最近需要实现一个功能。在camel框架内,call通外部的service。用postman测试这条链接的时候,设置好Authorization Params Headers Body,plus,还需设置SSL certificate verification 为OFF, then 可以call 通。
设置SSL certificate verification 的截图:
不同版本的postman设置SSL certificate verification 的位置不同,我使用的版本是Version 6.5.2。
花了几天时间去查在camel框架中如何忽略SSL校验,都不成功,原因在于:
1 camel 耦合性强,需要去翻阅camel http4官方文档去查参数,试验,较难;
2 网上大部分是用设置证书来call通的,确实,如果可以获取到被call链接的cert和password,可以实现;
3 网上还有一部分回答是有瑕疵的,导致实现不了。
网上的一些附上的代码,这里的SchmeRegistry是重新new的,是错误的。需要从参数client来生成才会设置生效。(在同事的指导下解决该问题的)
so在camel中,需要设置忽略SSL校验。设置方法如下:
新建类 SSLHttpClientConfigurer.java
import org.apache.camel.component.http4.HttpClientConfigurer;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
public class SSLHttpClientConfigurer implements HttpClientConfigurer {
@Override
public void configureHttpClient(HttpClient client) {
X509TrustManager tm = new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
};
try {
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, new TrustManager[] { tm }, null);
SchemeRegistry sr = client.getConnectionManager().getSchemeRegistry(); //[in many blogs, it shows that the SchemeRegistry is a new object, but it is not really.]
sr.register(new Scheme("https", 443, new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)));
} catch (NoSuchAlgorithmException e) {
} catch (KeyManagementException e) {
}
}
}
And the uri should be set like this:
public static final String URI = "https4://xxx" +
"?bridgeEndpoint=true" +
"&throwExceptionOnFailure=false" +
"&authMethod=Basic" +
"&authUsername=XXX" +
"&authPassword=XXX" +
"&proxyAuthScheme=http4" +
"&proxyAuthHost=XXX" +
"&proxyAuthPort=XXX" +
"&httpClientConfigurer=sSLHttpClientConfigurer";
plus 如需设置Params,Header,Body:[在call service前处理]
exchange.getIn().setHeader(Exchange.CONTENT_TYPE, APPLICATION_JSON);
exchange.getIn().setHeader(Exchange.HTTP_METHOD, constant(org.apache.camel.component.http4.HttpMethods.POST));
exchange.getIn().setHeader(Exchange.HTTP_QUERY, constant("XXX=XXX"));
exchange.getIn().setHeader("XXX", constant("XXX"));
and add this jndi binding here:
public class SimpleTest extends CamelTestSupport {
@Override
public RouteBuilder createRouteBuilder() throws Exception
{
return new AladdinRouteBuilder();
}
/*@Override
protected CamelContext createCamelContext() throws Exception {
CamelContext context = super.createCamelContext();
Map pros = new HashMap();
pros.put("http.proxyHost","intpxy6.hk.hsbc");
pros.put("http.proxyPort","8080");
context.setProperties(pros);
return context;
}*/
@Override
public JndiRegistry createRegistry() throws Exception{
JndiRegistry jndi = super.createRegistry();
//jndi.bind("x509HostnameVerifier",new AllowAllHostnameVerifier());
jndi.bind("myHttpClientConfigurer",new SSLHttpClientConfigurer());
return jndi;
}
@Test
public void simpleTest(){
template.sendBody("direct:sampleTest","Hello");
}
}
then it will be successful.
用证书来实现的代码附上:[在call service前处理]
// certfiticate
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("XXX.jks"); //证书生成的jks文件
ksp.setPassword("XXX");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword("changeit");
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setSecureSocketProtocol("SSL");
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);