5 Replies Latest reply on Jan 12, 2015 9:02 AM by narayanan.hari

Camel CMIS SSL support

narayanan.hari Jan 8, 2015 12:33 PM

In my JBoss Fuse (6.1) application, I am trying to use Camel CMIS component to query from filenet. But I could not figure out a way to implement SSL support on CMIS. Here is the uri:

<to uri="cmis:https://dev.cmis.host:9083/fncmis/resources/Service?username={{username}}&amp;password={{password}}&amp;queryMode=true&amp;repositoryId=FILE_REPO&amp;readCount=50&amp;readContent=false" />

Is there anyway I can wire in SSL context parameters and possible disable host name verifiaction as well?

1. Re: Camel CMIS SSL support

davsclaus Jan 9, 2015 2:58 AM (in response to narayanan.hari)

Its currently not supported in camel-cmis.

I suggest to look at what Apache Chemistry
http://chemistry.apache.org/java/opencmis.html

supports. Then we can see what it takes to add that to the camel-cmis component. for SSL there is camel jsse that would be great to support then
http://camel.apache.org/camel-configuration-utilities.html

Then its a matter of using that to setup a SSLContextParameters that camel-cmis can use.
Actions
2. Re: Re: Camel CMIS SSL support

narayanan.hari Jan 9, 2015 3:54 PM (in response to davsclaus)
Yup. Apache Chemistry exports an AuthenticationProvider interface org.apache.chemistry.opencmis.commons.spi.AuthenticationProvider that includes:

SSLSocketFactory getSSLSocketFactory(); HostnameVerifier getHostnameVerifier();

May be we can subclass org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider to overload these 2 methods with the SSLSocketFactory created from SSLContextParameters.

Currently Camel CMISSessionFacade creates the chemistry Session using SessionFactoryLocator.getSessionFactory().createSession(parameter);
Instead, we could use

createSession(Map<String, String> parameters, ObjectFactory objectFactory, AuthenticationProvider authenticationProvider, Cache cache)

under org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl class to inject the AuthenticationProvider.
Actions
3. Re: Re: Camel CMIS SSL support

narayanan.hari Jan 9, 2015 8:18 PM (in response to narayanan.hari)

Creating custom AuthenticationProvider creates OSGi classloader issues as the OpenCMIS api does not have visibility to custom class.. it may work on non-OSGi environments.
Actions
4. Re: Camel CMIS SSL support

davsclaus Jan 12, 2015 4:02 AM (in response to narayanan.hari)

Thanks for diving into this to see what can be done.

I have logged a ticket at Apache to add support for SSL
https://issues.apache.org/jira/browse/CAMEL-8230
Actions
5. Re: Re: Camel CMIS SSL support

narayanan.hari Jan 12, 2015 9:02 AM (in response to davsclaus)

Thanks very much, Claus. Few concerns:

1. Apache Chemistry exports an AuthenticationProvoider interface, but the interface SessionFactory only exports createSession(parameter) and only the implementation class org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl supports using AuthenticationProvider.
2. The package org.apache.chemistry.opencmis.client.runtime is not osgi-exported by Chemistry API, so we cannot directly access org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl in OSGi environments.
3. Chemistry API supports custom AuthenticationProvider using the SessionParameter.AUTHENTICATION_PROVIDER_CLASS parameter , but then it does Class.forName(authProviderClassName).newInstance() to create the instance which is causing ClassNotFoundException since Chemistry API does not have visibility to custom authentication provider in OSGi environment.

It looks like few changes are required at Chemistry side as well. Once again, thanks very much.
Actions

Go to original post