我有问题。我们与客户建立了安全连接。在本地,所有请求都很好地传递到远程服务器。但在演示中,我们有相同的 url,但管理员配置了证书,看起来证书是自签名证书,会引发以下异常:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed
我们使用 camel 2.10.1、http-client (3) 和 jetty 作为模拟器。如果我们只更改 1 行,我们可以发送到真实测试服务器或模拟器
<camelContext id="myCamelContext" trace="true" xmlns="http://camel.apache.org/schema/spring">
<endpoint id="myServiceUrl" uri="${my.proxy.service.uri}"/>
</camelContext>
<from uri="direct:my.service"/>
<to ref="myServiceUrl"/>
my.proxy.service.uri=jetty:http://simulator:18884/Transaction/
我在日志中发现了如下记录:
INFO (main) [SslContextFactory] No keystore or trust store configured. ACCEPTING UNTRUSTED CERTIFICATES!!!!!
模拟器的请求很好,但我试图盲目修复演示问题,我找到了接受所有证书的解决方案,但它没有帮助:
import org.apache.camel.component.http.HttpClientConfigurer;
import org.apache.commons.httpclient.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
public class MyHttpClientConfigurer implements HttpClientConfigurer {
protected final Logger l = LoggerFactory.getLogger(getClass());
@Override
public void configureHttpClient(HttpClient httpClient) {
l.debug("*******************");
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[]{new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
System.out.println("getAcceptedIssuers =============");
return null;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkClientTrusted =============");
}
public void checkServerTrusted(X509Certificate[] certs,
String authType) {
System.out.println("checkServerTrusted =============");
}
}}, new SecureRandom());
SSLSocketFactory sf = new SSLSocketFactory(sslContext);
Scheme httpsScheme = new Scheme("https", 443, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(httpsScheme);
// apache HttpClient version >4.2 should use BasicClientConnectionManager
// ClientConnectionManager cm = new SingleClientConnManager(schemeRegistry);
//// HttpClient httpClient = new DefaultHttpClient(cm);
// httpClient = new HttpClient();
//httpClient.setHttpConnectionManager(cm);
} catch (Exception e) {
}
}
}
并将其添加到路由中
my.proxy.service.uri=jetty:http://simulator:18884/Transaction?httpClientConfigurerRef=myHttpClientConfigurer
当我发射到真正的测试服务器时
https://testserver.***.com/Transaction
在我的本地机器上一切正常,但在演示中我们遇到了 SSLHandshakeException
所以问题是:
如何在本地重现异常 javax.net.ssl.SSLHandshakeException
如何解决
最佳答案
我认为当你试图访问真正的测试服务器时,你仍然需要在uri中添加“httpClientConfigurerRef=myHttpClientConfigurer”选项。
关于java - 如何使用 camel 和 http-client 3 重现 javax.net.ssl.SSLHandshakeException 并修复它,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20183047/