This is an automated email from the ASF dual-hosted git repository. davsclaus pushed a commit to branch ssl in repository https://gitbox.apache.org/repos/asf/camel-spring-boot.git
commit 2348df3838613b98e4a6733cd12bc965625245d6 Author: Claus Ibsen <[email protected]> AuthorDate: Tue Jan 27 14:25:32 2026 +0100 CAMEL-22909: camel-spring-boot - Add camel.ssl.trustAllCertificates support in Spring Boot --- .../boot/security/CamelSSLAutoConfiguration.java | 26 ++++++++--- .../security/CamelSSLConfigurationProperties.java | 15 ++++++ .../CamelSSLAutoConfigurationTrustAllTest.java | 53 ++++++++++++++++++++++ 3 files changed, 88 insertions(+), 6 deletions(-) diff --git a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java index 50e719cdc49..fa6464fd856 100644 --- a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java +++ b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfiguration.java @@ -19,14 +19,11 @@ package org.apache.camel.spring.boot.security; import java.util.Collections; import java.util.Map; import org.apache.camel.CamelContext; -import org.apache.camel.main.MainHelper; -import org.apache.camel.spi.ThreadPoolProfile; import org.apache.camel.spring.boot.CamelAutoConfiguration; import org.apache.camel.support.jsse.*; -import org.apache.camel.util.OrderedLocationProperties; -import org.springframework.beans.factory.annotation.Autowired; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.boot.autoconfigure.AutoConfigureAfter; -import org.springframework.boot.autoconfigure.AutoConfigureBefore; import org.springframework.boot.autoconfigure.condition.ConditionMessage; import org.springframework.boot.autoconfigure.condition.ConditionOutcome; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; @@ -45,6 +42,8 @@ import org.springframework.core.type.AnnotatedTypeMetadata; @EnableConfigurationProperties(CamelSSLConfigurationProperties.class) public class CamelSSLAutoConfiguration { + private static final Logger LOG = LoggerFactory.getLogger(CamelSSLAutoConfiguration.class); + @Bean @ConditionalOnMissingBean @Conditional(CamelSSLAutoConfiguration.SSLCondition.class) @@ -63,6 +62,7 @@ public class CamelSSLAutoConfiguration { .secureSocketProtocols(properties.getSecureSocketProtocols()) .secureSocketProtocolsFilter(properties.getSecureSocketProtocolsFilter()) .serverParameters(properties.getServerParameters()).sessionTimeout(properties.getSessionTimeout()) + .trustAllCertificates(properties.isTrustAllCertificates()) .trustManager(properties.getTrustManagers()).build(); return config; @@ -85,7 +85,7 @@ public class CamelSSLAutoConfiguration { .orElse(Collections.emptyMap()); sslProperties.remove("config"); ConditionMessage.Builder message = ConditionMessage.forCondition("camel.ssl"); - if (sslProperties.size() > 0) { + if (!sslProperties.isEmpty()) { return ConditionOutcome.match(message.because("enabled")); } @@ -226,6 +226,20 @@ public class CamelSSLAutoConfiguration { return this; } + public SSLContextBuilder trustAllCertificates(boolean trustAllCertificates) { + if (trustAllCertificates) { + TrustManagersParameters tmp = sslContextParameters.getTrustManagers(); + if (tmp == null) { + tmp = new TrustManagersParameters(); + sslContextParameters.setTrustManagers(tmp); + } + tmp.setTrustManager(TrustAllTrustManager.INSTANCE); + LOG.warn( + "Trust all certifications enabled. Using this in production can expose the application to man-in-the-middle attacks"); + } + return this; + } + public SSLContextParameters build() { return this.sslContextParameters; } diff --git a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java index e24aea080a3..456d8807482 100644 --- a/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java +++ b/core/camel-spring-boot/src/main/java/org/apache/camel/spring/boot/security/CamelSSLConfigurationProperties.java @@ -48,6 +48,13 @@ public class CamelSSLConfigurationProperties { */ private TrustManagersParameters trustManagers; + /** + * Allows to trust all SSL certificates without performing certificate validation. This can be used in development + * environment but may expose the system to security risks. Notice that if the trustAllCertificates option is set to + * true then the trustStore/trustStorePassword options are not in use. + */ + private boolean trustAllCertificates; + /** * The optional secure random configuration options to use for constructing the SecureRandom used in the creation of * an SSLContext. @@ -136,6 +143,14 @@ public class CamelSSLConfigurationProperties { this.trustManagers = trustManagers; } + public boolean isTrustAllCertificates() { + return trustAllCertificates; + } + + public void setTrustAllCertificates(boolean trustAllCertificates) { + this.trustAllCertificates = trustAllCertificates; + } + public SecureRandomParameters getSecureRandom() { return this.secureRandom; } diff --git a/core/camel-spring-boot/src/test/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfigurationTrustAllTest.java b/core/camel-spring-boot/src/test/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfigurationTrustAllTest.java new file mode 100644 index 00000000000..a33cd86366c --- /dev/null +++ b/core/camel-spring-boot/src/test/java/org/apache/camel/spring/boot/security/CamelSSLAutoConfigurationTrustAllTest.java @@ -0,0 +1,53 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.spring.boot.security; + +import org.apache.camel.spring.boot.CamelAutoConfiguration; +import org.apache.camel.support.jsse.SSLContextParameters; +import org.apache.camel.support.jsse.TrustAllTrustManager; +import org.junit.jupiter.api.Test; +import org.springframework.boot.autoconfigure.AutoConfigurations; +import org.springframework.boot.test.context.runner.ApplicationContextRunner; + +import static org.junit.jupiter.api.Assertions.assertInstanceOf; +import static org.junit.jupiter.api.Assertions.assertNotNull; + +/** + * Testing the ssl configuration + */ +public class CamelSSLAutoConfigurationTrustAllTest { + + @Test + public void checkSSLTrustAllTest() { + new ApplicationContextRunner() + .withConfiguration(AutoConfigurations.of(CamelSSLAutoConfiguration.class, CamelAutoConfiguration.class)) + .withPropertyValues("camel.ssl.enabled=true", + "camel.ssl.cert-alias=web", + "camel.ssl.key-managers.key-password=changeit", + "camel.ssl.key-managers.key-store.password=changeit", + "camel.ssl.key-managers.key-store.type=PKCS12", + "camel.ssl.trust-all-certificates=true") + .run(context -> { + + SSLContextParameters ssl = context.getBean(SSLContextParameters.class); + assertNotNull(ssl); + + assertInstanceOf(TrustAllTrustManager.class, ssl.getTrustManagers().getTrustManager()); + }); + } + +}
