org.apache.camel.support.jsse.SSLContextParameters Java Examples

protected MailConfiguration createConfiguration(Map<String, Object> parameters) {
    secureProtocol(parameters);
    SSLContextParameters sslContextParameters = EMailUtil.createSSLContextParameters(parameters);
    parameters.put(SSL_CONTEXT_PARAMETERS, sslContextParameters);

    //
    // setProperties will strip parameters key/values so copy the map
    //
    try {
        MailConfiguration configuration = setProperties(new MailConfiguration(), new HashMap<>(parameters));
        Protocol protocol = ConnectorOptions.extractOptionAndMap(parameters,
                                                                 PROTOCOL, Protocol::getValueOf, null);
        configuration.configureProtocol(protocol.id());
        return configuration;
    } catch (Exception e) {
        throw new IllegalArgumentException("Unable to set parameters", e);
    }
}
 

@Named("cxfProducerEndpoint")
@Produces
public CxfEndpoint createCxfProducerEndpoint() {
    CxfEndpoint cxfProducerEndpoint = this.camelContext.getEndpoint(CXF_ENDPOINT_URI, CxfEndpoint.class);
    cxfProducerEndpoint.setBeanId("cxfProducerEndpoint");
    cxfProducerEndpoint.setServiceClass(GreetingService.class);

    SSLContextParameters producerSslContextParameters = this.createProducerSSLContextParameters();
    cxfProducerEndpoint.setSslContextParameters(producerSslContextParameters);

    // Not for use in production
    HostnameVerifier hostnameVerifier = new HostnameVerifier() {
        @Override
        public boolean verify(String hostname, SSLSession session) {
            return true;
        }
    };
    cxfProducerEndpoint.setHostnameVerifier(hostnameVerifier);

    return cxfProducerEndpoint;
}
 

private SSLContextParameters createProducerSSLContextParameters() {
    final KeyStoreParameters ksp = new KeyStoreParameters();
    ksp.setResource(CLIENT_CERT_KEYSTORE_PATH);
    ksp.setPassword(CLIENT_CERT_KEYSTORE_PASSWORD);

    final KeyManagersParameters kmp = new KeyManagersParameters();
    kmp.setKeyStore(ksp);
    kmp.setKeyPassword(CLIENT_CERT_KEYSTORE_PASSWORD);

    final SSLContextClientParameters sslContextClientParameters = new SSLContextClientParameters();
    final SSLContextParameters sslContextParameters = new SSLContextParameters();
    sslContextParameters.setClientParameters(sslContextClientParameters);
    sslContextParameters.setKeyManagers(kmp);
    sslContextParameters.setCertAlias("client");
    sslContextParameters.setSecureSocketProtocol("TLSv1.2");

    // so that the client trusts the self-signed server certificate
    final KeyStoreParameters trustStoreParams = new KeyStoreParameters();
    trustStoreParams.setResource(CLIENT_CERT_TRUSTSTORE_PATH);
    trustStoreParams.setPassword(CLIENT_CERT_KEYSTORE_PASSWORD);
    final TrustManagersParameters tmp = new TrustManagersParameters();
    tmp.setKeyStore(trustStoreParams);
    sslContextParameters.setTrustManagers(tmp);

    return sslContextParameters;
}
 

private static SSLContextParameters defineSSLContextClientParameters() {

        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setResource("/" + KEYSTORE);
        ksp.setPassword(KEYSTORE_PASSWORD);

        KeyManagersParameters kmp = new KeyManagersParameters();
        kmp.setKeyPassword(KEYSTORE_PASSWORD);
        kmp.setKeyStore(ksp);

        TrustManagersParameters tmp = new TrustManagersParameters();
        tmp.setKeyStore(ksp);

        SSLContextParameters scp = new SSLContextParameters();
        scp.setKeyManagers(kmp);
        scp.setTrustManagers(tmp);

        return scp;
    }
 

@Before
public void setUp() throws Exception {
    KeyStoreParameters ksp = new KeyStoreParameters();
    ksp.setResource("/" + KEYSTORE);
    ksp.setPassword(KEYSTORE_PASSWORD);

    KeyManagersParameters kmp = new KeyManagersParameters();
    kmp.setKeyPassword(KEYSTORE_PASSWORD);
    kmp.setKeyStore(ksp);

    TrustManagersParameters tmp = new TrustManagersParameters();
    tmp.setKeyStore(ksp);

    SSLContextParameters scp = new SSLContextParameters();
    scp.setKeyManagers(kmp);
    scp.setTrustManagers(tmp);

    InitialContext context = new InitialContext();
    context.bind("sslContextParameters", scp);
}
 

private SSLContextParameters createSSLContextParameters() {
    KeyStoreParameters ksp = new KeyStoreParameters();
    ksp.setResource(System.getProperty("jboss.server.config.dir") + "/application.keystore");
    ksp.setPassword("password");

    KeyManagersParameters kmp = new KeyManagersParameters();
    kmp.setKeyStore(ksp);
    kmp.setKeyPassword("password");

    SSLContextClientParameters sslContextClientParameters = new SSLContextClientParameters();
    SSLContextParameters sslContextParameters = new SSLContextParameters();
    sslContextParameters.setClientParameters(sslContextClientParameters);
    sslContextParameters.setKeyManagers(kmp);

    TrustManagersParameters tmp = new TrustManagersParameters();
    tmp.setKeyStore(ksp);
    sslContextParameters.setTrustManagers(tmp);

    return sslContextParameters;
}
 

public static SSLContextParameters createSSLContextParameters(Map<String, Object> options) {
    String protocol = ConnectorOptions.extractOption(options, PROTOCOL);
    if (! isSecure(protocol)) {
        return null;
    }

    KeyStoreParameters keystoreParams = new KeyStoreParameters() {
        @Override
        public KeyStore createKeyStore() throws GeneralSecurityException, IOException {
            try {
                return EMailUtil.createKeyStore(options);
            } catch (Exception e) {
                throw new GeneralSecurityException(e);
            }
        }
    };

    KeyManagersParameters keyManagersParams = new KeyManagersParameters();
    keyManagersParams.setKeyStore(keystoreParams);

    TrustManagersParameters trustManagersParams = new TrustManagersParameters();
    trustManagersParams.setKeyStore(keystoreParams);

    SSLContextParameters sslContextParameters = new SSLContextParameters();
    sslContextParameters.setKeyManagers(keyManagersParams);
    sslContextParameters.setTrustManagers(trustManagersParams);
    return sslContextParameters;
}
 

@Override
protected Optional<Component> createDelegateComponent(ComponentDefinition definition, Map<String, Object> options) {
    String protocol = getProtocol();
    if (protocol == null) {
        throw new IllegalStateException("No protocol specified for email component");
    }

    MailConfiguration configuration = new MailConfiguration(getCamelContext());
    configuration.configureProtocol(protocol);
    configuration.setHost(getHost());
    configuration.setPort(getPort());
    configuration.setUsername(getUsername());
    configuration.setPassword(getPassword());
    configuration.setUnseen(isUnseenOnly());

    if (getFolderName() != null) {
        configuration.setFolderName(getFolderName());
    }

    Map<String, Object> resolvedOptions = bundleOptions();
    SSLContextParameters sslContextParameters = EMailUtil.createSSLContextParameters(resolvedOptions);
    if (sslContextParameters != null) {
        configuration.setSslContextParameters(sslContextParameters);
    } else if (SecureType.STARTTLS.equals(secureType)) {
        Properties properties = new Properties();
        properties.put("mail." + protocol + ".starttls.enable", "true");
        properties.put("mail." + protocol + ".starttls.required", "true");
        configuration.setAdditionalJavaMailProperties(properties);
    }

    configuration.setFetchSize(getMaxResults());

    // Decode mime headers like the subject from Quoted-Printable encoding to normal text
    configuration.setMimeDecodeHeaders(true);

    MailComponent component = new MailComponent(getCamelContext());
    component.setConfiguration(configuration);
    return Optional.of(component);
}
 

@Override
public void customize(ComponentProxyComponent component, Map<String, Object> options) {
    if (ConnectorOptions.extractOption(options, CERTIFICATE_OPTION) != null) {
        LOG.info("Setting SSLContextParameters configuration as a self-signed certificate was provided");
        SSLContextParameters sslContextParameters = createSSLContextParameters(
            ConnectorOptions.extractOption(options, CERTIFICATE_OPTION));
        KafkaConfiguration configuration = new KafkaConfiguration();
        configuration.setSslContextParameters(sslContextParameters);
        configuration.setSecurityProtocol("SSL");
        // If present, Kafka client 2.0 is using this parameter to verify host
        // we must set to blank to skip host verification
        configuration.setSslEndpointAlgorithm("");
        options.put("configuration", configuration);
    }
}
 

private static SSLContextParameters createSSLContextParameters(String certificate) {
    KeyStoreHelper brokerKeyStoreHelper = new KeyStoreHelper(certificate, "brokerCertificate").store();

    KeyStoreParameters keyStore = createKeyStore(brokerKeyStoreHelper);
    KeyStoreParameters brokerStore = createKeyStore(brokerKeyStoreHelper);
    KeyManagersParameters kmp = createKeyManagerParameters(keyStore);
    TrustManagersParameters tmp = createTrustManagerParameters(brokerStore);

    SSLContextParameters scp = new SSLContextParameters();
    scp.setKeyManagers(kmp);
    scp.setTrustManagers(tmp);

    return scp;
}
 

public SSLContextParameters getConfig() {
    return config;
}
 

public void setConfig(SSLContextParameters config) {
    this.config = config;
}
 

@Bean
public GlobalSSLContextParametersSupplier sslContextParametersSupplier(CamelSSLConfigurationProperties properties) {
    final SSLContextParameters config = properties.getConfig() != null ? properties.getConfig() : new SSLContextParameters();
    return () -> config;
}
 

@Test
public void testPlatformHttpComponentSSL() throws Exception {
    KeyStoreParameters keystoreParameters = new KeyStoreParameters();
    keystoreParameters.setResource("jsse/service.jks");
    keystoreParameters.setPassword("security");

    SSLContextParameters serviceSSLContextParameters = new SSLContextParameters();
    KeyManagersParameters serviceSSLKeyManagers = new KeyManagersParameters();
    serviceSSLKeyManagers.setKeyPassword("security");
    serviceSSLKeyManagers.setKeyStore(keystoreParameters);
    serviceSSLContextParameters.setKeyManagers(serviceSSLKeyManagers);

    KeyStoreParameters truststoreParameters = new KeyStoreParameters();
    truststoreParameters.setResource("jsse/truststore.jks");
    truststoreParameters.setPassword("storepass");

    TrustManagersParameters clientAuthServiceSSLTrustManagers = new TrustManagersParameters();
    clientAuthServiceSSLTrustManagers.setKeyStore(truststoreParameters);
    serviceSSLContextParameters.setTrustManagers(clientAuthServiceSSLTrustManagers);
    SSLContextServerParameters clientAuthSSLContextServerParameters = new SSLContextServerParameters();
    clientAuthSSLContextServerParameters.setClientAuthentication("REQUIRE");
    serviceSSLContextParameters.setServerParameters(clientAuthSSLContextServerParameters);

    SSLContextParameters clientSSLContextParameters = new SSLContextParameters();
    TrustManagersParameters clientSSLTrustManagers = new TrustManagersParameters();
    clientSSLTrustManagers.setKeyStore(truststoreParameters);
    clientSSLContextParameters.setTrustManagers(clientSSLTrustManagers);

    KeyManagersParameters clientAuthClientSSLKeyManagers = new KeyManagersParameters();
    clientAuthClientSSLKeyManagers.setKeyPassword("security");
    clientAuthClientSSLKeyManagers.setKeyStore(keystoreParameters);
    clientSSLContextParameters.setKeyManagers(clientAuthClientSSLKeyManagers);

    CamelContext context = new DefaultCamelContext();
    context.addRoutes(new RouteBuilder() {
        @Override
        public void configure() throws Exception {
            fromF("platform-http:/")
                .transform().body(String.class, b -> b.toUpperCase());
        }
    });

    PlatformHttpServiceContextCustomizer httpService = new PlatformHttpServiceContextCustomizer();
    httpService.setBindPort(AvailablePortFinder.getNextAvailable());
    httpService.setSslContextParameters(serviceSSLContextParameters);
    httpService.apply(context);

    try {
        context.getRegistry().bind("clientSSLContextParameters", clientSSLContextParameters);
        context.start();

        String result = context.createFluentProducerTemplate()
            .toF("https://localhost:%d?sslContextParameters=#clientSSLContextParameters", httpService.getBindPort())
            .withBody("test")
            .request(String.class);

        assertThat(result).isEqualTo("TEST");
    } finally {
        context.stop();
    }
}
 

@Test
public void testPlatformHttpComponentGlobalSSL() throws Exception {
    KeyStoreParameters keystoreParameters = new KeyStoreParameters();
    keystoreParameters.setResource("jsse/service.jks");
    keystoreParameters.setPassword("security");

    SSLContextParameters serviceSSLContextParameters = new SSLContextParameters();
    KeyManagersParameters serviceSSLKeyManagers = new KeyManagersParameters();
    serviceSSLKeyManagers.setKeyPassword("security");
    serviceSSLKeyManagers.setKeyStore(keystoreParameters);
    serviceSSLContextParameters.setKeyManagers(serviceSSLKeyManagers);

    KeyStoreParameters truststoreParameters = new KeyStoreParameters();
    truststoreParameters.setResource("jsse/truststore.jks");
    truststoreParameters.setPassword("storepass");

    TrustManagersParameters clientAuthServiceSSLTrustManagers = new TrustManagersParameters();
    clientAuthServiceSSLTrustManagers.setKeyStore(truststoreParameters);
    serviceSSLContextParameters.setTrustManagers(clientAuthServiceSSLTrustManagers);
    SSLContextServerParameters clientAuthSSLContextServerParameters = new SSLContextServerParameters();
    clientAuthSSLContextServerParameters.setClientAuthentication("REQUIRE");
    serviceSSLContextParameters.setServerParameters(clientAuthSSLContextServerParameters);

    SSLContextParameters clientSSLContextParameters = new SSLContextParameters();
    TrustManagersParameters clientSSLTrustManagers = new TrustManagersParameters();
    clientSSLTrustManagers.setKeyStore(truststoreParameters);
    clientSSLContextParameters.setTrustManagers(clientSSLTrustManagers);

    KeyManagersParameters clientAuthClientSSLKeyManagers = new KeyManagersParameters();
    clientAuthClientSSLKeyManagers.setKeyPassword("security");
    clientAuthClientSSLKeyManagers.setKeyStore(keystoreParameters);
    clientSSLContextParameters.setKeyManagers(clientAuthClientSSLKeyManagers);

    CamelContext context = new DefaultCamelContext();
    context.setSSLContextParameters(serviceSSLContextParameters);
    context.addRoutes(new RouteBuilder() {
        @Override
        public void configure() throws Exception {
            fromF("platform-http:/")
                .transform().body(String.class, b -> b.toUpperCase());
        }
    });

    PlatformHttpServiceContextCustomizer httpService = new PlatformHttpServiceContextCustomizer();
    httpService.setBindPort(AvailablePortFinder.getNextAvailable());
    httpService.setUseGlobalSslContextParameters(true);
    httpService.apply(context);

    try {
        context.getRegistry().bind("clientSSLContextParameters", clientSSLContextParameters);
        context.start();

        String result = context.createFluentProducerTemplate()
            .toF("https://localhost:%d?sslContextParameters=#clientSSLContextParameters", httpService.getBindPort())
            .withBody("test")
            .request(String.class);

        assertThat(result).isEqualTo("TEST");
    } finally {
        context.stop();
    }
}
 

private List<Integer> sendMessages(int port, SSLContextParameters sslContextParameters) throws InterruptedException {
    NioEventLoopGroup eventLoopGroup = new NioEventLoopGroup();
    try {
        // This list will hold the acknowledgment response sequence numbers
        List<Integer> responses = new ArrayList<>();

        // This initializer configures the SSL and an acknowledgment recorder
        ChannelInitializer<Channel> initializer = new ChannelInitializer<Channel>() {
            @Override
            protected void initChannel(Channel ch) throws Exception {
                ChannelPipeline pipeline = ch.pipeline();
                if (sslContextParameters != null) {
                    SSLEngine sslEngine = sslContextParameters.createSSLContext(null).createSSLEngine();
                    sslEngine.setUseClientMode(true);
                    pipeline.addLast(new SslHandler(sslEngine));
                }

                // Add the response recorder
                pipeline.addLast(new SimpleChannelInboundHandler<ByteBuf>() {
                    @Override
                    protected void channelRead0(ChannelHandlerContext ctx, ByteBuf msg) throws Exception {
                        Assert.assertEquals(msg.readUnsignedByte(), (short) '2');
                        Assert.assertEquals(msg.readUnsignedByte(), (short) 'A');
                        synchronized (responses) {
                            responses.add(msg.readInt());
                        }
                    }
                });
            }
        };

        // Connect to the server
        Channel channel = new Bootstrap()
                .group(eventLoopGroup)
                .channel(NioSocketChannel.class)
                .handler(initializer)
                .connect("127.0.0.1", port).sync().channel();

        // Send the 2 window frames
        TimeUnit.MILLISECONDS.sleep(100);
        channel.writeAndFlush(readSample("lumberjack/window10"));
        TimeUnit.MILLISECONDS.sleep(100);
        channel.writeAndFlush(readSample("lumberjack/window15"));
        TimeUnit.MILLISECONDS.sleep(100);

        channel.close();

        synchronized (responses) {
            return responses;
        }
    } finally {
        eventLoopGroup.shutdownGracefully();
    }
}