如何使用Apache Camel + SSL接收电子邮件？

Question

我正在尝试使用Apache Camel通过IMAPS阅读电子邮件。

编辑：服务器使用自签名证书。 我已经配置了一个密钥库，并验证它可以在JavaMail上运行。

我已按照此处和此处包含的信息配置Apache Camel以将密钥库与自签名证书一起使用。

这是我的测试代码：

    @Test
    public void test() throws Exception {
        System.setProperty("javax.net.debug", "all");

        DefaultCamelContext camelContext;

        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setResource("src/test/resources/config/ssl/keystore");
        ksp.setPassword("password");
        TrustManagersParameters tmp = new TrustManagersParameters();
        tmp.setKeyStore(ksp);
        SSLContextParameters scp = new SSLContextParameters();
        scp.setTrustManagers(tmp);
        SimpleRegistry registry = new SimpleRegistry();
        registry.put("sslContextParameters", scp);

        camelContext = new DefaultCamelContext(registry);

        RouteBuilder route = new RouteBuilder() {

            @Override
            public void configure() throws Exception {

                from(startEndpoint()).to("log:mail");
            }

        };

        try {
            camelContext.addRoutes(route);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }

        camelContext.start();

        Thread.sleep(60 * 1000);
    }

    private String startEndpoint() {
        return "imaps://myserver.mydomain?username=myuser&password=mypassword&sslContextParameters=#sslContextParameters";
    }

如果失败并出现以下错误：

Camel (camel-1) thread #0 - imaps://myserver.mydomain, SEND TLSv1 ALERT:  fatal, 

description = certificate_unknown
Camel (camel-1) thread #0 - imaps://myserver.mydomain, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E                               .......
Camel (camel-1) thread #0 - imaps://myserver.mydomain, called closeSocket()
Camel (camel-1) thread #0 - imaps://myserver.mydomain, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
May 27, 2014 2:23:17 PM com.liferay.portal.kernel.log.Jdk14LogImpl warn
WARNING: Consumer Consumer[imaps://myserver.mydomain?password=xxxxxx&sslContextParameters=%23sslContextParameters&username=myuser] failed polling endpoint: Endpoint[imaps://myserver.mydomain?password=xxxxxx&sslContextParameters=%23sslContextParameters&username=myuser]. Will try again at next poll. Caused by: [javax.mail.MessagingException - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:670)
        <snipped>

我尝试将mail.imaps.ssl.trust参数添加到URI。

我可以看到证书不知道，但我不明白为什么。 我也尝试使用标准的javax.net.ssl.trustStore参数，这些参数也不起作用。

我究竟做错了什么？

Answer 1

看起来您的服务器证书可能是“自签名”的，请查看此文档以获取解决方案。

Answer 2

我尝试将mail.imaps.ssl.trust参数添加到URI。

通过Camel设置mail.imaps.ssl.trust对我来说也不起作用。 我使用的是Java Mail 1.4.2，并且必须发现在1.4.3（ Changelog ）中添加了mail.imaps.ssl.trust支持。