Hi
I created a ticket
https://issues.apache.org/jira/browse/CAMEL-20549
On Mon, Mar 11, 2024 at 1:20 PM Claus Ibsen <claus.ib...@gmail.com> wrote:
> Hi
>
>
> Thanks for reporting. You are welcome to create a JIRA so we can fix this
> little bug.
> We need to make Camel pass in that value as upper case so it can match the
> PEM equals
>
>
>
> On Mon, Mar 11, 2024 at 12:13 PM Modanese, Riccardo
> <riccardo.modan...@eurotech.com.invalid> wrote:
>
>> Hi guys,
>>
>> I have a question about Kafka routes and security.
>> I’m worried about injection (like what can be done in sql or http I mean)
>> through “url options” parameters value (especially for those enclosed
>> between RAW() such as truststore/keystore password or jaas config).
>>
>> Is my concern valid or is completely without any fundament or there is
>> anyway a check and sanitization done by Camel (I saw while debugging that
>> Camel-Kafka endpoint parses the parameters to create an option object to
>> pass down to the Kafka-client so I’m wondering if this parsing will
>> sanitize values also).
>>
>> Thanks!
>>
>> P.S. I think I discovered a possible issue while trying to set truststore
>> in PEM format.
>> I’m using Camel 3.21 (Kafka-client is 3.4.1).
>> I generated keys and certificates in PEM format and they worked fine if
>> used to setup a Kafka-client (same version imported by Camel-Kafka endpoint)
>> Since wasn’t working from the route I debugged the route startup and I
>> discovered that, even if the truststoreType was set as PEM (uppercase) the
>> value that come to the lower level (the Kakfa-client ssl initialization I
>> mean) was lowercase (pem) and then failed to match this check
>> (DefaultSslEngineFactory):
>>
>>
>> private static SecurityStore createTruststore(String type, String path,
>> Password password, Password trustStoreCerts) {
>>
>> if (trustStoreCerts != null) {
>>
>> if (!PEM_TYPE.equals(type))
>>
>> throw new InvalidConfigurationException("SSL trust store
>> certs can be specified only for PEM, but trust store type is " + type +
>> ".");
>>
>> else if (path != null)
>>
>> throw new InvalidConfigurationException("Both SSL trust
>> store location and separate trust certificates are specified.");
>>
>> else if (password != null)
>>
>> throw new InvalidConfigurationException("SSL trust store
>> password cannot be specified for PEM format.");
>>
>> else
>>
>> return new PemStore(trustStoreCerts);
>>
>> } else if (PEM_TYPE.equals(type) && path != null) {
>>
>> if (password != null)
>>
>> throw new InvalidConfigurationException("SSL trust store
>> password cannot be specified for PEM format.");
>>
>> else
>>
>> return new FileBasedPemStore(path, null, false);
>>
>> } else if (path == null && password != null) {
>>
>> throw new InvalidConfigurationException("SSL trust store is
>> not specified, but trust store password is specified.");
>>
>> } else if (path != null) {
>>
>> return new FileBasedStore(type, path, password, null, false);
>>
>> } else
>>
>> return null;
>>
>> }
>>
>>
>> As result the truststore was not set and my Kafka-client wasn’t able to
>> connect to the Kafka server.
>> I tried to change the at debug time, on the fly while entering this
>> method, the type from “pem” to “PEM” and it worked fine.
>>
>> Am doing something wrong?
>>
>>
>> Regards,
>> Riccardo Modanese
>>
>
>
> --
> Claus Ibsen
> -----------------
> @davsclaus
> Camel in Action 2: https://www.manning.com/ibsen2
>
--
Claus Ibsen
-----------------
@davsclaus
Camel in Action 2: https://www.manning.com/ibsen2
