You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by "Rich Newcomb (JIRA)" <ji...@apache.org> on 2011/09/12 10:35:09 UTC
[jira] [Created] (CAMEL-4441) Add Namespace Support to XMLSecurity
Component
Add Namespace Support to XMLSecurity Component
----------------------------------------------
Key: CAMEL-4441
URL: https://issues.apache.org/jira/browse/CAMEL-4441
Project: Camel
Issue Type: Improvement
Reporter: Rich Newcomb
The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
Below is one example of the updated secureXML API in Java :
{code:xml}
final Map<String, String> namespaces = new HashMap<String, String>();
namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
final KeyStoreParameters tsParameters = new KeyStoreParameters();
tsParameters.setPassword("password");
tsParameters.setResource("sender.ts");
context.addRoutes(new RouteBuilder() {
public void configure() {
from("direct:start")
.marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
}
}
{code}
The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
For example:
{code:xml}
<!-- trust store configuration -->
<camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
<camelContext id="springXmlSecurityDataFormatTestCamelContext"
xmlns="http://camel.apache.org/schema/spring"
xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
<route>
<from uri="direct://start"/>
<marshal>
<secureXML
secureTag="//cheese:cheesesites/italy"
secureTagContents="true"
xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
recipientKeyAlias="recipient"
keyOrTrustStoreParametersId="trustStoreParams" />
</marshal>
...
{code}
Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
Minor and related changes provided by the patch include:
* Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
* Adds a Spring Xml route definition example in the unit tests
* Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-4441) Add Namespace Support to
XMLSecurity Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108822#comment-13108822 ]
Ashwin Karpe commented on CAMEL-4441:
-------------------------------------
Rich,
Would you mind adding documentation on the Camel wiki for your improvement...
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Assignee: Ashwin Karpe
> Fix For: 2.9.0
>
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CAMEL-4441) Add Namespace Support to
XMLSecurity Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108770#comment-13108770 ]
Ashwin Karpe edited comment on CAMEL-4441 at 9/20/11 5:25 PM:
--------------------------------------------------------------
Hi Rich,
I ran into a minor problem when I applied the patches. The xmlsecurity patch was not working correctly and running into a path issue in Git while applying the change to pom.xml. When I split the patch into 2 separate patches, it worked fine. Everything else was great.
Thanks for the patch. Your contribution is sincerely appreciated.
I have uploaded a new patch (CAMEL-4441-complete-and-final.patch) and will commit your improvement.
Cheers,
Ashwin...
was (Author: akarpe):
Hi Rich,
I ran into some problems when I applied the patches. The xmlsecurity patch was not working correctly and running into path issues for this specific file.
I fixed the issue and have verified that everything works as expected.
Thanks for the patch. Your contribution is sincerely appreciated.
I have uploaded a new patch (CAMEL-4441-complete-and-final.patch) and will commit your improvement.
Cheers,
Ashwin...
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Assignee: Ashwin Karpe
> Fix For: 2.9.0
>
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CAMEL-4441) Add Namespace Support to
XMLSecurity Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108770#comment-13108770 ]
Ashwin Karpe edited comment on CAMEL-4441 at 9/20/11 5:28 PM:
--------------------------------------------------------------
Hi Rich,
I ran into a minor problem when I applied the patches. The xmlsecurity patch ran into a path issue in Git while applying the change to pom.xml. When I split the patch into 2 separate patches, it worked fine. Everything else was great and worked flawlessly.
Thanks for the patch. Your contribution is sincerely appreciated.
I have uploaded a new patch (CAMEL-4441-complete-and-final.patch) and will commit your improvement.
Cheers,
Ashwin...
was (Author: akarpe):
Hi Rich,
I ran into a minor problem when I applied the patches. The xmlsecurity patch was not working correctly and running into a path issue in Git while applying the change to pom.xml. When I split the patch into 2 separate patches, it worked fine. Everything else was great.
Thanks for the patch. Your contribution is sincerely appreciated.
I have uploaded a new patch (CAMEL-4441-complete-and-final.patch) and will commit your improvement.
Cheers,
Ashwin...
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Assignee: Ashwin Karpe
> Fix For: 2.9.0
>
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-4441) Add Namespace Support to XMLSecurity
Component
Posted by "Rich Newcomb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rich Newcomb updated CAMEL-4441:
--------------------------------
Attachment: CAMEL-4441-camel-jmx.patch
CAMEL-4441-parent.patch
CAMEL-4441-camel-core.patch
CAMEL-4441-camel-xmlsecurity.patch
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CAMEL-4441) Add Namespace Support to
XMLSecurity Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108779#comment-13108779 ]
Ashwin Karpe edited comment on CAMEL-4441 at 9/20/11 3:31 PM:
--------------------------------------------------------------
The original patch was produced by Rich Newcomb. I validated that everything was in good working order, passed checkstyle and compliant with Camel development standards.
Committed to the Camel trunk as revision r1173190
was (Author: akarpe):
The Patch was produced by Rich Newcomb. I validated that everything was in good working order, passed checkstyle and compliant with Camel development standards.
Committed to the Camel trunk as revision r1173190
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Assignee: Ashwin Karpe
> Fix For: 2.9.0
>
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Issue Comment Edited] (CAMEL-4441) Add Namespace Support to
XMLSecurity Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108770#comment-13108770 ]
Ashwin Karpe edited comment on CAMEL-4441 at 9/20/11 3:22 PM:
--------------------------------------------------------------
Hi Rich,
I ran into some problems when I applied the patches. The xmlsecurity patch was not working correctly and running into path issues for this specific file.
I fixed the issue and have verified that everything works as expected.
Thanks for the patch. Your contribution is sincerely appreciated.
I have uploaded a new patch (CAMEL-4441-complete-and-final.patch) and will commit your improvement.
Cheers,
Ashwin...
was (Author: akarpe):
Hi Rich,
I ran into some problems when I applied the patches. The xmlsecurity patch was not working correctly and running into path issues for this specific file.
I fixed the issue and have verified that everything works as expected.
Thanks for the patch. Your contribution is sincerely appreciated.
I will go ahead and upload a new patch and commit your improvement.
Cheers,
Ashwin...
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-4441) Add Namespace Support to
XMLSecurity Component
Posted by "Rich Newcomb (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108841#comment-13108841 ]
Rich Newcomb commented on CAMEL-4441:
-------------------------------------
Thanks Ashwin! I will update the documentation on the Camel wiki.
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Assignee: Ashwin Karpe
> Fix For: 2.9.0
>
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (CAMEL-4441) Add Namespace Support to
XMLSecurity Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13108776#comment-13108776 ]
Ashwin Karpe commented on CAMEL-4441:
-------------------------------------
Committed to the Camel trunk as revision r1173190.
Thanks to Rich Newcomb for this nice contribution...
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (CAMEL-4441) Add Namespace Support to XMLSecurity
Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe resolved CAMEL-4441.
---------------------------------
Resolution: Fixed
Fix Version/s: 2.9.0
Assignee: Ashwin Karpe
The Patch was produced by Rich Newcomb. I validated that everything was in good working order, passed checkstyle and compliant with Camel development standards.
Committed to the Camel trunk as revision r1173190
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Assignee: Ashwin Karpe
> Fix For: 2.9.0
>
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (CAMEL-4441) Add Namespace Support to XMLSecurity
Component
Posted by "Ashwin Karpe (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/CAMEL-4441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ashwin Karpe updated CAMEL-4441:
--------------------------------
Attachment: CAMEL-4441-complete-and-final.patch
Hi Rich,
I ran into some problems when I applied the patches. The xmlsecurity patch was not working correctly and running into path issues for this specific file.
I fixed the issue and have verified that everything works as expected.
Thanks for the patch. Your contribution is sincerely appreciated.
I will go ahead and upload a new patch and commit your improvement.
Cheers,
Ashwin...
> Add Namespace Support to XMLSecurity Component
> ----------------------------------------------
>
> Key: CAMEL-4441
> URL: https://issues.apache.org/jira/browse/CAMEL-4441
> Project: Camel
> Issue Type: Improvement
> Reporter: Rich Newcomb
> Attachments: CAMEL-4441-camel-core.patch, CAMEL-4441-camel-jmx.patch, CAMEL-4441-camel-xmlsecurity.patch, CAMEL-4441-complete-and-final.patch, CAMEL-4441-parent.patch
>
>
> The camel-xmlsecurity data format does not support namespaces when identifying specific nodes to be encrypted or decrypted. The data format will only work for incidental namespace collisions (i.e., when the target XML document has elements that happen to use the same namespace prefix as that used in the secureTag element).
> The attached patch resolves this issue by allowing a namespace definition mapping to be included as part of the data format configuration. This enables true namespace matching, even if the prefix values in the data format definition and the target xml document are not equivalent strings.
> Below is one example of the updated secureXML API in Java :
> {code:xml}
> final Map<String, String> namespaces = new HashMap<String, String>();
> namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/");
> final KeyStoreParameters tsParameters = new KeyStoreParameters();
> tsParameters.setPassword("password");
> tsParameters.setResource("sender.ts");
> context.addRoutes(new RouteBuilder() {
> public void configure() {
> from("direct:start")
> .marshal().secureXML("//cust:cheesesites/italy", namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5, tsParameters).to("mock:encrypted");
> }
> }
> {code}
> The patch also extends natural XML support to Spring XML route definitions by leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that is defined as part of the camelContext definition can be re-used in context within the data format secureTag attribute of the secureXML element.
> For example:
> {code:xml}
> <!-- trust store configuration -->
> <camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts" password="password"/>
> <camelContext id="springXmlSecurityDataFormatTestCamelContext"
> xmlns="http://camel.apache.org/schema/spring"
> xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/">
> <route>
> <from uri="direct://start"/>
> <marshal>
> <secureXML
> secureTag="//cheese:cheesesites/italy"
> secureTagContents="true"
> xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
> keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"
> recipientKeyAlias="recipient"
> keyOrTrustStoreParametersId="trustStoreParams" />
> </marshal>
> ...
> {code}
> Finally, this patch updates the method used to define TrustStore and KeyStore parameters for asymmetric encryption and decryption. The patch enables the XmlSecuritiy component to use instances of the org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is also illustrated in the examples above. The other methods of KeyStore definition are deprecated by the patch.
> Minor and related changes provided by the patch include:
> * Fixes an error where unit tests were incorrectly skipped (due to security engine not initialized) even when the related crypto algorithms are available.
> * Adds a Spring Xml route definition example in the unit tests
> * Configures the xmlunit version in the parent.pom and updates camel-jmx to share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira