[PR] CAMEL-23726: Use JSON instead of Java serialization for key metadata in AWS and HashiCorp Vault lifecycle managers [camel]

Wed, 10 Jun 2026 05:47:22 -0700 


oscerd opened a new pull request, #23912:
URL: https://github.com/apache/camel/pull/23912

   ## Summary
   
   Aligns all three `KeyLifecycleManager` implementations in `camel-pqc` on the 
same JSON
   representation for key metadata, and removes the use of Java serialization 
for stored metadata
   in the AWS and HashiCorp Vault managers.
   
   `FileBasedKeyLifecycleManager` already stores `KeyMetadata` as JSON (since 
CAMEL-23200), but
   `AwsSecretsManagerKeyLifecycleManager` and 
`HashicorpVaultKeyLifecycleManager` still persisted it
   as a Base64-encoded, Java-serialized value. This makes them consistent and 
avoids relying on Java
   serialization for persisted state, while keeping full backward compatibility.
   
   ## Changes
   
   - Add `KeyMetadataCodec`, a shared helper that serializes `KeyMetadata` 
to/from JSON and provides
     allow-list `ObjectInputFilter`s used when reading legacy values.
   - `AwsSecretsManagerKeyLifecycleManager` / 
`HashicorpVaultKeyLifecycleManager`: store metadata as
     JSON; transparently read metadata written by previous versions (the legacy 
`ObjectInputStream`
     read is constrained to the expected types) and migrate it to JSON on the 
next update.
   - `FileBasedKeyLifecycleManager`: constrain the legacy-migration 
`ObjectInputStream` reads
     (`KeyPair`, `KeyMetadata`) to the expected types, and make the metadata 
format detection
     binary-safe — the previous `Files.readString` could fail on a legacy 
binary metadata file and
     prevent migration.
   - Docs: `camel-4x-upgrade-guide-4_21.adoc` note (format change + downgrade 
caveat).
   
   ## Backward compatibility
   
   Metadata written by previous versions is read transparently and migrated to 
JSON on the next
   update. Downgrading after new JSON metadata has been written is not 
supported (older versions
   cannot read it) — documented in the upgrade guide.
   
   ## Testing
   
   - New `KeyMetadataCodecTest`: JSON round-trip, format detection, and 
legacy-format read.
   - New `FileBasedKeyLifecycleManager` migration tests exercising the legacy 
`KeyPair` and
     `KeyMetadata` paths with a real Bouncy Castle PQC key pair.
   - 45 `camel-pqc` key-lifecycle unit tests pass; code formatted 
(`formatter:format` + `impsort:sort`).
   
   JIRA: https://issues.apache.org/jira/browse/CAMEL-23726
   
   ---
   _Claude Code on behalf of Andrea Cosentino_
   
   🤖 Generated with [Claude Code](https://claude.com/claude-code)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to