camel-crypto-cms-kafka-connector sink configuration

When using camel-crypto-cms-kafka-connector as sink make sure to use the following Maven dependency to have support for the connector:

<dependency>
  <groupId>org.apache.camel.kafkaconnector</groupId>
  <artifactId>camel-crypto-cms-kafka-connector</artifactId>
  <version>x.x.x</version>
  <!-- use the same version as your Camel Kafka connector version -->
</dependency>

To use this Sink connector in Kafka connect you’ll need to set the following connector.class

connector.class=org.apache.camel.kafkaconnector.cryptocms.CamelCryptocmsSinkConnector

The camel-crypto-cms sink connector supports 23 options, which are listed below.

Name Description Default Priority

camel.sink.path.cryptoOperation

Set the Crypto operation from that supplied after the crypto scheme in the endpoint uri e.g. crypto-cms:sign sets sign as the operation. Possible values: sign, verify, encrypt, or decrypt. One of: [sign] [verify] [encrypt] [decrypt]

null

HIGH

camel.sink.path.name

The name part in the URI can be chosen by the user to distinguish between different signer/verifier/encryptor/decryptor endpoints within the camel context.

null

HIGH

camel.sink.endpoint.keyStore

Keystore which contains signer private keys, verifier public keys, encryptor public keys, decryptor private keys depending on the operation. Use either this parameter or the parameter 'keyStoreParameters'.

null

MEDIUM

camel.sink.endpoint.keyStoreParameters

Keystore containing signer private keys, verifier public keys, encryptor public keys, decryptor private keys depending on the operation. Use either this parameter or the parameter 'keystore'.

null

MEDIUM

camel.sink.endpoint.lazyStartProducer

Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.

false

MEDIUM

camel.sink.endpoint.basicPropertyBinding

Whether the endpoint should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities

false

MEDIUM

camel.sink.endpoint.synchronous

Sets whether synchronous processing should be strictly used, or Camel is allowed to use asynchronous processing (if supported).

false

MEDIUM

camel.sink.endpoint.password

Sets the password of the private keys. It is assumed that all private keys in the keystore have the same password. If not set then it is assumed that the password of the private keys is given by the keystore password given in the KeyStoreParameters.

null

MEDIUM

camel.sink.endpoint.fromBase64

If true then the CMS message is base 64 encoded and must be decoded during the processing. Default value is false.

false

MEDIUM

camel.sink.endpoint.contentEncryptionAlgorithm

Encryption algorithm, for example DESede/CBC/PKCS5Padding. Further possible values: DESede/CBC/PKCS5Padding, AES/CBC/PKCS5Padding, Camellia/CBC/PKCS5Padding, CAST5/CBC/PKCS5Padding. One of: [AES/CBC/PKCS5Padding] [DESede/CBC/PKCS5Padding] [Camellia/CBC/PKCS5Padding] [CAST5/CBC/PKCS5Padding]

null

MEDIUM

camel.sink.endpoint.originatorInformationProvider

Provider for the originator info. See https://tools.ietf.org/html/rfc5652#section-6.1. The default value is null.

null

MEDIUM

camel.sink.endpoint.recipient

Recipient Info: reference to a bean which implements the interface org.apache.camel.component.crypto.cms.api.TransRecipientInfo

null

MEDIUM

camel.sink.endpoint.secretKeyLength

Key length for the secret symmetric key used for the content encryption. Only used if the specified content-encryption algorithm allows keys of different sizes. If contentEncryptionAlgorithm=AES/CBC/PKCS5Padding or Camellia/CBC/PKCS5Padding then 128; if contentEncryptionAlgorithm=DESede/CBC/PKCS5Padding then 192, 128; if strong encryption is enabled then for AES/CBC/PKCS5Padding and Camellia/CBC/PKCS5Padding also the key lengths 192 and 256 are possible.

null

MEDIUM

camel.sink.endpoint.unprotectedAttributesGenerator Provider

Provider of the generator for the unprotected attributes. The default value is null which means no unprotected attribute is added to the Enveloped Data object. See https://tools.ietf.org/html/rfc5652#section-6.1.

null

MEDIUM

camel.sink.endpoint.toBase64

Indicates whether the Signed Data or Enveloped Data instance shall be base 64 encoded. Default value is false.

"false"

MEDIUM

camel.sink.endpoint.includeContent

Indicates whether the signed content should be included into the Signed Data instance. If false then a detached Signed Data instance is created in the header CamelCryptoCmsSignedData.

"true"

MEDIUM

camel.sink.endpoint.signer

Signer information: reference to bean(s) which implements org.apache.camel.component.crypto.cms.api.SignerInfo. Multiple values can be separated by comma

null

MEDIUM

camel.sink.endpoint.signedDataHeaderBase64

Indicates whether the value in the header CamelCryptoCmsSignedData is base64 encoded. Default value is false. Only relevant for detached signatures. In the detached signature case, the header contains the Signed Data object.

false

MEDIUM

camel.sink.endpoint.verifySignaturesOfAllSigners

If true then the signatures of all signers contained in the Signed Data object are verified. If false then only one signature whose signer info matches with one of the specified certificates is verified. Default value is true.

true

MEDIUM

camel.component.crypto-cms.lazyStartProducer

Whether the producer should be started lazy (on the first message). By starting lazy you can use this to allow CamelContext and routes to startup in situations where a producer may otherwise fail during starting and cause the route to fail being started. By deferring this startup to be lazy then the startup failure can be handled during routing messages via Camel’s routing error handlers. Beware that when the first message is processed then creating and starting the producer may take a little time and prolong the total processing time of the processing.

false

MEDIUM

camel.component.crypto-cms.basicPropertyBinding

Whether the component should use basic property binding (Camel 2.x) or the newer property binding with additional capabilities

false

MEDIUM

camel.component.crypto-cms.envelopedDataDecryptor Configuration

To configure the shared EnvelopedDataDecryptorConfiguration, which determines the uri parameters for the decrypt operation.

null

MEDIUM

camel.component.crypto-cms.signedDataVerifier Configuration

To configure the shared SignedDataVerifierConfiguration, which determines the uri parameters for the verify operation.

null

MEDIUM

The camel-crypto-cms sink connector has no converters out of the box.

The camel-crypto-cms sink connector has no transforms out of the box.

The camel-crypto-cms sink connector has no aggregation strategies out of the box.