Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

Setting SSLContextParameter from Code

49 views
Skip to first unread message

cobo lus

unread,
Jan 21, 2024, 4:00:42 PM1/21/24
to ipf-user
Hi !

how can I set aSSLContextParameter object from the java code as I somehow try to add it to the registry but it is not used afterwards by the ITI components.
If I specify it using the javax.ssl.net parameters my trusstore is picked up.
I'm using IPF 4.7.0

thx for your help

Dmytro Rud

unread,
Jan 21, 2024, 10:51:39 PM1/21/24
to ipf-...@googlegroups.com
Hi !

Do you explicitly reference the newly created bean in the endpoint URI parameter sslContextParameters?  Could you show some code?  

Best regards
Dmytro



--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/96ae306b-f51b-4ccf-9b5d-51380e9b5263n%40googlegroups.com.

cobo lus

unread,
Jan 22, 2024, 12:19:47 AM1/22/24
to ipf-user
Hi !

yes I tried to reference it with the URI parameter.
Here the way how I try to setup the SSL Context Parameter:

private void createSSLContextParameters() throws Exception {
if(sslConfig.isEnabled())
{
SSLContextParameters sslContextParameters = new SSLContextParameters();
if(!StringUtilities.isEmpty(sslConfig.getKeystore())) {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(sslConfig.getKeystore());
ksp.setPassword(sslConfig.getKeystorePassword());

KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyStore(ksp);
kmp.setKeyPassword(sslConfig.getKeyPassword());
sslContextParameters.setKeyManagers(kmp);
}
if(!StringUtilities.isEmpty(sslConfig.getTruststore())) {
KeyStoreParameters tsp = new KeyStoreParameters();
tsp.setResource(sslConfig.getTruststore());
tsp.setPassword(sslConfig.getTruststorePassword());

TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(tsp);
sslContextParameters.setTrustManagers(tmp);
}

 DefaultRegistry registry = (DefaultRegistry) camelContext.getRegistry();
registry.bind(sslConfig.getName(), sslContextParameters);
((org.apache.camel.impl.DefaultCamelContext) camelContext).setRegistry(registry);


Map<String,SSLContextParameters> sslContextParameterMap = camelContext.getRegistry().findByTypeWithName(SSLContextParameters.class);

for(String s : sslContextParameterMap.keySet())
{
log.info("SSL Contexts: " + s);
}
}
}

This method is called when I build my Camel Route before I setup any other thing.
The log also prints my SSL Context Parameter bean but when I reference it afterwards for the ITI transaction I get some very strange SSL Error:

Caused by: java.lang.RuntimeException: Unexpected error: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty

When I change to javax.ssl.net it for some unknown reason works.

Dmytro Rud

unread,
Jan 22, 2024, 12:29:29 AM1/22/24
to ipf-...@googlegroups.com
JVM variables expect file paths, SSLContextParameters expect resource paths.  Would it help to add the prefix "file:" to sslConfig.getKeystore() and sslConfig.getTruststore()?  Otherwise everything seems Ok.

Best regards
Dmytro


cobo lus

unread,
Jan 23, 2024, 2:07:57 PM1/23/24
to ipf-user
Hi !
thanks for the help - the file: fixed it :)

much appreciated !
Reply all
Reply to author
Forward
0 new messages