Hi
This is either camel users or may be even CXF users list question, it is
most likely the old version of CXF, we have RS tests in CXF with
wildcard conduits
Trying newer Camel with the more recent CXF version should resolve it
Sergey
On 30/07/15 10:16, Myriam Khairallah wrote:
Hello,
for the record, we are using:
- Fuse ESB 7.1.0.fuse-047
- Camel 2.10.0.fuse-71-047
- CXF 2.6.0.fuse-71-047
- JDK 1.7
- JBOss EAP 6.3
and we encounter a problem using the Camel CXFRS component in combination
with an http-conduit definition.
It seems the wildcards one should be able to use in the http-conduit name is
not taken into account
(http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html#ClientHTTPTransport%28includingSSLsupport%29-Theconduitelement).
Here its definition in our bundle-context.xml:
<http:conduit name="*.http-conduit">
<http:tlsClientParameters disableCNCheck="true">
<sec:trustManagers>
<sec:keyStore type="JKS"
password="#{decryptedTruststorePassword}" file="${trustStore.file.ics}" />
</sec:trustManagers>
<sec:cipherSuitesFilter>
<sec:include>.*.*</sec:include>
<sec:exclude>.*40_.*</sec:exclude>
<sec:exclude>.*_RSA_WITH_DES_CBC_SHA.*</sec:exclude>
<sec:exclude>.*_RSA_WITH_3DES_EDE_CBC_SHA.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:client ReceiveTimeout="${cxfReceiveTimeout}"
ConnectionTimeout="${cxfConnectionTimeout}" ProxyServer="${proxy.server}"
ProxyServerPort="${proxy.port}" NonProxyHosts="${proxy.nonProxyHosts}" />
</http:conduit>
The Camel route, deployed on Fuse, uses the Camel CXFRS component for the
call of a REST service running on a JBOss server. A typical call would be:
cxfrs://https://localhost:8443/invitation-code-service/checkCode/param1/param2/param3
This leads to following log entries:
2015-07-30 08:35:29,477 | DEBUG | tp1076592703-174 | TrustDecisionUtil
| 120 - org.apache.cxf.cxf-rt-transports-http - 2.6.0.fuse-71-047 | No Trust
Decider for Conduit '{htt
ps://localhost:8443/invitation-code-service/checkCode/param1/param2/param3}WebClient.http-conduit'.
An afirmative Trust Decision is assumed.
2015-07-30 08:35:29,493 | DEBUG | tp1076592703-174 | PhaseInterceptorChain
| 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Invoking handleFault on
interceptor
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor@7d909223
2015-07-30 08:35:29,493 | DEBUG | tp1076592703-174 | PhaseInterceptorChain
| 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Invoking handleFault on
interceptor org.apache.cxf.interceptor.MessageSenderInterceptor@64e182ae
2015-07-30 08:35:29,493 | DEBUG | tp1076592703-174 | PhaseInterceptorChain
| 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Invoking handleFault on
interceptor org.apache.cxf.ws.policy.PolicyOutInterceptor@26da3556
2015-07-30 08:35:29,493 | WARN | tp1076592703-174 | PhaseInterceptorChain
| 90 - org.apache.cxf.cxf-api - 2.6.0.fuse-71-047 | Interceptor for
{https://localhost:8443/invitation-code-service/checkCode/param1/param2/param3}WebClient
has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:64)[90:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)[90:org.apache.cxf.cxf-api:2.6.0.fuse-71-047]
at
org.apache.cxf.jaxrs.client.WebClient.doChainedInvocation(WebClient.java:795)
at
org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:743)
at
org.apache.cxf.jaxrs.client.WebClient.doInvoke(WebClient.java:717)
at org.apache.cxf.jaxrs.client.WebClient.invoke(WebClient.java:262)
at
org.apache.camel.component.cxf.jaxrs.CxfRsProducer.invokeHttpClient(CxfRsProducer.java:155)
at
org.apache.camel.component.cxf.jaxrs.CxfRsProducer.process(CxfRsProducer.java:87)
at
org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
at
org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
at
org.apache.camel.processor.RoutingSlip$2.doInAsyncProducer(RoutingSlip.java:287)
at
org.apache.camel.impl.ProducerCache.doInAsyncProducer(ProducerCache.java:298)
at
org.apache.camel.processor.RoutingSlip.processExchange(RoutingSlip.java:280)
at
org.apache.camel.processor.RoutingSlip.doRoutingSlip(RoutingSlip.java:205)
at
org.apache.camel.processor.RoutingSlip.process(RoutingSlip.java:135)
at
org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
at
org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
at
org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
at
org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:73)
at
org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
at
org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
at
org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
at
org.apache.camel.processor.interceptor.TraceInterceptor.process(TraceInterceptor.java:163)
at
org.apache.camel.util.AsyncProcessorHelper.process(AsyncProcessorHelper.java:73)
at
org.apache.camel.processor.DelegateAsyncProcessor.processNext(DelegateAsyncProcessor.java:99)
at
org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:90)
at
org.apache.camel.fabric.FabricTraceProcessor.process(FabricTraceProcessor.java:81)
[...]
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
sun.security.ssl.Alerts.getSSLException(Alerts.java:192)[:1.7.0_72]
at
sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)[:1.7.0_72]
at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)[:1.7.0_72]
at
sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)[:1.7.0_72]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1439)[:1.7.0_72]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)[:1.7.0_72]
at
sun.security.ssl.Handshaker.processLoop(Handshaker.java:878)[:1.7.0_72]
at
sun.security.ssl.Handshaker.process_record(Handshaker.java:814)[:1.7.0_72]
at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)[:1.7.0_72]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)[:1.7.0_72]
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)[:1.7.0_72]
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)[:1.7.0_72]
at
sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)[:1.7.0_72]
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)[:1.7.0_72]
at
sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)[:1.7.0_72]
at
java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)[:1.7.0_72]
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)[:1.7.0_72]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1604)[120:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1530)[120:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1438)[120:org.apache.cxf.cxf-rt-transports-http:2.6.0.fuse-71-047]
... 266 more
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)[:1.7.0_72]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.7.0_72]
at
sun.security.validator.Validator.validate(Validator.java:260)[:1.7.0_72]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)[:1.7.0_72]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)[:1.7.0_72]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)[:1.7.0_72]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1421)[:1.7.0_72]
... 281 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)[:1.7.0_72]
at
java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)[:1.7.0_72]
at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)[:1.7.0_72]
... 287 more
If we define a fully http-conduit name like:
<http:conduit
name="{https://localhost:8443/invitation-code-service/checkCode/param1/param2/param3}WebClient.http-conduit";>
it works.
Obviously, we can't use the http-conduit definition this way, as param1,
param2 and param3 change for every call.
Why does it not work with wildcards ?
Regards,
Myriam
--
View this message in context:
http://camel.465427.n5.nabble.com/Use-CXFRS-component-in-combination-with-an-http-conduit-definition-with-wildcards-tp5770096.html
Sent from the Camel Development mailing list archive at Nabble.com.
--
Sergey Beryozkin
Talend Community Coders
http://coders.talend.com/
Blog: http://sberyozkin.blogspot.com
