Versions Compared

Old Version 7

changes.mady.by.user David Valeri

Saved on

compared with

New Version 8

changes.mady.by.user David Valeri

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Java Field Name and Class

XML Attribute/Element and Type

Description

cipherSuites - CipherSuitesParameters

sslContextParameters/ciphersuites - CipherSuitesParameters

This optional property represents a collection of explicitly named cipher suites to enable on both the client and server side as well as in the SSLEngine.  These values take precedence over filters supplied in cipherSuitesFilter.  The utility attempts to enable the listed cipher suites regardless of whether or not the JSSE provider actually supports them or not.  This behavior guarantees that listed cipher suites are always enabled when listed.  For a more lenient option, use cipherSuitesFilter.

cipherSuitesFilter - FilterParameters

sslContextParameters/cipherSuitesFilter - FilterParameters

This optional property represents a collection of include and exclude patterns for cipher suites to enable on both the client and server side as well as in the SSLEngine.  The patterns are applied over only the available cipher suites.  The exclude patterns have precedence over the include patterns.  If no cipherSuites and no cipherSuitesFilter are present, the default patterns applied are:

Includes

  • .*
    Excludes
  • .*NULL.*
  • .*anon.*

secureSocketProtocols - SecureSocketProtocolsParameters

sslContextParameters/secureSocketProtocols - SecureSocketProtocolsParameters

This optional property represents a collection of explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on both the client and server side as well as in the SSLEngine.  These values take precedence over filters supplied in secureSocketProtocolsFilter.  The utility attempts to enable the listed protocols regardless of whether or not the JSSE provider actually supports them or not.  This behavior guarantees that listed protocols aree always enabled when listed.  For a more lenient option, use secureSocketProtocolsFilter.

secureSocketProtocolsFilter - FilterParameters

sslContextParameters/secureSocketProtocolsFilter - FilterParameters

This optional property represents a collection of include and exclude patterns for secure socket protocols to enable on both the client and server side as well as in the SSLEngine.  The patterns are applied over only the available protocols.  The exclude patterns have precedence over the include patterns.  If no secureSocketProtocols and no secureSocketProtocolsFilter are present, the default patterns applied are:

Includes

  • .*

sessionTimeout - java.lang.Integer String

sslContextParameters/@sessionTimeout - xsd:int string

This optional property defines the timeout period, in seconds, for sessions on both the client and server side as well as in the SSLEngine.

keyManagers - KeyManagersParameters

sslContextParameters/keyManagers - KeyManagersParameters

This optional property configures the source of key material for providing identity of client and server side connections as well as in the SSLEngine.  If omitted, no source of key material is provided and the SSLContext is suitable only for client-side usage when mutual authentication is not in use.  You typically configure this property with a key store containing a client or server private key.

trustManagers - TrustManagersParameters

sslContextParameters/trustManagers - TrustManagersParameters

This optional property configures the source of material for verifying trust of key material used in the handshake process.  If omitted, the default trust manager is automatically used.  See the JSSE documentation for more information on how the default trust manager is configured.  You typically configure this property with a key store containing trusted CA certificates.

secureRandom - SecureRandomParameters

sslContextParameters/secureRandom - SecureRandomParameters

This optional property configures the secure random number generator used by the client and server side as well as in the SSLEngine.  If omitted, the default secure random number generator is used.

clientParameters - SSLContextClientParameters

sslContextParameters/clientParameters - SSLContextClientParameters

This optional property configures additional settings that apply only to the client side aspects of the SSLContext.  If present, these settings override the settings specified at the SSLContextParameters level.

serverParameters - SSLContextServerParameters

sslContextParameters/serverParameters - SSLContextServerParameters

This optional property configures additional settings that apply only to the server side aspects of the SSLContext.  If present, these settings override the settings specified at the SSLContextParameters level.

provider - java.lang.String

sslContextParameters/@provider - xsd:string

The optional provider identifier for the JSSE implementation to use when constructing the SSLContext.  If omitted, the standard provider look-up mechanism is used to resolve the provider.

secureSocketProtocol - java.lang.String

sslContextParameters/@secureSocketProtocol - xsd:string

The optional secure socket protocol. See Appendix A in the Java Secure Socket Extension Reference Guide for information about standard protocol names.  If omitted, TLS is used by default.  Note that this property is related to but distinctly different from the secureSocketProtocols and secureSocketProtocolsFilter properties.

...

Java Field Name and Class

XML Attribute/Element and Type

Description

resource- java.lang.String

keyStore/@resource - xsd:string

This optional property represents the location of the key store resource to load the key store from.  In some cases, the resource is omitted as the key store content is provided by other means.  The loading of the resource, if provided, is attempted by treating the resource as a file path, a class path resource, and a URL in that order. An exception is thrown if the resource cannot be resolved to readable input stream using any of the above methods.

password - java.lang.String

keyStore/@password - xsd:string

The optional password for reading/opening/verifying the key store.

Note


For programmatic and Spring based XML configuration in OSGi, a resource specified as a classpath resource path may be accessible in bundle containing the XML configuration file or in a package that is imported by that bundle.  As Blueprint does not define the thread context classloader behavior, only classpath resources in the bundle containing the XML configuration file may be resolved.


password - java.lang.String

keyStore/@password - xsd:string

The optional password for reading/opening/verifying the key store.

type - java.lang.String

keyStore/@type - xsd:string

The optional type of the key store.  See Appendix A in the Java Cryptography Architecture Standard Algorithm Name Documentation for more information on standard names.  If omitted, defaults to the default lookup mechanism as defined by KeyStore.getDefaultType().

provider - java.lang.String

keyStore/@provider - xsd:string

The optional provider identifier for the provider used to create the KeyStores represented by this object's configuration.  If omitted, the default look-up behavior is used.

...

Java Field Name and Class

XML Attribute/Element and Type

Description

cipherSuites - CipherSuitesParameters

sslContextClientParameters/ciphersuites - CipherSuitesParameters

This optional property represents a collection of explicitly named cipher suites to enable on the server side only (SSLServerSocketFactory/SSLServerSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  These values take precedence over filters supplied in cipherSuitesFilter.  The utility attempts to enable the listed cipher suites regardless of whether or not the JSSE provider actually supports them or not.  This behavior guarantees that listed cipher suites are always enabled when listed.  For a more lenient option, use cipherSuitesFilter.

cipherSuitesFilter - FilterParameters

sslContextClientParameters/cipherSuitesFilter - FilterParameters

This optional property represents a collection of include and exclude patterns for cipher suites to enable on the server side only (SSLServerSocketFactory/SSLServerSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  The patterns are applied over only the available cipher suites.  The exclude patterns have precedence over the include patterns.  See SSLContextParameters for details of the behavior if this option and cipherSuites is omitted at this level.

secureSocketProtocols - SecureSocketProtocolsParameters

sslContextClientParameters/secureSocketProtocols - SecureSocketProtocolsParameters

This optional property represents a collection of explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on the server side only (SSLServerSocketFactory/SSLServerSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  These values take precedence over filters supplied in secureSocketProtocolsFilter.  The utility attempts to enable the listed protocols regardless of whether or not the JSSE provider actually supports them or not.  This behavior guarantees that listed protocols aree always enabled when listed.  For a more lenient option, use secureSocketProtocolsFilter.

secureSocketProtocolsFilter - FilterParameters

sslContextClientParameters/secureSocketProtocolsFilter - FilterParameters

This optional property represents a collection of include and exclude patterns for secure socket protocols to enable on theserver side only (SSLServerSocketFactory/SSLServerSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  The patterns are applied over only the available protocols.  The exclude patterns have precedence over the include patterns.  See SSLContextParameters for details of the behavior if this option and/or secureSocketProtocols is omitted at this level.

sessionTimeout - java.lang.Integer String

sslContextServerParameters/@sessionTimeout - xsd:int string

This optional property defines the timeout period, in seconds, for sessions on the server side.  This setting affects both the SSLServerSocketFactory/SSLServerSocket as well as the server side of the SSLEngine.

clientAuthentication - ClientAuthentication java.lang.String

sslContextServerParameters/@clientAuthentication - ClientAuthentication xsd:string

This optional property indicates if the server side does not request, requests, or requires clients to provide authentication credentials during the handshake process.  This is commonly referred to as mutual authentication, two direction SSL/TLS, or two-legged SSL/TLS.
Valid values are: NONE, WANT, REQUIRE

SSLContextClientParameters

Java Field Name and Class

XML Attribute/Element and Type

Description

cipherSuites - CipherSuitesParameters

sslContextClientParameters/ciphersuites - CipherSuitesParameters

This optional property represents a collection of explicitly named cipher suites to enable on theclient  side only (SSLSocketFactory/SSLSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  These values take precedence over filters supplied in cipherSuitesFilter.  The utility attempts to enable the listed cipher suites regardless of whether or not the JSSE provider actually supports them or not.  This behavior guarantees that listed cipher suites are always enabled when listed.  For a more lenient option, use cipherSuitesFilter.

cipherSuitesFilter - FilterParameters

sslContextClientParameters/cipherSuitesFilter - FilterParameters

This optional property represents a collection of include and exclude patterns for cipher suites to enable on the client side only (SSLSocketFactory/SSLSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  The patterns are applied over only the available cipher suites.  The exclude patterns have precedence over the include patterns.  See SSLContextParameters for details of the behavior if this option and cipherSuites is omitted at this level.

secureSocketProtocols - SecureSocketProtocolsParameters

sslContextClientParameters/secureSocketProtocols - SecureSocketProtocolsParameters

This optional property represents a collection of explicitly named secure socket protocols, such as SSLv3/TLS/etc., to enable on the client side only (SSLSocketFactory/SSLSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  These values take precedence over filters supplied in secureSocketProtocolsFilter.  The utility attempts to enable the listed protocols regardless of whether or not the JSSE provider actually supports them or not.  This behavior guarantees that listed protocols aree always enabled when listed.  For a more lenient option, use secureSocketProtocolsFilter.

secureSocketProtocolsFilter - FilterParameters

sslContextClientParameters/secureSocketProtocolsFilter - FilterParameters

This optional property represents a collection of include and exclude patterns for secure socket protocols to enable on the client side only (SSLSocketFactory/SSLSocket) by overriding the value of this setting in the SSLContextParameters.  This option has no affect on the SSLEngine configuration.  The patterns are applied over only the available protocols.  The exclude patterns have precedence over the include patterns.  See SSLContextParameters for details of the behavior if this option and/or secureSocketProtocols is omitted at this level.

sessionTimeout - java.lang.Integer String

sslContextServerParameters/@sessionTimeout - xsd:int string

This optional property defines the timeout period, in seconds, for sessions on the client side This setting affects both the SSLSocketFactory/SSLSocket as well as the client side of the SSLEngine.

...

This configuration utility fully supports the use of property placeholders (see Using PropertyPlaceholder) in all configuration fields.  In order to support this feature, the configuration utility objects must be configured with a reference to a Camel context.  All of the utility classes except for CipherSuitesParameters and SecureSocketProtocolsParameters provide a setter method for providing the context reference.  Do not confuse the lack of a setter on CipherSuitesParameters and SecureSocketProtocolsParameters as an indication that you cannot use property placeholders when configuring these classes.  The lack of a setter is an internal implementation detail and full placeholder support is available for both of the configuration classes.

In this example, both the client and server sides share the same custom key store; however, the client side allows any supported cipher suite while the server side will use the default cipher suite filter and exclude any cipher suites that match the patterns .*NULL.* and .*anon.*.KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("/users/home/server/keystore.jks");
ksp.setPassword("keystorePassword");

KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword("keyPassword");

FilterParameters filter = new FilterParameters();
filter.getInclude().add(".*");

SSLContextClientParameters sccp = new SSLContextClientParameters();
sccp.setCipherSuitesFilter(filter);

SSLContextParameters scp = new SSLContextParameters();
scp.setClientParameters(sccp);
scp.setKeyManagers(kmp);

SSLContext context = scp.createSSLContext();
SSLEngine engine = scp.createSSLEngine();

The following example code demonstrates how to create a KeyStore instance based on configuration options provided by the Camel Properties Component and property placeholder support.

Code Block

PropertiesComponent pc = new PropertiesComponent();
pc.setLocation("file:./jsse-test.properties");

CamelContext context = new DefaultCamelContext();
context.addComponent("properties", pc);

KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setContext(camelContext);
        
ksp.setType("{{keyStoreParameters.type}}");
ksp.setProvider("{{keyStoreParameters.provider}}");
ksp.setResource("{{keyStoreParameters.resource}}");
ksp.setPassword("{{keyStoreParamerers.password}}");

KeyStore keyStore = ksp.createKeyStore();

XML Configuration

Info

Note that XML configuration is supported in both Spring and Blueprint format.

...

In this example, both the client and server sides share the same custom key store; however, the client side allows any supported cipher suite while the server side will use the default cipher suite filter and exclude any cipher suites that match the patterns .*NULL.* and .*anon.*.anon.*.

Code Block
xml
xml

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0">
       xmlns:camel="http://camel.apache.org/schema/blueprint">

  <camel:sslContextParameters
      id="mySslContext">

    <camel:keyManagers
        keyPassword="keyPassword">
      <camel:keyStore
          resource="/users/home/server/keystore.jks"
          password="keystorePassword"/>
    </camel:keyManagers>

    <camel:clientParameters>
      <camel:cipherSuitesFilter>
        <camel:include>.*</camel:include>
      </camel:cipherSuitesFilter>
    </camel:clientParameters>

  </camel:sslContextParameters>

</blueprint>
Using Camel Property Placeholders

This configuration utility fully supports the use of property placeholders (see Using PropertyPlaceholder) in all configuration fields for XML based configuration as well.  In order to support this feature, the configuration utility objects must be configured with a reference to a Camel context.  The Spring and Blueprint namespace handlers will automatically inject the reference to the context for you when there is one Camel context in scope. If you have more than one Camel context instance in your XML defined context, you can indicate which context reference to configure by specifying the camelContextId attribute in the top-level XML element.

The following example code demonstrates how to create a KeyStore instance based on configuration options provided by the Camel Properties Component and property placeholder support. The Camel context with the ID example is used to resolve the property placeholders.

Code Block
xml
xml
<blueprint<beans xmlns="http://www.osgispringframework.org/xmlns/blueprint/v1.0.0">schema/beans"
       xmlns:camelxsi="http://camelwww.apachew3.org/schema2001/blueprintXMLSchema-instance">

  <camel:sslContextParameters
      idxmlns:camel="mySslContext">

http://camel.apache.org/schema/spring"
    <camel:keyManagers
        keyPasswordxsi:schemaLocation="keyPassword">
      <camel:keyStore http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
          resource="/users/home/server/keystore.jks"
          password="keystorePassword"/>
    </camel:keyManagers>

    <camel:clientParameters>
      <camel:cipherSuitesFilter>
        <camel:include>.*</camel:include>
      </camel:cipherSuitesFilter>
    </camel:clientParameters>

  </camel:sslContextParameters>

</blueprint>http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd">

  <camel:camelContext id="example"/>

  <camel:camelContext id="example2"/>

  <camel:keyStoreParameters
    id="ksp"
    camelContextId="example"
    resource="{{keyStoreParameters.resource}}"
    type="{{keyStoreParameters.type}}"
    provider="{{keyStoreParameters.provider}}"
    password="{{keyStoreParamerers.password}}"/>

</beans>