[
https://issues.apache.org/jira/browse/CAMEL-14527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17035265#comment-17035265
]
Gerald Kallas commented on CAMEL-14527:
---------------------------------------
[~jondruse] I need the configuration of the sslContextParametersin different
bundles / files as the blueprint XML files will be deployed independently and
so far it will be created separate bundles.
Further .. I was required to add the auto-export option like
{code:java}
<service ref="sslContextParameters" auto-export="interfaces" />
{code}
These both in different files/bundles (hot deployment in /deploy folder) don't
work for me
{code:java}
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd";>
<sslContextParameters id="sslContextParameters"
xmlns="http://camel.apache.org/schema/blueprint";>
<keyManagers keyPassword="xxxxx">
<keyStore resource="etc/keystore.p12" password="xxxxx"/>
</keyManagers>
</sslContextParameters>
<service ref="sslContextParameters" auto-export="interfaces" />
</blueprint>
{code}
and
{code:java}
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd";>
<camelContext id="WEBISP001"
xmlns="http://camel.apache.org/schema/blueprint";>
<route id="WEBISP001">
<from
uri="jetty:https://0.0.0.0:8444/hello?sslContextParameters=#sslContextParameters";
/>
<log message="hello request body: ${in.body}" />
</route>
</camelContext>
</blueprint>
{code}
I'm still getting
{code:java}
Caused by: org.apache.camel.NoSuchBeanException: No bean could be found in the
registry for: sslContextParameters of type:
org.apache.camel.support.jsse.SSLContextParameters
{code}
P.S. For the JMS configuration the 2 separate blueprint files / bundles work
{code:java}
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";>
<!-- set JMS connection factory -->
<bean id="activemq"
class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://localhost:61616" />
<property name="userName" value="admin" />
<property name="password" value="xxxxx" />
</bean>
<service interface="javax.jms.ConnectionFactory" ref="activemq"/>
</blueprint>
{code}
and further use of the JMS connection factory in other blueprints files /
bundles (separated).
{code:java}
...
<from uri="jms:queue:EVENT?connectionFactory=activemq"
/>
...
{code}
> camel-jetty HTTPS consumer still fails with handshake failure
> -------------------------------------------------------------
>
> Key: CAMEL-14527
> URL: https://issues.apache.org/jira/browse/CAMEL-14527
> Project: Camel
> Issue Type: Bug
> Components: camel-jetty
> Affects Versions: 3.0.1
> Reporter: Gerald Kallas
> Assignee: Jiri Ondrusek
> Priority: Major
>
> After several research I did create the following Blueprint DSL route that
> still fails with a TLS handshake failure.
> {code:java}
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";<blueprint
> xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
> xsi:schemaLocation="http://www.osgi.org/xmlns/blueprint/v1.0.0
> https://www.osgi.org/xmlns/blueprint/v1.0.0/blueprint.xsd";>
> <sslContextParameters id="sslContextParameters"
> xmlns="http://camel.apache.org/schema/blueprint";>
> <secureSocketProtocolsFilter>
> <include>TLSv1.2</include>
> <include>TLSv1.1</include>
> </secureSocketProtocolsFilter>
> <cipherSuitesFilter>
> <include>.*</include>
> <exclude/>
> </cipherSuitesFilter>
> <keyManagers keyPassword="xxxxx">
> <keyStore resource="etc/truststore.jks" password="xxxxx"/>
> </keyManagers>
> <trustManagers>
> <keyStore resource="etc/keystore.p12" password="xxxxx"/>
> </trustManagers>
> </sslContextParameters>
> <camelContext id="WEBISP001"
> xmlns="http://camel.apache.org/schema/blueprint";>
> <route id="WEBISP001">
> <from
> uri="jetty:https://0.0.0.0:8444/hello?sslContextParameters=sslContextParameters";
> />
> <log message="hello request body: ${in.body}" />
> </route>
> </camelContext>
> </blueprint>
> {code}
> This is the deployment log
> {code:java}
> 2020-02-08T20:31:49,784 | INFO | fileinstall-/opt/apache-karaf-4.2.7/deploy
> | BlueprintContainerImpl | 80 - org.apache.aries.blueprint.core -
> 1.10.2 | Blueprint bundle WEBISP001.xml/0.0.0 has been started
> 2020-02-08T20:31:49,786 | INFO | Blueprint Event Dispatcher: 1 |
> BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 |
> Attempting to start CamelContext: WEBISP001
> 2020-02-08T20:31:49,789 | INFO | Blueprint Event Dispatcher: 1 |
> BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 |
> Apache Camel 3.0.1 (CamelContext: WEBISP001) is starting
> 2020-02-08T20:31:49,791 | INFO | Blueprint Event Dispatcher: 1 |
> JmxManagementStrategy | 88 - org.apache.camel.camel-api - 3.0.1 |
> JMX is enabled
> 2020-02-08T20:31:49,877 | INFO | Blueprint Event Dispatcher: 1 |
> HttpComponent | 88 - org.apache.camel.camel-api - 3.0.1 |
> Created ClientConnectionManager
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager@12fc7e57
> 2020-02-08T20:31:49,881 | INFO | Blueprint Event Dispatcher: 1 |
> BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 |
> StreamCaching is not in use. If using streams then its recommended to enable
> stream caching. See more details at
> http://camel.apache.org/stream-caching.html
> 2020-02-08T20:31:49,896 | INFO | Blueprint Event Dispatcher: 1 |
> SSLContextParameters | 88 - org.apache.camel.camel-api - 3.0.1 |
> Available providers: SUN version 1.8.
> 2020-02-08T20:31:49,906 | INFO | Blueprint Event Dispatcher: 1 |
> JettyHttpComponent9 | 112 - org.apache.camel.camel-jetty - 3.0.1
> | Connector on port: 8444 is using includeCipherSuites: [.*]
> excludeCipherSuites: [] includeProtocols: [TLSv1.3, TLSv1.2, TLSv1.1]
> excludeProtocols: [SSL, SSLv2, SSLv2Hello, SSLv3]
> 2020-02-08T20:31:49,907 | INFO | Blueprint Event Dispatcher: 1 | Server
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 |
> jetty-9.4.20.v20190813; built: 2019-08-13T21:28:18.144Z; git:
> 84700530e645e812b336747464d6fbbf370c9a20; jvm 1.8.0_242-b08
> 2020-02-08T20:31:49,908 | INFO | Blueprint Event Dispatcher: 1 |
> ContextHandler | 217 - org.eclipse.jetty.util -
> 9.4.20.v20190813 | Started
> o.e.j.s.ServletContextHandler@4d63dc0b{/,null,AVAILABLE}
> 2020-02-08T20:31:49,915 | INFO | Blueprint Event Dispatcher: 1 |
> SslContextFactory | 217 - org.eclipse.jetty.util -
> 9.4.20.v20190813 | Protocol TLSv1.3 not supported in [SSLv2Hello, SSLv3,
> TLSv1, TLSv1.1, TLSv1.2]
> 2020-02-08T20:31:49,915 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_256_CBC_SHA256 enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,916 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,916 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,917 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,917 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,917 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,918 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDH_RSA_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,918 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_DHE_RSA_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,919 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_DHE_DSS_WITH_AES_256_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,919 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_128_CBC_SHA256 enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,921 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,922 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,923 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,924 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,925 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,926 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_ECDH_RSA_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,927 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_DHE_RSA_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,927 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_DHE_DSS_WITH_AES_128_CBC_SHA enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,928 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_256_GCM_SHA384 enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,929 | WARN | Blueprint Event Dispatcher: 1 | config
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 | Weak
> cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256 enabled for
> SslContextFactory@6234ffd1[provider=null,keyStore=null,trustStore=null]
> 2020-02-08T20:31:49,930 | INFO | Blueprint Event Dispatcher: 1 |
> AbstractConnector | 217 - org.eclipse.jetty.util -
> 9.4.20.v20190813 | Started ServerConnector@11e4bb7f{ssl,[ssl,
> http/1.1]}{0.0.0.0:8444}
> 2020-02-08T20:31:49,931 | INFO | Blueprint Event Dispatcher: 1 | Server
> | 217 - org.eclipse.jetty.util - 9.4.20.v20190813 |
> Started @1786570ms
> 2020-02-08T20:31:49,932 | INFO | Blueprint Event Dispatcher: 1 |
> BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 |
> Route: WEBISP001 started and consuming from: jetty:https://0.0.0.0:8444/hello
> 2020-02-08T20:31:49,933 | INFO | Blueprint Event Dispatcher: 1 |
> BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 |
> Total 1 routes, of which 1 are started
> 2020-02-08T20:31:49,933 | INFO | Blueprint Event Dispatcher: 1 |
> BlueprintCamelContext | 88 - org.apache.camel.camel-api - 3.0.1 |
> Apache Camel 3.0.1 (CamelContext: WEBISP001) started in 0.145 seconds
> 2020-02-08T20:31:49,987 | INFO | fileinstall-/opt/apache-karaf-4.2.7/deploy
> | fileinstall | 10 - org.apache.felix.fileinstall -
> 3.6.4 | Started bundle:
> blueprint:file:/opt/apache-karaf-4.2.7/deploy/WEBISP001.xml
> {code}
> The request to the endpoint still fails with
> {code:java}
> curl -vvv --insecure --location --request POST 'https://host:8444/hello'
> --data-raw 'Hello World!'
> Note: Unnecessary use of -X or --request, POST is already inferred.
> * Trying 10.0.0.147...
> * TCP_NODELAY set
> * Connected to host (10.0.0.147) port 8444 (#0)
> * ALPN, offering h2
> * ALPN, offering http/1.1
> * successfully set certificate verify locations:
> * CAfile: /etc/pki/tls/certs/ca-bundle.crt
> CApath: none
> * TLSv1.3 (OUT), TLS handshake, Client hello (1):
> * TLSv1.3 (IN), TLS alert, handshake failure (552):
> * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
> * Closing connection 0
> curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
> failure{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
