camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claus Ibsen <claus.ib...@gmail.com>
Subject Re: Camel Http4 SSL mutual authentication info
Date Sat, 19 Jan 2013 08:18:03 GMT
Hi

Thanks for sharing your findings and suggestions for improving/fixing the docs.

As we love contributions you can help with the docs. We got som
details how to do that at
http://camel.apache.org/contributing.html

Read especially this
http://camel.apache.org/how-do-i-edit-the-website.html


On Thu, Jan 17, 2013 at 12:35 AM, santhosh <ramukhsohtnas.g@gmail.com> wrote:
> Hey i want to congratulate you guys on such wonderful documentation available
> for camel http for customising the http  client configurer.i have also found
> other docs sufficiently enough.That defenitely makes dev easy.
>
> I had few minor hickkups during configuring camel http4  config.i followed
> the doc which says
>
>  if you just want to specify the keystore and truststore you can do this
> with Apache HTTP HttpClientConfigurer, for example:
>
> KeyStore keystore = ...;
> KeyStore truststore = ...;
>
> SchemeRegistry registry = new SchemeRegistry();
> registry.register(new Scheme("https", 443, new SSLSocketFactory(keystore,
> "mypassword", truststore)));
>
> but if this was done ,though i could see from SSL logs the cert in trust
> store was recognised with message like "Adding cert X to trust store",when i
> hit the server, the ssl did not go through and server cert failed validation
> with message "peer not authenticated".I knew the server cert was in trust
> store as i could see in ssl log.I just changed these lines and got it
> working
>
> Replaced
>
> SchemeRegistry registry = new SchemeRegistry();
> registry.register(new Scheme("https", 443, new SSLSocketFactory(keystore,
> "yourpassword", truststore)));
>
> with
>  httpClient.getConnectionManager().getSchemeRegistry().register(new
> Scheme("https", socketFactory, 443));
>
> I just added the scheme to existing registry in httpClient.I dont know if
> you guys left the setting part in doc as you thought it is too simple to be
> figured out but i just thought it might help someone.
>
> crux of the code
>
> public void configureHttpClient(org.apache.http.client.HttpClient
> httpClient) {
>
>                 try {
>
>                         final BasicHttpParams httpParams = new BasicHttpParams();
>
>                         //if you want all host be rcognised irrespective of
> ones in cert
>                         HostnameVerifier hostnameVerifier =
> org.apache.http.conn.ssl.SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER;
>
>                         // load the keystore containing the client certificate - keystore
>                         // type is probably jks or pkcs12
>                         final KeyStore keystore = KeyStore.getInstance("jks");
>                         InputStream keystoreInput = new FileInputStream(new File(
>                                         "sslcerts/keystore.jks"));
>
>                         keystore.load(keystoreInput, "yourpassword".toCharArray());
>
>                         // load the trustore, leave it null to rely on cacerts distributed
>                         // with the JVM - truststore type is probably jks or pkcs12
>                         KeyStore truststore = KeyStore.getInstance("jks");
>                         InputStream truststoreInput = new FileInputStream(new File(
>                                         "sslcerts/truststore.jks"));
>
>                         truststore.load(truststoreInput, "password".toCharArray());
>
>
>                         SSLSocketFactory socketFactory = new SSLSocketFactory(keystore,
>                                         "store password", truststore);
>                         socketFactory
>                                         .setHostnameVerifier((X509HostnameVerifier) hostnameVerifier);
>
>                         httpClient.getConnectionManager().getSchemeRegistry().register(new
> Scheme("https", socketFactory, 443));
>
>                 } catch (Exception e) {
>                         // TODO remove and add log into DB
>                         e.printStackTrace();
>                 }
>
>         }
> }
>
> useful debugging info if you are using karaf/smx
> For turning on the ssl log in karaf which is mighty helpful i did add this
> in java options section in karaf.bat
> -Djavax.net.debug=all .This  might not be correct way but it works and this
> is the only way i could figure from internet :)
>
>
>
> --
> View this message in context: http://camel.465427.n5.nabble.com/Camel-Http4-SSL-mutual-authentication-info-tp5725666.html
> Sent from the Camel - Users mailing list archive at Nabble.com.



-- 
Claus Ibsen
-----------------
Red Hat, Inc.
FuseSource is now part of Red Hat
Email: cibsen@redhat.com
Web: http://fusesource.com
Twitter: davsclaus
Blog: http://davsclaus.com
Author of Camel in Action: http://www.manning.com/ibsen

Mime
View raw message