This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new d7768144023 CAMEL-20774: Add more SSL configuration to camel.ssl in
camel-main
d7768144023 is described below
commit d7768144023d454abbe2a1083a834ad00acbbb35
Author: Claus Ibsen <[email protected]>
AuthorDate: Sat Aug 17 13:24:26 2024 +0200
CAMEL-20774: Add more SSL configuration to camel.ssl in camel-main
---
.../main/camel-main-configuration-metadata.json | 15 +-
.../KeyStoreParametersFactoryBeanTest-context.xml | 2 +
.../camel/support/jsse/CipherSuitesParameters.java | 7 +
.../camel/support/jsse/FilterParameters.java | 14 ++
.../main/SSLConfigurationPropertiesConfigurer.java | 54 ++++
.../camel-main-configuration-metadata.json | 15 +-
core/camel-main/src/main/docs/main.adoc | 17 +-
.../org/apache/camel/main/BaseMainSupport.java | 72 +++++-
.../camel/main/SSLConfigurationProperties.java | 272 +++++++++++++++++++--
9 files changed, 435 insertions(+), 33 deletions(-)
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
index bf0867f90cd..a3855ebe4d7 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
@@ -277,14 +277,23 @@
{ "name": "camel.server.uploadSourceDir", "description": "Source directory
when upload is enabled.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.server.useGlobalSslContextParameters", "description":
"Whether to use global SSL configuration for securing the embedded HTTP
server.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.ssl.certAlias", "description": "An optional certificate
alias to use. This is useful when the keystore has multiple certificates.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.cipherSuites", "description": "List of TLS\/SSL
cipher suite algorithm names. Multiple names can be separated by comma.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.cipherSuitesExclude", "description": "Filters
TLS\/SSL cipher suites algorithms names. This filter is used for excluding
algorithms that matches the naming pattern. Multiple names can be separated by
comma. Notice that if the cipherSuites option has been configured then the
include\/exclude filters are not in use.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.cipherSuitesInclude", "description": "Filters
TLS\/SSL cipher suites algorithms names. This filter is used for including
algorithms that matches the naming pattern. Multiple names can be separated by
comma. Notice that if the cipherSuites option has been configured then the
include\/exclude filters are not in use.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.ssl.clientAuthentication", "description": "Sets the
configuration for server-side client-authentication requirements",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String", "defaultValue": "NONE", "enum": [
"NONE", "WANT", "REQUIRE" ] },
{ "name": "camel.ssl.enabled", "description": "Enables SSL in your Camel
application.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
- { "name": "camel.ssl.keyStore", "description": "Sets the SSL Keystore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyManagerAlgorithm", "description": "Algorithm name
used for creating the KeyManagerFactory. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyManagerProvider", "description": "To use a
specific provider for creating KeyManagerFactory. The list of available
providers returned by java.security.Security.getProviders() or null to use the
highest priority provider implementing the secure socket protocol.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyStore", "description": "The file path, class path
resource, or URL of the resource used to load the key store. An existing
java.security.KeyStore can also be referred using #bean:name syntax.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.keystorePassword", "description": "Sets the SSL
Keystore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyStoreProvider", "description": "To use a specific
provider for creating KeyStore. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyStoreType", "description": "The type of the key
store to load. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.provider", "description": "To use a specific provider
for creating SSLContext. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
- { "name": "camel.ssl.secureSocketProtocol", "description": "The optional
protocol for the secure sockets created by the SSLContext. See Appendix A in
the
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html
for information about standard protocol names.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String", "defaultValue": "TLSv1.3" },
+ { "name": "camel.ssl.secureRandomAlgorithm", "description": "Algorithm
name used for creating the SecureRandom. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.secureRandomProvider", "description": "To use a
specific provider for creating SecureRandom. The list of available providers
returned by java.security.Security.getProviders() or null to use the highest
priority provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.secureSocketProtocol", "description": "The optional
protocol for the secure sockets created by the SSLContext. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String", "defaultValue": "TLSv1.3" },
{ "name": "camel.ssl.sessionTimeout", "description": "Timeout in seconds
to use for SSLContext. The default is 24 hours.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "integer",
"javaType": "int", "defaultValue": 86400 },
- { "name": "camel.ssl.trustStore", "description": "Sets the SSL Truststore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.trustStore", "description": "The file path, class
path resource, or URL of the resource used to load the trust store. An existing
java.security.KeyStore can also be referred using #bean:name syntax.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.trustStorePassword", "description": "Sets the SSL
Truststore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.threadpool.allowCoreThreadTimeOut", "description": "Sets
default whether to allow core threads to timeout", "sourceType":
"org.apache.camel.main.ThreadPoolConfigurationProperties", "type": "boolean",
"javaType": "java.lang.Boolean", "defaultValue": "false" },
{ "name": "camel.threadpool.config", "description": "Adds a configuration
for a specific thread pool profile (inherits default values)", "sourceType":
"org.apache.camel.main.ThreadPoolConfigurationProperties", "type": "object",
"javaType": "java.util.Map" },
diff --git
a/components/camel-spring-xml/src/test/resources/org/apache/camel/util/spring/KeyStoreParametersFactoryBeanTest-context.xml
b/components/camel-spring-xml/src/test/resources/org/apache/camel/util/spring/KeyStoreParametersFactoryBeanTest-context.xml
index 2e440cb83c4..4b2675cc99d 100644
---
a/components/camel-spring-xml/src/test/resources/org/apache/camel/util/spring/KeyStoreParametersFactoryBeanTest-context.xml
+++
b/components/camel-spring-xml/src/test/resources/org/apache/camel/util/spring/KeyStoreParametersFactoryBeanTest-context.xml
@@ -25,6 +25,8 @@
http://camel.apache.org/schema/spring
http://camel.apache.org/schema/spring/camel-spring.xsd";>
<camel:camelContext id="test"/>
+
+ <camel:tr
<camel:keyStoreParameters
id="ksp"
diff --git
a/core/camel-api/src/main/java/org/apache/camel/support/jsse/CipherSuitesParameters.java
b/core/camel-api/src/main/java/org/apache/camel/support/jsse/CipherSuitesParameters.java
index 66b1c25c249..a2b6214bb39 100644
---
a/core/camel-api/src/main/java/org/apache/camel/support/jsse/CipherSuitesParameters.java
+++
b/core/camel-api/src/main/java/org/apache/camel/support/jsse/CipherSuitesParameters.java
@@ -37,6 +37,13 @@ public class CipherSuitesParameters {
return this.cipherSuite;
}
+ public void addCipherSuite(String cipher) {
+ if (this.cipherSuite == null) {
+ this.cipherSuite = new ArrayList<>();
+ }
+ this.cipherSuite.add(cipher.trim());
+ }
+
/**
* Sets the cipher suite. It creates a copy of the given cipher suite.
*
diff --git
a/core/camel-api/src/main/java/org/apache/camel/support/jsse/FilterParameters.java
b/core/camel-api/src/main/java/org/apache/camel/support/jsse/FilterParameters.java
index b6119151d98..a881526821d 100644
---
a/core/camel-api/src/main/java/org/apache/camel/support/jsse/FilterParameters.java
+++
b/core/camel-api/src/main/java/org/apache/camel/support/jsse/FilterParameters.java
@@ -56,6 +56,20 @@ public class FilterParameters extends JsseParameters {
return this.exclude;
}
+ public void addInclude(String pattern) {
+ if (this.include == null) {
+ this.include = new ArrayList<>();
+ }
+ this.include.add(pattern.trim());
+ }
+
+ public void addExclude(String pattern) {
+ if (this.exclude == null) {
+ this.exclude = new ArrayList<>();
+ }
+ this.exclude.add(pattern.trim());
+ }
+
/**
* Returns a list of compiled {@code Pattern}s based on the values of the
include list.
*
diff --git
a/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
b/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
index 42026a97b48..2d7b065b25e 100644
---
a/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
+++
b/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
@@ -25,14 +25,32 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
switch (ignoreCase ? name.toLowerCase() : name) {
case "certalias":
case "certAlias": target.setCertAlias(property(camelContext,
java.lang.String.class, value)); return true;
+ case "ciphersuites":
+ case "cipherSuites": target.setCipherSuites(property(camelContext,
java.lang.String.class, value)); return true;
+ case "ciphersuitesexclude":
+ case "cipherSuitesExclude":
target.setCipherSuitesExclude(property(camelContext, java.lang.String.class,
value)); return true;
+ case "ciphersuitesinclude":
+ case "cipherSuitesInclude":
target.setCipherSuitesInclude(property(camelContext, java.lang.String.class,
value)); return true;
case "clientauthentication":
case "clientAuthentication":
target.setClientAuthentication(property(camelContext, java.lang.String.class,
value)); return true;
case "enabled": target.setEnabled(property(camelContext,
boolean.class, value)); return true;
+ case "keymanageralgorithm":
+ case "keyManagerAlgorithm":
target.setKeyManagerAlgorithm(property(camelContext, java.lang.String.class,
value)); return true;
+ case "keymanagerprovider":
+ case "keyManagerProvider":
target.setKeyManagerProvider(property(camelContext, java.lang.String.class,
value)); return true;
case "keystore":
case "keyStore": target.setKeyStore(property(camelContext,
java.lang.String.class, value)); return true;
+ case "keystoreprovider":
+ case "keyStoreProvider":
target.setKeyStoreProvider(property(camelContext, java.lang.String.class,
value)); return true;
+ case "keystoretype":
+ case "keyStoreType": target.setKeyStoreType(property(camelContext,
java.lang.String.class, value)); return true;
case "keystorepassword":
case "keystorePassword":
target.setKeystorePassword(property(camelContext, java.lang.String.class,
value)); return true;
case "provider": target.setProvider(property(camelContext,
java.lang.String.class, value)); return true;
+ case "securerandomalgorithm":
+ case "secureRandomAlgorithm":
target.setSecureRandomAlgorithm(property(camelContext, java.lang.String.class,
value)); return true;
+ case "securerandomprovider":
+ case "secureRandomProvider":
target.setSecureRandomProvider(property(camelContext, java.lang.String.class,
value)); return true;
case "securesocketprotocol":
case "secureSocketProtocol":
target.setSecureSocketProtocol(property(camelContext, java.lang.String.class,
value)); return true;
case "sessiontimeout":
@@ -50,14 +68,32 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
switch (ignoreCase ? name.toLowerCase() : name) {
case "certalias":
case "certAlias": return java.lang.String.class;
+ case "ciphersuites":
+ case "cipherSuites": return java.lang.String.class;
+ case "ciphersuitesexclude":
+ case "cipherSuitesExclude": return java.lang.String.class;
+ case "ciphersuitesinclude":
+ case "cipherSuitesInclude": return java.lang.String.class;
case "clientauthentication":
case "clientAuthentication": return java.lang.String.class;
case "enabled": return boolean.class;
+ case "keymanageralgorithm":
+ case "keyManagerAlgorithm": return java.lang.String.class;
+ case "keymanagerprovider":
+ case "keyManagerProvider": return java.lang.String.class;
case "keystore":
case "keyStore": return java.lang.String.class;
+ case "keystoreprovider":
+ case "keyStoreProvider": return java.lang.String.class;
+ case "keystoretype":
+ case "keyStoreType": return java.lang.String.class;
case "keystorepassword":
case "keystorePassword": return java.lang.String.class;
case "provider": return java.lang.String.class;
+ case "securerandomalgorithm":
+ case "secureRandomAlgorithm": return java.lang.String.class;
+ case "securerandomprovider":
+ case "secureRandomProvider": return java.lang.String.class;
case "securesocketprotocol":
case "secureSocketProtocol": return java.lang.String.class;
case "sessiontimeout":
@@ -76,14 +112,32 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
switch (ignoreCase ? name.toLowerCase() : name) {
case "certalias":
case "certAlias": return target.getCertAlias();
+ case "ciphersuites":
+ case "cipherSuites": return target.getCipherSuites();
+ case "ciphersuitesexclude":
+ case "cipherSuitesExclude": return target.getCipherSuitesExclude();
+ case "ciphersuitesinclude":
+ case "cipherSuitesInclude": return target.getCipherSuitesInclude();
case "clientauthentication":
case "clientAuthentication": return target.getClientAuthentication();
case "enabled": return target.isEnabled();
+ case "keymanageralgorithm":
+ case "keyManagerAlgorithm": return target.getKeyManagerAlgorithm();
+ case "keymanagerprovider":
+ case "keyManagerProvider": return target.getKeyManagerProvider();
case "keystore":
case "keyStore": return target.getKeyStore();
+ case "keystoreprovider":
+ case "keyStoreProvider": return target.getKeyStoreProvider();
+ case "keystoretype":
+ case "keyStoreType": return target.getKeyStoreType();
case "keystorepassword":
case "keystorePassword": return target.getKeystorePassword();
case "provider": return target.getProvider();
+ case "securerandomalgorithm":
+ case "secureRandomAlgorithm": return target.getSecureRandomAlgorithm();
+ case "securerandomprovider":
+ case "secureRandomProvider": return target.getSecureRandomProvider();
case "securesocketprotocol":
case "secureSocketProtocol": return target.getSecureSocketProtocol();
case "sessiontimeout":
diff --git
a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
index bf0867f90cd..a3855ebe4d7 100644
---
a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
+++
b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
@@ -277,14 +277,23 @@
{ "name": "camel.server.uploadSourceDir", "description": "Source directory
when upload is enabled.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.server.useGlobalSslContextParameters", "description":
"Whether to use global SSL configuration for securing the embedded HTTP
server.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.ssl.certAlias", "description": "An optional certificate
alias to use. This is useful when the keystore has multiple certificates.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.cipherSuites", "description": "List of TLS\/SSL
cipher suite algorithm names. Multiple names can be separated by comma.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.cipherSuitesExclude", "description": "Filters
TLS\/SSL cipher suites algorithms names. This filter is used for excluding
algorithms that matches the naming pattern. Multiple names can be separated by
comma. Notice that if the cipherSuites option has been configured then the
include\/exclude filters are not in use.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.cipherSuitesInclude", "description": "Filters
TLS\/SSL cipher suites algorithms names. This filter is used for including
algorithms that matches the naming pattern. Multiple names can be separated by
comma. Notice that if the cipherSuites option has been configured then the
include\/exclude filters are not in use.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.ssl.clientAuthentication", "description": "Sets the
configuration for server-side client-authentication requirements",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String", "defaultValue": "NONE", "enum": [
"NONE", "WANT", "REQUIRE" ] },
{ "name": "camel.ssl.enabled", "description": "Enables SSL in your Camel
application.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
- { "name": "camel.ssl.keyStore", "description": "Sets the SSL Keystore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyManagerAlgorithm", "description": "Algorithm name
used for creating the KeyManagerFactory. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyManagerProvider", "description": "To use a
specific provider for creating KeyManagerFactory. The list of available
providers returned by java.security.Security.getProviders() or null to use the
highest priority provider implementing the secure socket protocol.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyStore", "description": "The file path, class path
resource, or URL of the resource used to load the key store. An existing
java.security.KeyStore can also be referred using #bean:name syntax.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.keystorePassword", "description": "Sets the SSL
Keystore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyStoreProvider", "description": "To use a specific
provider for creating KeyStore. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.keyStoreType", "description": "The type of the key
store to load. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.provider", "description": "To use a specific provider
for creating SSLContext. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
- { "name": "camel.ssl.secureSocketProtocol", "description": "The optional
protocol for the secure sockets created by the SSLContext. See Appendix A in
the
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html
for information about standard protocol names.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String", "defaultValue": "TLSv1.3" },
+ { "name": "camel.ssl.secureRandomAlgorithm", "description": "Algorithm
name used for creating the SecureRandom. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.secureRandomProvider", "description": "To use a
specific provider for creating SecureRandom. The list of available providers
returned by java.security.Security.getProviders() or null to use the highest
priority provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.secureSocketProtocol", "description": "The optional
protocol for the secure sockets created by the SSLContext. See
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String", "defaultValue": "TLSv1.3" },
{ "name": "camel.ssl.sessionTimeout", "description": "Timeout in seconds
to use for SSLContext. The default is 24 hours.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "integer",
"javaType": "int", "defaultValue": 86400 },
- { "name": "camel.ssl.trustStore", "description": "Sets the SSL Truststore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
+ { "name": "camel.ssl.trustStore", "description": "The file path, class
path resource, or URL of the resource used to load the trust store. An existing
java.security.KeyStore can also be referred using #bean:name syntax.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.trustStorePassword", "description": "Sets the SSL
Truststore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.threadpool.allowCoreThreadTimeOut", "description": "Sets
default whether to allow core threads to timeout", "sourceType":
"org.apache.camel.main.ThreadPoolConfigurationProperties", "type": "boolean",
"javaType": "java.lang.Boolean", "defaultValue": "false" },
{ "name": "camel.threadpool.config", "description": "Adds a configuration
for a specific thread pool profile (inherits default values)", "sourceType":
"org.apache.camel.main.ThreadPoolConfigurationProperties", "type": "object",
"javaType": "java.util.Map" },
diff --git a/core/camel-main/src/main/docs/main.adoc
b/core/camel-main/src/main/docs/main.adoc
index 9e1131bd1f8..9bcc5b3ae23 100644
--- a/core/camel-main/src/main/docs/main.adoc
+++ b/core/camel-main/src/main/docs/main.adoc
@@ -245,20 +245,29 @@ The camel.trace supports 14 options, which are listed
below.
=== Camel SSL configurations
-The camel.ssl supports 10 options, which are listed below.
+The camel.ssl supports 19 options, which are listed below.
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
| *camel.ssl.certAlias* | An optional certificate alias to use. This is useful
when the keystore has multiple certificates. | | String
+| *camel.ssl.cipherSuites* | List of TLS/SSL cipher suite algorithm names.
Multiple names can be separated by comma. | | String
+| *camel.ssl.cipherSuitesExclude* | Filters TLS/SSL cipher suites algorithms
names. This filter is used for excluding algorithms that matches the naming
pattern. Multiple names can be separated by comma. Notice that if the
cipherSuites option has been configured then the include/exclude filters are
not in use. | | String
+| *camel.ssl.cipherSuitesInclude* | Filters TLS/SSL cipher suites algorithms
names. This filter is used for including algorithms that matches the naming
pattern. Multiple names can be separated by comma. Notice that if the
cipherSuites option has been configured then the include/exclude filters are
not in use. | | String
| *camel.ssl.clientAuthentication* | Sets the configuration for server-side
client-authentication requirements | NONE | String
| *camel.ssl.enabled* | Enables SSL in your Camel application. | false |
boolean
-| *camel.ssl.keyStore* | Sets the SSL Keystore resource. | | String
+| *camel.ssl.keyManagerAlgorithm* | Algorithm name used for creating the
KeyManagerFactory. See
\https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
| | String
+| *camel.ssl.keyManagerProvider* | To use a specific provider for creating
KeyManagerFactory. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol. | | String
+| *camel.ssl.keyStore* | The file path, class path resource, or URL of the
resource used to load the key store. An existing java.security.KeyStore can
also be referred using #bean:name syntax. | | String
| *camel.ssl.keystorePassword* | Sets the SSL Keystore password. | | String
+| *camel.ssl.keyStoreProvider* | To use a specific provider for creating
KeyStore. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol. | | String
+| *camel.ssl.keyStoreType* | The type of the key store to load. See
\https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
| | String
| *camel.ssl.provider* | To use a specific provider for creating SSLContext.
The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol. | | String
-| *camel.ssl.secureSocketProtocol* | The optional protocol for the secure
sockets created by the SSLContext. See Appendix A in the
\https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
for information about standard protocol names. | TLSv1.3 | String
+| *camel.ssl.secureRandom{zwsp}Algorithm* | Algorithm name used for creating
the SecureRandom. See
\https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
| | String
+| *camel.ssl.secureRandomProvider* | To use a specific provider for creating
SecureRandom. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol. | | String
+| *camel.ssl.secureSocketProtocol* | The optional protocol for the secure
sockets created by the SSLContext. See
\https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
| TLSv1.3 | String
| *camel.ssl.sessionTimeout* | Timeout in seconds to use for SSLContext. The
default is 24 hours. | 86400 | int
-| *camel.ssl.trustStore* | Sets the SSL Truststore resource. | | String
+| *camel.ssl.trustStore* | The file path, class path resource, or URL of the
resource used to load the trust store. An existing java.security.KeyStore can
also be referred using #bean:name syntax. | | String
| *camel.ssl.trustStorePassword* | Sets the SSL Truststore password. | |
String
|===
diff --git
a/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
b/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
index 8af86884a33..b8e5147925f 100644
--- a/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
+++ b/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
@@ -26,6 +26,7 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.SimpleFileVisitor;
import java.nio.file.attribute.BasicFileAttributes;
+import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashMap;
@@ -91,10 +92,13 @@ import org.apache.camel.support.PluginHelper;
import org.apache.camel.support.PropertyBindingSupport;
import org.apache.camel.support.ResourceHelper;
import org.apache.camel.support.SimpleEventNotifierSupport;
+import org.apache.camel.support.jsse.CipherSuitesParameters;
+import org.apache.camel.support.jsse.FilterParameters;
import org.apache.camel.support.jsse.KeyManagersParameters;
import org.apache.camel.support.jsse.KeyStoreParameters;
import org.apache.camel.support.jsse.SSLContextParameters;
import org.apache.camel.support.jsse.SSLContextServerParameters;
+import org.apache.camel.support.jsse.SecureRandomParameters;
import org.apache.camel.support.jsse.TrustManagersParameters;
import org.apache.camel.support.scan.PackageScanHelper;
import org.apache.camel.support.service.BaseService;
@@ -1653,45 +1657,97 @@ public abstract class BaseMainSupport extends
BaseService {
return;
}
- String password = sslConfig.getKeystorePassword();
KeyStoreParameters ksp = new KeyStoreParameters();
- ksp.setResource(sslConfig.getKeyStore());
- ksp.setPassword(password);
+ ksp.setCamelContext(camelContext);
+ String store = sslConfig.getKeyStore();
+ if (store != null && store.startsWith("#bean:")) {
+ ksp.setKeyStore(CamelContextHelper.mandatoryLookup(camelContext,
store.substring(6), KeyStore.class));
+ } else {
+ ksp.setResource(store);
+ }
+ ksp.setType(sslConfig.getKeyStoreType());
+ ksp.setPassword(sslConfig.getKeystorePassword());
+ String provider = sslConfig.getKeyStoreProvider() != null ?
sslConfig.getKeyStoreProvider() : sslConfig.getProvider();
+ ksp.setProvider(provider);
KeyManagersParameters kmp = new KeyManagersParameters();
- kmp.setKeyPassword(password);
+ kmp.setCamelContext(camelContext);
+ kmp.setKeyPassword(sslConfig.getKeystorePassword());
kmp.setKeyStore(ksp);
+ kmp.setAlgorithm(sslConfig.getKeyManagerAlgorithm());
+ provider = sslConfig.getKeyManagerProvider() != null ?
sslConfig.getKeyManagerProvider() : sslConfig.getProvider();
+ kmp.setProvider(provider);
- final SSLContextParameters sslContextParameters =
createSSLContextParameters(sslConfig, kmp);
-
+ final SSLContextParameters sslContextParameters =
createSSLContextParameters(camelContext, sslConfig, kmp);
camelContext.setSSLContextParameters(sslContextParameters);
}
private static SSLContextParameters createSSLContextParameters(
+ CamelContext camelContext,
SSLConfigurationProperties sslConfig, KeyManagersParameters kmp) {
+
TrustManagersParameters tmp = null;
if (sslConfig.getTrustStore() != null) {
KeyStoreParameters tsp = new KeyStoreParameters();
- tsp.setResource(sslConfig.getTrustStore());
+ String store = sslConfig.getTrustStore();
+ if (store != null && store.startsWith("#bean:")) {
+
tsp.setKeyStore(CamelContextHelper.mandatoryLookup(camelContext,
store.substring(6), KeyStore.class));
+ } else {
+ tsp.setResource(store);
+ }
tsp.setPassword(sslConfig.getTrustStorePassword());
-
tmp = new TrustManagersParameters();
+ tmp.setCamelContext(camelContext);
tmp.setKeyStore(tsp);
}
SSLContextServerParameters scsp = new SSLContextServerParameters();
+ scsp.setCamelContext(camelContext);
scsp.setClientAuthentication(sslConfig.getClientAuthentication());
+ SecureRandomParameters srp = null;
+ if (sslConfig.getSecureRandomAlgorithm() != null ||
sslConfig.getSecureRandomProvider() != null) {
+ srp = new SecureRandomParameters();
+ srp.setCamelContext(camelContext);
+ srp.setAlgorithm(sslConfig.getSecureRandomAlgorithm());
+ String provider = sslConfig.getSecureRandomProvider() != null
+ ? sslConfig.getSecureRandomProvider() :
sslConfig.getProvider();
+ srp.setProvider(provider);
+ }
+
SSLContextParameters sslContextParameters = new SSLContextParameters();
+ sslContextParameters.setCamelContext(camelContext);
sslContextParameters.setProvider(sslConfig.getProvider());
sslContextParameters.setSecureSocketProtocol(sslConfig.getSecureSocketProtocol());
sslContextParameters.setCertAlias(sslConfig.getCertAlias());
if (sslConfig.getSessionTimeout() > 0) {
sslContextParameters.setSessionTimeout("" +
sslConfig.getSessionTimeout());
}
+ if (sslConfig.getCipherSuites() != null) {
+ CipherSuitesParameters csp = new CipherSuitesParameters();
+ for (String c : sslConfig.getCipherSuites().split(",")) {
+ csp.addCipherSuite(c);
+ }
+ sslContextParameters.setCipherSuites(csp);
+ }
+ if (sslConfig.getCipherSuitesInclude() != null ||
sslConfig.getCipherSuitesExclude() != null) {
+ FilterParameters fp = new FilterParameters();
+ if (sslConfig.getCipherSuitesInclude() != null) {
+ for (String c : sslConfig.getCipherSuitesInclude().split(","))
{
+ fp.addInclude(c);
+ }
+ }
+ if (sslConfig.getCipherSuitesExclude() != null) {
+ for (String c : sslConfig.getCipherSuitesExclude().split(","))
{
+ fp.addExclude(c);
+ }
+ }
+ sslContextParameters.setCipherSuitesFilter(fp);
+ }
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
sslContextParameters.setServerParameters(scsp);
+ sslContextParameters.setSecureRandom(srp);
return sslContextParameters;
}
diff --git
a/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
b/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
index e6b91466f68..3f2d251c6ff 100644
---
a/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
+++
b/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
@@ -20,9 +20,6 @@ import org.apache.camel.spi.BootstrapCloseable;
import org.apache.camel.spi.Configurer;
import org.apache.camel.spi.Metadata;
-import javax.net.ssl.SSLContext;
-import java.security.Security;
-
/**
* Global configuration for SSL.
*/
@@ -41,14 +38,32 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
private String certAlias;
@Metadata(label = "advanced", defaultValue = "86400")
private int sessionTimeout;
+ @Metadata(label = "advanced")
+ private String cipherSuites;
+ @Metadata(label = "advanced")
+ private String cipherSuitesInclude;
+ @Metadata(label = "advanced")
+ private String cipherSuitesExclude;
@Metadata
private String keyStore;
+ @Metadata(label = "advanced")
+ private String keyStoreType;
+ @Metadata(label = "advanced")
+ private String keyStoreProvider;
@Metadata
private String keystorePassword;
@Metadata
private String trustStore;
@Metadata
private String trustStorePassword;
+ @Metadata(label = "advanced")
+ private String keyManagerAlgorithm;
+ @Metadata(label = "advanced")
+ private String keyManagerProvider;
+ @Metadata(label = "advanced")
+ private String secureRandomAlgorithm;
+ @Metadata(label = "advanced")
+ private String secureRandomProvider;
@Metadata(defaultValue = "NONE", enums = "NONE,WANT,REQUIRE")
private String clientAuthentication = "NONE";
@@ -82,7 +97,7 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
/**
* To use a specific provider for creating SSLContext.
- *
+ * <p>
* The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
* priority provider implementing the secure socket protocol.
*/
@@ -96,9 +111,8 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
/**
* The optional protocol for the secure sockets created by the SSLContext.
- *
- * See Appendix A in the
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
for
- * information about standard protocol names.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
*/
public void setSecureSocketProtocol(String secureSocketProtocol) {
this.secureSocketProtocol = secureSocketProtocol;
@@ -126,17 +140,89 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
this.sessionTimeout = sessionTimeout;
}
+ public String getCipherSuites() {
+ return cipherSuites;
+ }
+
+ /**
+ * List of TLS/SSL cipher suite algorithm names. Multiple names can be
separated by comma.
+ */
+ public void setCipherSuites(String cipherSuites) {
+ this.cipherSuites = cipherSuites;
+ }
+
+ public String getCipherSuitesInclude() {
+ return cipherSuitesInclude;
+ }
+
+ /**
+ * Filters TLS/SSL cipher suites algorithms names.
+ * <p>
+ * This filter is used for including algorithms that matches the naming
pattern. Multiple names can be separated by
+ * comma.
+ * <p>
+ * Notice that if the cipherSuites option has been configured then the
include/exclude filters are not in use.
+ */
+ public void setCipherSuitesInclude(String cipherSuitesInclude) {
+ this.cipherSuitesInclude = cipherSuitesInclude;
+ }
+
+ public String getCipherSuitesExclude() {
+ return cipherSuitesExclude;
+ }
+
+ /**
+ * Filters TLS/SSL cipher suites algorithms names.
+ * <p>
+ * This filter is used for excluding algorithms that matches the naming
pattern. Multiple names can be separated by
+ * comma.
+ * <p>
+ * Notice that if the cipherSuites option has been configured then the
include/exclude filters are not in use.
+ */
+ public void setCipherSuitesExclude(String cipherSuitesExclude) {
+ this.cipherSuitesExclude = cipherSuitesExclude;
+ }
+
public String getKeyStore() {
return keyStore;
}
/**
- * Sets the SSL Keystore resource.
+ * The file path, class path resource, or URL of the resource used to load
the key store.
+ *
+ * An existing java.security.KeyStore can also be referred using
#bean:name syntax.
*/
public void setKeyStore(String keyStore) {
this.keyStore = keyStore;
}
+ public String getKeyStoreType() {
+ return keyStoreType;
+ }
+
+ /**
+ * The type of the key store to load.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
+ */
+ public void setKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ }
+
+ public String getKeyStoreProvider() {
+ return keyStoreProvider;
+ }
+
+ /**
+ * To use a specific provider for creating KeyStore.
+ * <p>
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public void setKeyStoreProvider(String keyStoreProvider) {
+ this.keyStoreProvider = keyStoreProvider;
+ }
+
public String getKeystorePassword() {
return keystorePassword;
}
@@ -153,7 +239,9 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
}
/**
- * Sets the SSL Truststore resource.
+ * The file path, class path resource, or URL of the resource used to load
the trust store.
+ *
+ * An existing java.security.KeyStore can also be referred using
#bean:name syntax.
*/
public void setTrustStore(String trustStore) {
this.trustStore = trustStore;
@@ -170,6 +258,60 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
this.trustStorePassword = trustStorePassword;
}
+ public String getKeyManagerAlgorithm() {
+ return keyManagerAlgorithm;
+ }
+
+ /**
+ * Algorithm name used for creating the KeyManagerFactory.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
+ */
+ public void setKeyManagerAlgorithm(String keyManagerAlgorithm) {
+ this.keyManagerAlgorithm = keyManagerAlgorithm;
+ }
+
+ public String getKeyManagerProvider() {
+ return keyManagerProvider;
+ }
+
+ /**
+ * To use a specific provider for creating KeyManagerFactory.
+ * <p>
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public void setKeyManagerProvider(String keyManagerProvider) {
+ this.keyManagerProvider = keyManagerProvider;
+ }
+
+ public String getSecureRandomAlgorithm() {
+ return secureRandomAlgorithm;
+ }
+
+ /**
+ * Algorithm name used for creating the SecureRandom.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
+ */
+ public void setSecureRandomAlgorithm(String secureRandomAlgorithm) {
+ this.secureRandomAlgorithm = secureRandomAlgorithm;
+ }
+
+ public String getSecureRandomProvider() {
+ return secureRandomProvider;
+ }
+
+ /**
+ * To use a specific provider for creating SecureRandom.
+ * <p>
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public void setSecureRandomProvider(String secureRandomProvider) {
+ this.secureRandomProvider = secureRandomProvider;
+ }
+
public String getClientAuthentication() {
return clientAuthentication;
}
@@ -191,7 +333,7 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
/**
* To use a specific provider for creating SSLContext.
- *
+ * <p>
* The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
* priority provider implementing the secure socket protocol.
*/
@@ -202,9 +344,8 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
/**
* The optional protocol for the secure sockets created by the SSLContext.
- *
- * See Appendix A in the
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
for
- * information about standard protocol names.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
*/
public SSLConfigurationProperties withSecureSocketProtocol(String
secureSocketProtocol) {
this.secureSocketProtocol = secureSocketProtocol;
@@ -228,13 +369,70 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
}
/**
- * Sets the SSL Keystore.
+ * List of TLS/SSL cipher suite algorithm names. Multiple names can be
separated by comma.
+ */
+ public SSLConfigurationProperties withCipherSuites(String cipherSuites) {
+ this.cipherSuites = cipherSuites;
+ return this;
+ }
+
+ /**
+ * Filters TLS/SSL cipher suites algorithms names.
+ * <p>
+ * This filter is used for including algorithms that matches the naming
pattern. Multiple names can be separated by
+ * comma.
+ * <p>
+ * Notice that if the cipherSuites option has been configured then the
include/exclude filters are not in use.
+ */
+ public SSLConfigurationProperties withCipherSuitesInclude(String
cipherSuitesInclude) {
+ this.cipherSuitesInclude = cipherSuitesInclude;
+ return this;
+ }
+
+ /**
+ * Filters TLS/SSL cipher suites algorithms names.
+ * <p>
+ * This filter is used for excluding algorithms that matches the naming
pattern. Multiple names can be separated by
+ * comma.
+ * <p>
+ * Notice that if the cipherSuites option has been configured then the
include/exclude filters are not in use.
+ */
+ public SSLConfigurationProperties withCipherSuitesExclude(String
cipherSuitesExclude) {
+ this.cipherSuitesExclude = cipherSuitesExclude;
+ return this;
+ }
+
+ /**
+ * The file path, class path resource, or URL of the resource used to load
the key store.
+ *
+ * An existing java.security.KeyStore can also be referred using
#bean:name syntax.
*/
public SSLConfigurationProperties withKeyStore(String keyStore) {
this.keyStore = keyStore;
return this;
}
+ /**
+ * The type of the key store to load.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
+ */
+ public SSLConfigurationProperties withKeyStoreType(String keyStoreType) {
+ this.keyStoreType = keyStoreType;
+ return this;
+ }
+
+ /**
+ * To use a specific provider for creating KeyStore.
+ * <p>
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public SSLConfigurationProperties withKeyStoreProvider(String
keyStoreProvider) {
+ this.keyStoreProvider = keyStoreProvider;
+ return this;
+ }
+
/**
* Sets the SSL Keystore password.
*/
@@ -244,7 +442,9 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
}
/**
- * Sets the SSL Truststore.
+ * The file path, class path resource, or URL of the resource used to load
the trust store.
+ *
+ * An existing java.security.KeyStore can also be referred using
#bean:name syntax.
*/
public SSLConfigurationProperties withTrustStore(String trustStore) {
this.trustStore = trustStore;
@@ -259,6 +459,48 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
return this;
}
+ /**
+ * Algorithm name used for creating the KeyManagerFactory.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
+ */
+ public SSLConfigurationProperties withKeyManagerAlgorithm(String
keyManagerAlgorithm) {
+ this.keyManagerAlgorithm = keyManagerAlgorithm;
+ return this;
+ }
+
+ /**
+ * To use a specific provider for creating KeyManagerFactory.
+ * <p>
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public SSLConfigurationProperties withKeyManagerProvider(String
keyManagerProvider) {
+ this.keyManagerProvider = keyManagerProvider;
+ return this;
+ }
+
+ /**
+ * Algorithm name used for creating the SecureRandom.
+ * <p>
+ * See
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
+ */
+ public SSLConfigurationProperties withSecureRandomAlgorithm(String
secureRandomAlgorithm) {
+ this.secureRandomAlgorithm = secureRandomAlgorithm;
+ return this;
+ }
+
+ /**
+ * To use a specific provider for creating SecureRandom.
+ * <p>
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public SSLConfigurationProperties withSecureRandomProvider(String
secureRandomProvider) {
+ this.secureRandomProvider = secureRandomProvider;
+ return this;
+ }
+
/**
* Sets the configuration for server-side client-authentication
requirements
*/
