Add Namespace Support to XMLSecurity Component
----------------------------------------------
Key: CAMEL-4441
URL: https://issues.apache.org/jira/browse/CAMEL-4441
Project: Camel
Issue Type: Improvement
Reporter: Rich Newcomb
The camel-xmlsecurity data format does not support namespaces when identifying
specific nodes to be encrypted or decrypted. The data format will only work
for incidental namespace collisions (i.e., when the target XML document has
elements that happen to use the same namespace prefix as that used in the
secureTag element).
The attached patch resolves this issue by allowing a namespace definition
mapping to be included as part of the data format configuration. This enables
true namespace matching, even if the prefix values in the data format
definition and the target xml document are not equivalent strings.
Below is one example of the updated secureXML API in Java :
{code:xml}
final Map<String, String> namespaces = new HashMap<String, String>();
namespaces.put("cust", "http://cheese.xmlsecurity.camel.apache.org/";);
final KeyStoreParameters tsParameters = new KeyStoreParameters();
tsParameters.setPassword("password");
tsParameters.setResource("sender.ts");
context.addRoutes(new RouteBuilder() {
public void configure() {
from("direct:start")
.marshal().secureXML("//cust:cheesesites/italy",
namespaces, true, "recipient", testCypherAlgorithm, XMLCipher.RSA_v1dot5,
tsParameters).to("mock:encrypted");
}
}
{code}
The patch also extends natural XML support to Spring XML route definitions by
leveraging the Camel NamespaceAware interface. Thus, a namespace prefix that
is defined as part of the camelContext definition can be re-used in context
within the data format secureTag attribute of the secureXML element.
For example:
{code:xml}
<!-- trust store configuration -->
<camel:keyStoreParameters id="trustStoreParams" resource="./sender.ts"
password="password"/>
<camelContext id="springXmlSecurityDataFormatTestCamelContext"
xmlns="http://camel.apache.org/schema/spring";
xmlns:cheese="http://cheese.xmlsecurity.camel.apache.org/";>
<route>
<from uri="direct://start"/>
<marshal>
<secureXML
secureTag="//cheese:cheesesites/italy"
secureTagContents="true"
xmlCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc";
keyCipherAlgorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5";
recipientKeyAlias="recipient"
keyOrTrustStoreParametersId="trustStoreParams" />
</marshal>
...
{code}
Finally, this patch updates the method used to define TrustStore and KeyStore
parameters for asymmetric encryption and decryption. The patch enables the
XmlSecuritiy component to use instances of the
org.apache.camel.util.jsse.KeyStoreParameters class for this purpose. This is
also illustrated in the examples above. The other methods of KeyStore
definition are deprecated by the patch.
Minor and related changes provided by the patch include:
* Fixes an error where unit tests were incorrectly skipped (due to security
engine not initialized) even when the related crypto algorithms are available.
* Adds a Spring Xml route definition example in the unit tests
* Configures the xmlunit version in the parent.pom and updates camel-jmx to
share this configuration
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
