Last active
June 9, 2021 15:25
-
-
Save kameshsampath/d6a55cafe4ab23593ccfd8e5e2451bcf to your computer and use it in GitHub Desktop.
A Demo/example showing SSL/TLS Customization with Camel
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation=" | |
| http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd"> | |
| <camelContext xmlns="http://camel.apache.org/schema/spring"> | |
| <routeBuilder ref="javaRouter" /> | |
| </camelContext> | |
| <bean id="javaRouter" class="demo.JavaRouter" /> | |
| </beans> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package demo; | |
| import org.apache.camel.CamelContext; | |
| import org.apache.camel.Endpoint; | |
| import org.apache.camel.builder.RouteBuilder; | |
| import org.apache.camel.component.http4.HttpComponent; | |
| import org.apache.camel.util.jsse.KeyManagersParameters; | |
| import org.apache.camel.util.jsse.KeyStoreParameters; | |
| import org.apache.camel.util.jsse.SSLContextParameters; | |
| import org.apache.camel.util.jsse.TrustManagersParameters; | |
| import org.apache.http.conn.ssl.AllowAllHostnameVerifier; | |
| public class JavaRouter extends RouteBuilder { | |
| @Override | |
| public void configure() throws Exception { | |
| Endpoint httpsEndpoint = setupSSLConext(getContext()); | |
| from("timer:demo") | |
| .to(httpsEndpoint) | |
| .choice() | |
| .when(simple("${headers.CamelHttpResponseCode} == 200")) | |
| .log("Success") | |
| .otherwise() | |
| .log("Failed"); | |
| } | |
| private Endpoint setupSSLConext(CamelContext camelContext) throws Exception { | |
| KeyStoreParameters keyStoreParameters = new KeyStoreParameters(); | |
| // Change this path to point to your truststore/keystore as jks files | |
| keyStoreParameters.setResource("/etc/ssl/demo.jks"); | |
| keyStoreParameters.setPassword("password"); | |
| KeyManagersParameters keyManagersParameters = new KeyManagersParameters(); | |
| keyManagersParameters.setKeyStore(keyStoreParameters); | |
| keyManagersParameters.setKeyPassword("password"); | |
| TrustManagersParameters trustManagersParameters = new TrustManagersParameters(); | |
| trustManagersParameters.setKeyStore(keyStoreParameters); | |
| SSLContextParameters sslContextParameters = new SSLContextParameters(); | |
| sslContextParameters.setKeyManagers(keyManagersParameters); | |
| sslContextParameters.setTrustManagers(trustManagersParameters); | |
| HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class); | |
| httpComponent.setSslContextParameters(sslContextParameters); | |
| //This is important to make your cert skip CN/Hostname checks | |
| httpComponent.setX509HostnameVerifier(new AllowAllHostnameVerifier()); | |
| return httpComponent.createEndpoint("https4:demo.example.com"); | |
| } | |
| } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package demo; | |
| import org.apache.camel.CamelContext; | |
| import org.apache.camel.Endpoint; | |
| import org.apache.camel.builder.RouteBuilder; | |
| import org.apache.camel.component.http4.HttpComponent; | |
| import org.apache.camel.util.jsse.KeyManagersParameters; | |
| import org.apache.camel.util.jsse.KeyStoreParameters; | |
| import org.apache.camel.util.jsse.SSLContextParameters; | |
| import org.apache.camel.util.jsse.TrustManagersParameters; | |
| import org.apache.http.conn.ssl.AbstractVerifier; | |
| import org.apache.http.conn.ssl.AllowAllHostnameVerifier; | |
| import org.apache.http.conn.ssl.X509HostnameVerifier; | |
| import javax.net.ssl.SSLException; | |
| import javax.net.ssl.SSLSession; | |
| import javax.net.ssl.SSLSocket; | |
| import java.io.IOException; | |
| import java.security.cert.X509Certificate; | |
| public class JavaRouter2 extends RouteBuilder { | |
| @Override | |
| public void configure() throws Exception { | |
| Endpoint httpsEndpoint = setupSSLConext(getContext()); | |
| from("timer:demo") | |
| .to(httpsEndpoint) | |
| .choice() | |
| .when(simple("${headers.CamelHttpResponseCode} == 200")) | |
| .log("Success") | |
| .otherwise() | |
| .log("Failed"); | |
| } | |
| private Endpoint setupSSLConext(CamelContext camelContext) throws Exception { | |
| KeyStoreParameters keyStoreParameters = new KeyStoreParameters(); | |
| // Change this path to point to your truststore/keystore as jks files | |
| keyStoreParameters.setResource("/etc/ssl/demo.jks"); | |
| keyStoreParameters.setPassword("password"); | |
| KeyManagersParameters keyManagersParameters = new KeyManagersParameters(); | |
| keyManagersParameters.setKeyStore(keyStoreParameters); | |
| keyManagersParameters.setKeyPassword("password"); | |
| TrustManagersParameters trustManagersParameters = new TrustManagersParameters(); | |
| trustManagersParameters.setKeyStore(keyStoreParameters); | |
| SSLContextParameters sslContextParameters = new SSLContextParameters(); | |
| sslContextParameters.setKeyManagers(keyManagersParameters); | |
| sslContextParameters.setTrustManagers(trustManagersParameters); | |
| HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class); | |
| httpComponent.setSslContextParameters(sslContextParameters); | |
| //This is important to make your cert skip CN/Hostname checks | |
| httpComponent.setX509HostnameVerifier(new X509HostnameVerifier() { | |
| @Override | |
| public void verify(String s, SSLSocket sslSocket) throws IOException { | |
| } | |
| @Override | |
| public void verify(String s, X509Certificate x509Certificate) throws SSLException { | |
| } | |
| @Override | |
| public void verify(String s, String[] strings, String[] strings1) throws SSLException { | |
| } | |
| @Override | |
| public boolean verify(String s, SSLSession sslSession) { | |
| //I don't mind just return true for all or you can add your own logic | |
| return true; | |
| } | |
| }); | |
| return httpComponent.createEndpoint("https4:localhost"); | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps:
KeyStoreParametersand set it resoure to be /etc/ssl/demo.jksKeyManagersParametersand set itskeyStoreto be the object from previous step and its keystore passwordTrustManagersParametersand set itskeyStoreto be the object from step#2SSLContextParametersand set itkeyManagersfrom step#3 andtrustManagersfrom step#4HttpComponentform the context and set itssslContextParametersto object from step#5X509HostnameVerifierof theHttpComponentcreated in Step#6 toAllowAllHostnameVerifierthere are other verifiers available and you can also provide your own implmentationX509HostnameVerifier, check theJavaRouter2for a simple implementation of the same!!!HttpComponentfrom step#8Test:
demo.jksusing the keytool commandkeytool -v -import -file /etc/ssl/nginx/ssl/my.crt -alias demo -keystore /etc/ssl/demo.jksJavaRouter.java