Author: davsclaus
Date: Wed May 1 10:15:58 2013
New Revision: 1477943
URL: http://svn.apache.org/r1477943
Log:
CAMEL-6331: netty SSL can load keystore and truststore from classpath
Added:
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClasspathTest.java
- copied, changed from r1477915,
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java
Modified:
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java
Modified:
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
URL:
http://svn.apache.org/viewvc/camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java?rev=1477943&r1=1477942&r2=1477943&view=diff
==============================================================================
---
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
(original)
+++
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
Wed May 1 10:15:58 2013
@@ -112,21 +112,31 @@ public class DefaultClientPipelineFactor
engine.setUseClientMode(true);
return new SslHandler(engine);
} else {
- if (producer.getConfiguration().getKeyStoreFile() == null) {
+ if (producer.getConfiguration().getKeyStoreFile() == null &&
producer.getConfiguration().getKeyStoreResource() == null) {
LOG.debug("keystorefile is null");
}
- if (producer.getConfiguration().getTrustStoreFile() == null) {
+ if (producer.getConfiguration().getTrustStoreFile() == null &&
producer.getConfiguration().getTrustStoreResource() == null) {
LOG.debug("truststorefile is null");
}
if (producer.getConfiguration().getPassphrase().toCharArray() ==
null) {
LOG.debug("passphrase is null");
}
- SSLEngineFactory sslEngineFactory = new SSLEngineFactory(
- producer.getConfiguration().getKeyStoreFormat(),
- producer.getConfiguration().getSecurityProvider(),
- producer.getConfiguration().getKeyStoreFile(),
- producer.getConfiguration().getTrustStoreFile(),
- producer.getConfiguration().getPassphrase().toCharArray());
+ SSLEngineFactory sslEngineFactory;
+ if (producer.getConfiguration().getKeyStoreFile() != null ||
producer.getConfiguration().getTrustStoreFile() != null) {
+ sslEngineFactory = new SSLEngineFactory(
+ producer.getConfiguration().getKeyStoreFormat(),
+ producer.getConfiguration().getSecurityProvider(),
+ producer.getConfiguration().getKeyStoreFile(),
+ producer.getConfiguration().getTrustStoreFile(),
+ producer.getConfiguration().getPassphrase().toCharArray());
+ } else {
+ sslEngineFactory = new
SSLEngineFactory(producer.getContext().getClassResolver(),
+ producer.getConfiguration().getKeyStoreFormat(),
+ producer.getConfiguration().getSecurityProvider(),
+ producer.getConfiguration().getKeyStoreResource(),
+ producer.getConfiguration().getTrustStoreResource(),
+
producer.getConfiguration().getPassphrase().toCharArray());
+ }
SSLEngine sslEngine = sslEngineFactory.createClientSSLEngine();
return new SslHandler(sslEngine);
}
Modified:
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
URL:
http://svn.apache.org/viewvc/camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java?rev=1477943&r1=1477942&r2=1477943&view=diff
==============================================================================
---
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
(original)
+++
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
Wed May 1 10:15:58 2013
@@ -124,12 +124,31 @@ public class DefaultServerPipelineFactor
engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth());
return new SslHandler(engine);
} else {
- SSLEngineFactory sslEngineFactory = new SSLEngineFactory(
- consumer.getConfiguration().getKeyStoreFormat(),
- consumer.getConfiguration().getSecurityProvider(),
- consumer.getConfiguration().getKeyStoreFile(),
- consumer.getConfiguration().getTrustStoreFile(),
- consumer.getConfiguration().getPassphrase().toCharArray());
+ if (consumer.getConfiguration().getKeyStoreFile() == null &&
consumer.getConfiguration().getKeyStoreResource() == null) {
+ LOG.debug("keystorefile is null");
+ }
+ if (consumer.getConfiguration().getTrustStoreFile() == null &&
consumer.getConfiguration().getTrustStoreResource() == null) {
+ LOG.debug("truststorefile is null");
+ }
+ if (consumer.getConfiguration().getPassphrase().toCharArray() ==
null) {
+ LOG.debug("passphrase is null");
+ }
+ SSLEngineFactory sslEngineFactory;
+ if (consumer.getConfiguration().getKeyStoreFile() != null ||
consumer.getConfiguration().getTrustStoreFile() != null) {
+ sslEngineFactory = new SSLEngineFactory(
+ consumer.getConfiguration().getKeyStoreFormat(),
+ consumer.getConfiguration().getSecurityProvider(),
+ consumer.getConfiguration().getKeyStoreFile(),
+ consumer.getConfiguration().getTrustStoreFile(),
+
consumer.getConfiguration().getPassphrase().toCharArray());
+ } else {
+ sslEngineFactory = new
SSLEngineFactory(consumer.getContext().getClassResolver(),
+ consumer.getConfiguration().getKeyStoreFormat(),
+ consumer.getConfiguration().getSecurityProvider(),
+ consumer.getConfiguration().getKeyStoreResource(),
+ consumer.getConfiguration().getTrustStoreResource(),
+
consumer.getConfiguration().getPassphrase().toCharArray());
+ }
SSLEngine sslEngine = sslEngineFactory.createServerSSLEngine();
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth());
Modified:
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
URL:
http://svn.apache.org/viewvc/camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java?rev=1477943&r1=1477942&r2=1477943&view=diff
==============================================================================
---
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
(original)
+++
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyConfiguration.java
Wed May 1 10:15:58 2013
@@ -57,6 +57,8 @@ public class NettyConfiguration implemen
private String passphrase;
private File keyStoreFile;
private File trustStoreFile;
+ private String keyStoreResource;
+ private String trustStoreResource;
private SslHandler sslHandler;
private List<ChannelHandler> encoders = new ArrayList<ChannelHandler>();
private List<ChannelHandler> decoders = new ArrayList<ChannelHandler>();
@@ -154,11 +156,13 @@ public class NettyConfiguration implemen
setPort(uri.getPort());
sslHandler = component.resolveAndRemoveReferenceParameter(parameters,
"sslHandler", SslHandler.class, sslHandler);
- passphrase = component.resolveAndRemoveReferenceParameter(parameters,
"passphrase", String.class, passphrase);
+ passphrase = component.getAndRemoveParameter(parameters, "passphrase",
String.class, passphrase);
keyStoreFormat = component.getAndRemoveParameter(parameters,
"keyStoreFormat", String.class, keyStoreFormat == null ? "JKS" :
keyStoreFormat);
securityProvider = component.getAndRemoveParameter(parameters,
"securityProvider", String.class, securityProvider == null ? "SunX509" :
securityProvider);
keyStoreFile =
component.resolveAndRemoveReferenceParameter(parameters, "keyStoreFile",
File.class, keyStoreFile);
trustStoreFile =
component.resolveAndRemoveReferenceParameter(parameters, "trustStoreFile",
File.class, trustStoreFile);
+ keyStoreResource = component.getAndRemoveParameter(parameters,
"keyStoreResource", String.class, keyStoreResource);
+ trustStoreResource = component.getAndRemoveParameter(parameters,
"trustStoreResource", String.class, trustStoreResource);
clientPipelineFactory =
component.resolveAndRemoveReferenceParameter(parameters,
"clientPipelineFactory", ClientPipelineFactory.class, clientPipelineFactory);
serverPipelineFactory =
component.resolveAndRemoveReferenceParameter(parameters,
"serverPipelineFactory", ServerPipelineFactory.class, serverPipelineFactory);
@@ -427,22 +431,42 @@ public class NettyConfiguration implemen
this.passphrase = passphrase;
}
+ @Deprecated
public File getKeyStoreFile() {
return keyStoreFile;
}
+ @Deprecated
public void setKeyStoreFile(File keyStoreFile) {
this.keyStoreFile = keyStoreFile;
}
+ @Deprecated
public File getTrustStoreFile() {
return trustStoreFile;
}
+ @Deprecated
public void setTrustStoreFile(File trustStoreFile) {
this.trustStoreFile = trustStoreFile;
}
+ public String getKeyStoreResource() {
+ return keyStoreResource;
+ }
+
+ public void setKeyStoreResource(String keyStoreResource) {
+ this.keyStoreResource = keyStoreResource;
+ }
+
+ public String getTrustStoreResource() {
+ return trustStoreResource;
+ }
+
+ public void setTrustStoreResource(String trustStoreResource) {
+ this.trustStoreResource = trustStoreResource;
+ }
+
public String getKeyStoreFormat() {
return keyStoreFormat;
}
Modified:
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
URL:
http://svn.apache.org/viewvc/camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java?rev=1477943&r1=1477942&r2=1477943&view=diff
==============================================================================
---
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
(original)
+++
camel/trunk/components/camel-netty/src/main/java/org/apache/camel/component/netty/ssl/SSLEngineFactory.java
Wed May 1 10:15:58 2013
@@ -17,24 +17,67 @@
package org.apache.camel.component.netty.ssl;
import java.io.File;
+import java.io.InputStream;
import java.security.KeyStore;
-
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.TrustManagerFactory;
import org.apache.camel.converter.IOConverter;
+import org.apache.camel.spi.ClassResolver;
+import org.apache.camel.util.IOHelper;
+import org.apache.camel.util.ResourceHelper;
public class SSLEngineFactory {
private static final String SSL_PROTOCOL = "TLS";
private static SSLContext sslContext;
-
+
+ public SSLEngineFactory(ClassResolver classResolver, String
keyStoreFormat, String securityProvider, String keyStoreResource, String
trustStoreResource, char[] passphrase) throws Exception {
+ KeyStore ks = KeyStore.getInstance(keyStoreFormat);
+
+ InputStream is =
ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver,
keyStoreResource);
+ try {
+ ks.load(is, passphrase);
+ } finally {
+ IOHelper.close(is);
+ }
+
+ KeyManagerFactory kmf =
KeyManagerFactory.getInstance(securityProvider);
+ kmf.init(ks, passphrase);
+
+ sslContext = SSLContext.getInstance(SSL_PROTOCOL);
+
+ if (trustStoreResource != null) {
+ KeyStore ts = KeyStore.getInstance(keyStoreFormat);
+ is =
ResourceHelper.resolveMandatoryResourceAsInputStream(classResolver,
trustStoreResource);
+ try {
+ ts.load(is, passphrase);
+ } finally {
+ IOHelper.close(is);
+ }
+ TrustManagerFactory tmf =
TrustManagerFactory.getInstance(securityProvider);
+ tmf.init(ts);
+ sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
null);
+ } else {
+ sslContext.init(kmf.getKeyManagers(), null, null);
+ }
+ }
+
+ /**
+ * Use {@link #SSLEngineFactory(org.apache.camel.spi.ClassResolver,
String, String, String, String, char[])}
+ */
+ @Deprecated
public SSLEngineFactory(String keyStoreFormat, String securityProvider,
File keyStoreFile, File trustStoreFile, char[] passphrase) throws Exception {
KeyStore ks = KeyStore.getInstance(keyStoreFormat);
- ks.load(IOConverter.toInputStream(keyStoreFile), passphrase);
+ InputStream is = IOConverter.toInputStream(keyStoreFile);
+ try {
+ ks.load(is, passphrase);
+ } finally {
+ IOHelper.close(is);
+ }
KeyManagerFactory kmf =
KeyManagerFactory.getInstance(securityProvider);
kmf.init(ks, passphrase);
@@ -42,9 +85,14 @@ public class SSLEngineFactory {
sslContext = SSLContext.getInstance(SSL_PROTOCOL);
if (trustStoreFile != null) {
- KeyStore ts = KeyStore.getInstance(keyStoreFormat);
- ts.load(IOConverter.toInputStream(trustStoreFile), passphrase);
- TrustManagerFactory tmf =
TrustManagerFactory.getInstance(securityProvider);
+ KeyStore ts = KeyStore.getInstance(keyStoreFormat);
+ is = IOConverter.toInputStream(trustStoreFile);
+ try {
+ ts.load(is, passphrase);
+ } finally {
+ IOHelper.close(is);
+ }
+ TrustManagerFactory tmf =
TrustManagerFactory.getInstance(securityProvider);
tmf.init(ts);
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(),
null);
} else {
Copied:
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClasspathTest.java
(from r1477915,
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java)
URL:
http://svn.apache.org/viewvc/camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClasspathTest.java?p2=camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClasspathTest.java&p1=camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java&r1=1477915&r2=1477943&rev=1477943&view=diff
==============================================================================
---
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java
(original)
+++
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClasspathTest.java
Wed May 1 10:15:58 2013
@@ -17,26 +17,14 @@
package org.apache.camel.component.netty;
-import java.io.File;
-
import org.apache.camel.Exchange;
import org.apache.camel.Processor;
import org.apache.camel.builder.RouteBuilder;
-import org.apache.camel.impl.JndiRegistry;
import org.junit.Test;
-public class NettySSLTest extends BaseNettyTest {
+public class NettySSLClasspathTest extends BaseNettyTest {
@Override
- protected JndiRegistry createRegistry() throws Exception {
- JndiRegistry registry = super.createRegistry();
- registry.bind("password", "changeit");
- registry.bind("ksf", new File("src/test/resources/keystore.jks"));
- registry.bind("tsf", new File("src/test/resources/keystore.jks"));
- return registry;
- }
-
- @Override
public boolean isUseRouteBuilder() {
return false;
}
@@ -50,7 +38,7 @@ public class NettySSLTest extends BaseNe
context.addRoutes(new RouteBuilder() {
public void configure() {
-
from("netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=#password&keyStoreFile=#ksf&trustStoreFile=#tsf")
+
from("netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=changeit&keyStoreResource=classpath:keystore.jks&trustStoreResource=classpath:keystore.jks")
.process(new Processor() {
public void process(Exchange exchange) throws
Exception {
exchange.getOut().setBody("When You Go Home, Tell
Them Of Us And Say, For Your Tomorrow, We Gave Our Today.");
@@ -61,7 +49,7 @@ public class NettySSLTest extends BaseNe
context.start();
String response = template.requestBody(
-
"netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=#password&keyStoreFile=#ksf&trustStoreFile=#tsf",
+
"netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=changeit&keyStoreResource=classpath:keystore.jks&trustStoreResource=classpath:keystore.jks",
"Epitaph in Kohima, India marking the WWII Battle of Kohima
and Imphal, Burma Campaign - Attributed to John Maxwell Edmonds", String.class);
assertEquals("When You Go Home, Tell Them Of Us And Say, For Your
Tomorrow, We Gave Our Today.", response);
}
Modified:
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java
URL:
http://svn.apache.org/viewvc/camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java?rev=1477943&r1=1477942&r2=1477943&view=diff
==============================================================================
---
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java
(original)
+++
camel/trunk/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLTest.java
Wed May 1 10:15:58 2013
@@ -30,7 +30,6 @@ public class NettySSLTest extends BaseNe
@Override
protected JndiRegistry createRegistry() throws Exception {
JndiRegistry registry = super.createRegistry();
- registry.bind("password", "changeit");
registry.bind("ksf", new File("src/test/resources/keystore.jks"));
registry.bind("tsf", new File("src/test/resources/keystore.jks"));
return registry;
@@ -50,7 +49,7 @@ public class NettySSLTest extends BaseNe
context.addRoutes(new RouteBuilder() {
public void configure() {
-
from("netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=#password&keyStoreFile=#ksf&trustStoreFile=#tsf")
+
from("netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=changeit&keyStoreFile=#ksf&trustStoreFile=#tsf")
.process(new Processor() {
public void process(Exchange exchange) throws
Exception {
exchange.getOut().setBody("When You Go Home, Tell
Them Of Us And Say, For Your Tomorrow, We Gave Our Today.");
@@ -61,7 +60,7 @@ public class NettySSLTest extends BaseNe
context.start();
String response = template.requestBody(
-
"netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=#password&keyStoreFile=#ksf&trustStoreFile=#tsf",
+
"netty:tcp://localhost:{{port}}?sync=true&ssl=true&passphrase=changeit&keyStoreFile=#ksf&trustStoreFile=#tsf",
"Epitaph in Kohima, India marking the WWII Battle of Kohima
and Imphal, Burma Campaign - Attributed to John Maxwell Edmonds", String.class);
assertEquals("When You Go Home, Tell Them Of Us And Say, For Your
Tomorrow, We Gave Our Today.", response);
}
