[
https://issues.apache.org/activemq/browse/CAMEL-2482?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Stephen Gargan updated CAMEL-2482:
----------------------------------
Attachment: camel-crypto.patch
parent.patch
core-crypto-dataformat.patch
Attached is the beginning of a cryptography component to expose features of the
Java Cryptographic Extensions to Camel. This camel-crypto component has two
main parts; a Digital Signatures component and a CryptoDataFormat.
The Digital signatures component is a reworking of CAMEL-2527 to use endpoints
instead of a custom DSL to sign and verify exchanges. The CryptoDataFormat is a
standard dataformat for use with the marshal and unmarshal DSL constructs that
uses the JCE to encrypt, decrypt and validate exchange payloads e.g.
// symmetric DES encryption.
KeyGenerator generator = KeyGenerator.getInstance("DES");
CryptoDataFormat cryptoFormat = new CryptoDataFormat("DES",
generator.generateKey());
from("direct:basic-encryption").marshal(cryptoFormat).to("mock:encrypted").unmarshal(cryptoFormat).to("mock:unencrypted");
To be as flexible as possible the Component and DataFormat expose as much of
the JCE configuration as possible to the control of the user and where
applicable certain configuration (keys and aliases etc) can be supplied
dynamically in exchange headers.
One thing to note about using headers with the Crypo format is that the
MarshalProcessor & UmarshalProcessor copy the message before invocation. As a
result the CryptoFormat can't clear the headers and so the user must be careful
to clear them less important private information get leaked accidentally. I
know this is the odd man out, but it would be nice to allow if the Processors
allowed the Formats to post process the exchange before forwarding. It would be
trivial to implement and could easily be transparent to the existing formats.
I'm happy to make this change if you agree.
The camel-crypto.patch has a binary keystore in it so to apply it run
patch -p0 --binary -i camel-crypto.patch
I hope you can find this useful.
rgds,
ste
> camel-bouncycastle - A new component for crypto
> -----------------------------------------------
>
> Key: CAMEL-2482
> URL: https://issues.apache.org/activemq/browse/CAMEL-2482
> Project: Apache Camel
> Issue Type: New Feature
> Reporter: Claus Ibsen
> Fix For: Future
>
> Attachments: camel-crypto.patch, core-crypto-dataformat.patch,
> parent.patch
>
>
> See more at:
> http://www.bouncycastle.org/
> Basically a Camel DataFormat that leverages bouncycastle would be good.
> Its using a MIT/X11 license which should be friendly with Apache
> http://bouncycastle.org/licence.html
> http://www.apache.org/legal/3party.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
