You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by "dk2k (via GitHub)" <gi...@apache.org> on 2023/04/26 10:46:05 UTC
[GitHub] [camel] dk2k opened a new pull request, #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k opened a new pull request, #9939:
URL: https://github.com/apache/camel/pull/9939
# Description
Introducing HTTPS for AS2 component.
I used this PR as a basis https://github.com/apache/camel/pull/8896
The current PR is compatible with main and 4.x branches. Later I will try handling backporting to 3.x branch
@McIntozh your comment would be much appreciated.
As for HTTPS support for AS2 for older versions. I used my middleware proxy application as a workaround - it accepts HTTP connections and sends them via HTTPS to remote server, works fine with mendelson server. The application https://github.com/dk2k/netty-https-proxy
# Target
`main` branch
# Tracking
Related to https://issues.apache.org/jira/browse/CAMEL-17946
# Testing
Updated the existing tests and added the test class MendelsonSslEndpointIT. In this class I send a message to HTTPS version of 3rd party Mendelson server - please see port 8444 in the settings. I do think it's good to provide this test - it documents the usage of AS2 client component with SSL. The test will be committed with annotation @Disabled due to it is strongly dependent on 3rd party remote server. The test in MendelsonSslEndpointIT works fine, I can see my messages in the web ui of Mendelson http://testas2.mendelson-e-c.com:8080/webas2/
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1180439445
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
I still hope to get more comments from other maintainers and contributors, I'm not in a rush. I think we need to calm down and don't take this PR personal.
I can agree that the test class's name for mendelson should be appended with "ManualTest" and not "IT" like now. But I don't understand why I should deliver a semi-prepared test class with a dependency on env variables instead of fully operational and friendly self-sustainable test class which matches all its requirements. Why a person would need to create env vars on his/her machine? They may intersect with existing vars, he/she may forget to remove them after all. That's an invasive approach.
I have another example for ManualTest class: https://github.com/apache/camel/blob/main/components/camel-cometd/src/test/java/org/apache/camel/component/cometd/CometdProducerConsumerInteractiveAuthenticatedManualTest.java
Lines 73-74 were last edited by you (I don't say that you were the initial author). And in these lines the test class reads a keystore file from a similar resource folder jsse palced in test section of the sources. The test class CometdProducerConsumerInteractiveAuthenticatedManualTest isn't environment aware. All the config variables are part of the test class. Why is it OK to have it like this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] oscerd commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "oscerd (via GitHub)" <gi...@apache.org>.
oscerd commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1180476346
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
What happen if the Mendelson some day will not work anymore? We need a way to be not dependant on this kind of 3rd party stuff. We are trying to do this in multiple components, by adding containerized services to run when needed. This is really not in line with what we are doing. If this will be disabled for a long time, it will be something maintainers will have to deal with in the future. So I would prefer a different solution, so anyone could maintain this piece of software.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] davsclaus commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "davsclaus (via GitHub)" <gi...@apache.org>.
davsclaus commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1527642821
Yeah we cannot have an automated test connects to some commercial company on the internet.
The test needs to have its hostname / port etc externally configured and turned off by default.
And ideally we should have wiremock tests with captured network communication so the test could run in isolation.
Or if there are some docker images we can run via test-containers to run the test in isolation.
So would it be possible for you to externalize that test case, eg make it read from src/test/resources/test-server.properties (or some similar name). And leave it with TODO insert server name here. And we can have that Mendelson mentioned in the properties file but turned off. Then end users can choose to turn that on and use it if they desire.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178042338
##########
components/camel-as2/camel-as2-component/pom.xml:
##########
@@ -64,6 +64,12 @@
<artifactId>camel-jetty</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>2.10.0</version>
+ <scope>test</scope>
+ </dependency>
Review Comment:
Will stick to 2.11.0 from the camel-parent POM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1527623848
@orpiske I agree that 3rd party stuff can rot and already stated that in the comment above the Mendelson test class. Please keep in mind that :
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
This comment is in the head of each source file ;)
By the way, should it be "expressed" instead of express?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] github-actions[bot] commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1523209906
:star2: Thank you for your contribution to the Apache Camel project! :star2:
:warning: Please note that the changes on this PR may be **tested automatically**.
If necessary Apache Camel Committers may access logs and test results in the job summaries!
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1180040542
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
Since there was no feedback, let me provide more clarity: what I am asking here is to implement something like this: https://github.com/apache/camel/blob/main/components/camel-kafka/src/test/java/org/apache/camel/component/kafka/integration/KafkaConsumerAuthManualTest.java
That is a manual test for connecting to an authenticated Kafka instance. I wrote to try it verify a problem an specific vendor of a managed Kafka service was having. As you can see in the linked test, there's no reference to any specific instance. I'd like this code to apply the same pattern.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178067125
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+ private static final String MENDELSON_CERT = "mendelson/key4.cer";
+ private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+ private final List<Certificate> chainAsList = new ArrayList<>();
+
+ private PrivateKey privateKey;
+ private SSLContext sslContext;
+
+ public void setupSslContext() {
+ try {
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+ sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+ .loadTrustMaterial(keyStore, new TrustAllStrategy())
+ .build();
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+
+ if (sslContext == null) {
+ throw new IllegalStateException("failed to configure SSL context");
+ }
+ }
+
+ private KeyStore getKeyStore(InputStream inputStream) throws IOException, NoSuchAlgorithmException {
+ String password = "test";
+ KeyStore ks;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ ks.load(inputStream, password.toCharArray());
+ return ks;
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
+ }
+
+ public void setupCertificateChain() {
+
+ InputStream mendelsonCertAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+ if (mendelsonCertAsStream == null) {
+ //LOG.error("Couldn't read out client certificate as stream.");
+ throw new IllegalStateException("Couldn't read out certificate as stream.");
+ }
+
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ if (mendelsonPrivateKeyAsStream == null) {
+ //LOG.error("Couldn't read out private key as stream.");
+ throw new IllegalStateException("Couldn't read out key storage as stream.");
+ }
+
+ try {
+ Certificate mendelsonCert = getCertificateFromStream(mendelsonCertAsStream);
+ chainAsList.add(mendelsonCert);
+
+ //private key
+ privateKey = getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+ } catch (IOException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. IO error when reading a byte array. " + e;
+ System.out.println(errMsg);
+ } catch (NoSuchAlgorithmException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. Requested algorithm isn't found. " + e;
+ System.out.println(errMsg);
+ } catch (CertificateException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. There is a certificate problem. " + e;
+ System.out.println(errMsg);
+ } catch (InvalidKeySpecException e) {
+ String errMsg = "Can not init private key store " + e;
+ System.out.println(errMsg);
+ }
+ }
+
+ public SSLContext getSslContext() {
+ return sslContext;
+ }
+
+ public Certificate[] getChain() {
+ if (chainAsList.size() > 0) {
+ Certificate[] arrayCert = new Certificate[chainAsList.size()];
+
+ for (int i = 0; i < chainAsList.size(); i++) {
+ arrayCert[i] = chainAsList.get(i);
+ }
+ return arrayCert;
+ } else {
+ return null;
+ }
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+
+ private List<Certificate> getCertificatesFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return (List<Certificate>) certificateFactory.generateCertificates(inputStream);
+ }
+
+ private Certificate getCertificateFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return certificateFactory.generateCertificate(inputStream);
+ }
+
+ //https://stackoverflow.com/questions/18644286/creating-privatekey-object-from-pkcs12
+ private PrivateKey getPrivateKeyFromPKCSStream(InputStream inputStream)
+ throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+ String password = "test";
+ KeyStore ks = null;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ }
+ try {
+ ks.load(inputStream, password.toCharArray());
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ try {
+ return (PrivateKey) ks.getKey(
+ ks.aliases().nextElement(),
+ password.toCharArray());
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ e.printStackTrace();
+ }
Review Comment:
fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] github-actions[bot] commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1526138742
### Components tested:
| Total | Tested | Failed :x: | Passed :white_check_mark: |
| --- | --- | --- | --- |
| 1 | 1 | 0 | 1 |
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1527618656
@davsclaus sounds a bit like catch 22 because I won't be able to make it more ready without additional comments. For now the logic delivered in the JAR artifact is complete and we discuss with @orpiske the aspects of integration tests
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1531676382
Let's merge and have some tests running overnight.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178045011
##########
components/camel-as2/camel-as2-component/src/test/resources/mendelson/key4.cer:
##########
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
Review Comment:
That's a bad practice. Other reviewer may have missed.
##########
components/camel-as2/camel-as2-component/src/test/resources/mendelson/key4.cer:
##########
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
Review Comment:
That's a bad practice. Other reviewers may have missed.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178066521
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonSslEndpointIT.java:
##########
@@ -0,0 +1,132 @@
+package org.apache.camel.component.as2;
+
+import java.nio.charset.Charset;
+
+import javax.net.ssl.HostnameVerifier;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Exchange;
+import org.apache.camel.component.as2.api.AS2EncryptionAlgorithm;
+import org.apache.camel.component.as2.api.AS2MessageStructure;
+import org.apache.camel.component.as2.api.AS2SignatureAlgorithm;
+import org.apache.camel.component.as2.internal.AS2ApiName;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Test class for testing connection to a public 3rd party AS2 server Mendelson. This class gives more info for
+ * camel-as2 connectivity to a remote server compared to HTTPS connection to localhost server. Eventually test method(s)
+ * will be committed with @Disabled annotation due to they can fail because the mendelson server goes offline or the
+ * certificate expires. I assume we don't want a build to fail because of such 3rd party connectivity dependency.
+ * Mendelson page: http://mendelson-e-c.com/as2_testserver
+ */
+public class MendelsonSslEndpointIT extends AbstractAS2ITSupport {
+
+ private static final Logger LOG = LoggerFactory.getLogger(MendelsonSslEndpointIT.class);
+ private MendelsonCertLoader mendelsonCertLoader;
+ private static HostnameVerifier hostnameVerifier;
+
+ private static final String[] SIGNED_RECEIPT_MIC_ALGORITHMS = new String[] { "sha1", "md5" };
+
+ private static final String EDI_MESSAGE = "UNB+UNOA:1+005435656:1+006415160:1+060515:1434+00000000000778'\n"
+ + "UNH+00000000000117+INVOIC:D:97B:UN'\n"
+ + "BGM+380+342459+9'\n"
+ + "DTM+3:20060515:102'\n"
+ + "RFF+ON:521052'\n"
+ + "NAD+BY+792820524::16++CUMMINS MID-RANGE ENGINE PLANT'\n"
+ + "NAD+SE+005435656::16++GENERAL WIDGET COMPANY'\n"
+ + "CUX+1:USD'\n"
+ + "LIN+1++157870:IN'\n"
+ + "IMD+F++:::WIDGET'\n"
+ + "QTY+47:1020:EA'\n"
+ + "ALI+US'\n"
+ + "MOA+203:1202.58'\n"
+ + "PRI+INV:1.179'\n"
+ + "LIN+2++157871:IN'\n"
+ + "IMD+F++:::Message from Camel AS2 via HTTPS'\n"
+ + "QTY+47:20:EA'\n"
+ + "ALI+JP'\n"
+ + "MOA+203:410'\n"
+ + "PRI+INV:20.5'\n"
+ + "UNS+S'\n"
+ + "MOA+39:2137.58'\n"
+ + "ALC+C+ABG'\n"
+ + "MOA+8:525'\n"
+ + "UNT+23+00000000000117'\n"
+ + "UNZ+1+00000000000778'\n";
+
+ @BeforeAll
+ public void setupTest() {
+ hostnameVerifier = new NoopHostnameVerifier();
+ mendelsonCertLoader = new MendelsonCertLoader();
+ mendelsonCertLoader.setupCertificateChain();
+ mendelsonCertLoader.setupSslContext();
+ }
+
+ @Disabled
+ @Test
+ public void testCreateEndpointAndSendViaHTTPS() throws Exception {
+ CamelContext camelContext = new DefaultCamelContext();
+ camelContext.start();
+
+ org.apache.http.entity.ContentType contentTypeEdifact
+ = org.apache.http.entity.ContentType.create("application/edifact", (Charset) null);
+
+ String methodName = "send";
+ AS2ApiName as2ApiNameClient = AS2ApiName.CLIENT;
+
+ AS2Configuration endpointConfiguration = new AS2Configuration();
+ endpointConfiguration.setApiName(as2ApiNameClient);
+ endpointConfiguration.setMethodName(methodName);
+ endpointConfiguration.setRequestUri("/as2/HttpReceiver");
+ endpointConfiguration.setSignedReceiptMicAlgorithms(SIGNED_RECEIPT_MIC_ALGORITHMS);
+
+ endpointConfiguration.setAs2MessageStructure(AS2MessageStructure.SIGNED_ENCRYPTED);
+ endpointConfiguration.setSigningAlgorithm(AS2SignatureAlgorithm.SHA3_256WITHRSA);
+ endpointConfiguration.setEncryptingAlgorithm(AS2EncryptionAlgorithm.DES_EDE3_CBC);
+ endpointConfiguration.setSigningCertificateChain(mendelsonCertLoader.getChain());
+ endpointConfiguration.setSigningPrivateKey(mendelsonCertLoader.getPrivateKey());
+ endpointConfiguration.setEncryptingCertificateChain(mendelsonCertLoader.getChain());
+
+ endpointConfiguration.setAs2Version("1.0");
+ endpointConfiguration.setAs2To("mendelsontestAS2");
+ endpointConfiguration.setAs2From("mycompanyAS2");
+ endpointConfiguration.setEdiMessageType(contentTypeEdifact);
+ endpointConfiguration.setFrom("dk2kEdi");
+ endpointConfiguration.setSubject("mysubject");
+ endpointConfiguration.setSigningAlgorithm(AS2SignatureAlgorithm.MD2WITHRSA);
+ endpointConfiguration.setEdiMessageTransferEncoding("7bit");
+ endpointConfiguration.setAttachedFileName("from_camel.txt");
+
+ endpointConfiguration.setSslContext(mendelsonCertLoader.getSslContext());
+ endpointConfiguration.setHostnameVerifier(hostnameVerifier);
+
+ AS2Component as2Component = new AS2Component();
+ as2Component.setCamelContext(camelContext);
+ as2Component.setConfiguration(endpointConfiguration);
+ as2Component.start();
+
+ AS2Endpoint endpoint = (AS2Endpoint) as2Component
+ .createEndpoint("as2://client/send?targetHostName=testas2.mendelson-e-c.com"
+ + "&targetPortNumber=8444&inBody=ediMessage&requestUri=/as2/HttpReceiver" +
+ "&ediMessageContentType=application/edifact" +
+ "&signingAlgorithm=SHA3_256WITHRSA");
+
+ Assertions.assertEquals("mycompanyAS2", endpoint.getAs2From());
+ Assertions.assertEquals("mendelsontestAS2", endpoint.getAs2To());
+ Assertions.assertEquals("dk2kEdi", endpoint.getFrom());
Review Comment:
The entire idea of this test class is to bound it to a public AS2 service. It contains "Mendelson" in the class name
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1180042072
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonSslEndpointIT.java:
##########
@@ -0,0 +1,132 @@
+package org.apache.camel.component.as2;
+
+import java.nio.charset.Charset;
+
+import javax.net.ssl.HostnameVerifier;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Exchange;
+import org.apache.camel.component.as2.api.AS2EncryptionAlgorithm;
+import org.apache.camel.component.as2.api.AS2MessageStructure;
+import org.apache.camel.component.as2.api.AS2SignatureAlgorithm;
+import org.apache.camel.component.as2.internal.AS2ApiName;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Test class for testing connection to a public 3rd party AS2 server Mendelson. This class gives more info for
+ * camel-as2 connectivity to a remote server compared to HTTPS connection to localhost server. Eventually test method(s)
+ * will be committed with @Disabled annotation due to they can fail because the mendelson server goes offline or the
+ * certificate expires. I assume we don't want a build to fail because of such 3rd party connectivity dependency.
+ * Mendelson page: http://mendelson-e-c.com/as2_testserver
+ */
+public class MendelsonSslEndpointIT extends AbstractAS2ITSupport {
+
+ private static final Logger LOG = LoggerFactory.getLogger(MendelsonSslEndpointIT.class);
+ private MendelsonCertLoader mendelsonCertLoader;
+ private static HostnameVerifier hostnameVerifier;
+
+ private static final String[] SIGNED_RECEIPT_MIC_ALGORITHMS = new String[] { "sha1", "md5" };
+
+ private static final String EDI_MESSAGE = "UNB+UNOA:1+005435656:1+006415160:1+060515:1434+00000000000778'\n"
+ + "UNH+00000000000117+INVOIC:D:97B:UN'\n"
+ + "BGM+380+342459+9'\n"
+ + "DTM+3:20060515:102'\n"
+ + "RFF+ON:521052'\n"
+ + "NAD+BY+792820524::16++CUMMINS MID-RANGE ENGINE PLANT'\n"
+ + "NAD+SE+005435656::16++GENERAL WIDGET COMPANY'\n"
+ + "CUX+1:USD'\n"
+ + "LIN+1++157870:IN'\n"
+ + "IMD+F++:::WIDGET'\n"
+ + "QTY+47:1020:EA'\n"
+ + "ALI+US'\n"
+ + "MOA+203:1202.58'\n"
+ + "PRI+INV:1.179'\n"
+ + "LIN+2++157871:IN'\n"
+ + "IMD+F++:::Message from Camel AS2 via HTTPS'\n"
+ + "QTY+47:20:EA'\n"
+ + "ALI+JP'\n"
+ + "MOA+203:410'\n"
+ + "PRI+INV:20.5'\n"
+ + "UNS+S'\n"
+ + "MOA+39:2137.58'\n"
+ + "ALC+C+ABG'\n"
+ + "MOA+8:525'\n"
+ + "UNT+23+00000000000117'\n"
+ + "UNZ+1+00000000000778'\n";
+
+ @BeforeAll
+ public void setupTest() {
+ hostnameVerifier = new NoopHostnameVerifier();
+ mendelsonCertLoader = new MendelsonCertLoader();
+ mendelsonCertLoader.setupCertificateChain();
+ mendelsonCertLoader.setupSslContext();
+ }
+
+ @Disabled
+ @Test
+ public void testCreateEndpointAndSendViaHTTPS() throws Exception {
+ CamelContext camelContext = new DefaultCamelContext();
+ camelContext.start();
+
+ org.apache.http.entity.ContentType contentTypeEdifact
+ = org.apache.http.entity.ContentType.create("application/edifact", (Charset) null);
+
+ String methodName = "send";
+ AS2ApiName as2ApiNameClient = AS2ApiName.CLIENT;
+
+ AS2Configuration endpointConfiguration = new AS2Configuration();
+ endpointConfiguration.setApiName(as2ApiNameClient);
+ endpointConfiguration.setMethodName(methodName);
+ endpointConfiguration.setRequestUri("/as2/HttpReceiver");
+ endpointConfiguration.setSignedReceiptMicAlgorithms(SIGNED_RECEIPT_MIC_ALGORITHMS);
+
+ endpointConfiguration.setAs2MessageStructure(AS2MessageStructure.SIGNED_ENCRYPTED);
+ endpointConfiguration.setSigningAlgorithm(AS2SignatureAlgorithm.SHA3_256WITHRSA);
+ endpointConfiguration.setEncryptingAlgorithm(AS2EncryptionAlgorithm.DES_EDE3_CBC);
+ endpointConfiguration.setSigningCertificateChain(mendelsonCertLoader.getChain());
+ endpointConfiguration.setSigningPrivateKey(mendelsonCertLoader.getPrivateKey());
+ endpointConfiguration.setEncryptingCertificateChain(mendelsonCertLoader.getChain());
+
+ endpointConfiguration.setAs2Version("1.0");
+ endpointConfiguration.setAs2To("mendelsontestAS2");
+ endpointConfiguration.setAs2From("mycompanyAS2");
+ endpointConfiguration.setEdiMessageType(contentTypeEdifact);
+ endpointConfiguration.setFrom("dk2kEdi");
+ endpointConfiguration.setSubject("mysubject");
+ endpointConfiguration.setSigningAlgorithm(AS2SignatureAlgorithm.MD2WITHRSA);
+ endpointConfiguration.setEdiMessageTransferEncoding("7bit");
+ endpointConfiguration.setAttachedFileName("from_camel.txt");
+
+ endpointConfiguration.setSslContext(mendelsonCertLoader.getSslContext());
+ endpointConfiguration.setHostnameVerifier(hostnameVerifier);
+
+ AS2Component as2Component = new AS2Component();
+ as2Component.setCamelContext(camelContext);
+ as2Component.setConfiguration(endpointConfiguration);
+ as2Component.start();
+
+ AS2Endpoint endpoint = (AS2Endpoint) as2Component
+ .createEndpoint("as2://client/send?targetHostName=testas2.mendelson-e-c.com"
+ + "&targetPortNumber=8444&inBody=ediMessage&requestUri=/as2/HttpReceiver" +
+ "&ediMessageContentType=application/edifact" +
+ "&signingAlgorithm=SHA3_256WITHRSA");
+
+ Assertions.assertEquals("mycompanyAS2", endpoint.getAs2From());
+ Assertions.assertEquals("mendelsontestAS2", endpoint.getAs2To());
+ Assertions.assertEquals("dk2kEdi", endpoint.getFrom());
Review Comment:
See my notes [here](https://github.com/apache/camel/pull/9939#discussion_r1180040542).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] github-actions[bot] commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1527897112
### Components tested:
| Total | Tested | Failed :x: | Passed :white_check_mark: |
| --- | --- | --- | --- |
| 1 | 1 | 0 | 1 |
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] github-actions[bot] commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.
github-actions[bot] commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1523766171
### Components tested:
| Total | Tested | Failed :x: | Passed :white_check_mark: |
| --- | --- | --- | --- |
| 1 | 1 | 1 | 0 |
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1177740111
##########
components/camel-as2/camel-as2-component/src/test/resources/mendelson/key4.cer:
##########
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
Review Comment:
This file should be provided via parameters instead of being kept in the code base (i.e.: `mvn -Das2.http.key=/path/to/key`).
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonSslEndpointIT.java:
##########
@@ -0,0 +1,132 @@
+package org.apache.camel.component.as2;
+
+import java.nio.charset.Charset;
+
+import javax.net.ssl.HostnameVerifier;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Exchange;
+import org.apache.camel.component.as2.api.AS2EncryptionAlgorithm;
+import org.apache.camel.component.as2.api.AS2MessageStructure;
+import org.apache.camel.component.as2.api.AS2SignatureAlgorithm;
+import org.apache.camel.component.as2.internal.AS2ApiName;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Test class for testing connection to a public 3rd party AS2 server Mendelson. This class gives more info for
+ * camel-as2 connectivity to a remote server compared to HTTPS connection to localhost server. Eventually test method(s)
+ * will be committed with @Disabled annotation due to they can fail because the mendelson server goes offline or the
+ * certificate expires. I assume we don't want a build to fail because of such 3rd party connectivity dependency.
+ * Mendelson page: http://mendelson-e-c.com/as2_testserver
+ */
+public class MendelsonSslEndpointIT extends AbstractAS2ITSupport {
+
+ private static final Logger LOG = LoggerFactory.getLogger(MendelsonSslEndpointIT.class);
+ private MendelsonCertLoader mendelsonCertLoader;
+ private static HostnameVerifier hostnameVerifier;
+
+ private static final String[] SIGNED_RECEIPT_MIC_ALGORITHMS = new String[] { "sha1", "md5" };
+
+ private static final String EDI_MESSAGE = "UNB+UNOA:1+005435656:1+006415160:1+060515:1434+00000000000778'\n"
+ + "UNH+00000000000117+INVOIC:D:97B:UN'\n"
+ + "BGM+380+342459+9'\n"
+ + "DTM+3:20060515:102'\n"
+ + "RFF+ON:521052'\n"
+ + "NAD+BY+792820524::16++CUMMINS MID-RANGE ENGINE PLANT'\n"
+ + "NAD+SE+005435656::16++GENERAL WIDGET COMPANY'\n"
+ + "CUX+1:USD'\n"
+ + "LIN+1++157870:IN'\n"
+ + "IMD+F++:::WIDGET'\n"
+ + "QTY+47:1020:EA'\n"
+ + "ALI+US'\n"
+ + "MOA+203:1202.58'\n"
+ + "PRI+INV:1.179'\n"
+ + "LIN+2++157871:IN'\n"
+ + "IMD+F++:::Message from Camel AS2 via HTTPS'\n"
+ + "QTY+47:20:EA'\n"
+ + "ALI+JP'\n"
+ + "MOA+203:410'\n"
+ + "PRI+INV:20.5'\n"
+ + "UNS+S'\n"
+ + "MOA+39:2137.58'\n"
+ + "ALC+C+ABG'\n"
+ + "MOA+8:525'\n"
+ + "UNT+23+00000000000117'\n"
+ + "UNZ+1+00000000000778'\n";
+
+ @BeforeAll
+ public void setupTest() {
+ hostnameVerifier = new NoopHostnameVerifier();
+ mendelsonCertLoader = new MendelsonCertLoader();
+ mendelsonCertLoader.setupCertificateChain();
+ mendelsonCertLoader.setupSslContext();
+ }
+
+ @Disabled
+ @Test
+ public void testCreateEndpointAndSendViaHTTPS() throws Exception {
+ CamelContext camelContext = new DefaultCamelContext();
+ camelContext.start();
+
+ org.apache.http.entity.ContentType contentTypeEdifact
+ = org.apache.http.entity.ContentType.create("application/edifact", (Charset) null);
+
+ String methodName = "send";
+ AS2ApiName as2ApiNameClient = AS2ApiName.CLIENT;
+
+ AS2Configuration endpointConfiguration = new AS2Configuration();
+ endpointConfiguration.setApiName(as2ApiNameClient);
+ endpointConfiguration.setMethodName(methodName);
+ endpointConfiguration.setRequestUri("/as2/HttpReceiver");
+ endpointConfiguration.setSignedReceiptMicAlgorithms(SIGNED_RECEIPT_MIC_ALGORITHMS);
+
+ endpointConfiguration.setAs2MessageStructure(AS2MessageStructure.SIGNED_ENCRYPTED);
+ endpointConfiguration.setSigningAlgorithm(AS2SignatureAlgorithm.SHA3_256WITHRSA);
+ endpointConfiguration.setEncryptingAlgorithm(AS2EncryptionAlgorithm.DES_EDE3_CBC);
+ endpointConfiguration.setSigningCertificateChain(mendelsonCertLoader.getChain());
+ endpointConfiguration.setSigningPrivateKey(mendelsonCertLoader.getPrivateKey());
+ endpointConfiguration.setEncryptingCertificateChain(mendelsonCertLoader.getChain());
+
+ endpointConfiguration.setAs2Version("1.0");
+ endpointConfiguration.setAs2To("mendelsontestAS2");
+ endpointConfiguration.setAs2From("mycompanyAS2");
+ endpointConfiguration.setEdiMessageType(contentTypeEdifact);
+ endpointConfiguration.setFrom("dk2kEdi");
+ endpointConfiguration.setSubject("mysubject");
+ endpointConfiguration.setSigningAlgorithm(AS2SignatureAlgorithm.MD2WITHRSA);
+ endpointConfiguration.setEdiMessageTransferEncoding("7bit");
+ endpointConfiguration.setAttachedFileName("from_camel.txt");
+
+ endpointConfiguration.setSslContext(mendelsonCertLoader.getSslContext());
+ endpointConfiguration.setHostnameVerifier(hostnameVerifier);
+
+ AS2Component as2Component = new AS2Component();
+ as2Component.setCamelContext(camelContext);
+ as2Component.setConfiguration(endpointConfiguration);
+ as2Component.start();
+
+ AS2Endpoint endpoint = (AS2Endpoint) as2Component
+ .createEndpoint("as2://client/send?targetHostName=testas2.mendelson-e-c.com"
+ + "&targetPortNumber=8444&inBody=ediMessage&requestUri=/as2/HttpReceiver" +
+ "&ediMessageContentType=application/edifact" +
+ "&signingAlgorithm=SHA3_256WITHRSA");
+
+ Assertions.assertEquals("mycompanyAS2", endpoint.getAs2From());
+ Assertions.assertEquals("mendelsontestAS2", endpoint.getAs2To());
+ Assertions.assertEquals("dk2kEdi", endpoint.getFrom());
Review Comment:
These values taken for the assertion expectations should be configurable so that they are not bound to this specific AS2 instance.
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+ private static final String MENDELSON_CERT = "mendelson/key4.cer";
+ private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+ private final List<Certificate> chainAsList = new ArrayList<>();
+
+ private PrivateKey privateKey;
+ private SSLContext sslContext;
+
+ public void setupSslContext() {
+ try {
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+ sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+ .loadTrustMaterial(keyStore, new TrustAllStrategy())
+ .build();
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+
+ if (sslContext == null) {
+ throw new IllegalStateException("failed to configure SSL context");
+ }
+ }
+
+ private KeyStore getKeyStore(InputStream inputStream) throws IOException, NoSuchAlgorithmException {
+ String password = "test";
+ KeyStore ks;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ ks.load(inputStream, password.toCharArray());
+ return ks;
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
+ }
+
+ public void setupCertificateChain() {
+
+ InputStream mendelsonCertAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+ if (mendelsonCertAsStream == null) {
+ //LOG.error("Couldn't read out client certificate as stream.");
+ throw new IllegalStateException("Couldn't read out certificate as stream.");
+ }
+
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ if (mendelsonPrivateKeyAsStream == null) {
+ //LOG.error("Couldn't read out private key as stream.");
+ throw new IllegalStateException("Couldn't read out key storage as stream.");
+ }
+
+ try {
+ Certificate mendelsonCert = getCertificateFromStream(mendelsonCertAsStream);
+ chainAsList.add(mendelsonCert);
+
+ //private key
+ privateKey = getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+ } catch (IOException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. IO error when reading a byte array. " + e;
+ System.out.println(errMsg);
+ } catch (NoSuchAlgorithmException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. Requested algorithm isn't found. " + e;
+ System.out.println(errMsg);
+ } catch (CertificateException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. There is a certificate problem. " + e;
+ System.out.println(errMsg);
+ } catch (InvalidKeySpecException e) {
+ String errMsg = "Can not init private key store " + e;
+ System.out.println(errMsg);
+ }
+ }
+
+ public SSLContext getSslContext() {
+ return sslContext;
+ }
+
+ public Certificate[] getChain() {
+ if (chainAsList.size() > 0) {
+ Certificate[] arrayCert = new Certificate[chainAsList.size()];
+
+ for (int i = 0; i < chainAsList.size(); i++) {
+ arrayCert[i] = chainAsList.get(i);
+ }
+ return arrayCert;
+ } else {
+ return null;
+ }
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+
+ private List<Certificate> getCertificatesFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return (List<Certificate>) certificateFactory.generateCertificates(inputStream);
+ }
+
+ private Certificate getCertificateFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return certificateFactory.generateCertificate(inputStream);
+ }
+
+ //https://stackoverflow.com/questions/18644286/creating-privatekey-object-from-pkcs12
+ private PrivateKey getPrivateKeyFromPKCSStream(InputStream inputStream)
+ throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+ String password = "test";
+ KeyStore ks = null;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ }
+ try {
+ ks.load(inputStream, password.toCharArray());
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ try {
+ return (PrivateKey) ks.getKey(
+ ks.aliases().nextElement(),
+ password.toCharArray());
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ e.printStackTrace();
+ }
Review Comment:
I believe all these exceptions being caught in this block should be logged.
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+ private static final String MENDELSON_CERT = "mendelson/key4.cer";
+ private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+ private final List<Certificate> chainAsList = new ArrayList<>();
+
+ private PrivateKey privateKey;
+ private SSLContext sslContext;
+
+ public void setupSslContext() {
+ try {
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+ sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+ .loadTrustMaterial(keyStore, new TrustAllStrategy())
+ .build();
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+
+ if (sslContext == null) {
+ throw new IllegalStateException("failed to configure SSL context");
+ }
+ }
+
+ private KeyStore getKeyStore(InputStream inputStream) throws IOException, NoSuchAlgorithmException {
+ String password = "test";
+ KeyStore ks;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ ks.load(inputStream, password.toCharArray());
+ return ks;
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
+ }
+
+ public void setupCertificateChain() {
+
+ InputStream mendelsonCertAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+ if (mendelsonCertAsStream == null) {
+ //LOG.error("Couldn't read out client certificate as stream.");
+ throw new IllegalStateException("Couldn't read out certificate as stream.");
+ }
+
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ if (mendelsonPrivateKeyAsStream == null) {
+ //LOG.error("Couldn't read out private key as stream.");
+ throw new IllegalStateException("Couldn't read out key storage as stream.");
+ }
+
+ try {
+ Certificate mendelsonCert = getCertificateFromStream(mendelsonCertAsStream);
+ chainAsList.add(mendelsonCert);
+
+ //private key
+ privateKey = getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+ } catch (IOException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. IO error when reading a byte array. " + e;
+ System.out.println(errMsg);
+ } catch (NoSuchAlgorithmException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. Requested algorithm isn't found. " + e;
+ System.out.println(errMsg);
+ } catch (CertificateException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. There is a certificate problem. " + e;
+ System.out.println(errMsg);
+ } catch (InvalidKeySpecException e) {
+ String errMsg = "Can not init private key store " + e;
+ System.out.println(errMsg);
+ }
Review Comment:
I believe all the messages being sent to the `stdout` here should be handled by a logger.
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+ private static final String MENDELSON_CERT = "mendelson/key4.cer";
+ private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+ private final List<Certificate> chainAsList = new ArrayList<>();
+
+ private PrivateKey privateKey;
+ private SSLContext sslContext;
+
+ public void setupSslContext() {
+ try {
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+ sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+ .loadTrustMaterial(keyStore, new TrustAllStrategy())
+ .build();
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+
+ if (sslContext == null) {
+ throw new IllegalStateException("failed to configure SSL context");
+ }
+ }
+
+ private KeyStore getKeyStore(InputStream inputStream) throws IOException, NoSuchAlgorithmException {
+ String password = "test";
+ KeyStore ks;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ ks.load(inputStream, password.toCharArray());
+ return ks;
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
+ }
+
+ public void setupCertificateChain() {
+
+ InputStream mendelsonCertAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+ if (mendelsonCertAsStream == null) {
+ //LOG.error("Couldn't read out client certificate as stream.");
+ throw new IllegalStateException("Couldn't read out certificate as stream.");
+ }
+
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ if (mendelsonPrivateKeyAsStream == null) {
+ //LOG.error("Couldn't read out private key as stream.");
+ throw new IllegalStateException("Couldn't read out key storage as stream.");
+ }
+
+ try {
+ Certificate mendelsonCert = getCertificateFromStream(mendelsonCertAsStream);
+ chainAsList.add(mendelsonCert);
+
+ //private key
+ privateKey = getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+ } catch (IOException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. IO error when reading a byte array. " + e;
+ System.out.println(errMsg);
+ } catch (NoSuchAlgorithmException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. Requested algorithm isn't found. " + e;
+ System.out.println(errMsg);
+ } catch (CertificateException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. There is a certificate problem. " + e;
+ System.out.println(errMsg);
+ } catch (InvalidKeySpecException e) {
+ String errMsg = "Can not init private key store " + e;
+ System.out.println(errMsg);
+ }
+ }
+
+ public SSLContext getSslContext() {
+ return sslContext;
+ }
+
+ public Certificate[] getChain() {
+ if (chainAsList.size() > 0) {
+ Certificate[] arrayCert = new Certificate[chainAsList.size()];
+
+ for (int i = 0; i < chainAsList.size(); i++) {
+ arrayCert[i] = chainAsList.get(i);
+ }
+ return arrayCert;
+ } else {
+ return null;
+ }
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+
+ private List<Certificate> getCertificatesFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return (List<Certificate>) certificateFactory.generateCertificates(inputStream);
+ }
+
+ private Certificate getCertificateFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return certificateFactory.generateCertificate(inputStream);
+ }
+
+ //https://stackoverflow.com/questions/18644286/creating-privatekey-object-from-pkcs12
+ private PrivateKey getPrivateKeyFromPKCSStream(InputStream inputStream)
+ throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+ String password = "test";
+ KeyStore ks = null;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ }
+ try {
+ ks.load(inputStream, password.toCharArray());
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ try {
+ return (PrivateKey) ks.getKey(
+ ks.aliases().nextElement(),
+ password.toCharArray());
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
Review Comment:
Maybe provide a better error message here.
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
I am not entirely sure we want this file as it is. This is tied to an specific instance of a service. Instead, I think it would be better to make it generic and configurable, so that anyone willing to test with a different instance could do so.
##########
components/camel-as2/camel-as2-component/pom.xml:
##########
@@ -64,6 +64,12 @@
<artifactId>camel-jetty</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>commons-io</groupId>
+ <artifactId>commons-io</artifactId>
+ <version>2.10.0</version>
+ <scope>test</scope>
+ </dependency>
Review Comment:
This likely needs to be correctly aligned w/ the `commons-io` version we use.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178071245
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
I'm not sure that the requested changes are in the scope of the ticket CAMEL-17946. Maybe we need another ticket like "Provide versatile testing harness for AS2 component".
Let me explain the situation. All the Mendelson-related classes are in the test folder, they aren't part of AS2 JAR artifact. My idea was to provide a basic mechanism so that interested persons can verify my results for HTTPS AS2 connection - scientific approach. I din't aim to provide a versatile mechanism. Mendelson is almost the only public resource for testing, it was mentioned in https://github.com/apache/camel/pull/8896 and not by me. It doesn't bring something proprietary into the code base.
Important facts about Mendelson resource. It provides concrete type of private key and keystore. And its certificate chain is degenerated - consists of the only certificate. Furthermore, the same certificate chain is used for encryption and signing.
The only Mendelson test method is @Disabled by default.
It is important to test AS2 connection to non-localhost server due to it's the only way to test the behaviour of the new config param HostnameVerifier.
One other PRO: it was difficult to construct SSLContext from scratch for me. If I could choose, I would prefer to have real-life code examples in the code base.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178111915
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
What I am considering here is: if this is disabled, it won't be tested often. If it won't be tested often, the code will rot and it will be upon us (maintainers/committers) to figure out - several months in the future - if it's still relevant or not (and, as things change, certificates get expired, etc) it's one hell of a pain to update and fix things on these obscure technologies.
So, by making it generic and configurable ... users themselves can handle this and put more burden on the maintainers.
I am -1 on this, but let's see what others have to say.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178040863
##########
components/camel-as2/camel-as2-component/src/test/resources/mendelson/key4.cer:
##########
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
Review Comment:
I don't think having Mendelson certificates (provided by this resource and saved as is) in a separate folder is an issue. The similar folder jsse with the certificates got approved in https://github.com/apache/camel/pull/8896 as I can see. The both folders never leak into the AS2 artifact.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1527617795
> Thanks for working on this. I dont have time to go deep in the review until its more ready. At that time, it may be easier to create a new clean PR if this one ends up with too many comments, changes etc.
I think it's mostly OK, but I think we need to avoid keeping data related to specific service instances on the internet (even more so for things that we don't have deep knowledge about). These things tend to rot very quickly - and we are still cleaning up stuff like this that was added in the past (!!!!). Which is why I have a -1 on this.
So, as far as I am concerned, all it needs is to remove the service-specific bits and it should be ready to go.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1180779656
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
I'm not sure that disabled by default test can be considered a dependency. It's just good manners: showing a way a person can establish HTTPS AS2 connection to non-localhost server.
If Mendelson goes down, just remove two classes with Mendelson in the name, the test/resource folder mendelson and the file test-server.properties. I will be able to do that myself. No hurt feelings on my side then :)
I think dockerization of AS2 server is beyond the scope of the ticket CAMEL-17946
Besides, what exactly are you going to dockerize? Camel AS2 server component? Both Camel AS2 server and client can have issues which will allow them to communicate, but not to other AS2-compliant server (what if the sources of both client and server suffer from the same issue?). Another point: it's important to test HTTPS connection to non-localhost server - test the new HostnameVerifier field. Will docker allow that?
I'm not sure you have seen my latest commit with moving Mendelson connection settings to a property file as per @davsclaus 's comment. Now a person needs to turn on 2 "knobs" to connect to Mendelson:
- remove/comment @Disabled annotation
- explicitly set Mendelson hostname in the properties.
Please let me know if the latest commit mitigates or even eliminates your concerns. If it dosen't, I will remove all Mendelson-related stuff.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] davsclaus commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "davsclaus (via GitHub)" <gi...@apache.org>.
davsclaus commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1527607580
Thanks for working on this. I dont have time to go deep in the review until its more ready. At that time, it may be easier to create a new clean PR if this one ends up with too many comments, changes etc.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "dk2k (via GitHub)" <gi...@apache.org>.
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178067394
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+ private static final String MENDELSON_CERT = "mendelson/key4.cer";
+ private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+ private final List<Certificate> chainAsList = new ArrayList<>();
+
+ private PrivateKey privateKey;
+ private SSLContext sslContext;
+
+ public void setupSslContext() {
+ try {
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+ sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+ .loadTrustMaterial(keyStore, new TrustAllStrategy())
+ .build();
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+
+ if (sslContext == null) {
+ throw new IllegalStateException("failed to configure SSL context");
+ }
+ }
+
+ private KeyStore getKeyStore(InputStream inputStream) throws IOException, NoSuchAlgorithmException {
+ String password = "test";
+ KeyStore ks;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ ks.load(inputStream, password.toCharArray());
+ return ks;
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
+ }
+
+ public void setupCertificateChain() {
+
+ InputStream mendelsonCertAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+ if (mendelsonCertAsStream == null) {
+ //LOG.error("Couldn't read out client certificate as stream.");
+ throw new IllegalStateException("Couldn't read out certificate as stream.");
+ }
+
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ if (mendelsonPrivateKeyAsStream == null) {
+ //LOG.error("Couldn't read out private key as stream.");
+ throw new IllegalStateException("Couldn't read out key storage as stream.");
+ }
+
+ try {
+ Certificate mendelsonCert = getCertificateFromStream(mendelsonCertAsStream);
+ chainAsList.add(mendelsonCert);
+
+ //private key
+ privateKey = getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+ } catch (IOException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. IO error when reading a byte array. " + e;
+ System.out.println(errMsg);
+ } catch (NoSuchAlgorithmException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. Requested algorithm isn't found. " + e;
+ System.out.println(errMsg);
+ } catch (CertificateException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. There is a certificate problem. " + e;
+ System.out.println(errMsg);
+ } catch (InvalidKeySpecException e) {
+ String errMsg = "Can not init private key store " + e;
+ System.out.println(errMsg);
+ }
+ }
+
+ public SSLContext getSslContext() {
+ return sslContext;
+ }
+
+ public Certificate[] getChain() {
+ if (chainAsList.size() > 0) {
+ Certificate[] arrayCert = new Certificate[chainAsList.size()];
+
+ for (int i = 0; i < chainAsList.size(); i++) {
+ arrayCert[i] = chainAsList.get(i);
+ }
+ return arrayCert;
+ } else {
+ return null;
+ }
+ }
+
+ public PrivateKey getPrivateKey() {
+ return privateKey;
+ }
+
+ private List<Certificate> getCertificatesFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return (List<Certificate>) certificateFactory.generateCertificates(inputStream);
+ }
+
+ private Certificate getCertificateFromStream(InputStream inputStream) throws IOException, CertificateException {
+ CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
+ return certificateFactory.generateCertificate(inputStream);
+ }
+
+ //https://stackoverflow.com/questions/18644286/creating-privatekey-object-from-pkcs12
+ private PrivateKey getPrivateKeyFromPKCSStream(InputStream inputStream)
+ throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
+ String password = "test";
+ KeyStore ks = null;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ }
+ try {
+ ks.load(inputStream, password.toCharArray());
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ try {
+ return (PrivateKey) ks.getKey(
+ ks.aliases().nextElement(),
+ password.toCharArray());
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (UnrecoverableKeyException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
Review Comment:
fixed
##########
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##########
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain, private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+ private static final String MENDELSON_CERT = "mendelson/key4.cer";
+ private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+ private final List<Certificate> chainAsList = new ArrayList<>();
+
+ private PrivateKey privateKey;
+ private SSLContext sslContext;
+
+ public void setupSslContext() {
+ try {
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+ sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+ .loadTrustMaterial(keyStore, new TrustAllStrategy())
+ .build();
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (KeyManagementException e) {
+ e.printStackTrace();
+ } catch (IOException e) {
+ e.printStackTrace();
+ } catch (NoSuchAlgorithmException e) {
+ e.printStackTrace();
+ }
+
+ if (sslContext == null) {
+ throw new IllegalStateException("failed to configure SSL context");
+ }
+ }
+
+ private KeyStore getKeyStore(InputStream inputStream) throws IOException, NoSuchAlgorithmException {
+ String password = "test";
+ KeyStore ks;
+ try {
+ ks = KeyStore.getInstance("PKCS12");
+ ks.load(inputStream, password.toCharArray());
+ return ks;
+ } catch (KeyStoreException e) {
+ e.printStackTrace();
+ } catch (CertificateException e) {
+ e.printStackTrace();
+ }
+ throw new IllegalStateException("about to return null");
+ }
+
+ public void setupCertificateChain() {
+
+ InputStream mendelsonCertAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+ if (mendelsonCertAsStream == null) {
+ //LOG.error("Couldn't read out client certificate as stream.");
+ throw new IllegalStateException("Couldn't read out certificate as stream.");
+ }
+
+ InputStream mendelsonPrivateKeyAsStream = getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+ if (mendelsonPrivateKeyAsStream == null) {
+ //LOG.error("Couldn't read out private key as stream.");
+ throw new IllegalStateException("Couldn't read out key storage as stream.");
+ }
+
+ try {
+ Certificate mendelsonCert = getCertificateFromStream(mendelsonCertAsStream);
+ chainAsList.add(mendelsonCert);
+
+ //private key
+ privateKey = getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+ } catch (IOException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. IO error when reading a byte array. " + e;
+ System.out.println(errMsg);
+ } catch (NoSuchAlgorithmException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. Requested algorithm isn't found. " + e;
+ System.out.println(errMsg);
+ } catch (CertificateException e) {
+ String errMsg = "Error while trying to load certificate to the keyload. There is a certificate problem. " + e;
+ System.out.println(errMsg);
+ } catch (InvalidKeySpecException e) {
+ String errMsg = "Can not init private key store " + e;
+ System.out.println(errMsg);
+ }
Review Comment:
fixed
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] davsclaus commented on pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "davsclaus (via GitHub)" <gi...@apache.org>.
davsclaus commented on PR #9939:
URL: https://github.com/apache/camel/pull/9939#issuecomment-1531429793
@orpiske LGTM
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [camel] orpiske merged pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
Posted by "orpiske (via GitHub)" <gi...@apache.org>.
orpiske merged PR #9939:
URL: https://github.com/apache/camel/pull/9939
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org