You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@camel.apache.org by "Stephen Gargan (JIRA)" <ji...@apache.org> on 2010/03/12 04:41:44 UTC
[jira] Updated: (CAMEL-2482) camel-bouncycastle - A new component
for crypto
[ https://issues.apache.org/activemq/browse/CAMEL-2482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stephen Gargan updated CAMEL-2482:
----------------------------------
Attachment: camel-crypto.patch
parent.patch
core-crypto-dataformat.patch
Attached is the beginning of a cryptography component to expose features of the Java Cryptographic Extensions to Camel. This camel-crypto component has two main parts; a Digital Signatures component and a CryptoDataFormat.
The Digital signatures component is a reworking of CAMEL-2527 to use endpoints instead of a custom DSL to sign and verify exchanges. The CryptoDataFormat is a standard dataformat for use with the marshal and unmarshal DSL constructs that uses the JCE to encrypt, decrypt and validate exchange payloads e.g.
// symmetric DES encryption.
KeyGenerator generator = KeyGenerator.getInstance("DES");
CryptoDataFormat cryptoFormat = new CryptoDataFormat("DES", generator.generateKey());
from("direct:basic-encryption").marshal(cryptoFormat).to("mock:encrypted").unmarshal(cryptoFormat).to("mock:unencrypted");
To be as flexible as possible the Component and DataFormat expose as much of the JCE configuration as possible to the control of the user and where applicable certain configuration (keys and aliases etc) can be supplied dynamically in exchange headers.
One thing to note about using headers with the Crypo format is that the MarshalProcessor & UmarshalProcessor copy the message before invocation. As a result the CryptoFormat can't clear the headers and so the user must be careful to clear them less important private information get leaked accidentally. I know this is the odd man out, but it would be nice to allow if the Processors allowed the Formats to post process the exchange before forwarding. It would be trivial to implement and could easily be transparent to the existing formats. I'm happy to make this change if you agree.
The camel-crypto.patch has a binary keystore in it so to apply it run
patch -p0 --binary -i camel-crypto.patch
I hope you can find this useful.
rgds,
ste
> camel-bouncycastle - A new component for crypto
> -----------------------------------------------
>
> Key: CAMEL-2482
> URL: https://issues.apache.org/activemq/browse/CAMEL-2482
> Project: Apache Camel
> Issue Type: New Feature
> Reporter: Claus Ibsen
> Fix For: Future
>
> Attachments: camel-crypto.patch, core-crypto-dataformat.patch, parent.patch
>
>
> See more at:
> http://www.bouncycastle.org/
> Basically a Camel DataFormat that leverages bouncycastle would be good.
> Its using a MIT/X11 license which should be friendly with Apache
> http://bouncycastle.org/licence.html
> http://www.apache.org/legal/3party.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.