最近需要實現一個功能。在camel框架內,call通外部的service。用postman測試這條鏈接的時候,設置好Authorization Params Headers Body,plus,還需設置SSL certificate verification 為OFF, then 可以call 通。
設置SSL certificate verification 的截圖:
不同版本的postman設置SSL certificate verification 的位置不同,我使用的版本是Version 6.5.2。
花了幾天時間去查在camel框架中如何忽略SSL校驗,都不成功,原因在於:
1 camel 耦合性強,需要去翻閱camel http4官方文檔去查參數,試驗,較難;
2 網上大部分是用設置證書來call通的,確實,如果可以獲取到被call鏈接的cert和password,可以實現;
3 網上還有一部分回答是有瑕疵的,導致實現不了。
網上的一些附上的代碼,這里的SchmeRegistry是重新new的,是錯誤的。需要從參數client來生成才會設置生效。(在同事的指導下解決該問題的)
so在camel中,需要設置忽略SSL校驗。設置方法如下:
新建類 SSLHttpClientConfigurer.java
import org.apache.camel.component.http4.HttpClientConfigurer;
import org.apache.http.client.HttpClient;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.KeyManagementException;
import java.security.NoSuchAlgorithmException;
public class SSLHttpClientConfigurer implements HttpClientConfigurer {
@Override
public void configureHttpClient(HttpClient client) {
X509TrustManager tm = new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
return null;
}
@Override
public void checkClientTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
@Override
public void checkServerTrusted(
java.security.cert.X509Certificate[] arg0, String arg1)
throws java.security.cert.CertificateException {
}
};
try {
SSLContext ctx = SSLContext.getInstance("SSL");
ctx.init(null, new TrustManager[] { tm }, null);
SchemeRegistry sr = client.getConnectionManager().getSchemeRegistry(); //[in many blogs, it shows that the SchemeRegistry is a new object, but it is not really.]
sr.register(new Scheme("https", 443, new SSLSocketFactory(ctx,SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER)));
} catch (NoSuchAlgorithmException e) {
} catch (KeyManagementException e) {
}
}
}
And the uri should be set like this:
public static final String URI = "https4://xxx" +
"?bridgeEndpoint=true" +
"&throwExceptionOnFailure=false" +
"&authMethod=Basic" +
"&authUsername=XXX" +
"&authPassword=XXX" +
"&proxyAuthScheme=http4" +
"&proxyAuthHost=XXX" +
"&proxyAuthPort=XXX" +
"&httpClientConfigurer=sSLHttpClientConfigurer";
plus 如需設置Params,Header,Body:[在call service前處理]
exchange.getIn().setHeader(Exchange.CONTENT_TYPE, APPLICATION_JSON);
exchange.getIn().setHeader(Exchange.HTTP_METHOD, constant(org.apache.camel.component.http4.HttpMethods.POST));
exchange.getIn().setHeader(Exchange.HTTP_QUERY, constant("XXX=XXX"));
exchange.getIn().setHeader("XXX", constant("XXX"));
and add this jndi binding here:
public class SimpleTest extends CamelTestSupport {
@Override
public RouteBuilder createRouteBuilder() throws Exception
{
return new AladdinRouteBuilder();
}
/*@Override
protected CamelContext createCamelContext() throws Exception {
CamelContext context = super.createCamelContext();
Map pros = new HashMap();
pros.put("http.proxyHost","intpxy6.hk.hsbc");
pros.put("http.proxyPort","8080");
context.setProperties(pros);
return context;
}*/
@Override
public JndiRegistry createRegistry() throws Exception{
JndiRegistry jndi = super.createRegistry();
//jndi.bind("x509HostnameVerifier",new AllowAllHostnameVerifier());
jndi.bind("myHttpClientConfigurer",new SSLHttpClientConfigurer());
return jndi;
}
@Test
public void simpleTest(){
template.sendBody("direct:sampleTest","Hello");
}
}
then it will be successful.
用證書來實現的代碼附上:[在call service前處理]
// certfiticate
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("XXX.jks"); //證書生成的jks文件
ksp.setPassword("XXX");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword("changeit");
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setSecureSocketProtocol("SSL");
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);