Author: ningjiang
Date: Tue May 17 01:19:11 2011
New Revision: 1103974
URL: http://svn.apache.org/viewvc?rev=1103974&view=rev
Log:
CAMEL-3750 Applied patch with thanks to David
Modified:
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
camel/trunk/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
Modified:
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java
URL:
http://svn.apache.org/viewvc/camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java?rev=1103974&r1=1103973&r2=1103974&view=diff
==============================================================================
---
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java
(original)
+++
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/BaseSSLContextParameters.java
Tue May 17 01:19:11 2011
@@ -87,10 +87,10 @@ public abstract class BaseSSLContextPara
private FilterParameters secureSocketProtocolsFilter;
/**
- * The optional {@link SSLSessionContext} timeout time for {@link
javax.net.ssl.SSLSession}s.
- * TODO provide a time unit here and on the getter/setter.
+ * The optional {@link SSLSessionContext} timeout time for {@link
javax.net.ssl.SSLSession}s in seconds.
*/
private Integer sessionTimeout;
+
/**
* Returns the optional explicitly configured cipher suites for this
configuration.
@@ -199,14 +199,16 @@ public abstract class BaseSSLContextPara
}
/**
- * Returns the optional {@link SSLSessionContext} timeout time for {@link
javax.net.ssl.SSLSession}s.
+ * Returns the optional {@link SSLSessionContext} timeout time for {@link
javax.net.ssl.SSLSession}s
+ * in seconds.
*/
public Integer getSessionTimeout() {
return sessionTimeout;
}
/**
- * Sets the optional {@link SSLSessionContext} timeout time for {@link
javax.net.ssl.SSLSession}s.
+ * Sets the optional {@link SSLSessionContext} timeout time for {@link
javax.net.ssl.SSLSession}s
+ * in seconds.
*
* @param sessionTimeout the timeout value or {@code null} to use the
default
*/
@@ -215,6 +217,20 @@ public abstract class BaseSSLContextPara
}
/**
+ * Returns a flag indicating if default values should be applied in the
event that no other property
+ * of the instance configures a particular aspect of the entity produced
by the instance.
+ * This flag is used to allow instances of this class to produce a
configurer that simply
+ * passes through the current configuration of a configured entity when
the instance of this
+ * class would otherwise only apply some default configuration.
+ *
+ * @see SSLContextClientParameters
+ * @see SSLContextServerParameters
+ */
+ protected boolean getAllowPassthrough() {
+ return false;
+ }
+
+ /**
* Configures the actual {@link SSLContext} itself with direct setter
calls. This method differs from
* configuration options that are handled by a configurer instance in that
the options are part of the
* context itself and are not part of some factory or instance object
returned by the context.
@@ -290,6 +306,10 @@ public abstract class BaseSSLContextPara
enabledSecureSocketProtocolsPatterns = null;
}
+ //
+
+ final boolean allowPassthrough = getAllowPassthrough();
+
//////
Configurer<SSLEngine> sslEngineConfigurer = new
Configurer<SSLEngine>() {
@@ -299,13 +319,17 @@ public abstract class BaseSSLContextPara
Collection<String> filteredCipherSuites =
BaseSSLContextParameters.this
.filter(enabledCipherSuites,
Arrays.asList(engine.getSSLParameters().getCipherSuites()),
- enabledCipherSuitePatterns,
defaultEnabledCipherSuitePatterns);
+ Arrays.asList(engine.getEnabledCipherSuites()),
+ enabledCipherSuitePatterns,
defaultEnabledCipherSuitePatterns,
+ !allowPassthrough);
engine.setEnabledCipherSuites(filteredCipherSuites.toArray(new
String[filteredCipherSuites.size()]));
Collection<String> filteredSecureSocketProtocols =
BaseSSLContextParameters.this
.filter(enabledSecureSocketProtocols,
Arrays.asList(engine.getSSLParameters().getProtocols()),
- enabledSecureSocketProtocolsPatterns,
defaultEnabledSecureSocketProtocolsPatterns);
+ Arrays.asList(engine.getEnabledProtocols()),
+ enabledSecureSocketProtocolsPatterns,
defaultEnabledSecureSocketProtocolsPatterns,
+ !allowPassthrough);
engine.setEnabledProtocols(filteredSecureSocketProtocols.toArray(new
String[filteredSecureSocketProtocols.size()]));
return engine;
@@ -437,6 +461,10 @@ public abstract class BaseSSLContextPara
enabledSecureSocketProtocolsPatterns = null;
}
+ //
+
+ final boolean allowPassthrough = getAllowPassthrough();
+
//////
Configurer<SSLSocket> sslSocketConfigurer = new
Configurer<SSLSocket>() {
@@ -446,13 +474,17 @@ public abstract class BaseSSLContextPara
Collection<String> filteredCipherSuites =
BaseSSLContextParameters.this
.filter(enabledCipherSuites,
Arrays.asList(socket.getSSLParameters().getCipherSuites()),
- enabledCipherSuitePatterns,
defaultEnabledCipherSuitePatterns);
+ Arrays.asList(socket.getEnabledCipherSuites()),
+ enabledCipherSuitePatterns,
defaultEnabledCipherSuitePatterns,
+ !allowPassthrough);
socket.setEnabledCipherSuites(filteredCipherSuites.toArray(new
String[filteredCipherSuites.size()]));
Collection<String> filteredSecureSocketProtocols =
BaseSSLContextParameters.this
.filter(enabledSecureSocketProtocols,
Arrays.asList(socket.getSSLParameters().getProtocols()),
- enabledSecureSocketProtocolsPatterns,
defaultEnabledSecureSocketProtocolsPatterns);
+ Arrays.asList(socket.getEnabledProtocols()),
+ enabledSecureSocketProtocolsPatterns,
defaultEnabledSecureSocketProtocolsPatterns,
+ !allowPassthrough);
socket.setEnabledProtocols(filteredSecureSocketProtocols.toArray(new
String[filteredSecureSocketProtocols.size()]));
return socket;
@@ -507,6 +539,10 @@ public abstract class BaseSSLContextPara
enabledSecureSocketProtocolsPatterns = null;
}
+ //
+
+ final boolean allowPassthrough = getAllowPassthrough();
+
//////
Configurer<SSLServerSocket> sslServerSocketConfigurer = new
Configurer<SSLServerSocket>() {
@@ -516,13 +552,17 @@ public abstract class BaseSSLContextPara
Collection<String> filteredCipherSuites =
BaseSSLContextParameters.this
.filter(enabledCipherSuites,
Arrays.asList(socket.getSupportedCipherSuites()),
- enabledCipherSuitePatterns,
defaultEnabledCipherSuitePatterns);
+ Arrays.asList(socket.getEnabledCipherSuites()),
+ enabledCipherSuitePatterns,
defaultEnabledCipherSuitePatterns,
+ !allowPassthrough);
socket.setEnabledCipherSuites(filteredCipherSuites.toArray(new
String[filteredCipherSuites.size()]));
Collection<String> filteredSecureSocketProtocols =
BaseSSLContextParameters.this
.filter(enabledSecureSocketProtocols,
Arrays.asList(socket.getSupportedProtocols()),
- enabledSecureSocketProtocolsPatterns,
defaultEnabledSecureSocketProtocolsPatterns);
+ Arrays.asList(socket.getEnabledProtocols()),
+ enabledSecureSocketProtocolsPatterns,
defaultEnabledSecureSocketProtocolsPatterns,
+ !allowPassthrough);
socket.setEnabledProtocols(filteredSecureSocketProtocols.toArray(new
String[filteredSecureSocketProtocols.size()]));
return socket;
@@ -559,30 +599,38 @@ public abstract class BaseSSLContextPara
* Filters the values in {@code availableValues} returning only the values
that
* are explicitly listed in {@code explicitValues} (returns them regardless
* of if they appear in {@code availableValues} or not) if {@code
explicitValues} is not
- * {@code null} or as match the provided filters according to the
following rules:
+ * {@code null} or according to the following rules:
* <ol>
* <li>Match the include patterns in {@code patterns} and don't match the
exclude patterns in {@code patterns}
* if patterns is not {@code null}.</li>
* <li>Match the include patterns in {@code defaultPatterns} and don't
match the exclude patterns in {@code defaultPatterns}
- * if patterns is {@code null}.</li>
+ * if patterns is {@code null} and {@code applyDefaults} is true.</li>
+ * <li>Are provided in currentValues if if patterns is {@code null} and
{@code applyDefaults} is false.</li>
* </ol>
*
* @param explicitValues the optional explicit values to use
* @param availableValues the available values to filter from
* @param patterns the optional patterns to use when {@code
explicitValues} is not used
* @param defaultPatterns the required patterns to use when {@code
explicitValues} and {@code patterns} are not used
+ * @param applyDefaults flag indicating whether or not to apply defaults
in the event that no explicit values and no
+ * patterns apply
*
* @return the filtered values
*
* @see #filter(Collection, Collection, List, List)
*/
protected Collection<String> filter(
- Collection<String> explicitValues, Collection<String>
availableValues,
- Patterns patterns, Patterns defaultPatterns) {
+ Collection<String> explicitValues, Collection<String>
availableValues,
+ Collection<String> currentValues, Patterns patterns, Patterns
defaultPatterns,
+ boolean applyDefaults) {
final List<Pattern> enabledIncludePatterns;
final List<Pattern> enabledExcludePatterns;
+ if (explicitValues == null && patterns == null && !applyDefaults) {
+ return currentValues;
+ }
+
if (patterns != null) {
enabledIncludePatterns = patterns.getIncludes();
enabledExcludePatterns = patterns.getExcludes();
Modified:
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
URL:
http://svn.apache.org/viewvc/camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java?rev=1103974&r1=1103973&r2=1103974&view=diff
==============================================================================
---
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
(original)
+++
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java
Tue May 17 01:19:11 2011
@@ -35,6 +35,11 @@ public class SSLContextClientParameters
private static final Logger LOG =
LoggerFactory.getLogger(SSLContextClientParameters.class);
@Override
+ protected boolean getAllowPassthrough() {
+ return true;
+ }
+
+ @Override
protected void configureSSLContext(SSLContext context) throws
GeneralSecurityException {
LOG.trace("Configuring client-side SSLContext parameters...");
if (this.getSessionTimeout() != null) {
Modified:
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
URL:
http://svn.apache.org/viewvc/camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java?rev=1103974&r1=1103973&r2=1103974&view=diff
==============================================================================
---
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
(original)
+++
camel/trunk/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java
Tue May 17 01:19:11 2011
@@ -57,6 +57,11 @@ public class SSLContextServerParameters
}
@Override
+ protected boolean getAllowPassthrough() {
+ return true;
+ }
+
+ @Override
protected void configureSSLContext(SSLContext context) throws
GeneralSecurityException {
LOG.debug("Configuring server-side SSLContext parameters...");
if (this.getSessionTimeout() != null) {
Modified:
camel/trunk/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
URL:
http://svn.apache.org/viewvc/camel/trunk/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java?rev=1103974&r1=1103973&r2=1103974&view=diff
==============================================================================
---
camel/trunk/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
(original)
+++
camel/trunk/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java
Tue May 17 01:19:11 2011
@@ -39,8 +39,9 @@ public class SSLContextParametersTest ex
SSLContextParameters scp = new SSLContextParameters();
SSLContextServerParameters scsp = new SSLContextServerParameters();
- SSLContext context = scp.createSSLContext();
scp.setServerParameters(scsp);
+ SSLContext context = scp.createSSLContext();
+
SSLEngine engine = context.createSSLEngine();
SSLServerSocket serverSocket = (SSLServerSocket)
context.getServerSocketFactory().createServerSocket();
@@ -95,8 +96,8 @@ public class SSLContextParametersTest ex
SSLContextParameters scp = new SSLContextParameters();
SSLContextServerParameters scsp = new SSLContextServerParameters();
- SSLContext context = scp.createSSLContext();
scp.setServerParameters(scsp);
+ SSLContext context = scp.createSSLContext();
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket)
context.getSocketFactory().createSocket();
@@ -108,7 +109,17 @@ public class SSLContextParametersTest ex
assertEquals(controlServerSocket.getWantClientAuth(),
serverSocket.getWantClientAuth());
assertEquals(controlServerSocket.getNeedClientAuth(),
serverSocket.getNeedClientAuth());
+ // No csp or filter on server params passes through shared config
+ scp.setCipherSuites(new CipherSuitesParameters());
+ context = scp.createSSLContext();
+ engine = context.createSSLEngine();
+ socket = (SSLSocket) context.getSocketFactory().createSocket();
+ serverSocket = (SSLServerSocket)
context.getServerSocketFactory().createServerSocket();
+
+ assertEquals(0, serverSocket.getEnabledCipherSuites().length);
+
// Csp on server params
+ scp.setCipherSuites(null);
CipherSuitesParameters csp = new CipherSuitesParameters();
scsp.setCipherSuites(csp);
context = scp.createSSLContext();
@@ -207,8 +218,8 @@ public class SSLContextParametersTest ex
SSLContextParameters scp = new SSLContextParameters();
SSLContextClientParameters sccp = new SSLContextClientParameters();
- SSLContext context = scp.createSSLContext();
scp.setClientParameters(sccp);
+ SSLContext context = scp.createSSLContext();
SSLEngine engine = context.createSSLEngine();
SSLSocket socket = (SSLSocket)
context.getSocketFactory().createSocket();
@@ -218,7 +229,17 @@ public class SSLContextParametersTest ex
assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(),
socket.getEnabledCipherSuites()));
assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()),
serverSocket.getEnabledCipherSuites()));
+ // No csp or filter on client params passes through shared config
+ scp.setCipherSuites(new CipherSuitesParameters());
+ context = scp.createSSLContext();
+ engine = context.createSSLEngine();
+ socket = (SSLSocket) context.getSocketFactory().createSocket();
+ serverSocket = (SSLServerSocket)
context.getServerSocketFactory().createServerSocket();
+
+ assertEquals(0, socket.getEnabledCipherSuites().length);
+
// Csp on client params
+ scp.setCipherSuites(null);
CipherSuitesParameters csp = new CipherSuitesParameters();
sccp.setCipherSuites(csp);
context = scp.createSSLContext();
