We meet a problem when we use https in camel-jetty. Once the key store file is changed(like delete or add a certification), how can we make the change take effect? Seems like by default, camel-jetty won’t reload the change dynamically.
The sample code:
JettyHttpComponent jettyComponent = getContext().getComponent("jetty", JettyHttpComponent.class);
SslSelectChannelConnector sslConnector = new SslSelectChannelConnector();
SslContextFactory sslFactory = sslConnector.getSslContextFactory();
sslFactory.setNeedClientAuth(true);
sslFactory.setKeyStore("d:" + File.separator +"serverkeystore");
sslFactory.setKeyManagerPassword("serverkey");
sslFactory.setKeyStorePassword("serverkeystore");
sslFactory.setTrustStore("d:" + File.separator +"servertruststore");
sslFactory.setTrustStorePassword("servertruststore");
Map<Integer, SslSelectChannelConnector> connectors = new HashMap<Integer, SslSelectChannelConnector>();
connectors.put(443, sslConnector);
jettyComponent.setSslSocketConnectors(connectors);
from("jetty:https://0.0.0.0/httpsservice")
.id("httpsserver")
.process(new Processor(){
public void process(Exchange exchange) throws Exception {
exchange.getOut().setBody("OK");
exchange.getOut().setHeader(Exchange.HTTP_RESPONSE_CODE, 200);
}
});
But when we change the key store file dynamically, unless restart the application, the change won’t take effect. Is there any way to make the change take effect?
Thanks
You can build an
SSLContext(and pass it via anSslContextFactory) using a customX509KeyManagerand a customX509TrustManagerthat will change its return values dynamically, instead of being loaded once and for all.For performance reasons, instead of reloading the keystores every time one of their methods are called, I would cache the result and reload it once in a while only (perhaps every 5 minutes, this really depends on the usage you expect).