You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by zr...@apache.org on 2018/08/22 10:55:34 UTC
[camel] branch master updated (ee8e617 -> 93cda6e)
This is an automated email from the ASF dual-hosted git repository.
zregvart pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git.
from ee8e617 Update TemporaryQueueReplyManager.java (#2490)
new 259b38a CAMEL-12748: add support for SSLContextParamete...
new 93cda6e CAMEL-12728: much better TLS/SSL configuration ...
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../apache/camel/component/rest/RestEndpoint.java | 8 +-
.../camel/spi/RestProducerFactoryHelper.java | 84 ++++++++++
.../camel/component/http4/HttpComponent.java | 7 +
.../camel/component/jetty/JettyHttpComponent.java | 6 +
.../src/main/docs/netty4-http-component.adoc | 11 +-
.../component/netty4/http/NettyHttpComponent.java | 10 ++
.../src/main/docs/netty4-component.adoc | 3 +-
.../camel/component/netty4/NettyComponent.java | 10 ++
.../src/main/docs/rest-swagger-component.adoc | 4 +-
.../rest/swagger/RestSwaggerComponent.java | 30 +++-
.../rest/swagger/RestSwaggerEndpoint.java | 30 +++-
.../camel/component/rest/swagger/HttpsTest.java | 176 +++++++++++++++++++++
.../rest/swagger/Jetty94ServerFactory.java | 75 +++++++++
.../rest/swagger/RestSwaggerDelegateHttpsTest.java | 41 +++++
.../rest/swagger/RestSwaggerGlobalHttpsTest.java | 33 ++++
.../src/test/resources/localhost.p12 | Bin 0 -> 2428 bytes
.../src/main/docs/restlet-component.adoc | 7 +-
.../camel/component/restlet/RestletComponent.java | 19 ++-
.../component/undertow/UndertowComponent.java | 6 +
.../NettyHttpComponentConfiguration.java | 13 ++
.../springboot/NettyComponentConfiguration.java | 13 ++
.../RestSwaggerComponentConfiguration.java | 27 ++++
.../springboot/RestletComponentConfiguration.java | 13 ++
23 files changed, 609 insertions(+), 17 deletions(-)
create mode 100644 camel-core/src/main/java/org/apache/camel/spi/RestProducerFactoryHelper.java
create mode 100644 components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/HttpsTest.java
create mode 100644 components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/Jetty94ServerFactory.java
create mode 100644 components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerDelegateHttpsTest.java
create mode 100644 components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerGlobalHttpsTest.java
create mode 100644 components/camel-rest-swagger/src/test/resources/localhost.p12
[camel] 01/02: CAMEL-12748: add support for SSLContextParamete...
Posted by zr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zregvart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 259b38a2c9caaf725ec0329808f16e12e9668297
Author: Zoran Regvart <zr...@apache.org>
AuthorDate: Wed Aug 22 12:52:42 2018 +0200
CAMEL-12748: add support for SSLContextParamete...
...rs in Netty4 and Restlet components
This adds support for setting `SSLContextParameters` directly on
`camel-netty4` (and by extension `camel-netty4-http`) and
`camel-restlet` components.
---
.../src/main/docs/netty4-http-component.adoc | 11 ++++++-----
components/camel-netty4/src/main/docs/netty4-component.adoc | 3 ++-
.../org/apache/camel/component/netty4/NettyComponent.java | 10 ++++++++++
.../camel-restlet/src/main/docs/restlet-component.adoc | 7 ++++---
.../apache/camel/component/restlet/RestletComponent.java | 13 ++++++++++++-
.../http/springboot/NettyHttpComponentConfiguration.java | 13 +++++++++++++
.../netty4/springboot/NettyComponentConfiguration.java | 13 +++++++++++++
.../restlet/springboot/RestletComponentConfiguration.java | 13 +++++++++++++
8 files changed, 73 insertions(+), 10 deletions(-)
diff --git a/components/camel-netty4-http/src/main/docs/netty4-http-component.adoc b/components/camel-netty4-http/src/main/docs/netty4-http-component.adoc
index c4455d7..551c438 100644
--- a/components/camel-netty4-http/src/main/docs/netty4-http-component.adoc
+++ b/components/camel-netty4-http/src/main/docs/netty4-http-component.adoc
@@ -76,7 +76,7 @@ related to UDP transport.
// component options: START
-The Netty4 HTTP component supports 8 options, which are listed below.
+The Netty4 HTTP component supports 9 options, which are listed below.
@@ -90,6 +90,7 @@ The Netty4 HTTP component supports 8 options, which are listed below.
| *useGlobalSslContext Parameters* (security) | Enable usage of global SSL context parameters. | false | boolean
| *maximumPoolSize* (advanced) | The thread pool size for the EventExecutorGroup if its in use. The default value is 16. | 16 | int
| *executorService* (advanced) | To use the given EventExecutorGroup. | | EventExecutorGroup
+| *sslContextParameters* (security) | To configure security using SSLContextParameters | | SSLContextParameters
| *resolveProperty Placeholders* (advanced) | Whether the component should resolve property placeholders on itself when starting. Only properties which are of String type can use property placeholders. | true | boolean
|===
// component options: END
@@ -135,7 +136,7 @@ with the following path and query parameters:
| *disconnect* (common) | Whether or not to disconnect(close) from Netty Channel right after use. Can be used for both consumer and producer. | false | boolean
| *keepAlive* (common) | Setting to ensure socket is not closed due to inactivity | true | boolean
| *reuseAddress* (common) | Setting to facilitate socket multiplexing | true | boolean
-| *reuseChannel* (common) | This option allows producers and consumers (in client mode) to reuse the same Netty Channel for the lifecycle of processing the Exchange. This is useful if you need to call a server multiple times in a Camel route and want to use the same network connection. When using this, the channel is not returned to the connection pool until the Exchange is done; or disconnected if the disconnect option is set to true. The reused Channel is stored on the Exchange as an e [...]
+| *reuseChannel* (common) | This option allows producers and consumers (in client mode) to reuse the same Netty Channel for the lifecycle of processing the Exchange. This is useful if you need to call a server multiple times in a Camel route and want to use the same network connection. When using this, the channel is not returned to the connection pool until the Exchange is done; or disconnected if the disconnect option is set to true. The reused Channel is stored on the Exchange as an e [...]
| *sync* (common) | Setting to set endpoint as one-way or request-response | true | boolean
| *tcpNoDelay* (common) | Setting to improve TCP protocol performance | true | boolean
| *bridgeErrorHandler* (consumer) | Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions occurred while the consumer is trying to pickup incoming messages, or the likes, will now be processed as a message and handled by the routing Error Handler. By default the consumer will use the org.apache.camel.spi.ExceptionHandler to deal with exceptions, that will be logged at WARN or ERROR level and ignored. | false | boolean
@@ -178,7 +179,7 @@ with the following path and query parameters:
| *bootstrapConfiguration* (advanced) | To use a custom configured NettyServerBootstrapConfiguration for configuring this endpoint. | | NettyServerBootstrap Configuration
| *channelGroup* (advanced) | To use a explicit ChannelGroup. | | ChannelGroup
| *configuration* (advanced) | To use a custom configured NettyHttpConfiguration for configuring this endpoint. | | NettyHttpConfiguration
-| *disableStreamCache* (advanced) | Determines whether or not the raw input stream from Netty HttpRequest#getContent() or HttpResponset#getContent() is cached or not (Camel will read the stream into a in light-weight memory based Stream caching) cache. By default Camel will cache the Netty input stream to support reading it multiple times to ensure it Camel can retrieve all data from the stream. However you can set this option to true when you for example need to access the raw stream, s [...]
+| *disableStreamCache* (advanced) | Determines whether or not the raw input stream from Netty HttpRequestgetContent() or HttpResponsetgetContent() is cached or not (Camel will read the stream into a in light-weight memory based Stream caching) cache. By default Camel will cache the Netty input stream to support reading it multiple times to ensure it Camel can retrieve all data from the stream. However you can set this option to true when you for example need to access the raw stream, suc [...]
| *headerFilterStrategy* (advanced) | To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter headers. | | HeaderFilterStrategy
| *nativeTransport* (advanced) | Whether to use native transport instead of NIO. Native transport takes advantage of the host operating system and is only supported on some platforms. You need to add the netty JAR for the host operating system you are using. See more details at: http://netty.io/wiki/native-transports.html | false | boolean
| *nettyHttpBinding* (advanced) | To use a custom org.apache.camel.component.netty4.http.NettyHttpBinding for binding to/from Netty and Camel Message API. | | NettyHttpBinding
@@ -192,9 +193,9 @@ with the following path and query parameters:
| *workerCount* (advanced) | When netty works on nio mode, it uses default workerCount parameter from Netty, which is cpu_core_threads x 2. User can use this operation to override the default workerCount from Netty. | | int
| *workerGroup* (advanced) | To use a explicit EventLoopGroup as the boss thread pool. For example to share a thread pool with multiple consumers or producers. By default each consumer or producer has their own worker pool with 2 x cpu count core threads. | | EventLoopGroup
| *decoder* (codec) | *Deprecated* To use a single decoder. This options is deprecated use encoders instead. | | ChannelHandler
-| *decoders* (codec) | A list of decoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with # so Camel knows it should lookup. | | String
+| *decoders* (codec) | A list of decoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with so Camel knows it should lookup. | | String
| *encoder* (codec) | *Deprecated* To use a single encoder. This options is deprecated use encoders instead. | | ChannelHandler
-| *encoders* (codec) | A list of encoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with # so Camel knows it should lookup. | | String
+| *encoders* (codec) | A list of encoders to be used. You can use a String which have values separated by comma, and have the values be looked up in the Registry. Just remember to prefix the value with so Camel knows it should lookup. | | String
| *enabledProtocols* (security) | Which protocols to enable when using SSL | TLSv1,TLSv1.1,TLSv1.2 | String
| *keyStoreFile* (security) | Client side certificate keystore to be used for encryption | | File
| *keyStoreFormat* (security) | Keystore format to be used for payload encryption. Defaults to JKS if not set | | String
diff --git a/components/camel-netty4/src/main/docs/netty4-component.adoc b/components/camel-netty4/src/main/docs/netty4-component.adoc
index a6755f1..ec349df 100644
--- a/components/camel-netty4/src/main/docs/netty4-component.adoc
+++ b/components/camel-netty4/src/main/docs/netty4-component.adoc
@@ -50,7 +50,7 @@ You can append query options to the URI in the following format,
=== Options
// component options: START
-The Netty4 component supports 5 options, which are listed below.
+The Netty4 component supports 6 options, which are listed below.
@@ -61,6 +61,7 @@ The Netty4 component supports 5 options, which are listed below.
| *configuration* (advanced) | To use the NettyConfiguration as configuration when creating endpoints. | | NettyConfiguration
| *executorService* (advanced) | To use the given EventExecutorGroup. | | EventExecutorGroup
| *useGlobalSslContext Parameters* (security) | Enable usage of global SSL context parameters. | false | boolean
+| *sslContextParameters* (security) | To configure security using SSLContextParameters | | SSLContextParameters
| *resolveProperty Placeholders* (advanced) | Whether the component should resolve property placeholders on itself when starting. Only properties which are of String type can use property placeholders. | true | boolean
|===
// component options: END
diff --git a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyComponent.java b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyComponent.java
index 676bfd2..a4a3169 100644
--- a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyComponent.java
+++ b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyComponent.java
@@ -31,6 +31,7 @@ import org.apache.camel.impl.UriEndpointComponent;
import org.apache.camel.spi.Metadata;
import org.apache.camel.util.IntrospectionSupport;
import org.apache.camel.util.concurrent.CamelThreadFactory;
+import org.apache.camel.util.jsse.SSLContextParameters;
public class NettyComponent extends UriEndpointComponent implements SSLContextParametersAware {
@@ -140,6 +141,15 @@ public class NettyComponent extends UriEndpointComponent implements SSLContextPa
this.useGlobalSslContextParameters = useGlobalSslContextParameters;
}
+ @Metadata(description = "To configure security using SSLContextParameters", label = "security")
+ public void setSslContextParameters(final SSLContextParameters sslContextParameters) {
+ if (configuration == null) {
+ configuration = new NettyConfiguration();
+ }
+
+ configuration.setSslContextParameters(sslContextParameters);
+ }
+
public EventExecutorGroup getExecutorService() {
return executorService;
}
diff --git a/components/camel-restlet/src/main/docs/restlet-component.adoc b/components/camel-restlet/src/main/docs/restlet-component.adoc
index dd3b9cc..6e77886 100644
--- a/components/camel-restlet/src/main/docs/restlet-component.adoc
+++ b/components/camel-restlet/src/main/docs/restlet-component.adoc
@@ -63,7 +63,7 @@ option.
// component options: START
-The Restlet component supports 22 options, which are listed below.
+The Restlet component supports 23 options, which are listed below.
@@ -84,13 +84,14 @@ The Restlet component supports 22 options, which are listed below.
| *pipeliningConnections* (consumer) | Indicates if pipelining connections are supported. | | Boolean
| *threadMaxIdleTimeMs* (consumer) | Time for an idle thread to wait for an operation before being collected. | | Integer
| *useForwardedForHeader* (consumer) | Lookup the X-Forwarded-For header supported by popular proxies and caches and uses it to populate the Request.getClientAddresses() method result. This information is only safe for intermediary components within your local network. Other addresses could easily be changed by setting a fake header and should not be trusted for serious security checks. | | Boolean
-| *reuseAddress* (consumer) | Enable/disable the SO_REUSEADDR socket option. See java.io.ServerSocket#reuseAddress property for additional details. | | Boolean
+| *reuseAddress* (consumer) | Enable/disable the SO_REUSEADDR socket option. See java.io.ServerSocketreuseAddress property for additional details. | | Boolean
| *maxQueued* (consumer) | Maximum number of calls that can be queued if there aren't any worker thread available to service them. If the value is '0', then no queue is used and calls are rejected if no worker thread is immediately available. If the value is '-1', then an unbounded queue is used and calls are never rejected. | | Integer
| *disableStreamCache* (consumer) | Determines whether or not the raw input stream from Restlet is cached or not (Camel will read the stream into a in memory/overflow to file, Stream caching) cache. By default Camel will cache the Restlet input stream to support reading it multiple times to ensure Camel can retrieve all data from the stream. However you can set this option to true when you for example need to access the raw stream, such as streaming it directly to a file or other persist [...]
| *port* (consumer) | To configure the port number for the restlet consumer routes. This allows to configure this once to reuse the same port for these consumers. | | int
| *synchronous* (producer) | Whether to use synchronous Restlet Client for the producer. Setting this option to true can yield faster performance as it seems the Restlet synchronous Client works better. | | Boolean
| *enabledConverters* (advanced) | A list of converters to enable as full class name or simple class name. All the converters automatically registered are enabled if empty or null | | List
| *useGlobalSslContext Parameters* (security) | Enable usage of global SSL context parameters. | false | boolean
+| *sslContextParameters* (security) | To configure security using SSLContextParameters | | SSLContextParameters
| *resolveProperty Placeholders* (advanced) | Whether the component should resolve property placeholders on itself when starting. Only properties which are of String type can use property placeholders. | true | boolean
|===
// component options: END
@@ -132,7 +133,7 @@ with the following path and query parameters:
| *disableStreamCache* (consumer) | Determines whether or not the raw input stream from Restlet is cached or not (Camel will read the stream into a in memory/overflow to file, Stream caching) cache. By default Camel will cache the Restlet input stream to support reading it multiple times to ensure Camel can retrieve all data from the stream. However you can set this option to true when you for example need to access the raw stream, such as streaming it directly to a file or other persist [...]
| *exceptionHandler* (consumer) | To let the consumer use a custom ExceptionHandler. Notice if the option bridgeErrorHandler is enabled then this options is not in use. By default the consumer will deal with exceptions, that will be logged at WARN or ERROR level and ignored. | | ExceptionHandler
| *exchangePattern* (consumer) | Sets the exchange pattern when the consumer creates an exchange. | | ExchangePattern
-| *restletUriPatterns* (consumer) | *Deprecated* Specify one ore more URI templates to be serviced by a restlet consumer endpoint, using the # notation to reference a List in the Camel Registry. If a URI pattern has been defined in the endpoint URI, both the URI pattern defined in the endpoint and the restletUriPatterns option will be honored. | | List
+| *restletUriPatterns* (consumer) | *Deprecated* Specify one ore more URI templates to be serviced by a restlet consumer endpoint, using the notation to reference a List in the Camel Registry. If a URI pattern has been defined in the endpoint URI, both the URI pattern defined in the endpoint and the restletUriPatterns option will be honored. | | List
| *connectTimeout* (producer) | The Client will give up connection if the connection is timeout, 0 for unlimited wait. | 30000 | int
| *cookieHandler* (producer) | Configure a cookie handler to maintain a HTTP session | | CookieHandler
| *socketTimeout* (producer) | The Client socket receive timeout, 0 for unlimited wait. | 30000 | int
diff --git a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
index 68585e7..15752f9 100644
--- a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
+++ b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
@@ -45,6 +45,7 @@ import org.apache.camel.util.HostUtils;
import org.apache.camel.util.ObjectHelper;
import org.apache.camel.util.ServiceHelper;
import org.apache.camel.util.URISupport;
+import org.apache.camel.util.jsse.SSLContextParameters;
import org.restlet.Component;
import org.restlet.Restlet;
import org.restlet.data.ChallengeScheme;
@@ -111,6 +112,7 @@ public class RestletComponent extends DefaultComponent implements RestConsumerFa
private boolean useGlobalSslContextParameters;
@Metadata(label = "filter", description = "To use a custom org.apache.camel.spi.HeaderFilterStrategy to filter header to and from Camel message.")
private HeaderFilterStrategy headerFilterStrategy;
+ private SSLContextParameters sslContextParameters;
public RestletComponent() {
this(new Component());
@@ -190,7 +192,11 @@ public class RestletComponent extends DefaultComponent implements RestConsumerFa
}
if (result.getSslContextParameters() == null) {
- result.setSslContextParameters(retrieveGlobalSslContextParameters());
+ if (sslContextParameters == null) {
+ result.setSslContextParameters(retrieveGlobalSslContextParameters());
+ } else {
+ result.setSslContextParameters(sslContextParameters);
+ }
}
// any additional query parameters from parameters then we need to include them as well
@@ -697,6 +703,11 @@ public class RestletComponent extends DefaultComponent implements RestConsumerFa
this.useGlobalSslContextParameters = useGlobalSslContextParameters;
}
+ @Metadata(description = "To configure security using SSLContextParameters", label = "security")
+ public void setSslContextParameters(final SSLContextParameters sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
@Override
public Consumer createConsumer(CamelContext camelContext, Processor processor, String verb, String basePath, String uriTemplate,
String consumes, String produces, RestConfiguration configuration, Map<String, Object> parameters) throws Exception {
diff --git a/platforms/spring-boot/components-starter/camel-netty4-http-starter/src/main/java/org/apache/camel/component/netty4/http/springboot/NettyHttpComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-netty4-http-starter/src/main/java/org/apache/camel/component/netty4/http/springboot/NettyHttpComponentConfiguration.java
index 37d83b1..beb8a87 100644
--- a/platforms/spring-boot/components-starter/camel-netty4-http-starter/src/main/java/org/apache/camel/component/netty4/http/springboot/NettyHttpComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-netty4-http-starter/src/main/java/org/apache/camel/component/netty4/http/springboot/NettyHttpComponentConfiguration.java
@@ -75,6 +75,11 @@ public class NettyHttpComponentConfiguration
*/
private String executorService;
/**
+ * To configure security using SSLContextParameters. The option is a
+ * org.apache.camel.util.jsse.SSLContextParameters type.
+ */
+ private String sslContextParameters;
+ /**
* Whether the component should resolve property placeholders on itself when
* starting. Only properties which are of String type can use property
* placeholders.
@@ -140,6 +145,14 @@ public class NettyHttpComponentConfiguration
this.executorService = executorService;
}
+ public String getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ public void setSslContextParameters(String sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
public Boolean getResolvePropertyPlaceholders() {
return resolvePropertyPlaceholders;
}
diff --git a/platforms/spring-boot/components-starter/camel-netty4-starter/src/main/java/org/apache/camel/component/netty4/springboot/NettyComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-netty4-starter/src/main/java/org/apache/camel/component/netty4/springboot/NettyComponentConfiguration.java
index baf14e5..d629448 100644
--- a/platforms/spring-boot/components-starter/camel-netty4-starter/src/main/java/org/apache/camel/component/netty4/springboot/NettyComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-netty4-starter/src/main/java/org/apache/camel/component/netty4/springboot/NettyComponentConfiguration.java
@@ -71,6 +71,11 @@ public class NettyComponentConfiguration
*/
private Boolean useGlobalSslContextParameters = false;
/**
+ * To configure security using SSLContextParameters. The option is a
+ * org.apache.camel.util.jsse.SSLContextParameters type.
+ */
+ private String sslContextParameters;
+ /**
* Whether the component should resolve property placeholders on itself when
* starting. Only properties which are of String type can use property
* placeholders.
@@ -111,6 +116,14 @@ public class NettyComponentConfiguration
this.useGlobalSslContextParameters = useGlobalSslContextParameters;
}
+ public String getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ public void setSslContextParameters(String sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
public Boolean getResolvePropertyPlaceholders() {
return resolvePropertyPlaceholders;
}
diff --git a/platforms/spring-boot/components-starter/camel-restlet-starter/src/main/java/org/apache/camel/component/restlet/springboot/RestletComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-restlet-starter/src/main/java/org/apache/camel/component/restlet/springboot/RestletComponentConfiguration.java
index 97424e1..7a2a759 100644
--- a/platforms/spring-boot/components-starter/camel-restlet-starter/src/main/java/org/apache/camel/component/restlet/springboot/RestletComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-restlet-starter/src/main/java/org/apache/camel/component/restlet/springboot/RestletComponentConfiguration.java
@@ -147,6 +147,11 @@ public class RestletComponentConfiguration
*/
private Boolean useGlobalSslContextParameters = false;
/**
+ * To configure security using SSLContextParameters. The option is a
+ * org.apache.camel.util.jsse.SSLContextParameters type.
+ */
+ private String sslContextParameters;
+ /**
* Whether the component should resolve property placeholders on itself when
* starting. Only properties which are of String type can use property
* placeholders.
@@ -322,6 +327,14 @@ public class RestletComponentConfiguration
this.useGlobalSslContextParameters = useGlobalSslContextParameters;
}
+ public String getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ public void setSslContextParameters(String sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
public Boolean getResolvePropertyPlaceholders() {
return resolvePropertyPlaceholders;
}
[camel] 02/02: CAMEL-12728: much better TLS/SSL configuration ...
Posted by zr...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
zregvart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 93cda6ebc3416f0d24359da882ce7bb99dc087d4
Author: Zoran Regvart <zr...@apache.org>
AuthorDate: Wed Aug 22 12:11:51 2018 +0200
CAMEL-12728: much better TLS/SSL configuration ...
...in `camel-rest-swagger`
Setting up TLS/SSL settings in `camel-rest-swagger` was limited to the
delegate component being configured and present in the context. This
adds support for setting TLS/SSL configuration via Camel's standard
`SSLContextParameters` and `useGlobalSslContextParameters` flag used in
many components that deal with TLS/SSL.
In addition to that, this adds a new parameter considered in the
`RestProducerFactory` SPI: now parameters that need to be applied to the
delegate component can be specified in the `component` key of the
parameter Map. Those properties will be only considered if the component
is not already present in the Camel context. That is, if the
`CamelContext::getEndpoint` would have the side effect of creating the
delegate component and adding it to the Camel context. Now that
component can be customized with properties from the `component`
parameters Map.
---
.../apache/camel/component/rest/RestEndpoint.java | 8 +-
.../camel/spi/RestProducerFactoryHelper.java | 84 ++++++++++
.../camel/component/http4/HttpComponent.java | 7 +
.../camel/component/jetty/JettyHttpComponent.java | 6 +
.../component/netty4/http/NettyHttpComponent.java | 10 ++
.../src/main/docs/rest-swagger-component.adoc | 4 +-
.../rest/swagger/RestSwaggerComponent.java | 30 +++-
.../rest/swagger/RestSwaggerEndpoint.java | 30 +++-
.../camel/component/rest/swagger/HttpsTest.java | 176 +++++++++++++++++++++
.../rest/swagger/Jetty94ServerFactory.java | 75 +++++++++
.../rest/swagger/RestSwaggerDelegateHttpsTest.java | 41 +++++
.../rest/swagger/RestSwaggerGlobalHttpsTest.java | 33 ++++
.../src/test/resources/localhost.p12 | Bin 0 -> 2428 bytes
.../camel/component/restlet/RestletComponent.java | 6 +
.../component/undertow/UndertowComponent.java | 6 +
.../RestSwaggerComponentConfiguration.java | 27 ++++
16 files changed, 536 insertions(+), 7 deletions(-)
diff --git a/camel-core/src/main/java/org/apache/camel/component/rest/RestEndpoint.java b/camel-core/src/main/java/org/apache/camel/component/rest/RestEndpoint.java
index 70c6e85..bbbf937 100644
--- a/camel-core/src/main/java/org/apache/camel/component/rest/RestEndpoint.java
+++ b/camel-core/src/main/java/org/apache/camel/component/rest/RestEndpoint.java
@@ -41,6 +41,8 @@ import org.apache.camel.util.ObjectHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import static org.apache.camel.spi.RestProducerFactoryHelper.setupComponent;
+
/**
* The rest component is used for either hosting REST services (consumer) or calling external REST services (producer).
*/
@@ -301,7 +303,7 @@ public class RestEndpoint extends DefaultEndpoint {
if (comp instanceof RestProducerFactory) {
factory = (RestProducerFactory) comp;
} else {
- comp = getCamelContext().getComponent(getComponentName());
+ comp = setupComponent(getComponentName(), getCamelContext(), (Map<String, Object>) parameters.get("component"));
if (comp instanceof RestProducerFactory) {
factory = (RestProducerFactory) comp;
}
@@ -320,7 +322,7 @@ public class RestEndpoint extends DefaultEndpoint {
// try all components
if (factory == null) {
for (String name : getCamelContext().getComponentNames()) {
- Component comp = getCamelContext().getComponent(name);
+ Component comp = setupComponent(getComponentName(), getCamelContext(), (Map<String, Object>) parameters.get("component"));
if (comp instanceof RestProducerFactory) {
factory = (RestProducerFactory) comp;
cname = name;
@@ -345,7 +347,7 @@ public class RestEndpoint extends DefaultEndpoint {
RestProducerFactory found = null;
String foundName = null;
for (String name : DEFAULT_REST_PRODUCER_COMPONENTS) {
- Object comp = getCamelContext().getComponent(name, true);
+ Object comp = setupComponent(getComponentName(), getCamelContext(), (Map<String, Object>) parameters.get("component"));
if (comp instanceof RestProducerFactory) {
if (found == null) {
found = (RestProducerFactory) comp;
diff --git a/camel-core/src/main/java/org/apache/camel/spi/RestProducerFactoryHelper.java b/camel-core/src/main/java/org/apache/camel/spi/RestProducerFactoryHelper.java
new file mode 100644
index 0000000..400d687
--- /dev/null
+++ b/camel-core/src/main/java/org/apache/camel/spi/RestProducerFactoryHelper.java
@@ -0,0 +1,84 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.spi;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Component;
+import org.apache.camel.util.IntrospectionSupport;
+import org.apache.camel.util.ServiceHelper;
+import org.apache.camel.util.StringHelper;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Helper for creating configured {@link Component}s used by the
+ * {@link RestProducerFactory} contract.
+ *
+ * When {@link RestProducerFactory} contract is used it could instantiate, start
+ * and register the underlying component. During this process we have no way of
+ * configuring component properties, most notably the SSL properties.
+ */
+public final class RestProducerFactoryHelper {
+
+ private static final Logger LOG = LoggerFactory.getLogger(RestProducerFactoryHelper.class);
+
+ private RestProducerFactoryHelper() {
+ // helper class
+ }
+
+ public static void setupComponentFor(final String url, final CamelContext camelContext,
+ final Map<String, Object> componentProperties) throws Exception {
+ final String scheme = StringHelper.before(url, ":");
+
+ setupComponent(scheme, camelContext, componentProperties);
+ }
+
+ public static Component setupComponent(final String componentName, final CamelContext camelContext,
+ final Map<String, Object> componentProperties) throws Exception {
+ if (componentProperties == null || componentProperties.isEmpty()) {
+ return camelContext.getComponent(componentName);
+ }
+
+ final Component existing = camelContext.getComponent(componentName, false, false);
+ if (existing != null) {
+ if (!componentProperties.isEmpty()) {
+ LOG.warn(
+ "Found existing `{}` component already present in the Camel context. Not setting component"
+ + " properties on the existing component. You can either prevent the component creation or"
+ + " set the given properties on the component. Component properties given: {}",
+ componentName, componentProperties);
+ }
+
+ return existing;
+ }
+
+ // component was not added to the context we can configure it
+ final Component newlyCreated = camelContext.getComponent(componentName, true, false);
+ // need to make a copy of the component properties as
+ // IntrospectionSupport::setProperties will remove any that are set and
+ // we might be called multiple times
+ final Map<String, Object> copyOfComponentProperties = new HashMap<>(componentProperties);
+ IntrospectionSupport.setProperties(camelContext, camelContext.getTypeConverter(), newlyCreated,
+ copyOfComponentProperties);
+ ServiceHelper.startService(newlyCreated);
+
+ return newlyCreated;
+ }
+}
diff --git a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java
index 7444681..a4e243c 100644
--- a/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java
+++ b/components/camel-http4/src/main/java/org/apache/camel/component/http4/HttpComponent.java
@@ -42,6 +42,7 @@ import org.apache.camel.spi.HeaderFilterStrategy;
import org.apache.camel.spi.Metadata;
import org.apache.camel.spi.RestConfiguration;
import org.apache.camel.spi.RestProducerFactory;
+import org.apache.camel.spi.RestProducerFactoryHelper;
import org.apache.camel.util.FileUtil;
import org.apache.camel.util.IntrospectionSupport;
import org.apache.camel.util.ObjectHelper;
@@ -453,6 +454,12 @@ public class HttpComponent extends HttpCommonComponent implements RestProducerFa
if (!query.isEmpty()) {
url = url + "?" + query;
}
+
+ // there are cases where we might end up here without component being created beforehand
+ // we need to abide by the component properties specified in the parameters when creating
+ // the component, one such case is when we switch from "http4" to "https4" component name
+ RestProducerFactoryHelper.setupComponentFor(url, camelContext, (Map<String, Object>) parameters.get("component"));
+
HttpEndpoint endpoint = camelContext.getEndpoint(url, HttpEndpoint.class);
if (parameters != null && !parameters.isEmpty()) {
setProperties(camelContext, endpoint, parameters);
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
index d20b1332..47018f2 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
@@ -60,6 +60,7 @@ import org.apache.camel.spi.RestApiConsumerFactory;
import org.apache.camel.spi.RestConfiguration;
import org.apache.camel.spi.RestConsumerFactory;
import org.apache.camel.spi.RestProducerFactory;
+import org.apache.camel.spi.RestProducerFactoryHelper;
import org.apache.camel.util.FileUtil;
import org.apache.camel.util.HostUtils;
import org.apache.camel.util.IntrospectionSupport;
@@ -1274,6 +1275,11 @@ public abstract class JettyHttpComponent extends HttpCommonComponent implements
url = url + "?" + query;
}
+ // there are cases where we might end up here without component being created beforehand
+ // we need to abide by the component properties specified in the parameters when creating
+ // the component
+ RestProducerFactoryHelper.setupComponentFor(url, camelContext, (Map<String, Object>) parameters.get("component"));
+
JettyHttpEndpoint endpoint = camelContext.getEndpoint(url, JettyHttpEndpoint.class);
if (parameters != null && !parameters.isEmpty()) {
setProperties(camelContext, endpoint, parameters);
diff --git a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/NettyHttpComponent.java b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/NettyHttpComponent.java
index bcac251..aa076d8 100644
--- a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/NettyHttpComponent.java
+++ b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/NettyHttpComponent.java
@@ -38,6 +38,7 @@ import org.apache.camel.spi.RestApiConsumerFactory;
import org.apache.camel.spi.RestConfiguration;
import org.apache.camel.spi.RestConsumerFactory;
import org.apache.camel.spi.RestProducerFactory;
+import org.apache.camel.spi.RestProducerFactoryHelper;
import org.apache.camel.util.FileUtil;
import org.apache.camel.util.HostUtils;
import org.apache.camel.util.IntrospectionSupport;
@@ -445,12 +446,21 @@ public class NettyHttpComponent extends NettyComponent implements HeaderFilterSt
}
}
+ if (host.startsWith("https:")) {
+ map.put("ssl", true);
+ }
+
// get the endpoint
String query = URISupport.createQueryString(map);
if (!query.isEmpty()) {
url = url + "?" + query;
}
+ // there are cases where we might end up here without component being created beforehand
+ // we need to abide by the component properties specified in the parameters when creating
+ // the component
+ RestProducerFactoryHelper.setupComponentFor(url, camelContext, (Map<String, Object>) parameters.get("component"));
+
NettyHttpEndpoint endpoint = camelContext.getEndpoint(url, NettyHttpEndpoint.class);
if (parameters != null && !parameters.isEmpty()) {
setProperties(camelContext, endpoint, parameters);
diff --git a/components/camel-rest-swagger/src/main/docs/rest-swagger-component.adoc b/components/camel-rest-swagger/src/main/docs/rest-swagger-component.adoc
index 75e736b..b5a04e8 100644
--- a/components/camel-rest-swagger/src/main/docs/rest-swagger-component.adoc
+++ b/components/camel-rest-swagger/src/main/docs/rest-swagger-component.adoc
@@ -84,7 +84,7 @@ in path such as `/api/{version}/users/{id}`.
### Options
// component options: START
-The REST Swagger component supports 7 options, which are listed below.
+The REST Swagger component supports 9 options, which are listed below.
@@ -97,6 +97,8 @@ The REST Swagger component supports 7 options, which are listed below.
| *host* (producer) | Scheme hostname and port to direct the HTTP requests to in the form of https://hostname:port. Can be configured at the endpoint, component or in the correspoding REST configuration in the Camel Context. If you give this component a name (e.g. petstore) that REST configuration is consulted first, rest-swagger next, and global configuration last. If set overrides any value found in the Swagger specification, RestConfiguration. Can be overriden in endpoint configuratio [...]
| *produces* (producer) | What payload type this component is producing. For example application/json according to the RFC7231. This equates to the value of Content-Type HTTP header. If set overrides any value present in the Swagger specification. Can be overriden in endpoint configuration. | | String
| *specificationUri* (producer) | Path to the Swagger specification file. The scheme, host base path are taken from this specification, but these can be overriden with properties on the component or endpoint level. If not given the component tries to load swagger.json resource. Note that the host defined on the component and endpoint of this Component should contain the scheme, hostname and optionally the port in the URI syntax (i.e. https://api.example.com:8080). Can be overriden in end [...]
+| *sslContextParameters* (security) | Customize TLS parameters used by the component. If not set defaults to the TLS parameters set in the Camel context | | SSLContextParameters
+| *useGlobalSslContext Parameters* (security) | Enable usage of global SSL context parameters. | false | boolean
| *resolveProperty Placeholders* (advanced) | Whether the component should resolve property placeholders on itself when starting. Only properties which are of String type can use property placeholders. | true | boolean
|===
// component options: END
diff --git a/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerComponent.java b/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerComponent.java
index 9442fd2..89a5e1e 100644
--- a/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerComponent.java
+++ b/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerComponent.java
@@ -21,9 +21,11 @@ import java.util.Map;
import org.apache.camel.CamelContext;
import org.apache.camel.Endpoint;
+import org.apache.camel.SSLContextParametersAware;
import org.apache.camel.impl.DefaultComponent;
import org.apache.camel.spi.Metadata;
import org.apache.camel.spi.RestProducerFactory;
+import org.apache.camel.util.jsse.SSLContextParameters;
import static org.apache.camel.component.rest.swagger.RestSwaggerHelper.isHostParam;
import static org.apache.camel.component.rest.swagger.RestSwaggerHelper.isMediaRange;
@@ -74,7 +76,7 @@ import static org.apache.camel.util.StringHelper.notEmpty;
* from(...).to("petstore:getPetById")
* </pre>
*/
-public final class RestSwaggerComponent extends DefaultComponent {
+public final class RestSwaggerComponent extends DefaultComponent implements SSLContextParametersAware {
public static final String DEFAULT_BASE_PATH = "/";
static final URI DEFAULT_SPECIFICATION_URI = URI.create(RestSwaggerComponent.DEFAULT_SPECIFICATION_URI_STR);
@@ -123,6 +125,14 @@ public final class RestSwaggerComponent extends DefaultComponent {
+ " configuration.", defaultValue = DEFAULT_SPECIFICATION_URI_STR, label = "producer", required = "false")
private URI specificationUri;
+ @Metadata(description = "Customize TLS parameters used by the component. If not set defaults to the TLS parameters"
+ + " set in the Camel context ", label = "security", required = "false")
+ private SSLContextParameters sslContextParameters;
+
+ @Metadata(description = "Enable usage of global SSL context parameters.", label = "security",
+ defaultValue = "false")
+ private boolean useGlobalSslContextParameters;
+
public RestSwaggerComponent() {
}
@@ -154,6 +164,15 @@ public final class RestSwaggerComponent extends DefaultComponent {
return specificationUri;
}
+ public SSLContextParameters getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ @Override
+ public boolean isUseGlobalSslContextParameters() {
+ return useGlobalSslContextParameters;
+ }
+
public void setBasePath(final String basePath) {
this.basePath = notEmpty(basePath, "basePath");
}
@@ -178,6 +197,15 @@ public final class RestSwaggerComponent extends DefaultComponent {
this.specificationUri = notNull(specificationUri, "specificationUri");
}
+ public void setSslContextParameters(final SSLContextParameters sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
+ @Override
+ public void setUseGlobalSslContextParameters(final boolean useGlobalSslContextParameters) {
+ this.useGlobalSslContextParameters = useGlobalSslContextParameters;
+ }
+
@Override
protected Endpoint createEndpoint(final String uri, final String remaining, final Map<String, Object> parameters)
throws Exception {
diff --git a/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerEndpoint.java b/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerEndpoint.java
index 20b3df0..93ff96e 100644
--- a/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerEndpoint.java
+++ b/components/camel-rest-swagger/src/main/java/org/apache/camel/component/rest/swagger/RestSwaggerEndpoint.java
@@ -59,6 +59,8 @@ import org.apache.camel.util.ObjectHelper;
import org.apache.camel.util.ResourceHelper;
import org.apache.camel.util.StringHelper;
import org.apache.camel.util.UnsafeUriCharactersEncoder;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import static org.apache.camel.component.rest.swagger.RestSwaggerHelper.isHostParam;
import static org.apache.camel.component.rest.swagger.RestSwaggerHelper.isMediaRange;
@@ -75,6 +77,8 @@ import static org.apache.camel.util.StringHelper.notEmpty;
syntax = "rest-swagger:specificationUri#operationId", label = "rest,swagger,http", producerOnly = true)
public final class RestSwaggerEndpoint extends DefaultEndpoint {
+ private static final Logger LOG = LoggerFactory.getLogger(RestSwaggerEndpoint.class);
+
/**
* Remaining parameters specified in the Endpoint URI.
*/
@@ -329,10 +333,12 @@ public final class RestSwaggerEndpoint extends DefaultEndpoint {
parameters.put("host", host);
}
+ final RestSwaggerComponent component = component();
+
// what we consume is what the API defined by Swagger specification
// produces
final String determinedConsumes = determineOption(swagger.getProduces(), operation.getProduces(),
- component().getConsumes(), consumes);
+ component.getConsumes(), consumes);
if (isNotEmpty(determinedConsumes)) {
parameters.put("consumes", determinedConsumes);
@@ -341,7 +347,7 @@ public final class RestSwaggerEndpoint extends DefaultEndpoint {
// what we produce is what the API defined by Swagger specification
// consumes
final String determinedProducers = determineOption(swagger.getConsumes(), operation.getConsumes(),
- component().getProduces(), produces);
+ component.getProduces(), produces);
if (isNotEmpty(determinedProducers)) {
parameters.put("produces", determinedProducers);
@@ -353,6 +359,26 @@ public final class RestSwaggerEndpoint extends DefaultEndpoint {
parameters.put("queryParameters", queryParameters);
}
+ // pass properties that might be applied if the delegate component is created, i.e. if it's not
+ // present in the Camel Context already
+ final Map<String, Object> componentParameters = new HashMap<>();
+
+ if (component.isUseGlobalSslContextParameters()) {
+ // by default it's false
+ componentParameters.put("useGlobalSslContextParameters", component.isUseGlobalSslContextParameters());
+ }
+ if (component.getSslContextParameters() != null) {
+ componentParameters.put("sslContextParameters", component.getSslContextParameters());
+ }
+
+ if (!componentParameters.isEmpty()) {
+ final Map<Object, Object> nestedParameters = new HashMap<>();
+ nestedParameters.put("component", componentParameters);
+
+ // we're trying to set RestEndpoint.parameters['component']
+ parameters.put("parameters", nestedParameters);
+ }
+
return parameters;
}
diff --git a/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/HttpsTest.java b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/HttpsTest.java
new file mode 100644
index 0000000..6bf472d
--- /dev/null
+++ b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/HttpsTest.java
@@ -0,0 +1,176 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.rest.swagger;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.URISyntaxException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.List;
+
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+
+import com.github.tomakehurst.wiremock.common.HttpsSettings;
+import com.github.tomakehurst.wiremock.junit.WireMockRule;
+import com.google.common.io.Resources;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.RoutesBuilder;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.rest.RestEndpoint;
+import org.apache.camel.converter.jaxb.JaxbDataFormat;
+import org.apache.camel.test.junit4.CamelTestSupport;
+import org.apache.camel.util.jsse.CipherSuitesParameters;
+import org.apache.camel.util.jsse.SSLContextParameters;
+import org.apache.camel.util.jsse.TrustManagersParameters;
+import org.eclipse.jetty.util.resource.Resource;
+import org.eclipse.jetty.util.security.CertificateUtils;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.ClassRule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+import org.junit.runners.Parameterized.Parameter;
+import org.junit.runners.Parameterized.Parameters;
+
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.equalTo;
+import static com.github.tomakehurst.wiremock.client.WireMock.get;
+import static com.github.tomakehurst.wiremock.client.WireMock.getRequestedFor;
+import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
+import static com.github.tomakehurst.wiremock.core.WireMockConfiguration.wireMockConfig;
+
+@RunWith(Parameterized.class)
+public abstract class HttpsTest extends CamelTestSupport {
+
+ @ClassRule
+ public static WireMockRule petstore = new WireMockRule(
+ wireMockConfig().httpServerFactory(new Jetty94ServerFactory()).containerThreads(13).dynamicPort()
+ .dynamicHttpsPort().keystorePath(Resources.getResource("localhost.p12").toString()).keystoreType("PKCS12")
+ .keystorePassword("password"));
+
+ static final Object NO_BODY = null;
+
+ @Parameter
+ public String componentName;
+
+ @Before
+ public void resetWireMock() {
+ petstore.resetRequests();
+ }
+
+ @Test
+ public void shouldBeConfiguredForHttps() throws Exception {
+ final Pet pet = template.requestBodyAndHeader("direct:getPetById", NO_BODY, "petId", 14, Pet.class);
+
+ assertNotNull(pet);
+
+ assertEquals(Integer.valueOf(14), pet.id);
+ assertEquals("Olafur Eliason Arnalds", pet.name);
+
+ petstore.verify(getRequestedFor(urlEqualTo("/v2/pet/14")).withHeader("Accept",
+ equalTo("application/xml, application/json")));
+ }
+
+ @Override
+ protected CamelContext createCamelContext() throws Exception {
+ final CamelContext camelContext = super.createCamelContext();
+
+ final RestSwaggerComponent component = new RestSwaggerComponent();
+ component.setComponentName(componentName);
+ component.setHost("https://localhost:" + petstore.httpsPort());
+
+ camelContext.addComponent("petStore", component);
+
+ return camelContext;
+ }
+
+ @Override
+ protected RoutesBuilder createRouteBuilder() throws Exception {
+ return new RouteBuilder() {
+ @Override
+ public void configure() throws Exception {
+ final JAXBContext jaxbContext = JAXBContext.newInstance(Pet.class, Pets.class);
+
+ final JaxbDataFormat jaxb = new JaxbDataFormat(jaxbContext);
+
+ jaxb.setJaxbProviderProperties(Collections.singletonMap(Marshaller.JAXB_FORMATTED_OUTPUT, false));
+
+ from("direct:getPetById").to("petStore:getPetById").unmarshal(jaxb);
+ }
+ };
+ }
+
+ @Parameters(name = "component = {0}")
+ public static Iterable<String> knownProducers() {
+ final List<String> producers = new ArrayList<>(Arrays.asList(RestEndpoint.DEFAULT_REST_PRODUCER_COMPONENTS));
+
+ // we cannot support SSL in the `http` component as it needs to be
+ // configured via static helper method and this influences all users of
+ // the commons-httpclient (all endpoints, component instances)
+ producers.remove("http");
+
+ // `http4` component transforms the endpoint uri from `http4://` to
+ // `https4://` we need to accommodate for that otherwise we'll end up
+ // configuring the wrong component's properties in
+ // RestSwaggerDelegateHttpsTest
+ producers.replaceAll(c -> "http4".equals(c) ? "https4" : c);
+
+ return producers;
+ }
+
+ @BeforeClass
+ public static void setupStubs() throws IOException, URISyntaxException {
+ petstore.stubFor(get(urlEqualTo("/swagger.json")).willReturn(aResponse().withBody(
+ Files.readAllBytes(Paths.get(RestSwaggerGlobalHttpsTest.class.getResource("/swagger.json").toURI())))));
+
+ petstore.stubFor(
+ get(urlEqualTo("/v2/pet/14")).willReturn(aResponse().withStatus(HttpURLConnection.HTTP_OK).withBody(
+ "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?><Pet><id>14</id><name>Olafur Eliason Arnalds</name></Pet>")));
+ }
+
+ static SSLContextParameters createHttpsParameters(final CamelContext camelContext) throws Exception {
+ final TrustManagersParameters trustManagerParameters = new TrustManagersParameters();
+ trustManagerParameters.setCamelContext(camelContext);
+ final TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("PKIX");
+ final HttpsSettings httpsSettings = petstore.getOptions().httpsSettings();
+ final KeyStore trustStore = CertificateUtils.getKeyStore(Resource.newResource(httpsSettings.keyStorePath()),
+ httpsSettings.keyStoreType(), null, httpsSettings.keyStorePassword());
+ trustManagerFactory.init(trustStore);
+ final TrustManager trustManager = trustManagerFactory.getTrustManagers()[0];
+ trustManagerParameters.setTrustManager(trustManager);
+
+ final SSLContextParameters sslContextParameters = new SSLContextParameters();
+ sslContextParameters.setCamelContext(camelContext);
+ sslContextParameters.setTrustManagers(trustManagerParameters);
+ final CipherSuitesParameters cipherSuites = new CipherSuitesParameters();
+ cipherSuites.setCipherSuite(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA256"));
+ sslContextParameters.setCipherSuites(cipherSuites);
+ sslContextParameters.setSecureSocketProtocol("TLSv1.2");
+ return sslContextParameters;
+ }
+
+}
diff --git a/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/Jetty94ServerFactory.java b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/Jetty94ServerFactory.java
new file mode 100644
index 0000000..3791706
--- /dev/null
+++ b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/Jetty94ServerFactory.java
@@ -0,0 +1,75 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.rest.swagger;
+
+import com.github.tomakehurst.wiremock.common.HttpsSettings;
+import com.github.tomakehurst.wiremock.common.JettySettings;
+import com.github.tomakehurst.wiremock.core.Options;
+import com.github.tomakehurst.wiremock.http.AdminRequestHandler;
+import com.github.tomakehurst.wiremock.http.HttpServer;
+import com.github.tomakehurst.wiremock.http.StubRequestHandler;
+import com.github.tomakehurst.wiremock.jetty9.JettyHttpServer;
+import com.github.tomakehurst.wiremock.jetty9.JettyHttpServerFactory;
+
+import org.eclipse.jetty.io.NetworkTrafficListener;
+import org.eclipse.jetty.server.HttpConfiguration;
+import org.eclipse.jetty.server.HttpConnectionFactory;
+import org.eclipse.jetty.server.SecureRequestCustomizer;
+import org.eclipse.jetty.server.ServerConnector;
+import org.eclipse.jetty.server.SslConnectionFactory;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
+
+/**
+ * Wiremock 2.18.0 ships with Jetty 9.2, Camel (currently) uses 9.4 and the
+ * {@link org.eclipse.jetty.util.ssl.SslContextFactory} removed
+ * {@code selectCipherSuites} method.
+ */
+public final class Jetty94ServerFactory extends JettyHttpServerFactory {
+ @Override
+ public HttpServer buildHttpServer(final Options options, final AdminRequestHandler adminRequestHandler,
+ final StubRequestHandler stubRequestHandler) {
+
+ return new JettyHttpServer(options, adminRequestHandler, stubRequestHandler) {
+ @Override
+ protected ServerConnector createHttpsConnector(final String bindAddress, final HttpsSettings httpsSettings,
+ final JettySettings jettySettings, final NetworkTrafficListener listener) {
+ final SslContextFactory sslContextFactory = new SslContextFactory();
+
+ sslContextFactory.setKeyStorePath(httpsSettings.keyStorePath());
+ sslContextFactory.setKeyManagerPassword(httpsSettings.keyStorePassword());
+ sslContextFactory.setKeyStorePassword(httpsSettings.keyStorePassword());
+ sslContextFactory.setKeyStoreType(httpsSettings.keyStoreType());
+ if (httpsSettings.hasTrustStore()) {
+ sslContextFactory.setTrustStorePath(httpsSettings.trustStorePath());
+ sslContextFactory.setTrustStorePassword(httpsSettings.trustStorePassword());
+ sslContextFactory.setTrustStoreType(httpsSettings.trustStoreType());
+ }
+ sslContextFactory.setNeedClientAuth(httpsSettings.needClientAuth());
+ sslContextFactory.setIncludeCipherSuites("TLS_RSA_WITH_AES_128_CBC_SHA256");
+ sslContextFactory.setProtocol("TLSv1.2");
+
+ final HttpConfiguration httpConfig = createHttpConfig(jettySettings);
+ httpConfig.addCustomizer(new SecureRequestCustomizer());
+
+ final int port = httpsSettings.port();
+
+ return createServerConnector(bindAddress, jettySettings, port, listener,
+ new SslConnectionFactory(sslContextFactory, "http/1.1"), new HttpConnectionFactory(httpConfig));
+ }
+ };
+ }
+}
diff --git a/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerDelegateHttpsTest.java b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerDelegateHttpsTest.java
new file mode 100644
index 0000000..f106177
--- /dev/null
+++ b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerDelegateHttpsTest.java
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.rest.swagger;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Component;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.camel.util.IntrospectionSupport;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
+
+@RunWith(Parameterized.class)
+public class RestSwaggerDelegateHttpsTest extends HttpsTest {
+
+ @Override
+ protected CamelContext createCamelContext() throws Exception {
+ final CamelContext camelContext = super.createCamelContext();
+
+ final Component delegate = ((DefaultCamelContext) camelContext).getComponentResolver()
+ .resolveComponent(componentName, camelContext);
+ IntrospectionSupport.setProperty(delegate, "sslContextParameters", createHttpsParameters(camelContext));
+ camelContext.addComponent(componentName, delegate);
+
+ return camelContext;
+ }
+
+}
diff --git a/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerGlobalHttpsTest.java b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerGlobalHttpsTest.java
new file mode 100644
index 0000000..b49da74
--- /dev/null
+++ b/components/camel-rest-swagger/src/test/java/org/apache/camel/component/rest/swagger/RestSwaggerGlobalHttpsTest.java
@@ -0,0 +1,33 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.rest.swagger;
+
+import org.apache.camel.CamelContext;
+
+public class RestSwaggerGlobalHttpsTest extends HttpsTest {
+
+ @Override
+ protected CamelContext createCamelContext() throws Exception {
+ CamelContext camelContext = super.createCamelContext();
+ camelContext.setSSLContextParameters(createHttpsParameters(camelContext));
+
+ RestSwaggerComponent component = camelContext.getComponent("petStore", RestSwaggerComponent.class);
+ component.setUseGlobalSslContextParameters(true);
+
+ return camelContext;
+ }
+}
diff --git a/components/camel-rest-swagger/src/test/resources/localhost.p12 b/components/camel-rest-swagger/src/test/resources/localhost.p12
new file mode 100644
index 0000000..ebcd4c1
Binary files /dev/null and b/components/camel-rest-swagger/src/test/resources/localhost.p12 differ
diff --git a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
index 15752f9..2609871 100644
--- a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
+++ b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
@@ -40,6 +40,7 @@ import org.apache.camel.spi.RestApiConsumerFactory;
import org.apache.camel.spi.RestConfiguration;
import org.apache.camel.spi.RestConsumerFactory;
import org.apache.camel.spi.RestProducerFactory;
+import org.apache.camel.spi.RestProducerFactoryHelper;
import org.apache.camel.util.FileUtil;
import org.apache.camel.util.HostUtils;
import org.apache.camel.util.ObjectHelper;
@@ -863,6 +864,11 @@ public class RestletComponent extends DefaultComponent implements RestConsumerFa
url += "?restletMethod=" + restletMethod;
}
+ // there are cases where we might end up here without component being created beforehand
+ // we need to abide by the component properties specified in the parameters when creating
+ // the component
+ RestProducerFactoryHelper.setupComponentFor(url, camelContext, (Map<String, Object>) parameters.get("component"));
+
RestletEndpoint endpoint = camelContext.getEndpoint(url, RestletEndpoint.class);
if (parameters != null && !parameters.isEmpty()) {
setProperties(camelContext, endpoint, parameters);
diff --git a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java
index f2d42ce..62014cd 100644
--- a/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java
+++ b/components/camel-undertow/src/main/java/org/apache/camel/component/undertow/UndertowComponent.java
@@ -42,6 +42,7 @@ import org.apache.camel.spi.RestApiConsumerFactory;
import org.apache.camel.spi.RestConfiguration;
import org.apache.camel.spi.RestConsumerFactory;
import org.apache.camel.spi.RestProducerFactory;
+import org.apache.camel.spi.RestProducerFactoryHelper;
import org.apache.camel.util.FileUtil;
import org.apache.camel.util.HostUtils;
import org.apache.camel.util.IntrospectionSupport;
@@ -296,6 +297,11 @@ public class UndertowComponent extends DefaultComponent implements RestConsumerF
url = url + "?" + query;
}
+ // there are cases where we might end up here without component being created beforehand
+ // we need to abide by the component properties specified in the parameters when creating
+ // the component
+ RestProducerFactoryHelper.setupComponentFor(url, camelContext, (Map<String, Object>) parameters.get("component"));
+
UndertowEndpoint endpoint = camelContext.getEndpoint(url, UndertowEndpoint.class);
if (parameters != null && !parameters.isEmpty()) {
setProperties(camelContext, endpoint, parameters);
diff --git a/platforms/spring-boot/components-starter/camel-rest-swagger-starter/src/main/java/org/apache/camel/component/rest/swagger/springboot/RestSwaggerComponentConfiguration.java b/platforms/spring-boot/components-starter/camel-rest-swagger-starter/src/main/java/org/apache/camel/component/rest/swagger/springboot/RestSwaggerComponentConfiguration.java
index c24681a..08fe84d 100644
--- a/platforms/spring-boot/components-starter/camel-rest-swagger-starter/src/main/java/org/apache/camel/component/rest/swagger/springboot/RestSwaggerComponentConfiguration.java
+++ b/platforms/spring-boot/components-starter/camel-rest-swagger-starter/src/main/java/org/apache/camel/component/rest/swagger/springboot/RestSwaggerComponentConfiguration.java
@@ -87,6 +87,16 @@ public class RestSwaggerComponentConfiguration
*/
private URI specificationUri;
/**
+ * Customize TLS parameters used by the component. If not set defaults to
+ * the TLS parameters set in the Camel context. The option is a
+ * org.apache.camel.util.jsse.SSLContextParameters type.
+ */
+ private String sslContextParameters;
+ /**
+ * Enable usage of global SSL context parameters.
+ */
+ private Boolean useGlobalSslContextParameters = false;
+ /**
* Whether the component should resolve property placeholders on itself when
* starting. Only properties which are of String type can use property
* placeholders.
@@ -141,6 +151,23 @@ public class RestSwaggerComponentConfiguration
this.specificationUri = specificationUri;
}
+ public String getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ public void setSslContextParameters(String sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
+ public Boolean getUseGlobalSslContextParameters() {
+ return useGlobalSslContextParameters;
+ }
+
+ public void setUseGlobalSslContextParameters(
+ Boolean useGlobalSslContextParameters) {
+ this.useGlobalSslContextParameters = useGlobalSslContextParameters;
+ }
+
public Boolean getResolvePropertyPlaceholders() {
return resolvePropertyPlaceholders;
}