THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
JSSE Utility
The JSSE Utility, available as of 2.8, allows you to easily configure aspects of the Java Secure Socket Extension (JSSE) API in order to greatly simplify the use of custom transport layer security (TLS) settings on Camel components.
...
The key component in configuring TLS through the JSSE API is the SSLContext. The SSLContext provides socket factories for both client-side and server-side sockets as well as another component called an SSLEngine that is used by non-blocking IO to support TLS. The JSSE configuration utility provides an easy to use builder for configuring these JSSE components, among others, in a manner that allows you to provide all configuration options up front during the initialization of your application such that you don't have to customize library code or dig though the inner workings of a third-party library in order to inject hooks for the configuration of each component in the JSSE API. The central builder in the JSSE configuration utility is the SSLContextParameters. This class serves as the entry point for most configuration in the JSSE utility.
...
| Info |
|---|
...
All non-native classes are in the org.apache.camel.util.jsse package |
...
. |
SSLContextParameters
Java Field Name and Class | Spring Namespace XML Attribute/Element and Type | Description |
|---|---|---|
cipherSuites - CipherSuitesParameters | sslContextParameters/ciphersuites - CipherSuitesParameters | This optional property represents a collection of explicitly named cipher suites to enable on both the client and server side as well as in the SSLEngine. These values take precedence over filters supplied in cipherSuitesFilter. The utility attempts to enable the listed cipher suites regardless of whether or not the JSSE provider actually supports them or not. This behavior guarantees that listed cipher suites are always enabled when listed. For a more lenient option, use cipherSuitesFilter. |
cipherSuitesFilter - FilterParameters | sslContextParameters/cipherSuitesFilter - FilterParameters | This optional property represents a collection of include and exclude patterns for cipher suites to enable on both the client and server side as well as in the SSLEngine. The patterns are applied over only the available cipher suites. The exclude patterns have precedence over the include patterns. If no cipherSuites and no cipherSuitesFilter are present, the default patterns applied are:
|
secureSocketProtocols - SecureSocketProtocolsParameters | sslContextParameters/secureSocketProtocols - SecureSocketProtocolsParameters | This optional property represents a collection of explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on both the client and server side as well as in the SSLEngine. These values take precedence over filters supplied in secureSocketProtocolsFilter. The utility attempts to enable the listed protocols regardless of whether or not the JSSE provider actually supports them or not. This behavior guarantees that listed protocols aree always enabled when listed. For a more lenient option, use secureSocketProtocolsFilter. |
secureSocketProtocolsFilter - FilterParameters | sslContextParameters/secureSocketProtocolsFilter - FilterParameters | This optional property represents a collection of include and exclude patterns for secure socket protocols to enable on both the client and server side as well as in the SSLEngine. The patterns are applied over only the available protocols. The exclude patterns have precedence over the include patterns. If no secureSocketProtocols and no secureSocketProtocolsFilter are present, the default patterns applied are:
|
...
sessionTimeout - java.lang.Integer | sslContextParameters/@sessionTimeout - xsd:int | This optional property defines the timeout period, in seconds, for sessions on both the client and server side as well as in the SSLEngine. |
keyManagers - KeyManagersParameters | sslContextParameters/keyManagers - KeyManagersParameters | This optional property configures the source of key material for providing identity of client and server side connections as well as in the SSLEngine. If omitted, no source of key material is provided and the SSLContext is suitable only for client-side usage when mutual authentication is not in use. You typically configure this property with a key store containing a client or server private key. |
trustManagers - TrustManagersParameters | sslContextParameters/trustManagers - TrustManagersParameters | This optional property configures the source of material for verifying trust of key material used in the handshake process. If omitted, the default trust manager is automatically used. See the JSSE documentation for more information on how the default trust manager is configured. You typically configure this property with a key store containing trusted CA certificates. |
secureRandom - SecureRandomParameters | sslContextParameters/secureRandom - SecureRandomParameters | This optional property configures the secure random number generator used by the client and server side as well as in the SSLEngine. If omitted, the default secure random number generator is used. |
clientParameters - SSLContextClientParameters | sslContextParameters/clientParameters - SSLContextClientParameters | This optional property configures additional settings that apply only to the client side aspects of the SSLContext. If present, these settings override the settings specified at the SSLContextParameters level. |
serverParameters - SSLContextServerParameters | sslContextParameters/serverParameters - SSLContextServerParameters | This optional property configures additional settings that apply only to the server side aspects of the SSLContext. If present, these settings override the settings specified at the SSLContextParameters level. |
provider - java.lang.String | sslContextParameters/@provider - xzd:string | The optional provider identifier for the JSSE implementation to use when constructing the SSLContext. If omitted, the standard provider look-up mechanism is used |
...
to resolve the provider. | ||
secureSocketProtocol - java.lang.String | sslContextParameters/@secureSocketProtocol - xsd:string | The optional secure socket protocol. See Appendix A in the Java Secure Socket Extension Reference Guide for information about standard protocol names. If omitted, TLS is used by default. Note that this property is related to but distinctly different from the secureSocketProtocols and secureSocketProtocolsFilter properties. |
KeyManagersParameters
Java Field Name and Class | XML Attribute/Element and Type | Description |
|---|---|---|
keyStore- KeyStoreParameters | keyStore - KeyStoreParameters | This optional property represents the key store that provides key material to the key manager. This is typically configured with a key store containing a user or server private key. In some cases, such as when using PKCS#11, the key store is omitted entirely. |
keyPassword - String | @keyPassword - xsd:string | The optional password for recovering/accessing the private key in the key store. This is typically the password for the private key in the configured key store; however, in some cases, such as when using PKCS#11, the key password may be provided through other means and is omitted entirely in this configuration. |
provider - java.lang.String | @provider - xsd:string | The optional provider identifier for the KeyManagerFactory used to create the KeyManagers represented by this object's configuration. If omitted, the default look-up behavior is used. |
algorithm - java.lang.String | @algorithm | The optional algorithm name for the KeyManagerFactory used to create the KeyManager represented by this object's configuration. See the Java Secure Socket Extension Reference Guide for information about standard algorithm names. |
;
...