camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Roman Vottner <r...@gmx.at>
Subject Re: Send messages to remote SSL/TLSv1.2 enabled rest endpoints?
Date Mon, 23 Oct 2017 13:24:11 GMT
Are you attempting an SSL connection with a self-signed certificate? I guess the server endpoints
are working fine via https if accessed via a browser? 

You should follow this guide (https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
<https://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html>)
which suggests to add "-Djavax.net <http://djavax.net/>.debug=all" as startup argument
to your server startup in order to enable debug tracing for SSL connections. If you see something
like „null cert chain“ in the log on attempting to connect to the server and also something
like „found key for : server chain [0] = [ … ]“ you should check what the server is
expecting here. Probably the client keystone doesn’t contain the cert the server is expecting
(further reading: https://stackoverflow.com/questions/4421536/java-ssl-clientside-authentication-with-self-signed-certificates
<https://stackoverflow.com/questions/4421536/java-ssl-clientside-authentication-with-self-signed-certificates>).
As you provide the key- and truststore data via javax.net.ssl properties, keep in mind that
these are only used if a default SSL context is used (as EJP mentioned in a comment) but not
if one is constructed via getInstance().

> Am 23.10.2017 um 14:18 schrieb Steve973 [via Camel] <ml+s465427n5814765h66@n5.nabble.com>:
> 
> Hello.  I asked a similar question on Friday, but I do not think that I was 
> specific enough about what I am intending to do.  I am using camel 2.19.2, 
> and I am currently attempting to use the http4 component.  In my pom, I am 
> including camel-spring-boot-starter, camel-http4, and camel-gson 
> 
> I am writing a Spring Boot messaging service so that deployed services can 
> register to receive certain message types that other services would 
> publish.  Interested services would register for a message type with the 
> messaging service by providing a REST url that the message service can use 
> by posting the message to it. 
> 
> My route is currently configured as follows: 
> 
> from("vm:messageStart") 
>     .routeId("messageStart") 
>     .process(messageSubscriberListHeaderProcessor) 
>     .marshal().json(JsonLibrary.Gson) 
>     .recipientList(header("messageSubscriberList")) 
>     .delimiter(",") 
>     .parallelProcessing(); 
> 
> The processor gets a list of REST URLs from a repository that has that 
> information: 
> 
> @Override 
> public void process(Exchange exchange) throws Exception { 
>     Message in = exchange.getIn(); 
>     MyMessage message = in.getBody(MyMessage.class); 
>     MessageType messageType = message.getMessageType(); 
>     String messageSubscriberList = repository 
>         .findOne(messageType) 
>         .getSubscriberUris() 
>         .stream() 
>         .map(uri -> uri.replace("https:", "https4:")) 
>         .map(uri -> uri.replace("http:", "http4:")) 
>         .map(uri -> uri.concat("?useSystemProperties=true")) 
>         .collect(Collectors.joining(",")); 
>     in.setHeader("messageSubscriberList", messageSubscriberList) 
> } 
> 
> When I deploy the app to tomcat, tomcat has the system properties for all 
> of the relevant javax.net.ssl.-prefixed properties: trustStore, 
> trustStorePassword, trustStoreType, keyStore, keyStorePassword, 
> keyStorePasswordType.  When I try to use my "/publish" endpoint to send a 
> message to "vm:messageStart", and when it attempts to send the message to 
> the recipient list, I get the same error for each recipient: 
> "javax.net.ssl.SSLHandshakeException: Received fatal alert: 
> bad_certificate". 
> 
> Note that for the purposes of testing, I also have the messaging service 
> listening to the following rest endpoints: /rest/1, /rest/2, and /rest/3. 
> The subscriber list contains the urls: https://server_host:8443/rest/1 <https://server_host:8443/rest/1>,

> https://server_host:8443/rest/2 <https://server_host:8443/rest/2>, and https://server_host:8443/rest/3
<https://server_host:8443/rest/3>.  So 
> it isn't a matter of one server being configured with one trust store and 
> another server being configured with a different trust store.  This is a 
> service trying to post data to its own endpoints. 
> 
> Does anyone have some idea about how I have configured this incorrectly? 
> Thanks in advance for any insight that anyone can provide. 
> 
> 
> If you reply to this email, your message will be added to the discussion below:
> http://camel.465427.n5.nabble.com/Send-messages-to-remote-SSL-TLSv1-2-enabled-rest-endpoints-tp5814765.html
<http://camel.465427.n5.nabble.com/Send-messages-to-remote-SSL-TLSv1-2-enabled-rest-endpoints-tp5814765.html>
> To unsubscribe from Camel - Users, click here <http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=465428&code=cm92b0BnbXguYXR8NDY1NDI4fC04OTkzMjQ3MzM=>.
> NAML <http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message