[
https://issues.apache.org/jira/browse/CAMEL-23250?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18068909#comment-18068909
]
Guillaume Nodet commented on CAMEL-23250:
-----------------------------------------
**Future Extension: FIPS Compliance**
The security policy framework implemented in this ticket is designed to be
extensible for future FIPS 140-2/140-3 compliance support. No framework changes
would be needed — the extension points are already in place:
- *Annotation-driven*: {{@UriParam(security = "insecure:fips")}} works today.
Unknown categories fall back to the global policy via the {{default -> null}}
branch in {{resolvePolicy()}}.
- *Auto-generated tracking*: the build tooling picks up any {{security=}} value
and adds it to the {{SecurityUtils.SECURITY_OPTIONS}} map automatically.
- *Per-category override*: adding a dedicated {{insecureFipsPolicy}} config
would follow the same pattern as {{insecureSslPolicy}} (one field + one switch
case).
*What a FIPS category could check:*
# Non-FIPS cryptographic algorithms (MD5, SHA-1 for signing, DES, RC4)
# TLS protocol versions below 1.2
# Key sizes below FIPS minimums (RSA < 2048, ECC < 224)
# Self-signed certificates (no CA chain validation)
# Absence of a FIPS-validated JCE provider
Items 1-4 can be handled via annotations on existing properties. Item 5 would
need a runtime validator in {{enforceSecurityPolicies()}} that inspects the JVM
provider chain — a small addition, not a framework change.
*Related work:*
- CAMEL-20922: extracted PGPDataFormat so camel-crypto can use BC-FIPS
- Camel Quarkus has 5 open FIPS issues (OAuth, CXF-SOAP, SMB, MySQL) — their
experience on FIPS-enabled RHEL would inform the category design
_Claude Code on behalf of Guillaume Nodet_
> Security policy enforcement for insecure configuration at startup
> -----------------------------------------------------------------
>
> Key: CAMEL-23250
> URL: https://issues.apache.org/jira/browse/CAMEL-23250
> Project: Camel
> Issue Type: Improvement
> Components: camel-core
> Reporter: Guillaume Nodet
> Assignee: Guillaume Nodet
> Priority: Major
>
> Add a security policy enforcement system that detects insecure configuration
> at startup and warns or prevents the application from starting.
> h3. Security Categories
> || Category || Description || Examples ||
> | {{secret}} | Plain-text passwords/tokens not using secure placeholders |
> {{camel.ssl.keystorePassword=plaintext}} |
> | {{insecure:ssl}} | Disabled certificate validation or hostname verification
> | {{trustAllCertificates=true}}, {{hostnameVerification=false}} |
> | {{insecure:serialization}} | Dangerous deserialization of untrusted data |
> {{allowJavaSerializedObject=true}}, {{transferExchange=true}} |
> | {{insecure:dev}} | Development-only features left enabled |
> {{devConsoleEnabled=true}}, {{uploadEnabled=true}} |
> h3. Policy Levels
> - *allow* — no warnings, silently allow the configuration
> - *warn* — log a warning at startup (default for dev/test profiles)
> - *fail* — throw an exception and prevent startup (default for prod profile)
> h3. Features
> # *Configurable policies* under {{camel.security.*}} namespace with global
> and per-category overrides
> # *Profile-aware defaults*: {{camel.main.profile=prod}} automatically
> defaults to {{fail}} policy; users can override via
> {{camel.security.policy=warn}}
> # *Property allowlist*: {{camel.security.allowedProperties}} to exclude
> specific properties from checks
> # *Plain-text secret detection*: flags passwords/tokens not using {{RAW()}},
> {{\{\{vault:...\}\}}}, {{$\{env:...\}}}, or {{\{\{...\}\}}} placeholders
> # *Health check*: {{SecurityPolicyHealthCheck}} readiness check reports
> violations at runtime
> # *Context plugin*: {{SecurityPolicyResult}} stores violations for
> programmatic access
> # *Annotation-driven*: new {{security}} and {{insecureValue}} attributes on
> {{@UriParam}}, {{@Metadata}}, {{@UriPath}} — build tools auto-generate the
> tracking map
> # *57+ components annotated* across AWS, Netty, JMS, Paho MQTT, Splunk,
> Huawei Cloud, core SSL
> # *Documentation* in {{security.adoc}}
> h3. Configuration Example
> {code}
> # Global policy (default: warn, or fail when profile=prod)
> camel.security.policy = fail
> # Per-category overrides
> camel.security.secretPolicy = fail
> camel.security.insecureSslPolicy = fail
> camel.security.insecureDevPolicy = warn
> # Allow specific properties
> camel.security.allowedProperties =
> camel.component.aws2-s3.trustAllCertificates
> {code}
> h3. Key Files
> - {{core/camel-util/.../SecurityUtils.java}} — detection logic and
> auto-generated security options map
> - {{core/camel-util/.../SecurityViolation.java}} — shared violation record
> - {{core/camel-main/.../SecurityConfigurationProperties.java}} — policy
> configuration
> - {{core/camel-main/.../ProfileConfigurer.java}} — profile-aware defaults
> - {{core/camel-main/.../SecurityPolicyResult.java}} — context plugin for
> runtime access
> - {{core/camel-health/.../SecurityPolicyHealthCheck.java}} — readiness health
> check
> - {{docs/user-manual/.../security.adoc}} — documentation
> PR: https://github.com/apache/camel/pull/22269
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
