I've put this together
public class TestHttpClientConfigurer implements HttpClientConfigurer {
private static final File KEYSTORE = new
File("src/main/resources/config/certs/custom.jks");
private static final String PASSWORD = "password";
@Override
public void configureHttpClient(HttpClientBuilder clientBuilder) {
try {
KeyStore keyStore =
KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(new FileInputStream(KEYSTORE),
PASSWORD.toCharArray());
KeyStore trustStore =
KeyStore.getInstance(KeyStore.getDefaultType());
trustStore.load(new FileInputStream(KEYSTORE),
PASSWORD.toCharArray());
SSLContext sslContext = getSSLContext(keyStore,trustStore);
SSLConnectionSocketFactory sslConnectionSocketFactory = new
SSLConnectionSocketFactory(sslContext, new NoopHostnameVerifier()) {
@Override
protected void prepareSocket(SSLSocket socket) throws
IOException {
SNIHostName serverName = new
SNIHostName("www.example.com");
List<SNIServerName> serverNames = new ArrayList<>(1);
serverNames.add(serverName);
socket.getSSLParameters().setServerNames(serverNames);
super.prepareSocket(socket);
}
};
clientBuilder.setSSLSocketFactory(sslConnectionSocketFactory);
} catch (Exception e) {
e.printStackTrace();
}
}
protected SSLContext getSSLContext(KeyStore keyStore, KeyStore
trustStore) throws Exception {
KeyManagerFactory keyManagerFactory =
KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, PASSWORD.toCharArray());
TrustManagerFactory trustManagerFactory =
TrustManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
SSLContext sslcontext = SSLContext.getInstance("TLS");
sslcontext.init(keyManagerFactory.getKeyManagers(),
trustManagerFactory.getTrustManagers(), null);
return sslcontext;
}
}
And my route
https4://10.1.1.1:8301/post?httpClientConfigurer=testHttpClientConfigurer (registered
in Spring XML)
However, prepareSocket is never invoked, instead it's using the default
SSLConnectionSocketFactory..what am I missing?
TIA
- ioannis
Ioannis Mavroukakis <mailto:imavrouka...@gmail.com>
24 February 2016 at 10:42
https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-7.html
The link says "8" but the document mentions JDK 7
Claus Ibsen <mailto:claus.ib...@gmail.com>
24 February 2016 at 10:37
The javadoc for that SNI says its since java 1.8. But take a 2nd look
to be sure.
Yeah I would assume somewhere with that configurer you can control all
yourself. You may want to peak in the source of camel-http4 what
happens and to give you an idea how to setup the security.
You can of course also look at the http4 docs itself as that ought to
help as well.
On Wed, Feb 24, 2016 at 11:30 AM, Ioannis Mavroukakis
Ioannis Mavroukakis <mailto:imavrouka...@gmail.com>
24 February 2016 at 10:30
Thanks Claus, isn't this a Java 7 feature though?
I'm ok to try to do this manually, is the SSLContext something I could
get to from HttpClientConfigurer?
Claus Ibsen <mailto:claus.ib...@gmail.com>
24 February 2016 at 09:26
Hi
I logged a ticket to get this support in Camel when we are Java 8+
https://issues.apache.org/jira/browse/CAMEL-9638
Not sure how you do this today, but you likely need to setup all this
a bit manually and hook into http4 as a SslContext or something.
On Mon, Feb 22, 2016 at 2:56 PM, Ioannis Mavroukakis
Ioannis Mavroukakis <mailto:imavrouka...@gmail.com>
22 February 2016 at 13:56
Hello everyone.
I've been banging my head against a brick wall trying to figure out a
way to configure SNI on the http4 component.
According to
https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html#SNIExtension
the way to do it is as follows (emphasis, mine)
For the life of my however, I cannot figure out a way to do this,
either via the DSL (preferable) or programmatically. With respects to
the programmatic configuration, should I be using HttpClientConfigurer ?
TIA,
Ioannis
