How to receive email using Apache Camel + SSL?

Question

I am trying to read email using Apache Camel over IMAPS.

EDIT: The server is using a self-signed certificate. I have configured a keystore and have verified it working over JavaMail.

I have followed the information contained here and here to configure Apache Camel to use the keystore with the self signed certificate.

Here is my test code:

    @Test
    public void test() throws Exception {
        System.setProperty("javax.net.debug", "all");

        DefaultCamelContext camelContext;

        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setResource("src/test/resources/config/ssl/keystore");
        ksp.setPassword("password");
        TrustManagersParameters tmp = new TrustManagersParameters();
        tmp.setKeyStore(ksp);
        SSLContextParameters scp = new SSLContextParameters();
        scp.setTrustManagers(tmp);
        SimpleRegistry registry = new SimpleRegistry();
        registry.put("sslContextParameters", scp);

        camelContext = new DefaultCamelContext(registry);

        RouteBuilder route = new RouteBuilder() {

            @Override
            public void configure() throws Exception {

                from(startEndpoint()).to("log:mail");
            }

        };

        try {
            camelContext.addRoutes(route);
        } catch (Exception e) {
            throw new RuntimeException(e);
        }

        camelContext.start();

        Thread.sleep(60 * 1000);
    }

    private String startEndpoint() {
        return "imaps://myserver.mydomain?username=myuser&password=mypassword&sslContextParameters=#sslContextParameters";
    }

If fails with the following error:

Camel (camel-1) thread #0 - imaps://myserver.mydomain, SEND TLSv1 ALERT:  fatal, 

description = certificate_unknown
Camel (camel-1) thread #0 - imaps://myserver.mydomain, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E                               .......
Camel (camel-1) thread #0 - imaps://myserver.mydomain, called closeSocket()
Camel (camel-1) thread #0 - imaps://myserver.mydomain, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
May 27, 2014 2:23:17 PM com.liferay.portal.kernel.log.Jdk14LogImpl warn
WARNING: Consumer Consumer[imaps://myserver.mydomain?password=xxxxxx&sslContextParameters=%23sslContextParameters&username=myuser] failed polling endpoint: Endpoint[imaps://myserver.mydomain?password=xxxxxx&sslContextParameters=%23sslContextParameters&username=myuser]. Will try again at next poll. Caused by: [javax.mail.MessagingException - sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
javax.mail.MessagingException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target;
  nested exception is:
        javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:670)
        <snipped>

I have tried adding mail.imaps.ssl.trust parameter to the URI.

I can see that the certificate is not known, but I don't understand why. I have also tried using the standard javax.net.ssl.trustStore parameters which doesn't work either.

What am I doing wrong?

Have you had a look at this link http://stackoverflow.com/questions/6908948/java-sun-security-provider-certpath-suncertpathbuilderexception-unable-to-find and this link http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/ — Namphibian, May 27 '14 at 22:06
@Namphibian Yes, as mentioned in the question I have already configured the keystore, which works successfully using a separate basic JavaMail test so that's good, hence why I think I am missing something in the Camel configuration. — Tim, May 28 '14 at 05:17

score 1 · Answer 1 · answered Sep 16 '15 at 08:48

1

I have tried adding mail.imaps.ssl.trust parameter to the URI.

Setting the mail.imaps.ssl.trust via Camel didn't work for me, too. I was using Java Mail 1.4.2 and had to find out that mail.imaps.ssl.trust support had been added in 1.4.3 (Changelog).

answered Sep 16 '15 at 08:48

thokuest

5,800
24
36

score 0 · Answer 2 · answered May 29 '14 at 06:28

0

It looks like your server certificates may be "self-signed", please check out this document for solution.

answered May 29 '14 at 06:28

Willem Jiang

3,291
1
14
14

Yes, I know my server certifiate is self signed. If you look at my post, I have configued the keystore. And my comment to @Namphibian I re-iterate that the keystore is not the problem. It works successfully with JavaMail, so I'm missing something Camel specific. – Tim May 29 '14 at 09:01
Did you run the JavaMail program and Camel application in the same box? You may find a solution here http://stackoverflow.com/questions/21076179/pkix-path-building-failed-and-unable-to-find-valid-certification-path-to-requ. – Willem Jiang May 30 '14 at 02:10
Yes. Both were run on the same box, using the same JVM. Both are within the same Maven project. I have not overwritten my JVM cacerts file, but rather wish to specify it explicitly within the scope of the individual project. – Tim May 30 '14 at 02:29

How to receive email using Apache Camel + SSL?

2 Answers2