camel-jms: how to set TLS parameters for network connector in Spring Boot and Java

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

camel-jms: how to set TLS parameters for network connector in Spring Boot and Java

c031917
From an embedded broker I must access a remote broker with two way mutual trust, creating a network of brokers.

In old times I just added a SSLContext and the network connector picked it up:

                <sslContext>
                        <sslContext
                                keyStore="file:${activemq.base}/conf/my_ks.jks"
                                keyStorePassword="***"
                                trustStore="file:${activemq.base}/conf/my_ts.jks"
                                trustStorePassword="***"/>
                </sslContext>


                <networkConnectors>
                        <networkConnector uri="static://(ssl://hostxy:60617)"
                                name="5519atob"
                                duplex="true"
                                conduitSubscriptions="true"
                                decreaseNetworkConsumerPriority="false">
                        </networkConnector>
                </networkConnectors>



Today I want to do the same with pure Java in Spring Boot 2.
Setup of the broker via bean works fine without TLS.

But adding a bean for the TLS parameters and referring to it in the network connector URI with ?sslContextParameters=#sslHH does not work, this seems not being supported by camel-jms. CiA lists some components, but not camel-jms

Spring Boot docs do not mention parameters related to activemq and TLS.

So what is the right way to set the TLS parameters, ideally externalized via application.properties ?


Peter

----------------------------------------------

Route:

from("vm://turntable:ddbqueue").routeId("ddbqueue")
....



Broker config:

@Configuration
public class AMQConfig
{
    @Bean(name = "amq")
    public BrokerService broker()
    {
        BrokerService broker = new BrokerService();
        broker.setBrokerName("turntable");

        NetworkConnector connector = null;

// does not work:  connector = broker.addNetworkConnector("static://"+"ssl://0.0.0.0:60617?sslContextParameters=#sslHH");
         connector = broker.addNetworkConnector("static://"+"tcp://0.0.0.0:60616");  // works

         broker.addConnector("tcp://0.0.0.0:61616");
         broker.start();

         return broker;
    }

@Configuration
public class BlobAppConfig
{
    @Bean(name = "CredsForBlob")
    public StorageCredentials creds() throws StorageException
    {
        try {
            StorageCredentials creds = new StorageCredentialsAccountAndKey("shared1", "jG/zyK97vKeHlSH49mQD1X1j17zWOMfIE2epjchQ74+TYRjctwqlE30MvIDqaY1CwRc6yxPmDgsRAee8myDOTA==");
            return creds;
        } catch (Exception ex) {
            throw ex;
        }
    }


Other file with ssl config bean:

    @Bean(name = "sslHH")
    public SSLContextParameters sslhh()
    {
        KeyStoreParameters ksp = new KeyStoreParameters();
        ksp.setResource("my_ks.jks");
        ksp.setPassword("****");
        KeyManagersParameters kmp = new KeyManagersParameters();
        kmp.setKeyPassword("****");
        kmp.setKeyStore(ksp);

        KeyStoreParameters tsp = new KeyStoreParameters();
        tsp.setResource("my_ts.jks");
        tsp.setPassword("****");
        TrustManagersParameters tmp = new TrustManagersParameters();
        tmp.setKeyStore(tsp);

        SSLContextParameters sslhh = new SSLContextParameters();
        sslhh.setKeyManagers(kmp);
        sslhh.setTrustManagers(tmp);

        return sslhh;
    }
}





Knorr-Bremse Systeme für Schienenfahrzeuge GmbH
Sitz: München
Geschäftsführer: Dr. Jürgen Wilder (Vorsitzender), Mark Cleobury, Dr. Nicolas Lange, Dr. Peter Radina, Harald Schneider
Registergericht München, HR B 91 181

This transmission is intended solely for the addressee and contains confidential information.
If you are not the intended recipient, please immediately inform the sender and delete the message and any attachments from your system.
Furthermore, please do not copy the message or disclose the contents to anyone unless agreed otherwise. To the extent permitted by law we shall in no way be liable for any damages, whatever their nature, arising out of transmission failures, viruses, external influence, delays and the like.