You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2016/03/25 17:28:21 UTC
camel git commit: CAMEL-9762 - Add setters on CipherSuitesParameters
and SecureSocketProtocolsParameters
Repository: camel
Updated Branches:
refs/heads/master 359f4c5c4 -> bda2666d7
CAMEL-9762 - Add setters on CipherSuitesParameters and SecureSocketProtocolsParameters
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/bda2666d
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/bda2666d
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/bda2666d
Branch: refs/heads/master
Commit: bda2666d72fadeeb6b11a7e502fe2556a94b69cc
Parents: 359f4c5
Author: Antoine DESSAIGNE <an...@gmail.com>
Authored: Fri Mar 25 17:18:53 2016 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Fri Mar 25 17:27:16 2016 +0100
----------------------------------------------------------------------
.../camel/util/jsse/CipherSuitesParameters.java | 17 +-
.../jsse/SecureSocketProtocolsParameters.java | 17 +-
.../util/jsse/SSLContextParametersTest.java | 333 ++++++++++---------
...ractBaseSSLContextParametersFactoryBean.java | 42 +--
4 files changed, 210 insertions(+), 199 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
index 64b0611..0a038f1 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
@@ -17,14 +17,12 @@
package org.apache.camel.util.jsse;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
/**
* Represents a list of TLS/SSL cipher suite names.
*/
public class CipherSuitesParameters {
-
private List<String> cipherSuite;
/**
@@ -34,19 +32,26 @@ public class CipherSuitesParameters {
*/
public List<String> getCipherSuite() {
if (this.cipherSuite == null) {
- this.cipherSuite = new ArrayList<String>();
+ this.cipherSuite = new ArrayList<>();
}
return this.cipherSuite;
}
+ /**
+ * Sets the cipher suite. It creates a copy of the given cipher suite.
+ *
+ * @param cipherSuite cipher suite
+ */
+ public void setCipherSuite(List<String> cipherSuite) {
+ this.cipherSuite = cipherSuite == null ? null : new ArrayList<>(cipherSuite);
+ }
+
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
builder.append("CipherSuitesParameters[cipherSuite=");
- builder.append(Arrays.toString(getCipherSuite().toArray(new String[getCipherSuite().size()])));
+ builder.append(getCipherSuite());
builder.append("]");
return builder.toString();
}
-
-
}
http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
index de63a80..0f15407 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
@@ -17,14 +17,12 @@
package org.apache.camel.util.jsse;
import java.util.ArrayList;
-import java.util.Arrays;
import java.util.List;
/**
* Represents a list of TLS/SSL cipher suite names.
*/
public class SecureSocketProtocolsParameters {
-
private List<String> secureSocketProtocol;
/**
@@ -34,19 +32,26 @@ public class SecureSocketProtocolsParameters {
*/
public List<String> getSecureSocketProtocol() {
if (this.secureSocketProtocol == null) {
- this.secureSocketProtocol = new ArrayList<String>();
+ this.secureSocketProtocol = new ArrayList<>();
}
return this.secureSocketProtocol;
}
+ /**
+ * Sets the list of secure socket protocol names. It creates a copy of the given protocol list.
+ *
+ * @param secureSocketProtocol list of secure socket protocol names
+ */
+ public void setSecureSocketProtocol(List<String> secureSocketProtocol) {
+ this.secureSocketProtocol = secureSocketProtocol == null ? null : new ArrayList<>(secureSocketProtocol);
+ }
+
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
builder.append("SecureSocketProtocolsParameters[secureSocketProtocol=");
- builder.append(Arrays.toString(getSecureSocketProtocol().toArray(new String[getSecureSocketProtocol().size()])));
+ builder.append(getSecureSocketProtocol());
builder.append("]");
return builder.toString();
}
-
-
}
http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
----------------------------------------------------------------------
diff --git a/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java b/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
index 0247a4d..fccc45a 100644
--- a/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
+++ b/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
@@ -18,6 +18,7 @@ package org.apache.camel.util.jsse;
import java.util.Arrays;
import java.util.Collection;
+import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
import java.util.regex.Pattern;
@@ -31,18 +32,18 @@ import junit.framework.AssertionFailedError;
import org.apache.camel.CamelContext;
public class SSLContextParametersTest extends AbstractJsseParametersTest {
-
+
public void testFilter() {
SSLContextParameters parameters = new SSLContextParameters();
-
- Collection<String> result = parameters.filter(null,
+
+ Collection<String> result = parameters.filter(null,
Arrays.asList(new String[]{"SSLv3", "TLSv1", "TLSv1.1"}),
Arrays.asList(new Pattern[]{Pattern.compile("TLS.*")}),
Arrays.asList(new Pattern[0]));
assertEquals(2, result.size());
assertStartsWith(result, "TLS");
-
- result = parameters.filter(null,
+
+ result = parameters.filter(null,
Arrays.asList(new String[]{"SSLv3", "TLSv1", "TLSv1.1"}),
Arrays.asList(new Pattern[]{Pattern.compile(".*")}),
Arrays.asList(new Pattern[]{Pattern.compile("SSL.*")}));
@@ -55,134 +56,134 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertEquals("Get a wrong message", "The values should not be null", ex.getMessage());
}
}
-
+
public void testPropertyPlaceholders() throws Exception {
-
+
CamelContext camelContext = this.createPropertiesPlaceholderAwareContext();
-
+
KeyStoreParameters ksp = new KeyStoreParameters();
ksp.setCamelContext(camelContext);
-
+
ksp.setType("{{keyStoreParameters.type}}");
ksp.setProvider("{{keyStoreParameters.provider}}");
ksp.setResource("{{keyStoreParameters.resource}}");
ksp.setPassword("{{keyStoreParamerers.password}}");
-
+
KeyManagersParameters kmp = new KeyManagersParameters();
kmp.setCamelContext(camelContext);
kmp.setKeyStore(ksp);
-
+
kmp.setKeyPassword("{{keyManagersParameters.keyPassword}}");
kmp.setAlgorithm("{{keyManagersParameters.algorithm}}");
kmp.setProvider("{{keyManagersParameters.provider}}");
-
+
TrustManagersParameters tmp = new TrustManagersParameters();
tmp.setCamelContext(camelContext);
tmp.setKeyStore(ksp);
-
+
tmp.setAlgorithm("{{trustManagersParameters.algorithm}}");
tmp.setProvider("{{trustManagersParameters.provider}}");
-
+
CipherSuitesParameters csp = new CipherSuitesParameters();
- csp.getCipherSuite().add("{{cipherSuite.0}}");
-
+ csp.setCipherSuite(Collections.singletonList("{{cipherSuite.0}}"));
+
SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters();
- sspp.getSecureSocketProtocol().add("{{secureSocketProtocol.0}}");
-
+ sspp.setSecureSocketProtocol(Collections.singletonList("{{secureSocketProtocol.0}}"));
+
SSLContextServerParameters scsp = new SSLContextServerParameters();
scsp.setCamelContext(camelContext);
scsp.setClientAuthentication("{{sslContextServerParameters.clientAuthentication}}");
-
+
SSLContextParameters scp = new SSLContextParameters();
scp.setCamelContext(camelContext);
scp.setKeyManagers(kmp);
scp.setTrustManagers(tmp);
scp.setServerParameters(scsp);
-
+
scp.setProvider("{{sslContextParameters.provider}}");
scp.setSecureSocketProtocol("{{sslContextParameters.protocol}}");
scp.setSessionTimeout("{{sslContextParameters.sessionTimeout}}");
-
+
scp.setCipherSuites(csp);
scp.setSecureSocketProtocols(sspp);
-
+
SSLContext context = scp.createSSLContext();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
assertTrue(serverSocket.getNeedClientAuth());
context.getSocketFactory().createSocket();
context.createSSLEngine();
}
-
+
public void testServerParametersClientAuthentication() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
- SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
-
-
+ SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
+
+
SSLContextParameters scp = new SSLContextParameters();
SSLContextServerParameters scsp = new SSLContextServerParameters();
-
+
scp.setServerParameters(scsp);
SSLContext context = scp.createSSLContext();
-
-
+
+
SSLEngine engine = context.createSSLEngine();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(controlServerSocket.getWantClientAuth(), serverSocket.getWantClientAuth());
assertEquals(controlServerSocket.getNeedClientAuth(), serverSocket.getNeedClientAuth());
assertEquals(controlEngine.getWantClientAuth(), engine.getWantClientAuth());
assertEquals(controlEngine.getNeedClientAuth(), engine.getNeedClientAuth());
-
+
// ClientAuthentication - NONE
scsp.setClientAuthentication(ClientAuthentication.NONE.name());
context = scp.createSSLContext();
engine = context.createSSLEngine();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(false, serverSocket.getWantClientAuth());
assertEquals(false, serverSocket.getNeedClientAuth());
assertEquals(false, engine.getWantClientAuth());
assertEquals(false, engine.getNeedClientAuth());
-
+
// ClientAuthentication - WANT
scsp.setClientAuthentication(ClientAuthentication.WANT.name());
context = scp.createSSLContext();
engine = context.createSSLEngine();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(true, serverSocket.getWantClientAuth());
assertEquals(false, serverSocket.getNeedClientAuth());
assertEquals(true, engine.getWantClientAuth());
assertEquals(false, engine.getNeedClientAuth());
-
+
// ClientAuthentication - REQUIRE
scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name());
context = scp.createSSLContext();
engine = context.createSSLEngine();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(false, serverSocket.getWantClientAuth());
assertEquals(true, serverSocket.getNeedClientAuth());
assertEquals(false, engine.getWantClientAuth());
assertEquals(true, engine.getNeedClientAuth());
}
-
+
public void testServerParameters() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
- SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
-
-
+ SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
+
+
SSLContextParameters scp = new SSLContextParameters();
SSLContextServerParameters scsp = new SSLContextServerParameters();
-
+
scp.setServerParameters(scsp);
SSLContext context = scp.createSSLContext();
-
+
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
@@ -196,18 +197,18 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
assertEquals(controlServerSocket.getWantClientAuth(), serverSocket.getWantClientAuth());
assertEquals(controlServerSocket.getNeedClientAuth(), serverSocket.getNeedClientAuth());
-
+
// No csp or filter on server params passes through shared config
scp.setCipherSuites(new CipherSuitesParameters());
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// Csp on server params
scp.setCipherSuites(null);
CipherSuitesParameters csp = new CipherSuitesParameters();
@@ -216,11 +217,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// Cipher suites filter on server params
FilterParameters filter = new FilterParameters();
filter.getExclude().add(".*");
@@ -230,11 +231,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// Csp on server overrides cipher suites filter on server
filter.getInclude().add(".*");
filter.getExclude().clear();
@@ -243,11 +244,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// Sspp on server params
SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters();
scsp.setSecureSocketProtocols(sspp);
@@ -255,11 +256,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertEquals(0, serverSocket.getEnabledProtocols().length);
-
+
// Secure socket protocols filter on client params
filter = new FilterParameters();
filter.getExclude().add(".*");
@@ -268,11 +269,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertEquals(0, serverSocket.getEnabledProtocols().length);
-
+
// Sspp on client params overrides secure socket protocols filter on client
filter.getInclude().add(".*");
filter.getExclude().clear();
@@ -281,51 +282,51 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertEquals(0, serverSocket.getEnabledProtocols().length);
-
+
// Server session timeout only affects server session configuration
scsp.setSessionTimeout("12345");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(controlContext.getClientSessionContext().getSessionTimeout(), context.getClientSessionContext().getSessionTimeout());
assertEquals(12345, context.getServerSessionContext().getSessionTimeout());
}
-
+
private void checkProtocols(String[] control, String[] configured) {
- //With the IBM JDK, an "default" unconfigured control socket is more
- //restricted than with the Sun JDK. For example, with
+ //With the IBM JDK, an "default" unconfigured control socket is more
+ //restricted than with the Sun JDK. For example, with
//SSLContext.getInstance("TLS"), on Sun, you get
// TLSv1, SSLv3, SSLv2Hello
//but with IBM, you only get:
// TLSv1
//We'll check to make sure the "default" protocols are amongst the list
- //that are in after configuration.
+ //that are in after configuration.
assertTrue(Arrays.asList(configured).containsAll(Arrays.asList(control)));
}
-
+
public void testClientParameters() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
- SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
-
+ SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
+
SSLContextParameters scp = new SSLContextParameters();
SSLContextClientParameters sccp = new SSLContextClientParameters();
-
+
scp.setClientParameters(sccp);
SSLContext context = scp.createSSLContext();
-
+
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
@@ -333,16 +334,16 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
-
+
// No csp or filter on client params passes through shared config
scp.setCipherSuites(new CipherSuitesParameters());
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, socket.getEnabledCipherSuites().length);
-
+
// Csp on client params
scp.setCipherSuites(null);
CipherSuitesParameters csp = new CipherSuitesParameters();
@@ -351,11 +352,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertEquals(0, socket.getEnabledCipherSuites().length);
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
-
+
// Cipher suites filter on client params
FilterParameters filter = new FilterParameters();
filter.getExclude().add(".*");
@@ -365,11 +366,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertEquals(0, socket.getEnabledCipherSuites().length);
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
-
+
// Csp on client overrides cipher suites filter on client
filter.getInclude().add(".*");
filter.getExclude().clear();
@@ -378,11 +379,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertEquals(0, socket.getEnabledCipherSuites().length);
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
-
+
// Sspp on client params
SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters();
sccp.setSecureSocketProtocols(sspp);
@@ -390,11 +391,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertEquals(0, socket.getEnabledProtocols().length);
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
-
+
// Secure socket protocols filter on client params
filter = new FilterParameters();
filter.getExclude().add(".*");
@@ -403,7 +404,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertEquals(0, socket.getEnabledProtocols().length);
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
@@ -416,64 +417,64 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertEquals(0, socket.getEnabledProtocols().length);
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
-
+
// Client session timeout only affects client session configuration
sccp.setSessionTimeout("12345");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(controlContext.getServerSessionContext().getSessionTimeout(), context.getServerSessionContext().getSessionTimeout());
assertEquals(12345, context.getClientSessionContext().getSessionTimeout());
}
-
+
public void testCipherSuites() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
- SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
-
+ SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
+
// default
SSLContextParameters scp = new SSLContextParameters();
-
+
SSLContext context = scp.createSSLContext();
-
+
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
-
-
+
+
// empty csp
-
+
CipherSuitesParameters csp = new CipherSuitesParameters();
scp.setCipherSuites(csp);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// explicit csp
-
- csp.getCipherSuite().add(controlEngine.getEnabledCipherSuites()[0]);
+
+ csp.setCipherSuite(Collections.singletonList(controlEngine.getEnabledCipherSuites()[0]));
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(1, engine.getEnabledCipherSuites().length);
assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]);
assertEquals(1, socket.getEnabledCipherSuites().length);
@@ -482,7 +483,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertEquals(controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]);
// explicit csp overrides filter
-
+
FilterParameters filter = new FilterParameters();
filter.getInclude().add(".*");
scp.setCipherSuitesFilter(filter);
@@ -490,7 +491,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(1, engine.getEnabledCipherSuites().length);
assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]);
assertEquals(1, socket.getEnabledCipherSuites().length);
@@ -498,70 +499,70 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertEquals(1, socket.getEnabledCipherSuites().length);
assertEquals(controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]);
}
-
+
public void testCipherSuitesFilter() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
- SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
-
+ SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
+
// default
SSLContextParameters scp = new SSLContextParameters();
-
+
SSLContext context = scp.createSSLContext();
-
+
CipherSuitesParameters csp = new CipherSuitesParameters();
scp.setCipherSuites(csp);
-
+
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites()));
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites()));
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites()));
-
-
- // empty filter
+
+
+ // empty filter
FilterParameters filter = new FilterParameters();
scp.setCipherSuitesFilter(filter);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// explicit filter
filter.getInclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// explicit filter with excludes (excludes overrides)
filter.getExclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledCipherSuites().length);
assertEquals(0, socket.getEnabledCipherSuites().length);
assertEquals(0, serverSocket.getEnabledCipherSuites().length);
-
+
// explicit filter single include
-
+
filter.getInclude().clear();
filter.getExclude().clear();
- csp.getCipherSuite().add("TLS_RSA_WITH_AES_128_CBC_SHA");
+ csp.setCipherSuite(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA"));
filter.getInclude().add("TLS.*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
@@ -584,53 +585,53 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
- SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
-
+ SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
+
// default
SSLContextParameters scp = new SSLContextParameters();
-
+
SSLContext context = scp.createSSLContext();
-
+
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
// default disable the SSL* protocols
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
//checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols());
-
+
// empty sspp
-
+
SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters();
scp.setSecureSocketProtocols(sspp);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledProtocols().length);
assertEquals(0, socket.getEnabledProtocols().length);
assertEquals(0, serverSocket.getEnabledProtocols().length);
-
+
// explicit sspp
-
- sspp.getSecureSocketProtocol().add("TLSv1");
+
+ sspp.setSecureSocketProtocol(Collections.singletonList("TLSv1"));
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(1, engine.getEnabledProtocols().length);
assertEquals("TLSv1", engine.getEnabledProtocols()[0]);
assertEquals(1, socket.getEnabledProtocols().length);
assertEquals("TLSv1", socket.getEnabledProtocols()[0]);
assertEquals(1, serverSocket.getEnabledProtocols().length);
assertEquals("TLSv1", serverSocket.getEnabledProtocols()[0]);
-
+
// explicit sspp overrides filter
-
+
FilterParameters filter = new FilterParameters();
filter.getInclude().add(".*");
scp.setSecureSocketProtocolsFilter(filter);
@@ -649,49 +650,49 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertEquals("TLSv1", serverSocket.getEnabledProtocols()[0]);
}
}
-
+
public void testSecureSocketProtocolsFilter() throws Exception {
SSLContext controlContext = SSLContext.getInstance("TLS");
controlContext.init(null, null, null);
SSLEngine controlEngine = controlContext.createSSLEngine();
SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket();
- SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
-
+ SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket();
+
// default
SSLContextParameters scp = new SSLContextParameters();
-
+
SSLContext context = scp.createSSLContext();
-
+
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket();
SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
// default disable the SSL* protocols
assertStartsWith(engine.getEnabledProtocols(), "TLS");
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
// empty filter
-
+
FilterParameters filter = new FilterParameters();
scp.setSecureSocketProtocolsFilter(filter);
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledProtocols().length);
assertEquals(0, socket.getEnabledProtocols().length);
assertEquals(0, serverSocket.getEnabledProtocols().length);
-
+
// explicit filter
-
+
filter.getInclude().add(".*");
context = scp.createSSLContext();
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols()));
assertTrue(Arrays.equals(controlSocket.getEnabledProtocols(), socket.getEnabledProtocols()));
checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols());
@@ -702,11 +703,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
engine = context.createSSLEngine();
socket = (SSLSocket) context.getSocketFactory().createSocket();
serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket();
-
+
assertEquals(0, engine.getEnabledProtocols().length);
assertEquals(0, socket.getEnabledProtocols().length);
assertEquals(0, serverSocket.getEnabledProtocols().length);
-
+
// explicit filter single include
filter.getInclude().clear();
filter.getExclude().clear();
@@ -726,30 +727,30 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
}
}
-
+
public void testSessionTimeout() throws Exception {
SSLContextParameters scp = new SSLContextParameters();
scp.setSessionTimeout("60");
-
+
SSLContext context = scp.createSSLContext();
-
+
assertEquals(60, context.getClientSessionContext().getSessionTimeout());
assertEquals(60, context.getServerSessionContext().getSessionTimeout());
-
+
scp.setSessionTimeout("0");
-
+
context = scp.createSSLContext();
-
+
assertEquals(0, context.getClientSessionContext().getSessionTimeout());
assertEquals(0, context.getServerSessionContext().getSessionTimeout());
-
+
}
-
+
public void testDefaultSecureSocketProtocol() throws Exception {
SSLContextParameters scp = new SSLContextParameters();
-
+
SSLContext context = scp.createSSLContext();
-
+
assertEquals("TLS", context.getProtocol());
SSLEngine engine = context.createSSLEngine();
@@ -761,11 +762,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertStartsWith(socket.getEnabledProtocols(), "TLS");
assertStartsWith(serverSocket.getEnabledProtocols(), "TLS");
}
-
+
public void testSecureSocketProtocol() throws Exception {
SSLContextParameters scp = new SSLContextParameters();
scp.setSecureSocketProtocol("SSLv3");
-
+
SSLContext context = scp.createSSLContext();
assertEquals("SSLv3", context.getProtocol());
@@ -781,7 +782,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
// allow SSL* protocols by explicitly asking for them
final SecureSocketProtocolsParameters protocols = new SecureSocketProtocolsParameters();
- protocols.getSecureSocketProtocol().add("SSLv3");
+ protocols.setSecureSocketProtocol(Collections.singletonList("SSLv3"));
scp.setSecureSocketProtocols(protocols);
context = scp.createSSLContext();
@@ -796,38 +797,38 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest {
assertEquals(serverSocket.getEnabledProtocols().length, 1);
assertEquals(serverSocket.getEnabledProtocols()[0], "SSLv3");
}
-
+
public void testProvider() throws Exception {
SSLContextParameters scp = new SSLContextParameters();
scp.createSSLContext();
-
+
SSLContext context = scp.createSSLContext();
-
+
SSLContext defaultContext = SSLContext.getDefault();
-
+
assertEquals(defaultContext.getProvider().getName(), context.getProvider().getName());
}
-
+
protected String[] getDefaultCipherSuiteIncludes(String[] availableCipherSuites) {
List<String> enabled = new LinkedList<String>();
-
+
for (String string : availableCipherSuites) {
if (!string.contains("_anon_") && !string.contains("_NULL_")
&& !string.contains("_EXPORT_") && !string.contains("_DES_")) {
enabled.add(string);
}
}
-
+
return enabled.toArray(new String[enabled.size()]);
}
-
+
protected void assertStartsWith(String[] values, String prefix) {
assertNotNull("The values should not be null", values);
for (String value : values) {
assertTrue(value + " does not start with the prefix " + prefix, value.startsWith(prefix));
}
}
-
+
protected void assertStartsWith(Collection<String> values, String prefix) {
assertNotNull("The values should not be null", values);
for (String value : values) {
http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java
----------------------------------------------------------------------
diff --git a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java
index 3c38434..1079bcd 100644
--- a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java
+++ b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java
@@ -26,73 +26,73 @@ import org.apache.camel.util.jsse.SecureSocketProtocolsParameters;
@XmlTransient
public abstract class AbstractBaseSSLContextParametersFactoryBean<T extends BaseSSLContextParameters> extends AbstractJsseUtilFactoryBean<T> {
-
+
private CipherSuitesParametersDefinition cipherSuites;
-
+
private FilterParametersDefinition cipherSuitesFilter;
-
+
private SecureSocketProtocolsParametersDefinition secureSocketProtocols;
-
+
private FilterParametersDefinition secureSocketProtocolsFilter;
-
+
@XmlAttribute
private String sessionTimeout;
-
+
@XmlTransient
private T instance;
-
+
@Override
public final T getObject() throws Exception {
if (this.isSingleton()) {
- if (instance == null) {
- instance = createInstanceInternal();
+ if (instance == null) {
+ instance = createInstanceInternal();
}
-
+
return instance;
} else {
return createInstanceInternal();
- }
+ }
}
-
+
protected abstract T createInstance() throws Exception;
-
+
private T createInstanceInternal() throws Exception {
T newInstance = createInstance();
newInstance.setCamelContext(getCamelContext());
if (cipherSuites != null) {
CipherSuitesParameters cipherSuitesInstance = new CipherSuitesParameters();
- cipherSuitesInstance.getCipherSuite().addAll(cipherSuites.getCipherSuite());
+ cipherSuitesInstance.setCipherSuite(cipherSuites.getCipherSuite());
newInstance.setCipherSuites(cipherSuitesInstance);
}
-
+
if (cipherSuitesFilter != null) {
newInstance.setCipherSuitesFilter(createFilterParameters(cipherSuitesFilter));
}
-
+
if (secureSocketProtocols != null) {
SecureSocketProtocolsParameters secureSocketProtocolsInstance = new SecureSocketProtocolsParameters();
- secureSocketProtocolsInstance.getSecureSocketProtocol().addAll(secureSocketProtocols.getSecureSocketProtocol());
+ secureSocketProtocolsInstance.setSecureSocketProtocol(secureSocketProtocols.getSecureSocketProtocol());
newInstance.setSecureSocketProtocols(secureSocketProtocolsInstance);
}
-
+
if (secureSocketProtocolsFilter != null) {
newInstance.setSecureSocketProtocolsFilter(createFilterParameters(secureSocketProtocolsFilter));
}
-
+
if (sessionTimeout != null) {
newInstance.setSessionTimeout(sessionTimeout);
}
return newInstance;
}
-
+
private FilterParameters createFilterParameters(FilterParametersDefinition definition) {
FilterParameters filter = new FilterParameters();
filter.getInclude().addAll(definition.getInclude());
filter.getExclude().addAll(definition.getExclude());
filter.setCamelContext(getCamelContext());
-
+
return filter;
}