A Demo/example showing SSL/TLS Customization with Camel

camel-context.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="
       http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
       http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">

	<camelContext xmlns="http://camel.apache.org/schema/spring">
		<routeBuilder ref="javaRouter" />
	</camelContext>

	<bean id="javaRouter" class="demo.JavaRouter" />

</beans>

JavaRouter.java

package demo;

import org.apache.camel.CamelContext;
import org.apache.camel.Endpoint;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.camel.util.jsse.KeyManagersParameters;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.util.jsse.SSLContextParameters;
import org.apache.camel.util.jsse.TrustManagersParameters;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;


public class JavaRouter extends RouteBuilder {

    @Override
    public void configure() throws Exception {

        Endpoint httpsEndpoint = setupSSLConext(getContext());

        from("timer:demo")
                .to(httpsEndpoint)
                .choice()
                .when(simple("${headers.CamelHttpResponseCode} == 200"))
                .log("Success")
                .otherwise()
                .log("Failed");

    }

    private Endpoint setupSSLConext(CamelContext camelContext) throws Exception {

        KeyStoreParameters keyStoreParameters = new KeyStoreParameters();
        // Change this path to point to your truststore/keystore as jks files
        keyStoreParameters.setResource("/etc/ssl/demo.jks");
        keyStoreParameters.setPassword("password");

        KeyManagersParameters keyManagersParameters = new KeyManagersParameters();
        keyManagersParameters.setKeyStore(keyStoreParameters);
        keyManagersParameters.setKeyPassword("password");

        TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
        trustManagersParameters.setKeyStore(keyStoreParameters);

        SSLContextParameters sslContextParameters = new SSLContextParameters();
        sslContextParameters.setKeyManagers(keyManagersParameters);
        sslContextParameters.setTrustManagers(trustManagersParameters);

        HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class);
        httpComponent.setSslContextParameters(sslContextParameters);
        //This is important to make your cert skip CN/Hostname checks
        httpComponent.setX509HostnameVerifier(new AllowAllHostnameVerifier());

        return httpComponent.createEndpoint("https4:demo.example.com");
    }

}

JavaRouter2.java

package demo;

import org.apache.camel.CamelContext;
import org.apache.camel.Endpoint;
import org.apache.camel.builder.RouteBuilder;
import org.apache.camel.component.http4.HttpComponent;
import org.apache.camel.util.jsse.KeyManagersParameters;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.apache.camel.util.jsse.SSLContextParameters;
import org.apache.camel.util.jsse.TrustManagersParameters;
import org.apache.http.conn.ssl.AbstractVerifier;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
import org.apache.http.conn.ssl.X509HostnameVerifier;

import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.security.cert.X509Certificate;


public class JavaRouter2 extends RouteBuilder {

    @Override
    public void configure() throws Exception {

        Endpoint httpsEndpoint = setupSSLConext(getContext());

        from("timer:demo")
                .to(httpsEndpoint)
                .choice()
                .when(simple("${headers.CamelHttpResponseCode} == 200"))
                .log("Success")
                .otherwise()
                .log("Failed");

    }

    private Endpoint setupSSLConext(CamelContext camelContext) throws Exception {

        KeyStoreParameters keyStoreParameters = new KeyStoreParameters();
        // Change this path to point to your truststore/keystore as jks files
        keyStoreParameters.setResource("/etc/ssl/demo.jks");
        keyStoreParameters.setPassword("password");

        KeyManagersParameters keyManagersParameters = new KeyManagersParameters();
        keyManagersParameters.setKeyStore(keyStoreParameters);
        keyManagersParameters.setKeyPassword("password");

        TrustManagersParameters trustManagersParameters = new TrustManagersParameters();
        trustManagersParameters.setKeyStore(keyStoreParameters);

        SSLContextParameters sslContextParameters = new SSLContextParameters();
        sslContextParameters.setKeyManagers(keyManagersParameters);
        sslContextParameters.setTrustManagers(trustManagersParameters);

        HttpComponent httpComponent = camelContext.getComponent("https4", HttpComponent.class);
        httpComponent.setSslContextParameters(sslContextParameters);
        //This is important to make your cert skip CN/Hostname checks
        httpComponent.setX509HostnameVerifier(new X509HostnameVerifier() {
            @Override
            public void verify(String s, SSLSocket sslSocket) throws IOException {

            }

            @Override
            public void verify(String s, X509Certificate x509Certificate) throws SSLException {

            }

            @Override
            public void verify(String s, String[] strings, String[] strings1) throws SSLException {

            }

            @Override
            public boolean verify(String s, SSLSession sslSession) {
                //I don't mind just return true for all or you can add your own logic
                return true;
            }
        });

        return httpComponent.createEndpoint("https4:localhost");
    }

}

Steps:

• Import the certificate from thrid party to truststore lets say demo.jks available at /etc/ssl/demo.jks
• In the Camel Java Router set KeyStoreParameters and set it resoure to be /etc/ssl/demo.jks
• Create a KeyManagersParameters and set its keyStore to be the object from previous step and its keystore password
• Create a TrustManagersParameters and set its keyStore to be the object from step#2
• Create SSLContextParameters and set it keyManagers from step#3 and trustManagers from step#4
• Get the Camel HttpComponent form the context and set its sslContextParameters to object from step#5
• !!! to avoid hostname/CN mismatch errors you can set the X509HostnameVerifier of the HttpComponent created in Step#6 to AllowAllHostnameVerifier there are other verifiers available and you can also provide your own implmentationX509HostnameVerifier, check the JavaRouter2 for a simple implementation of the same!!!
• Now create and use the endpoint from the HttpComponent from step#8

Test:

• Create an openssl certificate and use that to start a demo app in nginx lets say its created at /etc/ssl/nginx/ssl/my.crt
• import the certificate to demo.jks using the keytool command keytool -v -import -file /etc/ssl/nginx/ssl/my.crt -alias demo -keystore /etc/ssl/demo.jks
• Start the camel route using the JavaRouter.java
• If the https conneciton is suceessful it will print "success" otherwise "failed"