Re: Camel-Jetty SSL-REST Consumer

Tue, 08 Jun 2021 00:03:45 -0700 

Hi

Try with Java 11, and also try with Camel 3.10.0

On Tue, Jun 8, 2021 at 8:34 AM Jörg Jansen
<joerg.jan...@inform-software.com> wrote:
>
> Hi everybody,
>
> while migrating from camel2 to camel3, I currently have a problem running our 
> REST services with SSL.
> My used environment is:
>     Camel: 3.7.4
>     Karaf: 4.3.2
>     Java: 15
>     REST-Consumer: camel-jetty
>
> Configuring pax-web with my certificates works fine.
> But when I configure the JettyComponent with the needed SSL-configuration I 
> receive a 'No available authentication scheme' error.
>
> My configuration looks as followed:
> **********************************************************************************************************************************************************
>     JettyHttpComponent jettyComponent = context.getComponent("jetty", 
> JettyHttpComponent.class);
>
>     jettyComponent.setKeystore(configuration.getSslKeyStore());
>     jettyComponent.setSslPassword(configuration.getSslKeyStorePass());
>     jettyComponent.setSslKeyPassword(configuration.getSslKeyPass());
>
>     KeyStoreParameters ksp = new KeyStoreParameters();
>     ksp.setCamelContext(context);
>     ksp.setResource("{{sslKeyStore}}");
>     ksp.setPassword("{{sslKeyStorePass}}");
>
>     KeyManagersParameters kmp = new KeyManagersParameters();
>     kmp.setCamelContext(context);
>     kmp.setKeyStore(ksp);
>     kmp.setKeyPassword("{{sslKeyPass}}");
>
>     FilterParameters sslProtocollFilter = new FilterParameters();
>     sslProtocollFilter.getIncludePatterns().add(Pattern.compile("TLS.*"));
>     sslProtocollFilter.getExclude().add("SSL3");
>
>     SSLContextParameters sslContextParameters = new SSLContextParameters();
>     sslContextParameters.setSecureSocketProtocolsFilter(sslProtocollFilter);
>     sslContextParameters.setKeyManagers(kmp);
>
>     FilterParameters sslCipherFilter = new FilterParameters();
>     sslCipherFilter.getIncludePatterns().add(Pattern.compile(".*"));
>
>     jettyComponent.setSslContextParameters(sslContextParameters);
> **********************************************************************************************************************************************************
>
> The error message, when enabling TLS-handshake is:
> **********************************************************************************************************************************************************
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.097 
> CEST|X509Authentication.java:301|No X.509 cert selected for EC
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.098 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> ecdsa_secp256r1_sha256
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.370 
> CEST|X509Authentication.java:301|No X.509 cert selected for RSA
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.371 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> rsa_pss_rsae_sha256
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 
> CEST|X509Authentication.java:301|No X.509 cert selected for RSA
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> rsa_pkcs1_sha256
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.708 
> CEST|X509Authentication.java:301|No X.509 cert selected for EC
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.709 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> ecdsa_secp384r1_sha384
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 
> CEST|X509Authentication.java:301|No X.509 cert selected for RSA
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> rsa_pss_rsae_sha384
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.371 
> CEST|X509Authentication.java:301|No X.509 cert selected for RSA
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.372 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> rsa_pkcs1_sha384
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 
> CEST|X509Authentication.java:301|No X.509 cert selected for RSA
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> rsa_pss_rsae_sha512
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 
> CEST|X509Authentication.java:301|No X.509 cert selected for RSA
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> rsa_pkcs1_sha512
>     javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 
> CEST|X509Authentication.java:301|No X.509 cert selected for RSA
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 
> CEST|CertificateMessage.java:1067|Unavailable authentication scheme: 
> rsa_pkcs1_sha1
>     javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 
> CEST|CertificateMessage.java:1077|No available authentication scheme
>     javax.net.ssl|ERROR|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 
> CEST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): No available 
> authentication scheme (
>     "throwable" : {
>       javax.net.ssl.SSLHandshakeException: No available authentication scheme
> **********************************************************************************************************************************************************
>
> Does anybody has a hint, what might be the problem?
> Running the same on camel2 with jdk 8 works well.
>
> Kind regards,
> Joerg



-- 
Claus Ibsen
-----------------
http://davsclaus.com @davsclaus
Camel in Action 2: https://www.manning.com/ibsen2

Reply via email to