Setting CXF TLSClientParameters programmatically

Wed, 04 Jan 2012 11:40:44 -0800 

As of Camel 2.9.0 I can write:

Map<String, Object> cxfProperties = new HashMap<String, Object>();
cxfProperties.put(AuthorizationPolicy.class.getName(), policy);
cxfEndpoint.setProperties(cxfProperties);

Is there a similar way to set the TLSClientParameters? I would like to
set them e.g. from the usual system properties
javax.net.ssl.keyStoreType, etc. which are not honored by the default
HTTP Conduit (why?).

In CXF I can write the following, but I couldn't find a Camel equivalent:
JaxWsClientFactoryBean factory = new JaxWsClientFactoryBean();
...
proxy = factory.create();
HTTPConduit conduit = (HTTPConduit) proxy.getConduit();
TLSClientParameters tcp = new TLSClientParameters();
tcp.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
tcp.setUseHttpsURLConnectionDefaultSslSocketFactory(true);
conduit.setTlsClientParameters(tcp);


I found a workaround as follows, but it is quite complicated. Also,
the CXF conduit wildcard (name="*.http-conduit") doesn't work.

context = new SpringCamelContext(new
ClassPathXmlApplicationContext("/camel-ssl.xml"));
context.addRoutes(...)

camel-ssl.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xmlns:http="http://cxf.apache.org/transports/http/configuration";
        xmlns:sec="http://cxf.apache.org/configuration/security";
xmlns:jaxws="http://java.sun.com/xml/ns/jaxws";
        xsi:schemaLocation="
       http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
      http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
       http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
">

        <bean 
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
                <property name="properties">
                        <props>
                                <prop
key="javax.net.ssl.trustStoreType">JKS</prop>
                                <prop
key="javax.net.ssl.keyStoreType">JKS</prop>
                                <prop
key="javax.net.ssl.keyStorePassword">changeit</prop>
                        </props>
                </property>
                <property name="systemPropertiesModeName">
                        <value>SYSTEM_PROPERTIES_MODE_OVERRIDE</value>
                </property>
        </bean>

        <http:conduit id="myHttpConduit" name="{myNs}myPort.http-conduit">
                <http:tlsClientParameters>
                        <sec:keyManagers
keyPassword="${javax.net.ssl.keyStorePassword}">
                                <sec:keyStore
type="${javax.net.ssl.keyStoreType}"
password="${javax.net.ssl.keyStorePassword}"
file="${javax.net.ssl.keyStore}" />
                        </sec:keyManagers>
                        <sec:trustManagers>
                                <sec:keyStore
type="${javax.net.ssl.trustStoreType}"
file="${javax.net.ssl.trustStore}" />
                        </sec:trustManagers>
                </http:tlsClientParameters>
        </http:conduit>
</beans>

Thanks in advance for your advice.

Reply via email to