(camel-spring-boot) branch main updated: CAMEL-22909: camel-spring-boot - Add camel.ssl.trustAllCertificates s… (#1636)

Tue, 27 Jan 2026 06:34:08 -0800 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel-spring-boot.git


The following commit(s) were added to refs/heads/main by this push:
     new b1fd4b32a37 CAMEL-22909: camel-spring-boot - Add 
camel.ssl.trustAllCertificates s… (#1636)
b1fd4b32a37 is described below

commit b1fd4b32a37c97d135a6ce342cac531c711f5e5c
Author: Claus Ibsen <[email protected]>
AuthorDate: Tue Jan 27 15:33:50 2026 +0100

    CAMEL-22909: camel-spring-boot - Add camel.ssl.trustAllCertificates s… 
(#1636)
    
    * CAMEL-22909: camel-spring-boot - Add camel.ssl.trustAllCertificates 
support in Spring Boot
    
    * Typo
---
 .../boot/security/CamelSSLAutoConfiguration.java   | 26 ++++++++---
 .../security/CamelSSLConfigurationProperties.java  | 15 ++++++
 .../CamelSSLAutoConfigurationTrustAllTest.java     | 53 ++++++++++++++++++++++
 3 files changed, 88 insertions(+), 6 deletions(-)

diff --git 
a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java
 
b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java
index 50e719cdc49..cd62c5bba97 100644
--- 
a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java
+++ 
b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java
@@ -19,14 +19,11 @@ package org.apache.camel.spring.boot.security;
 import java.util.Collections;
 import java.util.Map;
 import org.apache.camel.CamelContext;
-import org.apache.camel.main.MainHelper;
-import org.apache.camel.spi.ThreadPoolProfile;
 import org.apache.camel.spring.boot.CamelAutoConfiguration;
 import org.apache.camel.support.jsse.*;
-import org.apache.camel.util.OrderedLocationProperties;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.boot.autoconfigure.AutoConfigureAfter;
-import org.springframework.boot.autoconfigure.AutoConfigureBefore;
 import org.springframework.boot.autoconfigure.condition.ConditionMessage;
 import org.springframework.boot.autoconfigure.condition.ConditionOutcome;
 import 
org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
@@ -45,6 +42,8 @@ import org.springframework.core.type.AnnotatedTypeMetadata;
 @EnableConfigurationProperties(CamelSSLConfigurationProperties.class)
 public class CamelSSLAutoConfiguration {
 
+    private static final Logger LOG = 
LoggerFactory.getLogger(CamelSSLAutoConfiguration.class);
+
     @Bean
     @ConditionalOnMissingBean
     @Conditional(CamelSSLAutoConfiguration.SSLCondition.class)
@@ -63,6 +62,7 @@ public class CamelSSLAutoConfiguration {
                 .secureSocketProtocols(properties.getSecureSocketProtocols())
                 
.secureSocketProtocolsFilter(properties.getSecureSocketProtocolsFilter())
                 
.serverParameters(properties.getServerParameters()).sessionTimeout(properties.getSessionTimeout())
+                .trustAllCertificates(properties.isTrustAllCertificates())
                 .trustManager(properties.getTrustManagers()).build();
 
         return config;
@@ -85,7 +85,7 @@ public class CamelSSLAutoConfiguration {
                     .orElse(Collections.emptyMap());
             sslProperties.remove("config");
             ConditionMessage.Builder message = 
ConditionMessage.forCondition("camel.ssl");
-            if (sslProperties.size() > 0) {
+            if (!sslProperties.isEmpty()) {
                 return ConditionOutcome.match(message.because("enabled"));
             }
 
@@ -226,6 +226,20 @@ public class CamelSSLAutoConfiguration {
             return this;
         }
 
+        public SSLContextBuilder trustAllCertificates(boolean 
trustAllCertificates) {
+            if (trustAllCertificates) {
+                TrustManagersParameters tmp = 
sslContextParameters.getTrustManagers();
+                if (tmp == null) {
+                    tmp = new TrustManagersParameters();
+                    sslContextParameters.setTrustManagers(tmp);
+                }
+                tmp.setTrustManager(TrustAllTrustManager.INSTANCE);
+                LOG.warn(
+                        "Trust all certificates enabled. Using this in 
production can expose the application to man-in-the-middle attacks");
+            }
+            return this;
+        }
+
         public SSLContextParameters build() {
             return this.sslContextParameters;
         }
diff --git 
a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java
 
b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java
index e24aea080a3..456d8807482 100644
--- 
a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java
+++ 
b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java
@@ -48,6 +48,13 @@ public class CamelSSLConfigurationProperties {
      */
     private TrustManagersParameters trustManagers;
 
+    /**
+     * Allows to trust all SSL certificates without performing certificate 
validation. This can be used in development
+     * environment but may expose the system to security risks. Notice that if 
the trustAllCertificates option is set to
+     * true then the trustStore/trustStorePassword options are not in use.
+     */
+    private boolean trustAllCertificates;
+
     /**
      * The optional secure random configuration options to use for 
constructing the SecureRandom used in the creation of
      * an SSLContext.
@@ -136,6 +143,14 @@ public class CamelSSLConfigurationProperties {
         this.trustManagers = trustManagers;
     }
 
+    public boolean isTrustAllCertificates() {
+        return trustAllCertificates;
+    }
+
+    public void setTrustAllCertificates(boolean trustAllCertificates) {
+        this.trustAllCertificates = trustAllCertificates;
+    }
+
     public SecureRandomParameters getSecureRandom() {
         return this.secureRandom;
     }
diff --git 
a/core/camel-spring-boot/src/test/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfigurationTrustAllTest.java
 
b/core/camel-spring-boot/src/test/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfigurationTrustAllTest.java
new file mode 100644
index 00000000000..a33cd86366c
--- /dev/null
+++ 
b/core/camel-spring-boot/src/test/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfigurationTrustAllTest.java
@@ -0,0 +1,53 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.spring.boot.security;
+
+import org.apache.camel.spring.boot.CamelAutoConfiguration;
+import org.apache.camel.support.jsse.SSLContextParameters;
+import org.apache.camel.support.jsse.TrustAllTrustManager;
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.autoconfigure.AutoConfigurations;
+import org.springframework.boot.test.context.runner.ApplicationContextRunner;
+
+import static org.junit.jupiter.api.Assertions.assertInstanceOf;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+
+/**
+ * Testing the ssl configuration
+ */
+public class CamelSSLAutoConfigurationTrustAllTest {
+
+    @Test
+    public void checkSSLTrustAllTest() {
+        new ApplicationContextRunner()
+                
.withConfiguration(AutoConfigurations.of(CamelSSLAutoConfiguration.class, 
CamelAutoConfiguration.class))
+                .withPropertyValues("camel.ssl.enabled=true",
+                        "camel.ssl.cert-alias=web",
+                        "camel.ssl.key-managers.key-password=changeit",
+                        "camel.ssl.key-managers.key-store.password=changeit",
+                        "camel.ssl.key-managers.key-store.type=PKCS12",
+                        "camel.ssl.trust-all-certificates=true")
+                .run(context -> {
+
+                    SSLContextParameters ssl = 
context.getBean(SSLContextParameters.class);
+                    assertNotNull(ssl);
+
+                    assertInstanceOf(TrustAllTrustManager.class, 
ssl.getTrustManagers().getTrustManager());
+                });
+    }
+
+}

Reply via email to