Skip to content

Instantly share code, notes, and snippets.

@kameshsampath

kameshsampath/JavaRouter.java

Last active June 9, 2021 15:25
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kameshsampath/d6a55cafe4ab23593ccfd8e5e2451bcf to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kameshsampath/d6a55cafe4ab23593ccfd8e5e2451bcf to your computer and use it in GitHub Desktop.
Download ZIP
A Demo/example showing SSL/TLS Customization with Camel
Raw
camel-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">
<camelContext xmlns="http://camel.apache.org/schema/spring">
<routeBuilder ref="javaRouter" />
</camelContext>
<bean id="javaRouter" class="demo.JavaRouter" />
</beans>
Raw
JavaRouter.java
package demo;
import org.apache.camel.CamelContext;
import org.apache.camel.Endpoint;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.camel.util.jsse.KeyManagersParameters;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.util.jsse.SSLContextParameters;
import org.apache.camel.util.jsse.TrustManagersParameters;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
public class JavaRouter extends RouteBuilder {
@Override
public void configure() throws Exception {
Endpoint httpsEndpoint = setupSSLConext(getContext());
from("timer:demo")
.to(httpsEndpoint)
.choice()
.when(simple("${headers.CamelHttpResponseCode} == 200"))
.log("Success")
.otherwise()
.log("Failed");
}
private Endpoint setupSSLConext(CamelContext camelContext) throws Exception {
KeyStoreParameters keyStoreParameters = new KeyStoreParameters();
// Change this path to point to your truststore/keystore as jks files
keyStoreParameters.setResource("/etc/ssl/demo.jks");
keyStoreParameters.setPassword("password");
KeyManagersParameters keyManagersParameters = new KeyManagersParameters();
keyManagersParameters.setKeyStore(keyStoreParameters);
keyManagersParameters.setKeyPassword("password");
TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
trustManagersParameters.setKeyStore(keyStoreParameters);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(keyManagersParameters);
sslContextParameters.setTrustManagers(trustManagersParameters);
HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class);
httpComponent.setSslContextParameters(sslContextParameters);
//This is important to make your cert skip CN/Hostname checks
httpComponent.setX509HostnameVerifier(new AllowAllHostnameVerifier());
return httpComponent.createEndpoint("https4:demo.example.com");
}
}
Raw
JavaRouter2.java
package demo;
import org.apache.camel.CamelContext;
import org.apache.camel.Endpoint;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.camel.util.jsse.KeyManagersParameters;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.util.jsse.SSLContextParameters;
import org.apache.camel.util.jsse.TrustManagersParameters;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.security.cert.X509Certificate;
public class JavaRouter2 extends RouteBuilder {
@Override
public void configure() throws Exception {
Endpoint httpsEndpoint = setupSSLConext(getContext());
from("timer:demo")
.to(httpsEndpoint)
.choice()
.when(simple("${headers.CamelHttpResponseCode} == 200"))
.log("Success")
.otherwise()
.log("Failed");
}
private Endpoint setupSSLConext(CamelContext camelContext) throws Exception {
KeyStoreParameters keyStoreParameters = new KeyStoreParameters();
// Change this path to point to your truststore/keystore as jks files
keyStoreParameters.setResource("/etc/ssl/demo.jks");
keyStoreParameters.setPassword("password");
KeyManagersParameters keyManagersParameters = new KeyManagersParameters();
keyManagersParameters.setKeyStore(keyStoreParameters);
keyManagersParameters.setKeyPassword("password");
TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
trustManagersParameters.setKeyStore(keyStoreParameters);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(keyManagersParameters);
sslContextParameters.setTrustManagers(trustManagersParameters);
HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class);
httpComponent.setSslContextParameters(sslContextParameters);
//This is important to make your cert skip CN/Hostname checks
httpComponent.setX509HostnameVerifier(new X509HostnameVerifier() {
@Override
public void verify(String s, SSLSocket sslSocket) throws IOException {
}
@Override
public void verify(String s, X509Certificate x509Certificate) throws SSLException {
}
@Override
public void verify(String s, String[] strings, String[] strings1) throws SSLException {
}
@Override
public boolean verify(String s, SSLSession sslSession) {
//I don't mind just return true for all or you can add your own logic
return true;
}
});
return httpComponent.createEndpoint("https4:localhost");
}
}
@kameshsampath
Copy link
Author

kameshsampath commented Oct 19, 2016
edited
Loading

Steps:

  • Import the certificate from thrid party to truststore lets say demo.jks available at /etc/ssl/demo.jks
  • In the Camel Java Router set KeyStoreParameters and set it resoure to be /etc/ssl/demo.jks
  • Create a KeyManagersParameters and set its keyStore to be the object from previous step and its keystore password
  • Create a TrustManagersParameters and set its keyStore to be the object from step#2
  • Create SSLContextParameters and set it keyManagers from step#3 and trustManagers from step#4
  • Get the Camel HttpComponent form the context and set its sslContextParameters to object from step#5
  • !!! to avoid hostname/CN mismatch errors you can set the X509HostnameVerifier of the HttpComponent created in Step#6 to AllowAllHostnameVerifier there are other verifiers available and you can also provide your own implmentationX509HostnameVerifier, check the JavaRouter2 for a simple implementation of the same!!!
  • Now create and use the endpoint from the HttpComponent from step#8

Test:

  • Create an openssl certificate and use that to start a demo app in nginx lets say its created at /etc/ssl/nginx/ssl/my.crt
  • import the certificate to demo.jks using the keytool command keytool -v -import -file /etc/ssl/nginx/ssl/my.crt -alias demo -keystore /etc/ssl/demo.jks
  • Start the camel route using the JavaRouter.java
  • If the https conneciton is suceessful it will print "success" otherwise "failed"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment