This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 003662483a1d CAMEL-23182 - Post-Quantum Cryptography (PQC) readiness:
camel-mongodb: Add SSLContextParameters support and fix hardcoded TLS version
(#21951)
003662483a1d is described below
commit 003662483a1df96f1e5f9616b8f2b42f71cbff7f
Author: Andrea Cosentino <[email protected]>
AuthorDate: Thu Mar 12 12:42:05 2026 +0100
CAMEL-23182 - Post-Quantum Cryptography (PQC) readiness: camel-mongodb: Add
SSLContextParameters support and fix hardcoded TLS version (#21951)
Add SSLContextParameters support and fix hardcoded TLS version
- Replace hardcoded SSLContext.getInstance("TLSv1.2") with
SSLContext.getInstance("TLS") in SslAwareMongoClient to allow
the JVM to negotiate the highest supported TLS version including
TLS 1.3 with PQC key exchange
- Implement SSLContextParametersAware on MongoDbComponent to support
global SSL context parameters
- Add sslContextParameters endpoint option on MongoDbEndpoint for
per-endpoint SSL/TLS configuration via Camel's SSLContextParameters
- When sslContextParameters is set, TLS is automatically enabled
on the MongoDB connection with proper SSLContext configuration
Add TLS integration test with test-infra
- Add MongoDBLocalContainerTLSService to test-infra-mongodb that starts
a standalone mongod with --tlsMode requireTLS using pre-generated
self-signed certificates mounted via classpath resource mapping
- Add MongoDbSslConnectionIT integration test that validates end-to-end
TLS connectivity using Camel's SSLContextParameters with a JKS
truststore containing the test CA certificate
- Include test certificate resources: CA cert (ca.pem), combined server
cert+key (server.pem), and JKS truststore (ca-truststore.jks)
Signed-off-by: Andrea Cosentino <[email protected]>
---
.../apache/camel/catalog/components/mongodb.json | 10 +-
.../mongodb/MongoDbComponentConfigurer.java | 6 +
.../mongodb/MongoDbEndpointConfigurer.java | 6 +
.../mongodb/MongoDbEndpointUriFactory.java | 3 +-
.../apache/camel/component/mongodb/mongodb.json | 10 +-
.../camel/component/mongodb/MongoDbComponent.java | 22 ++-
.../camel/component/mongodb/MongoDbEndpoint.java | 49 ++++++-
.../component/mongodb/SslAwareMongoClient.java | 2 +-
.../integration/MongoDbSslConnectionIT.java | 163 +++++++++++++++++++++
.../dsl/MongodbComponentBuilderFactory.java | 18 +++
.../dsl/MongoDbEndpointBuilderFactory.java | 96 ++++++++++++
.../services/MongoDBLocalContainerTLSService.java | 109 ++++++++++++++
.../infra/mongodb/services/ssl/ca-truststore.jks | Bin 0 -> 1206 bytes
.../camel/test/infra/mongodb/services/ssl/ca.pem | 20 +++
.../test/infra/mongodb/services/ssl/server.pem | 48 ++++++
15 files changed, 548 insertions(+), 14 deletions(-)
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json
index f43887c6e313..c746dd4bc09c 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json
@@ -27,7 +27,8 @@
"mongoConnection": { "index": 0, "kind": "property", "displayName": "Mongo
Connection", "group": "common", "label": "", "required": false, "type":
"object", "javaType": "com.mongodb.client.MongoClient", "deprecated": false,
"autowired": true, "secret": false, "description": "Shared client used for
connection. All endpoints generated from the component will share this
connection client." },
"bridgeErrorHandler": { "index": 1, "kind": "property", "displayName":
"Bridge Error Handler", "group": "consumer", "label": "consumer", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Allows for bridging the consumer to the Camel routing Error Handler, which
mean any exceptions (if possible) occurred while the Camel consumer is trying
to pickup incoming messages, or the like [...]
"lazyStartProducer": { "index": 2, "kind": "property", "displayName":
"Lazy Start Producer", "group": "producer", "label": "producer", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether the producer should be started lazy (on the first message). By
starting lazy you can use this to allow CamelContext and routes to startup in
situations where a producer may otherwise fail [...]
- "autowiredEnabled": { "index": 3, "kind": "property", "displayName":
"Autowired Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": true, "description":
"Whether autowiring is enabled. This is used for automatic autowiring options
(the option must be marked as autowired) by looking up in the registry to find
if there is a single instance of matching t [...]
+ "autowiredEnabled": { "index": 3, "kind": "property", "displayName":
"Autowired Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": true, "description":
"Whether autowiring is enabled. This is used for automatic autowiring options
(the option must be marked as autowired) by looking up in the registry to find
if there is a single instance of matching t [...]
+ "useGlobalSslContextParameters": { "index": 4, "kind": "property",
"displayName": "Use Global Ssl Context Parameters", "group": "security",
"label": "security", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Enable usage of global SSL context
parameters." }
},
"headers": {
"CamelMongoDbOperation": { "index": 0, "kind": "header", "displayName":
"", "group": "producer", "label": "producer", "required": false, "javaType":
"org.apache.camel.component.mongodb.MongoDbOperation or String", "deprecated":
false, "deprecationNote": "", "autowired": false, "secret": false,
"description": "The operation this endpoint will execute against MongoDB.",
"constantName":
"org.apache.camel.component.mongodb.MongoDbConstants#OPERATION_HEADER" },
@@ -111,8 +112,9 @@
"streamFilter": { "index": 50, "kind": "parameter", "displayName": "Stream
Filter", "group": "changeStream", "label": "consumer,changeStream", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "description": "Filter condition for
change streams consumer." },
"authSource": { "index": 51, "kind": "parameter", "displayName": "Auth
Source", "group": "security", "label": "security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": false, "description": "The database name associated with the
user's credentials." },
"password": { "index": 52, "kind": "parameter", "displayName": "Password",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "description": "User password for mongodb connection" },
- "tls": { "index": 53, "kind": "parameter", "displayName": "Tls", "group":
"security", "label": "security", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "autowired": false, "secret":
false, "defaultValue": false, "description": "Specifies that all communication
with MongoDB instances should use TLS. Supersedes the ssl option. Default:
false" },
- "tlsAllowInvalidHostnames": { "index": 54, "kind": "parameter",
"displayName": "Tls Allow Invalid Hostnames", "group": "security", "label":
"security", "required": false, "type": "boolean", "javaType": "boolean",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
false, "description": "Specifies that the driver should allow invalid hostnames
in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed.
Has the same effect as tlsInsecure by setti [...]
- "username": { "index": 55, "kind": "parameter", "displayName": "Username",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "description": "Username for mongodb connection" }
+ "sslContextParameters": { "index": 53, "kind": "parameter", "displayName":
"Ssl Context Parameters", "group": "security", "label": "security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "description": "SSL configuration using a
Camel SSLContextParameters object. When configured, TLS is automatically
enabled on the connection." },
+ "tls": { "index": 54, "kind": "parameter", "displayName": "Tls", "group":
"security", "label": "security", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "autowired": false, "secret":
false, "defaultValue": false, "description": "Specifies that all communication
with MongoDB instances should use TLS. Supersedes the ssl option. Default:
false" },
+ "tlsAllowInvalidHostnames": { "index": 55, "kind": "parameter",
"displayName": "Tls Allow Invalid Hostnames", "group": "security", "label":
"security", "required": false, "type": "boolean", "javaType": "boolean",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
false, "description": "Specifies that the driver should allow invalid hostnames
in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed.
Has the same effect as tlsInsecure by setti [...]
+ "username": { "index": 56, "kind": "parameter", "displayName": "Username",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "description": "Username for mongodb connection" }
}
}
diff --git
a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java
b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java
index e7d445d09672..df0053f6e936 100644
---
a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java
+++
b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java
@@ -31,6 +31,8 @@ public class MongoDbComponentConfigurer extends
PropertyConfigurerSupport implem
case "lazyStartProducer":
target.setLazyStartProducer(property(camelContext, boolean.class, value));
return true;
case "mongoconnection":
case "mongoConnection":
target.setMongoConnection(property(camelContext,
com.mongodb.client.MongoClient.class, value)); return true;
+ case "useglobalsslcontextparameters":
+ case "useGlobalSslContextParameters":
target.setUseGlobalSslContextParameters(property(camelContext, boolean.class,
value)); return true;
default: return false;
}
}
@@ -51,6 +53,8 @@ public class MongoDbComponentConfigurer extends
PropertyConfigurerSupport implem
case "lazyStartProducer": return boolean.class;
case "mongoconnection":
case "mongoConnection": return com.mongodb.client.MongoClient.class;
+ case "useglobalsslcontextparameters":
+ case "useGlobalSslContextParameters": return boolean.class;
default: return null;
}
}
@@ -67,6 +71,8 @@ public class MongoDbComponentConfigurer extends
PropertyConfigurerSupport implem
case "lazyStartProducer": return target.isLazyStartProducer();
case "mongoconnection":
case "mongoConnection": return target.getMongoConnection();
+ case "useglobalsslcontextparameters":
+ case "useGlobalSslContextParameters": return
target.isUseGlobalSslContextParameters();
default: return null;
}
}
diff --git
a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java
b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java
index d07a290c1237..b153c2f3b11c 100644
---
a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java
+++
b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java
@@ -102,6 +102,8 @@ public class MongoDbEndpointConfigurer extends
PropertyConfigurerSupport impleme
case "srvMaxHosts": target.setSrvMaxHosts(property(camelContext,
java.lang.Integer.class, value)); return true;
case "srvservicename":
case "srvServiceName": target.setSrvServiceName(property(camelContext,
java.lang.String.class, value)); return true;
+ case "sslcontextparameters":
+ case "sslContextParameters":
target.setSslContextParameters(property(camelContext,
org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true;
case "streamfilter":
case "streamFilter": target.setStreamFilter(property(camelContext,
java.lang.String.class, value)); return true;
case "tailtrackcollection":
@@ -210,6 +212,8 @@ public class MongoDbEndpointConfigurer extends
PropertyConfigurerSupport impleme
case "srvMaxHosts": return java.lang.Integer.class;
case "srvservicename":
case "srvServiceName": return java.lang.String.class;
+ case "sslcontextparameters":
+ case "sslContextParameters": return
org.apache.camel.support.jsse.SSLContextParameters.class;
case "streamfilter":
case "streamFilter": return java.lang.String.class;
case "tailtrackcollection":
@@ -319,6 +323,8 @@ public class MongoDbEndpointConfigurer extends
PropertyConfigurerSupport impleme
case "srvMaxHosts": return target.getSrvMaxHosts();
case "srvservicename":
case "srvServiceName": return target.getSrvServiceName();
+ case "sslcontextparameters":
+ case "sslContextParameters": return target.getSslContextParameters();
case "streamfilter":
case "streamFilter": return target.getStreamFilter();
case "tailtrackcollection":
diff --git
a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java
b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java
index 20f1cbb56c8f..da5aceb938d3 100644
---
a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java
+++
b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java
@@ -23,7 +23,7 @@ public class MongoDbEndpointUriFactory extends
org.apache.camel.support.componen
private static final Set<String> SECRET_PROPERTY_NAMES;
private static final Map<String, String> MULTI_VALUE_PREFIXES;
static {
- Set<String> props = new HashSet<>(56);
+ Set<String> props = new HashSet<>(57);
props.add("appName");
props.add("authSource");
props.add("bridgeErrorHandler");
@@ -68,6 +68,7 @@ public class MongoDbEndpointUriFactory extends
org.apache.camel.support.componen
props.add("socketTimeoutMS");
props.add("srvMaxHosts");
props.add("srvServiceName");
+ props.add("sslContextParameters");
props.add("streamFilter");
props.add("tailTrackCollection");
props.add("tailTrackDb");
diff --git
a/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json
b/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json
index f43887c6e313..c746dd4bc09c 100644
---
a/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json
+++
b/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json
@@ -27,7 +27,8 @@
"mongoConnection": { "index": 0, "kind": "property", "displayName": "Mongo
Connection", "group": "common", "label": "", "required": false, "type":
"object", "javaType": "com.mongodb.client.MongoClient", "deprecated": false,
"autowired": true, "secret": false, "description": "Shared client used for
connection. All endpoints generated from the component will share this
connection client." },
"bridgeErrorHandler": { "index": 1, "kind": "property", "displayName":
"Bridge Error Handler", "group": "consumer", "label": "consumer", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Allows for bridging the consumer to the Camel routing Error Handler, which
mean any exceptions (if possible) occurred while the Camel consumer is trying
to pickup incoming messages, or the like [...]
"lazyStartProducer": { "index": 2, "kind": "property", "displayName":
"Lazy Start Producer", "group": "producer", "label": "producer", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": false, "description":
"Whether the producer should be started lazy (on the first message). By
starting lazy you can use this to allow CamelContext and routes to startup in
situations where a producer may otherwise fail [...]
- "autowiredEnabled": { "index": 3, "kind": "property", "displayName":
"Autowired Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": true, "description":
"Whether autowiring is enabled. This is used for automatic autowiring options
(the option must be marked as autowired) by looking up in the registry to find
if there is a single instance of matching t [...]
+ "autowiredEnabled": { "index": 3, "kind": "property", "displayName":
"Autowired Enabled", "group": "advanced", "label": "advanced", "required":
false, "type": "boolean", "javaType": "boolean", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": true, "description":
"Whether autowiring is enabled. This is used for automatic autowiring options
(the option must be marked as autowired) by looking up in the registry to find
if there is a single instance of matching t [...]
+ "useGlobalSslContextParameters": { "index": 4, "kind": "property",
"displayName": "Use Global Ssl Context Parameters", "group": "security",
"label": "security", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Enable usage of global SSL context
parameters." }
},
"headers": {
"CamelMongoDbOperation": { "index": 0, "kind": "header", "displayName":
"", "group": "producer", "label": "producer", "required": false, "javaType":
"org.apache.camel.component.mongodb.MongoDbOperation or String", "deprecated":
false, "deprecationNote": "", "autowired": false, "secret": false,
"description": "The operation this endpoint will execute against MongoDB.",
"constantName":
"org.apache.camel.component.mongodb.MongoDbConstants#OPERATION_HEADER" },
@@ -111,8 +112,9 @@
"streamFilter": { "index": 50, "kind": "parameter", "displayName": "Stream
Filter", "group": "changeStream", "label": "consumer,changeStream", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "description": "Filter condition for
change streams consumer." },
"authSource": { "index": 51, "kind": "parameter", "displayName": "Auth
Source", "group": "security", "label": "security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": false, "description": "The database name associated with the
user's credentials." },
"password": { "index": 52, "kind": "parameter", "displayName": "Password",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "description": "User password for mongodb connection" },
- "tls": { "index": 53, "kind": "parameter", "displayName": "Tls", "group":
"security", "label": "security", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "autowired": false, "secret":
false, "defaultValue": false, "description": "Specifies that all communication
with MongoDB instances should use TLS. Supersedes the ssl option. Default:
false" },
- "tlsAllowInvalidHostnames": { "index": 54, "kind": "parameter",
"displayName": "Tls Allow Invalid Hostnames", "group": "security", "label":
"security", "required": false, "type": "boolean", "javaType": "boolean",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
false, "description": "Specifies that the driver should allow invalid hostnames
in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed.
Has the same effect as tlsInsecure by setti [...]
- "username": { "index": 55, "kind": "parameter", "displayName": "Username",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "description": "Username for mongodb connection" }
+ "sslContextParameters": { "index": 53, "kind": "parameter", "displayName":
"Ssl Context Parameters", "group": "security", "label": "security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "description": "SSL configuration using a
Camel SSLContextParameters object. When configured, TLS is automatically
enabled on the connection." },
+ "tls": { "index": 54, "kind": "parameter", "displayName": "Tls", "group":
"security", "label": "security", "required": false, "type": "boolean",
"javaType": "boolean", "deprecated": false, "autowired": false, "secret":
false, "defaultValue": false, "description": "Specifies that all communication
with MongoDB instances should use TLS. Supersedes the ssl option. Default:
false" },
+ "tlsAllowInvalidHostnames": { "index": 55, "kind": "parameter",
"displayName": "Tls Allow Invalid Hostnames", "group": "security", "label":
"security", "required": false, "type": "boolean", "javaType": "boolean",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
false, "description": "Specifies that the driver should allow invalid hostnames
in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed.
Has the same effect as tlsInsecure by setti [...]
+ "username": { "index": 56, "kind": "parameter", "displayName": "Username",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "description": "Username for mongodb connection" }
}
}
diff --git
a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java
b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java
index fec1d7195e25..0a6d1e92a382 100644
---
a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java
+++
b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java
@@ -24,12 +24,13 @@ import java.util.Set;
import com.mongodb.client.MongoClient;
import org.apache.camel.CamelContext;
import org.apache.camel.Endpoint;
+import org.apache.camel.SSLContextParametersAware;
import org.apache.camel.spi.Metadata;
import org.apache.camel.spi.annotations.Component;
import org.apache.camel.support.DefaultComponent;
@Component("mongodb")
-public class MongoDbComponent extends DefaultComponent {
+public class MongoDbComponent extends DefaultComponent implements
SSLContextParametersAware {
public static final Set<MongoDbOperation> WRITE_OPERATIONS =
EnumSet.copyOf(
Arrays.asList(
@@ -40,6 +41,9 @@ public class MongoDbComponent extends DefaultComponent {
@Metadata(autowired = true)
private MongoClient mongoConnection;
+ @Metadata(label = "security", defaultValue = "false",
+ description = "Enable usage of global SSL context parameters.")
+ private boolean useGlobalSslContextParameters;
public MongoDbComponent() {
this(null);
@@ -54,6 +58,9 @@ public class MongoDbComponent extends DefaultComponent {
MongoDbEndpoint endpoint = new MongoDbEndpoint(uri, this);
endpoint.setConnectionBean(remaining);
setProperties(endpoint, parameters);
+ if (endpoint.getSslContextParameters() == null) {
+
endpoint.setSslContextParameters(retrieveGlobalSslContextParameters());
+ }
return endpoint;
}
@@ -71,6 +78,19 @@ public class MongoDbComponent extends DefaultComponent {
this.mongoConnection = mongoConnection;
}
+ @Override
+ public boolean isUseGlobalSslContextParameters() {
+ return this.useGlobalSslContextParameters;
+ }
+
+ /**
+ * Enable usage of global SSL context parameters.
+ */
+ @Override
+ public void setUseGlobalSslContextParameters(boolean
useGlobalSslContextParameters) {
+ this.useGlobalSslContextParameters = useGlobalSslContextParameters;
+ }
+
public static CamelMongoDbException wrapInCamelMongoDbException(Throwable
t) {
if (t instanceof CamelMongoDbException camelMongoDbException) {
return camelMongoDbException;
diff --git
a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java
b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java
index d5b41a87e4bc..7621ff84298e 100644
---
a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java
+++
b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java
@@ -17,13 +17,18 @@
package org.apache.camel.component.mongodb;
import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.StreamSupport;
+import javax.net.ssl.SSLContext;
+
import com.fasterxml.jackson.databind.ObjectMapper;
+import com.mongodb.ConnectionString;
+import com.mongodb.MongoClientSettings;
import com.mongodb.ReadPreference;
import com.mongodb.WriteConcern;
import com.mongodb.client.MongoClient;
@@ -42,6 +47,7 @@ import org.apache.camel.spi.UriParam;
import org.apache.camel.spi.UriPath;
import org.apache.camel.support.CamelContextHelper;
import org.apache.camel.support.DefaultEndpoint;
+import org.apache.camel.support.jsse.SSLContextParameters;
import org.apache.camel.util.ObjectHelper;
import org.bson.Document;
import org.bson.conversions.Bson;
@@ -134,6 +140,8 @@ public class MongoDbEndpoint extends DefaultEndpoint
implements EndpointServiceL
private boolean tls;
@UriParam(label = "security", defaultValue = "false")
private boolean tlsAllowInvalidHostnames;
+ @UriParam(label = "security")
+ private SSLContextParameters sslContextParameters;
@UriParam(label = "advanced", defaultValue = "10000")
private Integer connectTimeoutMS = 10000;
@UriParam(label = "advanced", defaultValue = "0")
@@ -438,10 +446,14 @@ public class MongoDbEndpoint extends DefaultEndpoint
implements EndpointServiceL
credentials += this.password == null ? "@" : ":" + password +
"@";
}
String connectionOptions = authSource == null ? "" :
"/?authSource=" + authSource;
- if (connectionUriString != null) {
- mongoClient = MongoClients.create(connectionUriString);
+ String connectionUri = connectionUriString != null
+ ? connectionUriString
+ : String.format("mongodb://%s%s%s", credentials, hosts,
connectionOptions);
+
+ if (sslContextParameters != null) {
+ mongoClient = createMongoClientWithSslContext(connectionUri);
} else {
- mongoClient =
MongoClients.create(String.format("mongodb://%s%s%s", credentials, hosts,
connectionOptions));
+ mongoClient = MongoClients.create(connectionUri);
}
LOG.debug("Connection created using provided credentials");
} else {
@@ -456,6 +468,25 @@ public class MongoDbEndpoint extends DefaultEndpoint
implements EndpointServiceL
return mongoClient;
}
+ private MongoClient createMongoClientWithSslContext(String connectionUri) {
+ try {
+ SSLContext sslContext =
sslContextParameters.createSSLContext(getCamelContext());
+ MongoClientSettings settings = MongoClientSettings.builder()
+ .applyConnectionString(new ConnectionString(connectionUri))
+ .applyToSslSettings(builder -> {
+ builder.enabled(true);
+ builder.context(sslContext);
+ if (tlsAllowInvalidHostnames) {
+ builder.invalidHostNameAllowed(true);
+ }
+ })
+ .build();
+ return MongoClients.create(settings);
+ } catch (GeneralSecurityException | IOException e) {
+ throw new CamelMongoDbException("Error creating SSLContext from
SSLContextParameters", e);
+ }
+ }
+
public String getConnectionBean() {
return connectionBean;
}
@@ -905,6 +936,18 @@ public class MongoDbEndpoint extends DefaultEndpoint
implements EndpointServiceL
return tlsAllowInvalidHostnames;
}
+ public SSLContextParameters getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ /**
+ * SSL configuration using a Camel {@link SSLContextParameters} object.
When configured, TLS is automatically
+ * enabled on the connection.
+ */
+ public void setSslContextParameters(SSLContextParameters
sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
/**
* Specifies the maximum amount of time, in milliseconds, the Java driver
waits for a connection to open before
* timing out. A value of 0 instructs the driver to never time out while
waiting for a connection to open. Default:
diff --git
a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java
b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java
index a1c164c393a4..635ab195e07e 100644
---
a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java
+++
b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java
@@ -76,7 +76,7 @@ public class SslAwareMongoClient implements MongoClient {
builder.invalidHostNameAllowed(true);
SSLContext sc = null;
try {
- sc = SSLContext.getInstance("TLSv1.2");
+ sc = SSLContext.getInstance("TLS");
} catch (NoSuchAlgorithmException e) {
throw new RuntimeException("Error
instantiating trust all SSL context.", e);
}
diff --git
a/components/camel-mongodb/src/test/java/org/apache/camel/component/mongodb/integration/MongoDbSslConnectionIT.java
b/components/camel-mongodb/src/test/java/org/apache/camel/component/mongodb/integration/MongoDbSslConnectionIT.java
new file mode 100644
index 000000000000..f5e92f9a6fbc
--- /dev/null
+++
b/components/camel-mongodb/src/test/java/org/apache/camel/component/mongodb/integration/MongoDbSslConnectionIT.java
@@ -0,0 +1,163 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.mongodb.integration;
+
+import javax.net.ssl.SSLContext;
+
+import com.mongodb.ConnectionString;
+import com.mongodb.MongoClientSettings;
+import com.mongodb.client.MongoClient;
+import com.mongodb.client.MongoClients;
+import com.mongodb.client.MongoCollection;
+import com.mongodb.client.MongoDatabase;
+import org.apache.camel.CamelContext;
+import org.apache.camel.ProducerTemplate;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.mongodb.MongoDbComponent;
+import org.apache.camel.support.jsse.KeyStoreParameters;
+import org.apache.camel.support.jsse.SSLContextParameters;
+import org.apache.camel.support.jsse.TrustManagersParameters;
+import org.apache.camel.test.infra.core.CamelContextExtension;
+import org.apache.camel.test.infra.core.DefaultCamelContextExtension;
+import org.apache.camel.test.infra.core.annotations.ContextFixture;
+import org.apache.camel.test.infra.core.annotations.RouteFixture;
+import org.apache.camel.test.infra.core.api.ConfigurableContext;
+import org.apache.camel.test.infra.core.api.ConfigurableRoute;
+import
org.apache.camel.test.infra.mongodb.services.MongoDBLocalContainerTLSService;
+import org.bson.Document;
+import org.junit.jupiter.api.AfterAll;
+import org.junit.jupiter.api.AfterEach;
+import org.junit.jupiter.api.Order;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.TestInstance;
+import org.junit.jupiter.api.extension.RegisterExtension;
+
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+/**
+ * Integration test that validates TLS connectivity to MongoDB using Camel's
SSLContextParameters.
+ */
+@TestInstance(TestInstance.Lifecycle.PER_CLASS)
+public class MongoDbSslConnectionIT implements ConfigurableContext,
ConfigurableRoute {
+
+ private static final String DATABASE = "test";
+ private static final String COLLECTION = "camelTest";
+
+ @Order(1)
+ @RegisterExtension
+ static MongoDBLocalContainerTLSService service = new
MongoDBLocalContainerTLSService();
+
+ @Order(2)
+ @RegisterExtension
+ static CamelContextExtension contextExtension = new
DefaultCamelContextExtension();
+
+ private MongoClient mongo;
+ private MongoCollection<Document> testCollection;
+
+ @ContextFixture
+ @Override
+ public void configureContext(CamelContext context) throws Exception {
+ SSLContextParameters sslContextParameters =
createSslContextParameters();
+ context.getRegistry().bind("sslContextParameters",
sslContextParameters);
+
+ SSLContext sslContext = sslContextParameters.createSSLContext(context);
+ MongoClientSettings settings = MongoClientSettings.builder()
+ .applyConnectionString(new
ConnectionString(service.getReplicaSetUrl()))
+ .applyToSslSettings(builder -> {
+ builder.enabled(true);
+ builder.context(sslContext);
+ builder.invalidHostNameAllowed(true);
+ })
+ .build();
+ mongo = MongoClients.create(settings);
+
+ MongoDatabase db = mongo.getDatabase(DATABASE);
+ testCollection = db.getCollection(COLLECTION, Document.class);
+ testCollection.drop();
+ testCollection = db.getCollection(COLLECTION, Document.class);
+
+ context.getComponent("mongodb",
MongoDbComponent.class).setMongoConnection(null);
+ context.getRegistry().bind("myDb", mongo);
+ }
+
+ @RouteFixture
+ @Override
+ public void createRouteBuilder(CamelContext context) throws Exception {
+ context.addRoutes(new RouteBuilder() {
+ public void configure() {
+ String baseUri = String.format(
+ "mongodb:myDb?hosts=%s&database=%s&collection=%s"
+ +
"&sslContextParameters=#sslContextParameters"
+ +
"&tlsAllowInvalidHostnames=true",
+ service.getConnectionAddress(), DATABASE, COLLECTION);
+
+ from("direct:insert").to(baseUri + "&operation=insert");
+ from("direct:count").to(baseUri + "&operation=count");
+ }
+ });
+ }
+
+ @Test
+ public void testInsertOverTls() {
+ ProducerTemplate template = contextExtension.getProducerTemplate();
+
+ Document doc = new Document("scientist", "Einstein").append("tls",
true);
+ Object result = template.requestBody("direct:insert", doc);
+ assertNotNull(result, "Insert result should not be null");
+
+ assertEquals(1L, testCollection.countDocuments(),
+ "Test collection should contain 1 document after insert");
+ }
+
+ @Test
+ public void testCountOverTls() {
+ ProducerTemplate template = contextExtension.getProducerTemplate();
+
+ Object result = template.requestBody("direct:count", "irrelevantBody");
+ assertTrue(result instanceof Long, "Count result should be of type
Long");
+ }
+
+ @AfterEach
+ void cleanCollection() {
+ if (testCollection != null) {
+ testCollection.drop();
+ }
+ }
+
+ @AfterAll
+ void cleanup() {
+ if (mongo != null) {
+ mongo.close();
+ }
+ }
+
+ private SSLContextParameters createSslContextParameters() {
+ KeyStoreParameters ksp = new KeyStoreParameters();
+
ksp.setResource("org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks");
+ ksp.setPassword("changeit");
+
+ TrustManagersParameters tmp = new TrustManagersParameters();
+ tmp.setKeyStore(ksp);
+
+ SSLContextParameters sslContextParameters = new SSLContextParameters();
+ sslContextParameters.setTrustManagers(tmp);
+
+ return sslContextParameters;
+ }
+}
diff --git
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java
index 8b97868dfc7c..a5c22d59daca 100644
---
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java
+++
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java
@@ -141,6 +141,23 @@ public interface MongodbComponentBuilderFactory {
doSetProperty("autowiredEnabled", autowiredEnabled);
return this;
}
+
+
+ /**
+ * Enable usage of global SSL context parameters.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: security
+ *
+ * @param useGlobalSslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default MongodbComponentBuilder useGlobalSslContextParameters(boolean
useGlobalSslContextParameters) {
+ doSetProperty("useGlobalSslContextParameters",
useGlobalSslContextParameters);
+ return this;
+ }
}
class MongodbComponentBuilderImpl
@@ -160,6 +177,7 @@ public interface MongodbComponentBuilderFactory {
case "bridgeErrorHandler": ((MongoDbComponent)
component).setBridgeErrorHandler((boolean) value); return true;
case "lazyStartProducer": ((MongoDbComponent)
component).setLazyStartProducer((boolean) value); return true;
case "autowiredEnabled": ((MongoDbComponent)
component).setAutowiredEnabled((boolean) value); return true;
+ case "useGlobalSslContextParameters": ((MongoDbComponent)
component).setUseGlobalSslContextParameters((boolean) value); return true;
default: return false;
}
}
diff --git
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java
index 39028de92732..9d99a543eae5 100644
---
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java
+++
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java
@@ -461,6 +461,38 @@ public interface MongoDbEndpointBuilderFactory {
doSetProperty("password", password);
return this;
}
+ /**
+ * SSL configuration using a Camel SSLContextParameters object. When
+ * configured, TLS is automatically enabled on the connection.
+ *
+ * The option is a:
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default MongoDbEndpointConsumerBuilder
sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
+ /**
+ * SSL configuration using a Camel SSLContextParameters object. When
+ * configured, TLS is automatically enabled on the connection.
+ *
+ * The option will be converted to a
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default MongoDbEndpointConsumerBuilder sslContextParameters(String
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
/**
* Specifies that all communication with MongoDB instances should use
* TLS. Supersedes the ssl option. Default: false.
@@ -1777,6 +1809,38 @@ public interface MongoDbEndpointBuilderFactory {
doSetProperty("password", password);
return this;
}
+ /**
+ * SSL configuration using a Camel SSLContextParameters object. When
+ * configured, TLS is automatically enabled on the connection.
+ *
+ * The option is a:
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default MongoDbEndpointProducerBuilder
sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
+ /**
+ * SSL configuration using a Camel SSLContextParameters object. When
+ * configured, TLS is automatically enabled on the connection.
+ *
+ * The option will be converted to a
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default MongoDbEndpointProducerBuilder sslContextParameters(String
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
/**
* Specifies that all communication with MongoDB instances should use
* TLS. Supersedes the ssl option. Default: false.
@@ -3022,6 +3086,38 @@ public interface MongoDbEndpointBuilderFactory {
doSetProperty("password", password);
return this;
}
+ /**
+ * SSL configuration using a Camel SSLContextParameters object. When
+ * configured, TLS is automatically enabled on the connection.
+ *
+ * The option is a:
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default MongoDbEndpointBuilder
sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
+ /**
+ * SSL configuration using a Camel SSLContextParameters object. When
+ * configured, TLS is automatically enabled on the connection.
+ *
+ * The option will be converted to a
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default MongoDbEndpointBuilder sslContextParameters(String
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
/**
* Specifies that all communication with MongoDB instances should use
* TLS. Supersedes the ssl option. Default: false.
diff --git
a/test-infra/camel-test-infra-mongodb/src/main/java/org/apache/camel/test/infra/mongodb/services/MongoDBLocalContainerTLSService.java
b/test-infra/camel-test-infra-mongodb/src/main/java/org/apache/camel/test/infra/mongodb/services/MongoDBLocalContainerTLSService.java
new file mode 100644
index 000000000000..3c1cfc759e73
--- /dev/null
+++
b/test-infra/camel-test-infra-mongodb/src/main/java/org/apache/camel/test/infra/mongodb/services/MongoDBLocalContainerTLSService.java
@@ -0,0 +1,109 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.test.infra.mongodb.services;
+
+import java.time.Duration;
+
+import org.apache.camel.test.infra.common.LocalPropertyResolver;
+import org.apache.camel.test.infra.common.services.ContainerEnvironmentUtil;
+import org.apache.camel.test.infra.common.services.ContainerService;
+import org.apache.camel.test.infra.mongodb.common.MongoDBProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.testcontainers.containers.BindMode;
+import org.testcontainers.containers.GenericContainer;
+import org.testcontainers.containers.wait.strategy.Wait;
+
+/**
+ * A TLS-enabled MongoDB container service using a standalone mongod with
--tlsMode requireTLS. Uses pre-generated
+ * self-signed certificates mounted from classpath resources.
+ */
+public class MongoDBLocalContainerTLSService implements MongoDBService,
ContainerService<GenericContainer<?>> {
+
+ private static final Logger LOG =
LoggerFactory.getLogger(MongoDBLocalContainerTLSService.class);
+ private static final int DEFAULT_MONGODB_PORT = 27017;
+ private static final String CERT_RESOURCE_PATH =
"org/apache/camel/test/infra/mongodb/services/ssl";
+
+ private final GenericContainer<?> container;
+
+ public MongoDBLocalContainerTLSService() {
+ this(LocalPropertyResolver.getProperty(
+ MongoDBLocalContainerInfraService.class,
MongoDBProperties.MONGODB_CONTAINER));
+ }
+
+ public MongoDBLocalContainerTLSService(String imageName) {
+ container = initContainer(imageName);
+ }
+
+ protected GenericContainer<?> initContainer(String imageName) {
+ GenericContainer<?> c = new GenericContainer<>(imageName);
+
+ boolean fixedPort =
ContainerEnvironmentUtil.isFixedPort(this.getClass());
+ ContainerEnvironmentUtil.configurePort(c, fixedPort,
DEFAULT_MONGODB_PORT);
+
+ c.withClasspathResourceMapping(CERT_RESOURCE_PATH, "/etc/mongodb/ssl",
BindMode.READ_ONLY)
+ .withCommand(
+ "mongod",
+ "--tlsMode", "requireTLS",
+ "--tlsCertificateKeyFile",
"/etc/mongodb/ssl/server.pem",
+ "--tlsCAFile", "/etc/mongodb/ssl/ca.pem",
+ "--tlsAllowConnectionsWithoutCertificates",
+ "--bind_ip_all",
+ "--port", String.valueOf(DEFAULT_MONGODB_PORT))
+ .waitingFor(
+ Wait.forLogMessage(".*Waiting for connections.*", 1)
+ .withStartupTimeout(Duration.ofSeconds(60)));
+
+ return c;
+ }
+
+ @Override
+ public String getReplicaSetUrl() {
+ return String.format("mongodb://%s:%s", container.getHost(),
+ container.getMappedPort(DEFAULT_MONGODB_PORT));
+ }
+
+ @Override
+ public String getConnectionAddress() {
+ return container.getHost() + ":" +
container.getMappedPort(DEFAULT_MONGODB_PORT);
+ }
+
+ @Override
+ public void registerProperties() {
+ System.setProperty(MongoDBProperties.MONGODB_URL, getReplicaSetUrl());
+ System.setProperty(MongoDBProperties.MONGODB_CONNECTION_ADDRESS,
getConnectionAddress());
+ }
+
+ @Override
+ public void initialize() {
+ LOG.info("Trying to start the MongoDB TLS service");
+ container.start();
+ registerProperties();
+ LOG.info("MongoDB TLS service running at {}", getReplicaSetUrl());
+ }
+
+ @Override
+ public void shutdown() {
+ LOG.info("Stopping the MongoDB TLS container");
+ container.stop();
+ }
+
+ @Override
+ public GenericContainer<?> getContainer() {
+ return container;
+ }
+}
diff --git
a/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks
b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks
new file mode 100644
index 000000000000..aac33cbc646d
Binary files /dev/null and
b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks
differ
diff --git
a/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca.pem
b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca.pem
new file mode 100644
index 000000000000..daa387fcbd77
--- /dev/null
+++
b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca.pem
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDSzCCAjOgAwIBAgIUOZ8hm+Y5QKtHsD7RMI43+Tu4j5swDQYJKoZIhvcNAQEL
+BQAwNTEPMA0GA1UEAwwGVGVzdENBMRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJ
+BgNVBAYTAlVTMB4XDTI2MDMxMjA4MjExOFoXDTM2MDMwOTA4MjExOFowNTEPMA0G
+A1UEAwwGVGVzdENBMRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJBgNVBAYTAlVT
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJ5NrHfXc1CQDrttRl8o
+9+/jSL0ZkVMEOWDi4vEoGbQPzVXjkpym7PAAR1KYlXwi9XDIBlsdFIExS0+UONQL
+/K8h5P//nWkkf6xha0nnYsrsdVkaF37HnBJmmnRHWK1M9iU4doJDhgZ/LEpS7NPX
+twKn00YsWPRVKhY267VgDUp5XUD3VlsnCUcroRDt0OrSIikWs21cOAlOFL/Kul3c
+Uf2gUmWxJmY7Ybzra1cFdGijxRlp8b/kcrQeGKJFEwK+c2LIvLiy/0CUICjWsooy
+8tY6A/FQ6/RQwU032D7lmk8IjcDW3MKB8Nzk1AuYvf9MHeDWRO2K/o+Yq9v9B/1L
+fwIDAQABo1MwUTAdBgNVHQ4EFgQUENNC6Q9yf9UpLXawy8NnfLStEY8wHwYDVR0j
+BBgwFoAUENNC6Q9yf9UpLXawy8NnfLStEY8wDwYDVR0TAQH/BAUwAwEB/zANBgkq
+hkiG9w0BAQsFAAOCAQEAD9QaBH9ABcSBwMtk+fK/6g37ZWoegcdT4OK0+yWBaptg
+1reT9gszCeJ6ghYJPVMeRkTeLSg4iGSF+Iu1g4i3KaAQjbXfaS2ThUSxN47ThZH/
+wAZjlzHVDn+xjIC3Lk1ve+kJHAXm3KxyZbXWMUAmP9RPPse8UeFYUuRVY0mygOEN
+PppwYmXLYexsIYiV6WcVFTZ/d1mF3op6HriOA052pYqJtOOWWVjiCSK/V2QhYgWG
+1cBX11dHhFr2Zd6I5IizqkkM81g+uxRBMYGGKoeF+AKaoby0ScDuMxMIhogBGSw4
+UVfedFOW0hkTpEOuEvgOhavZMLBGuH7vcsORU5HliQ==
+-----END CERTIFICATE-----
diff --git
a/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/server.pem
b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/server.pem
new file mode 100644
index 000000000000..6401f5177263
--- /dev/null
+++
b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/server.pem
@@ -0,0 +1,48 @@
+-----BEGIN CERTIFICATE-----
+MIIDWTCCAkGgAwIBAgIUGylDtkbSJkK76KTlkGaIhoiMgcAwDQYJKoZIhvcNAQEL
+BQAwNTEPMA0GA1UEAwwGVGVzdENBMRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJ
+BgNVBAYTAlVTMB4XDTI2MDMxMjA4MjY0NFoXDTM2MDMwOTA4MjY0NFowODESMBAG
+A1UEAwwJbG9jYWxob3N0MRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJBgNVBAYT
+AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn73xpfZ0XRHQDIO
+DsRlfwfYsUH6UUxYpoZjT9Mkm3GiYG86S5P5QU1BL/2h8x9f4NpnsRRCUOrqpHKa
+9f17lGAVGVIzJirIlBUZs1b038f6XPLPcP0sQc8RAkRTgG3dZ+FtakoDFYaX8NCr
+/r6NDQxh3l0k4yEsP+C3x4eGRepCCwjifCCMtnqQwQ1fw2QK2v9wlQs3sFa6pFvt
+SAi4vdWHESOk1/7+788WlhjxaSS0sE3Q9SbVd32b7tazD1Ril0VXl9I4ZKy+NLvI
+1aOxpKq3X2DP+N64bKn930JUdoTSAZgcWxj7USMEyfB5ie+J4yZabrJn1ih4umXX
+eE9bhwIDAQABo14wXDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O
+BBYEFAzmsdFHWCMDPrWRlO6OycQfU0W3MB8GA1UdIwQYMBaAFBDTQukPcn/VKS12
+sMvDZ3y0rRGPMA0GCSqGSIb3DQEBCwUAA4IBAQB9ebGCp+0u8E0l4EGUMoOXeNRI
+RnfTicAQN1NZE7s2pA2ZC5kiYVmJsq/X8LPcyBWqOVbLWmeWB8CbcM7R3J39WGu7
+1y/PuqwggRIY0MvJH0ZGYOsXpYKUoj0qhFJHV/4XLLnf9CDBZj82Ly/BfVgBDPx4
+JTcD/jT5QlI34raV8VtX5ePdyKsv9IZxJIxco+5Q6EjeU+pObB2IY6OQvNybbJwG
+immH+jZWvtTpndlPpy2/Sf8w/jJOYO7u2OSntZPJAVirxIyBztK/PPPyz0QgvV2P
+5ntvQh9DDSOPQYL55zH99ob8Ye4Qu9wGxxD0rumnXOj9wagaSZNx+6+COUEe
+-----END CERTIFICATE-----
+-----BEGIN PRIVATE KEY-----
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCSfvfGl9nRdEdA
+Mg4OxGV/B9ixQfpRTFimhmNP0ySbcaJgbzpLk/lBTUEv/aHzH1/g2mexFEJQ6uqk
+cpr1/XuUYBUZUjMmKsiUFRmzVvTfx/pc8s9w/SxBzxECRFOAbd1n4W1qSgMVhpfw
+0Kv+vo0NDGHeXSTjISw/4LfHh4ZF6kILCOJ8IIy2epDBDV/DZAra/3CVCzewVrqk
+W+1ICLi91YcRI6TX/v7vzxaWGPFpJLSwTdD1JtV3fZvu1rMPVGKXRVeX0jhkrL40
+u8jVo7GkqrdfYM/43rhsqf3fQlR2hNIBmBxbGPtRIwTJ8HmJ74njJlpusmfWKHi6
+Zdd4T1uHAgMBAAECggEAEpJ3Lh2tNyEjMU/HOXcLmQWxIpPHPMxNhtsNtx6BCxXm
+bIxdWxyI4o79PyzL/csR+CsoLypu19xYX/3JiHsY0jA2LI4fvux4nlFofzR8eexb
+4LHFu8DU/gjW0q8/2M3U3mkVWn7EklOMarLBw1t7/VX/CFZNqV/YwMZn9itHyhAe
+LQIUWTu67qA/vhZBuwvIh8ELmQZ0jVwtVDg9tbhKV3/LTLaW7E3ko3xT8DhIKOs4
+0UdK/NguaPme+qJEYudSsb4RXjjqH6+ahimTFr1h5bwFa5O/07pcZ4/ejitYy2w+
+bjxFifiqoqQhPoPJspmgFq7AJlsHAzuXVqKwh5tT4QKBgQDHNCz1W4xm0qiBHQv/
+we6LE77bIHSig7KcacOeds2scwmK8B6MYHKBJmwnx+oV5HBskM0ZwthHpkzNHW8n
+VyQapcafA+tpYEVl15nWERzajk6Ca15AoFemuqx3vQ0nLkUBPV4xbnGgY0zeBjod
+Idd5lyhwRyZnYK4Edi9LJp66JwKBgQC8Q6nE4Jxmhathg0CfNPHyGrwNJEp9lAXo
+sk/m+5DrLQs3iLCPJFjeL2fJvMCODSCQBb2fVBoqgX6zmnGqtf6YDVNNwncHMw+p
+5ipGcWHE83PxTYNbNoFtLY19EuHBR0r9Qmjpo2Rtuu1fJUraG1zUb3YSDXGdk2S2
+2AQ6MkwPoQKBgEWG5nI0o8p3mCyIUNnRfEq6d5DPwSW/xaVmHMrAOIUKGbiOmnrw
+ZsbA/FreIcvGUZ7y40MsiIRpfMDSlysp9QX/+lUh7xZ2bYJgP+dBTcrShIBsrRbt
+X+pnmS6po1+bfKY0Hx4tqCcMwZV0ou/sEeL0aT7W9oZ6bgJMpbEbJ6ddAoGBAJ9Y
+beMTcY1c6hfY7eNS/s26TxyYcOwlU3MHKZYJqzlCoNHaQgaF7ynv2drohdo1xi/g
+jATFPHhproH54OdqrxinfrC8Pd68Gy/kfjetU+FNZf8BaoLTeWydN7p7NtVOsGv3
+v7Cw+RnfM3ZqrBY7PrEXvkm9U0LaNE6GO92+IJ7BAoGBAI0xksuSax7zxiTQn61Z
+ckktBadOVGlB6MdtR+NLcRXFW0Vt1uN5QjGBVQ4Hrjxv5AeFxdFt6V35HpnY+VLq
+V6a/GvRM2rPedBctrRf53dhV0YLJXNEctolnxa2mFyilH7irA7n/6elx1WeQRJvL
+8kAMd2/Xo1uX03M7GzTQWe+D
+-----END PRIVATE KEY-----
