(camel-quarkus) branch 3.15.x updated: Avoid configuring JasyptPropertiesParser unless encrypted properties are detected

jamesnetherton Thu, 14 Aug 2025 08:49:01 -0700

This is an automated email from the ASF dual-hosted git repository.

jamesnetherton pushed a commit to branch 3.15.x
in repository https://gitbox.apache.org/repos/asf/camel-quarkus.git



The following commit(s) were added to refs/heads/3.15.x by this push:
     new 195b172a31 Avoid configuring JasyptPropertiesParser unless encrypted 
properties are detected
195b172a31 is described below

commit 195b172a314780b6a14bb20dd185b4e54e9cbba9
Author: James Netherton <[email protected]>
AuthorDate: Thu Aug 14 10:41:37 2025 +0100

    Avoid configuring JasyptPropertiesParser unless encrypted properties are 
detected
    
    Fixes #7632
---
 .../jasypt/JasyptNoEncryptedPropertiesTest.java    | 53 ++++++++++++++++++++++
 .../component/jasypt/CamelJasyptConfig.java        | 20 +++-----
 .../component/jasypt/CamelJasyptRecorder.java      | 35 ++++++++++++--
 3 files changed, 89 insertions(+), 19 deletions(-)

diff --git 
a/extensions/jasypt/deployment/src/test/java/org/apache/camel/quarkus/component/jasypt/JasyptNoEncryptedPropertiesTest.java
 
b/extensions/jasypt/deployment/src/test/java/org/apache/camel/quarkus/component/jasypt/JasyptNoEncryptedPropertiesTest.java
new file mode 100644
index 0000000000..f4175e64d8
--- /dev/null
+++ 
b/extensions/jasypt/deployment/src/test/java/org/apache/camel/quarkus/component/jasypt/JasyptNoEncryptedPropertiesTest.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.quarkus.component.jasypt;
+
+import io.quarkus.test.QuarkusUnitTest;
+import jakarta.inject.Inject;
+import org.apache.camel.ProducerTemplate;
+import org.apache.camel.builder.RouteBuilder;
+import org.jboss.shrinkwrap.api.ShrinkWrap;
+import org.jboss.shrinkwrap.api.spec.JavaArchive;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+public class JasyptNoEncryptedPropertiesTest {
+
+    @RegisterExtension
+    static final QuarkusUnitTest CONFIG = new QuarkusUnitTest()
+            .overrideConfigKey("quarkus.camel.jasypt.password", "2s3cr3t")
+            .overrideConfigKey("greeting", "Hello World")
+            .setArchiveProducer(() -> 
ShrinkWrap.create(JavaArchive.class).addClass(JasyptRoutes.class));
+
+    @Inject
+    ProducerTemplate producerTemplate;
+
+    @Test
+    void jasyptPropertiesParserNotConfiguredIfNoEncryptedProperties() throws 
Exception {
+        String result = producerTemplate.requestBody("direct:start", null, 
String.class);
+        Assertions.assertEquals("Hello World", result);
+    }
+
+    public static final class JasyptRoutes extends RouteBuilder {
+        @Override
+        public void configure() throws Exception {
+            from("direct:start")
+                    .transform().simple("{{greeting}}");
+        }
+    }
+}
diff --git 
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfig.java
 
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfig.java
index 20a9085ace..d2c1b7a41c 100644
--- 
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfig.java
+++ 
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptConfig.java
@@ -38,6 +38,12 @@ import org.jasypt.salt.RandomSaltGenerator;
 public interface CamelJasyptConfig {
     String NAME = "camel-jasypt";
     String DEFAULT_ALGORITHM = StandardPBEByteEncryptor.DEFAULT_ALGORITHM;
+    String SYS_CONFIG_PREFIX = "sys:";
+    String SYS_ENV_CONFIG_PREFIX = "sysenv:";
+    Set<String> ALGORITHMS_THAT_REQUIRE_IV = 
Set.of("PBEWITHHMACSHA1ANDAES_128", "PBEWITHHMACSHA1ANDAES_256",
+            "PBEWITHHMACSHA224ANDAES_128", "PBEWITHHMACSHA224ANDAES_256", 
"PBEWITHHMACSHA256ANDAES_128",
+            "PBEWITHHMACSHA256ANDAES_256", "PBEWITHHMACSHA384ANDAES_128", 
"PBEWITHHMACSHA384ANDAES_256",
+            "PBEWITHHMACSHA512ANDAES_128", "PBEWITHHMACSHA512ANDAES_256");
 
     /**
      * The algorithm to be used for decryption.
@@ -73,20 +79,6 @@ public interface CamelJasyptConfig {
      */
     Optional<String> configurationCustomizerClassName();
 
-    String SYS_CONFIG_PREFIX = "sys:";
-    String SYS_ENV_CONFIG_PREFIX = "sysenv:";
-    Set<String> ALGORITHMS_THAT_REQUIRE_IV = Set.of(
-            "PBEWITHHMACSHA1ANDAES_128",
-            "PBEWITHHMACSHA1ANDAES_256",
-            "PBEWITHHMACSHA224ANDAES_128",
-            "PBEWITHHMACSHA224ANDAES_256",
-            "PBEWITHHMACSHA256ANDAES_128",
-            "PBEWITHHMACSHA256ANDAES_256",
-            "PBEWITHHMACSHA384ANDAES_128",
-            "PBEWITHHMACSHA384ANDAES_256",
-            "PBEWITHHMACSHA512ANDAES_128",
-            "PBEWITHHMACSHA512ANDAES_256");
-
     default PBEConfig pbeConfig() {
         EnvironmentStringPBEConfig config = new EnvironmentStringPBEConfig();
 
diff --git 
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptRecorder.java
 
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptRecorder.java
index 9e8df12d55..8d8cfc2da1 100644
--- 
a/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptRecorder.java
+++ 
b/extensions/jasypt/runtime/src/main/java/org/apache/camel/quarkus/component/jasypt/CamelJasyptRecorder.java
@@ -16,17 +16,25 @@
  */
 package org.apache.camel.quarkus.component.jasypt;
 
+import java.util.regex.Pattern;
+
 import io.quarkus.runtime.RuntimeValue;
 import io.quarkus.runtime.annotations.Recorder;
+import io.smallrye.config.SmallRyeConfig;
 import org.apache.camel.CamelContext;
 import org.apache.camel.component.jasypt.JasyptPropertiesParser;
 import org.apache.camel.component.properties.PropertiesComponent;
 import org.apache.camel.main.MainConfigurationProperties;
 import org.apache.camel.quarkus.main.CamelMain;
 import org.apache.camel.spi.CamelContextCustomizer;
+import org.apache.camel.util.ObjectHelper;
+import org.eclipse.microprofile.config.ConfigProvider;
+import org.eclipse.microprofile.config.spi.ConfigSource;
 
 @Recorder
 public class CamelJasyptRecorder {
+    private static final Pattern JASYPT_ENC = 
Pattern.compile("ENC\\(\\s*\\S.*\\)");
+
     public void disableCamelMainAutoConfigFromSysEnv(RuntimeValue<CamelMain> 
camelMainRuntimeValue) {
         CamelMain main = camelMainRuntimeValue.getValue();
         MainConfigurationProperties configurationProperties = 
main.getMainConfigurationProperties();
@@ -38,12 +46,29 @@ public class CamelJasyptRecorder {
         return new RuntimeValue<>(new CamelContextCustomizer() {
             @Override
             public void configure(CamelContext camelContext) {
-                PropertiesComponent component = (PropertiesComponent) 
camelContext.getPropertiesComponent();
-                JasyptPropertiesParser jasyptPropertiesParser = 
CamelJasyptPropertiesParserHolder
-                        .getJasyptPropertiesParser();
-                jasyptPropertiesParser.setPropertiesComponent(component);
-                component.setPropertiesParser(jasyptPropertiesParser);
+                // Since CamelJasyptSecretKeysHandlerFactory relies on 
LazySecretKeysHandler, we need to avoid
+                // prematurely setting up Jasypt if there are no ENC(..) 
property values.
+                // Otherwise, the Jasypt configuration will never get 
triggered.
+                if (isAnyEncryptedPropertyPresent()) {
+                    PropertiesComponent component = (PropertiesComponent) 
camelContext.getPropertiesComponent();
+                    JasyptPropertiesParser jasyptPropertiesParser = 
CamelJasyptPropertiesParserHolder
+                            .getJasyptPropertiesParser();
+                    jasyptPropertiesParser.setPropertiesComponent(component);
+                    component.setPropertiesParser(jasyptPropertiesParser);
+                }
             }
         });
     }
+
+    private boolean isAnyEncryptedPropertyPresent() {
+        SmallRyeConfig config = 
ConfigProvider.getConfig().unwrap(SmallRyeConfig.class);
+        for (ConfigSource configSource : config.getConfigSources()) {
+            for (String value : configSource.getProperties().values()) {
+                if (ObjectHelper.isNotEmpty(value) && 
JASYPT_ENC.matcher(value).matches()) {
+                    return true;
+                }
+            }
+        }
+        return false;
+    }
 }

(camel-quarkus) branch 3.15.x updated: Avoid configuring JasyptPropertiesParser unless encrypted properties are detected

Reply via email to