > >>>> >> > >>>> private void configureSslForHttp4(){ >> > >>>> KeyStoreParameters ksp = new KeyStoreParameters(); >> > >>>> ksp.setResource(keystoreLocation); >> > >>>> ksp.setPassword(keystorePassword); >> > >>>> TrustManagersParameters tmp = new TrustManagersParameters(); >> > >>>> tmp.setKeyStore(ksp); >> > >>>> SSLContextParameters scp = new SSLContextParameters(); >> > >>>> scp.setTrustManagers(tmp); >> > >>>> HttpComponent httpComponent = getContext().getComponent("https4", >> > >>>> HttpComponent.class); >> > >>>> httpComponent.setSslContextParameters(scp); >> > >>>> } >> > >>>> >> > >>>> >> > >>>> ------------------------------ >> > >>>> If you reply to this email, your message will be added to the >> > discussion >> > >>>> below: >> > >>>> >> > >>>> >> > >> > >> >> http://camel.465427.n5.nabble.com/private-void-configureSslForHttp4-KeyStoreParameters-ksp-new-KeyStoreParameters-ksp-setResource-keys-tp5832522.html >> > >>>> To unsubscribe from Camel - Users, click here >> > >>>> < >> > >>>> > >> > >>>> . >> > >>>> NAML >> > >>>> < >> > >>>> >> > >> > >> >> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml >> > >>>> > >> > >>>> >> > >>> >> > >>> >> > >>> -- >> > >>> Regards, >> > >>> Rohan Emmanuel >> > >>> >> > >> >> > >> >> > >> -- >> > >> Regards, >> > >> Rohan Emmanuel >> > >> >> > > >> > > >> > > -- >> > > Regards, >> > > Rohan Emmanuel >> > > >> > >> > >> > -- >> > Regards, >> > Rohan Emmanuel >> > >> > >> > ------------------------------ >> > If you reply to this email, your message will be added to the discussion >> > below: >> > >> > >> >> http://camel.465427.n5.nabble.com/HTTP4s-handshake-exception-tp5832495p5832624.html >> > To unsubscribe from HTTP4s handshake exception, click here >> > < >> > > >> > . >> > NAML >> > < >> > >> >> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml >> > > >> > >> >> >> -- >> Regards, >> Rohan Emmanuel >> >> >> ------------------------------ >> If you reply to this email, your message will be added to the discussion >> below: >> >> http://camel.465427.n5.nabble.com/HTTP4s-handshake-exception-tp5832495p5832635.html >> To unsubscribe from HTTP4s handshake exception, click here >> < >> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5832495&code=d3lhbmJveEBnbWFpbC5jb218NTgzMjQ5NXwxMTU1MzAzODM= >> > >> . >> NAML >> < >> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml >> > >> > > > -- > Regards, > Rohan Emmanuel > -- Regards, Rohan Emmanuel
