Hi I created a ticket https://issues.apache.org/jira/browse/CAMEL-20549
On Mon, Mar 11, 2024 at 1:20 PM Claus Ibsen <claus.ib...@gmail.com> wrote: > Hi > > > Thanks for reporting. You are welcome to create a JIRA so we can fix this > little bug. > We need to make Camel pass in that value as upper case so it can match the > PEM equals > > > > On Mon, Mar 11, 2024 at 12:13 PM Modanese, Riccardo > <riccardo.modan...@eurotech.com.invalid> wrote: > >> Hi guys, >> >> I have a question about Kafka routes and security. >> I’m worried about injection (like what can be done in sql or http I mean) >> through “url options” parameters value (especially for those enclosed >> between RAW() such as truststore/keystore password or jaas config). >> >> Is my concern valid or is completely without any fundament or there is >> anyway a check and sanitization done by Camel (I saw while debugging that >> Camel-Kafka endpoint parses the parameters to create an option object to >> pass down to the Kafka-client so I’m wondering if this parsing will >> sanitize values also). >> >> Thanks! >> >> P.S. I think I discovered a possible issue while trying to set truststore >> in PEM format. >> I’m using Camel 3.21 (Kafka-client is 3.4.1). >> I generated keys and certificates in PEM format and they worked fine if >> used to setup a Kafka-client (same version imported by Camel-Kafka endpoint) >> Since wasn’t working from the route I debugged the route startup and I >> discovered that, even if the truststoreType was set as PEM (uppercase) the >> value that come to the lower level (the Kakfa-client ssl initialization I >> mean) was lowercase (pem) and then failed to match this check >> (DefaultSslEngineFactory): >> >> >> private static SecurityStore createTruststore(String type, String path, >> Password password, Password trustStoreCerts) { >> >> if (trustStoreCerts != null) { >> >> if (!PEM_TYPE.equals(type)) >> >> throw new InvalidConfigurationException("SSL trust store >> certs can be specified only for PEM, but trust store type is " + type + >> "."); >> >> else if (path != null) >> >> throw new InvalidConfigurationException("Both SSL trust >> store location and separate trust certificates are specified."); >> >> else if (password != null) >> >> throw new InvalidConfigurationException("SSL trust store >> password cannot be specified for PEM format."); >> >> else >> >> return new PemStore(trustStoreCerts); >> >> } else if (PEM_TYPE.equals(type) && path != null) { >> >> if (password != null) >> >> throw new InvalidConfigurationException("SSL trust store >> password cannot be specified for PEM format."); >> >> else >> >> return new FileBasedPemStore(path, null, false); >> >> } else if (path == null && password != null) { >> >> throw new InvalidConfigurationException("SSL trust store is >> not specified, but trust store password is specified."); >> >> } else if (path != null) { >> >> return new FileBasedStore(type, path, password, null, false); >> >> } else >> >> return null; >> >> } >> >> >> As result the truststore was not set and my Kafka-client wasn’t able to >> connect to the Kafka server. >> I tried to change the at debug time, on the fly while entering this >> method, the type from “pem” to “PEM” and it worked fine. >> >> Am doing something wrong? >> >> >> Regards, >> Riccardo Modanese >> > > > -- > Claus Ibsen > ----------------- > @davsclaus > Camel in Action 2: https://www.manning.com/ibsen2 > -- Claus Ibsen ----------------- @davsclaus Camel in Action 2: https://www.manning.com/ibsen2