You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by "McIntozh (via GitHub)" <gi...@apache.org> on 2023/01/27 09:50:57 UTC

[GitHub] [camel] McIntozh opened a new pull request, #9219: CAMEL-18917 add validating signature support to server

McIntozh opened a new pull request, #9219:
URL: https://github.com/apache/camel/pull/9219

   # Description
   
   A first try of solving CAMEL-18917 "Signature is not validated".
   Added a new configuration option to supply certificates that are used for validation. If no certificates are supplied (the default configuration), signatures are not validated. This way the previous behavior where signatures are not validated, is not affected if nothing is explicitly configured.
   
   Had to do quite some code changes and fix certain unit tests.
   I haven't implemented validation for MDNs on client side yet, because there are still other open issues regarding the MDN that have to be solved first.
   
   
   # Target
   
   - [x] I checked that the commit is targeting the correct branch (note that Camel 3 uses `camel-3.x`, whereas Camel 4 uses the `main` branch)
   
   # Tracking
   - [x] If this is a large change, bug fix, or code improvement, I checked there is a [JIRA issue](https://issues.apache.org/jira/browse/CAMEL) filed for the change (usually before you start working on it).
   
   
   # Apache Camel coding standards and style
   
   - [x] I checked that each commit in the pull request has a meaningful subject line and body.
   - [x] I formatted the code using `mvn -Pformat,fastinstall install && mvn -Psourcecheck`
   
   
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel] davsclaus commented on pull request #9219: CAMEL-18917 camel-as2: add validating signature support to server

Posted by "davsclaus (via GitHub)" <gi...@apache.org>.
davsclaus commented on PR #9219:
URL: https://github.com/apache/camel/pull/9219#issuecomment-1406592990

   Thanks for the explanation, that makes sense thanks


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel] github-actions[bot] commented on pull request #9219: CAMEL-18917 camel-as2: add validating signature support to server

Posted by github-actions.
github-actions[bot] commented on PR #9219:
URL: https://github.com/apache/camel/pull/9219#issuecomment-1406316412

   ### Components tested:
   
   | Total | Tested | Failed :x: | Passed :white_check_mark: | 
   | --- | --- | --- |  --- |
   | 1 | 1 | 0 | 1 |


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel] github-actions[bot] commented on pull request #9219: CAMEL-18917 add validating signature support to server

Posted by github-actions.
github-actions[bot] commented on PR #9219:
URL: https://github.com/apache/camel/pull/9219#issuecomment-1406267611

   :star2: Thank you for your contribution to the Apache Camel project! :star2: 
   
   :warning: Please note that the changes on this PR may be **tested automatically**. 
   
   If necessary Apache Camel Committers may access logs and test results in the job summaries!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel] davsclaus commented on pull request #9219: CAMEL-18917 camel-as2: add validating signature support to server

Posted by "davsclaus (via GitHub)" <gi...@apache.org>.
davsclaus commented on PR #9219:
URL: https://github.com/apache/camel/pull/9219#issuecomment-1406477246

   Are there use-cases where you would have more than 1 certificate in that chain? And if so must it be an array type?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel] davsclaus commented on pull request #9219: CAMEL-18917 camel-as2: add validating signature support to server

Posted by "davsclaus (via GitHub)" <gi...@apache.org>.
davsclaus commented on PR #9219:
URL: https://github.com/apache/camel/pull/9219#issuecomment-1406611962

   Thanks I backported this for 3.21 as well. You are surely welcome to keep improving camel-as2


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel] McIntozh commented on pull request #9219: CAMEL-18917 camel-as2: add validating signature support to server

Posted by "McIntozh (via GitHub)" <gi...@apache.org>.
McIntozh commented on PR #9219:
URL: https://github.com/apache/camel/pull/9219#issuecomment-1406543494

   I would assume, that when you set up a server, you would have one endpoint that receives messages from multiple parties. As every party has their own KeyPair for signing, the server would need the public certificates from every parity to validate every possible parties signature.
   Perhaps my assumption/use case is wrong? Is this module designed to set up one endpoint per parity? Then we don't need an array.
   
   Also the other certificate parameters `signingCertificateChain` and `encryptingCertificateChain` are also arrays (whereas I don't exactly know why we need more than one certificate for encrypting. `EncryptingUtils` seems to be the only place the parameter is used and it just takes the first entry from the array).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [camel] davsclaus merged pull request #9219: CAMEL-18917 camel-as2: add validating signature support to server

Posted by "davsclaus (via GitHub)" <gi...@apache.org>.
davsclaus merged PR #9219:
URL: https://github.com/apache/camel/pull/9219


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@camel.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org