1. 首頁
  2. 問答
  3. Apache Camel CXF:以編程方式添加TlsClientParameters

Apache Camel CXF:以編程方式添加TlsClientParameters

2016-03-03 128 views
0

我使用Apache Camel CXF作爲生產者調用SOAP Webservice。我不使用Spring配置,但以編程方式執行所有操作(我是初學者,希望避免學習Spring和Apache Camel)。 Webservice使用帶有自簽名證書的SSL。我把它添加到信任,並希望能夠將它添加到CxfEndpoint類似我如何與https4做到了:Apache Camel CXF:以編程方式添加TlsClientParameters

KeyStoreParameters ksp = new KeyStoreParameters(); 
ksp.setResource("src/main/resources/truststore.jks"); 
ksp.setPassword("..."); 

KeyManagersParameters kmp = new KeyManagersParameters(); 
kmp.setKeyStore(ksp); 
kmp.setKeyPassword("..."); 

SSLContextParameters scp = new SSLContextParameters(); 
scp.setKeyManagers(kmp); 

CamelContext context = new DefaultCamelContext(); 
context.addRoutes(routeBuilder); 

HttpComponent httpComponent = context.getComponent("https4", HttpComponent.class); 
httpComponent.setSslContextParameters(scp);

- 但似乎不與CxfComponent工作。我發現了很多關於使用Spring添加TlsClientParameters和配置CxfEndpoint的文檔,例如:apache camel cxf https not workingCalling secure webservice using CXF and Camel。但是我沒有找到關於如何爲我做了https4甚至在路線定義,這是一個信任簡單地添加到組件的任何提示:

from(ENDPOINT_URI) 
.setProperty(SecurityConstants.PASSWORD, constant(PASSWORD)) 
.setProperty(SecurityConstants.USERNAME, constant(USERNAME)) 
.to("cxf://" + SERVICE_URL + "?" + 
    "wsdlURL=" + WSDL_URL + "&" + 
     "serviceName=" + SERVICE_NAME + "&" + 
     "portName=" + PORT_NAME + "&" + 
     "dataFormat=CXF_MESSAGE&" + 
     "synchronous=true&" + 
     "defaultOperationName=" + DEFAULT_OPERATION_NAME) 
.streamCaching();

我想這一定是一個很簡單的問題,所以我仍然期望有一些簡單的方法可以簡單地添加信任庫(或者甚至接受任何證書,因爲它在我們的用例中並不相關)。如果有一個簡單的編程方法,我會非常高興。有人知道嗎?

來源

2016-03-03 heedz

回答

0

我通過將證書添加到jre/lib/cacerts中的JVMs truststore來解決此問題。這是可行的,因爲我可以訪問運行應用程序的機器上的JVM。這似乎是最簡單的解決方案。

更新

如果有人有興趣在一個更妥善的解決辦法:CxfEndpoint提供影響HTTPConduit和TLS參數的裝置。這是修改後的代碼:

  • 添加「cxfEndpointConfigurer = SageEndpointConfigurer」到CXF端點參數
  • 創建端點「SageEndpointConfigurer」時,會使用類型轉換器解決
  • 的TypeConverter,增加的該類型轉換器註冊上下文,即直接在RouteBuilder getContext().getTypeConverterRegistry().addTypeConverter(CxfEndpointConfigurer.class, String.class, new SageEndpointConfigurerConverter());

  • 配置TLSParameters,只是從TypeConverter的返回CxfEndpointConfigurer

    private class SageEndpointConfigurerConverter extends TypeConverterSupport { 

@Override 
public <T> T convertTo(Class<T> type, Exchange exchange, Object value) throws TypeConversionException { 
    CxfEndpointConfigurer configurer = new CxfEndpointConfigurer() { 
     @Override 
     public void configure(AbstractWSDLBasedEndpointFactory factoryBean) { 
      // do nothing 
     } 

     @Override 
     public void configureClient(Client client) { 
      URLConnectionHTTPConduit conduit = (URLConnectionHTTPConduit) client.getConduit(); 
      TLSClientParameters tlsParams = new TLSClientParameters(); 
      tlsParams.setDisableCNCheck(true); 
      tlsParams.setTrustManagers(new TrustManager[]{new TrustAllTrustManager()}); 
      conduit.setTlsClientParameters(tlsParams); 
     } 

     @Override 
     public void configureServer(Server server) { 
      //do nothing 
     } 
    }; 
    return (T) configurer; 
} 
}

  • 的TrustAllManager被實現這樣的

    public class TrustAllTrustManager implements X509TrustManager { 

private static Logger LOG = LoggerFactory.getLogger(TrustAllTrustManager.class); 

@Override 
public void checkClientTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException { 
//do nothing, trust all certificates 
logMessage(x509Certificates, authType); 
} 

@Override 
public void checkServerTrusted(X509Certificate[] x509Certificates, String authType) throws CertificateException { 
//do nothing, trust all certificates 
logMessage(x509Certificates, authType); 
} 

@Override 
public X509Certificate[] getAcceptedIssuers() { 
return new X509Certificate[0]; 
} 

private void logMessage(X509Certificate[] x509Certificates, String authType) { 
StringBuilder message = new StringBuilder(); 
String lineSeparator = System.getProperty("line.separator"); 
message.append("Trusted following certificates for authentication type '").append(authType).append("'").append(lineSeparator); 
for (X509Certificate certificate : x509Certificates) { 
    message.append(certificate).append(lineSeparator); 
} 
LOG.trace(message.toString()); 
} 
}

來源

2016-03-12 21:40:52 heedz

相關問題

 相關問題