[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1180779656
##
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain,
private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
I'm not sure that disabled by default test can be considered a dependency.
It's just good manners: showing a way a person can establish HTTPS AS2
connection to non-localhost server.
If Mendelson goes down, just remove two classes with Mendelson in the name,
the test/resource folder mendelson and the file test-server.properties. I will
be able to do that myself. No hurt feelings on my side then :)
I think dockerization of AS2 server is beyond the scope of the ticket
CAMEL-17946
Besides, what exactly are you going to dockerize? Camel AS2 server
component? Both Camel AS2 server and client can have issues which will allow
them to communicate, but not to other AS2-compliant server (what if the sources
of both client and server suffer from the same issue?). Another point: it's
important to test HTTPS connection to non-localhost server - test the new
HostnameVerifier field. Will docker allow that?
I'm not sure you have seen my latest commit with moving Mendelson connection
settings to a property file as per @davsclaus 's comment. Now a person needs to
turn on 2 "knobs" to connect to Mendelson:
- remove/comment @Disabled annotation
- explicitly set Mendelson hostname in the properties.
Please let me know if the latest commit mitigates or even eliminates your
concerns. If it dosen't, I will remove all Mendelson-related stuff.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1180439445
##
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain,
private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
I still hope to get more comments from other maintainers and contributors,
I'm not in a rush. I think we need to calm down and don't take this PR personal.
I can agree that the test class's name for mendelson should be appended with
"ManualTest" and not "IT" like now. But I don't understand why I should deliver
a semi-prepared test class with a dependency on env variables instead of fully
operational and friendly self-sustainable test class which matches all its
requirements. Why a person would need to create env vars on his/her machine?
They may intersect with existing vars, he/she may forget to remove them after
all. That's an invasive approach.
I have another example for ManualTest class:
https://github.com/apache/camel/blob/main/components/camel-cometd/src/test/java/org/apache/camel/component/cometd/CometdProducerConsumerInteractiveAuthenticatedManualTest.java
Lines 73-74 were last edited by you (I don't say that you were the initial
author). And in these lines the test class reads a keystore file from a similar
resource folder jsse palced in test section of the sources. The test class
CometdProducerConsumerInteractiveAuthenticatedManualTest isn't environment
aware. All the config variables are part of the test class. Why is it OK to
have it like this?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178071245
##
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain,
private key, ssl context
+ */
+public class MendelsonCertLoader {
Review Comment:
I'm not sure that the requested changes are in the scope of the ticket
CAMEL-17946. Maybe we need another ticket like "Provide versatile testing
harness for AS2 component".
Let me explain the situation. All the Mendelson-related classes are in the
test folder, they aren't part of AS2 JAR artifact. My idea was to provide a
basic mechanism so that interested persons can verify my results for HTTPS AS2
connection - scientific approach. I din't aim to provide a versatile mechanism.
Mendelson is almost the only public resource for testing, it was mentioned in
https://github.com/apache/camel/pull/8896 and not by me. It doesn't bring
something proprietary into the code base.
Important facts about Mendelson resource. It provides concrete type of
private key and keystore. And its certificate chain is degenerated - consists
of the only certificate. Furthermore, the same certificate chain is used for
encryption and signing.
The only Mendelson test method is @Disabled by default.
It is important to test AS2 connection to non-localhost server due to it's
the only way to test the behaviour of the new config param HostnameVerifier.
One other PRO: it was difficult to construct SSLContext from scratch for me.
If I could choose, I would prefer to have real-life code examples in the code
base.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178067394
##
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain,
private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+private static final String MENDELSON_CERT = "mendelson/key4.cer";
+private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+private final List chainAsList = new ArrayList<>();
+
+private PrivateKey privateKey;
+private SSLContext sslContext;
+
+public void setupSslContext() {
+try {
+InputStream mendelsonPrivateKeyAsStream =
getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+.loadTrustMaterial(keyStore, new TrustAllStrategy())
+.build();
+} catch (KeyStoreException e) {
+e.printStackTrace();
+} catch (KeyManagementException e) {
+e.printStackTrace();
+} catch (IOException e) {
+e.printStackTrace();
+} catch (NoSuchAlgorithmException e) {
+e.printStackTrace();
+}
+
+if (sslContext == null) {
+throw new IllegalStateException("failed to configure SSL context");
+}
+}
+
+private KeyStore getKeyStore(InputStream inputStream) throws IOException,
NoSuchAlgorithmException {
+String password = "test";
+KeyStore ks;
+try {
+ks = KeyStore.getInstance("PKCS12");
+ks.load(inputStream, password.toCharArray());
+return ks;
+} catch (KeyStoreException e) {
+e.printStackTrace();
+} catch (CertificateException e) {
+e.printStackTrace();
+}
+throw new IllegalStateException("about to return null");
+}
+
+public void setupCertificateChain() {
+
+InputStream mendelsonCertAsStream =
getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+if (mendelsonCertAsStream == null) {
+//LOG.error("Couldn't read out client certificate as stream.");
+throw new IllegalStateException("Couldn't read out certificate as
stream.");
+}
+
+InputStream mendelsonPrivateKeyAsStream =
getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+if (mendelsonPrivateKeyAsStream == null) {
+//LOG.error("Couldn't read out private key as stream.");
+throw new IllegalStateException("Couldn't read out key storage as
stream.");
+}
+
+try {
+Certificate mendelsonCert =
getCertificateFromStream(mendelsonCertAsStream);
+chainAsList.add(mendelsonCert);
+
+//private key
+privateKey =
getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+} catch (IOException e) {
+String errMsg = "Error while trying to load certificate to the
keyload. IO error when reading a byte array. " + e;
+System.out.println(errMsg);
+} catch (NoSuchAlgorithmException e) {
+String errMsg = "Error while trying to load certificate to the
keyload. Requested algorithm isn't found. " + e;
+System.out.println(errMsg);
+} catch (CertificateException e) {
+String errMsg = "Error while trying to load certificate to the
keyload. There is a certificate problem. " + e;
+System.out.println(errMsg);
+} catch (InvalidKeySpecException e) {
+String errMsg = "Can not init private key store " + e;
+System.out.println(errMsg);
+}
+}
+
+public SSLContext getSslContext() {
+return sslContext;
+}
+
+public Certificate[] getChain() {
+if (chainAsList.size() > 0) {
+Certificate[] arrayCert = new Certificate[chainA
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178066521
##
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonSslEndpointIT.java:
##
@@ -0,0 +1,132 @@
+package org.apache.camel.component.as2;
+
+import java.nio.charset.Charset;
+
+import javax.net.ssl.HostnameVerifier;
+
+import org.apache.camel.CamelContext;
+import org.apache.camel.Exchange;
+import org.apache.camel.component.as2.api.AS2EncryptionAlgorithm;
+import org.apache.camel.component.as2.api.AS2MessageStructure;
+import org.apache.camel.component.as2.api.AS2SignatureAlgorithm;
+import org.apache.camel.component.as2.internal.AS2ApiName;
+import org.apache.camel.impl.DefaultCamelContext;
+import org.apache.http.conn.ssl.NoopHostnameVerifier;
+import org.junit.jupiter.api.Assertions;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ * Test class for testing connection to a public 3rd party AS2 server
Mendelson. This class gives more info for
+ * camel-as2 connectivity to a remote server compared to HTTPS connection to
localhost server. Eventually test method(s)
+ * will be committed with @Disabled annotation due to they can fail because
the mendelson server goes offline or the
+ * certificate expires. I assume we don't want a build to fail because of such
3rd party connectivity dependency.
+ * Mendelson page: http://mendelson-e-c.com/as2_testserver
+ */
+public class MendelsonSslEndpointIT extends AbstractAS2ITSupport {
+
+private static final Logger LOG =
LoggerFactory.getLogger(MendelsonSslEndpointIT.class);
+private MendelsonCertLoader mendelsonCertLoader;
+private static HostnameVerifier hostnameVerifier;
+
+private static final String[] SIGNED_RECEIPT_MIC_ALGORITHMS = new String[]
{ "sha1", "md5" };
+
+private static final String EDI_MESSAGE =
"UNB+UNOA:1+005435656:1+006415160:1+060515:1434+000778'\n"
+ +
"UNH+000117+INVOIC:D:97B:UN'\n"
+ + "BGM+380+342459+9'\n"
+ + "DTM+3:20060515:102'\n"
+ + "RFF+ON:521052'\n"
+ + "NAD+BY+792820524::16++CUMMINS
MID-RANGE ENGINE PLANT'\n"
+ + "NAD+SE+005435656::16++GENERAL
WIDGET COMPANY'\n"
+ + "CUX+1:USD'\n"
+ + "LIN+1++157870:IN'\n"
+ + "IMD+F++:::WIDGET'\n"
+ + "QTY+47:1020:EA'\n"
+ + "ALI+US'\n"
+ + "MOA+203:1202.58'\n"
+ + "PRI+INV:1.179'\n"
+ + "LIN+2++157871:IN'\n"
+ + "IMD+F++:::Message from Camel
AS2 via HTTPS'\n"
+ + "QTY+47:20:EA'\n"
+ + "ALI+JP'\n"
+ + "MOA+203:410'\n"
+ + "PRI+INV:20.5'\n"
+ + "UNS+S'\n"
+ + "MOA+39:2137.58'\n"
+ + "ALC+C+ABG'\n"
+ + "MOA+8:525'\n"
+ + "UNT+23+000117'\n"
+ + "UNZ+1+000778'\n";
+
+@BeforeAll
+public void setupTest() {
+hostnameVerifier = new NoopHostnameVerifier();
+mendelsonCertLoader = new MendelsonCertLoader();
+mendelsonCertLoader.setupCertificateChain();
+mendelsonCertLoader.setupSslContext();
+}
+
+@Disabled
+@Test
+public void testCreateEndpointAndSendViaHTTPS() throws Exception {
+CamelContext camelContext = new DefaultCamelContext();
+camelContext.start();
+
+org.apache.http.entity.ContentType contentTypeEdifact
+=
org.apache.http.entity.ContentType.create("application/edifact", (Charset)
null);
+
+String methodName = "send";
+AS2ApiName as2ApiNameClient = AS2ApiName.CLIENT;
+
+AS2Configuration endpointConfiguration = new AS2Configuration();
+endpointConfiguration.setApiName(as2ApiNameClient);
+endpointConfiguration.setMethodName(methodName);
+endpointConfiguration.setRequestUri("/as2/HttpReceiver");
+
endpointConfiguration.setSignedReceiptMicAlgorithms(SIGNED_RECEIPT_MIC_ALGORITHMS);
+
+
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939:
URL: https://github.com/apache/camel/pull/9939#discussion_r1178067125
##
components/camel-as2/camel-as2-component/src/test/java/org/apache/camel/component/as2/MendelsonCertLoader.java:
##
@@ -0,0 +1,183 @@
+package org.apache.camel.component.as2;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.spec.InvalidKeySpecException;
+import java.util.ArrayList;
+import java.util.Base64;
+import java.util.List;
+
+import javax.net.ssl.SSLContext;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.ssl.SSLContexts;
+
+/**
+ * That's a utility class for preparing Mendelson-specific certificate chain,
private key, ssl context
+ */
+public class MendelsonCertLoader {
+
+private static final String MENDELSON_CERT = "mendelson/key4.cer";
+private static final String MENDELSON_PRIVATE_KEY = "mendelson/key3.pfx";
+
+private final List chainAsList = new ArrayList<>();
+
+private PrivateKey privateKey;
+private SSLContext sslContext;
+
+public void setupSslContext() {
+try {
+InputStream mendelsonPrivateKeyAsStream =
getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+KeyStore keyStore = getKeyStore(mendelsonPrivateKeyAsStream);
+sslContext = SSLContexts.custom().setKeyStoreType("PKCS12")
+.loadTrustMaterial(keyStore, new TrustAllStrategy())
+.build();
+} catch (KeyStoreException e) {
+e.printStackTrace();
+} catch (KeyManagementException e) {
+e.printStackTrace();
+} catch (IOException e) {
+e.printStackTrace();
+} catch (NoSuchAlgorithmException e) {
+e.printStackTrace();
+}
+
+if (sslContext == null) {
+throw new IllegalStateException("failed to configure SSL context");
+}
+}
+
+private KeyStore getKeyStore(InputStream inputStream) throws IOException,
NoSuchAlgorithmException {
+String password = "test";
+KeyStore ks;
+try {
+ks = KeyStore.getInstance("PKCS12");
+ks.load(inputStream, password.toCharArray());
+return ks;
+} catch (KeyStoreException e) {
+e.printStackTrace();
+} catch (CertificateException e) {
+e.printStackTrace();
+}
+throw new IllegalStateException("about to return null");
+}
+
+public void setupCertificateChain() {
+
+InputStream mendelsonCertAsStream =
getClass().getClassLoader().getResourceAsStream(MENDELSON_CERT);
+if (mendelsonCertAsStream == null) {
+//LOG.error("Couldn't read out client certificate as stream.");
+throw new IllegalStateException("Couldn't read out certificate as
stream.");
+}
+
+InputStream mendelsonPrivateKeyAsStream =
getClass().getClassLoader().getResourceAsStream(MENDELSON_PRIVATE_KEY);
+if (mendelsonPrivateKeyAsStream == null) {
+//LOG.error("Couldn't read out private key as stream.");
+throw new IllegalStateException("Couldn't read out key storage as
stream.");
+}
+
+try {
+Certificate mendelsonCert =
getCertificateFromStream(mendelsonCertAsStream);
+chainAsList.add(mendelsonCert);
+
+//private key
+privateKey =
getPrivateKeyFromPKCSStream(mendelsonPrivateKeyAsStream);
+
+} catch (IOException e) {
+String errMsg = "Error while trying to load certificate to the
keyload. IO error when reading a byte array. " + e;
+System.out.println(errMsg);
+} catch (NoSuchAlgorithmException e) {
+String errMsg = "Error while trying to load certificate to the
keyload. Requested algorithm isn't found. " + e;
+System.out.println(errMsg);
+} catch (CertificateException e) {
+String errMsg = "Error while trying to load certificate to the
keyload. There is a certificate problem. " + e;
+System.out.println(errMsg);
+} catch (InvalidKeySpecException e) {
+String errMsg = "Can not init private key store " + e;
+System.out.println(errMsg);
+}
+}
+
+public SSLContext getSslContext() {
+return sslContext;
+}
+
+public Certificate[] getChain() {
+if (chainAsList.size() > 0) {
+Certificate[] arrayCert = new Certificate[chainA
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939: URL: https://github.com/apache/camel/pull/9939#discussion_r1178042338 ## components/camel-as2/camel-as2-component/pom.xml: ## @@ -64,6 +64,12 @@ camel-jetty test + +commons-io +commons-io +2.10.0 +test + Review Comment: Will stick to 2.11.0 from the camel-parent POM -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [camel] dk2k commented on a diff in pull request #9939: CAMEL-17946 Introducing HTTPS support for AS2 component
dk2k commented on code in PR #9939: URL: https://github.com/apache/camel/pull/9939#discussion_r1178040863 ## components/camel-as2/camel-as2-component/src/test/resources/mendelson/key4.cer: ## @@ -0,0 +1,21 @@ +-BEGIN CERTIFICATE- Review Comment: I don't think having Mendelson certificates (provided by this resource and saved as is) in a separate folder is an issue. The similar folder jsse with the certificates got approved in https://github.com/apache/camel/pull/8896 as I can see. The both folders never leak into the AS2 artifact. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
