http conduit - can i specify this at runtime

32 views
Skip to first unread message

Jason Countryman

unread,
May 28, 2020, 4:10:20 PM5/28/20
to ipf-user
Good afternoon,

I have an client application built on the ipf libraries that can connect to multiple different HIEs.  I need to come up with a solution to be able to use different keystores to identify ourselves via TLS.

I'm wondering if I can specify the http:conduit in the template or the exchange, or as a hook on the endpoint string, similar to 'secure=true'.  Then I could have multiple named conduits in my applicationContext.xml and just use the correct one per HIE.

If not, is there another way to do something like this that lets me specify the keystore at runtime?

Thanks

Jason

Jason Countryman

unread,
May 28, 2020, 4:12:50 PM5/28/20
to ipf-user
Note, this is for iti-41, iti-44, iti-42, and iti-18.

Dmytro Rud

unread,
May 28, 2020, 4:28:37 PM5/28/20
to ipf-...@googlegroups.com
Hi Jason

You can use URI parameter &sslContextParameters=#beanName, where the referenced bean must be of type org.apache.camel.util.jsse.SSLContextParameters.
Such a bean can be created on the fly and then injected into the bean registry:

@Autowired
private org.springframework.beans.factory.config.ConfigurableBeanFactory registry;
... 
SSLContextParameters params = new ...;
registry.registerSingleton("mySslParams", params);
...
to("xds-iti41:iti41Endpoint&secure=true&sslContextParameters=#mySslParams&hostnameVerifier=#myHostnameVerifier");

(I mentioned the hostname verifier in the URI because most probably you will need one as well.)

Best regards
Dmytro


Am Do., 28. Mai 2020 um 22:12 Uhr schrieb Jason Countryman <jason.co...@gmail.com>:
Note, this is for iti-41, iti-44, iti-42, and iti-18.

--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/8030ab39-8678-445d-b6ed-127b04e3e2b4%40googlegroups.com.

Jason Countryman

unread,
May 28, 2020, 4:33:36 PM5/28/20
to ipf-user
Dmytro, 

That's excellent, thank you so much.

Is there a list anywhere of all the URI parameters?  I went looking briefly through the ipf documentation, and didn't see anything.  Is that a cxf specific item?

Thanks
Jason

Dmytro Rud

unread,
May 28, 2020, 4:41:47 PM5/28/20
to ipf-...@googlegroups.com
At the end of each component description -- for example, https://oehf.github.io/ipf-docs/docs/ihe/iti18/ for ITI-18 -- there is a list of links to pages describing various component features and corresponding URI parameters.
In particular, security-related parameters are described in https://oehf.github.io/ipf-docs/docs/ihe/wsSecureTransport.

Best regards
Dmytro


--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.

Jason Countryman

unread,
Jun 1, 2020, 11:19:49 AM6/1/20
to ipf-user
Hello, Dmytro,

I am having an issue trying to use the injected beans I've created.  Here is a sample of how I'm doing it:  (I removed passwords and actual file structure)

                KeyStoreParameters rochKSP = new KeyStoreParameters();
        rochKSP.setResource("keystore.jks");
        rochKSP.setPassword("XXX");
        
        KeyManagersParameters rochKMP = new KeyManagersParameters();
        rochKMP.setKeyPassword("XXX");
        rochKMP.setKeyStore(rochKSP);
        
        SSLContextParameters rochSSLParams = new SSLContextParameters();               
        rochSSLParams.setCamelContext((CamelContext)applicationContext.getBean("clientContext"));
        rochSSLParams.setCertAlias("XXX");
        rochSSLParams.setKeyManagers(rochKMP);
        rochSSLParams.setTrustManagers(trustMP);
        rochSSLParams.setCipherSuitesFilter(filters);
        registry.registerSingleton("rochSSLParams",rochSSLParams);

I have logging setup to see the beans get registered, and I believe that is working successfully.  That code fires before the endpoint is even constructed.  When I try to reference that bean in the endpoint, I get the following error:

Could not find a suitable setter for property: sslContextParameters as there isn't a setter method with same type: java.lang.String nor type conversion possible: No type converter available to convert from type: java.lang.String to the required type: org.apache.camel.util.jsse.SSLContextParameters with value #rochSSLParams

The endpoint is constructed like this:  ( I have removed the ACTUAL endpoint )


I don't get any errors on the actual injection of the beans, everything appears to function fine until they are attempted to be used.

Is there any guidance you can give me on this?

Thank you,

Jason

Dmytro Rud

unread,
Jun 1, 2020, 11:38:00 AM6/1/20
to ipf-...@googlegroups.com
Hi Jason

Can it be that you have multiple bean registries and register your bean not in the one used later by Camel?

Best regards
Dmytro


--
You received this message because you are subscribed to the Google Groups "ipf-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.

Jason Countryman

unread,
Jun 1, 2020, 11:43:27 AM6/1/20
to ipf-user
Dmytro,

I don't believe so, but I'm not very well versed in camel.  Here is how i'm instantiating the registry:

public class RhioSSLContext {
    
    private static Logger LOGGER=LogManager.getLogger(RhioSSLContext.class.getName());
    
    ApplicationContext applicationContext = new ClassPathXmlApplicationContext("classpath:applicationContext.xml");
    
    @Autowired
    ConfigurableBeanFactory registry = (ConfigurableBeanFactory)applicationContext.getAutowireCapableBeanFactory();      


Thanks,
Jason


On Monday, June 1, 2020 at 11:38:00 AM UTC-4, Dmytro Rud wrote:
Hi Jason

Can it be that you have multiple bean registries and register your bean not in the one used later by Camel?

Best regards
Dmytro


To unsubscribe from this group and stop receiving emails from it, send an email to ipf-...@googlegroups.com.

Dmytro Rud

unread,
Jun 1, 2020, 11:45:25 AM6/1/20
to ipf-...@googlegroups.com
And if you omit the initializer of "registry" and let Spring autowire the value -- will it be the same?


To unsubscribe from this group and stop receiving emails from it, send an email to ipf-user+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ipf-user/cbf55089-38d5-4138-b7d4-2e6469d68428%40googlegroups.com.

Jason Countryman

unread,
Jun 1, 2020, 11:47:07 AM6/1/20
to ipf-user
That fails on the injection, but I don't get any kind of logging of the error in any log.  It just seems to hang the thread.

Jason Countryman

unread,
Jun 1, 2020, 2:50:43 PM6/1/20
to ipf-user

Instead of auto-injecting the bean, I decided to use the camel bean handling to setup all the possible keystores I might need:  ( I do know ahead of time what ones I MIGHT need)

    <!-- let's try some per-rhio keystores -->
    <camel:sslContextParameters id="rochSSLParams">
        <camel:keyManagers keyPassword="XXX">
            <camel:keyStore type="JKS" resource="keystore.jks" password="XXX" />
        </camel:keyManagers>
        <camel:trustManagers>
            <camel:keyStore type="JKS" resource="truststore.jks" password="XXX" />
        </camel:trustManagers>
    </camel:sslContextParameters>

That worked for me.  Thanks for taking a look at this for me, Dmytro.

-Jason
Reply all
Reply to author
Forward
0 new messages