camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alexandre Gattiker <agatti...@gmail.com>
Subject Re: Setting CXF TLSClientParameters programmatically
Date Thu, 05 Jan 2012 07:08:25 GMT
Good catch, many thanks!

Still, it would be very useful to be able to set the key store
parameters programmatically for an endpoint, rather than through
system properties only.

Best regards,
Alexandre

On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp <dkulp@apache.org> wrote:
> On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>> As of Camel 2.9.0 I can write:
>>
>> Map<String, Object> cxfProperties = new HashMap<String, Object>();
>> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>> cxfEndpoint.setProperties(cxfProperties);
>>
>> Is there a similar way to set the TLSClientParameters? I would like to
>> set them e.g. from the usual system properties
>> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>> HTTP Conduit (why?).
>
> Argh....   bug in CXF.     Just looked at the code.   We are grabbing the
> system property for javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword,
> but not for keyStoreType.  :-(
>
> Will fix.
>
> Dan
>
>
>
>
>>
>> In CXF I can write the following, but I couldn't find a Camel equivalent:
>> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>> ...
>> proxy = factory.create();
>> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>> TLSClientParameters tcp = new TLSClientParameters();
>> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>> conduit.setTlsClientParameters(tcp);
>>
>>
>> I found a workaround as follows, but it is quite complicated. Also,
>> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>>
>> context = new SpringCamelContext(new
>> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>> context.addRoutes(...)
>>
>> camel-ssl.xml:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>         xmlns:sec="http://cxf.apache.org/configuration/security"
>> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>>         xsi:schemaLocation="
>>        http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>>       http://cxf.apache.org/transports/http/configuration
>> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>>        http://cxf.apache.org/configuration/security
>> http://cxf.apache.org/schemas/configuration/security.xsd
>> ">
>>
>>         <bean
>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>> er"> <property name="properties">
>>                         <props>
>>                                 <prop
>> key="javax.net.ssl.trustStoreType">JKS</prop>
>>                                 <prop
>> key="javax.net.ssl.keyStoreType">JKS</prop>
>>                                 <prop
>> key="javax.net.ssl.keyStorePassword">changeit</prop>
>>                         </props>
>>                 </property>
>>                 <property name="systemPropertiesModeName">
>>                         <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>>                 </property>
>>         </bean>
>>
>>         <http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
>>                 <http:tlsClientParameters>
>>                         <sec:keyManagers
>> keyPassword="${javax.net.ssl.keyStorePassword}">
>>                                 <sec:keyStore
>> type="${javax.net.ssl.keyStoreType}"
>> password="${javax.net.ssl.keyStorePassword}"
>> file="${javax.net.ssl.keyStore}" />
>>                         </sec:keyManagers>
>>                         <sec:trustManagers>
>>                                 <sec:keyStore
>> type="${javax.net.ssl.trustStoreType}"
>> file="${javax.net.ssl.trustStore}" />
>>                         </sec:trustManagers>
>>                 </http:tlsClientParameters>
>>         </http:conduit>
>> </beans>
>>
>> Thanks in advance for your advice.
> --
> Daniel Kulp
> dkulp@apache.org - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com

Mime
View raw message