You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by da...@apache.org on 2015/11/28 09:34:46 UTC
camel git commit: CAMEL-9373: Camel JSSE security - Allow to use
custom trust manager
Repository: camel
Updated Branches:
refs/heads/master 1cab39f69 -> 6a0f016ef
CAMEL-9373: Camel JSSE security - Allow to use custom trust manager
Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/6a0f016e
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/6a0f016e
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/6a0f016e
Branch: refs/heads/master
Commit: 6a0f016ef4527ba4c84f3729dfb03faca119728b
Parents: 1cab39f
Author: Claus Ibsen <da...@apache.org>
Authored: Sat Nov 28 09:31:19 2015 +0100
Committer: Claus Ibsen <da...@apache.org>
Committed: Sat Nov 28 09:31:19 2015 +0100
----------------------------------------------------------------------
.../jsse/AliasedX509ExtendedKeyManager.java | 37 ----------------
.../camel/util/jsse/CipherSuitesParameters.java | 2 +-
.../camel/util/jsse/FilterParameters.java | 4 +-
.../camel/util/jsse/KeyManagersParameters.java | 4 +-
.../camel/util/jsse/KeyStoreParameters.java | 4 +-
.../util/jsse/SSLContextClientParameters.java | 4 +-
.../camel/util/jsse/SSLContextParameters.java | 4 +-
.../util/jsse/SSLContextServerParameters.java | 4 +-
.../camel/util/jsse/SecureRandomParameters.java | 4 +-
.../jsse/SecureSocketProtocolsParameters.java | 2 +-
.../util/jsse/TrustManagersParameters.java | 44 ++++++++++++++++----
.../util/jsse/TrustManagersParametersTest.java | 15 ++++++-
...tractTrustManagersParametersFactoryBean.java | 23 ++++++++--
13 files changed, 77 insertions(+), 74 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java b/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java
index be63684..1ad8c69 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java
@@ -25,7 +25,6 @@ import javax.net.ssl.SSLEngine;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
-/* ------------------------------------------------------------ */
/**
* KeyManager to select a key with desired alias while delegating processing to specified KeyManager Can be
* used both with server and client sockets
@@ -34,7 +33,6 @@ public class AliasedX509ExtendedKeyManager extends X509ExtendedKeyManager {
private String keyAlias;
private X509KeyManager keyManager;
- /* ------------------------------------------------------------ */
/**
* Construct KeyManager instance
*
@@ -47,70 +45,35 @@ public class AliasedX509ExtendedKeyManager extends X509ExtendedKeyManager {
this.keyManager = keyManager;
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509KeyManager#chooseClientAlias(java.lang.String[], java.security.Principal[],
- * java.net.Socket)
- */
public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) {
return keyAlias == null ? keyManager.chooseClientAlias(keyType, issuers, socket) : keyAlias;
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509KeyManager#chooseServerAlias(java.lang.String, java.security.Principal[],
- * java.net.Socket)
- */
public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) {
return keyAlias == null ? keyManager.chooseServerAlias(keyType, issuers, socket) : keyAlias;
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509KeyManager#getClientAliases(java.lang.String, java.security.Principal[])
- */
public String[] getClientAliases(String keyType, Principal[] issuers) {
return keyManager.getClientAliases(keyType, issuers);
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509KeyManager#getServerAliases(java.lang.String, java.security.Principal[])
- */
public String[] getServerAliases(String keyType, Principal[] issuers) {
return keyManager.getServerAliases(keyType, issuers);
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509KeyManager#getCertificateChain(java.lang.String)
- */
public X509Certificate[] getCertificateChain(String alias) {
return keyManager.getCertificateChain(alias);
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509KeyManager#getPrivateKey(java.lang.String)
- */
public PrivateKey getPrivateKey(String alias) {
return keyManager.getPrivateKey(alias);
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineServerAlias(java.lang.String,
- * java.security.Principal[], javax.net.ssl.SSLEngine)
- */
@Override
public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) {
return keyAlias == null ? super.chooseEngineServerAlias(keyType, issuers, engine) : keyAlias;
}
- /* ------------------------------------------------------------ */
- /**
- * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineClientAlias(String[], Principal[], SSLEngine)
- */
@Override
public String chooseEngineClientAlias(String keyType[], Principal[] issuers, SSLEngine engine) {
return keyAlias == null ? super.chooseEngineClientAlias(keyType, issuers, engine) : keyAlias;
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
index 16967be..64b0611 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java
@@ -42,7 +42,7 @@ public class CipherSuitesParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("CipherSuitesParameters [cipherSuite=");
+ builder.append("CipherSuitesParameters[cipherSuite=");
builder.append(Arrays.toString(getCipherSuite().toArray(new String[getCipherSuite().size()])));
builder.append("]");
return builder.toString();
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java
index 409fb78..0d8c080 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java
@@ -143,12 +143,10 @@ public class FilterParameters extends JsseParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("FilterParameters [include=");
+ builder.append("FilterParameters[include=");
builder.append(Arrays.toString(getInclude().toArray(new String[getInclude().size()])));
builder.append(", exclude=");
builder.append(Arrays.toString(getExclude().toArray(new String[getExclude().size()])));
- builder.append(", getContext()=");
- builder.append(getCamelContext());
builder.append("]");
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java
index 6db4d1f..e5ab626 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java
@@ -195,7 +195,7 @@ public class KeyManagersParameters extends JsseParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("KeyManagersParameters [keyStore=");
+ builder.append("KeyManagersParameters[keyStore=");
builder.append(keyStore);
builder.append(", keyPassword=");
builder.append("********");
@@ -203,8 +203,6 @@ public class KeyManagersParameters extends JsseParameters {
builder.append(provider);
builder.append(", algorithm=");
builder.append(algorithm);
- builder.append(", getContext()=");
- builder.append(getCamelContext());
builder.append("]");
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java
index 380f190..cbd0cc6 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java
@@ -193,7 +193,7 @@ public class KeyStoreParameters extends JsseParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("KeyStoreParameters [type=");
+ builder.append("KeyStoreParameters[type=");
builder.append(type);
builder.append(", password=");
builder.append("********");
@@ -201,8 +201,6 @@ public class KeyStoreParameters extends JsseParameters {
builder.append(provider);
builder.append(", resource=");
builder.append(resource);
- builder.append(", getContext()=");
- builder.append(getCamelContext());
builder.append("]");
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
index a05c3da..b8cca2f 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
@@ -77,7 +77,7 @@ public class SSLContextClientParameters extends BaseSSLContextParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("SSLContextClientParameters [getCipherSuites()=");
+ builder.append("SSLContextClientParameters[getCipherSuites()=");
builder.append(getCipherSuites());
builder.append(", getCipherSuitesFilter()=");
builder.append(getCipherSuitesFilter());
@@ -87,8 +87,6 @@ public class SSLContextClientParameters extends BaseSSLContextParameters {
builder.append(getSecureSocketProtocolsFilter());
builder.append(", getSessionTimeout()=");
builder.append(getSessionTimeout());
- builder.append(", getContext()=");
- builder.append(getCamelContext());
builder.append("]");
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java
index ab0eb9c..26b4b69 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java
@@ -373,7 +373,7 @@ public class SSLContextParameters extends BaseSSLContextParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("SSLContextParameters [keyManagers=");
+ builder.append("SSLContextParameters[keyManagers=");
builder.append(keyManagers);
builder.append(", trustManagers=");
builder.append(trustManagers);
@@ -399,8 +399,6 @@ public class SSLContextParameters extends BaseSSLContextParameters {
builder.append(getSecureSocketProtocolsFilter());
builder.append(", getSessionTimeout()=");
builder.append(getSessionTimeout());
- builder.append(", getContext()=");
- builder.append(getCamelContext());
builder.append("]");
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
index 6fe2493..e240c3f 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
@@ -174,7 +174,7 @@ public class SSLContextServerParameters extends BaseSSLContextParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("SSLContextServerParameters [clientAuthentication=");
+ builder.append("SSLContextServerParameters[clientAuthentication=");
builder.append(clientAuthentication);
builder.append(", getCipherSuites()=");
builder.append(getCipherSuites());
@@ -186,8 +186,6 @@ public class SSLContextServerParameters extends BaseSSLContextParameters {
builder.append(getSecureSocketProtocolsFilter());
builder.append(", getSessionTimeout()=");
builder.append(getSessionTimeout());
- builder.append(", getContext()=");
- builder.append(getCamelContext());
builder.append("]");
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java
index 1e5d15e..7a9b998 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java
@@ -118,12 +118,10 @@ public class SecureRandomParameters extends JsseParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("SecureRandomParameters [algorithm=");
+ builder.append("SecureRandomParameters[algorithm=");
builder.append(algorithm);
builder.append(", provider=");
builder.append(provider);
- builder.append(", getContext()=");
- builder.append(getCamelContext());
builder.append("]");
return builder.toString();
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
index 381cde5..de63a80 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java
@@ -42,7 +42,7 @@ public class SecureSocketProtocolsParameters {
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("SecureSocketProtocolsParameters [secureSocketProtocol=");
+ builder.append("SecureSocketProtocolsParameters[secureSocketProtocol=");
builder.append(Arrays.toString(getSecureSocketProtocol().toArray(new String[getSecureSocketProtocol().size()])));
builder.append("]");
return builder.toString();
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java
----------------------------------------------------------------------
diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java
index f71db16..61a66d5 100644
--- a/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java
+++ b/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java
@@ -52,6 +52,12 @@ public class TrustManagersParameters extends JsseParameters {
* standard algorithm names.
*/
protected String algorithm;
+
+ /**
+ * To use a existing configured trust manager instead of using {@link TrustManagerFactory} to
+ * get the {@link TrustManager}.
+ */
+ protected TrustManager trustManager;
/**
* Creates {@link TrustManager}s based on this instance's configuration and the
@@ -70,6 +76,10 @@ public class TrustManagersParameters extends JsseParameters {
* @see KeyStoreParameters#createKeyStore()
*/
public TrustManager[] createTrustManagers() throws GeneralSecurityException, IOException {
+ if (trustManager != null) {
+ // use existing trust manager
+ return new TrustManager[]{trustManager};
+ }
LOG.trace("Creating TrustManager[] from TrustManagersParameters [{}]", this);
@@ -152,18 +162,34 @@ public class TrustManagersParameters extends JsseParameters {
this.algorithm = value;
}
+ public TrustManager getTrustManager() {
+ return trustManager;
+ }
+
+ /**
+ * To use a existing configured trust manager instead of using {@link TrustManagerFactory} to
+ * get the {@link TrustManager}.
+ */
+ public void setTrustManager(TrustManager trustManager) {
+ this.trustManager = trustManager;
+ }
+
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
- builder.append("TrustManagerType [keyStore=");
- builder.append(keyStore);
- builder.append(", provider=");
- builder.append(provider);
- builder.append(", algorithm=");
- builder.append(algorithm);
- builder.append(", getContext()=");
- builder.append(getCamelContext());
- builder.append("]");
+ if (trustManager != null) {
+ builder.append("TrustManagerType[trustManager=");
+ builder.append(trustManager);
+ builder.append("]");
+ } else {
+ builder.append("TrustManagerType[keyStore=");
+ builder.append(keyStore);
+ builder.append(", provider=");
+ builder.append(provider);
+ builder.append(", algorithm=");
+ builder.append(algorithm);
+ builder.append("]");
+ }
return builder.toString();
}
}
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java
----------------------------------------------------------------------
diff --git a/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java b/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java
index 5a4ae53..baac864 100644
--- a/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java
+++ b/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java
@@ -44,7 +44,6 @@ public class TrustManagersParametersTest extends AbstractJsseParametersTest {
}
public void testPropertyPlaceholders() throws Exception {
-
CamelContext context = this.createPropertiesPlaceholderAwareContext();
KeyStoreParameters ksp = new KeyStoreParameters();
@@ -65,7 +64,19 @@ public class TrustManagersParametersTest extends AbstractJsseParametersTest {
TrustManager[] tms = tmp.createTrustManagers();
validateTrustManagers(tms);
}
-
+
+ public void testCustomTrustManager() throws Exception {
+ TrustManager myTm = new TrustManager() {
+ // noop
+ };
+
+ TrustManagersParameters tmp = new TrustManagersParameters();
+ tmp.setTrustManager(myTm);
+
+ TrustManager[] tms = tmp.createTrustManagers();
+ assertSame(myTm, tms[0]);
+ }
+
public void testCreateTrustManagers() throws Exception {
TrustManagersParameters tmp = this.createMinimalTrustManagersParameters();
http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java
----------------------------------------------------------------------
diff --git a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java
index 9fd87cf..de48fe6 100644
--- a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java
+++ b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java
@@ -16,11 +16,13 @@
*/
package org.apache.camel.core.xml.util.jsse;
+import javax.net.ssl.TrustManager;
import javax.xml.bind.annotation.XmlAccessType;
import javax.xml.bind.annotation.XmlAccessorType;
import javax.xml.bind.annotation.XmlAttribute;
import javax.xml.bind.annotation.XmlTransient;
+import org.apache.camel.util.CamelContextHelper;
import org.apache.camel.util.jsse.TrustManagersParameters;
@XmlAccessorType(XmlAccessType.FIELD)
@@ -32,6 +34,9 @@ public abstract class AbstractTrustManagersParametersFactoryBean extends Abstrac
@XmlAttribute
protected String algorithm;
+ @XmlAttribute
+ protected String trustManager;
+
@XmlTransient
private TrustManagersParameters instance;
@@ -50,14 +55,21 @@ public abstract class AbstractTrustManagersParametersFactoryBean extends Abstrac
public void setAlgorithm(String value) {
this.algorithm = value;
}
-
+
+ public String getTrustManager() {
+ return trustManager;
+ }
+
+ public void setTrustManager(String trustManager) {
+ this.trustManager = trustManager;
+ }
+
@Override
public TrustManagersParameters getObject() throws Exception {
- if (this.isSingleton()) {
+ if (isSingleton()) {
if (instance == null) {
instance = createInstance();
}
-
return instance;
} else {
return createInstance();
@@ -79,6 +91,11 @@ public abstract class AbstractTrustManagersParametersFactoryBean extends Abstrac
}
newInstance.setProvider(provider);
newInstance.setCamelContext(getCamelContext());
+
+ if (trustManager != null) {
+ TrustManager tm = CamelContextHelper.mandatoryLookup(getCamelContext(), trustManager, TrustManager.class);
+ newInstance.setTrustManager(tm);
+ }
return newInstance;
}