This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch 23182 in repository https://gitbox.apache.org/repos/asf/camel.git
commit 4875fa38a0a3cd679725c2ff773565e36848d180 Author: Andrea Cosentino <[email protected]> AuthorDate: Wed Mar 11 20:12:24 2026 +0100 camel-mongodb: Add SSLContextParameters support and fix hardcoded TLS version - Replace hardcoded SSLContext.getInstance("TLSv1.2") with SSLContext.getInstance("TLS") in SslAwareMongoClient to allow the JVM to negotiate the highest supported TLS version including TLS 1.3 with PQC key exchange - Implement SSLContextParametersAware on MongoDbComponent to support global SSL context parameters - Add sslContextParameters endpoint option on MongoDbEndpoint for per-endpoint SSL/TLS configuration via Camel's SSLContextParameters - When sslContextParameters is set, TLS is automatically enabled on the MongoDB connection with proper SSLContext configuration Co-Authored-By: Claude Opus 4.6 <[email protected]> Signed-off-by: Andrea Cosentino <[email protected]> --- .../mongodb/MongoDbComponentConfigurer.java | 6 +++ .../mongodb/MongoDbEndpointConfigurer.java | 6 +++ .../mongodb/MongoDbEndpointUriFactory.java | 3 +- .../apache/camel/component/mongodb/mongodb.json | 10 +++-- .../camel/component/mongodb/MongoDbComponent.java | 22 +++++++++- .../camel/component/mongodb/MongoDbEndpoint.java | 49 ++++++++++++++++++++-- .../component/mongodb/SslAwareMongoClient.java | 2 +- 7 files changed, 88 insertions(+), 10 deletions(-) diff --git a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java index e7d445d09672..df0053f6e936 100644 --- a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java +++ b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java @@ -31,6 +31,8 @@ public class MongoDbComponentConfigurer extends PropertyConfigurerSupport implem case "lazyStartProducer": target.setLazyStartProducer(property(camelContext, boolean.class, value)); return true; case "mongoconnection": case "mongoConnection": target.setMongoConnection(property(camelContext, com.mongodb.client.MongoClient.class, value)); return true; + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": target.setUseGlobalSslContextParameters(property(camelContext, boolean.class, value)); return true; default: return false; } } @@ -51,6 +53,8 @@ public class MongoDbComponentConfigurer extends PropertyConfigurerSupport implem case "lazyStartProducer": return boolean.class; case "mongoconnection": case "mongoConnection": return com.mongodb.client.MongoClient.class; + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": return boolean.class; default: return null; } } @@ -67,6 +71,8 @@ public class MongoDbComponentConfigurer extends PropertyConfigurerSupport implem case "lazyStartProducer": return target.isLazyStartProducer(); case "mongoconnection": case "mongoConnection": return target.getMongoConnection(); + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": return target.isUseGlobalSslContextParameters(); default: return null; } } diff --git a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java index d07a290c1237..b153c2f3b11c 100644 --- a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java +++ b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java @@ -102,6 +102,8 @@ public class MongoDbEndpointConfigurer extends PropertyConfigurerSupport impleme case "srvMaxHosts": target.setSrvMaxHosts(property(camelContext, java.lang.Integer.class, value)); return true; case "srvservicename": case "srvServiceName": target.setSrvServiceName(property(camelContext, java.lang.String.class, value)); return true; + case "sslcontextparameters": + case "sslContextParameters": target.setSslContextParameters(property(camelContext, org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true; case "streamfilter": case "streamFilter": target.setStreamFilter(property(camelContext, java.lang.String.class, value)); return true; case "tailtrackcollection": @@ -210,6 +212,8 @@ public class MongoDbEndpointConfigurer extends PropertyConfigurerSupport impleme case "srvMaxHosts": return java.lang.Integer.class; case "srvservicename": case "srvServiceName": return java.lang.String.class; + case "sslcontextparameters": + case "sslContextParameters": return org.apache.camel.support.jsse.SSLContextParameters.class; case "streamfilter": case "streamFilter": return java.lang.String.class; case "tailtrackcollection": @@ -319,6 +323,8 @@ public class MongoDbEndpointConfigurer extends PropertyConfigurerSupport impleme case "srvMaxHosts": return target.getSrvMaxHosts(); case "srvservicename": case "srvServiceName": return target.getSrvServiceName(); + case "sslcontextparameters": + case "sslContextParameters": return target.getSslContextParameters(); case "streamfilter": case "streamFilter": return target.getStreamFilter(); case "tailtrackcollection": diff --git a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java index 20f1cbb56c8f..da5aceb938d3 100644 --- a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java +++ b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java @@ -23,7 +23,7 @@ public class MongoDbEndpointUriFactory extends org.apache.camel.support.componen private static final Set<String> SECRET_PROPERTY_NAMES; private static final Map<String, String> MULTI_VALUE_PREFIXES; static { - Set<String> props = new HashSet<>(56); + Set<String> props = new HashSet<>(57); props.add("appName"); props.add("authSource"); props.add("bridgeErrorHandler"); @@ -68,6 +68,7 @@ public class MongoDbEndpointUriFactory extends org.apache.camel.support.componen props.add("socketTimeoutMS"); props.add("srvMaxHosts"); props.add("srvServiceName"); + props.add("sslContextParameters"); props.add("streamFilter"); props.add("tailTrackCollection"); props.add("tailTrackDb"); diff --git a/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json b/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json index f43887c6e313..c746dd4bc09c 100644 --- a/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json +++ b/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json @@ -27,7 +27,8 @@ "mongoConnection": { "index": 0, "kind": "property", "displayName": "Mongo Connection", "group": "common", "label": "", "required": false, "type": "object", "javaType": "com.mongodb.client.MongoClient", "deprecated": false, "autowired": true, "secret": false, "description": "Shared client used for connection. All endpoints generated from the component will share this connection client." }, "bridgeErrorHandler": { "index": 1, "kind": "property", "displayName": "Bridge Error Handler", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions (if possible) occurred while the Camel consumer is trying to pickup incoming messages, or the like [...] "lazyStartProducer": { "index": 2, "kind": "property", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail [...] - "autowiredEnabled": { "index": 3, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching t [...] + "autowiredEnabled": { "index": 3, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching t [...] + "useGlobalSslContextParameters": { "index": 4, "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Enable usage of global SSL context parameters." } }, "headers": { "CamelMongoDbOperation": { "index": 0, "kind": "header", "displayName": "", "group": "producer", "label": "producer", "required": false, "javaType": "org.apache.camel.component.mongodb.MongoDbOperation or String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "The operation this endpoint will execute against MongoDB.", "constantName": "org.apache.camel.component.mongodb.MongoDbConstants#OPERATION_HEADER" }, @@ -111,8 +112,9 @@ "streamFilter": { "index": 50, "kind": "parameter", "displayName": "Stream Filter", "group": "changeStream", "label": "consumer,changeStream", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "Filter condition for change streams consumer." }, "authSource": { "index": 51, "kind": "parameter", "displayName": "Auth Source", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "The database name associated with the user's credentials." }, "password": { "index": 52, "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "User password for mongodb connection" }, - "tls": { "index": 53, "kind": "parameter", "displayName": "Tls", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that all communication with MongoDB instances should use TLS. Supersedes the ssl option. Default: false" }, - "tlsAllowInvalidHostnames": { "index": 54, "kind": "parameter", "displayName": "Tls Allow Invalid Hostnames", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that the driver should allow invalid hostnames in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed. Has the same effect as tlsInsecure by setti [...] - "username": { "index": 55, "kind": "parameter", "displayName": "Username", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "Username for mongodb connection" } + "sslContextParameters": { "index": 53, "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "autowired": false, "secret": false, "description": "SSL configuration using a Camel SSLContextParameters object. When configured, TLS is automatically enabled on the connection." }, + "tls": { "index": 54, "kind": "parameter", "displayName": "Tls", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that all communication with MongoDB instances should use TLS. Supersedes the ssl option. Default: false" }, + "tlsAllowInvalidHostnames": { "index": 55, "kind": "parameter", "displayName": "Tls Allow Invalid Hostnames", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that the driver should allow invalid hostnames in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed. Has the same effect as tlsInsecure by setti [...] + "username": { "index": 56, "kind": "parameter", "displayName": "Username", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "Username for mongodb connection" } } } diff --git a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java index fec1d7195e25..0a6d1e92a382 100644 --- a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java +++ b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java @@ -24,12 +24,13 @@ import java.util.Set; import com.mongodb.client.MongoClient; import org.apache.camel.CamelContext; import org.apache.camel.Endpoint; +import org.apache.camel.SSLContextParametersAware; import org.apache.camel.spi.Metadata; import org.apache.camel.spi.annotations.Component; import org.apache.camel.support.DefaultComponent; @Component("mongodb") -public class MongoDbComponent extends DefaultComponent { +public class MongoDbComponent extends DefaultComponent implements SSLContextParametersAware { public static final Set<MongoDbOperation> WRITE_OPERATIONS = EnumSet.copyOf( Arrays.asList( @@ -40,6 +41,9 @@ public class MongoDbComponent extends DefaultComponent { @Metadata(autowired = true) private MongoClient mongoConnection; + @Metadata(label = "security", defaultValue = "false", + description = "Enable usage of global SSL context parameters.") + private boolean useGlobalSslContextParameters; public MongoDbComponent() { this(null); @@ -54,6 +58,9 @@ public class MongoDbComponent extends DefaultComponent { MongoDbEndpoint endpoint = new MongoDbEndpoint(uri, this); endpoint.setConnectionBean(remaining); setProperties(endpoint, parameters); + if (endpoint.getSslContextParameters() == null) { + endpoint.setSslContextParameters(retrieveGlobalSslContextParameters()); + } return endpoint; } @@ -71,6 +78,19 @@ public class MongoDbComponent extends DefaultComponent { this.mongoConnection = mongoConnection; } + @Override + public boolean isUseGlobalSslContextParameters() { + return this.useGlobalSslContextParameters; + } + + /** + * Enable usage of global SSL context parameters. + */ + @Override + public void setUseGlobalSslContextParameters(boolean useGlobalSslContextParameters) { + this.useGlobalSslContextParameters = useGlobalSslContextParameters; + } + public static CamelMongoDbException wrapInCamelMongoDbException(Throwable t) { if (t instanceof CamelMongoDbException camelMongoDbException) { return camelMongoDbException; diff --git a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java index d5b41a87e4bc..7621ff84298e 100644 --- a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java +++ b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java @@ -17,13 +17,18 @@ package org.apache.camel.component.mongodb; import java.io.IOException; +import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.stream.StreamSupport; +import javax.net.ssl.SSLContext; + import com.fasterxml.jackson.databind.ObjectMapper; +import com.mongodb.ConnectionString; +import com.mongodb.MongoClientSettings; import com.mongodb.ReadPreference; import com.mongodb.WriteConcern; import com.mongodb.client.MongoClient; @@ -42,6 +47,7 @@ import org.apache.camel.spi.UriParam; import org.apache.camel.spi.UriPath; import org.apache.camel.support.CamelContextHelper; import org.apache.camel.support.DefaultEndpoint; +import org.apache.camel.support.jsse.SSLContextParameters; import org.apache.camel.util.ObjectHelper; import org.bson.Document; import org.bson.conversions.Bson; @@ -134,6 +140,8 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL private boolean tls; @UriParam(label = "security", defaultValue = "false") private boolean tlsAllowInvalidHostnames; + @UriParam(label = "security") + private SSLContextParameters sslContextParameters; @UriParam(label = "advanced", defaultValue = "10000") private Integer connectTimeoutMS = 10000; @UriParam(label = "advanced", defaultValue = "0") @@ -438,10 +446,14 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL credentials += this.password == null ? "@" : ":" + password + "@"; } String connectionOptions = authSource == null ? "" : "/?authSource=" + authSource; - if (connectionUriString != null) { - mongoClient = MongoClients.create(connectionUriString); + String connectionUri = connectionUriString != null + ? connectionUriString + : String.format("mongodb://%s%s%s", credentials, hosts, connectionOptions); + + if (sslContextParameters != null) { + mongoClient = createMongoClientWithSslContext(connectionUri); } else { - mongoClient = MongoClients.create(String.format("mongodb://%s%s%s", credentials, hosts, connectionOptions)); + mongoClient = MongoClients.create(connectionUri); } LOG.debug("Connection created using provided credentials"); } else { @@ -456,6 +468,25 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL return mongoClient; } + private MongoClient createMongoClientWithSslContext(String connectionUri) { + try { + SSLContext sslContext = sslContextParameters.createSSLContext(getCamelContext()); + MongoClientSettings settings = MongoClientSettings.builder() + .applyConnectionString(new ConnectionString(connectionUri)) + .applyToSslSettings(builder -> { + builder.enabled(true); + builder.context(sslContext); + if (tlsAllowInvalidHostnames) { + builder.invalidHostNameAllowed(true); + } + }) + .build(); + return MongoClients.create(settings); + } catch (GeneralSecurityException | IOException e) { + throw new CamelMongoDbException("Error creating SSLContext from SSLContextParameters", e); + } + } + public String getConnectionBean() { return connectionBean; } @@ -905,6 +936,18 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL return tlsAllowInvalidHostnames; } + public SSLContextParameters getSslContextParameters() { + return sslContextParameters; + } + + /** + * SSL configuration using a Camel {@link SSLContextParameters} object. When configured, TLS is automatically + * enabled on the connection. + */ + public void setSslContextParameters(SSLContextParameters sslContextParameters) { + this.sslContextParameters = sslContextParameters; + } + /** * Specifies the maximum amount of time, in milliseconds, the Java driver waits for a connection to open before * timing out. A value of 0 instructs the driver to never time out while waiting for a connection to open. Default: diff --git a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java index a1c164c393a4..635ab195e07e 100644 --- a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java +++ b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java @@ -76,7 +76,7 @@ public class SslAwareMongoClient implements MongoClient { builder.invalidHostNameAllowed(true); SSLContext sc = null; try { - sc = SSLContext.getInstance("TLSv1.2"); + sc = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Error instantiating trust all SSL context.", e); }
