[jira] [Commented] (CAMEL-22000) Expose mTLS headers for camel-mllp

Fri, 04 Jul 2025 06:59:07 -0700 


    [ 
https://issues.apache.org/jira/browse/CAMEL-22000?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17995769#comment-17995769
 ] 

Anders Andersson commented on CAMEL-22000:
------------------------------------------

Hello! Yes, and I think I have something working however we want to test it 
well enough first. The project took some time to build and now when it is ready 
to be tested in actual scenarios, it is vacation period.

I do think the Camel code works. Do you want me to push the changes I have made 
now or should we wait until my project have had some time to be tested before?

> Expose mTLS headers for camel-mllp
> ----------------------------------
>
>                 Key: CAMEL-22000
>                 URL: https://issues.apache.org/jira/browse/CAMEL-22000
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-mllp
>            Reporter: Anders Andersson
>            Priority: Minor
>             Fix For: 4.x
>
>
> Jira issue CAMEL-17881 introduced TLS to camel-mllp, but I have a need for 
> mutal tls and add custom logic for authorizing clients based on the Serial 
> Number in their client certificate. I don't see how I can get this 
> information without modifying the camel-mllp component.
> [camel-netty|https://camel.apache.org/components/4.10.x/netty-component.html#_message_headers]
>  sets the following headers (if you configure it):
>  * CamelNettySSLSession: NETTY_SSL_SESSION
>  * CamelNettySSLClientCertSubjectName: NETTY_SSL_CLIENT_CERT_SUBJECT_NAME
>  * CamelNettySSLClientCertIssuerName: NETTY_SSL_CLIENT_CERT_ISSUER_NAME
>  * CamelNettySSLClientCertSerialNumber: NETTY_SSL_CLIENT_CERT_SERIAL_NO
>  * CamelNettySSLClientCertNotBefore: NETTY_SSL_CLIENT_CERT_NOT_BEFORE
>  * CamelNettySSLClientCertNotAfter: NETTY_SSL_CLIENT_CERT_NOT_AFTER
> My proposal is to mimic this in camel-mllp, setting the same headers (apart 
> from the exact name would be prefixed "MLLP_"  example 
> MLLP_SSL_CLIENT_CERT_SUBJECT_NAME to conform with MLLP header naming 
> standard). If there is no TLS or there is TLS but the client is not providing 
> a certificate, these headers will no appear. 
> I will try to build this, starting today (as I need this functionality now), 
> unless anyone has objections. I hope it can be added to Camel. However I 
> probably need some help with how the procedures to send a contribution work 
> and aid with code review as I am very unfamiliar with Camel's source code.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to