Apache Camel配置SSL的CXF

系统环境：

java version "1.8.0_66"

apache camel: 2.15.2

一：创建证书，并导出公钥证书

二：

1: 加入maven依赖

<dependency>
	<groupId>org.apache.camel</groupId>
	<artifactId>camel-cxf</artifactId>
	<version>2.15.2</version>
</dependency>
<dependency>
	<groupId>org.apache.camel</groupId>
	<artifactId>camel-spring</artifactId>
	<version>2.15.2</version>
</dependency>
<dependency>
	<groupId>org.apache.cxf</groupId>
	<artifactId>cxf-rt-transports-http-jetty</artifactId>
	<version>3.0.4</version>
</dependency>

2：写一个接口，用户发布ws

package org.demo.cxf.api;

import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;

@WebService
public interface IBank
{
	@WebMethod(operationName="getBankName")
	public String getBankName(@WebParam(name="id") String id);
}

3：接口处理类

package org.demo.cxf.api;

import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.cxf.message.MessageContentsList;

public class ABC implements Processor
{
	public void process(Exchange exchange) throws Exception
	{
		MessageContentsList params = exchange.getIn().getBody(MessageContentsList.class);
		Object id = params.get(0);
		exchange.getOut().setBody("hello : " + id.toString());
	}
}

4：配置一个SSL的服务器

package org.demo.cxf.api;

import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;

import org.apache.cxf.configuration.jsse.TLSServerParameters;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;

/**
 * 配置一个SSL的服务器，占用一个端口
 */
public class ConfigSSLServer
{
	private String keyStoreFile;
	private String keyStorePassword;
	private String keyManagerPassword;
	private Integer port;
	
	public void startServer() throws Exception
	{
		TLSServerParameters tlsParams = new TLSServerParameters();
		tlsParams.setKeyManagers(getKeyManagers());
		tlsParams.setSecureSocketProtocol("TLS");
		
		JettyHTTPServerEngineFactory factory = new JettyHTTPServerEngineFactory();
		factory.setTLSServerParametersForPort(port, tlsParams);
	}
	
	private KeyManager[] getKeyManagers()throws Exception
	{
		if(keyManagerPassword == null)
		{
			keyManagerPassword = keyStorePassword;
		}
		
		InputStream input = null;
		
		try
		{
			KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
			input = new FileInputStream(keyStoreFile);
			ks.load(input, keyStorePassword.toCharArray());
			
			KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
			kmf.init(ks, keyManagerPassword.toCharArray());
			return kmf.getKeyManagers();
		}finally
		{
			if(input != null)
			{
				input.close();
			}
		}
	}
	public String getKeyManagerPassword()
	{
		return keyManagerPassword;
	}

	public void setKeyManagerPassword(String keyManagerPassword)
	{
		this.keyManagerPassword = keyManagerPassword;
	}
	public String getKeyStoreFile()
	{
		return keyStoreFile;
	}
	public void setKeyStoreFile(String keyStoreFile)
	{
		this.keyStoreFile = keyStoreFile;
	}
	public String getKeyStorePassword()
	{
		return keyStorePassword;
	}
	public void setKeyStorePassword(String keyStorePassword)
	{
		this.keyStorePassword = keyStorePassword;
	}
	public Integer getPort()
	{
		return port;
	}
	public void setPort(Integer port)
	{
		this.port = port;
	}
}

5：配置spring.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
	xmlns:camel="http://camel.apache.org/schema/spring"
	xmlns:cxf="http://camel.apache.org/schema/cxf"
	xsi:schemaLocation="
	   http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd
	   http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd
	   http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
	
	<!-- 启动一个SSL 服务器 -->
	<bean id="configSSLServer" class="org.demo.cxf.api.ConfigSSLServer" init-method="startServer">
		<property name="keyStoreFile" value="e:/jks/server.jks"/>
		<property name="keyStorePassword" value="123456"/>
		<property name="port" value="8443"/>
	</bean>

	<!-- 注意这里的8443端口，一定要和上面的SSL服务器的端口保持一致 -->
	<cxf:cxfEndpoint id="bankService" serviceClass="org.demo.cxf.api.IBank" address="https://0.0.0.0:8443/cxf/test">
	</cxf:cxfEndpoint>
	
	<bean id="ABC" class="org.demo.cxf.api.ABC" />

	<camelContext id="cxfCamelContext" xmlns="http://camel.apache.org/schema/spring">
		<route>
         	<from uri="bankService" />
         	<to uri="bean:ABC" />
       </route>
	</camelContext>

</beans>

6：启动服务器，看能否访问 https://127.0.0.1:8443/cxf/test?wsdl
7：编写客户端

package org.demo.cxf;

import java.io.FileInputStream;
import java.io.InputStream;
import java.security.KeyStore;

import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.transport.http.HTTPConduit;
import org.demo.cxf.api.IBank;

public class TestClient
{
	private static String keyStoreFile = "e:/jks/client.jks";
	private static String keyStorePassword = "123456";
	
	static TrustManager[] getTrustManagers()throws Exception
	{
		InputStream input = null;
		
		try
		{
			KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
			input = new FileInputStream(keyStoreFile);
			ks.load(input, keyStorePassword.toCharArray());
			
			TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
			tmf.init(ks);
			return tmf.getTrustManagers();
		}finally
		{
			if(input != null)
			{
				input.close();
			}
		}
	}
	
	public static void main(String[] args)throws Exception
	{
		JaxWsProxyFactoryBean factoryBean = new JaxWsProxyFactoryBean();  
		factoryBean.setAddress("https://127.0.0.1:8443/cxf/test?wsdl");
		factoryBean.setServiceClass(IBank.class);
		
		IBank bank = (IBank)factoryBean.create();
		
		Client client = ClientProxy.getClient(bank);  
		
		HTTPConduit httpConduit = (HTTPConduit)client.getConduit();  
    	
    	TLSClientParameters tlsParams = new TLSClientParameters();  
    	tlsParams.setDisableCNCheck(true);
    	tlsParams.setTrustManagers(getTrustManagers());
    	
    	httpConduit.setTlsClientParameters(tlsParams); 
		
		System.out.println(bank.getBankName("101"));
	}
}