Repository: camel Updated Branches: refs/heads/master 971c80b7f -> 08a1c369d
CAMEL-11696: Use standard SSL parameters class Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/08a1c369 Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/08a1c369 Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/08a1c369 Branch: refs/heads/master Commit: 08a1c369d1d25f4d01889cd31d73711fc8e40493 Parents: 5a50170 Author: Dmitry Volodin <dmvo...@gmail.com> Authored: Tue Oct 3 13:26:46 2017 +0300 Committer: lburgazzoli <lburgazz...@gmail.com> Committed: Tue Oct 3 16:37:50 2017 +0200 ---------------------------------------------------------------------- .../src/main/docs/thrift-component.adoc | 25 ++- .../camel/component/thrift/ThriftComponent.java | 27 ++- .../component/thrift/ThriftConfiguration.java | 11 +- .../camel/component/thrift/ThriftConsumer.java | 33 ++-- .../camel/component/thrift/ThriftProducer.java | 28 ++- .../thrift/ThriftSSLConfiguration.java | 183 ------------------- .../thrift/ThriftConsumerSecurityTest.java | 20 +- .../thrift/ThriftProducerSecurityTest.java | 30 ++- .../ThriftComponentConfiguration.java | 13 ++ 9 files changed, 129 insertions(+), 241 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/main/docs/thrift-component.adoc ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/main/docs/thrift-component.adoc b/components/camel-thrift/src/main/docs/thrift-component.adoc index 8dcf10e2..f8f7adb 100644 --- a/components/camel-thrift/src/main/docs/thrift-component.adoc +++ b/components/camel-thrift/src/main/docs/thrift-component.adoc @@ -28,7 +28,16 @@ thrift://service[?options] ### Endpoint Options // component options: START -The Thrift component has no options. +The Thrift component supports 2 options which are listed below. + + + +[width="100%",cols="2,5,^1,2",options="header"] +|=== +| Name | Description | Default | Type +| *useGlobalSslContext Parameters* (security) | Determine if the thrift component is using global SSL context parameters | false | boolean +| *resolveProperty Placeholders* (advanced) | Whether the component should resolve property placeholders on itself when starting. Only properties which are of String type can use property placeholders. | true | boolean +|=== // component options: END // endpoint options: START @@ -50,7 +59,7 @@ with the following path and query parameters: | *service* | *Required* Fully qualified service name from the thrift descriptor file (package dot service definition name) | | String |=== -==== Query Parameters (22 parameters): +==== Query Parameters (12 parameters): [width="100%",cols="2,5,^1,2",options="header"] |=== @@ -65,18 +74,8 @@ with the following path and query parameters: | *exchangePattern* (consumer) | Sets the exchange pattern when the consumer creates an exchange. | | ExchangePattern | *method* (producer) | The Thrift invoked method name | | String | *synchronous* (advanced) | Sets whether synchronous processing should be strictly used or Camel is allowed to use asynchronous processing (if supported). | false | boolean -| *cipherSuites* (security) | Cipher suites array | | String[] -| *keyManagerType* (security) | Key store manager type | | String -| *keyStorePassword* (security) | Key store password | | String -| *keyStorePath* (security) | Path to the key store file | | String -| *keyStoreType* (security) | Key store type | JKS | String | *negotiationType* (security) | Security negotiation type | PLAINTEXT | ThriftNegotiationType -| *requireClientAuth* (security) | Set if client authentication is required | false | boolean -| *securityProtocol* (security) | Security negotiation protocol | TLS | String -| *trustManagerType* (security) | Trust store manager type | | String -| *trustPassword* (security) | Trust store password | | String -| *trustStorePath* (security) | Path to the trust store file | | String -| *trustStoreType* (security) | Trust store type | JKS | String +| *sslParameters* (security) | Configuration parameters for SSL/TLS security negotiation | | SSLContextParameters |=== // endpoint options: END http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftComponent.java ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftComponent.java b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftComponent.java index f394cff..20c8831 100644 --- a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftComponent.java +++ b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftComponent.java @@ -20,17 +20,29 @@ import java.net.URI; import java.util.Map; import org.apache.camel.Endpoint; +import org.apache.camel.SSLContextParametersAware; import org.apache.camel.impl.DefaultComponent; +import org.apache.camel.spi.Metadata; +import org.apache.camel.util.jsse.SSLContextParameters; /** * Represents the component that manages {@link ThriftEndpoint}. */ -public class ThriftComponent extends DefaultComponent { +public class ThriftComponent extends DefaultComponent implements SSLContextParametersAware { + + @Metadata(label = "security", defaultValue = "false") + private boolean useGlobalSslContextParameters; protected Endpoint createEndpoint(String uri, String remaining, Map<String, Object> parameters) throws Exception { ThriftConfiguration config = new ThriftConfiguration(); config = parseConfiguration(config, uri, parameters); + SSLContextParameters sslParameters = config.getSslParameters(); + if (config.getNegotiationType() == ThriftNegotiationType.SSL && sslParameters == null) { + sslParameters = retrieveGlobalSslContextParameters(); + config.setSslParameters(sslParameters); + } + setProperties(config, parameters); Endpoint endpoint = new ThriftEndpoint(uri, this, config); @@ -46,4 +58,17 @@ public class ThriftComponent extends DefaultComponent { configuration.parseURI(new URI(remaining), parameters, this); return configuration; } + + /** + * Determine if the thrift component is using global SSL context parameters + */ + @Override + public boolean isUseGlobalSslContextParameters() { + return useGlobalSslContextParameters; + } + + @Override + public void setUseGlobalSslContextParameters(boolean useGlobalSslContextParameters) { + this.useGlobalSslContextParameters = useGlobalSslContextParameters; + } } http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConfiguration.java ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConfiguration.java b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConfiguration.java index 0255a42..6271e76 100644 --- a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConfiguration.java +++ b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConfiguration.java @@ -23,6 +23,7 @@ import org.apache.camel.spi.Metadata; import org.apache.camel.spi.UriParam; import org.apache.camel.spi.UriParams; import org.apache.camel.spi.UriPath; +import org.apache.camel.util.jsse.SSLContextParameters; @UriParams public class ThriftConfiguration { @@ -48,7 +49,7 @@ public class ThriftConfiguration { private ThriftNegotiationType negotiationType = ThriftNegotiationType.PLAINTEXT; @UriParam(label = "security") - private ThriftSSLConfiguration sslConfiguration; + private SSLContextParameters sslParameters; @UriParam(defaultValue = "NONE") private ThriftCompressionType compressionType = ThriftCompressionType.NONE; @@ -110,12 +111,12 @@ public class ThriftConfiguration { /** * Configuration parameters for SSL/TLS security negotiation */ - public ThriftSSLConfiguration getSslConfiguration() { - return sslConfiguration; + public SSLContextParameters getSslParameters() { + return sslParameters; } - public void setSslConfiguration(ThriftSSLConfiguration sslConfiguration) { - this.sslConfiguration = sslConfiguration; + public void setSslParameters(SSLContextParameters sslParameters) { + this.sslParameters = sslParameters; } /** http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConsumer.java ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConsumer.java b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConsumer.java index 68706c0..7e467e8 100644 --- a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConsumer.java +++ b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftConsumer.java @@ -32,6 +32,7 @@ import org.apache.camel.component.thrift.server.ThriftMethodHandler; import org.apache.camel.component.thrift.server.ThriftThreadPoolServer; import org.apache.camel.impl.DefaultConsumer; import org.apache.camel.util.ObjectHelper; +import org.apache.camel.util.jsse.SSLContextParameters; import org.apache.thrift.TProcessor; import org.apache.thrift.server.TServer; import org.apache.thrift.transport.TNonblockingServerSocket; @@ -116,22 +117,26 @@ public class ThriftConsumer extends DefaultConsumer { } if (configuration.getNegotiationType() == ThriftNegotiationType.SSL && endpoint.isSynchronous()) { - ThriftSSLConfiguration sslConfiguration = configuration.getSslConfiguration(); - if (sslConfiguration == null) { - throw new IllegalArgumentException("SSL Configuration must be initialized if negotiation type is set to " + configuration.getNegotiationType()); + SSLContextParameters sslParameters = configuration.getSslParameters(); + if (sslParameters == null) { + throw new IllegalArgumentException("SSL parameters must be initialized if negotiation type is set to " + configuration.getNegotiationType()); } - ObjectHelper.notNull(sslConfiguration.getSecurityProtocol(), "Security protocol"); - ObjectHelper.notNull(sslConfiguration.getKeyStorePath(), "Keystore path"); - ObjectHelper.notNull(sslConfiguration.getKeyStorePassword(), "Keystore password"); - ObjectHelper.notNull(sslConfiguration.getKeyManagerType(), "Key manager type"); - ObjectHelper.notNull(sslConfiguration.getKeyStoreType(), "Key store type"); - - TSSLTransportFactory.TSSLTransportParameters sslParams = new TSSLTransportFactory.TSSLTransportParameters(sslConfiguration.getSecurityProtocol(), - sslConfiguration.getCipherSuites()); - sslParams.setKeyStore(sslConfiguration.getKeyStorePath(), sslConfiguration.getKeyStorePassword(), sslConfiguration.getKeyManagerType(), - sslConfiguration.getKeyStoreType()); - sslParams.requireClientAuth(sslConfiguration.isRequireClientAuth()); + ObjectHelper.notNull(sslParameters.getSecureSocketProtocol(), "Security protocol"); + ObjectHelper.notNull(sslParameters.getKeyManagers().getKeyStore().getResource(), "Keystore path"); + ObjectHelper.notNull(sslParameters.getKeyManagers().getKeyStore().getPassword(), "Keystore password"); + + TSSLTransportFactory.TSSLTransportParameters sslParams; + sslParams = new TSSLTransportFactory.TSSLTransportParameters(sslParameters.getSecureSocketProtocol(), + sslParameters.getCipherSuites() == null ? null + : sslParameters.getCipherSuites().getCipherSuite().stream().toArray(String[]::new)); + + if (ObjectHelper.isNotEmpty(sslParameters.getKeyManagers().getKeyStore().getProvider()) && ObjectHelper.isNotEmpty(sslParameters.getKeyManagers().getKeyStore().getType())) { + sslParams.setKeyStore(sslParameters.getKeyManagers().getKeyStore().getResource(), sslParameters.getKeyManagers().getKeyStore().getPassword(), + sslParameters.getKeyManagers().getKeyStore().getProvider(), sslParameters.getKeyManagers().getKeyStore().getType()); + } else { + sslParams.setKeyStore(sslParameters.getKeyManagers().getKeyStore().getResource(), sslParameters.getKeyManagers().getKeyStore().getPassword()); + } try { syncServerTransport = TSSLTransportFactory.getServerSocket(configuration.getPort(), configuration.getClientTimeout(), InetAddress.getByName(configuration.getHost()), http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java index ad9ca71..5e27227 100644 --- a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java +++ b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftProducer.java @@ -25,6 +25,7 @@ import org.apache.camel.Message; import org.apache.camel.component.thrift.client.AsyncClientMethodCallback; import org.apache.camel.impl.DefaultProducer; import org.apache.camel.util.ObjectHelper; +import org.apache.camel.util.jsse.SSLContextParameters; import org.apache.thrift.TException; import org.apache.thrift.transport.TNonblockingSocket; import org.apache.thrift.transport.TNonblockingTransport; @@ -158,22 +159,29 @@ public class ThriftProducer extends DefaultProducer implements AsyncProcessor { protected void initializeSslTransport() throws TTransportException { if (!ObjectHelper.isEmpty(configuration.getHost()) && !ObjectHelper.isEmpty(configuration.getPort())) { - ThriftSSLConfiguration sslConfiguration = configuration.getSslConfiguration(); - if (sslConfiguration == null) { - throw new IllegalArgumentException("SSL Configuration must be initialized if negotiation type is set to " + configuration.getNegotiationType()); + SSLContextParameters sslParameters = configuration.getSslParameters(); + if (sslParameters == null) { + throw new IllegalArgumentException("SSL parameters must be initialized if negotiation type is set to " + configuration.getNegotiationType()); } - ObjectHelper.notNull(sslConfiguration.getSecurityProtocol(), "Security protocol"); - ObjectHelper.notNull(sslConfiguration.getTrustStorePath(), "Trust store path"); - ObjectHelper.notNull(sslConfiguration.getTrustPassword(), "Trust store password"); - ObjectHelper.notNull(sslConfiguration.getTrustManagerType(), "Trust manager type"); - ObjectHelper.notNull(sslConfiguration.getTrustStoreType(), "Trust store type"); + ObjectHelper.notNull(sslParameters.getSecureSocketProtocol(), "Security protocol"); + ObjectHelper.notNull(sslParameters.getTrustManagers().getKeyStore().getResource(), "Trust store path"); + ObjectHelper.notNull(sslParameters.getTrustManagers().getKeyStore().getPassword(), "Trust store password"); LOG.info("Creating secured transport to the remote Thrift server {}:{}", configuration.getHost(), configuration.getPort()); - TSSLTransportFactory.TSSLTransportParameters sslParams = new TSSLTransportFactory.TSSLTransportParameters(sslConfiguration.getSecurityProtocol(), sslConfiguration.getCipherSuites()); + TSSLTransportFactory.TSSLTransportParameters sslParams; + sslParams = new TSSLTransportFactory.TSSLTransportParameters(sslParameters.getSecureSocketProtocol(), + sslParameters.getCipherSuites() == null ? null + : sslParameters.getCipherSuites().getCipherSuite().stream().toArray(String[]::new)); + + if (ObjectHelper.isNotEmpty(sslParameters.getTrustManagers().getProvider()) && ObjectHelper.isNotEmpty(sslParameters.getTrustManagers().getKeyStore().getType())) { + sslParams.setTrustStore(sslParameters.getTrustManagers().getKeyStore().getResource(), sslParameters.getTrustManagers().getKeyStore().getPassword(), + sslParameters.getTrustManagers().getProvider(), sslParameters.getTrustManagers().getKeyStore().getType()); + } else { + sslParams.setTrustStore(sslParameters.getTrustManagers().getKeyStore().getResource(), sslParameters.getTrustManagers().getKeyStore().getPassword()); + } - sslParams.setTrustStore(sslConfiguration.getTrustStorePath(), sslConfiguration.getTrustPassword(), sslConfiguration.getTrustManagerType(), sslConfiguration.getTrustStoreType()); syncTransport = TSSLTransportFactory.getClientSocket(configuration.getHost(), configuration.getPort(), configuration.getClientTimeout(), sslParams); } else { throw new IllegalArgumentException("No connection properties (host, port) specified"); http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftSSLConfiguration.java ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftSSLConfiguration.java b/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftSSLConfiguration.java deleted file mode 100644 index f8ea0ef..0000000 --- a/components/camel-thrift/src/main/java/org/apache/camel/component/thrift/ThriftSSLConfiguration.java +++ /dev/null @@ -1,183 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed with - * this work for additional information regarding copyright ownership. - * The ASF licenses this file to You under the Apache License, Version 2.0 - * (the "License"); you may not use this file except in compliance with - * the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.apache.camel.component.thrift; - -import javax.net.ssl.TrustManagerFactory; - -import org.apache.camel.spi.UriParam; -import org.apache.camel.spi.UriParams; - -/** - * Configuration parameters for SSL/TLS security negotiation - */ -@UriParams -public class ThriftSSLConfiguration { - - @UriParam(label = "security", defaultValue = ThriftConstants.THRIFT_DEFAULT_SECURITY_PROTOCOL) - private String securityProtocol = ThriftConstants.THRIFT_DEFAULT_SECURITY_PROTOCOL; - - @UriParam(label = "security") - private String[] cipherSuites; - - @UriParam(label = "consumer,security") - private String keyStorePath; - - @UriParam(label = "consumer,security", secret = true) - private String keyStorePassword; - - @UriParam(label = "consumer,security") - private String keyManagerType = TrustManagerFactory.getDefaultAlgorithm(); - - @UriParam(label = "consumer,security", defaultValue = ThriftConstants.THRIFT_DEFAULT_SECURITY_STORE_TYPE) - private String keyStoreType = ThriftConstants.THRIFT_DEFAULT_SECURITY_STORE_TYPE; - - @UriParam(label = "producer,security") - private String trustStorePath; - - @UriParam(label = "producer,security", secret = true) - private String trustPassword; - - @UriParam(label = "producer,security") - private String trustManagerType = TrustManagerFactory.getDefaultAlgorithm(); - - @UriParam(label = "producer,security", defaultValue = ThriftConstants.THRIFT_DEFAULT_SECURITY_STORE_TYPE) - private String trustStoreType = ThriftConstants.THRIFT_DEFAULT_SECURITY_STORE_TYPE; - - @UriParam(label = "consumer,security", defaultValue = "false") - private boolean requireClientAuth; - - /** - * Security negotiation protocol - */ - public String getSecurityProtocol() { - return securityProtocol; - } - - public void setSecurityProtocol(String protocol) { - this.securityProtocol = protocol; - } - - /** - * Cipher suites array - */ - public String[] getCipherSuites() { - return cipherSuites; - } - - public void setCipherSuites(String[] cipherSuites) { - this.cipherSuites = cipherSuites; - } - - /** - * Path to the key store file - */ - public String getKeyStorePath() { - return keyStorePath; - } - - public void setKeyStorePath(String keyStorePath) { - this.keyStorePath = keyStorePath; - } - - /** - * Key store password - */ - public String getKeyStorePassword() { - return keyStorePassword; - } - - public void setKeyStorePassword(String keyStorePassword) { - this.keyStorePassword = keyStorePassword; - } - - /** - * Key store manager type - */ - public String getKeyManagerType() { - return keyManagerType; - } - - public void setKeyManagerType(String keyManagerType) { - this.keyManagerType = keyManagerType; - } - - /** - * Key store type - */ - public String getKeyStoreType() { - return keyStoreType; - } - - public void setKeyStoreType(String keyStoreType) { - this.keyStoreType = keyStoreType; - } - - /** - * Path to the trust store file - */ - public String getTrustStorePath() { - return trustStorePath; - } - - public void setTrustStorePath(String trustStorePath) { - this.trustStorePath = trustStorePath; - } - - /** - * Trust store password - */ - public String getTrustPassword() { - return trustPassword; - } - - public void setTrustPassword(String trustPassword) { - this.trustPassword = trustPassword; - } - - /** - * Trust store manager type - */ - public String getTrustManagerType() { - return trustManagerType; - } - - public void setTrustManagerType(String trustManagerType) { - this.trustManagerType = trustManagerType; - } - - /** - * Trust store type - */ - public String getTrustStoreType() { - return trustStoreType; - } - - public void setTrustStoreType(String trustStoreType) { - this.trustStoreType = trustStoreType; - } - - /** - * Set if client authentication is required - */ - public boolean isRequireClientAuth() { - return requireClientAuth; - } - - public void setRequireClientAuth(boolean requireClientAuth) { - this.requireClientAuth = requireClientAuth; - } -} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSecurityTest.java ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSecurityTest.java b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSecurityTest.java index 5bdebb3..1eb89f6 100644 --- a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSecurityTest.java +++ b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftConsumerSecurityTest.java @@ -26,6 +26,9 @@ import org.apache.camel.component.thrift.generated.Work; import org.apache.camel.impl.JndiRegistry; import org.apache.camel.test.AvailablePortFinder; import org.apache.camel.test.junit4.CamelTestSupport; +import org.apache.camel.util.jsse.KeyManagersParameters; +import org.apache.camel.util.jsse.KeyStoreParameters; +import org.apache.camel.util.jsse.SSLContextParameters; import org.apache.thrift.protocol.TBinaryProtocol; import org.apache.thrift.protocol.TProtocol; import org.apache.thrift.transport.TSSLTransportFactory; @@ -80,11 +83,18 @@ public class ThriftConsumerSecurityTest extends CamelTestSupport { @Override protected JndiRegistry createRegistry() throws Exception { JndiRegistry jndi = super.createRegistry(); - ThriftSSLConfiguration sslConfig = new ThriftSSLConfiguration(); + SSLContextParameters sslParameters = new SSLContextParameters(); - sslConfig.setKeyStorePath(KEY_STORE_PATH); - sslConfig.setKeyStorePassword(SECURITY_STORE_PASSWORD); - jndi.bind("sslConfig", sslConfig); + KeyStoreParameters keyStoreParams = new KeyStoreParameters(); + keyStoreParams.setResource(KEY_STORE_PATH); + keyStoreParams.setPassword(SECURITY_STORE_PASSWORD); + + KeyManagersParameters keyManagerParams = new KeyManagersParameters(); + keyManagerParams.setKeyStore(keyStoreParams); + + sslParameters.setKeyManagers(keyManagerParams); + + jndi.bind("sslParams", sslParameters); return jndi; } @@ -127,7 +137,7 @@ public class ThriftConsumerSecurityTest extends CamelTestSupport { @Override public void configure() { - from("thrift://localhost:" + THRIFT_TEST_PORT + "/org.apache.camel.component.thrift.generated.Calculator?negotiationType=SSL&sslConfiguration=#sslConfig&synchronous=true") + from("thrift://localhost:" + THRIFT_TEST_PORT + "/org.apache.camel.component.thrift.generated.Calculator?negotiationType=SSL&sslParameters=#sslParams&synchronous=true") .to("mock:thrift-secure-service").choice() .when(header(ThriftConstants.THRIFT_METHOD_NAME_HEADER).isEqualTo("calculate")).setBody(simple(new Integer(THRIFT_TEST_NUM1 * THRIFT_TEST_NUM2).toString())) .when(header(ThriftConstants.THRIFT_METHOD_NAME_HEADER).isEqualTo("echo")).setBody(simple("${body[0]}")).bean(new CalculatorMessageBuilder(), "echo"); http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftProducerSecurityTest.java ---------------------------------------------------------------------- diff --git a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftProducerSecurityTest.java b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftProducerSecurityTest.java index 8fd916c..030e470 100644 --- a/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftProducerSecurityTest.java +++ b/components/camel-thrift/src/test/java/org/apache/camel/component/thrift/ThriftProducerSecurityTest.java @@ -34,6 +34,9 @@ import org.apache.camel.component.thrift.impl.CalculatorSyncServerImpl; import org.apache.camel.impl.JndiRegistry; import org.apache.camel.test.AvailablePortFinder; import org.apache.camel.test.junit4.CamelTestSupport; +import org.apache.camel.util.jsse.KeyStoreParameters; +import org.apache.camel.util.jsse.SSLContextParameters; +import org.apache.camel.util.jsse.TrustManagersParameters; import org.apache.thrift.TProcessor; import org.apache.thrift.server.TServer; import org.apache.thrift.server.TThreadPoolServer; @@ -95,12 +98,19 @@ public class ThriftProducerSecurityTest extends CamelTestSupport { @Override protected JndiRegistry createRegistry() throws Exception { - JndiRegistry jndi = super.createRegistry(); - ThriftSSLConfiguration sslConfig = new ThriftSSLConfiguration(); + JndiRegistry jndi = super.createRegistry(); + SSLContextParameters sslParameters = new SSLContextParameters(); - sslConfig.setTrustStorePath(TRUST_STORE_PATH); - sslConfig.setTrustPassword(SECURITY_STORE_PASSWORD); - jndi.bind("sslConfig", sslConfig); + KeyStoreParameters keyStoreParams = new KeyStoreParameters(); + keyStoreParams.setResource(TRUST_STORE_PATH); + keyStoreParams.setPassword(SECURITY_STORE_PASSWORD); + + TrustManagersParameters trustManagerParams = new TrustManagersParameters(); + trustManagerParams.setKeyStore(keyStoreParams); + + sslParameters.setTrustManagers(trustManagerParams); + + jndi.bind("sslParams", sslParameters); return jndi; } @@ -192,19 +202,19 @@ public class ThriftProducerSecurityTest extends CamelTestSupport { public void configure() { from("direct:thrift-secured-calculate") .to("thrift://localhost:" + THRIFT_TEST_PORT + "/org.apache.camel.component.thrift.generated.Calculator?" - + "method=calculate&negotiationType=SSL&sslConfiguration=#sslConfig&synchronous=true"); + + "method=calculate&negotiationType=SSL&sslParameters=#sslParams&synchronous=true"); from("direct:thrift-secured-add") .to("thrift://localhost:" + THRIFT_TEST_PORT + "/org.apache.camel.component.thrift.generated.Calculator?" - + "method=add&negotiationType=SSL&sslConfiguration=#sslConfig&synchronous=true"); + + "method=add&negotiationType=SSL&sslParameters=#sslParams&synchronous=true"); from("direct:thrift-secured-ping") .to("thrift://localhost:" + THRIFT_TEST_PORT + "/org.apache.camel.component.thrift.generated.Calculator?" - + "method=ping&negotiationType=SSL&sslConfiguration=#sslConfig&synchronous=true"); + + "method=ping&negotiationType=SSL&sslParameters=#sslParams&synchronous=true"); from("direct:thrift-secured-zip") .to("thrift://localhost:" + THRIFT_TEST_PORT + "/org.apache.camel.component.thrift.generated.Calculator?" - + "method=zip&negotiationType=SSL&sslConfiguration=#sslConfig&synchronous=true"); + + "method=zip&negotiationType=SSL&sslParameters=#sslParams&synchronous=true"); from("direct:thrift-secured-alltypes") .to("thrift://localhost:" + THRIFT_TEST_PORT + "/org.apache.camel.component.thrift.generated.Calculator?" - + "method=alltypes&negotiationType=SSL&sslConfiguration=#sslConfig&synchronous=true"); + + "method=alltypes&negotiationType=SSL&sslParameters=#sslParams&synchronous=true"); } }; } http://git-wip-us.apache.org/repos/asf/camel/blob/08a1c369/platforms/spring-boot/components-starter/camel-thrift-starter/src/main/java/org/apache/camel/component/thrift/springboot/ThriftComponentConfiguration.java ---------------------------------------------------------------------- diff --git a/platforms/spring-boot/components-starter/camel-thrift-starter/src/main/java/org/apache/camel/component/thrift/springboot/ThriftComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-thrift-starter/src/main/java/org/apache/camel/component/thrift/springboot/ThriftComponentConfiguration.java index cfa6a34..cb8b722 100644 --- a/platforms/spring-boot/components-starter/camel-thrift-starter/src/main/java/org/apache/camel/component/thrift/springboot/ThriftComponentConfiguration.java +++ b/platforms/spring-boot/components-starter/camel-thrift-starter/src/main/java/org/apache/camel/component/thrift/springboot/ThriftComponentConfiguration.java @@ -33,12 +33,25 @@ public class ThriftComponentConfiguration ComponentConfigurationPropertiesCommon { /** + * Determine if the thrift component is using global SSL context parameters + */ + private Boolean useGlobalSslContextParameters = false; + /** * Whether the component should resolve property placeholders on itself when * starting. Only properties which are of String type can use property * placeholders. */ private Boolean resolvePropertyPlaceholders = true; + public Boolean getUseGlobalSslContextParameters() { + return useGlobalSslContextParameters; + } + + public void setUseGlobalSslContextParameters( + Boolean useGlobalSslContextParameters) { + this.useGlobalSslContextParameters = useGlobalSslContextParameters; + } + public Boolean getResolvePropertyPlaceholders() { return resolvePropertyPlaceholders; }
