Setting CXF TLSClientParameters programmatically

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Setting CXF TLSClientParameters programmatically

Alexandre Gattiker
As of Camel 2.9.0 I can write:

Map<String, Object> cxfProperties = new HashMap<String, Object>();
cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
cxfEndpoint.setProperties(cxfProperties);

Is there a similar way to set the TLSClientParameters? I would like to
set them e.g. from the usual system properties
javax.net.ssl.keyStoreType, etc. which are not honored by the default
HTTP Conduit (why?).

In CXF I can write the following, but I couldn't find a Camel equivalent:
JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
...
proxy = factory.create();
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
TLSClientParameters tcp = new TLSClientParameters();
tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
conduit.setTlsClientParameters(tcp);


I found a workaround as follows, but it is quite complicated. Also,
the CXF conduit wildcard (name="*.http-conduit") doesn't work.

context = new SpringCamelContext(new
ClassPathXmlApplicationContext("/camel-ssl.xml"));
context.addRoutes(...)

camel-ssl.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://cxf.apache.org/transports/http/configuration"
        xmlns:sec="http://cxf.apache.org/configuration/security"
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
        xsi:schemaLocation="
       http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
      http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
       http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
">

        <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
                <property name="properties">
                        <props>
                                <prop
key="javax.net.ssl.trustStoreType">JKS</prop>
                                <prop
key="javax.net.ssl.keyStoreType">JKS</prop>
                                <prop
key="javax.net.ssl.keyStorePassword">changeit</prop>
                        </props>
                </property>
                <property name="systemPropertiesModeName">
                        <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
                </property>
        </bean>

        <http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
                <http:tlsClientParameters>
                        <sec:keyManagers
keyPassword="${javax.net.ssl.keyStorePassword}">
                                <sec:keyStore
type="${javax.net.ssl.keyStoreType}"
password="${javax.net.ssl.keyStorePassword}"
file="${javax.net.ssl.keyStore}" />
                        </sec:keyManagers>
                        <sec:trustManagers>
                                <sec:keyStore
type="${javax.net.ssl.trustStoreType}"
file="${javax.net.ssl.trustStore}" />
                        </sec:trustManagers>
                </http:tlsClientParameters>
        </http:conduit>
</beans>

Thanks in advance for your advice.
Reply | Threaded
Open this post in threaded view
|

Re: Setting CXF TLSClientParameters programmatically

dkulp@apache.org
On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:

> As of Camel 2.9.0 I can write:
>
> Map<String, Object> cxfProperties = new HashMap<String, Object>();
> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
> cxfEndpoint.setProperties(cxfProperties);
>
> Is there a similar way to set the TLSClientParameters? I would like to
> set them e.g. from the usual system properties
> javax.net.ssl.keyStoreType, etc. which are not honored by the default
> HTTP Conduit (why?).

Argh....   bug in CXF.     Just looked at the code.   We are grabbing the
system property for javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword,
but not for keyStoreType.  :-(

Will fix.

Dan




>
> In CXF I can write the following, but I couldn't find a Camel equivalent:
> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
> ...
> proxy = factory.create();
> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
> TLSClientParameters tcp = new TLSClientParameters();
> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
> conduit.setTlsClientParameters(tcp);
>
>
> I found a workaround as follows, but it is quite complicated. Also,
> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>
> context = new SpringCamelContext(new
> ClassPathXmlApplicationContext("/camel-ssl.xml"));
> context.addRoutes(...)
>
> camel-ssl.xml:
> <?xml version="1.0" encoding="UTF-8"?>
> <beans xmlns="http://www.springframework.org/schema/beans"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>         xmlns:sec="http://cxf.apache.org/configuration/security"
> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>         xsi:schemaLocation="
>        http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>       http://cxf.apache.org/transports/http/configuration
> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>        http://cxf.apache.org/configuration/security
> http://cxf.apache.org/schemas/configuration/security.xsd
> ">
>
>         <bean
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
> er"> <property name="properties">
>                         <props>
>                                 <prop
> key="javax.net.ssl.trustStoreType">JKS</prop>
>                                 <prop
> key="javax.net.ssl.keyStoreType">JKS</prop>
>                                 <prop
> key="javax.net.ssl.keyStorePassword">changeit</prop>
>                         </props>
>                 </property>
>                 <property name="systemPropertiesModeName">
>                         <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>                 </property>
>         </bean>
>
>         <http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
>                 <http:tlsClientParameters>
>                         <sec:keyManagers
> keyPassword="${javax.net.ssl.keyStorePassword}">
>                                 <sec:keyStore
> type="${javax.net.ssl.keyStoreType}"
> password="${javax.net.ssl.keyStorePassword}"
> file="${javax.net.ssl.keyStore}" />
>                         </sec:keyManagers>
>                         <sec:trustManagers>
>                                 <sec:keyStore
> type="${javax.net.ssl.trustStoreType}"
> file="${javax.net.ssl.trustStore}" />
>                         </sec:trustManagers>
>                 </http:tlsClientParameters>
>         </http:conduit>
> </beans>
>
> Thanks in advance for your advice.
--
Daniel Kulp
[hidden email] - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Setting CXF TLSClientParameters programmatically

Alexandre Gattiker
Good catch, many thanks!

Still, it would be very useful to be able to set the key store
parameters programmatically for an endpoint, rather than through
system properties only.

Best regards,
Alexandre

On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp <[hidden email]> wrote:

> On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>> As of Camel 2.9.0 I can write:
>>
>> Map<String, Object> cxfProperties = new HashMap<String, Object>();
>> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>> cxfEndpoint.setProperties(cxfProperties);
>>
>> Is there a similar way to set the TLSClientParameters? I would like to
>> set them e.g. from the usual system properties
>> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>> HTTP Conduit (why?).
>
> Argh....   bug in CXF.     Just looked at the code.   We are grabbing the
> system property for javax.net.ssl.keyStore and javax.net.ssl.keyStorePassword,
> but not for keyStoreType.  :-(
>
> Will fix.
>
> Dan
>
>
>
>
>>
>> In CXF I can write the following, but I couldn't find a Camel equivalent:
>> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>> ...
>> proxy = factory.create();
>> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>> TLSClientParameters tcp = new TLSClientParameters();
>> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>> conduit.setTlsClientParameters(tcp);
>>
>>
>> I found a workaround as follows, but it is quite complicated. Also,
>> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>>
>> context = new SpringCamelContext(new
>> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>> context.addRoutes(...)
>>
>> camel-ssl.xml:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <beans xmlns="http://www.springframework.org/schema/beans"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>         xmlns:sec="http://cxf.apache.org/configuration/security"
>> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>>         xsi:schemaLocation="
>>        http://www.springframework.org/schema/beans
>> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>>       http://cxf.apache.org/transports/http/configuration
>> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>>        http://cxf.apache.org/configuration/security
>> http://cxf.apache.org/schemas/configuration/security.xsd
>> ">
>>
>>         <bean
>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>> er"> <property name="properties">
>>                         <props>
>>                                 <prop
>> key="javax.net.ssl.trustStoreType">JKS</prop>
>>                                 <prop
>> key="javax.net.ssl.keyStoreType">JKS</prop>
>>                                 <prop
>> key="javax.net.ssl.keyStorePassword">changeit</prop>
>>                         </props>
>>                 </property>
>>                 <property name="systemPropertiesModeName">
>>                         <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>>                 </property>
>>         </bean>
>>
>>         <http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
>>                 <http:tlsClientParameters>
>>                         <sec:keyManagers
>> keyPassword="${javax.net.ssl.keyStorePassword}">
>>                                 <sec:keyStore
>> type="${javax.net.ssl.keyStoreType}"
>> password="${javax.net.ssl.keyStorePassword}"
>> file="${javax.net.ssl.keyStore}" />
>>                         </sec:keyManagers>
>>                         <sec:trustManagers>
>>                                 <sec:keyStore
>> type="${javax.net.ssl.trustStoreType}"
>> file="${javax.net.ssl.trustStore}" />
>>                         </sec:trustManagers>
>>                 </http:tlsClientParameters>
>>         </http:conduit>
>> </beans>
>>
>> Thanks in advance for your advice.
> --
> Daniel Kulp
> [hidden email] - http://dankulp.com/blog
> Talend Community Coder - http://coders.talend.com
Reply | Threaded
Open this post in threaded view
|

Re: Setting CXF TLSClientParameters programmatically

David J. M. Karlsen
Absolutely. We want to do this because of individual applications running
in the same container should have separate stores. Doesn't Camel operate
with å SSLContext for this purpose for the components?
Den 5. jan. 2012 08:09 skrev "Alexandre Gattiker" <[hidden email]>
følgende:

> Good catch, many thanks!
>
> Still, it would be very useful to be able to set the key store
> parameters programmatically for an endpoint, rather than through
> system properties only.
>
> Best regards,
> Alexandre
>
> On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp <[hidden email]> wrote:
> > On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
> >> As of Camel 2.9.0 I can write:
> >>
> >> Map<String, Object> cxfProperties = new HashMap<String, Object>();
> >> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
> >> cxfEndpoint.setProperties(cxfProperties);
> >>
> >> Is there a similar way to set the TLSClientParameters? I would like to
> >> set them e.g. from the usual system properties
> >> javax.net.ssl.keyStoreType, etc. which are not honored by the default
> >> HTTP Conduit (why?).
> >
> > Argh....   bug in CXF.     Just looked at the code.   We are grabbing the
> > system property for javax.net.ssl.keyStore and
> javax.net.ssl.keyStorePassword,
> > but not for keyStoreType.  :-(
> >
> > Will fix.
> >
> > Dan
> >
> >
> >
> >
> >>
> >> In CXF I can write the following, but I couldn't find a Camel
> equivalent:
> >> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
> >> ...
> >> proxy = factory.create();
> >> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
> >> TLSClientParameters tcp = new TLSClientParameters();
> >> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
> >> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
> >> conduit.setTlsClientParameters(tcp);
> >>
> >>
> >> I found a workaround as follows, but it is quite complicated. Also,
> >> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
> >>
> >> context = new SpringCamelContext(new
> >> ClassPathXmlApplicationContext("/camel-ssl.xml"));
> >> context.addRoutes(...)
> >>
> >> camel-ssl.xml:
> >> <?xml version="1.0" encoding="UTF-8"?>
> >> <beans xmlns="http://www.springframework.org/schema/beans"
> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> >> xmlns:http="http://cxf.apache.org/transports/http/configuration"
> >>         xmlns:sec="http://cxf.apache.org/configuration/security"
> >> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
> >>         xsi:schemaLocation="
> >>        http://www.springframework.org/schema/beans
> >> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
> >>       http://cxf.apache.org/transports/http/configuration
> >> http://cxf.apache.org/schemas/configuration/http-conf.xsd
> >>        http://cxf.apache.org/configuration/security
> >> http://cxf.apache.org/schemas/configuration/security.xsd
> >> ">
> >>
> >>         <bean
> >>
> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
> >> er"> <property name="properties">
> >>                         <props>
> >>                                 <prop
> >> key="javax.net.ssl.trustStoreType">JKS</prop>
> >>                                 <prop
> >> key="javax.net.ssl.keyStoreType">JKS</prop>
> >>                                 <prop
> >> key="javax.net.ssl.keyStorePassword">changeit</prop>
> >>                         </props>
> >>                 </property>
> >>                 <property name="systemPropertiesModeName">
> >>                         <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
> >>                 </property>
> >>         </bean>
> >>
> >>         <http:conduit id="myHttpConduit"
> name="{myNs}myPort.http-conduit">
> >>                 <http:tlsClientParameters>
> >>                         <sec:keyManagers
> >> keyPassword="${javax.net.ssl.keyStorePassword}">
> >>                                 <sec:keyStore
> >> type="${javax.net.ssl.keyStoreType}"
> >> password="${javax.net.ssl.keyStorePassword}"
> >> file="${javax.net.ssl.keyStore}" />
> >>                         </sec:keyManagers>
> >>                         <sec:trustManagers>
> >>                                 <sec:keyStore
> >> type="${javax.net.ssl.trustStoreType}"
> >> file="${javax.net.ssl.trustStore}" />
> >>                         </sec:trustManagers>
> >>                 </http:tlsClientParameters>
> >>         </http:conduit>
> >> </beans>
> >>
> >> Thanks in advance for your advice.
> > --
> > Daniel Kulp
> > [hidden email] - http://dankulp.com/blog
> > Talend Community Coder - http://coders.talend.com
>
Reply | Threaded
Open this post in threaded view
|

Re: Setting CXF TLSClientParameters programmatically

Claus Ibsen-2
David have worked on uniform TLS/SSL configuration of the Camel components.

He wrote a lot of documentation and whatnot here
http://camel.apache.org/camel-configuration-utilities.html

And from time to time add support for it with the Camel components.

But I guess CXF has already a lot of bells and whistles for SSL configuration
http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html

So I wonder if it makes sense at all to try to allow to use the stuff
David did for camel-cxf as well?
However as people often already configure CXF using the CXF
namespaces, then it may just add more confusion to the mix.

Any thoughts?



On Thu, Jan 5, 2012 at 8:15 AM, David Karlsen <[hidden email]> wrote:

> Absolutely. We want to do this because of individual applications running
> in the same container should have separate stores. Doesn't Camel operate
> with å SSLContext for this purpose for the components?
> Den 5. jan. 2012 08:09 skrev "Alexandre Gattiker" <[hidden email]>
> følgende:
>
>> Good catch, many thanks!
>>
>> Still, it would be very useful to be able to set the key store
>> parameters programmatically for an endpoint, rather than through
>> system properties only.
>>
>> Best regards,
>> Alexandre
>>
>> On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp <[hidden email]> wrote:
>> > On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>> >> As of Camel 2.9.0 I can write:
>> >>
>> >> Map<String, Object> cxfProperties = new HashMap<String, Object>();
>> >> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>> >> cxfEndpoint.setProperties(cxfProperties);
>> >>
>> >> Is there a similar way to set the TLSClientParameters? I would like to
>> >> set them e.g. from the usual system properties
>> >> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>> >> HTTP Conduit (why?).
>> >
>> > Argh....   bug in CXF.     Just looked at the code.   We are grabbing the
>> > system property for javax.net.ssl.keyStore and
>> javax.net.ssl.keyStorePassword,
>> > but not for keyStoreType.  :-(
>> >
>> > Will fix.
>> >
>> > Dan
>> >
>> >
>> >
>> >
>> >>
>> >> In CXF I can write the following, but I couldn't find a Camel
>> equivalent:
>> >> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>> >> ...
>> >> proxy = factory.create();
>> >> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>> >> TLSClientParameters tcp = new TLSClientParameters();
>> >> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>> >> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>> >> conduit.setTlsClientParameters(tcp);
>> >>
>> >>
>> >> I found a workaround as follows, but it is quite complicated. Also,
>> >> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>> >>
>> >> context = new SpringCamelContext(new
>> >> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>> >> context.addRoutes(...)
>> >>
>> >> camel-ssl.xml:
>> >> <?xml version="1.0" encoding="UTF-8"?>
>> >> <beans xmlns="http://www.springframework.org/schema/beans"
>> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>> >> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>> >>         xmlns:sec="http://cxf.apache.org/configuration/security"
>> >> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>> >>         xsi:schemaLocation="
>> >>        http://www.springframework.org/schema/beans
>> >> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>> >>       http://cxf.apache.org/transports/http/configuration
>> >> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>> >>        http://cxf.apache.org/configuration/security
>> >> http://cxf.apache.org/schemas/configuration/security.xsd
>> >> ">
>> >>
>> >>         <bean
>> >>
>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>> >> er"> <property name="properties">
>> >>                         <props>
>> >>                                 <prop
>> >> key="javax.net.ssl.trustStoreType">JKS</prop>
>> >>                                 <prop
>> >> key="javax.net.ssl.keyStoreType">JKS</prop>
>> >>                                 <prop
>> >> key="javax.net.ssl.keyStorePassword">changeit</prop>
>> >>                         </props>
>> >>                 </property>
>> >>                 <property name="systemPropertiesModeName">
>> >>                         <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>> >>                 </property>
>> >>         </bean>
>> >>
>> >>         <http:conduit id="myHttpConduit"
>> name="{myNs}myPort.http-conduit">
>> >>                 <http:tlsClientParameters>
>> >>                         <sec:keyManagers
>> >> keyPassword="${javax.net.ssl.keyStorePassword}">
>> >>                                 <sec:keyStore
>> >> type="${javax.net.ssl.keyStoreType}"
>> >> password="${javax.net.ssl.keyStorePassword}"
>> >> file="${javax.net.ssl.keyStore}" />
>> >>                         </sec:keyManagers>
>> >>                         <sec:trustManagers>
>> >>                                 <sec:keyStore
>> >> type="${javax.net.ssl.trustStoreType}"
>> >> file="${javax.net.ssl.trustStore}" />
>> >>                         </sec:trustManagers>
>> >>                 </http:tlsClientParameters>
>> >>         </http:conduit>
>> >> </beans>
>> >>
>> >> Thanks in advance for your advice.
>> > --
>> > Daniel Kulp
>> > [hidden email] - http://dankulp.com/blog
>> > Talend Community Coder - http://coders.talend.com
>>



--
Claus Ibsen
-----------------
FuseSource
Email: [hidden email]
Web: http://fusesource.com
Twitter: davsclaus, fusenews
Blog: http://davsclaus.blogspot.com/
Author of Camel in Action: http://www.manning.com/ibsen/
Reply | Threaded
Open this post in threaded view
|

Re: Setting CXF TLSClientParameters programmatically

Willem.Jiang
Administrator
Current camel-cxf doesn't care any thing of the CXF endpoint transport.

I think the issue should  be address in the CXF side instead of
camel-cxf.


On Thu Jan  5 15:50:16 2012, Claus Ibsen wrote:

> David have worked on uniform TLS/SSL configuration of the Camel components.
>
> He wrote a lot of documentation and whatnot here
> http://camel.apache.org/camel-configuration-utilities.html
>
> And from time to time add support for it with the Camel components.
>
> But I guess CXF has already a lot of bells and whistles for SSL configuration
> http://cxf.apache.org/docs/client-http-transport-including-ssl-support.html
>
> So I wonder if it makes sense at all to try to allow to use the stuff
> David did for camel-cxf as well?
> However as people often already configure CXF using the CXF
> namespaces, then it may just add more confusion to the mix.
>
> Any thoughts?
>
>
>
> On Thu, Jan 5, 2012 at 8:15 AM, David Karlsen<[hidden email]>  wrote:
>> Absolutely. We want to do this because of individual applications running
>> in the same container should have separate stores. Doesn't Camel operate
>> with å SSLContext for this purpose for the components?
>> Den 5. jan. 2012 08:09 skrev "Alexandre Gattiker"<[hidden email]>
>> følgende:
>>
>>> Good catch, many thanks!
>>>
>>> Still, it would be very useful to be able to set the key store
>>> parameters programmatically for an endpoint, rather than through
>>> system properties only.
>>>
>>> Best regards,
>>> Alexandre
>>>
>>> On Wed, Jan 4, 2012 at 9:07 PM, Daniel Kulp<[hidden email]>  wrote:
>>>> On Wednesday, January 04, 2012 8:39:54 PM Alexandre Gattiker wrote:
>>>>> As of Camel 2.9.0 I can write:
>>>>>
>>>>> Map<String, Object>  cxfProperties = new HashMap<String, Object>();
>>>>> cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
>>>>> cxfEndpoint.setProperties(cxfProperties);
>>>>>
>>>>> Is there a similar way to set the TLSClientParameters? I would like to
>>>>> set them e.g. from the usual system properties
>>>>> javax.net.ssl.keyStoreType, etc. which are not honored by the default
>>>>> HTTP Conduit (why?).
>>>>
>>>> Argh....   bug in CXF.     Just looked at the code.   We are grabbing the
>>>> system property for javax.net.ssl.keyStore and
>>> javax.net.ssl.keyStorePassword,
>>>> but not for keyStoreType.  :-(
>>>>
>>>> Will fix.
>>>>
>>>> Dan
>>>>
>>>>
>>>>
>>>>
>>>>>
>>>>> In CXF I can write the following, but I couldn't find a Camel
>>> equivalent:
>>>>> JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
>>>>> ...
>>>>> proxy = factory.create();
>>>>> HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
>>>>> TLSClientParameters tcp = new TLSClientParameters();
>>>>> tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
>>>>> tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
>>>>> conduit.setTlsClientParameters(tcp);
>>>>>
>>>>>
>>>>> I found a workaround as follows, but it is quite complicated. Also,
>>>>> the CXF conduit wildcard (name="*.http-conduit") doesn't work.
>>>>>
>>>>> context = new SpringCamelContext(new
>>>>> ClassPathXmlApplicationContext("/camel-ssl.xml"));
>>>>> context.addRoutes(...)
>>>>>
>>>>> camel-ssl.xml:
>>>>> <?xml version="1.0" encoding="UTF-8"?>
>>>>> <beans xmlns="http://www.springframework.org/schema/beans"
>>>>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>>>>> xmlns:http="http://cxf.apache.org/transports/http/configuration"
>>>>>          xmlns:sec="http://cxf.apache.org/configuration/security"
>>>>> xmlns:jaxws="http://java.sun.com/xml/ns/jaxws"
>>>>>          xsi:schemaLocation="
>>>>>         http://www.springframework.org/schema/beans
>>>>> http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
>>>>>        http://cxf.apache.org/transports/http/configuration
>>>>> http://cxf.apache.org/schemas/configuration/http-conf.xsd
>>>>>         http://cxf.apache.org/configuration/security
>>>>> http://cxf.apache.org/schemas/configuration/security.xsd
>>>>> ">
>>>>>
>>>>>          <bean
>>>>>
>>> class="org.springframework.beans.factory.config.PropertyPlaceholderConfigur
>>>>> er">  <property name="properties">
>>>>>                          <props>
>>>>>                                  <prop
>>>>> key="javax.net.ssl.trustStoreType">JKS</prop>
>>>>>                                  <prop
>>>>> key="javax.net.ssl.keyStoreType">JKS</prop>
>>>>>                                  <prop
>>>>> key="javax.net.ssl.keyStorePassword">changeit</prop>
>>>>>                          </props>
>>>>>                  </property>
>>>>>                  <property name="systemPropertiesModeName">
>>>>>                          <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
>>>>>                  </property>
>>>>>          </bean>
>>>>>
>>>>>          <http:conduit id="myHttpConduit"
>>> name="{myNs}myPort.http-conduit">
>>>>>                  <http:tlsClientParameters>
>>>>>                          <sec:keyManagers
>>>>> keyPassword="${javax.net.ssl.keyStorePassword}">
>>>>>                                  <sec:keyStore
>>>>> type="${javax.net.ssl.keyStoreType}"
>>>>> password="${javax.net.ssl.keyStorePassword}"
>>>>> file="${javax.net.ssl.keyStore}" />
>>>>>                          </sec:keyManagers>
>>>>>                          <sec:trustManagers>
>>>>>                                  <sec:keyStore
>>>>> type="${javax.net.ssl.trustStoreType}"
>>>>> file="${javax.net.ssl.trustStore}" />
>>>>>                          </sec:trustManagers>
>>>>>                  </http:tlsClientParameters>
>>>>>          </http:conduit>
>>>>> </beans>
>>>>>
>>>>> Thanks in advance for your advice.
>>>> --
>>>> Daniel Kulp
>>>> [hidden email] - http://dankulp.com/blog
>>>> Talend Community Coder - http://coders.talend.com
>>>
>
>
>



--
Willem
----------------------------------
FuseSource
Web: http://www.fusesource.com
Blog:    http://willemjiang.blogspot.com (English)
         http://jnn.javaeye.com (Chinese)
Twitter: willemjiang
Weibo: willemjiang

Reply | Threaded
Open this post in threaded view
|

Re: Setting CXF TLSClientParameters programmatically

jjathman
I realize this is a very old post, but I don't really see a concrete answer to the questions from the OP. From what I can tell using a wildcard HTTP conduit configuration does not work correctly when programmatically creating a CxfEndpoint. Using that would be ideal, but even if that isn't possible can we programmatically set the TLS Client Parameters somehow?