Hey i want to congratulate you guys on such wonderful documentation available
for camel http for customising the http client configurer.i have also found
other docs sufficiently enough.That defenitely makes dev easy.
I had few minor hickkups during configuring camel http4 config.i followed
the doc which says
if you just want to specify the keystore and truststore you can do this
with Apache HTTP HttpClientConfigurer, for example:
KeyStore keystore = ...;
KeyStore truststore = ...;
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 443, new SSLSocketFactory(keystore,
"mypassword", truststore)));
but if this was done ,though i could see from SSL logs the cert in trust
store was recognised with message like "Adding cert X to trust store",when i
hit the server, the ssl did not go through and server cert failed validation
with message "peer not authenticated".I knew the server cert was in trust
store as i could see in ssl log.I just changed these lines and got it
working
Replaced
SchemeRegistry registry = new SchemeRegistry();
registry.register(new Scheme("https", 443, new SSLSocketFactory(keystore,
"yourpassword", truststore)));
with
httpClient.getConnectionManager().getSchemeRegistry().register(new
Scheme("https", socketFactory, 443));
I just added the scheme to existing registry in httpClient.I dont know if
you guys left the setting part in doc as you thought it is too simple to be
figured out but i just thought it might help someone.
crux of the code
public void configureHttpClient(org.apache.http.client.HttpClient
httpClient) {
try {
final BasicHttpParams httpParams = new
BasicHttpParams();
//if you want all host be rcognised irrespective of
ones in cert
HostnameVerifier hostnameVerifier =
org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
// load the keystore containing the client certificate
- keystore
// type is probably jks or pkcs12
final KeyStore keystore = KeyStore.getInstance("jks");
InputStream keystoreInput = new FileInputStream(new
File(
"sslcerts/keystore.jks"));
keystore.load(keystoreInput,
"yourpassword".toCharArray());
// load the trustore, leave it null to rely on cacerts
distributed
// with the JVM - truststore type is probably jks or
pkcs12
KeyStore truststore = KeyStore.getInstance("jks");
InputStream truststoreInput = new FileInputStream(new
File(
"sslcerts/truststore.jks"));
truststore.load(truststoreInput,
"password".toCharArray());
SSLSocketFactory socketFactory = new
SSLSocketFactory(keystore,
"store password", truststore);
socketFactory
.setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
httpClient.getConnectionManager().getSchemeRegistry().register(new
Scheme("https", socketFactory, 443));
} catch (Exception e) {
// TODO remove and add log into DB
e.printStackTrace();
}
}
}
useful debugging info if you are using karaf/smx
For turning on the ssl log in karaf which is mighty helpful i did add this
in java options section in karaf.bat
-Djavax.net.debug=all .This might not be correct way but it works and this
is the only way i could figure from internet :)
--
View this message in context:
http://camel.465427.n5.nabble.com/Camel-Http4-SSL-mutual-authentication-info-tp5725666.html
Sent from the Camel - Users mailing list archive at Nabble.com.
