5 Replies Latest reply on Jan 12, 2015 9:02 AM by Narayanan HariharaSubramanian

    Camel CMIS SSL support

    Narayanan HariharaSubramanian Newbie

      In my JBoss Fuse (6.1) application, I am trying to use Camel CMIS component to query from filenet. But I could not figure out a way to implement SSL support on CMIS. Here is the uri:

       

      <to uri="cmis:https://dev.cmis.host:9083/fncmis/resources/Service?username={{username}}&amp;password={{password}}&amp;queryMode=true&amp;repositoryId=FILE_REPO&amp;readCount=50&amp;readContent=false" />
      

       

      Is there anyway I can wire in SSL context parameters and possible disable host name verifiaction as well?

        • 1. Re: Camel CMIS SSL support
          Claus Ibsen Master

          Its currently not supported in camel-cmis.

           

          I suggest to look at what Apache Chemistry

          http://chemistry.apache.org/java/opencmis.html

           

          supports. Then we can see what it takes to add that to the camel-cmis component. for SSL there is camel jsse that would be great to support then

          http://camel.apache.org/camel-configuration-utilities.html

           

          Then its a matter of using that to setup a SSLContextParameters that camel-cmis can use.

          • 2. Re: Re: Camel CMIS SSL support
            Narayanan HariharaSubramanian Newbie

            Yup. Apache Chemistry exports an AuthenticationProvider interface org.apache.chemistry.opencmis.commons.spi.AuthenticationProvider that includes:

             

            SSLSocketFactory getSSLSocketFactory();
            HostnameVerifier getHostnameVerifier();
            

             

            May be we can subclass org.apache.chemistry.opencmis.client.bindings.spi.StandardAuthenticationProvider to overload these 2 methods with the SSLSocketFactory created from SSLContextParameters.

             

            Currently Camel CMISSessionFacade creates the chemistry Session using SessionFactoryLocator.getSessionFactory().createSession(parameter);

            Instead, we could use

             

            createSession(Map<String, String> parameters, ObjectFactory objectFactory, AuthenticationProvider authenticationProvider, Cache cache)
            

             

            under org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl class to inject the AuthenticationProvider.

            • 3. Re: Re: Camel CMIS SSL support
              Narayanan HariharaSubramanian Newbie

              Creating custom AuthenticationProvider creates OSGi classloader issues as the OpenCMIS api does not have visibility to custom class.. it may work on non-OSGi environments.

              • 4. Re: Camel CMIS SSL support
                Claus Ibsen Master

                Thanks for diving into this to see what can be done.

                 

                I have logged a ticket at Apache to add support for SSL

                https://issues.apache.org/jira/browse/CAMEL-8230

                • 5. Re: Re: Camel CMIS SSL support
                  Narayanan HariharaSubramanian Newbie

                  Thanks very much, Claus. Few concerns:

                   

                  1. Apache Chemistry exports an AuthenticationProvoider interface, but the interface SessionFactory only exports createSession(parameter) and only the implementation class org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl supports using AuthenticationProvider.

                  2. The package org.apache.chemistry.opencmis.client.runtime is not osgi-exported by Chemistry API, so we cannot directly access org.apache.chemistry.opencmis.client.runtime.SessionFactoryImpl in OSGi environments.

                  3. Chemistry API supports custom AuthenticationProvider using the SessionParameter.AUTHENTICATION_PROVIDER_CLASS parameter , but then it does Class.forName(authProviderClassName).newInstance() to create the instance which is causing ClassNotFoundException since Chemistry API does not have visibility to custom authentication provider in OSGi environment.

                   

                  It looks like few changes are required at Chemistry side as well. Once again, thanks very much.