You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2021/03/08 14:17:18 UTC
[camel] 01/03: CAMEL-16315 - Camel-Netty: Support Hostname
verification even though we are on Netty 4.1.x
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit cc836cbf774392d674c826934b16f96f51351e8c
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Mon Mar 8 14:01:11 2021 +0100
CAMEL-16315 - Camel-Netty: Support Hostname verification even though we are on Netty 4.1.x
---
.../component/netty/DefaultClientInitializerFactory.java | 6 ++++++
.../component/netty/DefaultServerInitializerFactory.java | 6 ++++++
.../apache/camel/component/netty/NettyConfiguration.java | 13 +++++++++++++
.../apache/camel/component/netty/ssl/SSLEngineFactory.java | 1 +
4 files changed, 26 insertions(+)
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java
index ab0b3b9..398603e 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java
@@ -21,6 +21,7 @@ import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
@@ -157,6 +158,11 @@ public class DefaultClientInitializerFactory extends ClientInitializerFactory {
} else if (sslContext != null) {
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(true);
+ if (producer.getConfiguration().isHostnameVerification()) {
+ SSLParameters sslParams = engine.getSSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ engine.setSSLParameters(sslParams);
+ }
if (producer.getConfiguration().getSslContextParameters() == null) {
// just set the enabledProtocols if the SslContextParameter doesn't set
engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(","));
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java
index dfb605d..8af4221 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java
@@ -20,6 +20,7 @@ import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
@@ -175,6 +176,11 @@ public class DefaultServerInitializerFactory extends ServerInitializerFactory {
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(consumer.getConfiguration().isClientMode());
engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth());
+ if (consumer.getConfiguration().isHostnameVerification()) {
+ SSLParameters sslParams = engine.getSSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ engine.setSSLParameters(sslParams);
+ }
if (consumer.getConfiguration().getSslContextParameters() == null) {
// just set the enabledProtocols if the SslContextParameter doesn't set
engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(","));
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
index 4315ccd..e9e9bc9 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
@@ -67,6 +67,8 @@ public class NettyConfiguration extends NettyServerBootstrapConfiguration implem
private List<ChannelHandler> encoders = new ArrayList<>();
@UriParam(label = "codec")
private List<ChannelHandler> decoders = new ArrayList<>();
+ @UriParam(label = "common", defaultValue = "true")
+ private boolean hostnameVerification = true;
@UriParam
private boolean disconnect;
@UriParam(label = "producer,advanced", defaultValue = "true")
@@ -721,6 +723,17 @@ public class NettyConfiguration extends NettyServerBootstrapConfiguration implem
this.correlationManager = correlationManager;
}
+ public boolean isHostnameVerification() {
+ return hostnameVerification;
+ }
+
+ /**
+ * To enable/disable hostname verification on SSLEngine
+ */
+ public void setHostnameVerification(boolean hostnameVerification) {
+ this.hostnameVerification = hostnameVerification;
+ }
+
private static <T> void addToHandlersList(List<T> configured, List<T> handlers, Class<T> handlerType) {
if (handlers != null) {
for (T handler : handlers) {
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
index ef77e79..ae99ecf 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
@@ -22,6 +22,7 @@ import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.apache.camel.CamelContext;