This is an automated email from the ASF dual-hosted git repository. oscerd pushed a commit to branch fix/CAMEL-23445 in repository https://gitbox.apache.org/repos/asf/camel.git
commit f88075ef8d62319560a549f9d37cc5dc51867d7d Author: Andrea Cosentino <[email protected]> AuthorDate: Thu Jun 11 18:33:51 2026 +0200 CAMEL-23445: camel-elasticsearch-rest-client - Add SSLContextParameters support for TLS configuration Add SSLContextParameters support to camel-elasticsearch-rest-client so TLS can be configured with fine-grained control (named groups, signature schemes, cipher suites and protocols), e.g. post-quantum named groups such as X25519MLKEM768 on JDK 25+. ElasticsearchRestClientComponent now implements SSLContextParametersAware with a global SSLContextParameters fallback, and ElasticsearchRestClientProducer builds the SSLContext from SSLContextParameters when configured, keeping the existing certificatePath (CA-only) path as a fallback. Mirrors CAMEL-23314 (camel-opensearch) and CAMEL-23444 (camel-elasticsearch). The HTTP client configuration callback is now always applied (previously it was only set when basic-auth credentials were present), so the TLS configuration is honored regardless of whether credentials are set. Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]> Signed-off-by: Andrea Cosentino <[email protected]> --- .../components/elasticsearch-rest-client.json | 7 +- ...ElasticsearchRestClientComponentConfigurer.java | 12 +++ .../ElasticsearchRestClientEndpointConfigurer.java | 6 ++ .../ElasticsearchRestClientEndpointUriFactory.java | 3 +- .../rest/client/elasticsearch-rest-client.json | 7 +- .../client/ElasticsearchRestClientComponent.java | 37 +++++++- .../client/ElasticsearchRestClientEndpoint.java | 16 ++++ .../client/ElasticsearchRestClientProducer.java | 29 ++++-- ...icsearchRestClientSslContextParametersTest.java | 103 +++++++++++++++++++++ ...ticsearchRestClientComponentBuilderFactory.java | 36 +++++++ ...sticsearchRestClientEndpointBuilderFactory.java | 36 +++++++ 11 files changed, 276 insertions(+), 16 deletions(-) diff --git a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json index b084c0611806..336dd3ab86a3 100644 --- a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json +++ b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json @@ -35,7 +35,9 @@ "snifferInterval": { "index": 8, "kind": "property", "displayName": "Sniffer Interval", "group": "advanced", "label": "advanced", "required": false, "type": "integer", "javaType": "int", "deprecated": false, "autowired": false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval (in millis)" }, "certificatePath": { "index": 9, "kind": "property", "displayName": "Certificate Path", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "supportFileReference": true, "description": "Certificate Path" }, "password": { "index": 10, "kind": "property", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Password" }, - "user": { "index": 11, "kind": "property", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } + "sslContextParameters": { "index": 11, "kind": "property", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "autowired": false, "secret": false, "description": "To configure security using SSLContextParameters. When configured, this takes precedence over the certificatePath option." }, + "useGlobalSslContextParameters": { "index": 12, "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Enable usage of global SSL context parameters." }, + "user": { "index": 13, "kind": "property", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } }, "headers": { "CamelElasticsearchId": { "index": 0, "kind": "header", "displayName": "", "group": "producer", "label": "", "required": false, "javaType": "String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "ID of the object to index or retrieve or delete", "constantName": "org.apache.camel.component.elasticsearch.rest.client.ElasticSearchRestClientConstant#ID" }, @@ -58,6 +60,7 @@ "snifferInterval": { "index": 10, "kind": "parameter", "displayName": "Sniffer Interval", "group": "advanced", "label": "advanced", "required": false, "type": "integer", "javaType": "int", "deprecated": false, "autowired": false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval (in millis)" }, "certificatePath": { "index": 11, "kind": "parameter", "displayName": "Certificate Path", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "supportFileReference": true, "description": "Certificate Path" }, "password": { "index": 12, "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Password" }, - "user": { "index": 13, "kind": "parameter", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } + "sslContextParameters": { "index": 13, "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "autowired": false, "secret": false, "description": "To configure security using SSLContextParameters. When configured, this takes precedence over the certificatePath option. This allows configuring named groups, signatur [...] + "user": { "index": 14, "kind": "parameter", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } } } diff --git a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java index 0db4ab9e77c3..aada3cce9a8c 100644 --- a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java +++ b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java @@ -44,6 +44,10 @@ public class ElasticsearchRestClientComponentConfigurer extends PropertyConfigur case "snifferInterval": target.setSnifferInterval(property(camelContext, int.class, value)); return true; case "sockettimeout": case "socketTimeout": target.setSocketTimeout(property(camelContext, int.class, value)); return true; + case "sslcontextparameters": + case "sslContextParameters": target.setSslContextParameters(property(camelContext, org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true; + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": target.setUseGlobalSslContextParameters(property(camelContext, boolean.class, value)); return true; case "user": target.setUser(property(camelContext, java.lang.String.class, value)); return true; default: return false; } @@ -78,6 +82,10 @@ public class ElasticsearchRestClientComponentConfigurer extends PropertyConfigur case "snifferInterval": return int.class; case "sockettimeout": case "socketTimeout": return int.class; + case "sslcontextparameters": + case "sslContextParameters": return org.apache.camel.support.jsse.SSLContextParameters.class; + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": return boolean.class; case "user": return java.lang.String.class; default: return null; } @@ -108,6 +116,10 @@ public class ElasticsearchRestClientComponentConfigurer extends PropertyConfigur case "snifferInterval": return target.getSnifferInterval(); case "sockettimeout": case "socketTimeout": return target.getSocketTimeout(); + case "sslcontextparameters": + case "sslContextParameters": return target.getSslContextParameters(); + case "useglobalsslcontextparameters": + case "useGlobalSslContextParameters": return target.isUseGlobalSslContextParameters(); case "user": return target.getUser(); default: return null; } diff --git a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java index c6e86ff89615..fb91f0f272a1 100644 --- a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java +++ b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java @@ -45,6 +45,8 @@ public class ElasticsearchRestClientEndpointConfigurer extends PropertyConfigure case "snifferInterval": target.setSnifferInterval(property(camelContext, int.class, value)); return true; case "sockettimeout": case "socketTimeout": target.setSocketTimeout(property(camelContext, int.class, value)); return true; + case "sslcontextparameters": + case "sslContextParameters": target.setSslContextParameters(property(camelContext, org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true; case "user": target.setUser(property(camelContext, java.lang.String.class, value)); return true; default: return false; } @@ -80,6 +82,8 @@ public class ElasticsearchRestClientEndpointConfigurer extends PropertyConfigure case "snifferInterval": return int.class; case "sockettimeout": case "socketTimeout": return int.class; + case "sslcontextparameters": + case "sslContextParameters": return org.apache.camel.support.jsse.SSLContextParameters.class; case "user": return java.lang.String.class; default: return null; } @@ -111,6 +115,8 @@ public class ElasticsearchRestClientEndpointConfigurer extends PropertyConfigure case "snifferInterval": return target.getSnifferInterval(); case "sockettimeout": case "socketTimeout": return target.getSocketTimeout(); + case "sslcontextparameters": + case "sslContextParameters": return target.getSslContextParameters(); case "user": return target.getUser(); default: return null; } diff --git a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java index 3c3f31c0b24b..88f34e6aea01 100644 --- a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java +++ b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java @@ -24,7 +24,7 @@ public class ElasticsearchRestClientEndpointUriFactory extends org.apache.camel. private static final Set<String> ENDPOINT_IDENTITY_PROPERTY_NAMES; private static final Map<String, String> MULTI_VALUE_PREFIXES; static { - Set<String> props = new HashSet<>(14); + Set<String> props = new HashSet<>(15); props.add("certificatePath"); props.add("clusterName"); props.add("connectionTimeout"); @@ -38,6 +38,7 @@ public class ElasticsearchRestClientEndpointUriFactory extends org.apache.camel. props.add("sniffAfterFailureDelay"); props.add("snifferInterval"); props.add("socketTimeout"); + props.add("sslContextParameters"); props.add("user"); PROPERTY_NAMES = Collections.unmodifiableSet(props); Set<String> secretProps = new HashSet<>(2); diff --git a/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json b/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json index b084c0611806..336dd3ab86a3 100644 --- a/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json +++ b/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json @@ -35,7 +35,9 @@ "snifferInterval": { "index": 8, "kind": "property", "displayName": "Sniffer Interval", "group": "advanced", "label": "advanced", "required": false, "type": "integer", "javaType": "int", "deprecated": false, "autowired": false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval (in millis)" }, "certificatePath": { "index": 9, "kind": "property", "displayName": "Certificate Path", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": false, "supportFileReference": true, "description": "Certificate Path" }, "password": { "index": 10, "kind": "property", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Password" }, - "user": { "index": 11, "kind": "property", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } + "sslContextParameters": { "index": 11, "kind": "property", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "autowired": false, "secret": false, "description": "To configure security using SSLContextParameters. When configured, this takes precedence over the certificatePath option." }, + "useGlobalSslContextParameters": { "index": 12, "kind": "property", "displayName": "Use Global Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "boolean", "javaType": "boolean", "deprecated": false, "autowired": false, "secret": false, "defaultValue": false, "description": "Enable usage of global SSL context parameters." }, + "user": { "index": 13, "kind": "property", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } }, "headers": { "CamelElasticsearchId": { "index": 0, "kind": "header", "displayName": "", "group": "producer", "label": "", "required": false, "javaType": "String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "description": "ID of the object to index or retrieve or delete", "constantName": "org.apache.camel.component.elasticsearch.rest.client.ElasticSearchRestClientConstant#ID" }, @@ -58,6 +60,7 @@ "snifferInterval": { "index": 10, "kind": "parameter", "displayName": "Sniffer Interval", "group": "advanced", "label": "advanced", "required": false, "type": "integer", "javaType": "int", "deprecated": false, "autowired": false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval (in millis)" }, "certificatePath": { "index": 11, "kind": "parameter", "displayName": "Certificate Path", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "deprecationNote": "", "autowired": false, "secret": false, "supportFileReference": true, "description": "Certificate Path" }, "password": { "index": 12, "kind": "parameter", "displayName": "Password", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Password" }, - "user": { "index": 13, "kind": "parameter", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } + "sslContextParameters": { "index": 13, "kind": "parameter", "displayName": "Ssl Context Parameters", "group": "security", "label": "security", "required": false, "type": "object", "javaType": "org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false, "autowired": false, "secret": false, "description": "To configure security using SSLContextParameters. When configured, this takes precedence over the certificatePath option. This allows configuring named groups, signatur [...] + "user": { "index": 14, "kind": "parameter", "displayName": "User", "group": "security", "label": "security", "required": false, "type": "string", "javaType": "java.lang.String", "deprecated": false, "autowired": false, "secret": true, "security": "secret", "description": "Username" } } } diff --git a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java index 2c47e6e1a80a..b7b3927b6bd9 100644 --- a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java +++ b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java @@ -19,13 +19,15 @@ package org.apache.camel.component.elasticsearch.rest.client; import java.util.Map; import org.apache.camel.Endpoint; +import org.apache.camel.SSLContextParametersAware; import org.apache.camel.spi.Metadata; import org.apache.camel.spi.annotations.Component; import org.apache.camel.support.DefaultComponent; +import org.apache.camel.support.jsse.SSLContextParameters; import org.elasticsearch.client.RestClient; @Component("elasticsearch-rest-client") -public class ElasticsearchRestClientComponent extends DefaultComponent { +public class ElasticsearchRestClientComponent extends DefaultComponent implements SSLContextParametersAware { @Metadata(label = "advanced", autowired = true) RestClient restClient; @@ -41,6 +43,10 @@ public class ElasticsearchRestClientComponent extends DefaultComponent { private String password; @Metadata(label = "security", supportFileReference = true) private String certificatePath; + @Metadata(label = "security") + private SSLContextParameters sslContextParameters; + @Metadata(label = "security", defaultValue = "false") + private boolean useGlobalSslContextParameters; @Metadata(label = "advanced") private boolean enableSniffer; @Metadata(label = "advanced", defaultValue = "" + ElasticSearchRestClientConstant.SNIFFER_INTERVAL_AND_FAILURE_DELAY) @@ -61,10 +67,14 @@ public class ElasticsearchRestClientComponent extends DefaultComponent { endpoint.setUser(user); endpoint.setPassword(password); endpoint.setCertificatePath(certificatePath); + endpoint.setSslContextParameters(sslContextParameters); endpoint.setEnableSniffer(enableSniffer); endpoint.setSnifferInterval(snifferInterval); endpoint.setSniffAfterFailureDelay(sniffAfterFailureDelay); setProperties(endpoint, parameters); + if (endpoint.getSslContextParameters() == null) { + endpoint.setSslContextParameters(retrieveGlobalSslContextParameters()); + } return endpoint; } @@ -177,4 +187,29 @@ public class ElasticsearchRestClientComponent extends DefaultComponent { public void setSniffAfterFailureDelay(int sniffAfterFailureDelay) { this.sniffAfterFailureDelay = sniffAfterFailureDelay; } + + public SSLContextParameters getSslContextParameters() { + return sslContextParameters; + } + + /** + * To configure security using SSLContextParameters. When configured, this takes precedence over the + * {@code certificatePath} option. + */ + public void setSslContextParameters(SSLContextParameters sslContextParameters) { + this.sslContextParameters = sslContextParameters; + } + + @Override + public boolean isUseGlobalSslContextParameters() { + return useGlobalSslContextParameters; + } + + /** + * Enable usage of global SSL context parameters. + */ + @Override + public void setUseGlobalSslContextParameters(boolean useGlobalSslContextParameters) { + this.useGlobalSslContextParameters = useGlobalSslContextParameters; + } } diff --git a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java index 0ed090ee1a8e..b0a1dcef4413 100644 --- a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java +++ b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java @@ -26,6 +26,7 @@ import org.apache.camel.spi.UriEndpoint; import org.apache.camel.spi.UriParam; import org.apache.camel.spi.UriPath; import org.apache.camel.support.DefaultEndpoint; +import org.apache.camel.support.jsse.SSLContextParameters; import org.elasticsearch.client.RestClient; /** @@ -64,6 +65,8 @@ public class ElasticsearchRestClientEndpoint extends DefaultEndpoint implements @UriParam(label = "security") @Metadata(supportFileReference = true) private String certificatePath; + @UriParam(label = "security") + private SSLContextParameters sslContextParameters; @UriParam(label = "advanced") private boolean enableSniffer; @@ -209,6 +212,19 @@ public class ElasticsearchRestClientEndpoint extends DefaultEndpoint implements this.certificatePath = certificatePath; } + public SSLContextParameters getSslContextParameters() { + return sslContextParameters; + } + + /** + * To configure security using SSLContextParameters. When configured, this takes precedence over the + * {@code certificatePath} option. This allows configuring named groups, signature schemes, cipher suites, and + * protocols for the TLS connection. + */ + public void setSslContextParameters(SSLContextParameters sslContextParameters) { + this.sslContextParameters = sslContextParameters; + } + /** * Enabling Sniffer */ diff --git a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java index dc9b82ee34b2..68aeea3cd4cb 100644 --- a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java +++ b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java @@ -380,18 +380,27 @@ public class ElasticsearchRestClientProducer extends DefaultAsyncProducer { builder.setRequestConfigCallback(requestConfigBuilder -> requestConfigBuilder .setConnectTimeout(this.endpoint.getConnectionTimeout()).setSocketTimeout(this.endpoint.getSocketTimeout())); - if (this.endpoint.getUser() != null && this.endpoint.getPassword() != null) { - final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); - credentialsProvider.setCredentials(AuthScope.ANY, - new UsernamePasswordCredentials(this.endpoint.getUser(), this.endpoint.getPassword())); - builder.setHttpClientConfigCallback(httpClientBuilder -> { + builder.setHttpClientConfigCallback(httpClientBuilder -> { + if (this.endpoint.getUser() != null && this.endpoint.getPassword() != null) { + final CredentialsProvider credentialsProvider = new BasicCredentialsProvider(); + credentialsProvider.setCredentials(AuthScope.ANY, + new UsernamePasswordCredentials(this.endpoint.getUser(), this.endpoint.getPassword())); httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider); - if (this.endpoint.getCertificatePath() != null) { - httpClientBuilder.setSSLContext(createSslContextFromCa()); + } + if (this.endpoint.getSslContextParameters() != null) { + // Use SSLContextParameters (allows configuring named groups, signature schemes, cipher suites and + // protocols), e.g. for post-quantum readiness on JDK 25+ + try { + httpClientBuilder.setSSLContext( + this.endpoint.getSslContextParameters().createSSLContext(getEndpoint().getCamelContext())); + } catch (Exception e) { + throw new RuntimeException("Failed to create SSLContext from SSLContextParameters", e); } - return httpClientBuilder; - }); - } + } else if (this.endpoint.getCertificatePath() != null) { + httpClientBuilder.setSSLContext(createSslContextFromCa()); + } + return httpClientBuilder; + }); final RestClient restClient = builder.build(); // initiate Sniffer diff --git a/components/camel-elasticsearch-rest-client/src/test/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientSslContextParametersTest.java b/components/camel-elasticsearch-rest-client/src/test/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientSslContextParametersTest.java new file mode 100644 index 000000000000..de66ead9df73 --- /dev/null +++ b/components/camel-elasticsearch-rest-client/src/test/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientSslContextParametersTest.java @@ -0,0 +1,103 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.component.elasticsearch.rest.client; + +import org.apache.camel.CamelContext; +import org.apache.camel.impl.DefaultCamelContext; +import org.apache.camel.support.jsse.SSLContextParameters; +import org.junit.jupiter.api.Test; + +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertNull; +import static org.junit.jupiter.api.Assertions.assertSame; +import static org.junit.jupiter.api.Assertions.assertTrue; + +public class ElasticsearchRestClientSslContextParametersTest { + + private static final String URI = "elasticsearch-rest-client:test-cluster"; + + @Test + public void componentPropertyRoundTrip() { + ElasticsearchRestClientComponent component = new ElasticsearchRestClientComponent(); + assertNull(component.getSslContextParameters(), + "SSLContextParameters should be null by default"); + + SSLContextParameters sslContextParameters = new SSLContextParameters(); + component.setSslContextParameters(sslContextParameters); + assertSame(sslContextParameters, component.getSslContextParameters(), + "Getter should return the value set via setter"); + } + + @Test + public void componentPropagatesSslContextParametersToEndpoint() throws Exception { + try (CamelContext context = new DefaultCamelContext()) { + context.start(); + + SSLContextParameters sslContextParameters = new SSLContextParameters(); + ElasticsearchRestClientComponent component = new ElasticsearchRestClientComponent(); + component.setHostAddressesList("localhost:9200"); + component.setSslContextParameters(sslContextParameters); + context.addComponent("elasticsearch-rest-client", component); + + ElasticsearchRestClientEndpoint endpoint = context.getEndpoint(URI, ElasticsearchRestClientEndpoint.class); + assertNotNull(endpoint); + assertSame(sslContextParameters, endpoint.getSslContextParameters(), + "Component-level SSLContextParameters must propagate to the endpoint"); + } + } + + @Test + public void endpointUsesGlobalSslContextParametersWhenEnabled() throws Exception { + try (CamelContext context = new DefaultCamelContext()) { + SSLContextParameters globalParameters = new SSLContextParameters(); + context.setSSLContextParameters(globalParameters); + context.start(); + + ElasticsearchRestClientComponent component = new ElasticsearchRestClientComponent(); + component.setHostAddressesList("localhost:9200"); + component.setUseGlobalSslContextParameters(true); + context.addComponent("elasticsearch-rest-client", component); + + ElasticsearchRestClientEndpoint endpoint = context.getEndpoint(URI, ElasticsearchRestClientEndpoint.class); + assertNotNull(endpoint); + assertTrue(component.isUseGlobalSslContextParameters()); + assertSame(globalParameters, endpoint.getSslContextParameters(), + "Global SSLContextParameters must be used when useGlobalSslContextParameters is true"); + } + } + + @Test + public void explicitSslContextParametersWinOverGlobal() throws Exception { + try (CamelContext context = new DefaultCamelContext()) { + SSLContextParameters globalParameters = new SSLContextParameters(); + context.setSSLContextParameters(globalParameters); + context.start(); + + SSLContextParameters explicitParameters = new SSLContextParameters(); + ElasticsearchRestClientComponent component = new ElasticsearchRestClientComponent(); + component.setHostAddressesList("localhost:9200"); + component.setUseGlobalSslContextParameters(true); + component.setSslContextParameters(explicitParameters); + context.addComponent("elasticsearch-rest-client", component); + + ElasticsearchRestClientEndpoint endpoint = context.getEndpoint(URI, ElasticsearchRestClientEndpoint.class); + assertNotNull(endpoint); + assertSame(explicitParameters, endpoint.getSslContextParameters(), + "Component-level SSLContextParameters must win over the global one"); + } + } +} diff --git a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java index 89fcef0e3771..31d7a2eb7bb0 100644 --- a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java +++ b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java @@ -249,6 +249,40 @@ public interface ElasticsearchRestClientComponentBuilderFactory { return this; } + /** + * To configure security using SSLContextParameters. When configured, + * this takes precedence over the certificatePath option. + * + * The option is a: + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default ElasticsearchRestClientComponentBuilder sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } + + + /** + * Enable usage of global SSL context parameters. + * + * The option is a: <code>boolean</code> type. + * + * Default: false + * Group: security + * + * @param useGlobalSslContextParameters the value to set + * @return the dsl builder + */ + default ElasticsearchRestClientComponentBuilder useGlobalSslContextParameters(boolean useGlobalSslContextParameters) { + doSetProperty("useGlobalSslContextParameters", useGlobalSslContextParameters); + return this; + } + /** * Username. * @@ -289,6 +323,8 @@ public interface ElasticsearchRestClientComponentBuilderFactory { case "snifferInterval": ((ElasticsearchRestClientComponent) component).setSnifferInterval((int) value); return true; case "certificatePath": ((ElasticsearchRestClientComponent) component).setCertificatePath((java.lang.String) value); return true; case "password": ((ElasticsearchRestClientComponent) component).setPassword((java.lang.String) value); return true; + case "sslContextParameters": ((ElasticsearchRestClientComponent) component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters) value); return true; + case "useGlobalSslContextParameters": ((ElasticsearchRestClientComponent) component).setUseGlobalSslContextParameters((boolean) value); return true; case "user": ((ElasticsearchRestClientComponent) component).setUser((java.lang.String) value); return true; default: return false; } diff --git a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java index 2fb262566a8d..929b5ed59855 100644 --- a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java +++ b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java @@ -194,6 +194,42 @@ public interface ElasticsearchRestClientEndpointBuilderFactory { doSetProperty("password", password); return this; } + /** + * To configure security using SSLContextParameters. When configured, + * this takes precedence over the certificatePath option. This allows + * configuring named groups, signature schemes, cipher suites, and + * protocols for the TLS connection. + * + * The option is a: + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default ElasticsearchRestClientEndpointBuilder sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } + /** + * To configure security using SSLContextParameters. When configured, + * this takes precedence over the certificatePath option. This allows + * configuring named groups, signature schemes, cipher suites, and + * protocols for the TLS connection. + * + * The option will be converted to a + * <code>org.apache.camel.support.jsse.SSLContextParameters</code> type. + * + * Group: security + * + * @param sslContextParameters the value to set + * @return the dsl builder + */ + default ElasticsearchRestClientEndpointBuilder sslContextParameters(String sslContextParameters) { + doSetProperty("sslContextParameters", sslContextParameters); + return this; + } /** * Username. *
