I recently did something very similar (not with websocket, instead with
netty4-http though). However looking at websocket docs, its very much
similar. You'll have to use sslContextParameters endpoint option to
specify the contextparameter. In my case I created it as a (spring) bean
and provided the bean name in this parameter. The way I created this
bean is following:
public SSLContextParameters myMutualAuthParams() {
// setup keystore having public/private key.
// This can be used as trust store (for trusting external certs)
// and/or can be used for our own certificate for mutual certauth
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource("/ssl/clientcert.pfx"); // classpath resource
ksp.setPassword("pfxpassword"); // change as per your setup
ksp.setType("pkcs12");
// supply private key pass that shall be used for mutual auth
KeyManagersParameters pkParams = new KeyManagersParameters();
pkParams.setKeyPassword("pfxpassword"); // change as per your setup
pkParams.setKeyStore(ksp);
SSLContextParameters scp = new SSLContextParameters();
scp.setKeyManagers(pkParams);
// this is NOT needed for pkcs12 but you may need it for
// jks keystore types having multiple private keys
// scp.setCertAlias("");
// this SSLContextParameters will use JRE default keystore
// for trusting incoming certificates
// If you want to override trust store, use following:
// TrustManagersParameters tmp = new TrustManagersParameters();
// tmp.setKeyStore(ksp);
// scp.setTrustManagers(tmp);
// Ofcourse you can use *NEW* KeyStoreParameters as your TrustManager
// with this SSLContextParameters
return scp;
}
Hope it saves time for someone as I ended up spending more than a day to
get it right after going through docs again and again and trying hit and
trials before I get it right.
Thanks,
*Avnish Pundir*
On 13-12-2016 23:00, Zoran Regvart wrote:
Hi Mark,
there is the `clientAuthentication` parameter in `serverParameters` of
`SSLContextParameters` that you can set to `REQUIRE`. I wager adding
SSLContextParameters instance to registry and referencing in the
component/endpoint configuration should do the trick.
zoran
[1]http://camel.apache.org/camel-configuration-utilities.html#CamelConfigurationUtilities-SSLContextServerParameters
On Tue, Dec 13, 2016 at 6:24 PM, Mark <elihusma...@gmail.com> wrote:
I have a requirement for mutually-authenticated SSL with a websocket. Does
the Camel-Websocket component support this functionality? According to the
camel websocket page, the SSL params are for consumers only which makes me
think that 2-way SSL isn't supported.
Cheers,
Mark
--
------------------------------
Disclaimer: The information contained in this communication is
confidential, private, proprietary, or otherwise privileged and is intended
only for the use of the addressee.Unauthorized use, disclosure,
distribution or copying is strictly prohibited and may be unlawful. If you
have received this communication in error, please delete this message and
notify the sender immediately - Samin TekMindz India Pvt.Ltd.
------------------------------
