camel-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Avnish Pundir <>
Subject Re: mutually-authenticated SSL with websockets
Date Fri, 16 Dec 2016 11:52:44 GMT
I recently did something very similar (not with websocket, instead with 
netty4-http though). However looking at websocket docs, its very much 
similar. You'll have to use sslContextParameters endpoint option to 
specify the contextparameter. In my case I created it as a (spring) bean 
and provided the bean name in this parameter. The way I created this 
bean is following:

public SSLContextParameters myMutualAuthParams() {
// setup keystore having public/private key.
// This can be used as trust store (for trusting external certs)
//    and/or can be used for our own certificate for mutual certauth
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("/ssl/clientcert.pfx"); // classpath resource
ksp.setPassword("pfxpassword"); // change as per your setup

// supply private key pass that shall be used for mutual auth
KeyManagersParameters pkParams = new KeyManagersParameters();
pkParams.setKeyPassword("pfxpassword");  // change as per your setup

SSLContextParameters scp = new SSLContextParameters();
// this is NOT needed for pkcs12 but you may need it for
// jks keystore types having multiple private keys
// scp.setCertAlias("");

// this SSLContextParameters will use JRE default keystore
//    for trusting incoming certificates
// If you want to override trust store, use following:
// TrustManagersParameters tmp = new TrustManagersParameters();
// tmp.setKeyStore(ksp);
// scp.setTrustManagers(tmp);
// Ofcourse you can use *NEW* KeyStoreParameters as your TrustManager
//   with this SSLContextParameters

return scp;

Hope it saves time for someone as I ended up spending more than a day to 
get it right after going through docs again and again and trying hit and 
trials before I get it right.

*Avnish Pundir*

On 13-12-2016 23:00, Zoran Regvart wrote:
> Hi Mark,
> there is the `clientAuthentication` parameter in `serverParameters` of
> `SSLContextParameters` that you can set to `REQUIRE`. I wager adding
> SSLContextParameters instance to registry and referencing in the
> component/endpoint configuration should do the trick.
> zoran
> [1]
> On Tue, Dec 13, 2016 at 6:24 PM, Mark <> wrote:
>> I have a requirement for mutually-authenticated SSL with a websocket.  Does
>> the Camel-Websocket component support this functionality?  According to the
>> camel websocket page, the SSL params are for consumers only which makes me
>> think that 2-way SSL isn't supported.
>> Cheers,
>> Mark

Disclaimer: The information contained in this communication is 
confidential, private, proprietary, or otherwise privileged and is intended 
only for the use of the addressee.Unauthorized use, disclosure, 
distribution or copying is strictly prohibited and may be unlawful. If you 
have received this communication in error, please delete this message and 
notify the sender immediately - Samin TekMindz India Pvt.Ltd. 

View raw message