This is an automated email from the ASF dual-hosted git repository. oscerd pushed a commit to branch fix/CAMEL-23764 in repository https://gitbox.apache.org/repos/asf/camel.git
commit 612e6ccba227e073db2769d7d73d8da1dd3cb0a7 Author: Andrea Cosentino <[email protected]> AuthorDate: Thu Jun 18 14:30:15 2026 +0200 CAMEL-23764: camel-as2 - add signatureVerificationRequired to reject unverifiable inbound signed messages The AS2 server consumer delivered the payload of an inbound multipart/signed message without verifying its signature when no validateSigningCertificateChain was configured (the default). This adds an opt-in signatureVerificationRequired option (server only, default false): when a signed message cannot be verified because no validation chain is configured, it is rejected with an insufficient-message-security error instead of being delivered unverified. When the option is left at its default (false) the behaviour is unchanged, but a warning is now logged so the unverified delivery is visible. The option has no effect when validateSigningCertificateChain is set (signatures are always validated then) or for unsigned messages. The change is isolated to the consumer payload-extraction path; MDN/MIC generation is unaffected. Adds AS2ServerSecSignatureRequiredIT covering rejection of unverifiable signed messages and the unaffected unsigned path. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> --- .../org/apache/camel/catalog/components/as2.json | 15 +-- .../component/as2/api/util/HttpMessageUtils.java | 57 +++++++-- ...rverManagerEndpointConfigurationConfigurer.java | 7 ++ ...ientManagerEndpointConfigurationConfigurer.java | 7 ++ .../component/as2/AS2ConfigurationConfigurer.java | 7 ++ .../camel/component/as2/AS2EndpointConfigurer.java | 7 ++ .../camel/component/as2/AS2EndpointUriFactory.java | 3 +- ...rverManagerEndpointConfigurationConfigurer.java | 7 ++ .../org/apache/camel/component/as2/as2.json | 15 +-- .../camel/component/as2/AS2Configuration.java | 17 +++ .../apache/camel/component/as2/AS2Consumer.java | 3 +- .../apache/camel/component/as2/AS2Endpoint.java | 8 ++ .../as2/AS2ServerSecSignatureRequiredIT.java | 61 ++++++++++ .../endpoint/dsl/AS2EndpointBuilderFactory.java | 132 +++++++++++++++++++++ 14 files changed, 318 insertions(+), 28 deletions(-) diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/as2.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/as2.json index dace035b80dc..cd80b7017f62 100644 --- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/as2.json +++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/as2.json @@ -76,13 +76,14 @@ "mdnPassword": { "index": 40, "kind": "parameter", "displayName": "Mdn Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The password that is used by the server for basic authentication when it sends an async [...] "mdnUserName": { "index": 41, "kind": "parameter", "displayName": "Mdn User Name", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The user-name that is used by the server for basic authentication when it sends an asyn [...] "password": { "index": 42, "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The password that is used by the client for basic authentication." }, - "signedReceiptMicAlgorithms": { "index": 43, "kind": "parameter", "displayName": "Signed Receipt Mic Algorithms", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The list of algorithms, in order of preference, requested to generate a messa [...] - "signingAlgorithm": { "index": 44, "kind": "parameter", "displayName": "Signing Algorithm", "group": "security", "label": "security", "required": false, "type": "enum", "javaType": "org.apache.camel.component.as2.api.AS2SignatureAlgorithm", "enum": [ "SHA3_224WITHRSA", "SHA3_256WITHRSA", "SHA3_384withRSA", "SHA3_512WITHRSA", "MD5WITHRSA", "SHA1WITHRSA", "MD2WITHRSA", "SHA224WITHRSA", "SHA256WITHRSA", "SHA384WITHRSA", "SHA512WITHRSA", "RIPEMD128WITHRSA", "RIPEMD160WITHRSA", "RIPEMD256 [...] - "signingCertificateChain": { "index": 45, "kind": "parameter", "displayName": "Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The chain of certificates used to sign EDI message." }, - "signingPrivateKey": { "index": 46, "kind": "parameter", "displayName": "Signing Private Key", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.PrivateKey", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The key used to sign the EDI message." }, - "sslContext": { "index": 47, "kind": "parameter", "displayName": "Ssl Context", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "javax.net.ssl.SSLContext", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Set SSL context for connection to remote server." }, - "userName": { "index": 48, "kind": "parameter", "displayName": "User Name", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The user-name that is used by the client for basic authentication. If options for basic authen [...] - "validateSigningCertificateChain": { "index": 49, "kind": "parameter", "displayName": "Validate Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Certificates to validate the message's signature ag [...] + "signatureVerificationRequired": { "index": 43, "kind": "parameter", "displayName": "Signature Verification Required", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Whether to reject an inbound signed AS2 message that cann [...] + "signedReceiptMicAlgorithms": { "index": 44, "kind": "parameter", "displayName": "Signed Receipt Mic Algorithms", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The list of algorithms, in order of preference, requested to generate a messa [...] + "signingAlgorithm": { "index": 45, "kind": "parameter", "displayName": "Signing Algorithm", "group": "security", "label": "security", "required": false, "type": "enum", "javaType": "org.apache.camel.component.as2.api.AS2SignatureAlgorithm", "enum": [ "SHA3_224WITHRSA", "SHA3_256WITHRSA", "SHA3_384withRSA", "SHA3_512WITHRSA", "MD5WITHRSA", "SHA1WITHRSA", "MD2WITHRSA", "SHA224WITHRSA", "SHA256WITHRSA", "SHA384WITHRSA", "SHA512WITHRSA", "RIPEMD128WITHRSA", "RIPEMD160WITHRSA", "RIPEMD256 [...] + "signingCertificateChain": { "index": 46, "kind": "parameter", "displayName": "Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The chain of certificates used to sign EDI message." }, + "signingPrivateKey": { "index": 47, "kind": "parameter", "displayName": "Signing Private Key", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.PrivateKey", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The key used to sign the EDI message." }, + "sslContext": { "index": 48, "kind": "parameter", "displayName": "Ssl Context", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "javax.net.ssl.SSLContext", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Set SSL context for connection to remote server." }, + "userName": { "index": 49, "kind": "parameter", "displayName": "User Name", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The user-name that is used by the client for basic authentication. If options for basic authen [...] + "validateSigningCertificateChain": { "index": 50, "kind": "parameter", "displayName": "Validate Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Certificates to validate the message's signature ag [...] }, "apis": { "client": { "consumerOnly": false, "producerOnly": true, "description": "Sends EDI Messages over HTTP", "methods": { "send": { "description": "Send ediMessage to trading partner", "signatures": [ "org.apache.hc.core5.http.protocol.HttpCoreContext send(Object ediMessage, String requestUri, String subject, String from, String as2From, String as2To, org.apache.camel.component.as2.api.AS2MessageStructure as2MessageStructure, String ediMessageContentType, String ediMessageCharset, String [...] diff --git a/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/util/HttpMessageUtils.java b/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/util/HttpMessageUtils.java index 7acc58adee41..1cfc126efa2d 100644 --- a/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/util/HttpMessageUtils.java +++ b/components/camel-as2/camel-as2-api/src/main/java/org/apache/camel/component/as2/api/util/HttpMessageUtils.java @@ -43,9 +43,13 @@ import org.apache.hc.core5.http.message.BasicClassicHttpRequest; import org.apache.hc.core5.http.message.BasicClassicHttpResponse; import org.apache.hc.core5.http.message.MessageSupport; import org.bouncycastle.cms.jcajce.ZlibExpanderProvider; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public final class HttpMessageUtils { + private static final Logger LOG = LoggerFactory.getLogger(HttpMessageUtils.class); + private HttpMessageUtils() { } @@ -206,6 +210,33 @@ public final class HttpMessageUtils { return ediEntity; } + /** + * Verifies the signature of an inbound signed entity, or decides how to handle a signed message that cannot be + * verified. When a validation chain is configured, the signature is validated and an invalid one is rejected. When + * no validation chain is configured, the message cannot be verified: it is rejected when + * {@code signatureVerificationRequired} is set, otherwise the unverified payload is delivered after logging a + * warning (preserving the previous behaviour). + */ + private static void verifySignedEntity( + MultipartSignedEntity multipartSignedEntity, DecrpytingAndSigningInfo decrpytingAndSigningInfo) + throws HttpException { + Certificate[] validateSigningCertificateChain = decrpytingAndSigningInfo.getValidateSigningCertificateChain(); + if (validateSigningCertificateChain != null) { + if (!SigningUtils.isValid(multipartSignedEntity, validateSigningCertificateChain)) { + throw new AS2AuthenticationException("Failed to validate the signature"); + } + } else if (decrpytingAndSigningInfo.isSignatureVerificationRequired()) { + throw new AS2InsufficientSecurityException( + "Signature verification is required but no validateSigningCertificateChain is configured" + + " to verify the inbound signed AS2 message"); + } else { + LOG.warn("Received a signed AS2 message but no validateSigningCertificateChain is configured;" + + " delivering the payload without verifying its signature." + + " Configure validateSigningCertificateChain to verify the signature," + + " or set signatureVerificationRequired=true to reject such messages."); + } + } + private static ApplicationEntity extractMultipartSigned( HttpMessage message, DecrpytingAndSigningInfo decrpytingAndSigningInfo) throws HttpException { @@ -216,10 +247,7 @@ public final class HttpMessageUtils { Objects.requireNonNull(multipartSignedEntity, "Failed to extract EDI payload: the multipart signed entity is null"); - if (decrpytingAndSigningInfo.getValidateSigningCertificateChain() != null && !SigningUtils - .isValid(multipartSignedEntity, decrpytingAndSigningInfo.getValidateSigningCertificateChain())) { - throw new AS2AuthenticationException("Failed to validate the signature"); - } + verifySignedEntity(multipartSignedEntity, decrpytingAndSigningInfo); MimeEntity mimeEntity = multipartSignedEntity.getSignedDataEntity(); if (mimeEntity instanceof ApplicationEntity) { @@ -258,10 +286,7 @@ public final class HttpMessageUtils { } case AS2MimeType.MULTIPART_SIGNED: { MultipartSignedEntity multipartSignedEntity = (MultipartSignedEntity) entity; - if (decrpytingAndSigningInfo.getValidateSigningCertificateChain() != null && !SigningUtils - .isValid(multipartSignedEntity, decrpytingAndSigningInfo.getValidateSigningCertificateChain())) { - throw new AS2AuthenticationException("Failed to validate the signature"); - } + verifySignedEntity(multipartSignedEntity, decrpytingAndSigningInfo); MimeEntity mimeEntity = multipartSignedEntity.getSignedDataEntity(); if (mimeEntity instanceof ApplicationEntity) { @@ -332,10 +357,7 @@ public final class HttpMessageUtils { } case AS2MimeType.MULTIPART_SIGNED: { MultipartSignedEntity multipartSignedEntity = (MultipartSignedEntity) entity; - if (decrpytingAndSigningInfo.getValidateSigningCertificateChain() != null && !SigningUtils - .isValid(multipartSignedEntity, decrpytingAndSigningInfo.getValidateSigningCertificateChain())) { - throw new AS2AuthenticationException("Failed to validate the signature"); - } + verifySignedEntity(multipartSignedEntity, decrpytingAndSigningInfo); MimeEntity mimeEntity = multipartSignedEntity.getSignedDataEntity(); if (mimeEntity instanceof ApplicationEntity applicationEntity) { @@ -370,10 +392,17 @@ public final class HttpMessageUtils { public static class DecrpytingAndSigningInfo { private final Certificate[] validateSigningCertificateChain; private final PrivateKey decryptingPrivateKey; + private final boolean signatureVerificationRequired; public DecrpytingAndSigningInfo(Certificate[] validateSigningCertificateChain, PrivateKey decryptingPrivateKey) { + this(validateSigningCertificateChain, decryptingPrivateKey, false); + } + + public DecrpytingAndSigningInfo(Certificate[] validateSigningCertificateChain, PrivateKey decryptingPrivateKey, + boolean signatureVerificationRequired) { this.validateSigningCertificateChain = validateSigningCertificateChain; this.decryptingPrivateKey = decryptingPrivateKey; + this.signatureVerificationRequired = signatureVerificationRequired; } public Certificate[] getValidateSigningCertificateChain() { @@ -384,5 +413,9 @@ public final class HttpMessageUtils { return decryptingPrivateKey; } + public boolean isSignatureVerificationRequired() { + return signatureVerificationRequired; + } + } } diff --git a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2AsyncMDNServerManagerEndpointConfigurationConfigurer.java b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2AsyncMDNServerManagerEndpointConfigurationConfigurer.java index 9db61f44f424..1d9d953996b3 100644 --- a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2AsyncMDNServerManagerEndpointConfigurationConfigurer.java +++ b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2AsyncMDNServerManagerEndpointConfigurationConfigurer.java @@ -58,6 +58,7 @@ public class AS2AsyncMDNServerManagerEndpointConfigurationConfigurer extends org map.put("Server", java.lang.String.class); map.put("ServerFqdn", java.lang.String.class); map.put("ServerPortNumber", java.lang.Integer.class); + map.put("SignatureVerificationRequired", boolean.class); map.put("SignedReceiptMicAlgorithms", java.lang.String.class); map.put("SigningAlgorithm", org.apache.camel.component.as2.api.AS2SignatureAlgorithm.class); map.put("SigningCertificateChain", java.security.cert.Certificate[].class); @@ -145,6 +146,8 @@ public class AS2AsyncMDNServerManagerEndpointConfigurationConfigurer extends org case "serverFqdn": target.setServerFqdn(property(camelContext, java.lang.String.class, value)); return true; case "serverportnumber": case "serverPortNumber": target.setServerPortNumber(property(camelContext, java.lang.Integer.class, value)); return true; + case "signatureverificationrequired": + case "signatureVerificationRequired": target.setSignatureVerificationRequired(property(camelContext, boolean.class, value)); return true; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": target.setSignedReceiptMicAlgorithms(property(camelContext, java.lang.String.class, value)); return true; case "signingalgorithm": @@ -247,6 +250,8 @@ public class AS2AsyncMDNServerManagerEndpointConfigurationConfigurer extends org case "serverFqdn": return java.lang.String.class; case "serverportnumber": case "serverPortNumber": return java.lang.Integer.class; + case "signatureverificationrequired": + case "signatureVerificationRequired": return boolean.class; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return java.lang.String.class; case "signingalgorithm": @@ -345,6 +350,8 @@ public class AS2AsyncMDNServerManagerEndpointConfigurationConfigurer extends org case "serverFqdn": return target.getServerFqdn(); case "serverportnumber": case "serverPortNumber": return target.getServerPortNumber(); + case "signatureverificationrequired": + case "signatureVerificationRequired": return target.isSignatureVerificationRequired(); case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return target.getSignedReceiptMicAlgorithms(); case "signingalgorithm": diff --git a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ClientManagerEndpointConfigurationConfigurer.java b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ClientManagerEndpointConfigurationConfigurer.java index ac5f29f261fd..cc25efd702dd 100644 --- a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ClientManagerEndpointConfigurationConfigurer.java +++ b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ClientManagerEndpointConfigurationConfigurer.java @@ -59,6 +59,7 @@ public class AS2ClientManagerEndpointConfigurationConfigurer extends org.apache. map.put("Server", java.lang.String.class); map.put("ServerFqdn", java.lang.String.class); map.put("ServerPortNumber", java.lang.Integer.class); + map.put("SignatureVerificationRequired", boolean.class); map.put("SignedReceiptMicAlgorithms", java.lang.String.class); map.put("SigningAlgorithm", org.apache.camel.component.as2.api.AS2SignatureAlgorithm.class); map.put("SigningCertificateChain", java.security.cert.Certificate[].class); @@ -148,6 +149,8 @@ public class AS2ClientManagerEndpointConfigurationConfigurer extends org.apache. case "serverFqdn": target.setServerFqdn(property(camelContext, java.lang.String.class, value)); return true; case "serverportnumber": case "serverPortNumber": target.setServerPortNumber(property(camelContext, java.lang.Integer.class, value)); return true; + case "signatureverificationrequired": + case "signatureVerificationRequired": target.setSignatureVerificationRequired(property(camelContext, boolean.class, value)); return true; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": target.setSignedReceiptMicAlgorithms(property(camelContext, java.lang.String.class, value)); return true; case "signingalgorithm": @@ -252,6 +255,8 @@ public class AS2ClientManagerEndpointConfigurationConfigurer extends org.apache. case "serverFqdn": return java.lang.String.class; case "serverportnumber": case "serverPortNumber": return java.lang.Integer.class; + case "signatureverificationrequired": + case "signatureVerificationRequired": return boolean.class; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return java.lang.String.class; case "signingalgorithm": @@ -352,6 +357,8 @@ public class AS2ClientManagerEndpointConfigurationConfigurer extends org.apache. case "serverFqdn": return target.getServerFqdn(); case "serverportnumber": case "serverPortNumber": return target.getServerPortNumber(); + case "signatureverificationrequired": + case "signatureVerificationRequired": return target.isSignatureVerificationRequired(); case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return target.getSignedReceiptMicAlgorithms(); case "signingalgorithm": diff --git a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ConfigurationConfigurer.java b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ConfigurationConfigurer.java index 8e4b26428c01..aded86eb73de 100644 --- a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ConfigurationConfigurer.java +++ b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ConfigurationConfigurer.java @@ -57,6 +57,7 @@ public class AS2ConfigurationConfigurer extends org.apache.camel.support.compone map.put("Server", java.lang.String.class); map.put("ServerFqdn", java.lang.String.class); map.put("ServerPortNumber", java.lang.Integer.class); + map.put("SignatureVerificationRequired", boolean.class); map.put("SignedReceiptMicAlgorithms", java.lang.String.class); map.put("SigningAlgorithm", org.apache.camel.component.as2.api.AS2SignatureAlgorithm.class); map.put("SigningCertificateChain", java.security.cert.Certificate[].class); @@ -142,6 +143,8 @@ public class AS2ConfigurationConfigurer extends org.apache.camel.support.compone case "serverFqdn": target.setServerFqdn(property(camelContext, java.lang.String.class, value)); return true; case "serverportnumber": case "serverPortNumber": target.setServerPortNumber(property(camelContext, java.lang.Integer.class, value)); return true; + case "signatureverificationrequired": + case "signatureVerificationRequired": target.setSignatureVerificationRequired(property(camelContext, boolean.class, value)); return true; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": target.setSignedReceiptMicAlgorithms(property(camelContext, java.lang.String.class, value)); return true; case "signingalgorithm": @@ -242,6 +245,8 @@ public class AS2ConfigurationConfigurer extends org.apache.camel.support.compone case "serverFqdn": return java.lang.String.class; case "serverportnumber": case "serverPortNumber": return java.lang.Integer.class; + case "signatureverificationrequired": + case "signatureVerificationRequired": return boolean.class; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return java.lang.String.class; case "signingalgorithm": @@ -338,6 +343,8 @@ public class AS2ConfigurationConfigurer extends org.apache.camel.support.compone case "serverFqdn": return target.getServerFqdn(); case "serverportnumber": case "serverPortNumber": return target.getServerPortNumber(); + case "signatureverificationrequired": + case "signatureVerificationRequired": return target.isSignatureVerificationRequired(); case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return target.getSignedReceiptMicAlgorithms(); case "signingalgorithm": diff --git a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointConfigurer.java b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointConfigurer.java index 78c34d6a74fa..91eb0bb01448 100644 --- a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointConfigurer.java +++ b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointConfigurer.java @@ -65,6 +65,7 @@ public class AS2EndpointConfigurer extends PropertyConfigurerSupport implements map.put("MdnPassword", java.lang.String.class); map.put("MdnUserName", java.lang.String.class); map.put("Password", java.lang.String.class); + map.put("SignatureVerificationRequired", boolean.class); map.put("SignedReceiptMicAlgorithms", java.lang.String.class); map.put("SigningAlgorithm", org.apache.camel.component.as2.api.AS2SignatureAlgorithm.class); map.put("SigningCertificateChain", java.security.cert.Certificate[].class); @@ -150,6 +151,8 @@ public class AS2EndpointConfigurer extends PropertyConfigurerSupport implements case "serverFqdn": target.getConfiguration().setServerFqdn(property(camelContext, java.lang.String.class, value)); return true; case "serverportnumber": case "serverPortNumber": target.getConfiguration().setServerPortNumber(property(camelContext, java.lang.Integer.class, value)); return true; + case "signatureverificationrequired": + case "signatureVerificationRequired": target.getConfiguration().setSignatureVerificationRequired(property(camelContext, boolean.class, value)); return true; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": target.getConfiguration().setSignedReceiptMicAlgorithms(property(camelContext, java.lang.String.class, value)); return true; case "signingalgorithm": @@ -254,6 +257,8 @@ public class AS2EndpointConfigurer extends PropertyConfigurerSupport implements case "serverFqdn": return java.lang.String.class; case "serverportnumber": case "serverPortNumber": return java.lang.Integer.class; + case "signatureverificationrequired": + case "signatureVerificationRequired": return boolean.class; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return java.lang.String.class; case "signingalgorithm": @@ -354,6 +359,8 @@ public class AS2EndpointConfigurer extends PropertyConfigurerSupport implements case "serverFqdn": return target.getConfiguration().getServerFqdn(); case "serverportnumber": case "serverPortNumber": return target.getConfiguration().getServerPortNumber(); + case "signatureverificationrequired": + case "signatureVerificationRequired": return target.getConfiguration().isSignatureVerificationRequired(); case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return target.getConfiguration().getSignedReceiptMicAlgorithms(); case "signingalgorithm": diff --git a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointUriFactory.java b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointUriFactory.java index f3a2db46f251..ae00901c0b9e 100644 --- a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointUriFactory.java +++ b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2EndpointUriFactory.java @@ -24,7 +24,7 @@ public class AS2EndpointUriFactory extends org.apache.camel.support.component.En private static final Set<String> ENDPOINT_IDENTITY_PROPERTY_NAMES; private static final Map<String, String> MULTI_VALUE_PREFIXES; static { - Set<String> props = new HashSet<>(53); + Set<String> props = new HashSet<>(54); props.add("accessToken"); props.add("apiName"); props.add("as2From"); @@ -67,6 +67,7 @@ public class AS2EndpointUriFactory extends org.apache.camel.support.component.En props.add("server"); props.add("serverFqdn"); props.add("serverPortNumber"); + props.add("signatureVerificationRequired"); props.add("signedReceiptMicAlgorithms"); props.add("signingAlgorithm"); props.add("signingCertificateChain"); diff --git a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ServerManagerEndpointConfigurationConfigurer.java b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ServerManagerEndpointConfigurationConfigurer.java index dc5f7682a064..c51a80c7f24f 100644 --- a/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ServerManagerEndpointConfigurationConfigurer.java +++ b/components/camel-as2/camel-as2-component/src/generated/java/org/apache/camel/component/as2/AS2ServerManagerEndpointConfigurationConfigurer.java @@ -58,6 +58,7 @@ public class AS2ServerManagerEndpointConfigurationConfigurer extends org.apache. map.put("Server", java.lang.String.class); map.put("ServerFqdn", java.lang.String.class); map.put("ServerPortNumber", java.lang.Integer.class); + map.put("SignatureVerificationRequired", boolean.class); map.put("SignedReceiptMicAlgorithms", java.lang.String.class); map.put("SigningAlgorithm", org.apache.camel.component.as2.api.AS2SignatureAlgorithm.class); map.put("SigningCertificateChain", java.security.cert.Certificate[].class); @@ -145,6 +146,8 @@ public class AS2ServerManagerEndpointConfigurationConfigurer extends org.apache. case "serverFqdn": target.setServerFqdn(property(camelContext, java.lang.String.class, value)); return true; case "serverportnumber": case "serverPortNumber": target.setServerPortNumber(property(camelContext, java.lang.Integer.class, value)); return true; + case "signatureverificationrequired": + case "signatureVerificationRequired": target.setSignatureVerificationRequired(property(camelContext, boolean.class, value)); return true; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": target.setSignedReceiptMicAlgorithms(property(camelContext, java.lang.String.class, value)); return true; case "signingalgorithm": @@ -247,6 +250,8 @@ public class AS2ServerManagerEndpointConfigurationConfigurer extends org.apache. case "serverFqdn": return java.lang.String.class; case "serverportnumber": case "serverPortNumber": return java.lang.Integer.class; + case "signatureverificationrequired": + case "signatureVerificationRequired": return boolean.class; case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return java.lang.String.class; case "signingalgorithm": @@ -345,6 +350,8 @@ public class AS2ServerManagerEndpointConfigurationConfigurer extends org.apache. case "serverFqdn": return target.getServerFqdn(); case "serverportnumber": case "serverPortNumber": return target.getServerPortNumber(); + case "signatureverificationrequired": + case "signatureVerificationRequired": return target.isSignatureVerificationRequired(); case "signedreceiptmicalgorithms": case "signedReceiptMicAlgorithms": return target.getSignedReceiptMicAlgorithms(); case "signingalgorithm": diff --git a/components/camel-as2/camel-as2-component/src/generated/resources/META-INF/org/apache/camel/component/as2/as2.json b/components/camel-as2/camel-as2-component/src/generated/resources/META-INF/org/apache/camel/component/as2/as2.json index dace035b80dc..cd80b7017f62 100644 --- a/components/camel-as2/camel-as2-component/src/generated/resources/META-INF/org/apache/camel/component/as2/as2.json +++ b/components/camel-as2/camel-as2-component/src/generated/resources/META-INF/org/apache/camel/component/as2/as2.json @@ -76,13 +76,14 @@ "mdnPassword": { "index": 40, "kind": "parameter", "displayName": "Mdn Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The password that is used by the server for basic authentication when it sends an async [...] "mdnUserName": { "index": 41, "kind": "parameter", "displayName": "Mdn User Name", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The user-name that is used by the server for basic authentication when it sends an asyn [...] "password": { "index": 42, "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The password that is used by the client for basic authentication." }, - "signedReceiptMicAlgorithms": { "index": 43, "kind": "parameter", "displayName": "Signed Receipt Mic Algorithms", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The list of algorithms, in order of preference, requested to generate a messa [...] - "signingAlgorithm": { "index": 44, "kind": "parameter", "displayName": "Signing Algorithm", "group": "security", "label": "security", "required": false, "type": "enum", "javaType": "org.apache.camel.component.as2.api.AS2SignatureAlgorithm", "enum": [ "SHA3_224WITHRSA", "SHA3_256WITHRSA", "SHA3_384withRSA", "SHA3_512WITHRSA", "MD5WITHRSA", "SHA1WITHRSA", "MD2WITHRSA", "SHA224WITHRSA", "SHA256WITHRSA", "SHA384WITHRSA", "SHA512WITHRSA", "RIPEMD128WITHRSA", "RIPEMD160WITHRSA", "RIPEMD256 [...] - "signingCertificateChain": { "index": 45, "kind": "parameter", "displayName": "Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The chain of certificates used to sign EDI message." }, - "signingPrivateKey": { "index": 46, "kind": "parameter", "displayName": "Signing Private Key", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.PrivateKey", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The key used to sign the EDI message." }, - "sslContext": { "index": 47, "kind": "parameter", "displayName": "Ssl Context", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "javax.net.ssl.SSLContext", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Set SSL context for connection to remote server." }, - "userName": { "index": 48, "kind": "parameter", "displayName": "User Name", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The user-name that is used by the client for basic authentication. If options for basic authen [...] - "validateSigningCertificateChain": { "index": 49, "kind": "parameter", "displayName": "Validate Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Certificates to validate the message's signature ag [...] + "signatureVerificationRequired": { "index": 43, "kind": "parameter", "displayName": "Signature Verification Required", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Whether to reject an inbound signed AS2 message that cann [...] + "signedReceiptMicAlgorithms": { "index": 44, "kind": "parameter", "displayName": "Signed Receipt Mic Algorithms", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The list of algorithms, in order of preference, requested to generate a messa [...] + "signingAlgorithm": { "index": 45, "kind": "parameter", "displayName": "Signing Algorithm", "group": "security", "label": "security", "required": false, "type": "enum", "javaType": "org.apache.camel.component.as2.api.AS2SignatureAlgorithm", "enum": [ "SHA3_224WITHRSA", "SHA3_256WITHRSA", "SHA3_384withRSA", "SHA3_512WITHRSA", "MD5WITHRSA", "SHA1WITHRSA", "MD2WITHRSA", "SHA224WITHRSA", "SHA256WITHRSA", "SHA384WITHRSA", "SHA512WITHRSA", "RIPEMD128WITHRSA", "RIPEMD160WITHRSA", "RIPEMD256 [...] + "signingCertificateChain": { "index": 46, "kind": "parameter", "displayName": "Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The chain of certificates used to sign EDI message." }, + "signingPrivateKey": { "index": 47, "kind": "parameter", "displayName": "Signing Private Key", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.PrivateKey", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The key used to sign the EDI message." }, + "sslContext": { "index": 48, "kind": "parameter", "displayName": "Ssl Context", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "javax.net.ssl.SSLContext", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Set SSL context for connection to remote server." }, + "userName": { "index": 49, "kind": "parameter", "displayName": "User Name", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "The user-name that is used by the client for basic authentication. If options for basic authen [...] + "validateSigningCertificateChain": { "index": 50, "kind": "parameter", "displayName": "Validate Signing Certificate Chain", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "java.security.cert.Certificate[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.as2.AS2Configuration", "configurationField": "configuration", "description": "Certificates to validate the message's signature ag [...] }, "apis": { "client": { "consumerOnly": false, "producerOnly": true, "description": "Sends EDI Messages over HTTP", "methods": { "send": { "description": "Send ediMessage to trading partner", "signatures": [ "org.apache.hc.core5.http.protocol.HttpCoreContext send(Object ediMessage, String requestUri, String subject, String from, String as2From, String as2To, org.apache.camel.component.as2.api.AS2MessageStructure as2MessageStructure, String ediMessageContentType, String ediMessageCharset, String [...] diff --git a/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Configuration.java b/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Configuration.java index e67bb1801623..e3cceb395f7b 100644 --- a/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Configuration.java +++ b/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Configuration.java @@ -115,6 +115,8 @@ public class AS2Configuration { @UriParam(label = "security") private Certificate[] validateSigningCertificateChain; @UriParam(label = "security") + private boolean signatureVerificationRequired; + @UriParam(label = "security") private SSLContext sslContext; // If you use localhost-based AS2 server, you don't need to specify a hostnameVerifier @UriParam(label = "security") @@ -543,6 +545,21 @@ public class AS2Configuration { this.validateSigningCertificateChain = validateSigningCertificateChain; } + public boolean isSignatureVerificationRequired() { + return signatureVerificationRequired; + } + + /** + * Whether to reject an inbound signed AS2 message that cannot be verified because no + * validateSigningCertificateChain is configured (server only). When false (default), such a message is delivered + * after logging a warning, preserving the previous behaviour. When true, the message is rejected instead of being + * delivered without verifying its signature. Has no effect when validateSigningCertificateChain is set (signatures + * are always validated then) or for unsigned messages. + */ + public void setSignatureVerificationRequired(boolean signatureVerificationRequired) { + this.signatureVerificationRequired = signatureVerificationRequired; + } + public SSLContext getSslContext() { return sslContext; } diff --git a/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Consumer.java b/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Consumer.java index 675eb0df372e..9446fc6135e1 100644 --- a/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Consumer.java +++ b/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Consumer.java @@ -137,7 +137,8 @@ public class AS2Consumer extends AbstractApiConsumer<AS2ApiName, AS2Configuratio = HttpMessageUtils.extractEdiPayload(request, new HttpMessageUtils.DecrpytingAndSigningInfo( getEndpoint().getValidateSigningCertificateChain(), - getEndpoint().getDecryptingPrivateKey())); + getEndpoint().getDecryptingPrivateKey(), + getEndpoint().isSignatureVerificationRequired())); // Set AS2 Interchange property and EDI message into body of input message. Exchange exchange = createExchange(false); diff --git a/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Endpoint.java b/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Endpoint.java index b8c1ccfa6321..14b4b8dbba47 100644 --- a/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Endpoint.java +++ b/components/camel-as2/camel-as2-component/src/main/java/org/apache/camel/component/as2/AS2Endpoint.java @@ -206,6 +206,14 @@ public class AS2Endpoint extends AbstractApiEndpoint<AS2ApiName, AS2Configuratio configuration.setValidateSigningCertificateChain(validateSigningCertificateChain); } + public boolean isSignatureVerificationRequired() { + return configuration.isSignatureVerificationRequired(); + } + + public void setSignatureVerificationRequired(boolean signatureVerificationRequired) { + configuration.setSignatureVerificationRequired(signatureVerificationRequired); + } + public PrivateKey getDecryptingPrivateKey() { return configuration.getDecryptingPrivateKey(); } diff --git a/components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/AS2ServerSecSignatureRequiredIT.java b/components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/AS2ServerSecSignatureRequiredIT.java new file mode 100644 index 000000000000..da5516ab5f07 --- /dev/null +++ b/components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/AS2ServerSecSignatureRequiredIT.java @@ -0,0 +1,61 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.component.as2; + +import org.apache.camel.component.as2.api.AS2MessageStructure; +import org.apache.camel.component.as2.api.entity.AS2DispositionModifier; +import org.apache.hc.core5.http.protocol.HttpCoreContext; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.EnumSource; + +/** + * Tests an AS2 server configured to require signature verification ({@code signatureVerificationRequired=true}) but + * without a {@code validateSigningCertificateChain} to verify against. <br> + * A signed message cannot be verified in this configuration, so rather than silently delivering the unverified payload + * the server rejects it with an 'insufficient-message-security' error. <br> + * Unsigned messages have no signature to verify and are unaffected. + */ +public class AS2ServerSecSignatureRequiredIT extends AS2ServerSecTestBase { + + @Override + protected void customizeConfiguration(AS2Configuration configuration) { + super.customizeConfiguration(configuration); + // Require signature verification, but deliberately leave validateSigningCertificateChain unset so that a + // signed message cannot be verified. + configuration.setSignatureVerificationRequired(true); + } + + // A signed message that cannot be verified (no validation chain configured) must be rejected, not delivered. + @ParameterizedTest + @EnumSource(value = AS2MessageStructure.class, + names = { "SIGNED", "COMPRESSED_SIGNED", "SIGNED_COMPRESSED" }) + public void unverifiableSignedMessageRejectedTest(AS2MessageStructure messageStructure) throws Exception { + HttpCoreContext context = send(messageStructure); + verifyOkResponse(context); + verifyMdnErrorDisposition(context, AS2DispositionModifier.ERROR_INSUFFICIENT_MESSAGE_SECURITY); + } + + // An unsigned message has no signature to verify, so signatureVerificationRequired has no effect on it. + @ParameterizedTest + @EnumSource(value = AS2MessageStructure.class, + names = { "PLAIN", "PLAIN_COMPRESSED" }) + public void unsignedMessageStillDeliveredTest(AS2MessageStructure messageStructure) throws Exception { + HttpCoreContext context = send(messageStructure); + verifyOkResponse(context); + verifyMdnSuccessDisposition(context); + } +} diff --git a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/AS2EndpointBuilderFactory.java b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/AS2EndpointBuilderFactory.java index e9d04b7f1e7b..e34bfad092f6 100644 --- a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/AS2EndpointBuilderFactory.java +++ b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/AS2EndpointBuilderFactory.java @@ -800,6 +800,50 @@ public interface AS2EndpointBuilderFactory { doSetProperty("password", password); return this; } + /** + * Whether to reject an inbound signed AS2 message that cannot be + * verified because no validateSigningCertificateChain is configured + * (server only). When false (default), such a message is delivered + * after logging a warning, preserving the previous behaviour. When + * true, the message is rejected instead of being delivered without + * verifying its signature. Has no effect when + * validateSigningCertificateChain is set (signatures are always + * validated then) or for unsigned messages. + * + * The option is a: <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param signatureVerificationRequired the value to set + * @return the dsl builder + */ + default AS2EndpointConsumerBuilder signatureVerificationRequired(boolean signatureVerificationRequired) { + doSetProperty("signatureVerificationRequired", signatureVerificationRequired); + return this; + } + /** + * Whether to reject an inbound signed AS2 message that cannot be + * verified because no validateSigningCertificateChain is configured + * (server only). When false (default), such a message is delivered + * after logging a warning, preserving the previous behaviour. When + * true, the message is rejected instead of being delivered without + * verifying its signature. Has no effect when + * validateSigningCertificateChain is set (signatures are always + * validated then) or for unsigned messages. + * + * The option will be converted to a <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param signatureVerificationRequired the value to set + * @return the dsl builder + */ + default AS2EndpointConsumerBuilder signatureVerificationRequired(String signatureVerificationRequired) { + doSetProperty("signatureVerificationRequired", signatureVerificationRequired); + return this; + } /** * The list of algorithms, in order of preference, requested to generate * a message integrity check (MIC) returned in message disposition @@ -1871,6 +1915,50 @@ public interface AS2EndpointBuilderFactory { doSetProperty("password", password); return this; } + /** + * Whether to reject an inbound signed AS2 message that cannot be + * verified because no validateSigningCertificateChain is configured + * (server only). When false (default), such a message is delivered + * after logging a warning, preserving the previous behaviour. When + * true, the message is rejected instead of being delivered without + * verifying its signature. Has no effect when + * validateSigningCertificateChain is set (signatures are always + * validated then) or for unsigned messages. + * + * The option is a: <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param signatureVerificationRequired the value to set + * @return the dsl builder + */ + default AS2EndpointProducerBuilder signatureVerificationRequired(boolean signatureVerificationRequired) { + doSetProperty("signatureVerificationRequired", signatureVerificationRequired); + return this; + } + /** + * Whether to reject an inbound signed AS2 message that cannot be + * verified because no validateSigningCertificateChain is configured + * (server only). When false (default), such a message is delivered + * after logging a warning, preserving the previous behaviour. When + * true, the message is rejected instead of being delivered without + * verifying its signature. Has no effect when + * validateSigningCertificateChain is set (signatures are always + * validated then) or for unsigned messages. + * + * The option will be converted to a <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param signatureVerificationRequired the value to set + * @return the dsl builder + */ + default AS2EndpointProducerBuilder signatureVerificationRequired(String signatureVerificationRequired) { + doSetProperty("signatureVerificationRequired", signatureVerificationRequired); + return this; + } /** * The list of algorithms, in order of preference, requested to generate * a message integrity check (MIC) returned in message disposition @@ -2883,6 +2971,50 @@ public interface AS2EndpointBuilderFactory { doSetProperty("password", password); return this; } + /** + * Whether to reject an inbound signed AS2 message that cannot be + * verified because no validateSigningCertificateChain is configured + * (server only). When false (default), such a message is delivered + * after logging a warning, preserving the previous behaviour. When + * true, the message is rejected instead of being delivered without + * verifying its signature. Has no effect when + * validateSigningCertificateChain is set (signatures are always + * validated then) or for unsigned messages. + * + * The option is a: <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param signatureVerificationRequired the value to set + * @return the dsl builder + */ + default AS2EndpointBuilder signatureVerificationRequired(boolean signatureVerificationRequired) { + doSetProperty("signatureVerificationRequired", signatureVerificationRequired); + return this; + } + /** + * Whether to reject an inbound signed AS2 message that cannot be + * verified because no validateSigningCertificateChain is configured + * (server only). When false (default), such a message is delivered + * after logging a warning, preserving the previous behaviour. When + * true, the message is rejected instead of being delivered without + * verifying its signature. Has no effect when + * validateSigningCertificateChain is set (signatures are always + * validated then) or for unsigned messages. + * + * The option will be converted to a <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param signatureVerificationRequired the value to set + * @return the dsl builder + */ + default AS2EndpointBuilder signatureVerificationRequired(String signatureVerificationRequired) { + doSetProperty("signatureVerificationRequired", signatureVerificationRequired); + return this; + } /** * The list of algorithms, in order of preference, requested to generate * a message integrity check (MIC) returned in message disposition
