Re: HTTP4s handshake exception

Tue, 02 Apr 2019 22:55:29 -0700 

Wang Yan,
thanks a lot for the clarification. Much appreciated.
I was able to get this working with one way authentication as per your
suggestion. My webserver (wildfly) was verifying CLIENT and it was failing.
When i changed the webserver configuration to not VERIFY the client, the
handshake was successful and i was able to invoke the servlet.

In case of two -way authentication, i would need to have keystore on the
client side as well correct? how to configure truststore as well as
keystore on the route(which in my case is the client trying to establish
connection to web server)?




On Mon, Apr 1, 2019 at 8:27 PM Wang Yan <wyan...@gmail.com> wrote:

> Ok in this case you just need truststore , it should cotain server
> certifcate of  <IP_ADDRESS>
>
> you could use
>
> .to("https4://<IP_ADDRESS>:<PORT_NUMBER>/MutualAuthentication/MutuallySecuredServlet");
>
> instead of
>
> .to("https4://<IP_ADDRESS>:<PORT_NUMBER>/MutualAuthentication/MutuallySecuredServlet?sslContextParameters=sslContextParameters");
>
>
>
>
>  You could do something like below to set SSL for Http4 in your code , it
> should work
>
> private void configureSslForHttp4(){
> KeyStoreParameters ksp = new KeyStoreParameters();
> ksp.setResource(truststoreLocation);
> ksp.setPassword(truststorePassword);
> TrustManagersParameters tmp = new TrustManagersParameters();
> tmp.setKeyStore(ksp);
> SSLContextParameters scp = new SSLContextParameters();
> scp.setTrustManagers(tmp);
> HttpComponent httpComponent = getContext().getComponent("https4",
> HttpComponent.class);
> httpComponent.setSslContextParameters(scp);
> }
> ---------- Forwarded message ---------
> From: Rohan Emmanuel [via Camel] <ml+s465427n5832635...@n5.nabble.com>
> Date: Mon, Apr 1, 2019 at 4:39 PM
> Subject: Re: HTTP4s handshake exception
> To: W.Y <wyan...@gmail.com>
>
>
> PS: keystore is to keep you own server's a pair of keys, truststore is to
> keep the remote server's certificate(public key) which you trust
> you could use one file for both , or you could separate them in two files.
> in your case, it is truststore file
>
> no,  httpclient is not calling my route  over https
> my route is the one which is invoking web application over SSL
> my route looks like this, hence the question
> i assume this is valid use case.
> I was not able to find any sample in this regard . please point me in the
> correct direction.
>
>
>
>    from("netty4:tcp://127.0.0.1:9992?allowDefaultCodec=false
> <http://127.0.0.1:9992/?allowDefaultCodec=false>
> > ")
> >                 .setHeader(Exchange.HTTP_METHOD,
> > constant(HttpMethods.GET))
> >
> >
>
> .to("https4://<IP_ADDRESS>:<PORT_NUMBER>/MutualAuthentication/MutuallySecuredServlet?sslContextParameters=sslContextParameters");
>
>
> On Mon, Apr 1, 2019 at 7:03 PM Wang Yan <[hidden email]
> <http:///user/SendEmail.jtp?type=node&node=5832635&i=0>> wrote:
>
> > httpclient calling your route  over https
> >
> > i assume you only using one way ssl. in this case at your route side's
> > code, you just need keystore, you could skip truststore setting
> >
> > the httpclient code which is calling your route, it need to set up
> > truststore
> >
> >
> > ---------- Forwarded message ---------
> > From: Rohan Emmanuel [via Camel] <[hidden email]
> <http:///user/SendEmail.jtp?type=node&node=5832635&i=1>>
> > Date: Mon, Apr 1, 2019 at 10:26 AM
> > Subject: Re: HTTP4s handshake exception
> > To: W.Y <[hidden email]
> <http:///user/SendEmail.jtp?type=node&node=5832635&i=2>>
> >
> >
> > where exactly i should specify trust store resource location while
> > configuring HTTP4s?
> >
> > KeyStoreParameters class provides setResouce , similarly ,how to specify
> > trust store ?
> >
> > On Sun, Mar 31, 2019 at 11:17 AM Rohan Emmanuel <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=5832624&i=0>>
> > wrote:
> >
> > > any clues on the reasons for getting "java.net.SocketException:
> Software
> > > caused connection abort: recv failed"
> > > when using http4s?
> > >
> > >
> > > On Sun, Mar 31, 2019 at 10:08 AM Rohan Emmanuel <
> > > [hidden email] <http://
> /user/SendEmail.jtp?type=node&node=5832624&i=1>>
> > wrote:
> > >
> > >> Can anyone point me to working HTTPS sample please?
> > >>
> > >>
> > >> On Sat, Mar 30, 2019 at 3:32 PM Rohan Emmanuel <
> > >> [hidden email] <http://
> /user/SendEmail.jtp?type=node&node=5832624&i=2>>
>
> > wrote:
> > >>
> > >>> still getting Handshake exception:]
> > >>> not sure where i am going wrong
> > >>>
> > >>> java.net.SocketException: Software caused connection abort: recv
> failed
> > >>> at java.net.SocketInputStream.socketRead0(Native Method)
> ~[?:1.8.0_101]
> > >>> at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
> > >>> ~[?:1.8.0_101]
> > >>> at java.net.SocketInputStream.read(SocketInputStream.java:170)
> > >>> ~[?:1.8.0_101]
> > >>> at java.net.SocketInputStream.read(SocketInputStream.java:141)
> > >>> ~[?:1.8.0_101]
> > >>> at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
> > >>> ~[?:1.8.0_101]
> > >>> at sun.security.ssl.InputRecord.read(InputRecord.java:503)
> > ~[?:1.8.0_101]
> > >>> at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
> > >>> ~[?:1.8.0_101]
> > >>> at
> > >>>
> >
> >
>
> sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
>
> >
> > >>> ~[?:1.8.0_101]
> > >>> at
> > >>>
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
> > >>> ~[?:1.8.0_101]
> > >>> at
> > >>>
> sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
> > >>> ~[?:1.8.0_101]
> > >>>
> > >>> On Sat, Mar 30, 2019 at 2:28 PM Wang Yan <[hidden email]
> > <http:///user/SendEmail.jtp?type=node&node=5832624&i=3>> wrote:
> > >>>
> > >>>> You could do something like this to set SSL for Http4
> > >>>>
> > >>>> private void configureSslForHttp4(){
> > >>>> KeyStoreParameters ksp = new KeyStoreParameters();
> > >>>> ksp.setResource(keystoreLocation);
> > >>>> ksp.setPassword(keystorePassword);
> > >>>> TrustManagersParameters tmp = new TrustManagersParameters();
> > >>>> tmp.setKeyStore(ksp);
> > >>>> SSLContextParameters scp = new SSLContextParameters();
> > >>>> scp.setTrustManagers(tmp);
> > >>>> HttpComponent httpComponent = getContext().getComponent("https4",
> > >>>> HttpComponent.class);
> > >>>> httpComponent.setSslContextParameters(scp);
> > >>>> }
> > >>>>
> > >>>>
> > >>>> ------------------------------
> > >>>> If you reply to this email, your message will be added to the
> > discussion
> > >>>> below:
> > >>>>
> > >>>>
> >
> >
>
> http://camel.465427.n5.nabble.com/private-void-configureSslForHttp4-KeyStoreParameters-ksp-new-KeyStoreParameters-ksp-setResource-keys-tp5832522.html
> > >>>> To unsubscribe from Camel - Users, click here
> > >>>> <
> > >>>> >
> > >>>> .
> > >>>> NAML
> > >>>> <
> > >>>>
> >
> >
>
> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
> > >>>> >
> > >>>>
> > >>>
> > >>>
> > >>> --
> > >>> Regards,
> > >>> Rohan Emmanuel
> > >>>
> > >>
> > >>
> > >> --
> > >> Regards,
> > >> Rohan Emmanuel
> > >>
> > >
> > >
> > > --
> > > Regards,
> > > Rohan Emmanuel
> > >
> >
> >
> > --
> > Regards,
> > Rohan Emmanuel
> >
> >
> > ------------------------------
> > If you reply to this email, your message will be added to the discussion
> > below:
> >
> >
>
> http://camel.465427.n5.nabble.com/HTTP4s-handshake-exception-tp5832495p5832624.html
> > To unsubscribe from HTTP4s handshake exception, click here
> > <
> > >
> > .
> > NAML
> > <
> >
>
> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
> > >
> >
>
>
> --
> Regards,
> Rohan Emmanuel
>
>
> ------------------------------
> If you reply to this email, your message will be added to the discussion
> below:
>
> http://camel.465427.n5.nabble.com/HTTP4s-handshake-exception-tp5832495p5832635.html
> To unsubscribe from HTTP4s handshake exception, click here
> <
> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5832495&code=d3lhbmJveEBnbWFpbC5jb218NTgzMjQ5NXwxMTU1MzAzODM=
> >
> .
> NAML
> <
> http://camel.465427.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml
> >
>


-- 
Regards,
Rohan Emmanuel

Reply via email to