java - 如何使用 camel 和 http-client 3 重现 javax.net.ssl.SSLHandshakeException 并修复它

Question

我有问题。我们与客户建立了安全连接。在本地，所有请求都很好地传递到远程服务器。但在演示中，我们有相同的 url，但管理员配置了证书，看起来证书是自签名证书，会引发以下异常:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed

我们使用 camel 2.10.1、http-client (3) 和 jetty 作为模拟器。如果我们只更改 1 行，我们可以发送到真实测试服务器或模拟器

 <camelContext id="myCamelContext" trace="true" xmlns="http://camel.apache.org/schema/spring">
        <endpoint id="myServiceUrl" uri="${my.proxy.service.uri}"/>
    </camelContext>
 <from uri="direct:my.service"/>
<to ref="myServiceUrl"/>


my.proxy.service.uri=jetty:http://simulator:18884/Transaction/

我在日志中发现了如下记录:

INFO (main) [SslContextFactory] No keystore or trust store configured.  ACCEPTING UNTRUSTED CERTIFICATES!!!!!

模拟器的请求很好，但我试图盲目修复演示问题，我找到了接受所有证书的解决方案，但它没有帮助:

import org.apache.camel.component.http.HttpClientConfigurer;
import org.apache.commons.httpclient.HttpClient;
import org.apache.http.conn.ClientConnectionManager;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.SingleClientConnManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;


import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.X509TrustManager;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;

public class MyHttpClientConfigurer implements HttpClientConfigurer {
    protected final Logger l = LoggerFactory.getLogger(getClass());

    @Override
    public void configureHttpClient(HttpClient httpClient) {
l.debug("*******************");
        try {
            SSLContext sslContext = SSLContext.getInstance("SSL");

// set up a TrustManager that trusts everything
            sslContext.init(null, new TrustManager[]{new X509TrustManager() {
                public X509Certificate[] getAcceptedIssuers() {
                    System.out.println("getAcceptedIssuers =============");
                    return null;
                }

                public void checkClientTrusted(X509Certificate[] certs,
                                               String authType) {
                    System.out.println("checkClientTrusted =============");
                }

                public void checkServerTrusted(X509Certificate[] certs,
                                               String authType) {
                    System.out.println("checkServerTrusted =============");
                }
            }}, new SecureRandom());

            SSLSocketFactory sf = new SSLSocketFactory(sslContext);
            Scheme httpsScheme = new Scheme("https", 443, sf);
            SchemeRegistry schemeRegistry = new SchemeRegistry();
            schemeRegistry.register(httpsScheme);

// apache HttpClient version >4.2 should use BasicClientConnectionManager
//            ClientConnectionManager cm = new SingleClientConnManager(schemeRegistry);
////            HttpClient httpClient = new DefaultHttpClient(cm);
//            httpClient = new HttpClient();
//httpClient.setHttpConnectionManager(cm);
        } catch (Exception e) {
        }

    }
}

并将其添加到路由中

 my.proxy.service.uri=jetty:http://simulator:18884/Transaction?httpClientConfigurerRef=myHttpClientConfigurer

当我发射到真正的测试服务器时

https://testserver.***.com/Transaction

在我的本地机器上一切正常，但在演示中我们遇到了 SSLHandshakeException

所以问题是:

1. 如何在本地重现异常 javax.net.ssl.SSLHandshakeException

2. 如何解决

Answer 1

我认为当你试图访问真正的测试服务器时，你仍然需要在uri中添加“httpClientConfigurerRef=myHttpClientConfigurer”选项。