SSL Configuration of the Camel 3.0.0 HTTP component in a blueprint route seems to be incomplete

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL Configuration of the Camel 3.0.0 HTTP component in a blueprint route seems to be incomplete

Gerald Kallas - mailbox.org
Dear community,

I'm using Karaf 4.2.7 with Camel 3.0.0. For calling an external HTTPS resource I need to configure the truststore for the Camel HTTP component. See my blueprint route below

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:camel="http://camel.apache.org/schema/blueprint">
<!-- set JMS connection factory -->
<bean id="jmsConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://localhost:61616" />
<property name="userName" value="admin" />
<property name="password" value="xxxxx" />
</bean>
<!-- set truststore -->
<camel:sslContextParameters id="sslContextParameters">
<camel:keyManagers keyPassword="xxxxx">
<camel:keyStore resource="/home/ec2-user/casisp-runtime/apache-karaf-4.2.7/etc/truststore.jks" password="xxxxx" />
</camel:keyManagers>
</camel:sslContextParameters>
<camelContext id="isp.routes.system.deployment" xmlns="http://camel.apache.org/schema/blueprint">
<route id="isp.routes.system.deployment">
<from uri="file:/tmp/in?include=.*\.xml&amp;moveFailed=error" />
<log message="isp.routes.system.deployment - Route started" />
<!-- set HTTP header values -->
<setHeader name="CamelHttpMethod">
<constant>GET</constant>
</setHeader>
<setHeader name="Content-Type">
<constant>application/json</constant>
</setHeader>
<setHeader name="Authorization">
<constant>Basic xxxxx</constant>
</setHeader>
<toD uri='https://ec2-3-124-33-3.eu-central-1.compute.amazonaws.com:8080/api/v2/data/integrationservice?filter={"deployDev": true}&amp;sslContextParameters=#sslContextParameters' />
<to uri="activemq:queue:IN" />
<log message="isp.routes.system.deployment.xml - Route finished" />
</route>
</camelContext>
</blueprint>

The truststore contains 1 self signed PEM cert from the destination.

Finally I'm still getting an error

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Do I still miss something?

Is there any other way to configure a truststore globally for the HTTP component?

Many thanks in advance for any comments and hints.

Best
- Gerald
Reply | Threaded
Open this post in threaded view
|

Re: SSL Configuration of the Camel 3.0.0 HTTP component in a blueprint route seems to be incomplete

Gerald Kallas - mailbox.org
Finally I did get the SSL config working.

1. I have added 2 lines at system.properties

javax.net.ssl.trustStore=${karaf.etc}/truststore.jks
javax.net.ssl.trustStorePassword=xxxxx

2. I've changed the route as following

<bean id="noopHostnameVerifier" class="org.apache.http.conn.ssl.NoopHostnameVerifier" />
<camelContext id="isp.routes.system.deployment" xmlns="http://camel.apache.org/schema/blueprint">
<route id="isp.routes.system.deployment">
<from uri="file:/tmp/in?include=.*\.xml&amp;moveFailed=error" />
...
<toD uri='https://anyhost.eu-central-1.compute.amazonaws.com:8080/...&amp; x509HostnameVerifier=noopHostnameVerifier' />

1. does set the trust store, 2. helped with certs that not match the hostname

Best
- Gerald

>     Gerald Kallas < [hidden email] mailto:[hidden email] > hat am 5. Januar 2020 um 14:50 geschrieben:
>
>
>     Dear community,
>
>     I'm using Karaf 4.2.7 with Camel 3.0.0. For calling an external HTTPS resource I need to configure the truststore for the Camel HTTP component. See my blueprint route below
>
>     <blueprint xmlns=" http://www.osgi.org/xmlns/blueprint/v1.0.0" http://www.osgi.org/xmlns/blueprint/v1.0.0
>     xmlns:camel=" http://camel.apache.org/schema/blueprint" http://camel.apache.org/schema/blueprint >
>     <!-- set JMS connection factory -->
>     <bean id="jmsConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
>     <property name="brokerURL" value="tcp://localhost:61616" />
>     <property name="userName" value="admin" />
>     <property name="password" value="xxxxx" />
>     </bean>
>     <!-- set truststore -->
>     <camel:sslContextParameters id="sslContextParameters">
>     <camel:keyManagers keyPassword="xxxxx">
>     <camel:keyStore resource="/home/ec2-user/casisp-runtime/apache-karaf-4.2.7/etc/truststore.jks" password="xxxxx" />
>     </camel:keyManagers>
>     </camel:sslContextParameters>
>     <camelContext id="isp.routes.system.deployment" xmlns=" http://camel.apache.org/schema/blueprint" http://camel.apache.org/schema/blueprint >
>     <route id="isp.routes.system.deployment">
>     <from uri="file:/tmp/in?include=.*\.xml&moveFailed=error" />
>     <log message="isp.routes.system.deployment - Route started" />
>     <!-- set HTTP header values -->
>     <setHeader name="CamelHttpMethod">
>     <constant>GET</constant>
>     </setHeader>
>     <setHeader name="Content-Type">
>     <constant>application/json</constant>
>     </setHeader>
>     <setHeader name="Authorization">
>     <constant>Basic xxxxx</constant>
>     </setHeader>
>     <toD uri=' https://ec2-3-124-33-3.eu-central-1.compute.amazonaws.com:8080/api/v2/data/integrationservice?filter={"deployDev": true}&sslContextParameters=#sslContextParameters' />
>     <to uri="activemq:queue:IN" />
>     <log message="isp.routes.system.deployment.xml - Route finished" />
>     </route>
>     </camelContext>
>     </blueprint>
>
>     The truststore contains 1 self signed PEM cert from the destination.
>
>     Finally I'm still getting an error
>
>     javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
>
>     Do I still miss something?
>
>     Is there any other way to configure a truststore globally for the HTTP component?
>
>     Many thanks in advance for any comments and hints.
>
>     Best
>     - Gerald
>