You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@camel.apache.org by timcoat <ti...@jeffcoat.net> on 2010/07/13 16:41:11 UTC
mina tcp ssl configuration
Is it possible to setup a mina tcp Mutual Authentication connection similar
to the netty one?
For instance, in the section "An SSL/TCP based Netty consumer endpoint using
Request-Reply communication" User Guide Version 2.3-SNAPSHOT the setup for
the truststore and keystore are configured. And it has an endpoint like this
netty_ssl_endpoint =
"netty:tcp://localhost:5150sync=true&ssl=true&passphrase=#password"
+ "&keyStoreFile=#ksf&trustStoreFile=#tsf";
I want to do something like this to but for mina tcp.
Below I have pieced together what I think might work to setup a ssl mina tcp
connection. What I am unsure about is how to get both the truststore and
keystore to mutually authenticate. Or perhaps I am mistaken in thinking I
need to have both the truststore and keystore configured? If anybody sees
something that is incorrect please inform me.
**************************************************************************************************************************************************************************************
<code>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:osgi="http://camel.apache.org/schema/osgi"
xmlns:osgix="http://www.springframework.org/schema/osgi-compendium"
xmlns:ctx="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
http://camel.apache.org/schema/spring
http://camel.apache.org/schema/spring/camel-spring.xsd
http://camel.apache.org/schema/osgi
http://camel.apache.org/schema/osgi/camel-osgi.xsd
http://www.springframework.org/schema/osgi-compendium
http://www.springframework.org/schema/osgi-compendium/spring-osgi-compendium.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
">
<osgi:camelContext xmlns="http://camel.apache.org/schema/spring">
<route>
<from uri="bean:myMinaConfig"/>
<convertBodyTo type="java.lang.String"/>
<to uri="activemq:queue:camel_secure"/>
</route>
</osgi:camelContext>
<bean id="myMinaConfig"
class="org.apache.camel.component.mina.MinaConfiguration">
<property name="protocol" value="tcp" />
<property name="host" value="localhost" />
<property name="port" value="2121" />
<property name="sync" value="true" />
<property name="minaLogger" value="true" />
<property name="filters" ref="listFilters" />
</bean>
<bean id="listFilters" class="java.util.ArrayList">
<constructor-arg index="0" ref="sslFilterChainBuilder"/>
</bean>
<!-- The SSL configuration -->
<bean id="keystoreFactory"
class="org.apache.mina.filter.ssl.KeyStoreFactory">
<property name="password" value="boguspw"/>
<property name="dataUrl"
value="classpath:org/apache/mina/example/echoserver/ssl/bogus.cert"/>
</bean>
<bean id="keyStore" factory-bean="keystoreFactory"
factory-method="newInstance"/>
<bean id="bogusTrustManagerFactory"
class="org.apache.mina.filter.ssl.BogusTrustManagerFactory"/>
<!-- SSLContext to be used -->
<bean id="sslContextFactory"
class="org.apache.mina.filter.ssl.SslContextFactory">
<property name="protocol" value="TLS"/>
<property name="keyManagerFactoryAlgorithm" value="SunX509"/>
<property name="keyManagerFactoryKeyStore"><ref
local="keyStore"/></property>
<property name="keyManagerFactoryKeyStorePassword" value="boguspw"/>
<property name="trustManagerFactory"><ref
local="bogusTrustManagerFactory"/></property>
</bean>
<bean id="sslContext" factory-bean="sslContextFactory"
factory-method="newInstance"/>
<bean id="sslFilter" class="org.apache.mina.filter.ssl.SslFilter">
<constructor-arg ref="sslContext"/>
</bean>
<!-- The SSL filter chain. -->
<bean id="sslFilterChainBuilder"
class="org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder">
<property name="filters">
<map>
<entry key="sslFilter" value-ref="sslFilter"/>
</map>
</property>
</bean>
<bean name="activemq" class="org.apache.camel.component.jms.JmsComponent">
<property name="connectionFactory">
<bean class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="vm://default" />
</bean>
</property>
</bean>
</beans>
***********************************************************************************************************************************************************************************
</code>
--
View this message in context: http://camel.465427.n5.nabble.com/mina-tcp-ssl-configuration-tp1046768p1046768.html
Sent from the Camel - Users mailing list archive at Nabble.com.
Re: mina tcp ssl configuration
Posted by Claus Ibsen <cl...@gmail.com>.
Hi
You can peak at the camel-netty source code how it does the SSL stuff
and you can most likely do something similar with Mina.
Its AFAIK to add a filter to it. And you can add those from the
endpoint using the filters option.
However why not consider migrating to Netty? It's much more active
maintained and developed than Apache Mina.
One of the key committers from Apache Mina was hired by JBoss and he
created Netty.
On Tue, Jul 13, 2010 at 4:41 PM, timcoat <ti...@jeffcoat.net> wrote:
>
> Is it possible to setup a mina tcp Mutual Authentication connection similar
> to the netty one?
>
> For instance, in the section "An SSL/TCP based Netty consumer endpoint using
> Request-Reply communication" User Guide Version 2.3-SNAPSHOT the setup for
> the truststore and keystore are configured. And it has an endpoint like this
>
> netty_ssl_endpoint =
> "netty:tcp://localhost:5150sync=true&ssl=true&passphrase=#password"
> + "&keyStoreFile=#ksf&trustStoreFile=#tsf";
>
> I want to do something like this to but for mina tcp.
>
> Below I have pieced together what I think might work to setup a ssl mina tcp
> connection. What I am unsure about is how to get both the truststore and
> keystore to mutually authenticate. Or perhaps I am mistaken in thinking I
> need to have both the truststore and keystore configured? If anybody sees
> something that is incorrect please inform me.
>
> **************************************************************************************************************************************************************************************
> <code>
> <?xml version="1.0" encoding="UTF-8"?>
>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:osgi="http://camel.apache.org/schema/osgi"
> xmlns:osgix="http://www.springframework.org/schema/osgi-compendium"
> xmlns:ctx="http://www.springframework.org/schema/context"
> xsi:schemaLocation="
> http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
> http://camel.apache.org/schema/spring
> http://camel.apache.org/schema/spring/camel-spring.xsd
> http://camel.apache.org/schema/osgi
> http://camel.apache.org/schema/osgi/camel-osgi.xsd
> http://www.springframework.org/schema/osgi-compendium
> http://www.springframework.org/schema/osgi-compendium/spring-osgi-compendium.xsd
> http://www.springframework.org/schema/context
> http://www.springframework.org/schema/context/spring-context.xsd
> ">
>
> <osgi:camelContext xmlns="http://camel.apache.org/schema/spring">
> <route>
> <from uri="bean:myMinaConfig"/>
> <convertBodyTo type="java.lang.String"/>
> <to uri="activemq:queue:camel_secure"/>
> </route>
> </osgi:camelContext>
> <bean id="myMinaConfig"
> class="org.apache.camel.component.mina.MinaConfiguration">
> <property name="protocol" value="tcp" />
> <property name="host" value="localhost" />
> <property name="port" value="2121" />
> <property name="sync" value="true" />
> <property name="minaLogger" value="true" />
> <property name="filters" ref="listFilters" />
> </bean>
> <bean id="listFilters" class="java.util.ArrayList">
> <constructor-arg index="0" ref="sslFilterChainBuilder"/>
> </bean>
>
> <!-- The SSL configuration -->
> <bean id="keystoreFactory"
> class="org.apache.mina.filter.ssl.KeyStoreFactory">
> <property name="password" value="boguspw"/>
> <property name="dataUrl"
> value="classpath:org/apache/mina/example/echoserver/ssl/bogus.cert"/>
> </bean>
>
> <bean id="keyStore" factory-bean="keystoreFactory"
> factory-method="newInstance"/>
>
> <bean id="bogusTrustManagerFactory"
> class="org.apache.mina.filter.ssl.BogusTrustManagerFactory"/>
>
> <!-- SSLContext to be used -->
> <bean id="sslContextFactory"
> class="org.apache.mina.filter.ssl.SslContextFactory">
> <property name="protocol" value="TLS"/>
> <property name="keyManagerFactoryAlgorithm" value="SunX509"/>
> <property name="keyManagerFactoryKeyStore"><ref
> local="keyStore"/></property>
> <property name="keyManagerFactoryKeyStorePassword" value="boguspw"/>
> <property name="trustManagerFactory"><ref
> local="bogusTrustManagerFactory"/></property>
> </bean>
>
> <bean id="sslContext" factory-bean="sslContextFactory"
> factory-method="newInstance"/>
>
> <bean id="sslFilter" class="org.apache.mina.filter.ssl.SslFilter">
> <constructor-arg ref="sslContext"/>
> </bean>
> <!-- The SSL filter chain. -->
> <bean id="sslFilterChainBuilder"
> class="org.apache.mina.core.filterchain.DefaultIoFilterChainBuilder">
> <property name="filters">
> <map>
> <entry key="sslFilter" value-ref="sslFilter"/>
> </map>
> </property>
> </bean>
>
> <bean name="activemq" class="org.apache.camel.component.jms.JmsComponent">
> <property name="connectionFactory">
> <bean class="org.apache.activemq.ActiveMQConnectionFactory">
> <property name="brokerURL" value="vm://default" />
> </bean>
> </property>
> </bean>
>
> </beans>
>
> ***********************************************************************************************************************************************************************************
> </code>
> --
> View this message in context: http://camel.465427.n5.nabble.com/mina-tcp-ssl-configuration-tp1046768p1046768.html
> Sent from the Camel - Users mailing list archive at Nabble.com.
>
--
Claus Ibsen
Apache Camel Committer
Author of Camel in Action: http://www.manning.com/ibsen/
Open Source Integration: http://fusesource.com
Blog: http://davsclaus.blogspot.com/
Twitter: http://twitter.com/davsclaus