This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/camel.git
commit 2cc2e47a06568ba1a545a5482a42f706a0372d22 Author: Andrea Cosentino <[email protected]> AuthorDate: Fri Apr 16 13:27:50 2021 +0200 CAMEL-16524 - Remove Camel-Crypto-CMS --- .../org/apache/camel/catalog/components.properties | 1 - .../camel/catalog/components/crypto-cms.json | 50 --- .../org/apache/camel/catalog/docs.properties | 1 - .../camel/catalog/docs/crypto-cms-component.adoc | 411 -------------------- .../component/ComponentsBuilderFactory.java | 2 +- .../src/generated/resources/metadata.json | 23 -- .../builder/endpoint/EndpointBuilderFactory.java | 1 - .../camel/builder/endpoint/EndpointBuilders.java | 1 - .../builder/endpoint/StaticEndpointBuilders.java | 2 +- .../org/apache/camel/main/components.properties | 1 - docs/components/modules/ROOT/nav.adoc | 1 - .../modules/ROOT/pages/crypto-cms-component.adoc | 413 --------------------- 12 files changed, 2 insertions(+), 905 deletions(-) diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components.properties b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components.properties index a594e0a..6f18e3e 100644 --- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components.properties +++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components.properties @@ -72,7 +72,6 @@ couchdb cql cron crypto -crypto-cms cxf cxfrs dataformat diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/crypto-cms.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/crypto-cms.json deleted file mode 100644 index c1efbcd..0000000 --- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/crypto-cms.json +++ /dev/null @@ -1,50 +0,0 @@ -{ - "component": { - "kind": "component", - "name": "crypto-cms", - "title": "Crypto CMS", - "description": "Encrypt, decrypt, sign and verify data in CMS Enveloped Data format.", - "deprecated": true, - "deprecatedSince": "3.2.0", - "firstVersion": "2.20.0", - "label": "security,transformation", - "javaType": "org.apache.camel.component.crypto.cms.CryptoCmsComponent", - "supportLevel": "Stable", - "groupId": "org.apache.camel", - "artifactId": "camel-crypto-cms", - "version": "3.10.0-SNAPSHOT", - "scheme": "crypto-cms", - "extendsScheme": "", - "syntax": "crypto-cms:cryptoOperation:name", - "async": false, - "api": false, - "consumerOnly": false, - "producerOnly": true, - "lenientProperties": false - }, - "componentProperties": { - "lazyStartProducer": { "kind": "property", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during star [...] - "autowiredEnabled": { "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which t [...] - "envelopedDataDecryptorConfiguration": { "kind": "property", "displayName": "Enveloped Data Decryptor Configuration", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.crypto.cms.crypt.EnvelopedDataDecryptorConfiguration", "deprecated": false, "autowired": false, "secret": false, "description": "To configure the shared EnvelopedDataDecryptorConfiguration, which determines the uri parameters for the decrypt operation." }, - "signedDataVerifierConfiguration": { "kind": "property", "displayName": "Signed Data Verifier Configuration", "group": "advanced", "label": "advanced", "required": false, "type": "object", "javaType": "org.apache.camel.component.crypto.cms.sig.SignedDataVerifierConfiguration", "deprecated": false, "autowired": false, "secret": false, "description": "To configure the shared SignedDataVerifierConfiguration, which determines the uri parameters for the verify operation." } - }, - "properties": { - "cryptoOperation": { "kind": "path", "displayName": "Crypto Operation", "group": "producer", "label": "", "required": true, "type": "object", "javaType": "org.apache.camel.component.crypto.cms.CryptoOperation", "enum": [ "sign", "verify", "encrypt", "decrypt" ], "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "Set the Crypto operation from that supplied after the crypto scheme in the endpoint uri e.g. crypto-cms:sign sets sign as the op [...] - "name": { "kind": "path", "displayName": "Name", "group": "producer", "label": "", "required": true, "type": "string", "javaType": "java.lang.String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "The name part in the URI can be chosen by the user to distinguish between different signer\/verifier\/encryptor\/decryptor endpoints within the camel context." }, - "keyStore": { "kind": "parameter", "displayName": "Key Store", "group": "common", "label": "common", "required": false, "type": "object", "javaType": "java.security.KeyStore", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.sig.DefaultSignedDataVerifierConfiguration", "configurationField": "verifyConfig", "description": "Keystore which contains signer private keys, verifier public keys, encryptor public keys, decr [...] - "keyStoreParameters": { "kind": "parameter", "displayName": "Key Store Parameters", "group": "common", "label": "common", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.KeyStoreParameters", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.sig.DefaultSignedDataVerifierConfiguration", "configurationField": "verifyConfig", "description": "Keystore containing signer private keys, verifi [...] - "lazyStartProducer": { "kind": "parameter", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during sta [...] - "password": { "kind": "parameter", "displayName": "Password", "group": "decrypt", "label": "decrypt", "required": false, "type": "object", "javaType": "char[]", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.crypt.DefaultEnvelopedDataDecryptorConfiguration", "configurationField": "decryptConfig", "description": "Sets the password of the private keys. It is assumed that all private keys in the keystore have the sa [...] - "fromBase64": { "kind": "parameter", "displayName": "From Base64", "group": "decrypt_verify", "label": "decrypt_verify", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "configurationClass": "org.apache.camel.component.crypto.cms.sig.DefaultSignedDataVerifierConfiguration", "configurationField": "verifyConfig", "description": "If true then the CMS message is base 64 encoded and must be decod [...] - "contentEncryptionAlgorithm": { "kind": "parameter", "displayName": "Content Encryption Algorithm", "group": "encrypt", "label": "encrypt", "required": false, "type": "string", "javaType": "java.lang.String", "enum": [ "AES\/CBC\/PKCS5Padding", "DESede\/CBC\/PKCS5Padding", "Camellia\/CBC\/PKCS5Padding", "CAST5\/CBC\/PKCS5Padding" ], "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.crypt.EnvelopedDataEncryptorConfig [...] - "originatorInformationProvider": { "kind": "parameter", "displayName": "Originator Information Provider", "group": "encrypt", "label": "encrypt", "required": false, "type": "object", "javaType": "org.apache.camel.component.crypto.cms.common.OriginatorInformationProvider", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.crypt.EnvelopedDataEncryptorConfiguration", "configurationField": "encryptConfig", "description" [...] - "recipient": { "kind": "parameter", "displayName": "Recipient", "group": "encrypt", "label": "encrypt", "required": false, "type": "array", "javaType": "java.util.List<org.apache.camel.component.crypto.cms.crypt.RecipientInfo>", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.crypt.EnvelopedDataEncryptorConfiguration", "configurationField": "encryptConfig", "description": "Recipient Info: reference to a bean which [...] - "secretKeyLength": { "kind": "parameter", "displayName": "Secret Key Length", "group": "encrypt", "label": "encrypt", "required": false, "type": "integer", "javaType": "int", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.crypt.EnvelopedDataEncryptorConfiguration", "configurationField": "encryptConfig", "description": "Key length for the secret symmetric key used for the content encryption. Only used if the speci [...] - "unprotectedAttributesGeneratorProvider": { "kind": "parameter", "displayName": "Unprotected Attributes Generator Provider", "group": "encrypt", "label": "encrypt", "required": false, "type": "object", "javaType": "org.apache.camel.component.crypto.cms.common.AttributesGeneratorProvider", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.crypt.EnvelopedDataEncryptorConfiguration", "configurationField": "encryptConfi [...] - "toBase64": { "kind": "parameter", "displayName": "To Base64", "group": "encrypt_sign", "label": "encrypt_sign", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": "false", "configurationClass": "org.apache.camel.component.crypto.cms.sig.SignedDataCreatorConfiguration", "configurationField": "signConfig", "description": "Indicates whether the Signed Data or Enveloped Data instance shall be b [...] - "includeContent": { "kind": "parameter", "displayName": "Include Content", "group": "sign", "label": "sign", "required": false, "type": "boolean", "javaType": "java.lang.Boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": "true", "configurationClass": "org.apache.camel.component.crypto.cms.sig.SignedDataCreatorConfiguration", "configurationField": "signConfig", "description": "Indicates whether the signed content should be included into the Signed Data [...] - "signer": { "kind": "parameter", "displayName": "Signer", "group": "sign", "label": "sign", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "configurationClass": "org.apache.camel.component.crypto.cms.sig.SignedDataCreatorConfiguration", "configurationField": "signConfig", "description": "Signer information: reference to bean(s) which implements org.apache.camel.component.crypto.cms.api.SignerInfo. Multipl [...] - "signedDataHeaderBase64": { "kind": "parameter", "displayName": "Signed Data Header Base64", "group": "verify", "label": "verify", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "configurationClass": "org.apache.camel.component.crypto.cms.sig.DefaultSignedDataVerifierConfiguration", "configurationField": "verifyConfig", "description": "Indicates whether the value in the header CamelCryptoCm [...] - "verifySignaturesOfAllSigners": { "kind": "parameter", "displayName": "Verify Signatures Of All Signers", "group": "verify", "label": "verify", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "configurationClass": "org.apache.camel.component.crypto.cms.sig.DefaultSignedDataVerifierConfiguration", "configurationField": "verifyConfig", "description": "If true then the signatures of all signers [...] - } -} diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs.properties b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs.properties index 0249ddd..9fc6dde 100644 --- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs.properties +++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs.properties @@ -97,7 +97,6 @@ couchbase-component couchdb-component cql-component cron-component -crypto-cms-component crypto-component crypto-dataformat csimple-joor diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs/crypto-cms-component.adoc b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs/crypto-cms-component.adoc deleted file mode 100644 index 328c1c4..0000000 --- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/docs/crypto-cms-component.adoc +++ /dev/null @@ -1,411 +0,0 @@ -[[crypto-cms-component]] -= Crypto CMS Component (deprecated) -:docTitle: Crypto CMS -:artifactId: camel-crypto-cms -:description: Encrypt, decrypt, sign and verify data in CMS Enveloped Data format. -:since: 2.20 -:supportLevel: Stable-deprecated -:deprecated: *deprecated* -:component-header: Only producer is supported -include::{cq-version}@camel-quarkus:ROOT:partial$reference/components/crypto-cms.adoc[opts=optional] - -*Since Camel {since}* - -*Since Camel 2.20* - - -*{component-header}* - -http://tools.ietf.org/html/rfc5652[Cryptographic Message Syntax (CMS)] is a well established standard for signing and encrypting messages. The Apache Crypto CMS component supports the following parts of this standard: -* Content Type "Enveloped Data" with Key Transport (asymmetric key), -* Content Type "Signed Data". -You can create CMS Enveloped Data instances, decrypt CMS Enveloped Data instances, create CMS Signed Data instances, and validate CMS Signed Data instances. - -The component uses the https://www.bouncycastle.org/java.html[Bouncy Castle] libraries bcprov-jdk15on and bcpkix-jdk15on. - -Maven users will need to add the following dependency to their `pom.xml` for this component: - -[source,xml] ----- -<dependency> - <groupId>org.apache.camel</groupId> - <artifactId>camel-crypto-cms</artifactId> - <version>x.x.x</version> - <!-- use the same version as your Camel core version --> -</dependency> ----- - -We recommend to register the Bouncy Castle security provider in your application before you call an endpoint of this component: - -[source,java] ----- -Security.addProvider(new BouncyCastleProvider()); ----- - -If the Bouncy Castle security provider is not registered then the Crypto CMS component will register the provider. - -== Options - -// component options: START -The Crypto CMS component supports 4 options, which are listed below. - - - -[width="100%",cols="2,5,^1,2",options="header"] -|=== -| Name | Description | Default | Type -| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...] -| *autowiredEnabled* (advanced) | Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc. | true | boolean -| *envelopedDataDecryptor{zwsp}Configuration* (advanced) | To configure the shared EnvelopedDataDecryptorConfiguration, which determines the uri parameters for the decrypt operation. | | EnvelopedDataDecryptorConfiguration -| *signedDataVerifier{zwsp}Configuration* (advanced) | To configure the shared SignedDataVerifierConfiguration, which determines the uri parameters for the verify operation. | | SignedDataVerifierConfiguration -|=== -// component options: END - -// endpoint options: START -The Crypto CMS endpoint is configured using URI syntax: - ----- -crypto-cms:cryptoOperation:name ----- - -with the following path and query parameters: - -=== Path Parameters (2 parameters): - - -[width="100%",cols="2,5,^1,2",options="header"] -|=== -| Name | Description | Default | Type -| *cryptoOperation* | *Required* Set the Crypto operation from that supplied after the crypto scheme in the endpoint uri e.g. crypto-cms:sign sets sign as the operation. Possible values: sign, verify, encrypt, or decrypt. There are 4 enums and the value can be one of: sign, verify, encrypt, decrypt | | CryptoOperation -| *name* | *Required* The name part in the URI can be chosen by the user to distinguish between different signer/verifier/encryptor/decryptor endpoints within the camel context. | | String -|=== - - -=== Query Parameters (15 parameters): - - -[width="100%",cols="2,5,^1,2",options="header"] -|=== -| Name | Description | Default | Type -| *keyStore* (common) | Keystore which contains signer private keys, verifier public keys, encryptor public keys, decryptor private keys depending on the operation. Use either this parameter or the parameter 'keyStoreParameters'. | | KeyStore -| *keyStoreParameters* (common) | Keystore containing signer private keys, verifier public keys, encryptor public keys, decryptor private keys depending on the operation. Use either this parameter or the parameter 'keystore'. | | KeyStoreParameters -| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...] -| *password* (decrypt) | Sets the password of the private keys. It is assumed that all private keys in the keystore have the same password. If not set then it is assumed that the password of the private keys is given by the keystore password given in the KeyStoreParameters. | | char[] -| *fromBase64* (decrypt_verify) | If true then the CMS message is base 64 encoded and must be decoded during the processing. Default value is false. | false | boolean -| *contentEncryptionAlgorithm* (encrypt) | Encryption algorithm, for example DESede/CBC/PKCS5Padding. Further possible values: DESede/CBC/PKCS5Padding, AES/CBC/PKCS5Padding, Camellia/CBC/PKCS5Padding, CAST5/CBC/PKCS5Padding. There are 4 enums and the value can be one of: AES/CBC/PKCS5Padding, DESede/CBC/PKCS5Padding, Camellia/CBC/PKCS5Padding, CAST5/CBC/PKCS5Padding | | String -| *originatorInformationProvider* (encrypt) | Provider for the originator info. See \https://tools.ietf.org/html/rfc5652#section-6.1. The default value is null. | | OriginatorInformationProvider -| *recipient* (encrypt) | Recipient Info: reference to a bean which implements the interface org.apache.camel.component.crypto.cms.api.TransRecipientInfo | | List -| *secretKeyLength* (encrypt) | Key length for the secret symmetric key used for the content encryption. Only used if the specified content-encryption algorithm allows keys of different sizes. If contentEncryptionAlgorithm=AES/CBC/PKCS5Padding or Camellia/CBC/PKCS5Padding then 128; if contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding then 192, 128; if strong encryption is enabled then for AES/CBC/PKCS5Padding and Camellia/CBC/PKCS5Padding also the key lengths 192 and 256 are possible. | | int -| *unprotectedAttributesGenerator{zwsp}Provider* (encrypt) | Provider of the generator for the unprotected attributes. The default value is null which means no unprotected attribute is added to the Enveloped Data object. See \https://tools.ietf.org/html/rfc5652#section-6.1. | | AttributesGeneratorProvider -| *toBase64* (encrypt_sign) | Indicates whether the Signed Data or Enveloped Data instance shall be base 64 encoded. Default value is false. | false | Boolean -| *includeContent* (sign) | Indicates whether the signed content should be included into the Signed Data instance. If false then a detached Signed Data instance is created in the header CamelCryptoCmsSignedData. | true | Boolean -| *signer* (sign) | Signer information: reference to bean(s) which implements org.apache.camel.component.crypto.cms.api.SignerInfo. Multiple values can be separated by comma | | String -| *signedDataHeaderBase64* (verify) | Indicates whether the value in the header CamelCryptoCmsSignedData is base64 encoded. Default value is false. Only relevant for detached signatures. In the detached signature case, the header contains the Signed Data object. | false | boolean -| *verifySignaturesOfAllSigners* (verify) | If true then the signatures of all signers contained in the Signed Data object are verified. If false then only one signature whose signer info matches with one of the specified certificates is verified. Default value is true. | true | boolean -|=== -// endpoint options: END - - -== Enveloped Data - -Note, that a `crypto-cms:encypt` endpoint is typically defined in one route and the complimentary `crypto-cms:decrypt` in another, though for simplicity in the -examples they appear one after the other. - -The following example shows how you can create an Enveloped Data message and how you can decrypt an Enveloped Data message. - -*Basic Example in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint - -DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); -recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption -recipient1.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry -simpleReg.put("recipient1", recipient1); // register recipient info in the registry - -from("direct:start") - .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") - .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") - .to("mock:result"); ----- - -*Basic Example in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="recipient1" - class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="certificateAlias" value="rsa" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> - <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> - <to uri="mock:result" /> - </route> ----- - -*Two Recipients in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint - -DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); -recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption -recipient1.setKeyStoreParameters(keystore); - -DefaultKeyTransRecipientInfo recipient2 = new DefaultKeyTransRecipientInfo(); -recipient2.setCertificateAlias("dsa"); -recipient2.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry -simpleReg.put("recipient1", recipient1); // register recipient info in the registry - -from("direct:start") - .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") - //the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore - .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") - .to("mock:result"); ----- - -*Two Recipients in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="recipient1" - class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="certificateAlias" value="rsa" /> - </bean> - <bean id="recipient2" - class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="certificateAlias" value="dsa" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> - <!-- the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore --> - <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> - <to uri="mock:result" /> - </route> ----- - -== Signed Data - -Note, that a `crypto-cms:sign` endpoint is typically defined in one route and the complimentary `crypto-cms:verify` in another, though for simplicity in the -examples they appear one after the other. - -The following example shows how you can create a Signed Data message and how you can validate a Signed Data message. - -*Basic Example in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the signerInfo1 bean - -//Signer Information, by default the following signed attributes are included: contentType, signingTime, messageDigest, and cmsAlgorithmProtect; by default no unsigned attribute is included. -// If you want to add your own signed attributes or unsigned attributes, see methods DefaultSignerInfo.setSignedAttributeGenerator and DefaultSignerInfo.setUnsignedAttributeGenerator. -DefaultSignerInfo signerInfo1 = new DefaultSignerInfo(); -signerInfo1.setIncludeCertificates(true); // if set to true then the certificate chain of the private key will be added to the Signed Data object -signerInfo1.setSignatureAlgorithm("SHA256withRSA"); // signature algorithm; attention, the signature algorithm must fit to the signer private key. -signerInfo1.setPrivateKeyAlias("rsa"); // alias of the private key used for the signing -signerInfo1.setPassword("private_key_pw".toCharArray()); // optional parameter, if not set then the password of the KeyStoreParameters will be used for accessing the private key -signerInfo1.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); //register keystore in the registry -simpleReg.put("signer1", signerInfo1); //register signer info in the registry - -from("direct:start") - .to("crypto-cms:sign://testsign?signer=#signer1&includeContent=true&toBase64=true") - .to("crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters&fromBase64=true"") - .to("mock:result"); ----- - -*Basic Example in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="signer1" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="rsa" /> - <property name="signatureAlgorithm" value="SHA256withRSA" /> - <property name="includeCertificates" value="true" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:sign://testsign?signer=#signer1&includeContent=true&toBase64=true" /> - <to uri="crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters1&fromBase64=true" /> - <to uri="mock:result" /> - </route> ----- - -*Example with two Signers in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the signerInfo1 bean - -//Signer Information, by default the following signed attributes are included: contentType, signingTime, messageDigest, and cmsAlgorithmProtect; by default no unsigned attribute is included. -// If you want to add your own signed attributes or unsigned attributes, see methods DefaultSignerInfo.setSignedAttributeGenerator and DefaultSignerInfo.setUnsignedAttributeGenerator. -DefaultSignerInfo signerInfo1 = new DefaultSignerInfo(); -signerInfo1.setIncludeCertificates(true); // if set to true then the certificate chain of the private key will be added to the Signed Data object -signerInfo1.setSignatureAlgorithm("SHA256withRSA"); // signature algorithm; attention, the signature algorithm must fit to the signer private key. -signerInfo1.setPrivateKeyAlias("rsa"); // alias of the private key used for the signing -signerInfo1.setPassword("private_key_pw".toCharArray()); // optional parameter, if not set then the password of the KeyStoreParameters will be used for accessing the private key -signerInfo1.setKeyStoreParameters(keystore); - -DefaultSignerInfo signerInfo2 = new DefaultSignerInfo(); -signerInfo2.setIncludeCertificates(true); -signerInfo2.setSignatureAlgorithm("SHA256withDSA"); -signerInfo2.setPrivateKeyAlias("dsa"); -signerInfo2.setKeyStoreParameters(keystore); - - -simpleReg.put("keyStoreParameters", keystore); //register keystore in the registry -simpleReg.put("signer1", signerInfo1); //register signer info in the registry -simpleReg.put("signer2", signerInfo2); //register signer info in the registry - -from("direct:start") - .to("crypto-cms:sign://testsign?signer=#signer1,#signer2&includeContent=true") - .to("crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters") - .to("mock:result"); ----- - -*Example with two Signers in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="signer1" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="rsa" /> - <property name="signatureAlgorithm" value="SHA256withRSA" /> - <property name="includeCertificates" value="true" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw" /> - </bean> - <bean id="signer2" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="dsa" /> - <property name="signatureAlgorithm" value="SHA256withDSA" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw2" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:sign://testsign?signer=#signer1,#signer2&includeContent=true" /> - <to uri="crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters1" /> - <to uri="mock:result" /> - </route> ----- - -*Detached Signature Example in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the signerInfo1 bean - -//Signer Information, by default the following signed attributes are included: contentType, signingTime, messageDigest, and cmsAlgorithmProtect; by default no unsigned attribute is included. -// If you want to add your own signed attributes or unsigned attributes, see methods DefaultSignerInfo.setSignedAttributeGenerator and DefaultSignerInfo.setUnsignedAttributeGenerator. -DefaultSignerInfo signerInfo1 = new DefaultSignerInfo(); -signerInfo1.setIncludeCertificates(true); // if set to true then the certificate chain of the private key will be added to the Signed Data object -signerInfo1.setSignatureAlgorithm("SHA256withRSA"); // signature algorithm; attention, the signature algorithm must fit to the signer private key. -signerInfo1.setPrivateKeyAlias("rsa"); // alias of the private key used for the signing -signerInfo1.setPassword("private_key_pw".toCharArray()); // optional parameter, if not set then the password of the KeyStoreParameters will be used for accessing the private key -signerInfo1.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); //register keystore in the registry -simpleReg.put("signer1", signerInfo1); //register signer info in the registry - -from("direct:start") - //with the option includeContent=false the SignedData object without the signed text will be written into the header "CamelCryptoCmsSignedData" - .to("crypto-cms:sign://testsign?signer=#signer1&includeContent=false&toBase64=true") - //the verifier reads the Signed Data object form the header CamelCryptoCmsSignedData and assumes that the signed content is in the message body - .to("crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters&signedDataHeaderBase64=true") - .to("mock:result"); ----- - -*Detached Signature Example in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="signer1" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="rsa" /> - <property name="signatureAlgorithm" value="SHA256withRSA" /> - <property name="includeCertificates" value="true" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw" /> - </bean> -... - <route> - <from uri="direct:start" /> - <!-- with the option includeContent=false the SignedData object without the signed text will be written into the header "CamelCryptoCmsSignedData" --> - <to uri="crypto-cms:sign://testsign?signer=#signer1&includeContent=false&toBase64=true" /> - <!-- the verifier reads the Signed Data object form the header CamelCryptoCmsSignedData and assumes that the signed content is in the message body --> - <to uri="crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters1&signedDataHeaderBase64=true" /> - <to uri="mock:result" /> - </route> ----- - -include::{page-component-version}@camel-spring-boot::page$crypto-cms-starter.adoc[] diff --git a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java index ceadf07..ffb722a 100644 --- a/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java +++ b/core/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/ComponentsBuilderFactory.java @@ -4650,4 +4650,4 @@ public interface ComponentsBuilderFactory { static org.apache.camel.builder.component.dsl.ZookeeperMasterComponentBuilderFactory.ZookeeperMasterComponentBuilder zookeeperMaster() { return org.apache.camel.builder.component.dsl.ZookeeperMasterComponentBuilderFactory.zookeeperMaster(); } -} +} \ No newline at end of file diff --git a/core/camel-componentdsl/src/generated/resources/metadata.json b/core/camel-componentdsl/src/generated/resources/metadata.json index 664744b..1fed9d5 100644 --- a/core/camel-componentdsl/src/generated/resources/metadata.json +++ b/core/camel-componentdsl/src/generated/resources/metadata.json @@ -1619,29 +1619,6 @@ "producerOnly": false, "lenientProperties": false }, - "CryptoCmsComponentBuilderFactory": { - "kind": "component", - "name": "crypto-cms", - "title": "Crypto CMS", - "description": "Encrypt, decrypt, sign and verify data in CMS Enveloped Data format.", - "deprecated": true, - "deprecatedSince": "3.2.0", - "firstVersion": "2.20.0", - "label": "security,transformation", - "javaType": "org.apache.camel.component.crypto.cms.CryptoCmsComponent", - "supportLevel": "Stable", - "groupId": "org.apache.camel", - "artifactId": "camel-crypto-cms", - "version": "3.10.0-SNAPSHOT", - "scheme": "crypto-cms", - "extendsScheme": "", - "syntax": "crypto-cms:cryptoOperation:name", - "async": false, - "api": false, - "consumerOnly": false, - "producerOnly": true, - "lenientProperties": false - }, "CryptoComponentBuilderFactory": { "kind": "component", "name": "crypto", diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilderFactory.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilderFactory.java index 142dacf..6082c9b 100644 --- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilderFactory.java +++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilderFactory.java @@ -75,7 +75,6 @@ public interface EndpointBuilderFactory org.apache.camel.builder.endpoint.dsl.CouchDbEndpointBuilderFactory.CouchDbBuilders, org.apache.camel.builder.endpoint.dsl.CouchbaseEndpointBuilderFactory.CouchbaseBuilders, org.apache.camel.builder.endpoint.dsl.CronEndpointBuilderFactory.CronBuilders, - org.apache.camel.builder.endpoint.dsl.CryptoCmsEndpointBuilderFactory.CryptoCmsBuilders, org.apache.camel.builder.endpoint.dsl.Cw2EndpointBuilderFactory.Cw2Builders, org.apache.camel.builder.endpoint.dsl.CxfEndpointBuilderFactory.CxfBuilders, org.apache.camel.builder.endpoint.dsl.CxfRsEndpointBuilderFactory.CxfRsBuilders, diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilders.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilders.java index d93bc1e..370a207 100644 --- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilders.java +++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/EndpointBuilders.java @@ -72,7 +72,6 @@ public interface EndpointBuilders org.apache.camel.builder.endpoint.dsl.CouchDbEndpointBuilderFactory, org.apache.camel.builder.endpoint.dsl.CouchbaseEndpointBuilderFactory, org.apache.camel.builder.endpoint.dsl.CronEndpointBuilderFactory, - org.apache.camel.builder.endpoint.dsl.CryptoCmsEndpointBuilderFactory, org.apache.camel.builder.endpoint.dsl.Cw2EndpointBuilderFactory, org.apache.camel.builder.endpoint.dsl.CxfEndpointBuilderFactory, org.apache.camel.builder.endpoint.dsl.CxfRsEndpointBuilderFactory, diff --git a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/StaticEndpointBuilders.java b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/StaticEndpointBuilders.java index 2202ce0..2455cc8 100644 --- a/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/StaticEndpointBuilders.java +++ b/core/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/StaticEndpointBuilders.java @@ -16348,4 +16348,4 @@ public class StaticEndpointBuilders { return org.apache.camel.builder.endpoint.dsl.ZooKeeperMasterEndpointBuilderFactory.endpointBuilder(componentName, path); } } -//CHECKSTYLE:ON +//CHECKSTYLE:ON \ No newline at end of file diff --git a/core/camel-main/src/generated/resources/org/apache/camel/main/components.properties b/core/camel-main/src/generated/resources/org/apache/camel/main/components.properties index a594e0a..6f18e3e 100644 --- a/core/camel-main/src/generated/resources/org/apache/camel/main/components.properties +++ b/core/camel-main/src/generated/resources/org/apache/camel/main/components.properties @@ -72,7 +72,6 @@ couchdb cql cron crypto -crypto-cms cxf cxfrs dataformat diff --git a/docs/components/modules/ROOT/nav.adoc b/docs/components/modules/ROOT/nav.adoc index 4f74ffb..23b4b66 100644 --- a/docs/components/modules/ROOT/nav.adoc +++ b/docs/components/modules/ROOT/nav.adoc @@ -73,7 +73,6 @@ ** xref:couchdb-component.adoc[CouchDB] ** xref:cron-component.adoc[Cron] ** xref:crypto-component.adoc[Crypto (JCE)] -** xref:crypto-cms-component.adoc[Crypto CMS] ** xref:cxf-component.adoc[CXF] ** xref:cxfrs-component.adoc[CXF-RS] ** xref:dataformat-component.adoc[Data Format] diff --git a/docs/components/modules/ROOT/pages/crypto-cms-component.adoc b/docs/components/modules/ROOT/pages/crypto-cms-component.adoc deleted file mode 100644 index f3db4cb..0000000 --- a/docs/components/modules/ROOT/pages/crypto-cms-component.adoc +++ /dev/null @@ -1,413 +0,0 @@ -[[crypto-cms-component]] -= Crypto CMS Component (deprecated) -//THIS FILE IS COPIED: EDIT THE SOURCE FILE: -:page-source: components/camel-crypto-cms/src/main/docs/crypto-cms-component.adoc -:docTitle: Crypto CMS -:artifactId: camel-crypto-cms -:description: Encrypt, decrypt, sign and verify data in CMS Enveloped Data format. -:since: 2.20 -:supportLevel: Stable-deprecated -:deprecated: *deprecated* -:component-header: Only producer is supported -include::{cq-version}@camel-quarkus:ROOT:partial$reference/components/crypto-cms.adoc[opts=optional] - -*Since Camel {since}* - -*Since Camel 2.20* - - -*{component-header}* - -http://tools.ietf.org/html/rfc5652[Cryptographic Message Syntax (CMS)] is a well established standard for signing and encrypting messages. The Apache Crypto CMS component supports the following parts of this standard: -* Content Type "Enveloped Data" with Key Transport (asymmetric key), -* Content Type "Signed Data". -You can create CMS Enveloped Data instances, decrypt CMS Enveloped Data instances, create CMS Signed Data instances, and validate CMS Signed Data instances. - -The component uses the https://www.bouncycastle.org/java.html[Bouncy Castle] libraries bcprov-jdk15on and bcpkix-jdk15on. - -Maven users will need to add the following dependency to their `pom.xml` for this component: - -[source,xml] ----- -<dependency> - <groupId>org.apache.camel</groupId> - <artifactId>camel-crypto-cms</artifactId> - <version>x.x.x</version> - <!-- use the same version as your Camel core version --> -</dependency> ----- - -We recommend to register the Bouncy Castle security provider in your application before you call an endpoint of this component: - -[source,java] ----- -Security.addProvider(new BouncyCastleProvider()); ----- - -If the Bouncy Castle security provider is not registered then the Crypto CMS component will register the provider. - -== Options - -// component options: START -The Crypto CMS component supports 4 options, which are listed below. - - - -[width="100%",cols="2,5,^1,2",options="header"] -|=== -| Name | Description | Default | Type -| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...] -| *autowiredEnabled* (advanced) | Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching type, which then gets configured on the component. This can be used for automatic configuring JDBC data sources, JMS connection factories, AWS Clients, etc. | true | boolean -| *envelopedDataDecryptor{zwsp}Configuration* (advanced) | To configure the shared EnvelopedDataDecryptorConfiguration, which determines the uri parameters for the decrypt operation. | | EnvelopedDataDecryptorConfiguration -| *signedDataVerifier{zwsp}Configuration* (advanced) | To configure the shared SignedDataVerifierConfiguration, which determines the uri parameters for the verify operation. | | SignedDataVerifierConfiguration -|=== -// component options: END - -// endpoint options: START -The Crypto CMS endpoint is configured using URI syntax: - ----- -crypto-cms:cryptoOperation:name ----- - -with the following path and query parameters: - -=== Path Parameters (2 parameters): - - -[width="100%",cols="2,5,^1,2",options="header"] -|=== -| Name | Description | Default | Type -| *cryptoOperation* | *Required* Set the Crypto operation from that supplied after the crypto scheme in the endpoint uri e.g. crypto-cms:sign sets sign as the operation. Possible values: sign, verify, encrypt, or decrypt. There are 4 enums and the value can be one of: sign, verify, encrypt, decrypt | | CryptoOperation -| *name* | *Required* The name part in the URI can be chosen by the user to distinguish between different signer/verifier/encryptor/decryptor endpoints within the camel context. | | String -|=== - - -=== Query Parameters (15 parameters): - - -[width="100%",cols="2,5,^1,2",options="header"] -|=== -| Name | Description | Default | Type -| *keyStore* (common) | Keystore which contains signer private keys, verifier public keys, encryptor public keys, decryptor private keys depending on the operation. Use either this parameter or the parameter 'keyStoreParameters'. | | KeyStore -| *keyStoreParameters* (common) | Keystore containing signer private keys, verifier public keys, encryptor public keys, decryptor private keys depending on the operation. Use either this parameter or the parameter 'keystore'. | | KeyStoreParameters -| *lazyStartProducer* (producer) | Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel's routing error handlers. Beware that when the first message is processed then creating and [...] -| *password* (decrypt) | Sets the password of the private keys. It is assumed that all private keys in the keystore have the same password. If not set then it is assumed that the password of the private keys is given by the keystore password given in the KeyStoreParameters. | | char[] -| *fromBase64* (decrypt_verify) | If true then the CMS message is base 64 encoded and must be decoded during the processing. Default value is false. | false | boolean -| *contentEncryptionAlgorithm* (encrypt) | Encryption algorithm, for example DESede/CBC/PKCS5Padding. Further possible values: DESede/CBC/PKCS5Padding, AES/CBC/PKCS5Padding, Camellia/CBC/PKCS5Padding, CAST5/CBC/PKCS5Padding. There are 4 enums and the value can be one of: AES/CBC/PKCS5Padding, DESede/CBC/PKCS5Padding, Camellia/CBC/PKCS5Padding, CAST5/CBC/PKCS5Padding | | String -| *originatorInformationProvider* (encrypt) | Provider for the originator info. See \https://tools.ietf.org/html/rfc5652#section-6.1. The default value is null. | | OriginatorInformationProvider -| *recipient* (encrypt) | Recipient Info: reference to a bean which implements the interface org.apache.camel.component.crypto.cms.api.TransRecipientInfo | | List -| *secretKeyLength* (encrypt) | Key length for the secret symmetric key used for the content encryption. Only used if the specified content-encryption algorithm allows keys of different sizes. If contentEncryptionAlgorithm=AES/CBC/PKCS5Padding or Camellia/CBC/PKCS5Padding then 128; if contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding then 192, 128; if strong encryption is enabled then for AES/CBC/PKCS5Padding and Camellia/CBC/PKCS5Padding also the key lengths 192 and 256 are possible. | | int -| *unprotectedAttributesGenerator{zwsp}Provider* (encrypt) | Provider of the generator for the unprotected attributes. The default value is null which means no unprotected attribute is added to the Enveloped Data object. See \https://tools.ietf.org/html/rfc5652#section-6.1. | | AttributesGeneratorProvider -| *toBase64* (encrypt_sign) | Indicates whether the Signed Data or Enveloped Data instance shall be base 64 encoded. Default value is false. | false | Boolean -| *includeContent* (sign) | Indicates whether the signed content should be included into the Signed Data instance. If false then a detached Signed Data instance is created in the header CamelCryptoCmsSignedData. | true | Boolean -| *signer* (sign) | Signer information: reference to bean(s) which implements org.apache.camel.component.crypto.cms.api.SignerInfo. Multiple values can be separated by comma | | String -| *signedDataHeaderBase64* (verify) | Indicates whether the value in the header CamelCryptoCmsSignedData is base64 encoded. Default value is false. Only relevant for detached signatures. In the detached signature case, the header contains the Signed Data object. | false | boolean -| *verifySignaturesOfAllSigners* (verify) | If true then the signatures of all signers contained in the Signed Data object are verified. If false then only one signature whose signer info matches with one of the specified certificates is verified. Default value is true. | true | boolean -|=== -// endpoint options: END - - -== Enveloped Data - -Note, that a `crypto-cms:encypt` endpoint is typically defined in one route and the complimentary `crypto-cms:decrypt` in another, though for simplicity in the -examples they appear one after the other. - -The following example shows how you can create an Enveloped Data message and how you can decrypt an Enveloped Data message. - -*Basic Example in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint - -DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); -recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption -recipient1.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry -simpleReg.put("recipient1", recipient1); // register recipient info in the registry - -from("direct:start") - .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") - .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") - .to("mock:result"); ----- - -*Basic Example in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="recipient1" - class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="certificateAlias" value="rsa" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> - <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> - <to uri="mock:result" /> - </route> ----- - -*Two Recipients in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the crypto-cms:decrypt endpoint - -DefaultKeyTransRecipientInfo recipient1 = new DefaultKeyTransRecipientInfo(); -recipient1.setCertificateAlias("rsa"); // alias of the public key used for the encryption -recipient1.setKeyStoreParameters(keystore); - -DefaultKeyTransRecipientInfo recipient2 = new DefaultKeyTransRecipientInfo(); -recipient2.setCertificateAlias("dsa"); -recipient2.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); // register keystore in the registry -simpleReg.put("recipient1", recipient1); // register recipient info in the registry - -from("direct:start") - .to("crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128") - //the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore - .to("crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters") - .to("mock:result"); ----- - -*Two Recipients in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="recipient1" - class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="certificateAlias" value="rsa" /> - </bean> - <bean id="recipient2" - class="org.apache.camel.component.crypto.cms.crypt.DefaultKeyTransRecipientInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="certificateAlias" value="dsa" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:encrypt://testencrpyt?toBase64=true&recipient=#recipient1&recipient=#recipient2&contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding&secretKeyLength=128" /> - <!-- the decryptor will automatically choose one of the two private keys depending which one is in the decryptor keystore --> - <to uri="crypto-cms:decrypt://testdecrypt?fromBase64=true&keyStoreParameters=#keyStoreParameters1" /> - <to uri="mock:result" /> - </route> ----- - -== Signed Data - -Note, that a `crypto-cms:sign` endpoint is typically defined in one route and the complimentary `crypto-cms:verify` in another, though for simplicity in the -examples they appear one after the other. - -The following example shows how you can create a Signed Data message and how you can validate a Signed Data message. - -*Basic Example in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the signerInfo1 bean - -//Signer Information, by default the following signed attributes are included: contentType, signingTime, messageDigest, and cmsAlgorithmProtect; by default no unsigned attribute is included. -// If you want to add your own signed attributes or unsigned attributes, see methods DefaultSignerInfo.setSignedAttributeGenerator and DefaultSignerInfo.setUnsignedAttributeGenerator. -DefaultSignerInfo signerInfo1 = new DefaultSignerInfo(); -signerInfo1.setIncludeCertificates(true); // if set to true then the certificate chain of the private key will be added to the Signed Data object -signerInfo1.setSignatureAlgorithm("SHA256withRSA"); // signature algorithm; attention, the signature algorithm must fit to the signer private key. -signerInfo1.setPrivateKeyAlias("rsa"); // alias of the private key used for the signing -signerInfo1.setPassword("private_key_pw".toCharArray()); // optional parameter, if not set then the password of the KeyStoreParameters will be used for accessing the private key -signerInfo1.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); //register keystore in the registry -simpleReg.put("signer1", signerInfo1); //register signer info in the registry - -from("direct:start") - .to("crypto-cms:sign://testsign?signer=#signer1&includeContent=true&toBase64=true") - .to("crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters&fromBase64=true"") - .to("mock:result"); ----- - -*Basic Example in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="signer1" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="rsa" /> - <property name="signatureAlgorithm" value="SHA256withRSA" /> - <property name="includeCertificates" value="true" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:sign://testsign?signer=#signer1&includeContent=true&toBase64=true" /> - <to uri="crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters1&fromBase64=true" /> - <to uri="mock:result" /> - </route> ----- - -*Example with two Signers in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the signerInfo1 bean - -//Signer Information, by default the following signed attributes are included: contentType, signingTime, messageDigest, and cmsAlgorithmProtect; by default no unsigned attribute is included. -// If you want to add your own signed attributes or unsigned attributes, see methods DefaultSignerInfo.setSignedAttributeGenerator and DefaultSignerInfo.setUnsignedAttributeGenerator. -DefaultSignerInfo signerInfo1 = new DefaultSignerInfo(); -signerInfo1.setIncludeCertificates(true); // if set to true then the certificate chain of the private key will be added to the Signed Data object -signerInfo1.setSignatureAlgorithm("SHA256withRSA"); // signature algorithm; attention, the signature algorithm must fit to the signer private key. -signerInfo1.setPrivateKeyAlias("rsa"); // alias of the private key used for the signing -signerInfo1.setPassword("private_key_pw".toCharArray()); // optional parameter, if not set then the password of the KeyStoreParameters will be used for accessing the private key -signerInfo1.setKeyStoreParameters(keystore); - -DefaultSignerInfo signerInfo2 = new DefaultSignerInfo(); -signerInfo2.setIncludeCertificates(true); -signerInfo2.setSignatureAlgorithm("SHA256withDSA"); -signerInfo2.setPrivateKeyAlias("dsa"); -signerInfo2.setKeyStoreParameters(keystore); - - -simpleReg.put("keyStoreParameters", keystore); //register keystore in the registry -simpleReg.put("signer1", signerInfo1); //register signer info in the registry -simpleReg.put("signer2", signerInfo2); //register signer info in the registry - -from("direct:start") - .to("crypto-cms:sign://testsign?signer=#signer1,#signer2&includeContent=true") - .to("crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters") - .to("mock:result"); ----- - -*Example with two Signers in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="signer1" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="rsa" /> - <property name="signatureAlgorithm" value="SHA256withRSA" /> - <property name="includeCertificates" value="true" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw" /> - </bean> - <bean id="signer2" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="dsa" /> - <property name="signatureAlgorithm" value="SHA256withDSA" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw2" /> - </bean> -... - <route> - <from uri="direct:start" /> - <to uri="crypto-cms:sign://testsign?signer=#signer1,#signer2&includeContent=true" /> - <to uri="crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters1" /> - <to uri="mock:result" /> - </route> ----- - -*Detached Signature Example in Java DSL* - -[source,java] ----- -import org.apache.camel.support.jsse.KeyStoreParameters; -import org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo; -... -KeyStoreParameters keystore = new KeyStoreParameters(); -keystore.setType("JCEKS"); -keystore.setResource("keystore/keystore.jceks); -keystore.setPassword("some_password"); // this password will also be used for accessing the private key if not specified in the signerInfo1 bean - -//Signer Information, by default the following signed attributes are included: contentType, signingTime, messageDigest, and cmsAlgorithmProtect; by default no unsigned attribute is included. -// If you want to add your own signed attributes or unsigned attributes, see methods DefaultSignerInfo.setSignedAttributeGenerator and DefaultSignerInfo.setUnsignedAttributeGenerator. -DefaultSignerInfo signerInfo1 = new DefaultSignerInfo(); -signerInfo1.setIncludeCertificates(true); // if set to true then the certificate chain of the private key will be added to the Signed Data object -signerInfo1.setSignatureAlgorithm("SHA256withRSA"); // signature algorithm; attention, the signature algorithm must fit to the signer private key. -signerInfo1.setPrivateKeyAlias("rsa"); // alias of the private key used for the signing -signerInfo1.setPassword("private_key_pw".toCharArray()); // optional parameter, if not set then the password of the KeyStoreParameters will be used for accessing the private key -signerInfo1.setKeyStoreParameters(keystore); - -simpleReg.put("keyStoreParameters", keystore); //register keystore in the registry -simpleReg.put("signer1", signerInfo1); //register signer info in the registry - -from("direct:start") - //with the option includeContent=false the SignedData object without the signed text will be written into the header "CamelCryptoCmsSignedData" - .to("crypto-cms:sign://testsign?signer=#signer1&includeContent=false&toBase64=true") - //the verifier reads the Signed Data object form the header CamelCryptoCmsSignedData and assumes that the signed content is in the message body - .to("crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters&signedDataHeaderBase64=true") - .to("mock:result"); ----- - -*Detached Signature Example in Spring XML* - -[source,xml] ----- - <keyStoreParameters xmlns="http://camel.apache.org/schema/spring"; - id="keyStoreParameters1" resource="./keystore/keystore.jceks" - password="some_password" type="JCEKS" /> - <bean id="signer1" - class="org.apache.camel.component.crypto.cms.sig.DefaultSignerInfo"> - <property name="keyStoreParameters" ref="keyStoreParameters1" /> - <property name="privateKeyAlias" value="rsa" /> - <property name="signatureAlgorithm" value="SHA256withRSA" /> - <property name="includeCertificates" value="true" /> - <!-- optional parameter 'password', if not set then the password of the KeyStoreParameters will be used for accessing the private key --> - <property name="password" value="private_key_pw" /> - </bean> -... - <route> - <from uri="direct:start" /> - <!-- with the option includeContent=false the SignedData object without the signed text will be written into the header "CamelCryptoCmsSignedData" --> - <to uri="crypto-cms:sign://testsign?signer=#signer1&includeContent=false&toBase64=true" /> - <!-- the verifier reads the Signed Data object form the header CamelCryptoCmsSignedData and assumes that the signed content is in the message body --> - <to uri="crypto-cms:verify://testverify?keyStoreParameters=#keyStoreParameters1&signedDataHeaderBase64=true" /> - <to uri="mock:result" /> - </route> ----- - -include::{page-component-version}@camel-spring-boot::page$crypto-cms-starter.adoc[]
