Hi I suggest to look at the jetty component class and see what can be configured there, and where that dummy comes from
On Tue, Jun 8, 2021 at 10:48 AM Jörg Jansen <[email protected]> wrote: > > Hi Claus, > thank you for you fast feedback. > Unfortunately, using jdk11 with camel 3.10.0 has still the same result. > > While debugging the behavior, and comparing the web app connection and the > REST connection, I could see, that the SSLContext of the webapp contains a > SNIX509ExtendedKeyManager, > while the context of the jetty component contains a DummyX509KeyManager. > I think this is a hint of the root cause. > > Is there any possibility to set the wanted KeyManager? > > Regards, > Joerg > > -----Original Message----- > From: Claus Ibsen <[email protected]> > Sent: Dienstag, 8. Juni 2021 09:03 > To: [email protected] > Subject: Re: Camel-Jetty SSL-REST Consumer > > Hi > > Try with Java 11, and also try with Camel 3.10.0 > > On Tue, Jun 8, 2021 at 8:34 AM Jörg Jansen <[email protected]> > wrote: > > > > Hi everybody, > > > > while migrating from camel2 to camel3, I currently have a problem running > > our REST services with SSL. > > My used environment is: > > Camel: 3.7.4 > > Karaf: 4.3.2 > > Java: 15 > > REST-Consumer: camel-jetty > > > > Configuring pax-web with my certificates works fine. > > But when I configure the JettyComponent with the needed SSL-configuration I > > receive a 'No available authentication scheme' error. > > > > My configuration looks as followed: > > ********************************************************************************************************************************************************** > > JettyHttpComponent jettyComponent = context.getComponent("jetty", > > JettyHttpComponent.class); > > > > jettyComponent.setKeystore(configuration.getSslKeyStore()); > > jettyComponent.setSslPassword(configuration.getSslKeyStorePass()); > > jettyComponent.setSslKeyPassword(configuration.getSslKeyPass()); > > > > KeyStoreParameters ksp = new KeyStoreParameters(); > > ksp.setCamelContext(context); > > ksp.setResource("{{sslKeyStore}}"); > > ksp.setPassword("{{sslKeyStorePass}}"); > > > > KeyManagersParameters kmp = new KeyManagersParameters(); > > kmp.setCamelContext(context); > > kmp.setKeyStore(ksp); > > kmp.setKeyPassword("{{sslKeyPass}}"); > > > > FilterParameters sslProtocollFilter = new FilterParameters(); > > sslProtocollFilter.getIncludePatterns().add(Pattern.compile("TLS.*")); > > sslProtocollFilter.getExclude().add("SSL3"); > > > > SSLContextParameters sslContextParameters = new SSLContextParameters(); > > sslContextParameters.setSecureSocketProtocolsFilter(sslProtocollFilter); > > sslContextParameters.setKeyManagers(kmp); > > > > FilterParameters sslCipherFilter = new FilterParameters(); > > sslCipherFilter.getIncludePatterns().add(Pattern.compile(".*")); > > > > jettyComponent.setSslContextParameters(sslContextParameters); > > ********************************************************************** > > ********************************************************************** > > ************** > > > > The error message, when enabling TLS-handshake is: > > ********************************************************************************************************************************************************** > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.097 > > CEST|X509Authentication.java:301|No X.509 cert selected for EC > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.098 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > ecdsa_secp256r1_sha256 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.370 > > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.371 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > rsa_pss_rsae_sha256 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 > > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.686 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > rsa_pkcs1_sha256 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:45.708 > > CEST|X509Authentication.java:301|No X.509 cert selected for EC > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:45.709 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > ecdsa_secp384r1_sha384 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 > > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.014 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > rsa_pss_rsae_sha384 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.371 > > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.372 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > rsa_pkcs1_sha384 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 > > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:46.718 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > rsa_pss_rsae_sha512 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 > > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.088 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > rsa_pkcs1_sha512 > > javax.net.ssl|ALL|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 > > CEST|X509Authentication.java:301|No X.509 cert selected for RSA > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.565 > > CEST|CertificateMessage.java:1067|Unavailable authentication scheme: > > rsa_pkcs1_sha1 > > javax.net.ssl|WARNING|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 > > CEST|CertificateMessage.java:1077|No available authentication scheme > > javax.net.ssl|ERROR|01 E1|qtp899741955-481|2021-06-08 07:47:47.568 > > CEST|TransportContext.java:361|Fatal (HANDSHAKE_FAILURE): No available > > authentication scheme ( > > "throwable" : { > > javax.net.ssl.SSLHandshakeException: No available authentication > > scheme > > ********************************************************************** > > ********************************************************************** > > ************** > > > > Does anybody has a hint, what might be the problem? > > Running the same on camel2 with jdk 8 works well. > > > > Kind regards, > > Joerg > > > > -- > Claus Ibsen > ----------------- > http://davsclaus.com @davsclaus > Camel in Action 2: https://www.manning.com/ibsen2 -- Claus Ibsen ----------------- http://davsclaus.com @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
