protected void addSslContextParametersToRegistry(JndiRegistry registry) {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
ksp.setPassword(KEY_STORE_PASSWORD);
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword(KEY_STORE_PASSWORD);
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
// NOTE: Needed since the client uses a loose trust configuration when no ssl context
// is provided. We turn on WANT client-auth to prefer using authentication
SSLContextServerParameters scsp = new SSLContextServerParameters();
scsp.setClientAuthentication(ClientAuthentication.WANT.name());
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
sslContextParameters.setServerParameters(scsp);
// use SSLv3 to avoid issue with (eg disable TLS)
// Caused by: javax.net.ssl.SSLException: bad record MAC
sslContextParameters.setSecureSocketProtocol("SSLv3");
registry.bind("sslContextParameters", sslContextParameters);
}
private SSLSocketFactory tryToGetSSLSocketFactory() {
try {
return sslContextParameters.createSSLContext(camelContext).getSocketFactory();
} catch (GeneralSecurityException | IOException e) {
throw new RuntimeException("Setting SSL failed", e);
}
}
@Override
protected JndiRegistry createRegistry() throws Exception {
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setResource(this.getClass().getClassLoader().getResource("keystore.jks").toString());
ksp.setPassword("changeit");
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setKeyPassword("changeit");
kmp.setKeyStore(ksp);
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setKeyStore(ksp);
SSLContextParameters sslContextParameters = new SSLContextParameters();
sslContextParameters.setKeyManagers(kmp);
sslContextParameters.setTrustManagers(tmp);
JndiRegistry registry = super.createRegistry();
registry.bind("sslContextParameters", sslContextParameters);
return registry;
}
private Properties createJavaMailProperties() {
// clone the system properties and set the java mail properties
Properties properties = (Properties) System.getProperties().clone();
properties.put("mail." + protocol + ".connectiontimeout", connectionTimeout);
properties.put("mail." + protocol + ".timeout", connectionTimeout);
properties.put("mail." + protocol + ".host", host);
properties.put("mail." + protocol + ".port", "" + port);
if (username != null) {
properties.put("mail." + protocol + ".user", username);
properties.put("mail.user", username);
properties.put("mail." + protocol + ".auth", "true");
} else {
properties.put("mail." + protocol + ".auth", "false");
}
properties.put("mail.transport.protocol", protocol);
properties.put("mail.store.protocol", protocol);
properties.put("mail.host", host);
if (debugMode) {
// add more debug for the SSL communication as well
properties.put("javax.net.debug", "all");
}
if (sslContextParameters != null && isSecureProtocol()) {
SSLContext sslContext;
try {
sslContext = sslContextParameters.createSSLContext();
} catch (Exception e) {
throw new RuntimeCamelException("Error initializing SSLContext.", e);
}
properties.put("mail." + protocol + ".socketFactory", sslContext.getSocketFactory());
properties.put("mail." + protocol + ".socketFactory.fallback", "false");
properties.put("mail." + protocol + ".socketFactory.port", "" + port);
}
if (dummyTrustManager && isSecureProtocol()) {
// set the custom SSL properties
properties.put(
"mail." + protocol + ".socketFactory.class",
"org.apache.camel.component.mail.security.DummySSLSocketFactory");
properties.put("mail." + protocol + ".socketFactory.fallback", "false");
properties.put("mail." + protocol + ".socketFactory.port", "" + port);
}
return properties;
}