You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2021/03/09 13:22:22 UTC
[camel] 01/04: CAMEL-16315 - Camel-Netty: Support Hostname
verification even though we are on Netty 4.1.x
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch camel-3.4.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 03e3d75cb1c3d4abe64bf18607510ddd78f19146
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Mon Mar 8 14:01:11 2021 +0100
CAMEL-16315 - Camel-Netty: Support Hostname verification even though we are on Netty 4.1.x
---
.../component/netty/DefaultClientInitializerFactory.java | 6 ++++++
.../component/netty/DefaultServerInitializerFactory.java | 6 ++++++
.../apache/camel/component/netty/NettyConfiguration.java | 13 +++++++++++++
.../apache/camel/component/netty/ssl/SSLEngineFactory.java | 1 +
4 files changed, 26 insertions(+)
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java
index 2cfb4d8..c4e8b06 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientInitializerFactory.java
@@ -21,6 +21,7 @@ import java.util.concurrent.TimeUnit;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
@@ -156,6 +157,11 @@ public class DefaultClientInitializerFactory extends ClientInitializerFactory {
} else if (sslContext != null) {
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(true);
+ if (producer.getConfiguration().isHostnameVerification()) {
+ SSLParameters sslParams = engine.getSSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ engine.setSSLParameters(sslParams);
+ }
if (producer.getConfiguration().getSslContextParameters() == null) {
// just set the enabledProtocols if the SslContextParameter doesn't set
engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(","));
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java
index 5489c6f..13769cc 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerInitializerFactory.java
@@ -20,6 +20,7 @@ import java.util.List;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler;
@@ -174,6 +175,11 @@ public class DefaultServerInitializerFactory extends ServerInitializerFactory {
SSLEngine engine = sslContext.createSSLEngine();
engine.setUseClientMode(consumer.getConfiguration().isClientMode());
engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth());
+ if (consumer.getConfiguration().isHostnameVerification()) {
+ SSLParameters sslParams = engine.getSSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ engine.setSSLParameters(sslParams);
+ }
if (consumer.getConfiguration().getSslContextParameters() == null) {
// just set the enabledProtocols if the SslContextParameter doesn't set
engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(","));
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
index 69f9222..0d8937c 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
@@ -65,6 +65,8 @@ public class NettyConfiguration extends NettyServerBootstrapConfiguration implem
private List<ChannelHandler> encoders = new ArrayList<>();
@UriParam(label = "codec")
private List<ChannelHandler> decoders = new ArrayList<>();
+ @UriParam(label = "common", defaultValue = "true")
+ private boolean hostnameVerification = true;
@UriParam
private boolean disconnect;
@UriParam(label = "producer,advanced", defaultValue = "true")
@@ -683,6 +685,17 @@ public class NettyConfiguration extends NettyServerBootstrapConfiguration implem
this.correlationManager = correlationManager;
}
+ public boolean isHostnameVerification() {
+ return hostnameVerification;
+ }
+
+ /**
+ * To enable/disable hostname verification on SSLEngine
+ */
+ public void setHostnameVerification(boolean hostnameVerification) {
+ this.hostnameVerification = hostnameVerification;
+ }
+
private static <T> void addToHandlersList(List<T> configured, List<T> handlers, Class<T> handlerType) {
if (handlers != null) {
for (T handler : handlers) {
diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
index 0d5c336..fb55e4b 100644
--- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
+++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
@@ -22,6 +22,7 @@ import java.security.KeyStore;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
+import javax.net.ssl.SSLParameters;
import javax.net.ssl.TrustManagerFactory;
import org.apache.camel.CamelContext;