This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 57f2ba57996 CAMEL-20774: Add more SSL configuration to camel.ssl in
camel-main
57f2ba57996 is described below
commit 57f2ba579966e56df8fbe1773541325ef465023c
Author: Claus Ibsen <[email protected]>
AuthorDate: Sat Aug 17 10:48:38 2024 +0200
CAMEL-20774: Add more SSL configuration to camel.ssl in camel-main
---
.../main/camel-main-configuration-metadata.json | 4 +
.../main/SSLConfigurationPropertiesConfigurer.java | 21 +++++
.../camel-main-configuration-metadata.json | 4 +
core/camel-main/src/main/docs/main.adoc | 6 +-
.../org/apache/camel/main/BaseMainSupport.java | 6 ++
.../camel/main/SSLConfigurationProperties.java | 99 ++++++++++++++++++++++
6 files changed, 139 insertions(+), 1 deletion(-)
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
index 8185a3cf983..bf0867f90cd 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/main/camel-main-configuration-metadata.json
@@ -276,10 +276,14 @@
{ "name": "camel.server.uploadEnabled", "description": "Whether to enable
file upload via HTTP (not intended for production use). This functionality is
for development to be able to reload Camel routes and code with source changes
(if reload is enabled). If enabled then you can upload\/delete files via HTTP
PUT\/DELETE on context-path: \/q\/upload\/{name}. You must also configure the
uploadSourceDir option.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "t [...]
{ "name": "camel.server.uploadSourceDir", "description": "Source directory
when upload is enabled.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.server.useGlobalSslContextParameters", "description":
"Whether to use global SSL configuration for securing the embedded HTTP
server.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
+ { "name": "camel.ssl.certAlias", "description": "An optional certificate
alias to use. This is useful when the keystore has multiple certificates.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.clientAuthentication", "description": "Sets the
configuration for server-side client-authentication requirements",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String", "defaultValue": "NONE", "enum": [
"NONE", "WANT", "REQUIRE" ] },
{ "name": "camel.ssl.enabled", "description": "Enables SSL in your Camel
application.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.ssl.keyStore", "description": "Sets the SSL Keystore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.keystorePassword", "description": "Sets the SSL
Keystore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.provider", "description": "To use a specific provider
for creating SSLContext. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.secureSocketProtocol", "description": "The optional
protocol for the secure sockets created by the SSLContext. See Appendix A in
the
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html
for information about standard protocol names.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String", "defaultValue": "TLSv1.3" },
+ { "name": "camel.ssl.sessionTimeout", "description": "Timeout in seconds
to use for SSLContext. The default is 24 hours.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "integer",
"javaType": "int", "defaultValue": 86400 },
{ "name": "camel.ssl.trustStore", "description": "Sets the SSL Truststore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.trustStorePassword", "description": "Sets the SSL
Truststore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.threadpool.allowCoreThreadTimeOut", "description": "Sets
default whether to allow core threads to timeout", "sourceType":
"org.apache.camel.main.ThreadPoolConfigurationProperties", "type": "boolean",
"javaType": "java.lang.Boolean", "defaultValue": "false" },
diff --git
a/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
b/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
index 232fc0f405a..42026a97b48 100644
---
a/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
+++
b/core/camel-main/src/generated/java/org/apache/camel/main/SSLConfigurationPropertiesConfigurer.java
@@ -23,6 +23,8 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
public boolean configure(CamelContext camelContext, Object obj, String
name, Object value, boolean ignoreCase) {
org.apache.camel.main.SSLConfigurationProperties target =
(org.apache.camel.main.SSLConfigurationProperties) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "certalias":
+ case "certAlias": target.setCertAlias(property(camelContext,
java.lang.String.class, value)); return true;
case "clientauthentication":
case "clientAuthentication":
target.setClientAuthentication(property(camelContext, java.lang.String.class,
value)); return true;
case "enabled": target.setEnabled(property(camelContext,
boolean.class, value)); return true;
@@ -30,6 +32,11 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
case "keyStore": target.setKeyStore(property(camelContext,
java.lang.String.class, value)); return true;
case "keystorepassword":
case "keystorePassword":
target.setKeystorePassword(property(camelContext, java.lang.String.class,
value)); return true;
+ case "provider": target.setProvider(property(camelContext,
java.lang.String.class, value)); return true;
+ case "securesocketprotocol":
+ case "secureSocketProtocol":
target.setSecureSocketProtocol(property(camelContext, java.lang.String.class,
value)); return true;
+ case "sessiontimeout":
+ case "sessionTimeout": target.setSessionTimeout(property(camelContext,
int.class, value)); return true;
case "truststore":
case "trustStore": target.setTrustStore(property(camelContext,
java.lang.String.class, value)); return true;
case "truststorepassword":
@@ -41,6 +48,8 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
@Override
public Class<?> getOptionType(String name, boolean ignoreCase) {
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "certalias":
+ case "certAlias": return java.lang.String.class;
case "clientauthentication":
case "clientAuthentication": return java.lang.String.class;
case "enabled": return boolean.class;
@@ -48,6 +57,11 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
case "keyStore": return java.lang.String.class;
case "keystorepassword":
case "keystorePassword": return java.lang.String.class;
+ case "provider": return java.lang.String.class;
+ case "securesocketprotocol":
+ case "secureSocketProtocol": return java.lang.String.class;
+ case "sessiontimeout":
+ case "sessionTimeout": return int.class;
case "truststore":
case "trustStore": return java.lang.String.class;
case "truststorepassword":
@@ -60,6 +74,8 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
public Object getOptionValue(Object obj, String name, boolean ignoreCase) {
org.apache.camel.main.SSLConfigurationProperties target =
(org.apache.camel.main.SSLConfigurationProperties) obj;
switch (ignoreCase ? name.toLowerCase() : name) {
+ case "certalias":
+ case "certAlias": return target.getCertAlias();
case "clientauthentication":
case "clientAuthentication": return target.getClientAuthentication();
case "enabled": return target.isEnabled();
@@ -67,6 +83,11 @@ public class SSLConfigurationPropertiesConfigurer extends
org.apache.camel.suppo
case "keyStore": return target.getKeyStore();
case "keystorepassword":
case "keystorePassword": return target.getKeystorePassword();
+ case "provider": return target.getProvider();
+ case "securesocketprotocol":
+ case "secureSocketProtocol": return target.getSecureSocketProtocol();
+ case "sessiontimeout":
+ case "sessionTimeout": return target.getSessionTimeout();
case "truststore":
case "trustStore": return target.getTrustStore();
case "truststorepassword":
diff --git
a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
index 8185a3cf983..bf0867f90cd 100644
---
a/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
+++
b/core/camel-main/src/generated/resources/META-INF/camel-main-configuration-metadata.json
@@ -276,10 +276,14 @@
{ "name": "camel.server.uploadEnabled", "description": "Whether to enable
file upload via HTTP (not intended for production use). This functionality is
for development to be able to reload Camel routes and code with source changes
(if reload is enabled). If enabled then you can upload\/delete files via HTTP
PUT\/DELETE on context-path: \/q\/upload\/{name}. You must also configure the
uploadSourceDir option.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "t [...]
{ "name": "camel.server.uploadSourceDir", "description": "Source directory
when upload is enabled.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.server.useGlobalSslContextParameters", "description":
"Whether to use global SSL configuration for securing the embedded HTTP
server.", "sourceType":
"org.apache.camel.main.HttpServerConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
+ { "name": "camel.ssl.certAlias", "description": "An optional certificate
alias to use. This is useful when the keystore has multiple certificates.",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.clientAuthentication", "description": "Sets the
configuration for server-side client-authentication requirements",
"sourceType": "org.apache.camel.main.SSLConfigurationProperties", "type":
"string", "javaType": "java.lang.String", "defaultValue": "NONE", "enum": [
"NONE", "WANT", "REQUIRE" ] },
{ "name": "camel.ssl.enabled", "description": "Enables SSL in your Camel
application.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "boolean",
"javaType": "boolean", "defaultValue": "false" },
{ "name": "camel.ssl.keyStore", "description": "Sets the SSL Keystore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.keystorePassword", "description": "Sets the SSL
Keystore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.provider", "description": "To use a specific provider
for creating SSLContext. The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
+ { "name": "camel.ssl.secureSocketProtocol", "description": "The optional
protocol for the secure sockets created by the SSLContext. See Appendix A in
the
https:\/\/docs.oracle.com\/en\/java\/javase\/17\/docs\/specs\/security\/standard-names.html
for information about standard protocol names.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String", "defaultValue": "TLSv1.3" },
+ { "name": "camel.ssl.sessionTimeout", "description": "Timeout in seconds
to use for SSLContext. The default is 24 hours.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "integer",
"javaType": "int", "defaultValue": 86400 },
{ "name": "camel.ssl.trustStore", "description": "Sets the SSL Truststore
resource.", "sourceType": "org.apache.camel.main.SSLConfigurationProperties",
"type": "string", "javaType": "java.lang.String" },
{ "name": "camel.ssl.trustStorePassword", "description": "Sets the SSL
Truststore password.", "sourceType":
"org.apache.camel.main.SSLConfigurationProperties", "type": "string",
"javaType": "java.lang.String" },
{ "name": "camel.threadpool.allowCoreThreadTimeOut", "description": "Sets
default whether to allow core threads to timeout", "sourceType":
"org.apache.camel.main.ThreadPoolConfigurationProperties", "type": "boolean",
"javaType": "java.lang.Boolean", "defaultValue": "false" },
diff --git a/core/camel-main/src/main/docs/main.adoc
b/core/camel-main/src/main/docs/main.adoc
index 69712f305d9..9e1131bd1f8 100644
--- a/core/camel-main/src/main/docs/main.adoc
+++ b/core/camel-main/src/main/docs/main.adoc
@@ -245,15 +245,19 @@ The camel.trace supports 14 options, which are listed
below.
=== Camel SSL configurations
-The camel.ssl supports 6 options, which are listed below.
+The camel.ssl supports 10 options, which are listed below.
[width="100%",cols="2,5,^1,2",options="header"]
|===
| Name | Description | Default | Type
+| *camel.ssl.certAlias* | An optional certificate alias to use. This is useful
when the keystore has multiple certificates. | | String
| *camel.ssl.clientAuthentication* | Sets the configuration for server-side
client-authentication requirements | NONE | String
| *camel.ssl.enabled* | Enables SSL in your Camel application. | false |
boolean
| *camel.ssl.keyStore* | Sets the SSL Keystore resource. | | String
| *camel.ssl.keystorePassword* | Sets the SSL Keystore password. | | String
+| *camel.ssl.provider* | To use a specific provider for creating SSLContext.
The list of available providers returned by
java.security.Security.getProviders() or null to use the highest priority
provider implementing the secure socket protocol. | | String
+| *camel.ssl.secureSocketProtocol* | The optional protocol for the secure
sockets created by the SSLContext. See Appendix A in the
\https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
for information about standard protocol names. | TLSv1.3 | String
+| *camel.ssl.sessionTimeout* | Timeout in seconds to use for SSLContext. The
default is 24 hours. | 86400 | int
| *camel.ssl.trustStore* | Sets the SSL Truststore resource. | | String
| *camel.ssl.trustStorePassword* | Sets the SSL Truststore password. | |
String
|===
diff --git
a/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
b/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
index b3df528b469..8af86884a33 100644
--- a/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
+++ b/core/camel-main/src/main/java/org/apache/camel/main/BaseMainSupport.java
@@ -1683,6 +1683,12 @@ public abstract class BaseMainSupport extends
BaseService {
scsp.setClientAuthentication(sslConfig.getClientAuthentication());
SSLContextParameters sslContextParameters = new SSLContextParameters();
+ sslContextParameters.setProvider(sslConfig.getProvider());
+
sslContextParameters.setSecureSocketProtocol(sslConfig.getSecureSocketProtocol());
+ sslContextParameters.setCertAlias(sslConfig.getCertAlias());
+ if (sslConfig.getSessionTimeout() > 0) {
+ sslContextParameters.setSessionTimeout("" +
sslConfig.getSessionTimeout());
+ }
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
sslContextParameters.setServerParameters(scsp);
diff --git
a/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
b/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
index 3792fd54469..e6b91466f68 100644
---
a/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
+++
b/core/camel-main/src/main/java/org/apache/camel/main/SSLConfigurationProperties.java
@@ -20,6 +20,9 @@ import org.apache.camel.spi.BootstrapCloseable;
import org.apache.camel.spi.Configurer;
import org.apache.camel.spi.Metadata;
+import javax.net.ssl.SSLContext;
+import java.security.Security;
+
/**
* Global configuration for SSL.
*/
@@ -30,6 +33,14 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
@Metadata
private boolean enabled;
+ @Metadata(label = "advanced")
+ private String provider;
+ @Metadata(label = "advanced", defaultValue = "TLSv1.3")
+ private String secureSocketProtocol;
+ @Metadata(label = "advanced")
+ private String certAlias;
+ @Metadata(label = "advanced", defaultValue = "86400")
+ private int sessionTimeout;
@Metadata
private String keyStore;
@Metadata
@@ -65,6 +76,56 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
this.enabled = enabled;
}
+ public String getProvider() {
+ return provider;
+ }
+
+ /**
+ * To use a specific provider for creating SSLContext.
+ *
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public void setProvider(String provider) {
+ this.provider = provider;
+ }
+
+ public String getSecureSocketProtocol() {
+ return secureSocketProtocol;
+ }
+
+ /**
+ * The optional protocol for the secure sockets created by the SSLContext.
+ *
+ * See Appendix A in the
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
for
+ * information about standard protocol names.
+ */
+ public void setSecureSocketProtocol(String secureSocketProtocol) {
+ this.secureSocketProtocol = secureSocketProtocol;
+ }
+
+ public String getCertAlias() {
+ return certAlias;
+ }
+
+ /**
+ * An optional certificate alias to use. This is useful when the keystore
has multiple certificates.
+ */
+ public void setCertAlias(String certAlias) {
+ this.certAlias = certAlias;
+ }
+
+ public int getSessionTimeout() {
+ return sessionTimeout;
+ }
+
+ /**
+ * Timeout in seconds to use for SSLContext. The default is 24 hours.
+ */
+ public void setSessionTimeout(int sessionTimeout) {
+ this.sessionTimeout = sessionTimeout;
+ }
+
public String getKeyStore() {
return keyStore;
}
@@ -128,6 +189,44 @@ public class SSLConfigurationProperties implements
BootstrapCloseable {
return this;
}
+ /**
+ * To use a specific provider for creating SSLContext.
+ *
+ * The list of available providers returned by
java.security.Security.getProviders() or null to use the highest
+ * priority provider implementing the secure socket protocol.
+ */
+ public SSLConfigurationProperties withProvider(String provider) {
+ this.provider = provider;
+ return this;
+ }
+
+ /**
+ * The optional protocol for the secure sockets created by the SSLContext.
+ *
+ * See Appendix A in the
https://docs.oracle.com/en/java/javase/17/docs/specs/security/standard-names.html
for
+ * information about standard protocol names.
+ */
+ public SSLConfigurationProperties withSecureSocketProtocol(String
secureSocketProtocol) {
+ this.secureSocketProtocol = secureSocketProtocol;
+ return this;
+ }
+
+ /**
+ * An optional certificate alias to use. This is useful when the keystore
has multiple certificates.
+ */
+ public SSLConfigurationProperties withCertAlias(String certAlias) {
+ this.certAlias = certAlias;
+ return this;
+ }
+
+ /**
+ * Timeout in seconds to use for SSLContext. The default is 24 hours.
+ */
+ public SSLConfigurationProperties withSessionTimeoutCertAlias(int
sessionTimeout) {
+ this.sessionTimeout = sessionTimeout;
+ return this;
+ }
+
/**
* Sets the SSL Keystore.
*/
