我正在使用Apache Camel使用SOAP服务,并且该服务托管在自签名证书上以用于开发目的。
我尝试将证书导入密钥库但失败了,因为证书没有有效的CN。
我试图忽略证书错误或信任所有证书。我如何使用producerTemplate来做到这一点。
Exchange exchangeRequest = producerTemplate.request(endpoint,
new Processor() {
public void process(Exchange exchange) throws Exception {
exchange.getIn().setBody(payload);
if (headermap != null && headermap.size() > 0) {
exchange.getIn().setHeaders(headermap);
}
if (soapHeader != null && !soapHeader.equals("")) {
exchange.getIn()
.setHeader(
SpringWebserviceConstants.SPRING_WS_SOAP_HEADER,
soapHeader);
}
}
});
不确定我用Camel方式做了什么,但这对我有用。刚刚编写了一个使用JAVA信任所有证书的方法,并在使用Camel ProducerTemplate发出请求之前调用它。
public void trustall() throws NoSuchAlgorithmException, KeyManagementException, IOException {
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = new HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
};
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
URL url = new URL(endpoint);
URLConnection con = url.openConnection();
Reader reader = new InputStreamReader(con.getInputStream());
while (true) {
int ch = reader.read();
if (ch == -1) {
break;
}
System.out.print((char) ch);
}
}
试图使用Samy answer作为消费者,但它不起作用。这是trustAllCerts的客户端变体(函数样式,因为我使用的是Talend Open Studio):
java.util.function.Consumer<org.apache.cxf.service.factory.AbstractServiceFactoryBean> trustAllCerts = sfb -> {
TrustManager[] trustAllCerts_ = new TrustManager[] {
new X509TrustManager() {
@Override
public X509Certificate[] getAcceptedIssuers() { return null;}
@Override
public void checkServerTrusted(X509Certificate[] certs, String authType) throws CertificateException {}
@Override
public void checkClientTrusted(X509Certificate[] certs, String authType) throws CertificateException {}
}
};
org.apache.cxf.Bus theBus = org.apache.cxf.bus.CXFBusFactory.getThreadDefaultBus();
((FactoryBeanListenerManager)theBus.getExtension(FactoryBeanListenerManager.class))
.addListener((evnt, sfb_, args) -> {
if (evnt != org.apache.cxf.service.factory.FactoryBeanListener.Event.CLIENT_CREATED) return;
TLSClientParameters tlsParams = new TLSClientParameters();
tlsParams.setTrustManagers(trustAllCerts_);
tlsParams.setDisableCNCheck(true);
WebClient.getConfig((WebClient)args[0]).getHttpConduit().setTlsClientParameters(tlsParams);
});
sfb.setBus(theBus);
};