Skip to content

Add HTTP PQC Example for Java 17#494

Merged
jamesnetherton merged 1 commit intoapache:camel-quarkus-mainfrom
JiriOndrusek:http-pqc-j17
Apr 10, 2026
Merged

Add HTTP PQC Example for Java 17#494
jamesnetherton merged 1 commit intoapache:camel-quarkus-mainfrom
JiriOndrusek:http-pqc-j17

Conversation

@JiriOndrusek
Copy link
Copy Markdown
Contributor

@JiriOndrusek JiriOndrusek commented Apr 9, 2026

fixes apache/camel-quarkus#8509

Adds a new Camel Quarkus example demonstrating quantum-resistant TLS authentication using hybrid
Chimera certificates (RSA + ML-DSA-65) on Java 17.

Key features:

  • Hybrid certificates with classical RSA-2048 + post-quantum ML-DSA-65 (NIST FIPS 204) signatures
  • Custom X509TrustManager validates both signatures during TLS handshake - invalid or RSA-only
    certificates are rejected before application code executes
  • Java 17 compatible using BouncyCastle 1.83 PQC provider (application-level validation)
  • Comprehensive visual documentation explaining PQC architecture and three implementation
    approaches
  • Automated certificate generation with test coverage (JVM and native modes)

Implementation details:

  • Uses X.509 standard extensions (OIDs 2.5.29.72-74) for alternative PQC signatures per ITU-T X.509
  • Mutual TLS authentication (quarkus.http.ssl.client-auth=required) on /pqc/secure endpoint
  • Both RSA and ML-DSA-65 signatures must be valid for TLS connection to succeed
  • NIST-standardized ML-DSA-65 algorithm OID (2.16.840.1.101.3.4.3.18)

This provides a production-ready migration path to quantum-safe authentication on Java 17 while
maintaining backward compatibility with classical RSA systems. For Java 21+, native PQC TLS support
with hybrid cipher suites is recommended instead.

jamesnetherton
jamesnetherton reviewed Apr 9, 2026
View reviewed changes
oscerd
oscerd approved these changes Apr 9, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@oscerd oscerd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From PQC perspective this is ok!

@JiriOndrusek
Copy link
Copy Markdown
Contributor Author

JiriOndrusek commented Apr 9, 2026

From PQC perspective this is ok!

Thanks for confirmation!

@JiriOndrusek JiriOndrusek force-pushed the http-pqc-j17 branch 4 times, most recently from 6e2a1d1 to 1f6968f Compare April 10, 2026 12:45
@jamesnetherton jamesnetherton merged commit 81120c0 into apache:camel-quarkus-main Apr 10, 2026
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jamesnetherton jamesnetherton jamesnetherton approved these changes

@oscerd oscerd oscerd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JiriOndrusek @jamesnetherton @oscerd