3 Replies Latest reply on Dec 13, 2011 9:55 PM by Willem Jiang

    blueprint conversion problems

    bjsteffes Newbie

      I am converting my spring camel context files to blueprint. I have not been able to get the tls authentication to work. What is the best way to do this?

       

      I am using Fuse ESB 4.4.1

       

      My current tls configuration looks like this:

      -


      <httpj:engine-factory bus="cxf">

        <httpj:engine port="9003">

          <httpj:tlsServerParameters>

            <sec:keyManagers keyPassword="password">

              <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Tarpin.jks"/>

            </sec:keyManagers>

            <sec:trustManagers>

              <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>

            </sec:trustManagers>

            <sec:cipherSuitesFilter>

              <sec:include>.EXPORT.</sec:include>

              <sec:include>.EXPORT1024.</sec:include>

              <sec:include>.WITHDES_.</sec:include>

              <sec:include>.WITHNULL_.</sec:include>

              <sec:exclude>.DHanon_.</sec:exclude>

            </sec:cipherSuitesFilter>

            <sec:clientAuthentication want="true" required="true"/>

          </httpj:tlsServerParameters>

        </httpj:engine>

      </httpj:engine-factory>

      -


       

      what is the equivalent for blueprint?

       

      Thanks!

        • 1. Re: blueprint conversion problems
          Willem Jiang Master

          Hi,

           

          I just checked the CXF trunk code, current we don't have blueprint support as you want on the Jetty server. If you want to do it , you may need write some java code to such kind of configuration.

           

          Willem

          • 2. Re: blueprint conversion problems
            bjsteffes Newbie

            Below is the code I used to configure this in Java. It tends to work. You will need to add cxf-rt-transports-http-jetty as a dependency in your pom.xml.

             

            -


             

            package my.test.classes

             

            import java.io.FileInputStream;

            import java.security.KeyStore;

             

            import javax.net.ssl.KeyManagerFactory;

            import javax.net.ssl.TrustManagerFactory;

             

            import org.apache.camel.builder.RouteBuilder;

            import org.apache.commons.logging.Log;

            import org.apache.commons.logging.LogFactory;

            import org.apache.cxf.BusFactory;

            import org.apache.cxf.configuration.jsse.TLSServerParameters;

            import org.apache.cxf.configuration.security.ClientAuthentication;

            import org.apache.cxf.configuration.security.FiltersType;

            import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory;

             

            public class TlsConfigurator extends RouteBuilder

            {

              private static final Log LOG = LogFactory.getLog(TlsConfigurator.class);

             

              @Override

              public void configure()

              {

                try

                {

                  final String ksLoc=getContext().resolvePropertyPlaceholders("{{karaf.home}}/{{keystore.location}}");

                  final String ksPass=getContext().resolvePropertyPlaceholders("{{keystore.password}}");

                  final String kPass=getContext().resolvePropertyPlaceholders("{{key.password}}");

                  final String tsLoc=getContext().resolvePropertyPlaceholders("{{karaf.home}}/{{truststore.location}}");

                  final String tsPass=getContext().resolvePropertyPlaceholders("{{truststore.passwprd}}");

                  final String portStr=getContext().resolvePropertyPlaceholders("{{port}}");

                  final int port=Integer.valueOf(portStr);

             

                  ClientAuthentication ca = new ClientAuthentication();

                  ca.setRequired(true);

             

                  KeyStore ks = KeyStore.getInstance("JKS");

                  ks.load(new FileInputStream(ksLoc),ksPass.toCharArray());

             

                  KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());

                  kmf.init(ks, kPass.toCharArray());

             

                  KeyStore ts = KeyStore.getInstance("JKS");

                  ts.load(new FileInputStream(tsLoc),tsPass.toCharArray());

             

                  TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustMaanagerFactory.getDefaultAlgorithm());

                  tmf.init(ts);

             

                  FiltersType ft = new FiltersType();

                  ft.getInclude().add(".WITH3DES_.");

                  fs.getExclude().add(".WITHDES_.");

                  fs.getExclude().add(".WITHNULL_.");

                  fs.getExclude().add(".DHanon_.");

             

                  TLSServerParameters sp = new TLSServerParameters();

                  sp.setClientAuthentication(ca);

                  sp.setKeyManagers(kmf.getKeyManagers);

                  sp.setTrustManagers(tmf.getTrustManagers);

                  sp.setCipherSuitesFilter(ft);

             

                  JettyHTTPServerEngineFactory f = BusFactory.getDefaultBus().getExtension(JettyHTTPServerEngineFactory.class);

                  if (f == null)

                  {

                    f = new JettyHTTPServerEngineFactory();

                    BusFactory.getDefaultBus().setExtension(f, JettyHTTPServerEngineFactory.class);

                  }

                  f.setTLSServerParametersForPort(port, sp);

                }

                catch(Exception e)

                {

                  LOG.error(e.getMessage(), e);

                }

              }

            }

            • 3. Re: blueprint conversion problems
              Willem Jiang Master

              Yeah, it could work if you just have only one normal CXF bus, as  you are using the BusFactory.getDefaultBus().

              If you there are more than one CXF application, you may consider to create a new Bus and pass it into camel-cxf endpoint by using the bus option like this[1]

               

              http://willemjiang.blogspot.com/2010/02/configure-camel-cxf-endpoint-advance.html

               

              Willem