Tim Kaczynski created CAMEL-15729:
-------------------------------------
Summary: Graphql integration does not allow for TLS using private
CAs
Key: CAMEL-15729
URL: https://issues.apache.org/jira/browse/CAMEL-15729
Project: Camel
Issue Type: New Feature
Components: camel-graphql
Affects Versions: 3.6.0
Environment: OCP 4.5 on X using Apache Camel Operator 1.2.0, but other
environments apply as well.
Reporter: Tim Kaczynski
This enhancement request was generated from a question on zulipchat:
[https://camel.zulipchat.com/#narrow/stream/257298-camel/topic/Adding.20a.20trustStore.20for.20graphql/near/213944005]
We are writing an integration that needs to produce messages to a graphql
server. The graphql server is using TLS and its certificate was generated by
an internal CA. There does not appear to be a way to provide a trust store to
the graphql producer, like there is for say the Kafka integrations.
Connections to graphql fail due to the inability to build a trusted certificate
chain.
Possible non-trivial solutions include assuming the graphql integration is
using the apache HTTP client, and setting up a new protocol that uses a custom
trust store. Also (using camel-k) using the JVM taint to alter the JSSE
configuration / java properties, adding a trust store containing the CA.
However both of these solutions require assumptions about the implementation
that may not always be true (and we have not tested them yet). Could also use
the HTTP[4] integration directly to talk to graphql but this requires coding
the REST request manually.
If there were a parameter on the graphql integration where we could input a
trust store, type, and password, that would be an ideal solution. Or perhaps
some other way of modifying the default trust store using camel-k (this would
benefit all integrations).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
