This is an automated email from the ASF dual-hosted git repository. acosentino pushed a commit to branch 23182 in repository https://gitbox.apache.org/repos/asf/camel.git
commit 56b75d812b55bf1c4d511172063b2f16ef5d8043 Author: Andrea Cosentino <[email protected]> AuthorDate: Wed Mar 11 20:12:24 2026 +0100 CAMEL-23182 - Post-Quantum Cryptography (PQC) readiness: camel-mongodb: Add SSLContextParameters support and fix hardcoded TLS version Add SSLContextParameters support and fix hardcoded TLS version - Replace hardcoded SSLContext.getInstance("TLSv1.2") with SSLContext.getInstance("TLS") in SslAwareMongoClient to allow the JVM to negotiate the highest supported TLS version including TLS 1.3 with PQC key exchange - Implement SSLContextParametersAware on MongoDbComponent to support global SSL context parameters - Add sslContextParameters endpoint option on MongoDbEndpoint for per-endpoint SSL/TLS configuration via Camel's SSLContextParameters - When sslContextParameters is set, TLS is automatically enabled on the MongoDB connection with proper SSLContext configuration Add TLS integration test with test-infra - Add MongoDBLocalContainerTLSService to test-infra-mongodb that starts a standalone mongod with --tlsMode requireTLS using pre-generated self-signed certificates mounted via classpath resource mapping - Add MongoDbSslConnectionIT integration test that validates end-to-end TLS connectivity using Camel's SSLContextParameters with a JKS truststore containing the test CA certificate - Include test certificate resources: CA cert (ca.pem), combined server cert+key (server.pem), and JKS truststore (ca-truststore.jks) Signed-off-by: Andrea Cosentino <[email protected]> --- .../apache/camel/catalog/components/mongodb.json | 10 +- .../mongodb/MongoDbComponentConfigurer.java | 6 + .../mongodb/MongoDbEndpointConfigurer.java | 6 + .../mongodb/MongoDbEndpointUriFactory.java | 3 +- .../apache/camel/component/mongodb/mongodb.json | 10 +- .../camel/component/mongodb/MongoDbComponent.java | 22 ++- .../camel/component/mongodb/MongoDbEndpoint.java | 49 ++++++- .../component/mongodb/SslAwareMongoClient.java | 2 +- .../integration/MongoDbSslConnectionIT.java | 163 +++++++++++++++++++++ .../dsl/MongodbComponentBuilderFactory.java | 18 +++ .../dsl/MongoDbEndpointBuilderFactory.java | 96 ++++++++++++ .../services/MongoDBLocalContainerTLSService.java | 109 ++++++++++++++ .../infra/mongodb/services/ssl/ca-truststore.jks | Bin 0 -> 1206 bytes .../camel/test/infra/mongodb/services/ssl/ca.pem | 20 +++ .../test/infra/mongodb/services/ssl/server.pem | 48 ++++++ 15 files changed, 548 insertions(+), 14 deletions(-) diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json index f43887c6e313..c746dd4bc09c 100644 --- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json +++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/mongodb.json @@ -27,7 +27,8 @@ "mongoConnection": { "index": 0, "kind": "property", "displayName": "Mongo Connection", "group": "common", "label": "", "required": false, "type": "object", "javaType": "com.mongodb.client.MongoClient", "deprecated": false, "autowired": true, "secret": false, "description": "Shared client used for connection. All endpoints generated from the component will share this connection client." }, "bridgeErrorHandler": { "index": 1, "kind": "property", "displayName": "Bridge Error Handler", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions (if possible) occurred while the Camel consumer is trying to pickup incoming messages, or the like [...] "lazyStartProducer": { "index": 2, "kind": "property", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail [...] - "autowiredEnabled": { "index": 3, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching t [...] + "autowiredEnabled": { "index": 3, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching t [...] + "useGlobalSslContextParameters": { "index": 4, "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Enable usage of global SSL context parameters." } }, "headers": { "CamelMongoDbOperation": { "index": 0, "kind": "header", "displayName": "", "group": "producer", "label": "producer", "required": false, "javaType": "org.apache.camel.component.mongodb.MongoDbOperation or String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "The operation this endpoint will execute against MongoDB.", "constantName": "org.apache.camel.component.mongodb.MongoDbConstants#OPERATION_HEADER" }, @@ -111,8 +112,9 @@ "streamFilter": { "index": 50, "kind": "parameter", "displayName": "Stream Filter", "group": "changeStream", "label": "consumer,changeStream", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "Filter condition for change streams consumer." }, "authSource": { "index": 51, "kind": "parameter", "displayName": "Auth Source", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "The database name associated with the user's credentials." }, "password": { "index": 52, "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "User password for mongodb connection" }, - "tls": { "index": 53, "kind": "parameter", "displayName": "Tls", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that all communication with MongoDB instances should use TLS. Supersedes the ssl option. Default: false" }, - "tlsAllowInvalidHostnames": { "index": 54, "kind": "parameter", "displayName": "Tls Allow Invalid Hostnames", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that the driver should allow invalid hostnames in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed. Has the same effect as tlsInsecure by setti [...] - "username": { "index": 55, "kind": "parameter", "displayName": "Username", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "Username for mongodb connection" } + "sslContextParameters": { "index": 53, "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "autowired": false, "secret": false, "description": "SSL configuration using a Camel SSLContextParameters object. When configured, TLS is automatically enabled on the connection." }, + "tls": { "index": 54, "kind": "parameter", "displayName": "Tls", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that all communication with MongoDB instances should use TLS. Supersedes the ssl option. Default: false" }, + "tlsAllowInvalidHostnames": { "index": 55, "kind": "parameter", "displayName": "Tls Allow Invalid Hostnames", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that the driver should allow invalid hostnames in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed. Has the same effect as tlsInsecure by setti [...] + "username": { "index": 56, "kind": "parameter", "displayName": "Username", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "Username for mongodb connection" } } } diff --git a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java index e7d445d09672..df0053f6e936 100644 --- a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java +++ b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbComponentConfigurer.java @@ -31,6 +31,8 @@ public class MongoDbComponentConfigurer extends PropertyConfigurerSupport implem case "lazyStartProducer": target.setLazyStartProducer(property(camelContext, boolean.class, value)); return true; case "mongoconnection": case "mongoConnection": target.setMongoConnection(property(camelContext, com.mongodb.client.MongoClient.class, value)); return true; + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": target.setUseGlobalSslContextParameters(property(camelContext, boolean.class, value)); return true; default: return false; } } @@ -51,6 +53,8 @@ public class MongoDbComponentConfigurer extends PropertyConfigurerSupport implem case "lazyStartProducer": return boolean.class; case "mongoconnection": case "mongoConnection": return com.mongodb.client.MongoClient.class; + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": return boolean.class; default: return null; } } @@ -67,6 +71,8 @@ public class MongoDbComponentConfigurer extends PropertyConfigurerSupport implem case "lazyStartProducer": return target.isLazyStartProducer(); case "mongoconnection": case "mongoConnection": return target.getMongoConnection(); + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": return target.isUseGlobalSslContextParameters(); default: return null; } } diff --git a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java index d07a290c1237..b153c2f3b11c 100644 --- a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java +++ b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointConfigurer.java @@ -102,6 +102,8 @@ public class MongoDbEndpointConfigurer extends PropertyConfigurerSupport impleme case "srvMaxHosts": target.setSrvMaxHosts(property(camelContext, java.lang.Integer.class, value)); return true; case "srvservicename": case "srvServiceName": target.setSrvServiceName(property(camelContext, java.lang.String.class, value)); return true; + case "sslcontextparameters": + case "sslContextParameters": target.setSslContextParameters(property(camelContext, org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true; case "streamfilter": case "streamFilter": target.setStreamFilter(property(camelContext, java.lang.String.class, value)); return true; case "tailtrackcollection": @@ -210,6 +212,8 @@ public class MongoDbEndpointConfigurer extends PropertyConfigurerSupport impleme case "srvMaxHosts": return java.lang.Integer.class; case "srvservicename": case "srvServiceName": return java.lang.String.class; + case "sslcontextparameters": + case "sslContextParameters": return org.apache.camel.support.jsse.SSLContextParameters.class; case "streamfilter": case "streamFilter": return java.lang.String.class; case "tailtrackcollection": @@ -319,6 +323,8 @@ public class MongoDbEndpointConfigurer extends PropertyConfigurerSupport impleme case "srvMaxHosts": return target.getSrvMaxHosts(); case "srvservicename": case "srvServiceName": return target.getSrvServiceName(); + case "sslcontextparameters": + case "sslContextParameters": return target.getSslContextParameters(); case "streamfilter": case "streamFilter": return target.getStreamFilter(); case "tailtrackcollection": diff --git a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java index 20f1cbb56c8f..da5aceb938d3 100644 --- a/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java +++ b/components/camel-mongodb/src/generated/java/org/apache/camel/component/mongodb/MongoDbEndpointUriFactory.java @@ -23,7 +23,7 @@ public class MongoDbEndpointUriFactory extends org.apache.camel.support.componen private static final Set<String> SECRET_PROPERTY_NAMES; private static final Map<String, String> MULTI_VALUE_PREFIXES; static { - Set<String> props = new HashSet<>(56); + Set<String> props = new HashSet<>(57); props.add("appName"); props.add("authSource"); props.add("bridgeErrorHandler"); @@ -68,6 +68,7 @@ public class MongoDbEndpointUriFactory extends org.apache.camel.support.componen props.add("socketTimeoutMS"); props.add("srvMaxHosts"); props.add("srvServiceName"); + props.add("sslContextParameters"); props.add("streamFilter"); props.add("tailTrackCollection"); props.add("tailTrackDb"); diff --git a/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json b/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json index f43887c6e313..c746dd4bc09c 100644 --- a/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json +++ b/components/camel-mongodb/src/generated/resources/META-INF/org/apache/camel/component/mongodb/mongodb.json @@ -27,7 +27,8 @@ "mongoConnection": { "index": 0, "kind": "property", "displayName": "Mongo Connection", "group": "common", "label": "", "required": false, "type": "object", "javaType": "com.mongodb.client.MongoClient", "deprecated": false, "autowired": true, "secret": false, "description": "Shared client used for connection. All endpoints generated from the component will share this connection client." }, "bridgeErrorHandler": { "index": 1, "kind": "property", "displayName": "Bridge Error Handler", "group": "consumer", "label": "consumer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Allows for bridging the consumer to the Camel routing Error Handler, which mean any exceptions (if possible) occurred while the Camel consumer is trying to pickup incoming messages, or the like [...] "lazyStartProducer": { "index": 2, "kind": "property", "displayName": "Lazy Start Producer", "group": "producer", "label": "producer", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail [...] - "autowiredEnabled": { "index": 3, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching t [...] + "autowiredEnabled": { "index": 3, "kind": "property", "displayName": "Autowired Enabled", "group": "advanced", "label": "advanced", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": true, "description": "Whether autowiring is enabled. This is used for automatic autowiring options (the option must be marked as autowired) by looking up in the registry to find if there is a single instance of matching t [...] + "useGlobalSslContextParameters": { "index": 4, "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Enable usage of global SSL context parameters." } }, "headers": { "CamelMongoDbOperation": { "index": 0, "kind": "header", "displayName": "", "group": "producer", "label": "producer", "required": false, "javaType": "org.apache.camel.component.mongodb.MongoDbOperation or String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "The operation this endpoint will execute against MongoDB.", "constantName": "org.apache.camel.component.mongodb.MongoDbConstants#OPERATION_HEADER" }, @@ -111,8 +112,9 @@ "streamFilter": { "index": 50, "kind": "parameter", "displayName": "Stream Filter", "group": "changeStream", "label": "consumer,changeStream", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "Filter condition for change streams consumer." }, "authSource": { "index": 51, "kind": "parameter", "displayName": "Auth Source", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "description": "The database name associated with the user's credentials." }, "password": { "index": 52, "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "User password for mongodb connection" }, - "tls": { "index": 53, "kind": "parameter", "displayName": "Tls", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that all communication with MongoDB instances should use TLS. Supersedes the ssl option. Default: false" }, - "tlsAllowInvalidHostnames": { "index": 54, "kind": "parameter", "displayName": "Tls Allow Invalid Hostnames", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that the driver should allow invalid hostnames in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed. Has the same effect as tlsInsecure by setti [...] - "username": { "index": 55, "kind": "parameter", "displayName": "Username", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "Username for mongodb connection" } + "sslContextParameters": { "index": 53, "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "autowired": false, "secret": false, "description": "SSL configuration using a Camel SSLContextParameters object. When configured, TLS is automatically enabled on the connection." }, + "tls": { "index": 54, "kind": "parameter", "displayName": "Tls", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that all communication with MongoDB instances should use TLS. Supersedes the ssl option. Default: false" }, + "tlsAllowInvalidHostnames": { "index": 55, "kind": "parameter", "displayName": "Tls Allow Invalid Hostnames", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Specifies that the driver should allow invalid hostnames in the certificate for TLS connections. Supersedes sslInvalidHostNameAllowed. Has the same effect as tlsInsecure by setti [...] + "username": { "index": 56, "kind": "parameter", "displayName": "Username", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "description": "Username for mongodb connection" } } } diff --git a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java index fec1d7195e25..0a6d1e92a382 100644 --- a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java +++ b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbComponent.java @@ -24,12 +24,13 @@ import java.util.Set; import com.mongodb.client.MongoClient; import org.apache.camel.CamelContext; import org.apache.camel.Endpoint; +import org.apache.camel.SSLContextParametersAware; import org.apache.camel.spi.Metadata; import org.apache.camel.spi.annotations.Component; import org.apache.camel.support.DefaultComponent; @Component("mongodb") -public class MongoDbComponent extends DefaultComponent { +public class MongoDbComponent extends DefaultComponent implements SSLContextParametersAware { public static final Set<MongoDbOperation> WRITE_OPERATIONS = EnumSet.copyOf( Arrays.asList( @@ -40,6 +41,9 @@ public class MongoDbComponent extends DefaultComponent { @Metadata(autowired = true) private MongoClient mongoConnection; + @Metadata(label = "security", defaultValue = "false", + description = "Enable usage of global SSL context parameters.") + private boolean useGlobalSslContextParameters; public MongoDbComponent() { this(null); @@ -54,6 +58,9 @@ public class MongoDbComponent extends DefaultComponent { MongoDbEndpoint endpoint = new MongoDbEndpoint(uri, this); endpoint.setConnectionBean(remaining); setProperties(endpoint, parameters); + if (endpoint.getSslContextParameters() == null) { + endpoint.setSslContextParameters(retrieveGlobalSslContextParameters()); + } return endpoint; } @@ -71,6 +78,19 @@ public class MongoDbComponent extends DefaultComponent { this.mongoConnection = mongoConnection; } + @Override + public boolean isUseGlobalSslContextParameters() { + return this.useGlobalSslContextParameters; + } + + /** + * Enable usage of global SSL context parameters. + */ + @Override + public void setUseGlobalSslContextParameters(boolean useGlobalSslContextParameters) { + this.useGlobalSslContextParameters = useGlobalSslContextParameters; + } + public static CamelMongoDbException wrapInCamelMongoDbException(Throwable t) { if (t instanceof CamelMongoDbException camelMongoDbException) { return camelMongoDbException; diff --git a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java index d5b41a87e4bc..7621ff84298e 100644 --- a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java +++ b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/MongoDbEndpoint.java @@ -17,13 +17,18 @@ package org.apache.camel.component.mongodb; import java.io.IOException; +import java.security.GeneralSecurityException; import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.stream.StreamSupport; +import javax.net.ssl.SSLContext; + import com.fasterxml.jackson.databind.ObjectMapper; +import com.mongodb.ConnectionString; +import com.mongodb.MongoClientSettings; import com.mongodb.ReadPreference; import com.mongodb.WriteConcern; import com.mongodb.client.MongoClient; @@ -42,6 +47,7 @@ import org.apache.camel.spi.UriParam; import org.apache.camel.spi.UriPath; import org.apache.camel.support.CamelContextHelper; import org.apache.camel.support.DefaultEndpoint; +import org.apache.camel.support.jsse.SSLContextParameters; import org.apache.camel.util.ObjectHelper; import org.bson.Document; import org.bson.conversions.Bson; @@ -134,6 +140,8 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL private boolean tls; @UriParam(label = "security", defaultValue = "false") private boolean tlsAllowInvalidHostnames; + @UriParam(label = "security") + private SSLContextParameters sslContextParameters; @UriParam(label = "advanced", defaultValue = "10000") private Integer connectTimeoutMS = 10000; @UriParam(label = "advanced", defaultValue = "0") @@ -438,10 +446,14 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL credentials += this.password == null ? "@" : ":" + password + "@"; } String connectionOptions = authSource == null ? "" : "/?authSource=" + authSource; - if (connectionUriString != null) { - mongoClient = MongoClients.create(connectionUriString); + String connectionUri = connectionUriString != null + ? connectionUriString + : String.format("mongodb://%s%s%s", credentials, hosts, connectionOptions); + + if (sslContextParameters != null) { + mongoClient = createMongoClientWithSslContext(connectionUri); } else { - mongoClient = MongoClients.create(String.format("mongodb://%s%s%s", credentials, hosts, connectionOptions)); + mongoClient = MongoClients.create(connectionUri); } LOG.debug("Connection created using provided credentials"); } else { @@ -456,6 +468,25 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL return mongoClient; } + private MongoClient createMongoClientWithSslContext(String connectionUri) { + try { + SSLContext sslContext = sslContextParameters.createSSLContext(getCamelContext()); + MongoClientSettings settings = MongoClientSettings.builder() + .applyConnectionString(new ConnectionString(connectionUri)) + .applyToSslSettings(builder -> { + builder.enabled(true); + builder.context(sslContext); + if (tlsAllowInvalidHostnames) { + builder.invalidHostNameAllowed(true); + } + }) + .build(); + return MongoClients.create(settings); + } catch (GeneralSecurityException | IOException e) { + throw new CamelMongoDbException("Error creating SSLContext from SSLContextParameters", e); + } + } + public String getConnectionBean() { return connectionBean; } @@ -905,6 +936,18 @@ public class MongoDbEndpoint extends DefaultEndpoint implements EndpointServiceL return tlsAllowInvalidHostnames; } + public SSLContextParameters getSslContextParameters() { + return sslContextParameters; + } + + /** + * SSL configuration using a Camel {@link SSLContextParameters} object. When configured, TLS is automatically + * enabled on the connection. + */ + public void setSslContextParameters(SSLContextParameters sslContextParameters) { + this.sslContextParameters = sslContextParameters; + } + /** * Specifies the maximum amount of time, in milliseconds, the Java driver waits for a connection to open before * timing out. A value of 0 instructs the driver to never time out while waiting for a connection to open. Default: diff --git a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java index a1c164c393a4..635ab195e07e 100644 --- a/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java +++ b/components/camel-mongodb/src/main/java/org/apache/camel/component/mongodb/SslAwareMongoClient.java @@ -76,7 +76,7 @@ public class SslAwareMongoClient implements MongoClient { builder.invalidHostNameAllowed(true); SSLContext sc = null; try { - sc = SSLContext.getInstance("TLSv1.2"); + sc = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException("Error instantiating trust all SSL context.", e); } diff --git a/components/camel-mongodb/src/test/java/org/apache/camel/component/mongodb/integration/MongoDbSslConnectionIT.java b/components/camel-mongodb/src/test/java/org/apache/camel/component/mongodb/integration/MongoDbSslConnectionIT.java new file mode 100644 index 000000000000..f5e92f9a6fbc --- /dev/null +++ b/components/camel-mongodb/src/test/java/org/apache/camel/component/mongodb/integration/MongoDbSslConnectionIT.java @@ -0,0 +1,163 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.component.mongodb.integration; + +import javax.net.ssl.SSLContext; + +import com.mongodb.ConnectionString; +import com.mongodb.MongoClientSettings; +import com.mongodb.client.MongoClient; +import com.mongodb.client.MongoClients; +import com.mongodb.client.MongoCollection; +import com.mongodb.client.MongoDatabase; +import org.apache.camel.CamelContext; +import org.apache.camel.ProducerTemplate; +import org.apache.camel.builder.RouteBuilder; +import org.apache.camel.component.mongodb.MongoDbComponent; +import org.apache.camel.support.jsse.KeyStoreParameters; +import org.apache.camel.support.jsse.SSLContextParameters; +import org.apache.camel.support.jsse.TrustManagersParameters; +import org.apache.camel.test.infra.core.CamelContextExtension; +import org.apache.camel.test.infra.core.DefaultCamelContextExtension; +import org.apache.camel.test.infra.core.annotations.ContextFixture; +import org.apache.camel.test.infra.core.annotations.RouteFixture; +import org.apache.camel.test.infra.core.api.ConfigurableContext; +import org.apache.camel.test.infra.core.api.ConfigurableRoute; +import org.apache.camel.test.infra.mongodb.services.MongoDBLocalContainerTLSService; +import org.bson.Document; +import org.junit.jupiter.api.AfterAll; +import org.junit.jupiter.api.AfterEach; +import org.junit.jupiter.api.Order; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.TestInstance; +import org.junit.jupiter.api.extension.RegisterExtension; + +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; + +/** + * Integration test that validates TLS connectivity to MongoDB using Camel's SSLContextParameters. + */ +@TestInstance(TestInstance.Lifecycle.PER_CLASS) +public class MongoDbSslConnectionIT implements ConfigurableContext, ConfigurableRoute { + + private static final String DATABASE = "test"; + private static final String COLLECTION = "camelTest"; + + @Order(1) + @RegisterExtension + static MongoDBLocalContainerTLSService service = new MongoDBLocalContainerTLSService(); + + @Order(2) + @RegisterExtension + static CamelContextExtension contextExtension = new DefaultCamelContextExtension(); + + private MongoClient mongo; + private MongoCollection<Document> testCollection; + + @ContextFixture + @Override + public void configureContext(CamelContext context) throws Exception { + SSLContextParameters sslContextParameters = createSslContextParameters(); + context.getRegistry().bind("sslContextParameters", sslContextParameters); + + SSLContext sslContext = sslContextParameters.createSSLContext(context); + MongoClientSettings settings = MongoClientSettings.builder() + .applyConnectionString(new ConnectionString(service.getReplicaSetUrl())) + .applyToSslSettings(builder -> { + builder.enabled(true); + builder.context(sslContext); + builder.invalidHostNameAllowed(true); + }) + .build(); + mongo = MongoClients.create(settings); + + MongoDatabase db = mongo.getDatabase(DATABASE); + testCollection = db.getCollection(COLLECTION, Document.class); + testCollection.drop(); + testCollection = db.getCollection(COLLECTION, Document.class); + + context.getComponent("mongodb", MongoDbComponent.class).setMongoConnection(null); + context.getRegistry().bind("myDb", mongo); + } + + @RouteFixture + @Override + public void createRouteBuilder(CamelContext context) throws Exception { + context.addRoutes(new RouteBuilder() { + public void configure() { + String baseUri = String.format( + "mongodb:myDb?hosts=%s&database=%s&collection=%s" + + "&sslContextParameters=#sslContextParameters" + + "&tlsAllowInvalidHostnames=true", + service.getConnectionAddress(), DATABASE, COLLECTION); + + from("direct:insert").to(baseUri + "&operation=insert"); + from("direct:count").to(baseUri + "&operation=count"); + } + }); + } + + @Test + public void testInsertOverTls() { + ProducerTemplate template = contextExtension.getProducerTemplate(); + + Document doc = new Document("scientist", "Einstein").append("tls", true); + Object result = template.requestBody("direct:insert", doc); + assertNotNull(result, "Insert result should not be null"); + + assertEquals(1L, testCollection.countDocuments(), + "Test collection should contain 1 document after insert"); + } + + @Test + public void testCountOverTls() { + ProducerTemplate template = contextExtension.getProducerTemplate(); + + Object result = template.requestBody("direct:count", "irrelevantBody"); + assertTrue(result instanceof Long, "Count result should be of type Long"); + } + + @AfterEach + void cleanCollection() { + if (testCollection != null) { + testCollection.drop(); + } + } + + @AfterAll + void cleanup() { + if (mongo != null) { + mongo.close(); + } + } + + private SSLContextParameters createSslContextParameters() { + KeyStoreParameters ksp = new KeyStoreParameters(); + ksp.setResource("org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks"); + ksp.setPassword("changeit"); + + TrustManagersParameters tmp = new TrustManagersParameters(); + tmp.setKeyStore(ksp); + + SSLContextParameters sslContextParameters = new SSLContextParameters(); + sslContextParameters.setTrustManagers(tmp); + + return sslContextParameters; + } +} diff --git a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java index 8b97868dfc7c..a5c22d59daca 100644 --- a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java +++ b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/MongodbComponentBuilderFactory.java @@ -141,6 +141,23 @@ public interface MongodbComponentBuilderFactory { doSetProperty("autowiredEnabled", autowiredEnabled); return this; } + + + /** + * Enable usage of global SSL context parameters. + * + * The option is a: <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param useGlobalSslContextParameters the value to set + * @return the dsl builder + */ + default MongodbComponentBuilder useGlobalSslContextParameters(boolean useGlobalSslContextParameters) { + doSetProperty("useGlobalSslContextParameters", useGlobalSslContextParameters); + return this; + } } class MongodbComponentBuilderImpl @@ -160,6 +177,7 @@ public interface MongodbComponentBuilderFactory { case "bridgeErrorHandler": ((MongoDbComponent) component).setBridgeErrorHandler((boolean) value); return true; case "lazyStartProducer": ((MongoDbComponent) component).setLazyStartProducer((boolean) value); return true; case "autowiredEnabled": ((MongoDbComponent) component).setAutowiredEnabled((boolean) value); return true; + case "useGlobalSslContextParameters": ((MongoDbComponent) component).setUseGlobalSslContextParameters((boolean) value); return true; default: return false; } } diff --git a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java index 39028de92732..9d99a543eae5 100644 --- a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java +++ b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/MongoDbEndpointBuilderFactory.java @@ -461,6 +461,38 @@ public interface MongoDbEndpointBuilderFactory { doSetProperty("password", password); return this; } + /** + * SSL configuration using a Camel SSLContextParameters object. When + * configured, TLS is automatically enabled on the connection. + * + * The option is a: + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default MongoDbEndpointConsumerBuilder sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } + /** + * SSL configuration using a Camel SSLContextParameters object. When + * configured, TLS is automatically enabled on the connection. + * + * The option will be converted to a + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default MongoDbEndpointConsumerBuilder sslContextParameters(String sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } /** * Specifies that all communication with MongoDB instances should use * TLS. Supersedes the ssl option. Default: false. @@ -1777,6 +1809,38 @@ public interface MongoDbEndpointBuilderFactory { doSetProperty("password", password); return this; } + /** + * SSL configuration using a Camel SSLContextParameters object. When + * configured, TLS is automatically enabled on the connection. + * + * The option is a: + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default MongoDbEndpointProducerBuilder sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } + /** + * SSL configuration using a Camel SSLContextParameters object. When + * configured, TLS is automatically enabled on the connection. + * + * The option will be converted to a + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default MongoDbEndpointProducerBuilder sslContextParameters(String sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } /** * Specifies that all communication with MongoDB instances should use * TLS. Supersedes the ssl option. Default: false. @@ -3022,6 +3086,38 @@ public interface MongoDbEndpointBuilderFactory { doSetProperty("password", password); return this; } + /** + * SSL configuration using a Camel SSLContextParameters object. When + * configured, TLS is automatically enabled on the connection. + * + * The option is a: + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default MongoDbEndpointBuilder sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } + /** + * SSL configuration using a Camel SSLContextParameters object. When + * configured, TLS is automatically enabled on the connection. + * + * The option will be converted to a + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default MongoDbEndpointBuilder sslContextParameters(String sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } /** * Specifies that all communication with MongoDB instances should use * TLS. Supersedes the ssl option. Default: false. diff --git a/test-infra/camel-test-infra-mongodb/src/main/java/org/apache/camel/test/infra/mongodb/services/MongoDBLocalContainerTLSService.java b/test-infra/camel-test-infra-mongodb/src/main/java/org/apache/camel/test/infra/mongodb/services/MongoDBLocalContainerTLSService.java new file mode 100644 index 000000000000..3c1cfc759e73 --- /dev/null +++ b/test-infra/camel-test-infra-mongodb/src/main/java/org/apache/camel/test/infra/mongodb/services/MongoDBLocalContainerTLSService.java @@ -0,0 +1,109 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.test.infra.mongodb.services; + +import java.time.Duration; + +import org.apache.camel.test.infra.common.LocalPropertyResolver; +import org.apache.camel.test.infra.common.services.ContainerEnvironmentUtil; +import org.apache.camel.test.infra.common.services.ContainerService; +import org.apache.camel.test.infra.mongodb.common.MongoDBProperties; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.testcontainers.containers.BindMode; +import org.testcontainers.containers.GenericContainer; +import org.testcontainers.containers.wait.strategy.Wait; + +/** + * A TLS-enabled MongoDB container service using a standalone mongod with --tlsMode requireTLS. Uses pre-generated + * self-signed certificates mounted from classpath resources. + */ +public class MongoDBLocalContainerTLSService implements MongoDBService, ContainerService<GenericContainer<?>> { + + private static final Logger LOG = LoggerFactory.getLogger(MongoDBLocalContainerTLSService.class); + private static final int DEFAULT_MONGODB_PORT = 27017; + private static final String CERT_RESOURCE_PATH = "org/apache/camel/test/infra/mongodb/services/ssl"; + + private final GenericContainer<?> container; + + public MongoDBLocalContainerTLSService() { + this(LocalPropertyResolver.getProperty( + MongoDBLocalContainerInfraService.class, MongoDBProperties.MONGODB_CONTAINER)); + } + + public MongoDBLocalContainerTLSService(String imageName) { + container = initContainer(imageName); + } + + protected GenericContainer<?> initContainer(String imageName) { + GenericContainer<?> c = new GenericContainer<>(imageName); + + boolean fixedPort = ContainerEnvironmentUtil.isFixedPort(this.getClass()); + ContainerEnvironmentUtil.configurePort(c, fixedPort, DEFAULT_MONGODB_PORT); + + c.withClasspathResourceMapping(CERT_RESOURCE_PATH, "/etc/mongodb/ssl", BindMode.READ_ONLY) + .withCommand( + "mongod", + "--tlsMode", "requireTLS", + "--tlsCertificateKeyFile", "/etc/mongodb/ssl/server.pem", + "--tlsCAFile", "/etc/mongodb/ssl/ca.pem", + "--tlsAllowConnectionsWithoutCertificates", + "--bind_ip_all", + "--port", String.valueOf(DEFAULT_MONGODB_PORT)) + .waitingFor( + Wait.forLogMessage(".*Waiting for connections.*", 1) + .withStartupTimeout(Duration.ofSeconds(60))); + + return c; + } + + @Override + public String getReplicaSetUrl() { + return String.format("mongodb://%s:%s", container.getHost(), + container.getMappedPort(DEFAULT_MONGODB_PORT)); + } + + @Override + public String getConnectionAddress() { + return container.getHost() + ":" + container.getMappedPort(DEFAULT_MONGODB_PORT); + } + + @Override + public void registerProperties() { + System.setProperty(MongoDBProperties.MONGODB_URL, getReplicaSetUrl()); + System.setProperty(MongoDBProperties.MONGODB_CONNECTION_ADDRESS, getConnectionAddress()); + } + + @Override + public void initialize() { + LOG.info("Trying to start the MongoDB TLS service"); + container.start(); + registerProperties(); + LOG.info("MongoDB TLS service running at {}", getReplicaSetUrl()); + } + + @Override + public void shutdown() { + LOG.info("Stopping the MongoDB TLS container"); + container.stop(); + } + + @Override + public GenericContainer<?> getContainer() { + return container; + } +} diff --git a/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks new file mode 100644 index 000000000000..aac33cbc646d Binary files /dev/null and b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca-truststore.jks differ diff --git a/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca.pem b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca.pem new file mode 100644 index 000000000000..daa387fcbd77 --- /dev/null +++ b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/ca.pem @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDSzCCAjOgAwIBAgIUOZ8hm+Y5QKtHsD7RMI43+Tu4j5swDQYJKoZIhvcNAQEL +BQAwNTEPMA0GA1UEAwwGVGVzdENBMRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJ +BgNVBAYTAlVTMB4XDTI2MDMxMjA4MjExOFoXDTM2MDMwOTA4MjExOFowNTEPMA0G +A1UEAwwGVGVzdENBMRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJBgNVBAYTAlVT +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiJ5NrHfXc1CQDrttRl8o +9+/jSL0ZkVMEOWDi4vEoGbQPzVXjkpym7PAAR1KYlXwi9XDIBlsdFIExS0+UONQL +/K8h5P//nWkkf6xha0nnYsrsdVkaF37HnBJmmnRHWK1M9iU4doJDhgZ/LEpS7NPX +twKn00YsWPRVKhY267VgDUp5XUD3VlsnCUcroRDt0OrSIikWs21cOAlOFL/Kul3c +Uf2gUmWxJmY7Ybzra1cFdGijxRlp8b/kcrQeGKJFEwK+c2LIvLiy/0CUICjWsooy +8tY6A/FQ6/RQwU032D7lmk8IjcDW3MKB8Nzk1AuYvf9MHeDWRO2K/o+Yq9v9B/1L +fwIDAQABo1MwUTAdBgNVHQ4EFgQUENNC6Q9yf9UpLXawy8NnfLStEY8wHwYDVR0j +BBgwFoAUENNC6Q9yf9UpLXawy8NnfLStEY8wDwYDVR0TAQH/BAUwAwEB/zANBgkq +hkiG9w0BAQsFAAOCAQEAD9QaBH9ABcSBwMtk+fK/6g37ZWoegcdT4OK0+yWBaptg +1reT9gszCeJ6ghYJPVMeRkTeLSg4iGSF+Iu1g4i3KaAQjbXfaS2ThUSxN47ThZH/ +wAZjlzHVDn+xjIC3Lk1ve+kJHAXm3KxyZbXWMUAmP9RPPse8UeFYUuRVY0mygOEN +PppwYmXLYexsIYiV6WcVFTZ/d1mF3op6HriOA052pYqJtOOWWVjiCSK/V2QhYgWG +1cBX11dHhFr2Zd6I5IizqkkM81g+uxRBMYGGKoeF+AKaoby0ScDuMxMIhogBGSw4 +UVfedFOW0hkTpEOuEvgOhavZMLBGuH7vcsORU5HliQ== +-----END CERTIFICATE----- diff --git a/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/server.pem b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/server.pem new file mode 100644 index 000000000000..6401f5177263 --- /dev/null +++ b/test-infra/camel-test-infra-mongodb/src/main/resources/org/apache/camel/test/infra/mongodb/services/ssl/server.pem @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIDWTCCAkGgAwIBAgIUGylDtkbSJkK76KTlkGaIhoiMgcAwDQYJKoZIhvcNAQEL +BQAwNTEPMA0GA1UEAwwGVGVzdENBMRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJ +BgNVBAYTAlVTMB4XDTI2MDMxMjA4MjY0NFoXDTM2MDMwOTA4MjY0NFowODESMBAG +A1UEAwwJbG9jYWxob3N0MRUwEwYDVQQKDAxBcGFjaGUgQ2FtZWwxCzAJBgNVBAYT +AlVTMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkn73xpfZ0XRHQDIO +DsRlfwfYsUH6UUxYpoZjT9Mkm3GiYG86S5P5QU1BL/2h8x9f4NpnsRRCUOrqpHKa +9f17lGAVGVIzJirIlBUZs1b038f6XPLPcP0sQc8RAkRTgG3dZ+FtakoDFYaX8NCr +/r6NDQxh3l0k4yEsP+C3x4eGRepCCwjifCCMtnqQwQ1fw2QK2v9wlQs3sFa6pFvt +SAi4vdWHESOk1/7+788WlhjxaSS0sE3Q9SbVd32b7tazD1Ril0VXl9I4ZKy+NLvI +1aOxpKq3X2DP+N64bKn930JUdoTSAZgcWxj7USMEyfB5ie+J4yZabrJn1ih4umXX +eE9bhwIDAQABo14wXDAaBgNVHREEEzARgglsb2NhbGhvc3SHBH8AAAEwHQYDVR0O +BBYEFAzmsdFHWCMDPrWRlO6OycQfU0W3MB8GA1UdIwQYMBaAFBDTQukPcn/VKS12 +sMvDZ3y0rRGPMA0GCSqGSIb3DQEBCwUAA4IBAQB9ebGCp+0u8E0l4EGUMoOXeNRI +RnfTicAQN1NZE7s2pA2ZC5kiYVmJsq/X8LPcyBWqOVbLWmeWB8CbcM7R3J39WGu7 +1y/PuqwggRIY0MvJH0ZGYOsXpYKUoj0qhFJHV/4XLLnf9CDBZj82Ly/BfVgBDPx4 +JTcD/jT5QlI34raV8VtX5ePdyKsv9IZxJIxco+5Q6EjeU+pObB2IY6OQvNybbJwG +immH+jZWvtTpndlPpy2/Sf8w/jJOYO7u2OSntZPJAVirxIyBztK/PPPyz0QgvV2P +5ntvQh9DDSOPQYL55zH99ob8Ye4Qu9wGxxD0rumnXOj9wagaSZNx+6+COUEe +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCSfvfGl9nRdEdA +Mg4OxGV/B9ixQfpRTFimhmNP0ySbcaJgbzpLk/lBTUEv/aHzH1/g2mexFEJQ6uqk +cpr1/XuUYBUZUjMmKsiUFRmzVvTfx/pc8s9w/SxBzxECRFOAbd1n4W1qSgMVhpfw +0Kv+vo0NDGHeXSTjISw/4LfHh4ZF6kILCOJ8IIy2epDBDV/DZAra/3CVCzewVrqk +W+1ICLi91YcRI6TX/v7vzxaWGPFpJLSwTdD1JtV3fZvu1rMPVGKXRVeX0jhkrL40 +u8jVo7GkqrdfYM/43rhsqf3fQlR2hNIBmBxbGPtRIwTJ8HmJ74njJlpusmfWKHi6 +Zdd4T1uHAgMBAAECggEAEpJ3Lh2tNyEjMU/HOXcLmQWxIpPHPMxNhtsNtx6BCxXm +bIxdWxyI4o79PyzL/csR+CsoLypu19xYX/3JiHsY0jA2LI4fvux4nlFofzR8eexb +4LHFu8DU/gjW0q8/2M3U3mkVWn7EklOMarLBw1t7/VX/CFZNqV/YwMZn9itHyhAe +LQIUWTu67qA/vhZBuwvIh8ELmQZ0jVwtVDg9tbhKV3/LTLaW7E3ko3xT8DhIKOs4 +0UdK/NguaPme+qJEYudSsb4RXjjqH6+ahimTFr1h5bwFa5O/07pcZ4/ejitYy2w+ +bjxFifiqoqQhPoPJspmgFq7AJlsHAzuXVqKwh5tT4QKBgQDHNCz1W4xm0qiBHQv/ +we6LE77bIHSig7KcacOeds2scwmK8B6MYHKBJmwnx+oV5HBskM0ZwthHpkzNHW8n +VyQapcafA+tpYEVl15nWERzajk6Ca15AoFemuqx3vQ0nLkUBPV4xbnGgY0zeBjod +Idd5lyhwRyZnYK4Edi9LJp66JwKBgQC8Q6nE4Jxmhathg0CfNPHyGrwNJEp9lAXo +sk/m+5DrLQs3iLCPJFjeL2fJvMCODSCQBb2fVBoqgX6zmnGqtf6YDVNNwncHMw+p +5ipGcWHE83PxTYNbNoFtLY19EuHBR0r9Qmjpo2Rtuu1fJUraG1zUb3YSDXGdk2S2 +2AQ6MkwPoQKBgEWG5nI0o8p3mCyIUNnRfEq6d5DPwSW/xaVmHMrAOIUKGbiOmnrw +ZsbA/FreIcvGUZ7y40MsiIRpfMDSlysp9QX/+lUh7xZ2bYJgP+dBTcrShIBsrRbt +X+pnmS6po1+bfKY0Hx4tqCcMwZV0ou/sEeL0aT7W9oZ6bgJMpbEbJ6ddAoGBAJ9Y +beMTcY1c6hfY7eNS/s26TxyYcOwlU3MHKZYJqzlCoNHaQgaF7ynv2drohdo1xi/g +jATFPHhproH54OdqrxinfrC8Pd68Gy/kfjetU+FNZf8BaoLTeWydN7p7NtVOsGv3 +v7Cw+RnfM3ZqrBY7PrEXvkm9U0LaNE6GO92+IJ7BAoGBAI0xksuSax7zxiTQn61Z +ckktBadOVGlB6MdtR+NLcRXFW0Vt1uN5QjGBVQ4Hrjxv5AeFxdFt6V35HpnY+VLq +V6a/GvRM2rPedBctrRf53dhV0YLJXNEctolnxa2mFyilH7irA7n/6elx1WeQRJvL +8kAMd2/Xo1uX03M7GzTQWe+D +-----END PRIVATE KEY-----
