This is an automated email from the ASF dual-hosted git repository.
oscerd pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new e1854b4ef92a CAMEL-23445: camel-elasticsearch-rest-client - Add
SSLContextParameters support for TLS configuration (#23967)
e1854b4ef92a is described below
commit e1854b4ef92aa8fe6c53d41ddf2f510c114ba11d
Author: Andrea Cosentino <[email protected]>
AuthorDate: Fri Jun 12 10:23:38 2026 +0200
CAMEL-23445: camel-elasticsearch-rest-client - Add SSLContextParameters
support for TLS configuration (#23967)
Add SSLContextParameters support to camel-elasticsearch-rest-client so TLS
can be
configured with fine-grained control (named groups, signature schemes,
cipher
suites and protocols), e.g. post-quantum named groups such as
X25519MLKEM768 on
JDK 25+. ElasticsearchRestClientComponent now implements
SSLContextParametersAware
with a global SSLContextParameters fallback, and
ElasticsearchRestClientProducer
builds the SSLContext from SSLContextParameters when configured, keeping the
existing certificatePath (CA-only) path as a fallback. The HTTP client
config
callback is now applied independently of basic-auth credentials, so TLS is
honored
even when no user/password is set. Mirrors CAMEL-23314 (camel-opensearch)
and
CAMEL-23444 (camel-elasticsearch), and adds an upgrade-guide entry covering
the
SSLContextParameters additions across the search components.
Co-Authored-By: Claude Opus 4.8 (1M context) <[email protected]>
Signed-off-by: Andrea Cosentino <[email protected]>
---
.../components/elasticsearch-rest-client.json | 7 +-
...ElasticsearchRestClientComponentConfigurer.java | 12 +++
.../ElasticsearchRestClientEndpointConfigurer.java | 6 ++
.../ElasticsearchRestClientEndpointUriFactory.java | 3 +-
.../rest/client/elasticsearch-rest-client.json | 7 +-
.../client/ElasticsearchRestClientComponent.java | 37 +++++++-
.../client/ElasticsearchRestClientEndpoint.java | 16 ++++
.../client/ElasticsearchRestClientProducer.java | 29 ++++--
...icsearchRestClientSslContextParametersTest.java | 103 +++++++++++++++++++++
.../ROOT/pages/camel-4x-upgrade-guide-4_21.adoc | 16 ++++
...ticsearchRestClientComponentBuilderFactory.java | 36 +++++++
...sticsearchRestClientEndpointBuilderFactory.java | 36 +++++++
12 files changed, 292 insertions(+), 16 deletions(-)
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json
index b084c0611806..336dd3ab86a3 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/elasticsearch-rest-client.json
@@ -35,7 +35,9 @@
"snifferInterval": { "index": 8, "kind": "property", "displayName":
"Sniffer Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "integer", "javaType": "int", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval
(in millis)" },
"certificatePath": { "index": 9, "kind": "property", "displayName":
"Certificate Path", "group": "security", "label": "security", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "supportFileReference": true,
"description": "Certificate Path" },
"password": { "index": 10, "kind": "property", "displayName": "Password",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Password" },
- "user": { "index": 11, "kind": "property", "displayName": "User", "group":
"security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
+ "sslContextParameters": { "index": 11, "kind": "property", "displayName":
"Ssl Context Parameters", "group": "security", "label": "security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "description": "To configure security
using SSLContextParameters. When configured, this takes precedence over the
certificatePath option." },
+ "useGlobalSslContextParameters": { "index": 12, "kind": "property",
"displayName": "Use Global Ssl Context Parameters", "group": "security",
"label": "security", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Enable usage of global SSL context
parameters." },
+ "user": { "index": 13, "kind": "property", "displayName": "User", "group":
"security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
},
"headers": {
"CamelElasticsearchId": { "index": 0, "kind": "header", "displayName": "",
"group": "producer", "label": "", "required": false, "javaType": "String",
"deprecated": false, "deprecationNote": "", "autowired": false, "secret":
false, "description": "ID of the object to index or retrieve or delete",
"constantName":
"org.apache.camel.component.elasticsearch.rest.client.ElasticSearchRestClientConstant#ID"
},
@@ -58,6 +60,7 @@
"snifferInterval": { "index": 10, "kind": "parameter", "displayName":
"Sniffer Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "integer", "javaType": "int", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval
(in millis)" },
"certificatePath": { "index": 11, "kind": "parameter", "displayName":
"Certificate Path", "group": "security", "label": "security", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"deprecationNote": "", "autowired": false, "secret": false,
"supportFileReference": true, "description": "Certificate Path" },
"password": { "index": 12, "kind": "parameter", "displayName": "Password",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Password" },
- "user": { "index": 13, "kind": "parameter", "displayName": "User",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
+ "sslContextParameters": { "index": 13, "kind": "parameter", "displayName":
"Ssl Context Parameters", "group": "security", "label": "security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "description": "To configure security
using SSLContextParameters. When configured, this takes precedence over the
certificatePath option. This allows configuring named groups, signatur [...]
+ "user": { "index": 14, "kind": "parameter", "displayName": "User",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
}
}
diff --git
a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java
b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java
index 0db4ab9e77c3..aada3cce9a8c 100644
---
a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java
+++
b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponentConfigurer.java
@@ -44,6 +44,10 @@ public class ElasticsearchRestClientComponentConfigurer
extends PropertyConfigur
case "snifferInterval":
target.setSnifferInterval(property(camelContext, int.class, value)); return
true;
case "sockettimeout":
case "socketTimeout": target.setSocketTimeout(property(camelContext,
int.class, value)); return true;
+ case "sslcontextparameters":
+ case "sslContextParameters":
target.setSslContextParameters(property(camelContext,
org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true;
+ case "useglobalsslcontextparameters":
+ case "useGlobalSslContextParameters":
target.setUseGlobalSslContextParameters(property(camelContext, boolean.class,
value)); return true;
case "user": target.setUser(property(camelContext,
java.lang.String.class, value)); return true;
default: return false;
}
@@ -78,6 +82,10 @@ public class ElasticsearchRestClientComponentConfigurer
extends PropertyConfigur
case "snifferInterval": return int.class;
case "sockettimeout":
case "socketTimeout": return int.class;
+ case "sslcontextparameters":
+ case "sslContextParameters": return
org.apache.camel.support.jsse.SSLContextParameters.class;
+ case "useglobalsslcontextparameters":
+ case "useGlobalSslContextParameters": return boolean.class;
case "user": return java.lang.String.class;
default: return null;
}
@@ -108,6 +116,10 @@ public class ElasticsearchRestClientComponentConfigurer
extends PropertyConfigur
case "snifferInterval": return target.getSnifferInterval();
case "sockettimeout":
case "socketTimeout": return target.getSocketTimeout();
+ case "sslcontextparameters":
+ case "sslContextParameters": return target.getSslContextParameters();
+ case "useglobalsslcontextparameters":
+ case "useGlobalSslContextParameters": return
target.isUseGlobalSslContextParameters();
case "user": return target.getUser();
default: return null;
}
diff --git
a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java
b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java
index c6e86ff89615..fb91f0f272a1 100644
---
a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java
+++
b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointConfigurer.java
@@ -45,6 +45,8 @@ public class ElasticsearchRestClientEndpointConfigurer
extends PropertyConfigure
case "snifferInterval":
target.setSnifferInterval(property(camelContext, int.class, value)); return
true;
case "sockettimeout":
case "socketTimeout": target.setSocketTimeout(property(camelContext,
int.class, value)); return true;
+ case "sslcontextparameters":
+ case "sslContextParameters":
target.setSslContextParameters(property(camelContext,
org.apache.camel.support.jsse.SSLContextParameters.class, value)); return true;
case "user": target.setUser(property(camelContext,
java.lang.String.class, value)); return true;
default: return false;
}
@@ -80,6 +82,8 @@ public class ElasticsearchRestClientEndpointConfigurer
extends PropertyConfigure
case "snifferInterval": return int.class;
case "sockettimeout":
case "socketTimeout": return int.class;
+ case "sslcontextparameters":
+ case "sslContextParameters": return
org.apache.camel.support.jsse.SSLContextParameters.class;
case "user": return java.lang.String.class;
default: return null;
}
@@ -111,6 +115,8 @@ public class ElasticsearchRestClientEndpointConfigurer
extends PropertyConfigure
case "snifferInterval": return target.getSnifferInterval();
case "sockettimeout":
case "socketTimeout": return target.getSocketTimeout();
+ case "sslcontextparameters":
+ case "sslContextParameters": return target.getSslContextParameters();
case "user": return target.getUser();
default: return null;
}
diff --git
a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java
b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java
index 3c3f31c0b24b..88f34e6aea01 100644
---
a/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java
+++
b/components/camel-elasticsearch-rest-client/src/generated/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpointUriFactory.java
@@ -24,7 +24,7 @@ public class ElasticsearchRestClientEndpointUriFactory
extends org.apache.camel.
private static final Set<String> ENDPOINT_IDENTITY_PROPERTY_NAMES;
private static final Map<String, String> MULTI_VALUE_PREFIXES;
static {
- Set<String> props = new HashSet<>(14);
+ Set<String> props = new HashSet<>(15);
props.add("certificatePath");
props.add("clusterName");
props.add("connectionTimeout");
@@ -38,6 +38,7 @@ public class ElasticsearchRestClientEndpointUriFactory
extends org.apache.camel.
props.add("sniffAfterFailureDelay");
props.add("snifferInterval");
props.add("socketTimeout");
+ props.add("sslContextParameters");
props.add("user");
PROPERTY_NAMES = Collections.unmodifiableSet(props);
Set<String> secretProps = new HashSet<>(2);
diff --git
a/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json
b/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json
index b084c0611806..336dd3ab86a3 100644
---
a/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json
+++
b/components/camel-elasticsearch-rest-client/src/generated/resources/META-INF/org/apache/camel/component/elasticsearch/rest/client/elasticsearch-rest-client.json
@@ -35,7 +35,9 @@
"snifferInterval": { "index": 8, "kind": "property", "displayName":
"Sniffer Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "integer", "javaType": "int", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval
(in millis)" },
"certificatePath": { "index": 9, "kind": "property", "displayName":
"Certificate Path", "group": "security", "label": "security", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "supportFileReference": true,
"description": "Certificate Path" },
"password": { "index": 10, "kind": "property", "displayName": "Password",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Password" },
- "user": { "index": 11, "kind": "property", "displayName": "User", "group":
"security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
+ "sslContextParameters": { "index": 11, "kind": "property", "displayName":
"Ssl Context Parameters", "group": "security", "label": "security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "description": "To configure security
using SSLContextParameters. When configured, this takes precedence over the
certificatePath option." },
+ "useGlobalSslContextParameters": { "index": 12, "kind": "property",
"displayName": "Use Global Ssl Context Parameters", "group": "security",
"label": "security", "required": false, "type": "boolean", "javaType":
"boolean", "deprecated": false, "autowired": false, "secret": false,
"defaultValue": false, "description": "Enable usage of global SSL context
parameters." },
+ "user": { "index": 13, "kind": "property", "displayName": "User", "group":
"security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
},
"headers": {
"CamelElasticsearchId": { "index": 0, "kind": "header", "displayName": "",
"group": "producer", "label": "", "required": false, "javaType": "String",
"deprecated": false, "deprecationNote": "", "autowired": false, "secret":
false, "description": "ID of the object to index or retrieve or delete",
"constantName":
"org.apache.camel.component.elasticsearch.rest.client.ElasticSearchRestClientConstant#ID"
},
@@ -58,6 +60,7 @@
"snifferInterval": { "index": 10, "kind": "parameter", "displayName":
"Sniffer Interval", "group": "advanced", "label": "advanced", "required":
false, "type": "integer", "javaType": "int", "deprecated": false, "autowired":
false, "secret": false, "defaultValue": 60000, "description": "Sniffer interval
(in millis)" },
"certificatePath": { "index": 11, "kind": "parameter", "displayName":
"Certificate Path", "group": "security", "label": "security", "required":
false, "type": "string", "javaType": "java.lang.String", "deprecated": false,
"deprecationNote": "", "autowired": false, "secret": false,
"supportFileReference": true, "description": "Certificate Path" },
"password": { "index": 12, "kind": "parameter", "displayName": "Password",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Password" },
- "user": { "index": 13, "kind": "parameter", "displayName": "User",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
+ "sslContextParameters": { "index": 13, "kind": "parameter", "displayName":
"Ssl Context Parameters", "group": "security", "label": "security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "description": "To configure security
using SSLContextParameters. When configured, this takes precedence over the
certificatePath option. This allows configuring named groups, signatur [...]
+ "user": { "index": 14, "kind": "parameter", "displayName": "User",
"group": "security", "label": "security", "required": false, "type": "string",
"javaType": "java.lang.String", "deprecated": false, "autowired": false,
"secret": true, "security": "secret", "description": "Username" }
}
}
diff --git
a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java
b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java
index 2c47e6e1a80a..b7b3927b6bd9 100644
---
a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java
+++
b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientComponent.java
@@ -19,13 +19,15 @@ package
org.apache.camel.component.elasticsearch.rest.client;
import java.util.Map;
import org.apache.camel.Endpoint;
+import org.apache.camel.SSLContextParametersAware;
import org.apache.camel.spi.Metadata;
import org.apache.camel.spi.annotations.Component;
import org.apache.camel.support.DefaultComponent;
+import org.apache.camel.support.jsse.SSLContextParameters;
import org.elasticsearch.client.RestClient;
@Component("elasticsearch-rest-client")
-public class ElasticsearchRestClientComponent extends DefaultComponent {
+public class ElasticsearchRestClientComponent extends DefaultComponent
implements SSLContextParametersAware {
@Metadata(label = "advanced", autowired = true)
RestClient restClient;
@@ -41,6 +43,10 @@ public class ElasticsearchRestClientComponent extends
DefaultComponent {
private String password;
@Metadata(label = "security", supportFileReference = true)
private String certificatePath;
+ @Metadata(label = "security")
+ private SSLContextParameters sslContextParameters;
+ @Metadata(label = "security", defaultValue = "false")
+ private boolean useGlobalSslContextParameters;
@Metadata(label = "advanced")
private boolean enableSniffer;
@Metadata(label = "advanced", defaultValue = "" +
ElasticSearchRestClientConstant.SNIFFER_INTERVAL_AND_FAILURE_DELAY)
@@ -61,10 +67,14 @@ public class ElasticsearchRestClientComponent extends
DefaultComponent {
endpoint.setUser(user);
endpoint.setPassword(password);
endpoint.setCertificatePath(certificatePath);
+ endpoint.setSslContextParameters(sslContextParameters);
endpoint.setEnableSniffer(enableSniffer);
endpoint.setSnifferInterval(snifferInterval);
endpoint.setSniffAfterFailureDelay(sniffAfterFailureDelay);
setProperties(endpoint, parameters);
+ if (endpoint.getSslContextParameters() == null) {
+
endpoint.setSslContextParameters(retrieveGlobalSslContextParameters());
+ }
return endpoint;
}
@@ -177,4 +187,29 @@ public class ElasticsearchRestClientComponent extends
DefaultComponent {
public void setSniffAfterFailureDelay(int sniffAfterFailureDelay) {
this.sniffAfterFailureDelay = sniffAfterFailureDelay;
}
+
+ public SSLContextParameters getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ /**
+ * To configure security using SSLContextParameters. When configured, this
takes precedence over the
+ * {@code certificatePath} option.
+ */
+ public void setSslContextParameters(SSLContextParameters
sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
+ @Override
+ public boolean isUseGlobalSslContextParameters() {
+ return useGlobalSslContextParameters;
+ }
+
+ /**
+ * Enable usage of global SSL context parameters.
+ */
+ @Override
+ public void setUseGlobalSslContextParameters(boolean
useGlobalSslContextParameters) {
+ this.useGlobalSslContextParameters = useGlobalSslContextParameters;
+ }
}
diff --git
a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java
b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java
index 0ed090ee1a8e..b0a1dcef4413 100644
---
a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java
+++
b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientEndpoint.java
@@ -26,6 +26,7 @@ import org.apache.camel.spi.UriEndpoint;
import org.apache.camel.spi.UriParam;
import org.apache.camel.spi.UriPath;
import org.apache.camel.support.DefaultEndpoint;
+import org.apache.camel.support.jsse.SSLContextParameters;
import org.elasticsearch.client.RestClient;
/**
@@ -64,6 +65,8 @@ public class ElasticsearchRestClientEndpoint extends
DefaultEndpoint implements
@UriParam(label = "security")
@Metadata(supportFileReference = true)
private String certificatePath;
+ @UriParam(label = "security")
+ private SSLContextParameters sslContextParameters;
@UriParam(label = "advanced")
private boolean enableSniffer;
@@ -209,6 +212,19 @@ public class ElasticsearchRestClientEndpoint extends
DefaultEndpoint implements
this.certificatePath = certificatePath;
}
+ public SSLContextParameters getSslContextParameters() {
+ return sslContextParameters;
+ }
+
+ /**
+ * To configure security using SSLContextParameters. When configured, this
takes precedence over the
+ * {@code certificatePath} option. This allows configuring named groups,
signature schemes, cipher suites, and
+ * protocols for the TLS connection.
+ */
+ public void setSslContextParameters(SSLContextParameters
sslContextParameters) {
+ this.sslContextParameters = sslContextParameters;
+ }
+
/**
* Enabling Sniffer
*/
diff --git
a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java
b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java
index dc9b82ee34b2..68aeea3cd4cb 100644
---
a/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java
+++
b/components/camel-elasticsearch-rest-client/src/main/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientProducer.java
@@ -380,18 +380,27 @@ public class ElasticsearchRestClientProducer extends
DefaultAsyncProducer {
builder.setRequestConfigCallback(requestConfigBuilder ->
requestConfigBuilder
.setConnectTimeout(this.endpoint.getConnectionTimeout()).setSocketTimeout(this.endpoint.getSocketTimeout()));
- if (this.endpoint.getUser() != null && this.endpoint.getPassword() !=
null) {
- final CredentialsProvider credentialsProvider = new
BasicCredentialsProvider();
- credentialsProvider.setCredentials(AuthScope.ANY,
- new UsernamePasswordCredentials(this.endpoint.getUser(),
this.endpoint.getPassword()));
- builder.setHttpClientConfigCallback(httpClientBuilder -> {
+ builder.setHttpClientConfigCallback(httpClientBuilder -> {
+ if (this.endpoint.getUser() != null && this.endpoint.getPassword()
!= null) {
+ final CredentialsProvider credentialsProvider = new
BasicCredentialsProvider();
+ credentialsProvider.setCredentials(AuthScope.ANY,
+ new
UsernamePasswordCredentials(this.endpoint.getUser(),
this.endpoint.getPassword()));
httpClientBuilder.setDefaultCredentialsProvider(credentialsProvider);
- if (this.endpoint.getCertificatePath() != null) {
- httpClientBuilder.setSSLContext(createSslContextFromCa());
+ }
+ if (this.endpoint.getSslContextParameters() != null) {
+ // Use SSLContextParameters (allows configuring named groups,
signature schemes, cipher suites and
+ // protocols), e.g. for post-quantum readiness on JDK 25+
+ try {
+ httpClientBuilder.setSSLContext(
+
this.endpoint.getSslContextParameters().createSSLContext(getEndpoint().getCamelContext()));
+ } catch (Exception e) {
+ throw new RuntimeException("Failed to create SSLContext
from SSLContextParameters", e);
}
- return httpClientBuilder;
- });
- }
+ } else if (this.endpoint.getCertificatePath() != null) {
+ httpClientBuilder.setSSLContext(createSslContextFromCa());
+ }
+ return httpClientBuilder;
+ });
final RestClient restClient = builder.build();
// initiate Sniffer
diff --git
a/components/camel-elasticsearch-rest-client/src/test/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientSslContextParametersTest.java
b/components/camel-elasticsearch-rest-client/src/test/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientSslContextParametersTest.java
new file mode 100644
index 000000000000..de66ead9df73
--- /dev/null
+++
b/components/camel-elasticsearch-rest-client/src/test/java/org/apache/camel/component/elasticsearch/rest/client/ElasticsearchRestClientSslContextParametersTest.java
@@ -0,0 +1,103 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.elasticsearch.rest.client;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.camel.support.jsse.SSLContextParameters;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertNull;
+import static org.junit.jupiter.api.Assertions.assertSame;
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class ElasticsearchRestClientSslContextParametersTest {
+
+ private static final String URI = "elasticsearch-rest-client:test-cluster";
+
+ @Test
+ public void componentPropertyRoundTrip() {
+ ElasticsearchRestClientComponent component = new
ElasticsearchRestClientComponent();
+ assertNull(component.getSslContextParameters(),
+ "SSLContextParameters should be null by default");
+
+ SSLContextParameters sslContextParameters = new SSLContextParameters();
+ component.setSslContextParameters(sslContextParameters);
+ assertSame(sslContextParameters, component.getSslContextParameters(),
+ "Getter should return the value set via setter");
+ }
+
+ @Test
+ public void componentPropagatesSslContextParametersToEndpoint() throws
Exception {
+ try (CamelContext context = new DefaultCamelContext()) {
+ context.start();
+
+ SSLContextParameters sslContextParameters = new
SSLContextParameters();
+ ElasticsearchRestClientComponent component = new
ElasticsearchRestClientComponent();
+ component.setHostAddressesList("localhost:9200");
+ component.setSslContextParameters(sslContextParameters);
+ context.addComponent("elasticsearch-rest-client", component);
+
+ ElasticsearchRestClientEndpoint endpoint =
context.getEndpoint(URI, ElasticsearchRestClientEndpoint.class);
+ assertNotNull(endpoint);
+ assertSame(sslContextParameters,
endpoint.getSslContextParameters(),
+ "Component-level SSLContextParameters must propagate to
the endpoint");
+ }
+ }
+
+ @Test
+ public void endpointUsesGlobalSslContextParametersWhenEnabled() throws
Exception {
+ try (CamelContext context = new DefaultCamelContext()) {
+ SSLContextParameters globalParameters = new SSLContextParameters();
+ context.setSSLContextParameters(globalParameters);
+ context.start();
+
+ ElasticsearchRestClientComponent component = new
ElasticsearchRestClientComponent();
+ component.setHostAddressesList("localhost:9200");
+ component.setUseGlobalSslContextParameters(true);
+ context.addComponent("elasticsearch-rest-client", component);
+
+ ElasticsearchRestClientEndpoint endpoint =
context.getEndpoint(URI, ElasticsearchRestClientEndpoint.class);
+ assertNotNull(endpoint);
+ assertTrue(component.isUseGlobalSslContextParameters());
+ assertSame(globalParameters, endpoint.getSslContextParameters(),
+ "Global SSLContextParameters must be used when
useGlobalSslContextParameters is true");
+ }
+ }
+
+ @Test
+ public void explicitSslContextParametersWinOverGlobal() throws Exception {
+ try (CamelContext context = new DefaultCamelContext()) {
+ SSLContextParameters globalParameters = new SSLContextParameters();
+ context.setSSLContextParameters(globalParameters);
+ context.start();
+
+ SSLContextParameters explicitParameters = new
SSLContextParameters();
+ ElasticsearchRestClientComponent component = new
ElasticsearchRestClientComponent();
+ component.setHostAddressesList("localhost:9200");
+ component.setUseGlobalSslContextParameters(true);
+ component.setSslContextParameters(explicitParameters);
+ context.addComponent("elasticsearch-rest-client", component);
+
+ ElasticsearchRestClientEndpoint endpoint =
context.getEndpoint(URI, ElasticsearchRestClientEndpoint.class);
+ assertNotNull(endpoint);
+ assertSame(explicitParameters, endpoint.getSslContextParameters(),
+ "Component-level SSLContextParameters must win over the
global one");
+ }
+ }
+}
diff --git
a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
index 60ba22b5cf99..7e66b555bda4 100644
--- a/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
+++ b/docs/user-manual/modules/ROOT/pages/camel-4x-upgrade-guide-4_21.adoc
@@ -467,6 +467,22 @@ Routes that attach a `KeycloakSecurityPolicy` without any
roles or permissions a
unverified or invalid token will now have such requests rejected with a
`CamelAuthorizationException`. Provide a
valid, verifiable token (or configure `requiredRoles` / `requiredPermissions`)
for these routes.
+=== camel-elasticsearch / camel-elasticsearch-rest-client / camel-solr
+
+The `camel-elasticsearch`, `camel-elasticsearch-rest-client` and `camel-solr`
components now support
+configuring TLS through `SSLContextParameters` (the JSSE utility), in addition
to the existing
+`certificatePath` option. The new `sslContextParameters` option allows
configuring named groups,
+signature schemes, cipher suites and protocols, for example post-quantum named
groups such as
+`X25519MLKEM768` on JDK 25+. It can be set at the endpoint or component level,
and the components also
+honor the context-wide global SSL configuration via
`useGlobalSslContextParameters`. When configured,
+`SSLContextParameters` takes precedence over `certificatePath`.
+
+For `camel-elasticsearch` and `camel-elasticsearch-rest-client`, the HTTP
client is now configured with
+the TLS settings regardless of whether basic authentication
(`user`/`password`) is set. Previously the
+`certificatePath` option was silently ignored unless both `user` and
`password` were configured. Routes
+that set `certificatePath` without credentials will now correctly use the
configured TLS context where it
+was previously a no-op.
+
=== camel-stomp removal
Camel stomp was deprecated with Camel 4.17. The stomp library didn't have any
activities in the last 10 years. The component is now removed.
diff --git
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java
index 89fcef0e3771..31d7a2eb7bb0 100644
---
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java
+++
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/ElasticsearchRestClientComponentBuilderFactory.java
@@ -249,6 +249,40 @@ public interface
ElasticsearchRestClientComponentBuilderFactory {
return this;
}
+ /**
+ * To configure security using SSLContextParameters. When configured,
+ * this takes precedence over the certificatePath option.
+ *
+ * The option is a:
+ *
<code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default ElasticsearchRestClientComponentBuilder
sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
+
+
+ /**
+ * Enable usage of global SSL context parameters.
+ *
+ * The option is a: <code>boolean</code> type.
+ *
+ * Default: false
+ * Group: security
+ *
+ * @param useGlobalSslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default ElasticsearchRestClientComponentBuilder
useGlobalSslContextParameters(boolean useGlobalSslContextParameters) {
+ doSetProperty("useGlobalSslContextParameters",
useGlobalSslContextParameters);
+ return this;
+ }
+
/**
* Username.
*
@@ -289,6 +323,8 @@ public interface
ElasticsearchRestClientComponentBuilderFactory {
case "snifferInterval": ((ElasticsearchRestClientComponent)
component).setSnifferInterval((int) value); return true;
case "certificatePath": ((ElasticsearchRestClientComponent)
component).setCertificatePath((java.lang.String) value); return true;
case "password": ((ElasticsearchRestClientComponent)
component).setPassword((java.lang.String) value); return true;
+ case "sslContextParameters": ((ElasticsearchRestClientComponent)
component).setSslContextParameters((org.apache.camel.support.jsse.SSLContextParameters)
value); return true;
+ case "useGlobalSslContextParameters":
((ElasticsearchRestClientComponent)
component).setUseGlobalSslContextParameters((boolean) value); return true;
case "user": ((ElasticsearchRestClientComponent)
component).setUser((java.lang.String) value); return true;
default: return false;
}
diff --git
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java
index 2fb262566a8d..929b5ed59855 100644
---
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java
+++
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/ElasticsearchRestClientEndpointBuilderFactory.java
@@ -194,6 +194,42 @@ public interface
ElasticsearchRestClientEndpointBuilderFactory {
doSetProperty("password", password);
return this;
}
+ /**
+ * To configure security using SSLContextParameters. When configured,
+ * this takes precedence over the certificatePath option. This allows
+ * configuring named groups, signature schemes, cipher suites, and
+ * protocols for the TLS connection.
+ *
+ * The option is a:
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default ElasticsearchRestClientEndpointBuilder
sslContextParameters(org.apache.camel.support.jsse.SSLContextParameters
sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
+ /**
+ * To configure security using SSLContextParameters. When configured,
+ * this takes precedence over the certificatePath option. This allows
+ * configuring named groups, signature schemes, cipher suites, and
+ * protocols for the TLS connection.
+ *
+ * The option will be converted to a
+ * <code>org.apache.camel.support.jsse.SSLContextParameters</code>
type.
+ *
+ * Group: security
+ *
+ * @param sslContextParameters the value to set
+ * @return the dsl builder
+ */
+ default ElasticsearchRestClientEndpointBuilder
sslContextParameters(String sslContextParameters) {
+ doSetProperty("sslContextParameters", sslContextParameters);
+ return this;
+ }
/**
* Username.
*
