RE: Jetty and the Invalid SNI
Fyodor,
Assuming all testers have the same or a small number of for their
localhost, you can create one keystore for testing and have it packaged with
the tests.
--
Alex
Alex Mattern | AVP | Infomediary Architect | Investor Services
BROWN BROTHERS HARRIMAN
50 Post Office Square, Boston, MA 02110
T 617-772-0096 | M 857-283-3724 | alex.matt...@bbh.com
www.bbh.com
-Original Message-
From: Fyodor Kravchenko
Sent: Thursday, September 21, 2023 10:48 AM
To: users@camel.apache.org
Subject: [EXTERNAL SENDER:] Re: Jetty and the Invalid SNI
Hi, thank you,
seems no-one will be able to test my app without the hassle of creating their
own keystore, right?
/fedd
On 21.09.2023 17:13, Mattern, Alex wrote:
> On converting from Camel 3.x to 4.x:
>
> 1. You should get the canonicalHostName
>
> public static String getHostName() {
> try {
> return
> InetAddress.getLocalHost().getCanonicalHostName();
> }
> }
>
> 2. You should update your keystore to accept the localhost. Change the CN to
> *..com. Change the SAN to www..com. If you have multiple
> then you will make multiple entries in the keystore.
> --
> Alex
>
> -Original Message-
> From: Fyodor Kravchenko
> Sent: Thursday, September 21, 2023 9:35 AM
> To: users@camel.apache.org
> Subject: [EXTERNAL SENDER:] Re: Jetty and the Invalid SNI
>
> Hello,
>
> I don't really want to use Jetty, but I'm currently migrating my project that
> uses Jetty from Camel 2 via 3 to 4. I'll be able to use something different
> when it starts working with Jetty so I'm able to fix every other
> functionality before switching to a different web server.
> Unfortunately I don't use Spring or Quarkus, but it has to be able to run
> standalone for the time being. I'm looking into Undertow because it offers
> the websockets like Jetty seemed to offer previously, but first I have to
> make Jetty work.
>
>
> On 21.09.2023 11:32, Claus Ibsen wrote:
>> Hi
>>
>> Do you really need to use Jetty? If you use Spring Boot or Quarkus
>> they come with HTTP server which you can configure for TLS/SSL more
>> easier than Jetty.
>>
>> On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko wrote:
>>
>>> Hello,
>>>
>>> I'm missing how do I set up the new Jetty in Camel 4 to let me
>>> access the localhost via SSL while developing or when needed for
>>> other purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
>>> 400: Invalid SNI" error.
>>>
>>> I'm configuring the SSL as the following:
>>>
>>>JettyHttpComponent jetty = _camel.getComponent(JETTY,
>>> JettyHttpComponent.class);
>>>
>>>// ssl
>>>File keyStoreFile = new
>>> File(_properties.getProperty("keystoreFile", "sborex.jks"));
>>>if (keyStoreFile.exists()) {
>>>String keystorePassword =
>>> _properties.getProperty("keystorePassword", "defaultPassword");
>>>SSLContextParameters scp = new SSLContextParameters();
>>>KeyStoreParameters ksp = new KeyStoreParameters();
>>>try (var stream =
>>> Files.newInputStream(Path.of(keyStoreFile.getPath( {
>>>KeyStore ks =
>>> KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
>>>ks.load(stream, keystorePassword.toCharArray());
>>>ksp.setKeyStore(ks);
>>>}catch(Exception e){
>>>throw new RuntimeException(e);
>>>}
>>>
>>>KeyManagersParameters kmp = new KeyManagersParameters();
>>>kmp.setKeyStore(ksp);
>>> kmp.setKeyPassword(_properties.getProperty("keyPassword"));
>>>scp.setKeyManagers(kmp);
>>>SecureRequestCustomizer src = new
>>> SecureRequestCustomizer(false);
>>>src.setSniRequired(false); // found this in StackOverflow.
>>> Now what?
>>>jetty.setSslContextParameters(scp);
>>>}
>>>
>>> I've read somewhere that we have to switch off the SNI check for
>>> Jetty through some Secure Request Customizer, but I fail to
>>> understand how do I pass it to the Jetty server; or maybe there is a
>>> more generic API for doing that through the JSSE?
>>> https://urldefense.com/v3/__https://camel.apache.org/manual/camel-co
>>> n
>>> figuration-utilities.html__;!!KV6Wb-o!8aLqf3hE4j6xQVtSFey5YFtItZV8pS
>>> s 8fAZDFZjgMR_60aD7A2h9ftXT4jWpd9OLqb3ksg-nAbTL$
>>>
>>>
>>> Thanks!
>>>
>>>
> *** IMPORTANT
> NOTE* The opinions expressed in this message
> and/or any attachments are those of the author and not necessarily those of
> Brown Brothers Harriman & Co., its subsidiaries and affiliates ("BBH"). There
> is no guarantee that this message is either private or confidential, and it
> may have been altered by unauthorized sources without your or our knowledge.
> Nothing in the message is capable or intended to create
Re: Jetty and the Invalid SNI
Hi, thank you,
seems no-one will be able to test my app without the hassle of creating
their own keystore, right?
/fedd
On 21.09.2023 17:13, Mattern, Alex wrote:
On converting from Camel 3.x to 4.x:
1. You should get the canonicalHostName
public static String getHostName() {
try {
return
InetAddress.getLocalHost().getCanonicalHostName();
}
}
2. You should update your keystore to accept the localhost. Change the CN to *..com.
Change the SAN to www..com. If you have multiple then you will make
multiple entries in the keystore.
--
Alex
-Original Message-
From: Fyodor Kravchenko
Sent: Thursday, September 21, 2023 9:35 AM
To: users@camel.apache.org
Subject: [EXTERNAL SENDER:] Re: Jetty and the Invalid SNI
Hello,
I don't really want to use Jetty, but I'm currently migrating my project that
uses Jetty from Camel 2 via 3 to 4. I'll be able to use something different
when it starts working with Jetty so I'm able to fix every other functionality
before switching to a different web server.
Unfortunately I don't use Spring or Quarkus, but it has to be able to run
standalone for the time being. I'm looking into Undertow because it offers the
websockets like Jetty seemed to offer previously, but first I have to make
Jetty work.
On 21.09.2023 11:32, Claus Ibsen wrote:
Hi
Do you really need to use Jetty? If you use Spring Boot or Quarkus
they come with HTTP server which you can configure for TLS/SSL more
easier than Jetty.
On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko wrote:
Hello,
I'm missing how do I set up the new Jetty in Camel 4 to let me access
the localhost via SSL while developing or when needed for other
purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
400: Invalid SNI" error.
I'm configuring the SSL as the following:
JettyHttpComponent jetty = _camel.getComponent(JETTY,
JettyHttpComponent.class);
// ssl
File keyStoreFile = new
File(_properties.getProperty("keystoreFile", "sborex.jks"));
if (keyStoreFile.exists()) {
String keystorePassword =
_properties.getProperty("keystorePassword", "defaultPassword");
SSLContextParameters scp = new SSLContextParameters();
KeyStoreParameters ksp = new KeyStoreParameters();
try (var stream =
Files.newInputStream(Path.of(keyStoreFile.getPath( {
KeyStore ks =
KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
ks.load(stream, keystorePassword.toCharArray());
ksp.setKeyStore(ks);
}catch(Exception e){
throw new RuntimeException(e);
}
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword(_properties.getProperty("keyPassword"));
scp.setKeyManagers(kmp);
SecureRequestCustomizer src = new
SecureRequestCustomizer(false);
src.setSniRequired(false); // found this in StackOverflow.
Now what?
jetty.setSslContextParameters(scp);
}
I've read somewhere that we have to switch off the SNI check for
Jetty through some Secure Request Customizer, but I fail to
understand how do I pass it to the Jetty server; or maybe there is a
more generic API for doing that through the JSSE?
https://urldefense.com/v3/__https://camel.apache.org/manual/camel-con
figuration-utilities.html__;!!KV6Wb-o!8aLqf3hE4j6xQVtSFey5YFtItZV8pSs
8fAZDFZjgMR_60aD7A2h9ftXT4jWpd9OLqb3ksg-nAbTL$
Thanks!
*** IMPORTANT NOTE*
The opinions expressed in this message and/or any attachments are those of the author and not
necessarily those of Brown Brothers Harriman & Co., its subsidiaries and affiliates
("BBH"). There is no guarantee that this message is either private or confidential,
and it may have been altered by unauthorized sources without your or our knowledge. Nothing
in the message is capable or intended to create any legally binding obligations on either
party and it is not intended to provide legal advice. BBH accepts no responsibility for loss
or damage from its use, including damage from virus.
**
RE: Jetty and the Invalid SNI
On converting from Camel 3.x to 4.x:
1. You should get the canonicalHostName
public static String getHostName() {
try {
return
InetAddress.getLocalHost().getCanonicalHostName();
}
}
2. You should update your keystore to accept the localhost. Change the CN to
*..com. Change the SAN to www..com. If you have multiple
then you will make multiple entries in the keystore.
--
Alex
-Original Message-
From: Fyodor Kravchenko
Sent: Thursday, September 21, 2023 9:35 AM
To: users@camel.apache.org
Subject: [EXTERNAL SENDER:] Re: Jetty and the Invalid SNI
Hello,
I don't really want to use Jetty, but I'm currently migrating my project that
uses Jetty from Camel 2 via 3 to 4. I'll be able to use something different
when it starts working with Jetty so I'm able to fix every other functionality
before switching to a different web server.
Unfortunately I don't use Spring or Quarkus, but it has to be able to run
standalone for the time being. I'm looking into Undertow because it offers the
websockets like Jetty seemed to offer previously, but first I have to make
Jetty work.
On 21.09.2023 11:32, Claus Ibsen wrote:
> Hi
>
> Do you really need to use Jetty? If you use Spring Boot or Quarkus
> they come with HTTP server which you can configure for TLS/SSL more
> easier than Jetty.
>
> On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko wrote:
>
>> Hello,
>>
>> I'm missing how do I set up the new Jetty in Camel 4 to let me access
>> the localhost via SSL while developing or when needed for other
>> purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
>> 400: Invalid SNI" error.
>>
>> I'm configuring the SSL as the following:
>>
>> JettyHttpComponent jetty = _camel.getComponent(JETTY,
>> JettyHttpComponent.class);
>>
>> // ssl
>> File keyStoreFile = new
>> File(_properties.getProperty("keystoreFile", "sborex.jks"));
>> if (keyStoreFile.exists()) {
>> String keystorePassword =
>> _properties.getProperty("keystorePassword", "defaultPassword");
>> SSLContextParameters scp = new SSLContextParameters();
>> KeyStoreParameters ksp = new KeyStoreParameters();
>> try (var stream =
>> Files.newInputStream(Path.of(keyStoreFile.getPath( {
>> KeyStore ks =
>> KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
>> ks.load(stream, keystorePassword.toCharArray());
>> ksp.setKeyStore(ks);
>> }catch(Exception e){
>> throw new RuntimeException(e);
>> }
>>
>> KeyManagersParameters kmp = new KeyManagersParameters();
>> kmp.setKeyStore(ksp);
>> kmp.setKeyPassword(_properties.getProperty("keyPassword"));
>> scp.setKeyManagers(kmp);
>> SecureRequestCustomizer src = new
>> SecureRequestCustomizer(false);
>> src.setSniRequired(false); // found this in StackOverflow.
>> Now what?
>> jetty.setSslContextParameters(scp);
>> }
>>
>> I've read somewhere that we have to switch off the SNI check for
>> Jetty through some Secure Request Customizer, but I fail to
>> understand how do I pass it to the Jetty server; or maybe there is a
>> more generic API for doing that through the JSSE?
>> https://urldefense.com/v3/__https://camel.apache.org/manual/camel-con
>> figuration-utilities.html__;!!KV6Wb-o!8aLqf3hE4j6xQVtSFey5YFtItZV8pSs
>> 8fAZDFZjgMR_60aD7A2h9ftXT4jWpd9OLqb3ksg-nAbTL$
>>
>>
>> Thanks!
>>
>>
*** IMPORTANT NOTE*
The opinions expressed in this message and/or any attachments are those of the
author and not necessarily those of Brown Brothers Harriman & Co., its
subsidiaries and affiliates ("BBH"). There is no guarantee that this message is
either private or confidential, and it may have been altered by unauthorized
sources without your or our knowledge. Nothing in the message is capable or
intended to create any legally binding obligations on either party and it is
not intended to provide legal advice. BBH accepts no responsibility for loss or
damage from its use, including damage from virus.
**
Re: Jetty and the Invalid SNI
Hello,
I don't really want to use Jetty, but I'm currently migrating my project
that uses Jetty from Camel 2 via 3 to 4. I'll be able to use something
different when it starts working with Jetty so I'm able to fix every
other functionality before switching to a different web server.
Unfortunately I don't use Spring or Quarkus, but it has to be able to
run standalone for the time being. I'm looking into Undertow because it
offers the websockets like Jetty seemed to offer previously, but first I
have to make Jetty work.
On 21.09.2023 11:32, Claus Ibsen wrote:
Hi
Do you really need to use Jetty? If you use Spring Boot or Quarkus they
come with HTTP server which you can configure for TLS/SSL more easier than
Jetty.
On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko wrote:
Hello,
I'm missing how do I set up the new Jetty in Camel 4 to let me access
the localhost via SSL while developing or when needed for other
purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
400: Invalid SNI" error.
I'm configuring the SSL as the following:
JettyHttpComponent jetty = _camel.getComponent(JETTY,
JettyHttpComponent.class);
// ssl
File keyStoreFile = new
File(_properties.getProperty("keystoreFile", "sborex.jks"));
if (keyStoreFile.exists()) {
String keystorePassword =
_properties.getProperty("keystorePassword", "defaultPassword");
SSLContextParameters scp = new SSLContextParameters();
KeyStoreParameters ksp = new KeyStoreParameters();
try (var stream =
Files.newInputStream(Path.of(keyStoreFile.getPath( {
KeyStore ks =
KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
ks.load(stream, keystorePassword.toCharArray());
ksp.setKeyStore(ks);
}catch(Exception e){
throw new RuntimeException(e);
}
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword(_properties.getProperty("keyPassword"));
scp.setKeyManagers(kmp);
SecureRequestCustomizer src = new
SecureRequestCustomizer(false);
src.setSniRequired(false); // found this in StackOverflow.
Now what?
jetty.setSslContextParameters(scp);
}
I've read somewhere that we have to switch off the SNI check for Jetty
through some Secure Request Customizer, but I fail to understand how do
I pass it to the Jetty server; or maybe there is a more generic API for
doing that through the JSSE?
https://camel.apache.org/manual/camel-configuration-utilities.html
Thanks!
Re: How do I setup camel-rest in combination with spring-webflux-netty?
Hi
Use the platform-http for the consumer - then you use what spring comes
with as http server.
On Thu, Sep 21, 2023 at 1:04 PM Alphonse Bendt
wrote:
> Hi folks,
>
> Within a Spring boot application I want to use camel-rest as consumer to
> be able to define rest endpoints:
>
> from(„rest://get/hello-world“).constant(„Some static content“)
>
> This works fine with the spring-boot-starter-web which uses Tomcat:
>
> Get http://localhost:8080/rest/hello-world => 200
>
> Now I was trying to achieve the same with spring-boot-starter-webflux +
> netty
>
> What I did so far is:
> * exchange spring-boot-starter-web with spring-boot-sterter-webflux
> * add camel-netty-http
> * configured the rest component to use netty-http instead of servlet:
> getRestConfiguration().setComponent("netty-http“)
>
> I can see in the log output that the route still is being registered
> however cannot be accessed in the spring application
> Get http://localhost:8080/rest/hello-world => 404
>
> I am assuming that a new ServerPort is being opened instead of hooking
> into the one already provided by spring?
>
> How do i configure things so that the rest endpoint is accessible via the
> Spring server port? Can anyone show me directions?
>
> Thanks in advance,
>Alphonse
>
>
>
>
--
Claus Ibsen
-
@davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
How do I setup camel-rest in combination with spring-webflux-netty?
Hi folks,
Within a Spring boot application I want to use camel-rest as consumer to be
able to define rest endpoints:
from(„rest://get/hello-world“).constant(„Some static content“)
This works fine with the spring-boot-starter-web which uses Tomcat:
Get http://localhost:8080/rest/hello-world => 200
Now I was trying to achieve the same with spring-boot-starter-webflux + netty
What I did so far is:
* exchange spring-boot-starter-web with spring-boot-sterter-webflux
* add camel-netty-http
* configured the rest component to use netty-http instead of servlet:
getRestConfiguration().setComponent("netty-http“)
I can see in the log output that the route still is being registered however
cannot be accessed in the spring application
Get http://localhost:8080/rest/hello-world => 404
I am assuming that a new ServerPort is being opened instead of hooking into the
one already provided by spring?
How do i configure things so that the rest endpoint is accessible via the
Spring server port? Can anyone show me directions?
Thanks in advance,
Alphonse
Re: Jetty and the Invalid SNI
Hi
Do you really need to use Jetty? If you use Spring Boot or Quarkus they
come with HTTP server which you can configure for TLS/SSL more easier than
Jetty.
On Mon, Sep 18, 2023 at 12:30 PM Fyodor Kravchenko wrote:
> Hello,
>
> I'm missing how do I set up the new Jetty in Camel 4 to let me access
> the localhost via SSL while developing or when needed for other
> purposes. I'm getting the "org.eclipse.jetty.http.BadMessageException:
> 400: Invalid SNI" error.
>
> I'm configuring the SSL as the following:
>
> JettyHttpComponent jetty = _camel.getComponent(JETTY,
> JettyHttpComponent.class);
>
> // ssl
> File keyStoreFile = new
> File(_properties.getProperty("keystoreFile", "sborex.jks"));
> if (keyStoreFile.exists()) {
> String keystorePassword =
> _properties.getProperty("keystorePassword", "defaultPassword");
> SSLContextParameters scp = new SSLContextParameters();
> KeyStoreParameters ksp = new KeyStoreParameters();
> try (var stream =
> Files.newInputStream(Path.of(keyStoreFile.getPath( {
> KeyStore ks =
> KeyStore.getInstance(_properties.getProperty("keystoreType", "jks"));
> ks.load(stream, keystorePassword.toCharArray());
> ksp.setKeyStore(ks);
> }catch(Exception e){
> throw new RuntimeException(e);
> }
>
> KeyManagersParameters kmp = new KeyManagersParameters();
> kmp.setKeyStore(ksp);
> kmp.setKeyPassword(_properties.getProperty("keyPassword"));
> scp.setKeyManagers(kmp);
> SecureRequestCustomizer src = new
> SecureRequestCustomizer(false);
> src.setSniRequired(false); // found this in StackOverflow.
> Now what?
> jetty.setSslContextParameters(scp);
> }
>
> I've read somewhere that we have to switch off the SNI check for Jetty
> through some Secure Request Customizer, but I fail to understand how do
> I pass it to the Jetty server; or maybe there is a more generic API for
> doing that through the JSSE?
> https://camel.apache.org/manual/camel-configuration-utilities.html
>
>
> Thanks!
>
>
--
Claus Ibsen
-
@davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
Re: JMS Batch Consumer
Hi You can use the aggregator to batch X before sending it to kafka. However I know that then this is decoupled from JMS and those batched messages are stored in-memory by the camel aggregator before they send to kafka. There are some JIRA about batching kafka support (consumer side). And in general for Camel messaging components ala JMS, but its a bit tricky as camel-jms is based on spring jms that does not have too well support for batching. On Mon, Sep 18, 2023 at 5:37 PM Billah Farouk (BD/POI2) wrote: > Hello, > > I am looking for a way how to consume messages in Batches from a JMS > Broker. Messages will be processed and sent batched in a single request to > a Kafka topic. > > Before Camel 3.7, it was possible to implement such a behaviour using the > sjms-batch component. However this component was discontinued. > > Reasons for using batching consumers are mainly: > > - Process a high throughput without needing to create too many JMS > Concurrent consumers ( current value: maxConcurrentConsumers=20) > - Achieve a high number records per Kafka request as the latency to the > Kafka cluster is quite high (Number of records per request was around 75 > when using the sjms-batch component) > > Two questions: > > 1- Are there are any news whether the possibility to consume message in > Batches from a JMS Broker will be reinstated in Camel 4? > > 2- Do you guys have any proposals how the desired behavior can be > otherwise achieved? > > Regards > Farouk > -- Claus Ibsen - @davsclaus Camel in Action 2: https://www.manning.com/ibsen2
