This is an automated email from the ASF dual-hosted git repository.
davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new 18e42ecfc23 CAMEL-18146: camel-kafka - Use sslEndpointAlgorithm=none
to disable hostname server certificate validation. Thanks to Jake Mehring for
reporting and PR.
18e42ecfc23 is described below
commit 18e42ecfc237c1853fbc3d149ea4689fbbd261aa
Author: Claus Ibsen <[email protected]>
AuthorDate: Tue May 31 19:23:31 2022 +0200
CAMEL-18146: camel-kafka - Use sslEndpointAlgorithm=none to disable
hostname server certificate validation. Thanks to Jake Mehring for reporting
and PR.
---
.../org/apache/camel/catalog/components/kafka.json | 4 ++--
.../resources/org/apache/camel/component/kafka/kafka.json | 4 ++--
.../apache/camel/component/kafka/KafkaConfiguration.java | 13 ++++++++++---
.../builder/component/dsl/KafkaComponentBuilderFactory.java | 3 ++-
.../builder/endpoint/dsl/KafkaEndpointBuilderFactory.java | 9 ++++++---
5 files changed, 22 insertions(+), 11 deletions(-)
diff --git
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/kafka.json
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/kafka.json
index be82bd5e038..f629a2e454c 100644
---
a/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/kafka.json
+++
b/catalog/camel-catalog/src/generated/resources/org/apache/camel/catalog/components/kafka.json
@@ -116,7 +116,7 @@
"sslCipherSuites": { "kind": "property", "displayName": "Ssl Cipher
Suites", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "A list of cipher suites. This is a named
combination of authentication, encryption, MAC and key exchang [...]
"sslContextParameters": { "kind": "property", "displayName": "Ssl Context
Parameters", "group": "security", "label": "common,security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "SSL configuration using a Camel
SSLContextParameters object [...]
"sslEnabledProtocols": { "kind": "property", "displayName": "Ssl Enabled
Protocols", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The list of protocols enabled for SSL
connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by de [...]
- "sslEndpointAlgorithm": { "kind": "property", "displayName": "Ssl Endpoint
Algorithm", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "https",
"configurationClass": "org.apache.camel.component.kafka.KafkaConfiguration",
"configurationField": "configuration", "description": "The endpoint
identification algorithm to validate server hostname us [...]
+ "sslEndpointAlgorithm": { "kind": "property", "displayName": "Ssl Endpoint
Algorithm", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "https",
"configurationClass": "org.apache.camel.component.kafka.KafkaConfiguration",
"configurationField": "configuration", "description": "The endpoint
identification algorithm to validate server hostname us [...]
"sslKeymanagerAlgorithm": { "kind": "property", "displayName": "Ssl
Keymanager Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"SunX509", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The algorithm used by key manager factory for
SSL connections. [...]
"sslKeyPassword": { "kind": "property", "displayName": "Ssl Key Password",
"group": "security", "label": "common,security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": true, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The password of the private key in the key
store file. This is optional for client." },
"sslKeystoreLocation": { "kind": "property", "displayName": "Ssl Keystore
Location", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The location of the key store file. This is
optional for client and can be used for two-way aut [...]
@@ -236,7 +236,7 @@
"sslCipherSuites": { "kind": "parameter", "displayName": "Ssl Cipher
Suites", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "A list of cipher suites. This is a named
combination of authentication, encryption, MAC and key exchan [...]
"sslContextParameters": { "kind": "parameter", "displayName": "Ssl Context
Parameters", "group": "security", "label": "common,security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "SSL configuration using a Camel
SSLContextParameters objec [...]
"sslEnabledProtocols": { "kind": "parameter", "displayName": "Ssl Enabled
Protocols", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The list of protocols enabled for SSL
connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by d [...]
- "sslEndpointAlgorithm": { "kind": "parameter", "displayName": "Ssl
Endpoint Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"https", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The endpoint identification algorithm to
validate server hostname u [...]
+ "sslEndpointAlgorithm": { "kind": "parameter", "displayName": "Ssl
Endpoint Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"https", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The endpoint identification algorithm to
validate server hostname u [...]
"sslKeymanagerAlgorithm": { "kind": "parameter", "displayName": "Ssl
Keymanager Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"SunX509", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The algorithm used by key manager factory for
SSL connections [...]
"sslKeyPassword": { "kind": "parameter", "displayName": "Ssl Key
Password", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": true, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The password of the private key in the key
store file. This is optional for client." },
"sslKeystoreLocation": { "kind": "parameter", "displayName": "Ssl Keystore
Location", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The location of the key store file. This is
optional for client and can be used for two-way au [...]
diff --git
a/components/camel-kafka/src/generated/resources/org/apache/camel/component/kafka/kafka.json
b/components/camel-kafka/src/generated/resources/org/apache/camel/component/kafka/kafka.json
index be82bd5e038..f629a2e454c 100644
---
a/components/camel-kafka/src/generated/resources/org/apache/camel/component/kafka/kafka.json
+++
b/components/camel-kafka/src/generated/resources/org/apache/camel/component/kafka/kafka.json
@@ -116,7 +116,7 @@
"sslCipherSuites": { "kind": "property", "displayName": "Ssl Cipher
Suites", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "A list of cipher suites. This is a named
combination of authentication, encryption, MAC and key exchang [...]
"sslContextParameters": { "kind": "property", "displayName": "Ssl Context
Parameters", "group": "security", "label": "common,security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "SSL configuration using a Camel
SSLContextParameters object [...]
"sslEnabledProtocols": { "kind": "property", "displayName": "Ssl Enabled
Protocols", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The list of protocols enabled for SSL
connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by de [...]
- "sslEndpointAlgorithm": { "kind": "property", "displayName": "Ssl Endpoint
Algorithm", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "https",
"configurationClass": "org.apache.camel.component.kafka.KafkaConfiguration",
"configurationField": "configuration", "description": "The endpoint
identification algorithm to validate server hostname us [...]
+ "sslEndpointAlgorithm": { "kind": "property", "displayName": "Ssl Endpoint
Algorithm", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "defaultValue": "https",
"configurationClass": "org.apache.camel.component.kafka.KafkaConfiguration",
"configurationField": "configuration", "description": "The endpoint
identification algorithm to validate server hostname us [...]
"sslKeymanagerAlgorithm": { "kind": "property", "displayName": "Ssl
Keymanager Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"SunX509", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The algorithm used by key manager factory for
SSL connections. [...]
"sslKeyPassword": { "kind": "property", "displayName": "Ssl Key Password",
"group": "security", "label": "common,security", "required": false, "type":
"string", "javaType": "java.lang.String", "deprecated": false, "autowired":
false, "secret": true, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The password of the private key in the key
store file. This is optional for client." },
"sslKeystoreLocation": { "kind": "property", "displayName": "Ssl Keystore
Location", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The location of the key store file. This is
optional for client and can be used for two-way aut [...]
@@ -236,7 +236,7 @@
"sslCipherSuites": { "kind": "parameter", "displayName": "Ssl Cipher
Suites", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "A list of cipher suites. This is a named
combination of authentication, encryption, MAC and key exchan [...]
"sslContextParameters": { "kind": "parameter", "displayName": "Ssl Context
Parameters", "group": "security", "label": "common,security", "required":
false, "type": "object", "javaType":
"org.apache.camel.support.jsse.SSLContextParameters", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "SSL configuration using a Camel
SSLContextParameters objec [...]
"sslEnabledProtocols": { "kind": "parameter", "displayName": "Ssl Enabled
Protocols", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The list of protocols enabled for SSL
connections. TLSv1.2, TLSv1.1 and TLSv1 are enabled by d [...]
- "sslEndpointAlgorithm": { "kind": "parameter", "displayName": "Ssl
Endpoint Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"https", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The endpoint identification algorithm to
validate server hostname u [...]
+ "sslEndpointAlgorithm": { "kind": "parameter", "displayName": "Ssl
Endpoint Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"https", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The endpoint identification algorithm to
validate server hostname u [...]
"sslKeymanagerAlgorithm": { "kind": "parameter", "displayName": "Ssl
Keymanager Algorithm", "group": "security", "label": "common,security",
"required": false, "type": "string", "javaType": "java.lang.String",
"deprecated": false, "autowired": false, "secret": false, "defaultValue":
"SunX509", "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The algorithm used by key manager factory for
SSL connections [...]
"sslKeyPassword": { "kind": "parameter", "displayName": "Ssl Key
Password", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": true, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The password of the private key in the key
store file. This is optional for client." },
"sslKeystoreLocation": { "kind": "parameter", "displayName": "Ssl Keystore
Location", "group": "security", "label": "common,security", "required": false,
"type": "string", "javaType": "java.lang.String", "deprecated": false,
"autowired": false, "secret": false, "configurationClass":
"org.apache.camel.component.kafka.KafkaConfiguration", "configurationField":
"configuration", "description": "The location of the key store file. This is
optional for client and can be used for two-way au [...]
diff --git
a/components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaConfiguration.java
b/components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaConfiguration.java
index 7211084f567..7d2f326630b 100644
---
a/components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaConfiguration.java
+++
b/components/camel-kafka/src/main/java/org/apache/camel/component/kafka/KafkaConfiguration.java
@@ -433,7 +433,10 @@ public class KafkaConfiguration implements Cloneable,
HeaderFilterStrategyAware
addPropertyIfNotEmpty(props, SslConfigs.SSL_PROVIDER_CONFIG,
getSslProvider());
addPropertyIfNotEmpty(props,
SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, getSslTruststoreType());
addPropertyIfNotEmpty(props, SslConfigs.SSL_CIPHER_SUITES_CONFIG,
getSslCipherSuites());
- addPropertyIfNotEmpty(props,
SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG,
getSslEndpointAlgorithm());
+ String algo = getSslEndpointAlgorithm();
+ if (algo != null && !algo.equals("none") && !algo.equals("false"))
{
+ addPropertyIfNotNull(props,
SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, algo);
+ }
addPropertyIfNotEmpty(props,
SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG, getSslKeymanagerAlgorithm());
addPropertyIfNotEmpty(props,
SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG, getSslTrustmanagerAlgorithm());
}
@@ -509,7 +512,10 @@ public class KafkaConfiguration implements Cloneable,
HeaderFilterStrategyAware
addPropertyIfNotEmpty(props,
SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG, getSslTruststoreLocation());
addPropertyIfNotEmpty(props,
SslConfigs.SSL_TRUSTSTORE_PASSWORD_CONFIG, getSslTruststorePassword());
addPropertyIfNotEmpty(props, SslConfigs.SSL_CIPHER_SUITES_CONFIG,
getSslCipherSuites());
- addPropertyIfNotEmpty(props,
SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG,
getSslEndpointAlgorithm());
+ String algo = getSslEndpointAlgorithm();
+ if (algo != null && !algo.equals("none") && !algo.equals("false"))
{
+ addPropertyIfNotNull(props,
SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, algo);
+ }
addPropertyIfNotEmpty(props,
SslConfigs.SSL_KEYMANAGER_ALGORITHM_CONFIG, getSslKeymanagerAlgorithm());
addPropertyIfNotEmpty(props,
SslConfigs.SSL_TRUSTMANAGER_ALGORITHM_CONFIG, getSslTrustmanagerAlgorithm());
addPropertyIfNotEmpty(props,
SslConfigs.SSL_ENABLED_PROTOCOLS_CONFIG, getSslEnabledProtocols());
@@ -582,7 +588,7 @@ public class KafkaConfiguration implements Cloneable,
HeaderFilterStrategyAware
}
private static <T> void addPropertyIfNotEmpty(Properties props, String
key, T value) {
- if (value != null && ObjectHelper.isNotEmpty(value)) {
+ if (ObjectHelper.isNotEmpty(value)) {
// Kafka expects all properties as String
props.put(key, value.toString());
}
@@ -1038,6 +1044,7 @@ public class KafkaConfiguration implements Cloneable,
HeaderFilterStrategyAware
/**
* The endpoint identification algorithm to validate server hostname using
server certificate.
+ * Use none or false to disable server hostname verification.
*/
public void setSslEndpointAlgorithm(String sslEndpointAlgorithm) {
this.sslEndpointAlgorithm = sslEndpointAlgorithm;
diff --git
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/KafkaComponentBuilderFactory.java
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/KafkaComponentBuilderFactory.java
index adcf8f56b31..e1348db07d3 100644
---
a/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/KafkaComponentBuilderFactory.java
+++
b/dsl/camel-componentdsl/src/generated/java/org/apache/camel/builder/component/dsl/KafkaComponentBuilderFactory.java
@@ -1845,7 +1845,8 @@ public interface KafkaComponentBuilderFactory {
}
/**
* The endpoint identification algorithm to validate server hostname
- * using server certificate.
+ * using server certificate. Use none or false to disable server
+ * hostname verification.
*
* The option is a: <code>java.lang.String</code> type.
*
diff --git
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/KafkaEndpointBuilderFactory.java
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/KafkaEndpointBuilderFactory.java
index c174ae8135c..b922c29e8dd 100644
---
a/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/KafkaEndpointBuilderFactory.java
+++
b/dsl/camel-endpointdsl/src/generated/java/org/apache/camel/builder/endpoint/dsl/KafkaEndpointBuilderFactory.java
@@ -1606,7 +1606,8 @@ public interface KafkaEndpointBuilderFactory {
}
/**
* The endpoint identification algorithm to validate server hostname
- * using server certificate.
+ * using server certificate. Use none or false to disable server
+ * hostname verification.
*
* The option is a: <code>java.lang.String</code> type.
*
@@ -3731,7 +3732,8 @@ public interface KafkaEndpointBuilderFactory {
}
/**
* The endpoint identification algorithm to validate server hostname
- * using server certificate.
+ * using server certificate. Use none or false to disable server
+ * hostname verification.
*
* The option is a: <code>java.lang.String</code> type.
*
@@ -4534,7 +4536,8 @@ public interface KafkaEndpointBuilderFactory {
}
/**
* The endpoint identification algorithm to validate server hostname
- * using server certificate.
+ * using server certificate. Use none or false to disable server
+ * hostname verification.
*
* The option is a: <code>java.lang.String</code> type.
*
