http conduit - can i specify this at runtime

[Jason Countryman]

Good afternoon,

I have an client application built on the ipf libraries that can connect to multiple different HIEs.  I need to come up with a solution to be able to use different keystores to identify ourselves via TLS.

I'm wondering if I can specify the http:conduit in the template or the exchange, or as a hook on the endpoint string, similar to 'secure=true'.  Then I could have multiple named conduits in my applicationContext.xml and just use the correct one per HIE.

If not, is there another way to do something like this that lets me specify the keystore at runtime?

Thanks

Jason

[Jason Countryman]

Note, this is for iti-41, iti-44, iti-42, and iti-18.

[Dmytro Rud]

Hi Jason

You can use URI parameter &sslContextParameters=#beanName, where the referenced bean must be of type org.apache.camel.util.jsse.SSLContextParameters.

Such a bean can be created on the fly and then injected into the bean registry:

@Autowired
private org.springframework.beans.factory.config.ConfigurableBeanFactory registry;

... 

SSLContextParameters params = new ...;

registry.registerSingleton("mySslParams", params);

...

to("xds-iti41:iti41Endpoint&secure=true&sslContextParameters=#mySslParams&hostnameVerifier=#myHostnameVerifier");

(I mentioned the hostname verifier in the URI because most probably you will need one as well.)

Best regards

Dmytro

Am Do., 28. Mai 2020 um 22:12 Uhr schrieb Jason Countryman <jason.co...@gmail.com>:

Note, this is for iti-41, iti-44, iti-42, and iti-18.

--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/8030ab39-8678-445d-b6ed-127b04e3e2b4%40googlegroups.com.

[Jason Countryman]

Dmytro, 

That's excellent, thank you so much.

Is there a list anywhere of all the URI parameters?  I went looking briefly through the ipf documentation, and didn't see anything.  Is that a cxf specific item?

Thanks

Jason

[Dmytro Rud]

At the end of each component description -- for example, https://oehf.github.io/ipf-docs/docs/ihe/iti18/ for ITI-18 -- there is a list of links to pages describing various component features and corresponding URI parameters.

In particular, security-related parameters are described in https://oehf.github.io/ipf-docs/docs/ihe/wsSecureTransport.

Best regards

Dmytro

--

You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/217132bd-102b-43c0-b28a-e4fd1d57a9bd%40googlegroups.com.

[Jason Countryman]

Hello, Dmytro,

I am having an issue trying to use the injected beans I've created.  Here is a sample of how I'm doing it:  (I removed passwords and actual file structure)

                KeyStoreParameters rochKSP = new KeyStoreParameters();

        rochKSP.setResource("keystore.jks");

        rochKSP.setPassword("XXX");

        

        KeyManagersParameters rochKMP = new KeyManagersParameters();

        rochKMP.setKeyPassword("XXX");

        rochKMP.setKeyStore(rochKSP);

        

        SSLContextParameters rochSSLParams = new SSLContextParameters();               

        rochSSLParams.setCamelContext((CamelContext)applicationContext.getBean("clientContext"));

        rochSSLParams.setCertAlias("XXX");

        rochSSLParams.setKeyManagers(rochKMP);

        rochSSLParams.setTrustManagers(trustMP);

        rochSSLParams.setCipherSuitesFilter(filters);

        registry.registerSingleton("rochSSLParams",rochSSLParams);

I have logging setup to see the beans get registered, and I believe that is working successfully.  That code fires before the endpoint is even constructed.  When I try to reference that bean in the endpoint, I get the following error:

Could not find a suitable setter for property: sslContextParameters as there isn't a setter method with same type: java.lang.String nor type conversion possible: No type converter available to convert from type: java.lang.String to the required type: org.apache.camel.util.jsse.SSLContextParameters with value #rochSSLParams

The endpoint is constructed like this:  ( I have removed the ACTUAL endpoint )

pixv3-iti45://testendpoint.com/pixmanager?secure=true&sslContextParameters=#rochSSLParams&inFaultInterceptors=#serverInLogger&outFaultInterceptors=#serverOutLogger&outInterceptors=#OutgoingSamlInterceptor,#ossi,#opei&audit=false

I don't get any errors on the actual injection of the beans, everything appears to function fine until they are attempted to be used.

Is there any guidance you can give me on this?

Thank you,

Jason

[Dmytro Rud]

Hi Jason

Can it be that you have multiple bean registries and register your bean not in the one used later by Camel?

Best regards

Dmytro

--

You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/ae0794bd-41c8-473a-a550-763deca869ac%40googlegroups.com.

[Jason Countryman]

Dmytro,

I don't believe so, but I'm not very well versed in camel.  Here is how i'm instantiating the registry:

public class RhioSSLContext {

    

    private static Logger LOGGER=LogManager.getLogger(RhioSSLContext.class.getName());

    

    ApplicationContext applicationContext = new ClassPathXmlApplicationContext("classpath:applicationContext.xml");

    

    @Autowired

    ConfigurableBeanFactory registry = (ConfigurableBeanFactory)applicationContext.getAutowireCapableBeanFactory();      

Thanks,

Jason

On Monday, June 1, 2020 at 11:38:00 AM UTC-4, Dmytro Rud wrote:

Hi Jason

Can it be that you have multiple bean registries and register your bean not in the one used later by Camel?

Best regards

Dmytro

To unsubscribe from this group and stop receiving emails from it, send an email to ipf-...@googlegroups.com.

[Dmytro Rud]

And if you omit the initializer of "registry" and let Spring autowire the value -- will it be the same?

To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/cbf55089-38d5-4138-b7d4-2e6469d68428%40googlegroups.com.

[Jason Countryman]

That fails on the injection, but I don't get any kind of logging of the error in any log.  It just seems to hang the thread.

[Jason Countryman]

Instead of auto-injecting the bean, I decided to use the camel bean handling to setup all the possible keystores I might need:  ( I do know ahead of time what ones I MIGHT need)

    <!-- let's try some per-rhio keystores -->

    <camel:sslContextParameters id="rochSSLParams">

        <camel:keyManagers keyPassword="XXX">

            <camel:keyStore type="JKS" resource="keystore.jks" password="XXX" />

        </camel:keyManagers>

        <camel:trustManagers>

            <camel:keyStore type="JKS" resource="truststore.jks" password="XXX" />

        </camel:trustManagers>

    </camel:sslContextParameters>

That worked for me.  Thanks for taking a look at this for me, Dmytro.

-Jason