Modified: websites/production/camel/content/camel-configuration-utilities.html
==============================================================================
--- websites/production/camel/content/camel-configuration-utilities.html
(original)
+++ websites/production/camel/content/camel-configuration-utilities.html Sat
Nov 28 09:21:42 2015
@@ -85,7 +85,7 @@
<tbody>
<tr>
<td valign="top" width="100%">
-<div class="wiki-content maincontent"><h2
id="CamelConfigurationUtilities-JSSEUtility">JSSE Utility</h2><p>The JSSE
Utility, available as of <strong>2.8</strong>, allows you to easily configure
aspects of the <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html";
rel="nofollow">Java Secure Socket Extension</a> (JSSE) API in order to greatly
simplify the use of custom transport layer security (TLS) settings on Camel
components.</p><h3
id="CamelConfigurationUtilities-SupportedComponents">Supported
Components</h3><p>The following Camel components directly support the use of
this configuration utility:</p><ul><li><a shape="rect"
href="http4.html">HTTP4</a></li><li><a shape="rect"
href="jetty.html">Jetty</a></li><li><a shape="rect"
href="ahc.html">AHC</a></li><li><a shape="rect"
href="netty.html">Netty</a></li><li><a shape="rect"
href="cometd.html">Cometd</a></li><li><a shape="rect" href="ftp2.html">FTP2</a><
/li><li><a shape="rect" href="irc.html">IRC</a></li><li><a shape="rect"
href="mail.html">Mail</a></li><li>MINA 2</li></ul><p>The following Camel
components indirectly support the use of this configuration
utility:</p><ul><li><a shape="rect" href="cxf.html">CXF</a></li><li><a
shape="rect" href="http.html">HTTP</a></li></ul><h3
id="CamelConfigurationUtilities-Configuration">Configuration</h3><p>The key
component in configuring TLS through the JSSE API is the SSLContext.  The
<a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLContext";
rel="nofollow">SSLContext</a> provides socket factories for both <a
shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLSocketFactory";
rel="nofollow">client-side</a> and <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/
JSSERefGuide.html#SSLSocketFactory" rel="nofollow">server-side</a> sockets as
well as another component called an <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLENG";
rel="nofollow">SSLEngine</a> that is used by non-blocking IO to support
TLS.  The JSSE configuration utility provides an easy to use builder for
configuring these JSSE components, among others, in a manner that allows you to
provide all configuration options up front during the initialization of your
application such that you don't have to customize library code or dig though
the inner workings of a third-party library in order to inject hooks for the
configuration of each component in the JSSE API.  The central builder in
the JSSE configuration utility is the SSLContextParameters.  This class
serves as the entry point for most configuration in the JSSE utility.</p><div
class="confluence-information-macro confluence-
information-macro-information"><span class="aui-icon aui-icon-small
aui-iconfont-info confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>All non-native classes are in the
org.apache.camel.util.jsse package.  All non-W3C schema defined types are
in the <a shape="rect" class="external-link"
href="http://camel.apache.org/schema/spring";>http://camel.apache.org/schema/spring</a>
or <a shape="rect" class="external-link"
href="http://camel.apache.org/schema/blueprint";>http://camel.apache.org/schema/blueprint</a>
namespaces for Spring and Blueprint based configuration,
respectively.</p></div></div><h4
id="CamelConfigurationUtilities-SSLContextParameters">SSLContextParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cipherSuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/ciphersuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named cipher suites to enable on both the client and server side as
well as in the SSLEngine.  These values take precedence over filters
supplied in cipherSuitesFilter.  The utility attempts to enable the listed
cipher suites regardless of whether or not the JSSE provider actually supports
them or not.  This behavior guarantees that listed cipher suites are
always enabled when listed.  For a more lenient option, use
cipherSuitesFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>cipherSuitesFilter - <a shape="rect"
href="#CamelConfigurationUtilities-FilterParamet
ers">FilterParameters</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/cipherSuitesFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for cipher suites to
enable on both the client and server side as well as in the SSLEngine. 
The patterns are applied over only the available cipher suites.  The
exclude patterns have precedence over the include patterns.  If no
cipherSuites and no cipherSuitesFilter are present, the default patterns
applied are: <br clear="none" class="atl-forced-newline"> <br clear="none"
class="atl-forced-newline">
Includes</p><ul><li>.*</li></ul><p>Excludes</p><ul><li>.*<em>NULL</em>.*</li><li>.*<em>anon</em>.*</li><li>.*DES.*
<strong>Camel 2.15.4</strong></li><li>.*EXPORT.* <strong>Camel
2.15.4</strong></li></ul></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on
both the client and server side as well as in the SSLEngine.  These values
take precedence over filters supplied in secureSocketProtocolsFilter.  The
utility attempts to enable the listed protocols regardless of whether or not
the JSSE provider actually supports them or not.  This behavior guarantees
that listed protocols are always enabled when listed.  For a more lenient
option, use secureSocketProtocolsFilter.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>secureSocketProtocolsFilter - <a
shape="rect" href="#CamelCo
nfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/secureSocketProtocolsFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for secure socket
protocols to enable on both the client and server side as well as in the
SSLEngine.  The patterns are applied over only the available
protocols.  The exclude patterns have precedence over the include
patterns.  If no secureSocketProtocols and no secureSocketProtocolsFilter
are present, the default patterns applied are: <br clear="none"
class="atl-forced-newline"> <br clear="none" class="atl-forced-newline">
Includes</p><ul><li>.*</li></ul></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sessionTimeout - java.lang.String</p></td><td colspan="
1" rowspan="1" class="confluenceTd"><p>sslContextParameters/@sessionTimeout -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property defines the timeout period, in seconds, for sessions on both
the client and server side as well as in the SSLEngine.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyManagers - <a shape="rect"
href="#CamelConfigurationUtilities-KeyManagersParameters">KeyManagersParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/keyManagers - <a shape="rect"
href="#CamelConfigurationUtilities-KeyManagersParameters">KeyManagersParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures the source of key material for providing identity of client and
server side connections as well as in the SSLEngine.  If omitted, no
source of key material is provided and the SSLContext is suitable only for
client-side usage when
mutual authentication is not in use.  You typically configure this
property with a key store containing a client or server private
key.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>trustManagers - <a shape="rect"
href="#CamelConfigurationUtilities-TrustManagersParameters">TrustManagersParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/trustManagers - <a shape="rect"
href="#CamelConfigurationUtilities-TrustManagersParameters">TrustManagersParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures the source of material for verifying trust of key material used in
the handshake process.  If omitted, the default trust manager is
automatically used.  See the <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores";
rel="nofollow">JSSE documentation</a> for more i
nformation on how the default trust manager is configured.  You typically
configure this property with a key store containing trusted CA
certificates.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureRandom - SecureRandomParameters</p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/secureRandom -
SecureRandomParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property configures the secure random
number generator used by the client and server side as well as in the
SSLEngine.  If omitted, the default secure random number generator is
used.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>clientParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SSLContextClientParameters">SSLContextClientParameters
</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/clientParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SS
LContextClientParameters">SSLContextClientParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures additional settings that apply only to the client side aspects of
the SSLContext.  If present, these settings override the settings
specified at the SSLContextParameters level.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>serverParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SSLContextServerParameters">SSLContextServerParameters
</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/serverParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SSLContextServerParameters">SSLContextServerParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures additional settings that apply only to the server side aspects of
the SSLContext.  If present, these settings override the settings
specified at the SSLCont
extParameters level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>provider - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>sslContextParameters/@provider -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
optional provider identifier for the JSSE implementation to use when
constructing the SSLContext.  If omitted, the standard provider look-up
mechanism is used to resolve the provider.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>secureSocketProtocol -
java.lang.String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/@secureSocketProtocol -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
optional secure socket protocol. See <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides//security/jsse/JSSERefGuide.html#AppA";
rel="nofollow">Appendix A</a> in the Java Secure Socket
Extension Reference Guide for information about standard protocol
names.  If omitted, TLS is used by default.  Note that this property
is related to but distinctly different from the secureSocketProtocols and
secureSocketProtocolsFilter properties.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">certAlias - java.lang.String</td><td
colspan="1" rowspan="1" class="confluenceTd">sslContextParameters/@certAlias -
xsd:string</td><td colspan="1" rowspan="1" class="confluenceTd"><p>*Camel
2.13:* An optional certificate alias to use. This is useful when the keystore
has multiple certificates.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-KeyManagersParameters">KeyManagersParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="
1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore- <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore - <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents the key store that provides key material to the key manager. 
This is typically configured with a key store containing a user or server
private key.  In some cases, such as when using PKCS#11, the key store is
omitted entirely.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>keyPassword - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>@keyPassword - xsd:string</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The optional password for reco
vering/accessing the private key in the key store.  This is typically the
password for the private key in the configured key store; however, in some
cases, such as when using PKCS#11, the key password may be provided through
other means and is omitted entirely in this configuration.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>provider -
java.lang.String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>@provider - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The optional provider identifier for the
KeyManagerFactory used to create the KeyManagers represented by this object's
configuration.  If omitted, the default look-up behavior is
used.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>algorithm - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>@algorithm - xsd:string</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The optional algorithm name for
the
KeyManagerFactory used to create the KeyManager represented by this object's
configuration.  See the <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html";
rel="nofollow">Java Secure Socket Extension Reference Guide</a> for
information about standard algorithm
names.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-TrustManagersParameters">TrustManagersParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>keyStore- <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" clas
s="confluenceTd"><p>keyStore - <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents the key store that provides key material to the trust manager. 
This is typically configured with a key store containing trusted CA
certificates / public keys.  In some cases, such as when using PKCS#11,
the key store is omitted entirely.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>provider - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>@provider - xsd:string</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The optional provider
identifier for the TrustManagerFactory used to create the TrustManagers
represented by this object's configuration.  If omitted, the default
look-up behavior is used.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>algorithm - java.lang.Stri
ng</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>@algorithm -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
optional algorithm name for the TrustManagerFactory used to create the
TrustManager represented by this object's configuration.  See the <a
shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html";
rel="nofollow">Java Secure Socket Extension Reference Guide</a> for
information about standard algorithm
names.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" row
span="1" class="confluenceTd"><p>resource- java.lang.String</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore/@resource -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property represents the location of the key store resource to load the
key store from.  In some cases, the resource is omitted as the key store
content is provided by other means.  The loading of the resource, if
provided, is attempted by treating the resource as a file path, a class path
resource, and a URL in that order. An exception is thrown if the resource
cannot be resolved to readable input stream using any of the above
methods.</p><div class="confluence-information-macro
confluence-information-macro-note"><p class="title">OSGi Usage</p><span
class="aui-icon aui-icon-small aui-iconfont-warning
confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>For programmatic and Spring based
XML configuration in OSGi,
a resource specified as a classpath resource path may be accessible in the
bundle containing the XML configuration file or in a package that is imported
by that bundle.  As Blueprint does not define the thread context
classloader behavior, only classpath resources in the bundle containing the XML
configuration file may be resolved from a Blueprint based XML configuration.
<br clear="none" class="atl-forced-newline"> <br clear="none"
class="atl-forced-newline"> <br clear="none" class="atl-forced-newline"> <br
clear="none" class="atl-forced-newline"> <br clear="none"
class="atl-forced-newline"> </p></div></div></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>password - java.lang.String</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore/@password -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
optional password for reading/opening/verifying the key
store.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceT
d"><p>type - java.lang.String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>keyStore/@type - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The optional type of the key store. 
See Appendix A in the <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyStore";
rel="nofollow">Java Cryptography Architecture Standard Algorithm Name
Documentation</a> for more information on standard names.  If omitted,
defaults to the default lookup mechanism as defined by <a shape="rect"
class="external-link"
href="http://download.oracle.com/javase/6/docs/api/java/security/KeyStore.html#getDefaultType()"
rel="nofollow">KeyStore.getDefaultType()</a>.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>provider - java.lang.String</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore/@provider -
xsd:string</p></td><td colspan="1" rowspan="1" class="c
onfluenceTd"><p>The optional provider identifier for the provider used to
create the KeyStores represented by this object's configuration.  If
omitted, the default look-up behavior is
used.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-FilterParameters">FilterParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>include -
java.util.List<java.lang.String></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>include - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This optional property represents zero or
more regular expression patterns for which matching values should be
included. 
The list of excludes takes precedence over the include
patterns.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>exclude -
java.util.List<java.lang.String></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>exclude - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This optional property represents zero or
more regular expression patterns for which matching values should be
included.  The list of excludes takes precedence over the include
patterns.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-SecureRandomParameters">SecureRandomParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class=
"confluenceTd"><p>algorithm - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>@algorithm - xsd:string</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optionap property
represents the Random Number Generator (RNG) algorithm identifier for the
SecureRandom factory method used to create the SecureRandom represented by this
object's configuration. See <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA";
rel="nofollow">Appendix A</a> in the Java Cryptography Architecture API
Specification & Reference for information about standard RNG algorithm
names.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>provider - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>@provider - xsd:string</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The optional provider
identifier for the SecureRandom factory metho
d used to create the SecureRandom represented by this object's
configuration.  If omitted, the default look-up behavior is
used.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-SSLContextServerParameters">SSLContextServerParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cipherSuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/ciphersuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named cipher suites to enable on the server side only
(SSLServerSocketFac
tory/SSLServerSocket) by overriding the value of this setting in the
SSLContextParameters.  This option has no affect on the SSLEngine
configuration.  These values take precedence over filters supplied in
cipherSuitesFilter.  The utility attempts to enable the listed cipher
suites regardless of whether or not the JSSE provider actually supports them or
not.  This behavior guarantees that listed cipher suites are always
enabled when listed.  For a more lenient option, use
cipherSuitesFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>cipherSuitesFilter - <a shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/cipherSuitesFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a co
llection of include and exclude patterns for cipher suites to enable on the
server side only (SSLServerSocketFactory/SSLServerSocket) by overriding the
value of this setting in the SSLContextParameters.  This option has no
affect on the SSLEngine configuration.  The patterns are applied over only
the available cipher suites.  The exclude patterns have precedence over
the include patterns.  See SSLContextParameters for details of the
behavior if this option and cipherSuites is omitted at this
level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on
the server side
only (SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
setting in the SSLContextParameters.  This option has no affect on the
SSLEngine configuration.  These values take precedence over filters
supplied in secureSocketProtocolsFilter.  The utility attempts to enable
the listed protocols regardless of whether or not the JSSE provider actually
supports them or not.  This behavior guarantees that listed protocols aree
always enabled when listed.  For a more lenient option, use
secureSocketProtocolsFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureSocketProtocolsFilter - <a shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/secureSocketProtocolsFilter
- <a shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="co
nfluenceTd"><p>This optional property represents a collection of include and
exclude patterns for secure socket protocols to enable on theserver side only
(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
setting in the SSLContextParameters.  This option has no affect on the
SSLEngine configuration.  The patterns are applied over only the available
protocols.  The exclude patterns have precedence over the include
patterns.  See SSLContextParameters for details of the behavior if this
option and/or secureSocketProtocols is omitted at this
level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sessionTimeout - java.lang.String</p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextServerParameters/@sessionTimeout -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property defines the timeout period, in seconds, for sessions on the
server side.  This setting affects b
oth the SSLServerSocketFactory/SSLServerSocket as well as the server side of
the SSLEngine.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>clientAuthentication - java.lang.String</p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextServerParameters/@clientAuthentication -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property indicates if the server side does not request, requests, or
requires clients to provide authentication credentials during the handshake
process.  This is commonly referred to as mutual authentication, two
direction SSL/TLS, or two-legged SSL/TLS. <br clear="none"
class="atl-forced-newline"> Valid values are: NONE, WANT,
REQUIRE</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-SSLContextClientParameters">SSLContextClientParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Fie
ld Name and Class</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>XML Attribute/Element and Type</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>cipherSuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/ciphersuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named cipher suites to enable on theclient  side only
(SSLSocketFactory/SSLSocket) by overriding the value of this setting in the
SSLContextParameters.  This option has no affect on the SSLEngine
configuration.  These values take precedence over filters supplied in
cipherSuitesFilter.  The utility attempts to enable the listed cipher
suites regardless of whether or not the JSSE provider actually supports them or
not.  This behavior gu
arantees that listed cipher suites are always enabled when listed.  For a
more lenient option, use cipherSuitesFilter.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cipherSuitesFilter - <a shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/cipherSuitesFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for cipher suites to
enable on the client side only (SSLSocketFactory/SSLSocket) by overriding the
value of this setting in the SSLContextParameters.  This option has no
affect on the SSLEngine configuration.  The patterns are applied over only
the available cipher suites.  The exclud
e patterns have precedence over the include patterns.  See
SSLContextParameters for details of the behavior if this option and
cipherSuites is omitted at this level.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on
the client side only (SSLSocketFactory/SSLSocket) by overriding the value of
this setting in the SSLContextParameters.  This option has no affect on
the SSLEngine configuration.  These values take precedence over filters
supplied in secureSocketProtocolsFilter.  The utility attempts to enable
the listed protocols regardless of whether or not the JSSE p
rovider actually supports them or not.  This behavior guarantees that
listed protocols aree always enabled when listed.  For a more lenient
option, use secureSocketProtocolsFilter.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>secureSocketProtocolsFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/secureSocketProtocolsFilter
- <a shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for secure socket
protocols to enable on the client side only (SSLSocketFactory/SSLSocket) by
overriding the value of this setting in the SSLContextParameters.  This
option has no affect on the SSLEngine config
uration.  The patterns are applied over only the available
protocols.  The exclude patterns have precedence over the include
patterns.  See SSLContextParameters for details of the behavior if this
option and/or secureSocketProtocols is omitted at this
level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sessionTimeout - java.lang.String</p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextServerParameters/@sessionTimeout -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property defines the timeout period, in seconds, for sessions on the
client side This setting affects both the SSLSocketFactory/SSLSocket as well as
the client side of the SSLEngine.</p></td></tr></tbody></table></div><h3
id="CamelConfigurationUtilities-Examples">Examples</h3><h4
id="CamelConfigurationUtilities-ProgrammaticUsage">Programmatic Usage</h4><h5
id="CamelConfigurationUtilities-SettingClientAuthenticationOntheServerS
ide">Setting Client Authentication On the Server Side</h5><p>This
configuration sets the server side aspects of the TLS configuration to require
client authentication during the handshake process.  This configuration
uses the default trust store and a custom key store to provide key material for
both the server and client sides of the SSLContext.</p><div class="code panel
pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<div class="wiki-content maincontent"><h2
id="CamelConfigurationUtilities-JSSEUtility">JSSE Utility</h2><p>The JSSE
Utility, available as of <strong>2.8</strong>, allows you to easily configure
aspects of the <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html";
rel="nofollow">Java Secure Socket Extension</a> (JSSE) API in order to greatly
simplify the use of custom transport layer security (TLS) settings on Camel
components.</p><h3
id="CamelConfigurationUtilities-SupportedComponents">Supported
Components</h3><p>The following Camel components directly support the use of
this configuration utility:</p><ul><li><a shape="rect"
href="http4.html">HTTP4</a></li><li><a shape="rect"
href="jetty.html">Jetty</a></li><li><a shape="rect"
href="ahc.html">AHC</a></li><li><a shape="rect"
href="netty.html">Netty</a></li><li><a shape="rect"
href="cometd.html">Cometd</a></li><li><a shape="rect" href="ftp2.html">FTP2</a><
/li><li><a shape="rect" href="irc.html">IRC</a></li><li><a shape="rect"
href="mail.html">Mail</a></li><li>MINA 2</li></ul><p>The following Camel
components indirectly support the use of this configuration
utility:</p><ul><li><a shape="rect" href="cxf.html">CXF</a></li><li><a
shape="rect" href="http.html">HTTP</a></li></ul><h3
id="CamelConfigurationUtilities-Configuration">Configuration</h3><p>The key
component in configuring TLS through the JSSE API is the SSLContext.  The
<a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLContext";
rel="nofollow">SSLContext</a> provides socket factories for both <a
shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLSocketFactory";
rel="nofollow">client-side</a> and <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/
JSSERefGuide.html#SSLSocketFactory" rel="nofollow">server-side</a> sockets as
well as another component called an <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLENG";
rel="nofollow">SSLEngine</a> that is used by non-blocking IO to support
TLS.  The JSSE configuration utility provides an easy to use builder for
configuring these JSSE components, among others, in a manner that allows you to
provide all configuration options up front during the initialization of your
application such that you don't have to customize library code or dig though
the inner workings of a third-party library in order to inject hooks for the
configuration of each component in the JSSE API.  The central builder in
the JSSE configuration utility is the SSLContextParameters.  This class
serves as the entry point for most configuration in the JSSE utility.</p><div
class="confluence-information-macro confluence-
information-macro-information"><span class="aui-icon aui-icon-small
aui-iconfont-info confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>All non-native classes are in the
org.apache.camel.util.jsse package.  All non-W3C schema defined types are
in the <a shape="rect" class="external-link"
href="http://camel.apache.org/schema/spring";>http://camel.apache.org/schema/spring</a>
or <a shape="rect" class="external-link"
href="http://camel.apache.org/schema/blueprint";>http://camel.apache.org/schema/blueprint</a>
namespaces for Spring and Blueprint based configuration,
respectively.</p></div></div><h4
id="CamelConfigurationUtilities-SSLContextParameters">SSLContextParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cipherSuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/ciphersuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named cipher suites to enable on both the client and server side as
well as in the SSLEngine.  These values take precedence over filters
supplied in cipherSuitesFilter.  The utility attempts to enable the listed
cipher suites regardless of whether or not the JSSE provider actually supports
them or not.  This behavior guarantees that listed cipher suites are
always enabled when listed.  For a more lenient option, use
cipherSuitesFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>cipherSuitesFilter - <a shape="rect"
href="#CamelConfigurationUtilities-FilterParamet
ers">FilterParameters</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/cipherSuitesFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for cipher suites to
enable on both the client and server side as well as in the SSLEngine. 
The patterns are applied over only the available cipher suites.  The
exclude patterns have precedence over the include patterns.  If no
cipherSuites and no cipherSuitesFilter are present, the default patterns
applied are: <br clear="none" class="atl-forced-newline"> <br clear="none"
class="atl-forced-newline">
Includes</p><ul><li>.*</li></ul><p>Excludes</p><ul><li>.*<em>NULL</em>.*</li><li>.*<em>anon</em>.*</li><li>.*DES.*
<strong>Camel 2.15.4</strong></li><li>.*EXPORT.* <strong>Camel
2.15.4</strong></li></ul></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on
both the client and server side as well as in the SSLEngine.  These values
take precedence over filters supplied in secureSocketProtocolsFilter.  The
utility attempts to enable the listed protocols regardless of whether or not
the JSSE provider actually supports them or not.  This behavior guarantees
that listed protocols are always enabled when listed.  For a more lenient
option, use secureSocketProtocolsFilter.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>secureSocketProtocolsFilter - <a
shape="rect" href="#CamelCo
nfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/secureSocketProtocolsFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for secure socket
protocols to enable on both the client and server side as well as in the
SSLEngine.  The patterns are applied over only the available
protocols.  The exclude patterns have precedence over the include
patterns.  If no secureSocketProtocols and no secureSocketProtocolsFilter
are present, the default patterns applied are: <br clear="none"
class="atl-forced-newline"> <br clear="none" class="atl-forced-newline">
Includes</p><ul><li>.*</li></ul></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sessionTimeout - java.lang.String</p></td><td colspan="
1" rowspan="1" class="confluenceTd"><p>sslContextParameters/@sessionTimeout -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property defines the timeout period, in seconds, for sessions on both
the client and server side as well as in the SSLEngine.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyManagers - <a shape="rect"
href="#CamelConfigurationUtilities-KeyManagersParameters">KeyManagersParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/keyManagers - <a shape="rect"
href="#CamelConfigurationUtilities-KeyManagersParameters">KeyManagersParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures the source of key material for providing identity of client and
server side connections as well as in the SSLEngine.  If omitted, no
source of key material is provided and the SSLContext is suitable only for
client-side usage when
mutual authentication is not in use.  You typically configure this
property with a key store containing a client or server private
key.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>trustManagers - <a shape="rect"
href="#CamelConfigurationUtilities-TrustManagersParameters">TrustManagersParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/trustManagers - <a shape="rect"
href="#CamelConfigurationUtilities-TrustManagersParameters">TrustManagersParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures the source of material for verifying trust of key material used in
the handshake process.  If omitted, the default trust manager is
automatically used.  See the <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores";
rel="nofollow">JSSE documentation</a> for more i
nformation on how the default trust manager is configured.  You typically
configure this property with a key store containing trusted CA
certificates.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureRandom - SecureRandomParameters</p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/secureRandom -
SecureRandomParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property configures the secure random
number generator used by the client and server side as well as in the
SSLEngine.  If omitted, the default secure random number generator is
used.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>clientParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SSLContextClientParameters">SSLContextClientParameters
</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/clientParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SS
LContextClientParameters">SSLContextClientParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures additional settings that apply only to the client side aspects of
the SSLContext.  If present, these settings override the settings
specified at the SSLContextParameters level.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>serverParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SSLContextServerParameters">SSLContextServerParameters
</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/serverParameters - <a shape="rect"
href="#CamelConfigurationUtilities-SSLContextServerParameters">SSLContextServerParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
configures additional settings that apply only to the server side aspects of
the SSLContext.  If present, these settings override the settings
specified at the SSLCont
extParameters level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>provider - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>sslContextParameters/@provider -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
optional provider identifier for the JSSE implementation to use when
constructing the SSLContext.  If omitted, the standard provider look-up
mechanism is used to resolve the provider.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>secureSocketProtocol -
java.lang.String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextParameters/@secureSocketProtocol -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
optional secure socket protocol. See <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides//security/jsse/JSSERefGuide.html#AppA";
rel="nofollow">Appendix A</a> in the Java Secure Socket
Extension Reference Guide for information about standard protocol
names.  If omitted, TLS is used by default.  Note that this property
is related to but distinctly different from the secureSocketProtocols and
secureSocketProtocolsFilter properties.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">certAlias - java.lang.String</td><td
colspan="1" rowspan="1" class="confluenceTd">sslContextParameters/@certAlias -
xsd:string</td><td colspan="1" rowspan="1" class="confluenceTd"><p>*Camel
2.13:* An optional certificate alias to use. This is useful when the keystore
has multiple certificates.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-KeyManagersParameters">KeyManagersParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="
1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore- <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore - <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents the key store that provides key material to the key manager. 
This is typically configured with a key store containing a user or server
private key.  In some cases, such as when using PKCS#11, the key store is
omitted entirely.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>keyPassword - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>@keyPassword - xsd:string</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The optional password for reco
vering/accessing the private key in the key store.  This is typically the
password for the private key in the configured key store; however, in some
cases, such as when using PKCS#11, the key password may be provided through
other means and is omitted entirely in this configuration.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>provider -
java.lang.String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>@provider - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The optional provider identifier for the
KeyManagerFactory used to create the KeyManagers represented by this object's
configuration.  If omitted, the default look-up behavior is
used.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>algorithm - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>@algorithm - xsd:string</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>The optional algorithm name for
the
KeyManagerFactory used to create the KeyManager represented by this object's
configuration.  See the <a shape="rect" class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html";
rel="nofollow">Java Secure Socket Extension Reference Guide</a> for
information about standard algorithm names.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd">trustManager - java.lang.String</td><td
colspan="1" rowspan="1" class="confluenceTd"><span>@trustManager -
xsd:string</span></td><td colspan="1" rowspan="1"
class="confluenceTd"><strong>Camel 2.17:</strong>To use a existing configured
trust manager instead of using TrustManagerFactory to get the
TrustManager.</td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-TrustManagersParameters">TrustManagersParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p>
</th><th colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element
and Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>keyStore- <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore - <a shape="rect"
href="#CamelConfigurationUtilities-KeyStoreParameters">KeyStoreParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents the key store that provides key material to the trust manager. 
This is typically configured with a key store containing trusted CA
certificates / public keys.  In some cases, such as when using PKCS#11,
the key store is omitted entirely.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>provider - java.lang.String</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p
>@provider - xsd:string</p></td><td colspan="1" rowspan="1"
>class="confluenceTd"><p>The optional provider identifier for the
>TrustManagerFactory used to create the TrustManagers represented by this
>object's configuration.  If omitted, the default look-up behavior is
>used.</p></td></tr><tr><td colspan="1" rowspan="1"
>class="confluenceTd"><p>algorithm - java.lang.String</p></td><td colspan="1"
>rowspan="1" class="confluenceTd"><p>@algorithm - xsd:string</p></td><td
>colspan="1" rowspan="1" class="confluenceTd"><p>The optional algorithm name
>for the TrustManagerFactory used to create the TrustManager represented by
>this object's configuration.  See the <a shape="rect"
>class="external-link"
>href="http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html";
> rel="nofollow">Java Secure Socket Extension Reference Guide</a> for
>information about standard algorithm
>names.</p></td></tr></tbody></table></div><h4
>id="CamelConfigurationUtilities-KeyStoreParam
eters">KeyStoreParameters</h4><div class="table-wrap"><table
class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1"
class="confluenceTh"><p>Java Field Name and Class</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>XML Attribute/Element and Type</p></th><th
colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>resource- java.lang.String</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore/@resource -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property represents the location of the key store resource to load the
key store from.  In some cases, the resource is omitted as the key store
content is provided by other means.  The loading of the resource, if
provided, is attempted by treating the resource as a file path, a class path
resource, and a URL in that order. An exception is thrown if the resource
cannot be resolved to re
adable input stream using any of the above methods.</p><div
class="confluence-information-macro confluence-information-macro-note"><p
class="title">OSGi Usage</p><span class="aui-icon aui-icon-small
aui-iconfont-warning confluence-information-macro-icon"></span><div
class="confluence-information-macro-body"><p>For programmatic and Spring based
XML configuration in OSGi, a resource specified as a classpath resource path
may be accessible in the bundle containing the XML configuration file or in a
package that is imported by that bundle.  As Blueprint does not define the
thread context classloader behavior, only classpath resources in the bundle
containing the XML configuration file may be resolved from a Blueprint based
XML configuration. <br clear="none" class="atl-forced-newline"> <br
clear="none" class="atl-forced-newline"> <br clear="none"
class="atl-forced-newline"> </p></div></div></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>password - java.lang.String
</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>keyStore/@password - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The optional password for
reading/opening/verifying the key store.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>type - java.lang.String</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>keyStore/@type -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The
optional type of the key store.  See Appendix A in the <a shape="rect"
class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyStore";
rel="nofollow">Java Cryptography Architecture Standard Algorithm Name
Documentation</a> for more information on standard names.  If omitted,
defaults to the default lookup mechanism as defined by <a shape="rect"
class="external-link"
href="http://download.oracle.com/javase/6/docs/api/java/security/KeyStore.html#getDefaultType
()" rel="nofollow">KeyStore.getDefaultType()</a>.</p></td></tr><tr><td
colspan="1" rowspan="1" class="confluenceTd"><p>provider -
java.lang.String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>keyStore/@provider - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The optional provider identifier for the
provider used to create the KeyStores represented by this object's
configuration.  If omitted, the default look-up behavior is
used.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-FilterParameters">FilterParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>include - java.util.List<java.
lang.String></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>include - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This optional property represents zero or
more regular expression patterns for which matching values should be
included.  The list of excludes takes precedence over the include
patterns.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>exclude -
java.util.List<java.lang.String></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>exclude - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>This optional property represents zero or
more regular expression patterns for which matching values should be
included.  The list of excludes takes precedence over the include
patterns.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-SecureRandomParameters">SecureRandomParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colsp
an="1" rowspan="1" class="confluenceTh"><p>Java Field Name and
Class</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>XML
Attribute/Element and Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>algorithm - java.lang.String</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>@algorithm -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optionap property represents the Random Number Generator (RNG) algorithm
identifier for the SecureRandom factory method used to create the SecureRandom
represented by this object's configuration. See <a shape="rect"
class="external-link"
href="http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA";
rel="nofollow">Appendix A</a> in the Java Cryptography Architecture API
Specification & Reference for information about standard RNG algorithm
names.</p></td></tr><tr><td col
span="1" rowspan="1" class="confluenceTd"><p>provider -
java.lang.String</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>@provider - xsd:string</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>The optional provider identifier for the
SecureRandom factory method used to create the SecureRandom represented by this
object's configuration.  If omitted, the default look-up behavior is
used.</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-SSLContextServerParameters">SSLContextServerParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cipherSuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/ciphersuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named cipher suites to enable on the server side only
(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
setting in the SSLContextParameters.  This option has no affect on the
SSLEngine configuration.  These values take precedence over filters
supplied in cipherSuitesFilter.  The utility attempts to enable the listed
cipher suites regardless of whether or not the JSSE provider actually supports
them or not.  This behavior guarantees that listed cipher suites are
always enabled when listed.  For a more lenient option, use
cipherSuitesFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>cipherSuitesFilter - <a shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
c
olspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/cipherSuitesFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for cipher suites to
enable on the server side only (SSLServerSocketFactory/SSLServerSocket) by
overriding the value of this setting in the SSLContextParameters.  This
option has no affect on the SSLEngine configuration.  The patterns are
applied over only the available cipher suites.  The exclude patterns have
precedence over the include patterns.  See SSLContextParameters for
details of the behavior if this option and cipherSuites is omitted at this
level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslCo
ntextClientParameters/secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on
the server side only (SSLServerSocketFactory/SSLServerSocket) by overriding the
value of this setting in the SSLContextParameters.  This option has no
affect on the SSLEngine configuration.  These values take precedence over
filters supplied in secureSocketProtocolsFilter.  The utility attempts to
enable the listed protocols regardless of whether or not the JSSE provider
actually supports them or not.  This behavior guarantees that listed
protocols aree always enabled when listed.  For a more lenient option, use
secureSocketProtocolsFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureSocketProtocolsFilter - <a shape="rect"
href="#CamelConfigurationUtilities-FilterPa
rameters">FilterParameters</a></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/secureSocketProtocolsFilter
- <a shape="rect"
href="#CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for secure socket
protocols to enable on theserver side only
(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
setting in the SSLContextParameters.  This option has no affect on the
SSLEngine configuration.  The patterns are applied over only the available
protocols.  The exclude patterns have precedence over the include
patterns.  See SSLContextParameters for details of the behavior if this
option and/or secureSocketProtocols is omitted at this
level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sessionTimeout - java.lang.String</p></td><td colsp
an="1" rowspan="1"
class="confluenceTd"><p>sslContextServerParameters/@sessionTimeout -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property defines the timeout period, in seconds, for sessions on the
server side.  This setting affects both the
SSLServerSocketFactory/SSLServerSocket as well as the server side of the
SSLEngine.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>clientAuthentication - java.lang.String</p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextServerParameters/@clientAuthentication -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property indicates if the server side does not request, requests, or
requires clients to provide authentication credentials during the handshake
process.  This is commonly referred to as mutual authentication, two
direction SSL/TLS, or two-legged SSL/TLS. <br clear="none"
class="atl-forced-newline"> Valid value
s are: NONE, WANT, REQUIRE</p></td></tr></tbody></table></div><h4
id="CamelConfigurationUtilities-SSLContextClientParameters">SSLContextClientParameters</h4><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Java Field Name and Class</p></th><th
colspan="1" rowspan="1" class="confluenceTh"><p>XML Attribute/Element and
Type</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p>cipherSuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/ciphersuites -
CipherSuitesParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named cipher suites to enable on theclient  side only
(SSLSocketFactory/SSLSocket) by overriding the value of this setting in the
SSLContextParameters.  This option has n
o affect on the SSLEngine configuration.  These values take precedence
over filters supplied in cipherSuitesFilter.  The utility attempts to
enable the listed cipher suites regardless of whether or not the JSSE provider
actually supports them or not.  This behavior guarantees that listed
cipher suites are always enabled when listed.  For a more lenient option,
use cipherSuitesFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>cipherSuitesFilter - <a shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/cipherSuitesFilter - <a
shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This optional property
represents a collection of include and exclude patterns for cipher suites
to enable on the client side only (SSLSocketFactory/SSLSocket) by overriding
the value of this setting in the SSLContextParameters.  This option has no
affect on the SSLEngine configuration.  The patterns are applied over only
the available cipher suites.  The exclude patterns have precedence over
the include patterns.  See SSLContextParameters for details of the
behavior if this option and cipherSuites is omitted at this
level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/secureSocketProtocols -
SecureSocketProtocolsParameters</p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This optional property represents a collection of
explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on
the client side only (SSLSocketFactory/SSLSocket) by overriding the value of
this sett
ing in the SSLContextParameters.  This option has no affect on the
SSLEngine configuration.  These values take precedence over filters
supplied in secureSocketProtocolsFilter.  The utility attempts to enable
the listed protocols regardless of whether or not the JSSE provider actually
supports them or not.  This behavior guarantees that listed protocols aree
always enabled when listed.  For a more lenient option, use
secureSocketProtocolsFilter.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>secureSocketProtocolsFilter - <a shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextClientParameters/secureSocketProtocolsFilter
- <a shape="rect"
href="#CamelConfigurationUtilities-CamelConfigurationUtilities-FilterParameters">FilterParameters</a></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>This option
al property represents a collection of include and exclude patterns for secure
socket protocols to enable on the client side only (SSLSocketFactory/SSLSocket)
by overriding the value of this setting in the SSLContextParameters.  This
option has no affect on the SSLEngine configuration.  The patterns are
applied over only the available protocols.  The exclude patterns have
precedence over the include patterns.  See SSLContextParameters for
details of the behavior if this option and/or secureSocketProtocols is omitted
at this level.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p>sessionTimeout - java.lang.String</p></td><td
colspan="1" rowspan="1"
class="confluenceTd"><p>sslContextServerParameters/@sessionTimeout -
xsd:string</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>This
optional property defines the timeout period, in seconds, for sessions on the
client side This setting affects both the SSLSocketFactory/SSLSocket as well a
s the client side of the SSLEngine.</p></td></tr></tbody></table></div><h3
id="CamelConfigurationUtilities-Examples">Examples</h3><h4
id="CamelConfigurationUtilities-ProgrammaticUsage">Programmatic Usage</h4><h5
id="CamelConfigurationUtilities-SettingClientAuthenticationOntheServerSide">Setting
Client Authentication On the Server Side</h5><p>This configuration sets the
server side aspects of the TLS configuration to require client authentication
during the handshake process.  This configuration uses the default trust
store and a custom key store to provide key material for both the server and
client sides of the SSLContext.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeContent panelContent pdl">
<script class="brush: java; gutter: false; theme: Default"
type="syntaxhighlighter"><