You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by an...@apache.org on 2016/06/29 18:59:52 UTC
[1/2] camel git commit: JSSEDocumentation
Repository: camel
Updated Branches:
refs/heads/JSSEDocumentation [created] 828ebfb09
JSSEDocumentation
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/828ebfb0
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/828ebfb0
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/828ebfb0
Branch: refs/heads/JSSEDocumentation
Commit: 828ebfb0900c3eecce78097af63a191c9dc9eaa9
Parents: fdc742d
Author: Arno Noordover <an...@users.noreply.github.com>
Authored: Wed Jun 29 20:54:28 2016 +0200
Committer: Arno Noordover <an...@users.noreply.github.com>
Committed: Wed Jun 29 20:59:04 2016 +0200
----------------------------------------------------------------------
.../en/camel-configuration-utilities.adoc | 558 ++++++-------------
1 file changed, 163 insertions(+), 395 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/828ebfb0/docs/user-manual/en/camel-configuration-utilities.adoc
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/camel-configuration-utilities.adoc b/docs/user-manual/en/camel-configuration-utilities.adoc
index 15e3689..24ba0de 100644
--- a/docs/user-manual/en/camel-configuration-utilities.adoc
+++ b/docs/user-manual/en/camel-configuration-utilities.adoc
@@ -70,18 +70,40 @@ namespaces for Spring and Blueprint based configuration, respectively.
SSLContextParameters
++++++++++++++++++++
-
-[cols="a,a",width="100%",options="header",grids="cols"]
-|====================
-|Property|Description
-|Field: +
-cipherSuites +
-Class: +
-CipherSuitesParameters +
-XML: +
-sslContextParameters +
-/ciphersuites
-|This optional property represents a collection of explicitly named
+SSLContextParameters (sslContextParameters) contain the following elements:
+
+* provider (attribute)
+* secureSocketProtocol (attribute)
+* certAlias (attribute)
+* sessionTimeout (attribute)
+* cipherSuites (element)
+* cipherSuitesFilter (element)
+* secureSocketProtocols (element)
+* secureSocketProtocolsFilter (element)
+* keyManagers (element)
+* trustManagers (element)
+* secureRandom (element)
+* clientParameters (element)
+* serverParameters (elment)
+
+provider::
+The optional provider identifier for the JSSE implementation to use when
+constructing the SSLContext.� If omitted, the standard provider look-up
+mechanism is used to resolve the provider.
+secureSocketProtocol::
+The optional secure socket protocol. See http://download.oracle.com/javase/6/docs/technotes/guides//security/jsse/JSSERefGuide.html#AppA[Appendix
+A] in the Java Secure Socket Extension Reference Guide for information
+about standard protocol names.� If omitted, TLS is used by default.�
+Note that this property is related to but distinctly different from the
+secureSocketProtocols and secureSocketProtocolsFilter properties.
+certAlias::
+*Camel 2.13:* An optional certificate alias to use. This is useful when
+the keystore has multiple certificates.
+sessionTimeout::
+This optional property defines the timeout period, in seconds, for
+sessions on both the client and server side as well as in the SSLEngine.
+cipherSuites::
+This optional property represents a collection of explicitly named
cipher suites to enable on both the client and server side as well as in
the SSLEngine.� These values take precedence over filters supplied in
cipherSuitesFilter.� The utility attempts to enable the listed cipher
@@ -89,37 +111,17 @@ suites regardless of whether or not the JSSE provider actually supports
them or not.� This behavior guarantees that listed cipher suites are
always enabled when listed.� For a more lenient option, use
cipherSuitesFilter.
-|Field: +
-cipherSuitesFilter +
-Class: +
-link:camel-configuration-utilities.html[FilterParameters] +
-XML: +
-sslContextParameters +
-/cipherSuitesFilter
-|This optional property represents a collection of include and exclude
+cipherSuitesFilter::
+This optional property represents a collection of include and exclude
patterns for cipher suites to enable on both the client and server side
as well as in the SSLEngine.� The patterns are applied over only the
available cipher suites.� The exclude patterns have precedence over the
include patterns.� If no cipherSuites and no cipherSuitesFilter are
present, the default patterns applied are: +
-Includes
-
-* .*
-
-Excludes
-
-* .*_NULL_.*
-* .*_anon_.*
-* .*DES.* *Camel 2.15.4*
-* .*EXPORT.* *Camel 2.15.4*
-|Field: +
-secureSocketProtocols +
-Class: +
-SecureSocketProtocolsParameters +
-XML: +
-sslContextParameters +
-/secureSocketProtocols
-|This optional property represents a collection of explicitly named
+Includes .\*; Excludes .*_NULL_.*, .\*_anon_.*
+, .\*DES.* *Camel 2.15.4*, .\*EXPORT.* *Camel 2.15.4*.
+secureSocketProtocols::
+This optional property represents a collection of explicitly named
secure socket protocols, such as SSLv3/TLS/etc., to enable on both the
client and server side as well as in the SSLEngine.� These values take
precedence over filters supplied in secureSocketProtocolsFilter.� The
@@ -127,219 +129,132 @@ utility attempts to enable the listed protocols regardless of whether or
not the JSSE provider actually supports them or not.� This behavior
guarantees that listed protocols are always enabled when listed.� For a
more lenient option, use secureSocketProtocolsFilter.
-|====================
-
-secureSocketProtocolsFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
-sslContextParameters/secureSocketProtocolsFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
+secureSocketProtocolsFilter::
This optional property represents a collection of include and exclude
patterns for secure socket protocols to enable on both the client and
server side as well as in the SSLEngine.� The patterns are applied over
only the available protocols.� The exclude patterns have precedence over
the include patterns.� If no secureSocketProtocols and no
secureSocketProtocolsFilter are present, the default patterns applied
-are: +
- +
- Includes
-
-* .*
-
-sessionTimeout - java.lang.String
-
-sslContextParameters/@sessionTimeout - xsd:string
-
-This optional property defines the timeout period, in seconds, for
-sessions on both the client and server side as well as in the SSLEngine.
-
-keyManagers -
-link:camel-configuration-utilities.html[KeyManagersParameters]
-
-sslContextParameters/keyManagers -
-link:camel-configuration-utilities.html[KeyManagersParameters]
+are: Includes .*
-This optional property configures the source of key material for
+keyManagers::
+see <<CamelConfigurationUtilities-KeyManagersParameters>>.This optional property configures the source of key material for
providing identity of client and server side connections as well as in
the SSLEngine.� If omitted, no source of key material is provided and
the SSLContext is suitable only for client-side usage when mutual
authentication is not in use.� You typically configure this property
with a key store containing a client or server private key.
-
-trustManagers -
-link:camel-configuration-utilities.html[TrustManagersParameters]
-
-sslContextParameters/trustManagers -
-link:camel-configuration-utilities.html[TrustManagersParameters]
-
-This optional property configures the source of material for verifying
+trustManagers::
+see <<CamelConfigurationUtilities-TrustManagersParameters>>. This optional property configures the source of material for verifying
trust of key material used in the handshake process.� If omitted, the
default trust manager is automatically used.� See the
http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores[JSSE
documentation] for more information on how the default trust manager is
configured.� You typically configure this property with a key store
containing trusted CA certificates.
-
-secureRandom - SecureRandomParameters
-
-sslContextParameters/secureRandom - SecureRandomParameters
-
+secureRandom::
This optional property configures the secure random number generator
used by the client and server side as well as in the SSLEngine.� If
omitted, the default secure random number generator is used.
-
-clientParameters -
-link:camel-configuration-utilities.html[SSLContextClientParameters]
-
-sslContextParameters/clientParameters -
-link:camel-configuration-utilities.html[SSLContextClientParameters]
-
-This optional property configures additional settings that apply only to
+clientParameters::
+see <<CamelConfigurationUtilities-SSLContextClientParameters>>. This optional property configures additional settings that apply only to
the client side aspects of the SSLContext.� If present, these settings
override the settings specified at the SSLContextParameters level.
-
-serverParameters -
-link:camel-configuration-utilities.html[SSLContextServerParameters]
-
-sslContextParameters/serverParameters -
-link:camel-configuration-utilities.html[SSLContextServerParameters]
-
-This optional property configures additional settings that apply only to
+serverParameters::
+see <<CamelConfigurationUtilities-SSLContextServerParameters>>. This optional property configures additional settings that apply only to
the server side aspects of the SSLContext.� If present, these settings
override the settings specified at the SSLContextParameters level.
-provider - java.lang.String
-
-sslContextParameters/@provider - xsd:string
-
-The optional provider identifier for the JSSE implementation to use when
-constructing the SSLContext.� If omitted, the standard provider look-up
-mechanism is used to resolve the provider.
-
-secureSocketProtocol - java.lang.String
-
-sslContextParameters/@secureSocketProtocol - xsd:string
-
-The optional secure socket protocol. See
-http://download.oracle.com/javase/6/docs/technotes/guides//security/jsse/JSSERefGuide.html#AppA[Appendix
-A] in the Java Secure Socket Extension Reference Guide for information
-about standard protocol names.� If omitted, TLS is used by default.�
-Note that this property is related to but distinctly different from the
-secureSocketProtocols and secureSocketProtocolsFilter properties.
-
-certAlias - java.lang.String
-
-sslContextParameters/@certAlias - xsd:string
-
-*Camel 2.13:* An optional certificate alias to use. This is useful when
-the keystore has multiple certificates.
[[CamelConfigurationUtilities-KeyManagersParameters]]
KeyManagersParameters
+++++++++++++++++++++
-Java Field Name and Class
-
-XML Attribute/Element and Type
-
-Description
-
-keyStore- link:camel-configuration-utilities.html[KeyStoreParameters]
-
-keyStore - link:camel-configuration-utilities.html[KeyStoreParameters]
-
-This optional property represents the key store that provides key
-material to the key manager.� This is typically configured with a key
-store containing a user or server private key.� In some cases, such as
-when using PKCS#11, the key store is omitted entirely.
-
-keyPassword - java.lang.String
+KeyManagersParameters contain the following elements:
-@keyPassword - xsd:string
+* keyPassword (attribute)
+* provider (attribute)
+* algorithm (attribute)
+* keyStore (element)
+keyPassword::
The optional password for recovering/accessing the private key in the
key store.� This is typically the password for the private key in the
configured key store; however, in some cases, such as when using
PKCS#11, the key password may be provided through other means and is
omitted entirely in this configuration.
-
-provider - java.lang.String
-
-@provider - xsd:string
-
+provider::
The optional provider identifier for the KeyManagerFactory used to
create the KeyManagers represented by this object's configuration.� If
omitted, the default look-up behavior is used.
-
-algorithm - java.lang.String
-
-@algorithm - xsd:string
-
+algorithm::
The optional algorithm name for the KeyManagerFactory used to create the
KeyManager represented by this object's configuration.� See the
http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html[Java
Secure Socket Extension Reference Guide] for information about standard
algorithm names.
-
-trustManager - java.lang.String
-
-@trustManager - xsd:string
-
-*Camel 2.17:*To use a existing configured trust manager instead of using
-TrustManagerFactory to get the TrustManager.
+keyStore::
+See <<CamelConfigurationUtilities-KeyStoreParameters>>. This optional property represents the key store that provides key
+material to the key manager.� This is typically configured with a key
+store containing a user or server private key.� In some cases, such as
+when using PKCS#11, the key store is omitted entirely.
[[CamelConfigurationUtilities-TrustManagersParameters]]
TrustManagersParameters
+++++++++++++++++++++++
-Java Field Name and Class
-
-XML Attribute/Element and Type
-
-Description
-
-keyStore- link:camel-configuration-utilities.html[KeyStoreParameters]
+TrustManagersParameters contain the following elements:
-keyStore - link:camel-configuration-utilities.html[KeyStoreParameters]
-
-This optional property represents the key store that provides key
-material to the trust manager.� This is typically configured with a key
-store containing trusted CA certificates / public keys.� In some cases,
-such as when using PKCS#11, the key store is omitted entirely.
-
-provider - java.lang.String
-
-@provider - xsd:string
+* provider (attribute)
+* algorithm (attribute)
+* trustManager (attribute)
+* keyStore (element)
+provider::
The optional provider identifier for the TrustManagerFactory used to
create the TrustManagers represented by this object's configuration.� If
omitted, the default look-up behavior is used.
-
-algorithm - java.lang.String
-
-@algorithm - xsd:string
-
+algorithm::
The optional algorithm name for the TrustManagerFactory used to create
the TrustManager represented by this object's configuration.� See the
http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html[Java
Secure Socket Extension Reference Guide] for information about standard
algorithm names.
+trustManager::
+*Camel 2.17:* To use a existing configured trust manager instead of using
+TrustManagerFactory to get the TrustManager.
+keyStore::
+See <<CamelConfigurationUtilities-KeyStoreParameters>>. This optional property represents the key store that provides key
+material to the trust manager.� This is typically configured with a key
+store containing trusted CA certificates / public keys.� In some cases,
+such as when using PKCS#11, the key store is omitted entirely.
[[CamelConfigurationUtilities-KeyStoreParameters]]
KeyStoreParameters
++++++++++++++++++
-Java Field Name and Class
-
-XML Attribute/Element and Type
-
-Description
+KeyStoreParameters contain the following elements:
-resource- java.lang.String
-
-keyStore/@resource - xsd:string
+* type (attribute)
+* password (attribute)
+* provider (attribute)
+* resource (attribute)
+type::
+The optional type of the key store.� See Appendix A in the
+http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyStore[Java
+Cryptography Architecture Standard Algorithm Name Documentation] for
+more information on standard names.� If omitted, defaults to the default
+lookup mechanism as defined by
+http://download.oracle.com/javase/6/docs/api/java/security/KeyStore.html#getDefaultType()[KeyStore.getDefaultType()].
+password::
+The optional password for reading/opening/verifying the key store.
+provider::
+The optional provider identifier for the provider used to create the
+KeyStores represented by this object's configuration.� If omitted, the
+default look-up behavior is used.
+resource::
This optional property represents the location of the key store resource
to load the key store from.� In some cases, the resource is omitted as
the key store content is provided by other means.� The loading of the
@@ -348,69 +263,32 @@ path, a class path resource, and a URL in that order. An exception is
thrown if the resource cannot be resolved to readable input stream using
any of the above methods.
-[Note]
+.*OSGi Usage*
+[NOTE]
====
- *OSGi Usage*
-
For programmatic and Spring based XML configuration in OSGi, a resource
specified as a classpath resource path may be accessible in the bundle
containing the XML configuration file or in a package that is imported
by that bundle.� As Blueprint does not define the thread context
classloader behavior, only classpath resources in the bundle containing
the XML configuration file may be resolved from a Blueprint based XML
-configuration. +
- +
- +
-
+configuration.
====
-password - java.lang.String
-
-keyStore/@password - xsd:string
-
-The optional password for reading/opening/verifying the key store.
-
-type - java.lang.String
-
-keyStore/@type - xsd:string
-
-The optional type of the key store.� See Appendix A in the
-http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyStore[Java
-Cryptography Architecture Standard Algorithm Name Documentation] for
-more information on standard names.� If omitted, defaults to the default
-lookup mechanism as defined by
-http://download.oracle.com/javase/6/docs/api/java/security/KeyStore.html#getDefaultType()[KeyStore.getDefaultType()].
-
-provider - java.lang.String
-
-keyStore/@provider - xsd:string
-
-The optional provider identifier for the provider used to create the
-KeyStores represented by this object's configuration.� If omitted, the
-default look-up behavior is used.
[[CamelConfigurationUtilities-FilterParameters]]
FilterParameters
++++++++++++++++
-Java Field Name and Class
-
-XML Attribute/Element and Type
-
-Description
-
-include - java.util.List<java.lang.String>
-
-include - xsd:string
+FilterParameters contain the following elements:
+* include (element, multiple string)
+* exclude (element, multiple string)
+include::
This optional property represents zero or more regular expression
patterns for which matching values should be included.� The list of
excludes takes precedence over the include patterns.
-
-exclude - java.util.List<java.lang.String>
-
-exclude - xsd:string
-
+exclude::
This optional property represents zero or more regular expression
patterns for which matching values should be included.� The list of
excludes takes precedence over the include patterns.
@@ -418,28 +296,18 @@ excludes takes precedence over the include patterns.
[[CamelConfigurationUtilities-SecureRandomParameters]]
SecureRandomParameters
++++++++++++++++++++++
+SecureRandomParameters contain the following elements:
-Java Field Name and Class
-
-XML Attribute/Element and Type
-
-Description
-
-algorithm - java.lang.String
-
-@algorithm - xsd:string
-
-This optionap property represents the Random Number Generator (RNG)
+* algorithm (attribute)
+* provider (attribte)
+algorithm::
+This optional property represents the Random Number Generator (RNG)
algorithm identifier for the SecureRandom factory method used to create
the SecureRandom represented by this object's configuration. See
http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA[Appendix
A] in the Java Cryptography Architecture API Specification & Reference
for information about standard RNG algorithm names.
-
-provider - java.lang.String
-
-@provider - xsd:string
-
+provider::
The optional provider identifier for the SecureRandom factory method
used to create the SecureRandom represented by this object's
configuration.� If omitted, the default look-up behavior is used.
@@ -447,165 +315,68 @@ configuration.� If omitted, the default look-up behavior is used.
[[CamelConfigurationUtilities-SSLContextServerParameters]]
SSLContextServerParameters
++++++++++++++++++++++++++
+SSLContextServerParameters contain the following elements:
-Java Field Name and Class
-
-XML Attribute/Element and Type
-
-Description
-
-cipherSuites - CipherSuitesParameters
-
-sslContextClientParameters/ciphersuites - CipherSuitesParameters
-
-This optional property represents a collection of explicitly named
-cipher suites to enable on the server side only
-(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
-setting in the SSLContextParameters.� This option has no affect on the
-SSLEngine configuration.� These values take precedence over filters
-supplied in cipherSuitesFilter.� The utility attempts to enable the
-listed cipher suites regardless of whether or not the JSSE provider
-actually supports them or not.� This behavior guarantees that listed
-cipher suites are always enabled when listed.� For a more lenient
-option, use cipherSuitesFilter.
-
-cipherSuitesFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
-sslContextClientParameters/cipherSuitesFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
-This optional property represents a collection of include and exclude
-patterns for cipher suites to enable on the server side only
-(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
-setting in the SSLContextParameters.� This option has no affect on the
-SSLEngine configuration.� The patterns are applied over only the
-available cipher suites.� The exclude patterns have precedence over the
-include patterns.� See SSLContextParameters for details of the behavior
-if this option and cipherSuites is omitted at this level.
-
-secureSocketProtocols - SecureSocketProtocolsParameters
-
-sslContextClientParameters/secureSocketProtocols -
-SecureSocketProtocolsParameters
-
-This optional property represents a collection of explicitly named
-secure socket protocols, such as SSLv3/TLS/etc., to enable on the server
-side only (SSLServerSocketFactory/SSLServerSocket) by overriding the
-value of this setting in the SSLContextParameters.� This option has no
-affect on the SSLEngine configuration.� These values take precedence
-over filters supplied in secureSocketProtocolsFilter.� The utility
-attempts to enable the listed protocols regardless of whether or not the
-JSSE provider actually supports them or not.� This behavior guarantees
-that listed protocols aree always enabled when listed.� For a more
-lenient option, use secureSocketProtocolsFilter.
-
-secureSocketProtocolsFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
-sslContextClientParameters/secureSocketProtocolsFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
-This optional property represents a collection of include and exclude
-patterns for secure socket protocols to enable on theserver side only
-(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
-setting in the SSLContextParameters.� This option has no affect on the
-SSLEngine configuration.� The patterns are applied over only the
-available protocols.� The exclude patterns have precedence over the
-include patterns.� See SSLContextParameters for details of the behavior
-if this option and/or secureSocketProtocols is omitted at this level.
-
-sessionTimeout - java.lang.String
-
-sslContextServerParameters/@sessionTimeout - xsd:string
-
-This optional property defines the timeout period, in seconds, for
-sessions on the server side.� This setting affects both the
-SSLServerSocketFactory/SSLServerSocket as well as the server side of the
-SSLEngine.
-
-clientAuthentication - java.lang.String
-
-sslContextServerParameters/@clientAuthentication - xsd:string
+* clientAuthentication (attribute)
+* sessionTimeout (attribute)
+* cipherSuites (element)
+* cipherSuitesFilter (element)
+* secureSocketProtocols (element)
+* secureSocketProtocolsFilter (element)
+clientAuthentication::
This optional property indicates if the server side does not request,
requests, or requires clients to provide authentication credentials
during the handshake process.� This is commonly referred to as mutual
authentication, two direction SSL/TLS, or two-legged SSL/TLS. +
Valid values are: NONE, WANT, REQUIRE
+sessionTimeout::
+This optional property defines the timeout period, in seconds, for
+sessions on the server side.� This setting affects both the
+SSLServerSocketFactory/SSLServerSocket as well as the server side of the
+SSLEngine.
+cipherSuites::
+This optional property overrides the value of this
+setting in the SSLContextParameters.�This option has no affect on the
+SSLEngine configuration.
+cipherSuitesFilter::
+This optional property overrides the value of this
+setting in the SSLContextParameters.� This option has no affect on the
+SSLEngine configuration.
+secureSocketProtocols::
+This optional property overrides the
+value of this setting in the SSLContextParameters.� This option has no
+affect on the SSLEngine configuration.
+secureSocketProtocolsFilter::
+This optional property overrides the value of this
+setting in the SSLContextParameters. This option has no affect on the
+SSLEngine configuration.
[[CamelConfigurationUtilities-SSLContextClientParameters]]
SSLContextClientParameters
++++++++++++++++++++++++++
-
-
-[width="100%",options="header"]
-|====================
-|Java Field Name and Class|XML Attribute/Element and Type|Description
-|cipherSuites - CipherSuitesParameters
-|sslContextClientParameters/ciphersuites - CipherSuitesParameters
-|This optional property represents a collection of explicitly named
-cipher suites to enable on theclient� side only
-(SSLSocketFactory/SSLSocket) by overriding the value of this setting in
-the SSLContextParameters.� This option has no affect on the SSLEngine
-configuration.� These values take precedence over filters supplied in
-cipherSuitesFilter.� The utility attempts to enable the listed cipher
-suites regardless of whether or not the JSSE provider actually supports
-them or not.� This behavior guarantees that listed cipher suites are
-always enabled when listed.� For a more lenient option, use
-cipherSuitesFilter.
-|cipherSuitesFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-|sslContextClientParameters/cipherSuitesFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-|This optional property represents a collection of include and exclude
-patterns for cipher suites to enable on the client side only
-(SSLSocketFactory/SSLSocket) by overriding the value of this setting in
-the SSLContextParameters.� This option has no affect on the SSLEngine
-configuration.� The patterns are applied over only the available cipher
-suites.� The exclude patterns have precedence over the include
-patterns.� See SSLContextParameters for details of the behavior if this
-option and cipherSuites is omitted at this level.
-|====================
-
-secureSocketProtocols - SecureSocketProtocolsParameters
-
-sslContextClientParameters/secureSocketProtocols -
-SecureSocketProtocolsParameters
-
-This optional property represents a collection of explicitly named
-secure socket protocols, such as SSLv3/TLS/etc., to enable on the client
-side only (SSLSocketFactory/SSLSocket) by overriding the value of this
-setting in the SSLContextParameters.� This option has no affect on the
-SSLEngine configuration.� These values take precedence over filters
-supplied in secureSocketProtocolsFilter.� The utility attempts to enable
-the listed protocols regardless of whether or not the JSSE provider
-actually supports them or not.� This behavior guarantees that listed
-protocols aree always enabled when listed.� For a more lenient option,
-use secureSocketProtocolsFilter.
-
-secureSocketProtocolsFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
-sslContextClientParameters/secureSocketProtocolsFilter -
-link:camel-configuration-utilities.html[FilterParameters]
-
-This optional property represents a collection of include and exclude
-patterns for secure socket protocols to enable on the client side only
-(SSLSocketFactory/SSLSocket) by overriding the value of this setting in
-the SSLContextParameters.� This option has no affect on the SSLEngine
-configuration.� The patterns are applied over only the available
-protocols.� The exclude patterns have precedence over the include
-patterns.� See SSLContextParameters for details of the behavior if this
-option and/or secureSocketProtocols is omitted at this level.
-
-sessionTimeout - java.lang.String
-
-sslContextServerParameters/@sessionTimeout - xsd:string
-
-This optional property defines the timeout period, in seconds, for
-sessions on the client side This setting affects both the
-SSLSocketFactory/SSLSocket as well as the client side of the SSLEngine.
+SSLContextClientParameters contains the following elements:
+
+* sniHostNames (elements)
+* sessionTimeout (attribute)
+* cipherSuites (element)
+* cipherSuitesFilter (element)
+* secureSocketProtocols (element)
+* secureSocketProtocolsFilter (element)
+
+sniHostNames::
+Contains a list of sniHostName elements which provides a list
+of SNIHostNames to be used for SSL.
+sessionTimeout::
+See <<CamelConfigurationUtilities-SSLContextServerParameters>>.
+cipherSuites::
+See <<CamelConfigurationUtilities-SSLContextServerParameters>>.
+cipherSuitesFilter::
+See <<CamelConfigurationUtilities-SSLContextServerParameters>>.
+secureSocketProtocols::
+See <<CamelConfigurationUtilities-SSLContextServerParameters>>.
+secureSocketProtocolsFilter::
+See <<CamelConfigurationUtilities-SSLContextServerParameters>>.
[[CamelConfigurationUtilities-Examples]]
Examples
@@ -721,11 +492,8 @@ XML Configuration
[NOTE]
====
-
-
Note that XML configuration is supported in both Spring and Blueprint
format.
-
====
[[CamelConfigurationUtilities-SettingClientAuthenticationOntheServerSide.1]]
[2/2] camel git commit: JSSEDocumentation
Posted by an...@apache.org.
JSSEDocumentation
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/fdc742df
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/fdc742df
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/fdc742df
Branch: refs/heads/JSSEDocumentation
Commit: fdc742dfe41200af301a31247e81c0bfde209f1a
Parents: 6bb3988
Author: Arno Noordover <an...@users.noreply.github.com>
Authored: Mon Jun 27 19:21:54 2016 +0200
Committer: Arno Noordover <an...@users.noreply.github.com>
Committed: Wed Jun 29 20:59:04 2016 +0200
----------------------------------------------------------------------
docs/user-manual/en/SUMMARY.md | 1 +
.../en/camel-configuration-utilities.adoc | 844 +++++++++++++++++++
2 files changed, 845 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/fdc742df/docs/user-manual/en/SUMMARY.md
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/SUMMARY.md b/docs/user-manual/en/SUMMARY.md
index 1c4ef4a..bfce4c7 100644
--- a/docs/user-manual/en/SUMMARY.md
+++ b/docs/user-manual/en/SUMMARY.md
@@ -344,3 +344,4 @@
* [Blueprint Testing](test-blueprint.adoc)
* [CDI Testing](cdi-testing.adoc)
* [Spring Testing](spring-testing.adoc)
+ * [JSSE Utility](camel-configuration-utilities.adoc)
http://git-wip-us.apache.org/repos/asf/camel/blob/fdc742df/docs/user-manual/en/camel-configuration-utilities.adoc
----------------------------------------------------------------------
diff --git a/docs/user-manual/en/camel-configuration-utilities.adoc b/docs/user-manual/en/camel-configuration-utilities.adoc
new file mode 100644
index 0000000..15e3689
--- /dev/null
+++ b/docs/user-manual/en/camel-configuration-utilities.adoc
@@ -0,0 +1,844 @@
+[[CamelConfigurationUtilities-JSSEUtility]]
+JSSE Utility
+~~~~~~~~~~~~
+
+The JSSE Utility, available as of *2.8*, allows you to easily configure
+aspects of the
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html[Java
+Secure Socket Extension] (JSSE) API in order to greatly simplify the use
+of custom transport layer security (TLS) settings on Camel components.
+
+[[CamelConfigurationUtilities-SupportedComponents]]
+Supported Components
+^^^^^^^^^^^^^^^^^^^^
+
+The following Camel components directly support the use of this
+configuration utility:
+
+* link:http4.html[HTTP4]
+* link:jetty.html[Jetty]
+* link:ahc.html[AHC]
+* link:netty.html[Netty]
+* link:cometd.html[Cometd]
+* link:ftp2.html[FTP2]
+* link:irc.html[IRC]
+* link:mail.html[Mail]
+* MINA 2
+
+The following Camel components indirectly support the use of this
+configuration utility:
+
+* link:cxf.html[CXF]
+* link:http.html[HTTP]
+
+[[CamelConfigurationUtilities-Configuration]]
+Configuration
+^^^^^^^^^^^^^
+
+The key component in configuring TLS through the JSSE API is the
+SSLContext.� The
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLContext[SSLContext]
+provides socket factories for both
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLSocketFactory[client-side]
+and
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLSocketFactory[server-side]
+sockets as well as another component called an
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#SSLENG[SSLEngine]
+that is used by non-blocking IO to support TLS.� The JSSE configuration
+utility provides an easy to use builder for configuring these JSSE
+components, among others, in a manner that allows you to provide all
+configuration options up front during the initialization of your
+application such that you don't have to customize library code or dig
+though the inner workings of a third-party library in order to inject
+hooks for the configuration of each component in the JSSE API.� The
+central builder in the JSSE configuration utility is the
+SSLContextParameters.� This class serves as the entry point for most
+configuration in the JSSE utility.
+
+[NOTE]
+=====================================
+All non-native classes are in the org.apache.camel.util.jsse package.�
+All non-W3C schema defined types are in the
+http://camel.apache.org/schema/spring[http://camel.apache.org/schema/spring]
+or
+http://camel.apache.org/schema/blueprint[http://camel.apache.org/schema/blueprint]
+namespaces for Spring and Blueprint based configuration, respectively.
+=====================================
+
+
+[[CamelConfigurationUtilities-SSLContextParameters]]
+SSLContextParameters
+++++++++++++++++++++
+
+
+[cols="a,a",width="100%",options="header",grids="cols"]
+|====================
+|Property|Description
+|Field: +
+cipherSuites +
+Class: +
+CipherSuitesParameters +
+XML: +
+sslContextParameters +
+/ciphersuites
+|This optional property represents a collection of explicitly named
+cipher suites to enable on both the client and server side as well as in
+the SSLEngine.� These values take precedence over filters supplied in
+cipherSuitesFilter.� The utility attempts to enable the listed cipher
+suites regardless of whether or not the JSSE provider actually supports
+them or not.� This behavior guarantees that listed cipher suites are
+always enabled when listed.� For a more lenient option, use
+cipherSuitesFilter.
+|Field: +
+cipherSuitesFilter +
+Class: +
+link:camel-configuration-utilities.html[FilterParameters] +
+XML: +
+sslContextParameters +
+/cipherSuitesFilter
+|This optional property represents a collection of include and exclude
+patterns for cipher suites to enable on both the client and server side
+as well as in the SSLEngine.� The patterns are applied over only the
+available cipher suites.� The exclude patterns have precedence over the
+include patterns.� If no cipherSuites and no cipherSuitesFilter are
+present, the default patterns applied are: +
+Includes
+
+* .*
+
+Excludes
+
+* .*_NULL_.*
+* .*_anon_.*
+* .*DES.* *Camel 2.15.4*
+* .*EXPORT.* *Camel 2.15.4*
+|Field: +
+secureSocketProtocols +
+Class: +
+SecureSocketProtocolsParameters +
+XML: +
+sslContextParameters +
+/secureSocketProtocols
+|This optional property represents a collection of explicitly named
+secure socket protocols, such as SSLv3/TLS/etc., to enable on both the
+client and server side as well as in the SSLEngine.� These values take
+precedence over filters supplied in secureSocketProtocolsFilter.� The
+utility attempts to enable the listed protocols regardless of whether or
+not the JSSE provider actually supports them or not.� This behavior
+guarantees that listed protocols are always enabled when listed.� For a
+more lenient option, use secureSocketProtocolsFilter.
+|====================
+
+secureSocketProtocolsFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+sslContextParameters/secureSocketProtocolsFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+This optional property represents a collection of include and exclude
+patterns for secure socket protocols to enable on both the client and
+server side as well as in the SSLEngine.� The patterns are applied over
+only the available protocols.� The exclude patterns have precedence over
+the include patterns.� If no secureSocketProtocols and no
+secureSocketProtocolsFilter are present, the default patterns applied
+are: +
+ +
+ Includes
+
+* .*
+
+sessionTimeout - java.lang.String
+
+sslContextParameters/@sessionTimeout - xsd:string
+
+This optional property defines the timeout period, in seconds, for
+sessions on both the client and server side as well as in the SSLEngine.
+
+keyManagers -
+link:camel-configuration-utilities.html[KeyManagersParameters]
+
+sslContextParameters/keyManagers -
+link:camel-configuration-utilities.html[KeyManagersParameters]
+
+This optional property configures the source of key material for
+providing identity of client and server side connections as well as in
+the SSLEngine.� If omitted, no source of key material is provided and
+the SSLContext is suitable only for client-side usage when mutual
+authentication is not in use.� You typically configure this property
+with a key store containing a client or server private key.
+
+trustManagers -
+link:camel-configuration-utilities.html[TrustManagersParameters]
+
+sslContextParameters/trustManagers -
+link:camel-configuration-utilities.html[TrustManagersParameters]
+
+This optional property configures the source of material for verifying
+trust of key material used in the handshake process.� If omitted, the
+default trust manager is automatically used.� See the
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CustomizingStores[JSSE
+documentation] for more information on how the default trust manager is
+configured.� You typically configure this property with a key store
+containing trusted CA certificates.
+
+secureRandom - SecureRandomParameters
+
+sslContextParameters/secureRandom - SecureRandomParameters
+
+This optional property configures the secure random number generator
+used by the client and server side as well as in the SSLEngine.� If
+omitted, the default secure random number generator is used.
+
+clientParameters -
+link:camel-configuration-utilities.html[SSLContextClientParameters]
+
+sslContextParameters/clientParameters -
+link:camel-configuration-utilities.html[SSLContextClientParameters]
+
+This optional property configures additional settings that apply only to
+the client side aspects of the SSLContext.� If present, these settings
+override the settings specified at the SSLContextParameters level.
+
+serverParameters -
+link:camel-configuration-utilities.html[SSLContextServerParameters]
+
+sslContextParameters/serverParameters -
+link:camel-configuration-utilities.html[SSLContextServerParameters]
+
+This optional property configures additional settings that apply only to
+the server side aspects of the SSLContext.� If present, these settings
+override the settings specified at the SSLContextParameters level.
+
+provider - java.lang.String
+
+sslContextParameters/@provider - xsd:string
+
+The optional provider identifier for the JSSE implementation to use when
+constructing the SSLContext.� If omitted, the standard provider look-up
+mechanism is used to resolve the provider.
+
+secureSocketProtocol - java.lang.String
+
+sslContextParameters/@secureSocketProtocol - xsd:string
+
+The optional secure socket protocol. See
+http://download.oracle.com/javase/6/docs/technotes/guides//security/jsse/JSSERefGuide.html#AppA[Appendix
+A] in the Java Secure Socket Extension Reference Guide for information
+about standard protocol names.� If omitted, TLS is used by default.�
+Note that this property is related to but distinctly different from the
+secureSocketProtocols and secureSocketProtocolsFilter properties.
+
+certAlias - java.lang.String
+
+sslContextParameters/@certAlias - xsd:string
+
+*Camel 2.13:* An optional certificate alias to use. This is useful when
+the keystore has multiple certificates.
+
+[[CamelConfigurationUtilities-KeyManagersParameters]]
+KeyManagersParameters
++++++++++++++++++++++
+
+Java Field Name and Class
+
+XML Attribute/Element and Type
+
+Description
+
+keyStore- link:camel-configuration-utilities.html[KeyStoreParameters]
+
+keyStore - link:camel-configuration-utilities.html[KeyStoreParameters]
+
+This optional property represents the key store that provides key
+material to the key manager.� This is typically configured with a key
+store containing a user or server private key.� In some cases, such as
+when using PKCS#11, the key store is omitted entirely.
+
+keyPassword - java.lang.String
+
+@keyPassword - xsd:string
+
+The optional password for recovering/accessing the private key in the
+key store.� This is typically the password for the private key in the
+configured key store; however, in some cases, such as when using
+PKCS#11, the key password may be provided through other means and is
+omitted entirely in this configuration.
+
+provider - java.lang.String
+
+@provider - xsd:string
+
+The optional provider identifier for the KeyManagerFactory used to
+create the KeyManagers represented by this object's configuration.� If
+omitted, the default look-up behavior is used.
+
+algorithm - java.lang.String
+
+@algorithm - xsd:string
+
+The optional algorithm name for the KeyManagerFactory used to create the
+KeyManager represented by this object's configuration.� See the
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html[Java
+Secure Socket Extension Reference Guide] for information about standard
+algorithm names.
+
+trustManager - java.lang.String
+
+@trustManager - xsd:string
+
+*Camel 2.17:*To use a existing configured trust manager instead of using
+TrustManagerFactory to get the TrustManager.
+
+[[CamelConfigurationUtilities-TrustManagersParameters]]
+TrustManagersParameters
++++++++++++++++++++++++
+
+Java Field Name and Class
+
+XML Attribute/Element and Type
+
+Description
+
+keyStore- link:camel-configuration-utilities.html[KeyStoreParameters]
+
+keyStore - link:camel-configuration-utilities.html[KeyStoreParameters]
+
+This optional property represents the key store that provides key
+material to the trust manager.� This is typically configured with a key
+store containing trusted CA certificates / public keys.� In some cases,
+such as when using PKCS#11, the key store is omitted entirely.
+
+provider - java.lang.String
+
+@provider - xsd:string
+
+The optional provider identifier for the TrustManagerFactory used to
+create the TrustManagers represented by this object's configuration.� If
+omitted, the default look-up behavior is used.
+
+algorithm - java.lang.String
+
+@algorithm - xsd:string
+
+The optional algorithm name for the TrustManagerFactory used to create
+the TrustManager represented by this object's configuration.� See the
+http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html[Java
+Secure Socket Extension Reference Guide] for information about standard
+algorithm names.
+
+[[CamelConfigurationUtilities-KeyStoreParameters]]
+KeyStoreParameters
+++++++++++++++++++
+
+Java Field Name and Class
+
+XML Attribute/Element and Type
+
+Description
+
+resource- java.lang.String
+
+keyStore/@resource - xsd:string
+
+This optional property represents the location of the key store resource
+to load the key store from.� In some cases, the resource is omitted as
+the key store content is provided by other means.� The loading of the
+resource, if provided, is attempted by treating the resource as a file
+path, a class path resource, and a URL in that order. An exception is
+thrown if the resource cannot be resolved to readable input stream using
+any of the above methods.
+
+[Note]
+====
+ *OSGi Usage*
+
+For programmatic and Spring based XML configuration in OSGi, a resource
+specified as a classpath resource path may be accessible in the bundle
+containing the XML configuration file or in a package that is imported
+by that bundle.� As Blueprint does not define the thread context
+classloader behavior, only classpath resources in the bundle containing
+the XML configuration file may be resolved from a Blueprint based XML
+configuration. +
+ +
+ +
+
+====
+
+password - java.lang.String
+
+keyStore/@password - xsd:string
+
+The optional password for reading/opening/verifying the key store.
+
+type - java.lang.String
+
+keyStore/@type - xsd:string
+
+The optional type of the key store.� See Appendix A in the
+http://download.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html#KeyStore[Java
+Cryptography Architecture Standard Algorithm Name Documentation] for
+more information on standard names.� If omitted, defaults to the default
+lookup mechanism as defined by
+http://download.oracle.com/javase/6/docs/api/java/security/KeyStore.html#getDefaultType()[KeyStore.getDefaultType()].
+
+provider - java.lang.String
+
+keyStore/@provider - xsd:string
+
+The optional provider identifier for the provider used to create the
+KeyStores represented by this object's configuration.� If omitted, the
+default look-up behavior is used.
+
+[[CamelConfigurationUtilities-FilterParameters]]
+FilterParameters
+++++++++++++++++
+
+Java Field Name and Class
+
+XML Attribute/Element and Type
+
+Description
+
+include - java.util.List<java.lang.String>
+
+include - xsd:string
+
+This optional property represents zero or more regular expression
+patterns for which matching values should be included.� The list of
+excludes takes precedence over the include patterns.
+
+exclude - java.util.List<java.lang.String>
+
+exclude - xsd:string
+
+This optional property represents zero or more regular expression
+patterns for which matching values should be included.� The list of
+excludes takes precedence over the include patterns.
+
+[[CamelConfigurationUtilities-SecureRandomParameters]]
+SecureRandomParameters
+++++++++++++++++++++++
+
+Java Field Name and Class
+
+XML Attribute/Element and Type
+
+Description
+
+algorithm - java.lang.String
+
+@algorithm - xsd:string
+
+This optionap property represents the Random Number Generator (RNG)
+algorithm identifier for the SecureRandom factory method used to create
+the SecureRandom represented by this object's configuration. See
+http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA[Appendix
+A] in the Java Cryptography Architecture API Specification & Reference
+for information about standard RNG algorithm names.
+
+provider - java.lang.String
+
+@provider - xsd:string
+
+The optional provider identifier for the SecureRandom factory method
+used to create the SecureRandom represented by this object's
+configuration.� If omitted, the default look-up behavior is used.
+
+[[CamelConfigurationUtilities-SSLContextServerParameters]]
+SSLContextServerParameters
+++++++++++++++++++++++++++
+
+Java Field Name and Class
+
+XML Attribute/Element and Type
+
+Description
+
+cipherSuites - CipherSuitesParameters
+
+sslContextClientParameters/ciphersuites - CipherSuitesParameters
+
+This optional property represents a collection of explicitly named
+cipher suites to enable on the server side only
+(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
+setting in the SSLContextParameters.� This option has no affect on the
+SSLEngine configuration.� These values take precedence over filters
+supplied in cipherSuitesFilter.� The utility attempts to enable the
+listed cipher suites regardless of whether or not the JSSE provider
+actually supports them or not.� This behavior guarantees that listed
+cipher suites are always enabled when listed.� For a more lenient
+option, use cipherSuitesFilter.
+
+cipherSuitesFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+sslContextClientParameters/cipherSuitesFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+This optional property represents a collection of include and exclude
+patterns for cipher suites to enable on the server side only
+(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
+setting in the SSLContextParameters.� This option has no affect on the
+SSLEngine configuration.� The patterns are applied over only the
+available cipher suites.� The exclude patterns have precedence over the
+include patterns.� See SSLContextParameters for details of the behavior
+if this option and cipherSuites is omitted at this level.
+
+secureSocketProtocols - SecureSocketProtocolsParameters
+
+sslContextClientParameters/secureSocketProtocols -
+SecureSocketProtocolsParameters
+
+This optional property represents a collection of explicitly named
+secure socket protocols, such as SSLv3/TLS/etc., to enable on the server
+side only (SSLServerSocketFactory/SSLServerSocket) by overriding the
+value of this setting in the SSLContextParameters.� This option has no
+affect on the SSLEngine configuration.� These values take precedence
+over filters supplied in secureSocketProtocolsFilter.� The utility
+attempts to enable the listed protocols regardless of whether or not the
+JSSE provider actually supports them or not.� This behavior guarantees
+that listed protocols aree always enabled when listed.� For a more
+lenient option, use secureSocketProtocolsFilter.
+
+secureSocketProtocolsFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+sslContextClientParameters/secureSocketProtocolsFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+This optional property represents a collection of include and exclude
+patterns for secure socket protocols to enable on theserver side only
+(SSLServerSocketFactory/SSLServerSocket) by overriding the value of this
+setting in the SSLContextParameters.� This option has no affect on the
+SSLEngine configuration.� The patterns are applied over only the
+available protocols.� The exclude patterns have precedence over the
+include patterns.� See SSLContextParameters for details of the behavior
+if this option and/or secureSocketProtocols is omitted at this level.
+
+sessionTimeout - java.lang.String
+
+sslContextServerParameters/@sessionTimeout - xsd:string
+
+This optional property defines the timeout period, in seconds, for
+sessions on the server side.� This setting affects both the
+SSLServerSocketFactory/SSLServerSocket as well as the server side of the
+SSLEngine.
+
+clientAuthentication - java.lang.String
+
+sslContextServerParameters/@clientAuthentication - xsd:string
+
+This optional property indicates if the server side does not request,
+requests, or requires clients to provide authentication credentials
+during the handshake process.� This is commonly referred to as mutual
+authentication, two direction SSL/TLS, or two-legged SSL/TLS. +
+ Valid values are: NONE, WANT, REQUIRE
+
+[[CamelConfigurationUtilities-SSLContextClientParameters]]
+SSLContextClientParameters
+++++++++++++++++++++++++++
+
+
+[width="100%",options="header"]
+|====================
+|Java Field Name and Class|XML Attribute/Element and Type|Description
+|cipherSuites - CipherSuitesParameters
+|sslContextClientParameters/ciphersuites - CipherSuitesParameters
+|This optional property represents a collection of explicitly named
+cipher suites to enable on theclient� side only
+(SSLSocketFactory/SSLSocket) by overriding the value of this setting in
+the SSLContextParameters.� This option has no affect on the SSLEngine
+configuration.� These values take precedence over filters supplied in
+cipherSuitesFilter.� The utility attempts to enable the listed cipher
+suites regardless of whether or not the JSSE provider actually supports
+them or not.� This behavior guarantees that listed cipher suites are
+always enabled when listed.� For a more lenient option, use
+cipherSuitesFilter.
+|cipherSuitesFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+|sslContextClientParameters/cipherSuitesFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+|This optional property represents a collection of include and exclude
+patterns for cipher suites to enable on the client side only
+(SSLSocketFactory/SSLSocket) by overriding the value of this setting in
+the SSLContextParameters.� This option has no affect on the SSLEngine
+configuration.� The patterns are applied over only the available cipher
+suites.� The exclude patterns have precedence over the include
+patterns.� See SSLContextParameters for details of the behavior if this
+option and cipherSuites is omitted at this level.
+|====================
+
+secureSocketProtocols - SecureSocketProtocolsParameters
+
+sslContextClientParameters/secureSocketProtocols -
+SecureSocketProtocolsParameters
+
+This optional property represents a collection of explicitly named
+secure socket protocols, such as SSLv3/TLS/etc., to enable on the client
+side only (SSLSocketFactory/SSLSocket) by overriding the value of this
+setting in the SSLContextParameters.� This option has no affect on the
+SSLEngine configuration.� These values take precedence over filters
+supplied in secureSocketProtocolsFilter.� The utility attempts to enable
+the listed protocols regardless of whether or not the JSSE provider
+actually supports them or not.� This behavior guarantees that listed
+protocols aree always enabled when listed.� For a more lenient option,
+use secureSocketProtocolsFilter.
+
+secureSocketProtocolsFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+sslContextClientParameters/secureSocketProtocolsFilter -
+link:camel-configuration-utilities.html[FilterParameters]
+
+This optional property represents a collection of include and exclude
+patterns for secure socket protocols to enable on the client side only
+(SSLSocketFactory/SSLSocket) by overriding the value of this setting in
+the SSLContextParameters.� This option has no affect on the SSLEngine
+configuration.� The patterns are applied over only the available
+protocols.� The exclude patterns have precedence over the include
+patterns.� See SSLContextParameters for details of the behavior if this
+option and/or secureSocketProtocols is omitted at this level.
+
+sessionTimeout - java.lang.String
+
+sslContextServerParameters/@sessionTimeout - xsd:string
+
+This optional property defines the timeout period, in seconds, for
+sessions on the client side This setting affects both the
+SSLSocketFactory/SSLSocket as well as the client side of the SSLEngine.
+
+[[CamelConfigurationUtilities-Examples]]
+Examples
+^^^^^^^^
+
+[[CamelConfigurationUtilities-ProgrammaticUsage]]
+Programmatic Usage
+++++++++++++++++++
+
+[[CamelConfigurationUtilities-SettingClientAuthenticationOntheServerSide]]
+Setting Client Authentication On the Server Side
+
+This configuration sets the server side aspects of the TLS configuration
+to require client authentication during the handshake process.� This
+configuration uses the default trust store and a custom key store to
+provide key material for both the server and client sides of the
+SSLContext.
+
+[source,java]
+-------------------------------------------------------------------
+KeyStoreParameters ksp = new KeyStoreParameters();
+ksp.setResource("/users/home/server/keystore.jks");
+ksp.setPassword("keystorePassword");
+
+KeyManagersParameters kmp = new KeyManagersParameters();
+kmp.setKeyStore(ksp);
+kmp.setKeyPassword("keyPassword");
+
+SSLContextServerParameters scsp = new SSLContextServerParameters();
+scsp.setClientAuthentication(ClientAuthentication.REQUIRE);
+SSLContextParameters scp = new SSLContextParameters();
+scp.setServerParameters(scsp);
+scp.setKeyManagers(kmp);
+
+SSLContext context = scp.createSSLContext();
+SSLEngine engine = scp.createSSLEngine();
+-------------------------------------------------------------------
+
+[[CamelConfigurationUtilities-ConfiguringDifferentOptionsontheClientandServerSide]]
+Configuring Different Options on the Client and Server Side
+
+In this example, both the client and server sides share the same custom
+key store; however, the client side allows any supported cipher suite
+while the server side will use the default cipher suite filter and
+exclude any cipher suites that match the patterns .*_NULL_.* and
+.*_anon_.*.
+
+[source,java]
+-------------------------------------------------------------------
+KeyStoreParameters ksp = new KeyStoreParameters();
+ksp.setResource("/users/home/server/keystore.jks");
+ksp.setPassword("keystorePassword");
+
+KeyManagersParameters kmp = new KeyManagersParameters();
+kmp.setKeyStore(ksp);
+kmp.setKeyPassword("keyPassword");
+
+FilterParameters filter = new FilterParameters();
+filter.getInclude().add(".*");
+
+SSLContextClientParameters sccp = new SSLContextClientParameters();
+sccp.setCipherSuitesFilter(filter);
+
+SSLContextParameters scp = new SSLContextParameters();
+scp.setClientParameters(sccp);
+scp.setKeyManagers(kmp);
+
+SSLContext context = scp.createSSLContext();
+SSLEngine engine = scp.createSSLEngine();
+-------------------------------------------------------------------
+
+[[CamelConfigurationUtilities-UsingCamelPropertyPlaceholders]]
+Using Camel Property Placeholders
+
+This configuration utility fully supports the use of property
+placeholders (see link:using-propertyplaceholder.html[Using
+PropertyPlaceholder]) in all configuration fields.� In order to support
+this feature, the configuration utility objects must be configured with
+a reference to a Camel context.� All of the utility classes except for
+CipherSuitesParameters and SecureSocketProtocolsParameters provide a
+setter method for providing the context reference.� Do not confuse the
+lack of a setter on CipherSuitesParameters and
+SecureSocketProtocolsParameters as an indication that you cannot use
+property placeholders when configuring these classes.� The lack of a
+setter is an internal implementation detail and full placeholder support
+is available for both of the configuration classes.
+
+The following example code demonstrates how to create a KeyStore
+instance based on configuration options provided by the Camel Properties
+Component and property placeholder support.
+
+[source,java]
+---------------------------------------------------
+PropertiesComponent pc = new PropertiesComponent();
+pc.setLocation("file:./jsse-test.properties");
+
+CamelContext context = new DefaultCamelContext();
+context.addComponent("properties", pc);
+
+KeyStoreParameters ksp = new KeyStoreParameters();
+ksp.setContext(camelContext);
+ksp.setType("{{keyStoreParameters.type}}");
+ksp.setProvider("{{keyStoreParameters.provider}}");
+ksp.setResource("{{keyStoreParameters.resource}}");
+ksp.setPassword("{{keyStoreParamerers.password}}");
+
+KeyStore keyStore = ksp.createKeyStore();
+---------------------------------------------------
+
+[[CamelConfigurationUtilities-XMLConfiguration]]
+XML Configuration
++++++++++++++++++
+
+[NOTE]
+====
+
+
+Note that XML configuration is supported in both Spring and Blueprint
+format.
+
+====
+
+[[CamelConfigurationUtilities-SettingClientAuthenticationOntheServerSide.1]]
+Setting Client Authentication On the Server Side
+
+This configuration sets the server side aspects of the TLS configuration
+to require client authentication during the handshake process.� This
+configuration uses the default trust store and a custom key store to
+provide key material for both the server and client sides of the
+SSLContext.
+
+[source,xml]
+---------------------------------------------------------------------------------------------------------------
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:camel="http://camel.apache.org/schema/spring"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">
+
+ <camel:sslContextParameters
+ id="mySslContext">
+
+ <camel:keyManagers
+ keyPassword="keyPassword">
+ <camel:keyStore
+ resource="/users/home/server/keystore.jks"
+ password="keystorePassword"/>
+ </camel:keyManagers>
+
+ <camel:serverParameters
+ clientAuthentication="WANT"/>
+
+ </camel:sslContextParameters>
+
+</beans>
+---------------------------------------------------------------------------------------------------------------
+
+[[CamelConfigurationUtilities-ConfiguringDifferentOptionsontheClientandServerSide.1]]
+Configuring Different Options on the Client and Server Side
+
+In this example, both the client and server sides share the same custom
+key store; however, the client side allows any supported cipher suite
+while the server side will use the default cipher suite filter and
+exclude any cipher suites that match the patterns .*_NULL_.* and
+.*_anon_.*.
+
+[source,xml]
+--------------------------------------------------------------
+<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0">
+ xmlns:camel="http://camel.apache.org/schema/blueprint">
+
+ <camel:sslContextParameters
+ id="mySslContext">
+
+ <camel:keyManagers
+ keyPassword="keyPassword">
+ <camel:keyStore
+ resource="/users/home/server/keystore.jks"
+ password="keystorePassword"/>
+ </camel:keyManagers>
+
+ <camel:clientParameters>
+ <camel:cipherSuitesFilter>
+ <camel:include>.*</camel:include>
+ </camel:cipherSuitesFilter>
+ </camel:clientParameters>
+
+ </camel:sslContextParameters>
+
+</blueprint>
+--------------------------------------------------------------
+
+[[CamelConfigurationUtilities-UsingCamelPropertyPlaceholders.1]]
+Using Camel Property Placeholders
+
+This configuration utility fully supports the use of property
+placeholders (see link:using-propertyplaceholder.html[Using
+PropertyPlaceholder]) in all configuration fields for XML based
+configuration as well.� In order to support this feature, the
+configuration utility objects must be configured with a reference to a
+Camel context.� The Spring and Blueprint namespace handlers will
+automatically inject the reference to the context for you when there is
+one Camel context in scope. If you have more than one Camel context
+instance in your XML defined context, you can indicate which context
+reference to configure by specifying the camelContextId attribute in the
+top-level XML element.
+
+The following example code demonstrates how to create a KeyStore
+instance based on configuration options provided by the Camel Properties
+Component and property placeholder support. The Camel context with the
+ID example is used to resolve the property placeholders.
+
+[source,xml]
+---------------------------------------------------------------------------------------------------------------
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:camel="http://camel.apache.org/schema/spring"
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">
+
+ <camel:camelContext id="example"/>
+
+ <camel:camelContext id="example2"/>
+
+ <camel:keyStoreParameters
+ id="ksp"
+ camelContextId="example"
+ resource="{{keyStoreParameters.resource}}"
+ type="{{keyStoreParameters.type}}"
+ provider="{{keyStoreParameters.provider}}"
+ password="{{keyStoreParamerers.password}}"/>
+
+</beans>
+---------------------------------------------------------------------------------------------------------------