[
https://issues.apache.org/jira/browse/CAMEL-3750?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Valeri updated CAMEL-3750:
--------------------------------
Description:
CXF provides a nice Spring Namespace handler for configuring TLS options on the
Jetty transport. Configuring these options using XML in Spring or through a
simplified set of utility classes decreases the learning curve for users by
sheltering them from the horrors of JSSE.
There are a large number of components in Camel that deal with socket
communication at some level, but they all require users to learn the specific
low level configuration capabilities of the library on which the component is
based in order to configure custom TLS options.
It would be convenient if users didn't need to learn the advanced networking
configuration options for each component.
This enhancement suggests a similar Spring Namespace handler and utility
classes that allow for simplified configuration of an SSLContext as well as
adding provisions to some of the Camel components in order to accept this new
configuration mechanism. The initial components to support the new
configuration mechanism are the http, http4, and Jetty components. Other
components would follow.
An example usage is below.
Programmatic configuration:
{code}
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
ksp.setPassword(pwd);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword(pwd);
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManager(kmp);
sslContextParameters.setTrustManager(tmp);
{code}
XML Configuration:
{code:XML}
<SSLContextParameters secureSocketProtocol="TLS">
<keyManager
keyPassword="password">
<keyStore resource="./localhost.jks" password="password"/>
</keyManager>
<secureSocketProtocolsFilter>
<include>TLS.*</include>
</secureSocketProtocolsFilter>
</SSLContextParameters>
{code}
Usage in a route:
{code}
from("jetty:https://localhost:443/hello?sslContextParametersRef=sslContextParameters";).process(proc);
{code}
was:
CXF provides a nice Spring Namespace handler for configuring TLS options on the
Jetty transport. Configuring these options using XML in Spring or through a
simplified set of utility classes decreases the learning curve for users by
sheltering them from the horrors of JSSE.
There are a large number of components in Camel that deal with socket
communication at some level, but they all require users to learn the specific
low level configuration capabilities of the library on which the component is
based in order to configure custom TLS options.
It would be convenient if users didn't need to learn the advanced networking
configuration options for each component.
This enhancement suggests a similar Spring Namespace handler and utility
classes that allow for simplified configuration of an SSLContext as well as
adding provisions to some of the Camel components in order to accept this new
configuration mechanism. The initial components to support the new
configuration mechanism are the http, http4, and Jetty components. Other
components would follow.
An example usage is below.
Programmatic configuration:
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
ksp.setPassword(pwd);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword(pwd);
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManager(kmp);
sslContextParameters.setTrustManager(tmp);
XML Configuration:
<SSLContextParameters secureSocketProtocol="TLS">
<keyManager
keyPassword="password">
<keyStore resource="./localhost.jks" password="password"/>
</keyManager>
<secureSocketProtocolsFilter>
<include>TLS.*</include>
</secureSocketProtocolsFilter>
</SSLContextParameters>
Usage in a route:
from("jetty:https://localhost:443/hello?sslContextParametersRef=sslContextParameters";).process(proc);
I should have a patch containing an initial implementation of the idea some
time tomorrow. If this is something that would make it into the main code,
I'll make it production worthy and submit it for inclusion.
> Provide a common mehanism to facilitate configuration of TLS across Camel
> components
> ------------------------------------------------------------------------------------
>
> Key: CAMEL-3750
> URL: https://issues.apache.org/jira/browse/CAMEL-3750
> Project: Camel
> Issue Type: Improvement
> Components: camel-core, camel-http, camel-jetty
> Reporter: David Valeri
>
> CXF provides a nice Spring Namespace handler for configuring TLS options on
> the Jetty transport. Configuring these options using XML in Spring or
> through a simplified set of utility classes decreases the learning curve for
> users by sheltering them from the horrors of JSSE.
> There are a large number of components in Camel that deal with socket
> communication at some level, but they all require users to learn the specific
> low level configuration capabilities of the library on which the component is
> based in order to configure custom TLS options.
> It would be convenient if users didn't need to learn the advanced networking
> configuration options for each component.
> This enhancement suggests a similar Spring Namespace handler and utility
> classes that allow for simplified configuration of an SSLContext as well as
> adding provisions to some of the Camel components in order to accept this new
> configuration mechanism. The initial components to support the new
> configuration mechanism are the http, http4, and Jetty components. Other
> components would follow.
> An example usage is below.
> Programmatic configuration:
> {code}
> KeyStoreParameters ksp = new KeyStoreParameters();
> ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
> ksp.setPassword(pwd);
>
> KeyManagersParameters kmp = new KeyManagersParameters();
> kmp.setKeyPassword(pwd);
> kmp.setKeyStore(ksp);
> TrustManagersParameters tmp = new TrustManagersParameters();
> tmp.setKeyStore(ksp);
>
> SSLContextParameters sslContextParameters = new SSLContextParameters();
> sslContextParameters.setKeyManager(kmp);
> sslContextParameters.setTrustManager(tmp);
> {code}
> XML Configuration:
> {code:XML}
> <SSLContextParameters secureSocketProtocol="TLS">
> <keyManager
> keyPassword="password">
> <keyStore resource="./localhost.jks" password="password"/>
> </keyManager>
> <secureSocketProtocolsFilter>
> <include>TLS.*</include>
> </secureSocketProtocolsFilter>
> </SSLContextParameters>
> {code}
> Usage in a route:
> {code}
> from("jetty:https://localhost:443/hello?sslContextParametersRef=sslContextParameters";).process(proc);
> {code}
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
