You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by "Stephen Gargan (JIRA)" <ji...@apache.org> on 2010/03/07 03:47:44 UTC
[jira] Created: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Addition of DSL to sign and verify exchanges with Digital signatures.
---------------------------------------------------------------------
Key: CAMEL-2527
URL: https://issues.apache.org/activemq/browse/CAMEL-2527
Project: Apache Camel
Issue Type: Improvement
Components: camel-core, camel-spring
Reporter: Stephen Gargan
Priority: Minor
Fix For: 2.3.0
Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
and later
from("direct:signaturetest").verify(somePublicKey).to(...);
Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
The patch contains a binary keystore so to apply it you should run
patch -p0 --binary -i signature-core.patch
Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58112#action_58112 ]
Claus Ibsen commented on CAMEL-2527:
------------------------------------
BTW There is also a ticket about a camel-bouncycastle component. Feel free to attack this one as well, now that you are on top of JCE, certificates and the likes :)
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: New Feature
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58106#action_58106 ]
Claus Ibsen commented on CAMEL-2527:
------------------------------------
And the getShortName is for a short name :)
+ public String getShortName() {
+ return format("verify with algorithm '%s' from provider '%s' from header '%s'", algorithm, provider, signatureHeaderName);
+ }
i.e. that above is more like a toString()
Also can you run the code with checkstyle to ensure it comply? More details here:
http://camel.apache.org/building.html
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Stephen Gargan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58108#action_58108 ]
Stephen Gargan commented on CAMEL-2527:
---------------------------------------
I'd a feeling that wasn't going to fly but I didn't want to add a dependency (e.g. commons-codec) particularly as this is in core. Its annoying that the JDK doesn't include standard Base64 utilities but Camel might benefit from its own. The question remains though should I Roll my own or fork one.
I'd much rather not re invent the wheel, as It would be difficult to make it any rounder than either of these :)
- http://iharder.sourceforge.net/current/java/base64/ (Public Domain)
- http://svn.apache.org/repos/asf/commons/proper/codec/trunk/src/java/org/apache/commons/codec/binary/ (Apache2)
This is not my call though. What do you prefer?
I'll make the other changes and resubmit a patch.
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: New Feature
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen updated CAMEL-2527:
-------------------------------
Issue Type: New Feature (was: Improvement)
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: New Feature
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Closed: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Stephen Gargan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stephen Gargan closed CAMEL-2527.
---------------------------------
Resolution: Fixed
I've backed out the DSL changed from core and have made endpoints for them as suggested. The new code will reside in camel-crypto (aka bouncycastle) component. I'm closing this one and will add the patches for the component to the bouncycastle feature ticket.
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: New Feature
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58111#action_58111 ]
Claus Ibsen commented on CAMEL-2527:
------------------------------------
I wonder if we should add this in the core and have DSL for it.
If it was a component you can use it from recipient list, routing slip and whatnot as its just an endpoint.
You can also more easily configure it as its just endpoint uris.
But of course DSL is also nice but we should also be a bit careful to not add to much in the DSL as there is many many methods already.
And if its a separate component you can leverage commons-codec to get hold of a BASE64.
Yeah I totally agree SUN has been lame not to provide such a feature out of the box.
Just as I wish they have added a cron like scheduler.
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: New Feature
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58164#action_58164 ]
Claus Ibsen commented on CAMEL-2527:
------------------------------------
I only think we can add to the DSL if its part of camel-core.
Also I would like if it was possible to use a common prefix for the 2 DSL methods so they are grouped together?
Something like:
- signatureSign
- signatureVerify
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: New Feature
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Stephen Gargan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stephen Gargan updated CAMEL-2527:
----------------------------------
Attachment: signature-wiki.txt
signature-spring.patch
signature-core.patch
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Claus Ibsen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58104#action_58104 ]
Claus Ibsen commented on CAMEL-2527:
------------------------------------
Stephen well done.
I got a few initial comments
We *must* not rely on any SUN code as Camel also supports IBM platforms etc.
eg this is not allowed
+import sun.misc.BASE64Encoder;
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: Improvement
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (CAMEL-2527) Addition of DSL to sign and verify
exchanges with Digital signatures.
Posted by "Stephen Gargan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/activemq/browse/CAMEL-2527?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=58118#action_58118 ]
Stephen Gargan commented on CAMEL-2527:
---------------------------------------
I've got a good bit of the crypto component put together. Its pretty much just a fancy DataFormat that does Symmetric encryption of the exchange payload. I need to put together the model object in core to support it and it should be good to go. An example or two wouldn't hurt either.
I agree that a signing component would also be nice and it should be very easy to put together on top of what is there. Do you feel the DSL is getting too overloaded? This really only adds Sign and verify methods to the ProcessorBuilder. You don't see any of their configuration DSL unless you use one of these so its not really that intrusive. A good ide with code completion takes all the pain out of using the DSL no matter how rich it is.
I really like how rich Camel's DSL is and am all for the richer the better, but will defer to your judgement. Whats your call?
> Addition of DSL to sign and verify exchanges with Digital signatures.
> ---------------------------------------------------------------------
>
> Key: CAMEL-2527
> URL: https://issues.apache.org/activemq/browse/CAMEL-2527
> Project: Apache Camel
> Issue Type: New Feature
> Components: camel-core, camel-spring
> Reporter: Stephen Gargan
> Priority: Minor
> Fix For: 2.3.0
>
> Attachments: signature-core.patch, signature-spring.patch, signature-wiki.txt
>
>
> I've put together and extension to the DSL that will enrich exchanges with a Digital Signature cacluated using the payload. The signature is stored in a property of the exchange and can be used to verify it at a later stage. It uses the JCE under the covers and It adds the constructs 'sign' and 'verify' to the dsl. Basically it will allows you to do the following
> from("direct:sign").sign(somePrivateKey).to("direct:signaturetest");
> and later
> from("direct:signaturetest").verify(somePublicKey).to(...);
> Keys can be supplied from keystores or in message headers for dynamic signing, the attached wiki page explains the feature set in more detail.
> The patch contains a binary keystore so to apply it you should run
> patch -p0 --binary -i signature-core.patch
> Give it a try and see what you think. I'm also in the processor finishing up a CryptoDataFormat that uses the JCE to encrypt and decrypt exchange payloads, its about 90% done and I should get it out soon.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.