Repository: camel Updated Branches: refs/heads/master 1cab39f69 -> 6a0f016ef
CAMEL-9373: Camel JSSE security - Allow to use custom trust manager Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/6a0f016e Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/6a0f016e Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/6a0f016e Branch: refs/heads/master Commit: 6a0f016ef4527ba4c84f3729dfb03faca119728b Parents: 1cab39f Author: Claus Ibsen <[email protected]> Authored: Sat Nov 28 09:31:19 2015 +0100 Committer: Claus Ibsen <[email protected]> Committed: Sat Nov 28 09:31:19 2015 +0100 ---------------------------------------------------------------------- .../jsse/AliasedX509ExtendedKeyManager.java | 37 ---------------- .../camel/util/jsse/CipherSuitesParameters.java | 2 +- .../camel/util/jsse/FilterParameters.java | 4 +- .../camel/util/jsse/KeyManagersParameters.java | 4 +- .../camel/util/jsse/KeyStoreParameters.java | 4 +- .../util/jsse/SSLContextClientParameters.java | 4 +- .../camel/util/jsse/SSLContextParameters.java | 4 +- .../util/jsse/SSLContextServerParameters.java | 4 +- .../camel/util/jsse/SecureRandomParameters.java | 4 +- .../jsse/SecureSocketProtocolsParameters.java | 2 +- .../util/jsse/TrustManagersParameters.java | 44 ++++++++++++++++---- .../util/jsse/TrustManagersParametersTest.java | 15 ++++++- ...tractTrustManagersParametersFactoryBean.java | 23 ++++++++-- 13 files changed, 77 insertions(+), 74 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java b/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java index be63684..1ad8c69 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/AliasedX509ExtendedKeyManager.java @@ -25,7 +25,6 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509KeyManager; -/* ------------------------------------------------------------ */ /** * KeyManager to select a key with desired alias while delegating processing to specified KeyManager Can be * used both with server and client sockets @@ -34,7 +33,6 @@ public class AliasedX509ExtendedKeyManager extends X509ExtendedKeyManager { private String keyAlias; private X509KeyManager keyManager; - /* ------------------------------------------------------------ */ /** * Construct KeyManager instance * @@ -47,70 +45,35 @@ public class AliasedX509ExtendedKeyManager extends X509ExtendedKeyManager { this.keyManager = keyManager; } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509KeyManager#chooseClientAlias(java.lang.String[], java.security.Principal[], - * java.net.Socket) - */ public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { return keyAlias == null ? keyManager.chooseClientAlias(keyType, issuers, socket) : keyAlias; } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509KeyManager#chooseServerAlias(java.lang.String, java.security.Principal[], - * java.net.Socket) - */ public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { return keyAlias == null ? keyManager.chooseServerAlias(keyType, issuers, socket) : keyAlias; } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509KeyManager#getClientAliases(java.lang.String, java.security.Principal[]) - */ public String[] getClientAliases(String keyType, Principal[] issuers) { return keyManager.getClientAliases(keyType, issuers); } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509KeyManager#getServerAliases(java.lang.String, java.security.Principal[]) - */ public String[] getServerAliases(String keyType, Principal[] issuers) { return keyManager.getServerAliases(keyType, issuers); } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509KeyManager#getCertificateChain(java.lang.String) - */ public X509Certificate[] getCertificateChain(String alias) { return keyManager.getCertificateChain(alias); } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509KeyManager#getPrivateKey(java.lang.String) - */ public PrivateKey getPrivateKey(String alias) { return keyManager.getPrivateKey(alias); } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineServerAlias(java.lang.String, - * java.security.Principal[], javax.net.ssl.SSLEngine) - */ @Override public String chooseEngineServerAlias(String keyType, Principal[] issuers, SSLEngine engine) { return keyAlias == null ? super.chooseEngineServerAlias(keyType, issuers, engine) : keyAlias; } - /* ------------------------------------------------------------ */ - /** - * @see javax.net.ssl.X509ExtendedKeyManager#chooseEngineClientAlias(String[], Principal[], SSLEngine) - */ @Override public String chooseEngineClientAlias(String keyType[], Principal[] issuers, SSLEngine engine) { return keyAlias == null ? super.chooseEngineClientAlias(keyType, issuers, engine) : keyAlias; http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java index 16967be..64b0611 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java @@ -42,7 +42,7 @@ public class CipherSuitesParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("CipherSuitesParameters [cipherSuite="); + builder.append("CipherSuitesParameters[cipherSuite="); builder.append(Arrays.toString(getCipherSuite().toArray(new String[getCipherSuite().size()]))); builder.append("]"); return builder.toString(); http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java index 409fb78..0d8c080 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/FilterParameters.java @@ -143,12 +143,10 @@ public class FilterParameters extends JsseParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("FilterParameters [include="); + builder.append("FilterParameters[include="); builder.append(Arrays.toString(getInclude().toArray(new String[getInclude().size()]))); builder.append(", exclude="); builder.append(Arrays.toString(getExclude().toArray(new String[getExclude().size()]))); - builder.append(", getContext()="); - builder.append(getCamelContext()); builder.append("]"); return builder.toString(); } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java index 6db4d1f..e5ab626 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyManagersParameters.java @@ -195,7 +195,7 @@ public class KeyManagersParameters extends JsseParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("KeyManagersParameters [keyStore="); + builder.append("KeyManagersParameters[keyStore="); builder.append(keyStore); builder.append(", keyPassword="); builder.append("********"); @@ -203,8 +203,6 @@ public class KeyManagersParameters extends JsseParameters { builder.append(provider); builder.append(", algorithm="); builder.append(algorithm); - builder.append(", getContext()="); - builder.append(getCamelContext()); builder.append("]"); return builder.toString(); } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java index 380f190..cbd0cc6 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/KeyStoreParameters.java @@ -193,7 +193,7 @@ public class KeyStoreParameters extends JsseParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("KeyStoreParameters [type="); + builder.append("KeyStoreParameters[type="); builder.append(type); builder.append(", password="); builder.append("********"); @@ -201,8 +201,6 @@ public class KeyStoreParameters extends JsseParameters { builder.append(provider); builder.append(", resource="); builder.append(resource); - builder.append(", getContext()="); - builder.append(getCamelContext()); builder.append("]"); return builder.toString(); } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java index a05c3da..b8cca2f 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextClientParameters.java @@ -77,7 +77,7 @@ public class SSLContextClientParameters extends BaseSSLContextParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("SSLContextClientParameters [getCipherSuites()="); + builder.append("SSLContextClientParameters[getCipherSuites()="); builder.append(getCipherSuites()); builder.append(", getCipherSuitesFilter()="); builder.append(getCipherSuitesFilter()); @@ -87,8 +87,6 @@ public class SSLContextClientParameters extends BaseSSLContextParameters { builder.append(getSecureSocketProtocolsFilter()); builder.append(", getSessionTimeout()="); builder.append(getSessionTimeout()); - builder.append(", getContext()="); - builder.append(getCamelContext()); builder.append("]"); return builder.toString(); } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java index ab0eb9c..26b4b69 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextParameters.java @@ -373,7 +373,7 @@ public class SSLContextParameters extends BaseSSLContextParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("SSLContextParameters [keyManagers="); + builder.append("SSLContextParameters[keyManagers="); builder.append(keyManagers); builder.append(", trustManagers="); builder.append(trustManagers); @@ -399,8 +399,6 @@ public class SSLContextParameters extends BaseSSLContextParameters { builder.append(getSecureSocketProtocolsFilter()); builder.append(", getSessionTimeout()="); builder.append(getSessionTimeout()); - builder.append(", getContext()="); - builder.append(getCamelContext()); builder.append("]"); return builder.toString(); } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java index 6fe2493..e240c3f 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SSLContextServerParameters.java @@ -174,7 +174,7 @@ public class SSLContextServerParameters extends BaseSSLContextParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("SSLContextServerParameters [clientAuthentication="); + builder.append("SSLContextServerParameters[clientAuthentication="); builder.append(clientAuthentication); builder.append(", getCipherSuites()="); builder.append(getCipherSuites()); @@ -186,8 +186,6 @@ public class SSLContextServerParameters extends BaseSSLContextParameters { builder.append(getSecureSocketProtocolsFilter()); builder.append(", getSessionTimeout()="); builder.append(getSessionTimeout()); - builder.append(", getContext()="); - builder.append(getCamelContext()); builder.append("]"); return builder.toString(); } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java index 1e5d15e..7a9b998 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureRandomParameters.java @@ -118,12 +118,10 @@ public class SecureRandomParameters extends JsseParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("SecureRandomParameters [algorithm="); + builder.append("SecureRandomParameters[algorithm="); builder.append(algorithm); builder.append(", provider="); builder.append(provider); - builder.append(", getContext()="); - builder.append(getCamelContext()); builder.append("]"); return builder.toString(); } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java index 381cde5..de63a80 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java @@ -42,7 +42,7 @@ public class SecureSocketProtocolsParameters { @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("SecureSocketProtocolsParameters [secureSocketProtocol="); + builder.append("SecureSocketProtocolsParameters[secureSocketProtocol="); builder.append(Arrays.toString(getSecureSocketProtocol().toArray(new String[getSecureSocketProtocol().size()]))); builder.append("]"); return builder.toString(); http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java index f71db16..61a66d5 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/TrustManagersParameters.java @@ -52,6 +52,12 @@ public class TrustManagersParameters extends JsseParameters { * standard algorithm names. */ protected String algorithm; + + /** + * To use a existing configured trust manager instead of using {@link TrustManagerFactory} to + * get the {@link TrustManager}. + */ + protected TrustManager trustManager; /** * Creates {@link TrustManager}s based on this instance's configuration and the @@ -70,6 +76,10 @@ public class TrustManagersParameters extends JsseParameters { * @see KeyStoreParameters#createKeyStore() */ public TrustManager[] createTrustManagers() throws GeneralSecurityException, IOException { + if (trustManager != null) { + // use existing trust manager + return new TrustManager[]{trustManager}; + } LOG.trace("Creating TrustManager[] from TrustManagersParameters [{}]", this); @@ -152,18 +162,34 @@ public class TrustManagersParameters extends JsseParameters { this.algorithm = value; } + public TrustManager getTrustManager() { + return trustManager; + } + + /** + * To use a existing configured trust manager instead of using {@link TrustManagerFactory} to + * get the {@link TrustManager}. + */ + public void setTrustManager(TrustManager trustManager) { + this.trustManager = trustManager; + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); - builder.append("TrustManagerType [keyStore="); - builder.append(keyStore); - builder.append(", provider="); - builder.append(provider); - builder.append(", algorithm="); - builder.append(algorithm); - builder.append(", getContext()="); - builder.append(getCamelContext()); - builder.append("]"); + if (trustManager != null) { + builder.append("TrustManagerType[trustManager="); + builder.append(trustManager); + builder.append("]"); + } else { + builder.append("TrustManagerType[keyStore="); + builder.append(keyStore); + builder.append(", provider="); + builder.append(provider); + builder.append(", algorithm="); + builder.append(algorithm); + builder.append("]"); + } return builder.toString(); } } http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java ---------------------------------------------------------------------- diff --git a/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java b/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java index 5a4ae53..baac864 100644 --- a/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java +++ b/camel-core/src/test/java/org/apache/camel/util/jsse/TrustManagersParametersTest.java @@ -44,7 +44,6 @@ public class TrustManagersParametersTest extends AbstractJsseParametersTest { } public void testPropertyPlaceholders() throws Exception { - CamelContext context = this.createPropertiesPlaceholderAwareContext(); KeyStoreParameters ksp = new KeyStoreParameters(); @@ -65,7 +64,19 @@ public class TrustManagersParametersTest extends AbstractJsseParametersTest { TrustManager[] tms = tmp.createTrustManagers(); validateTrustManagers(tms); } - + + public void testCustomTrustManager() throws Exception { + TrustManager myTm = new TrustManager() { + // noop + }; + + TrustManagersParameters tmp = new TrustManagersParameters(); + tmp.setTrustManager(myTm); + + TrustManager[] tms = tmp.createTrustManagers(); + assertSame(myTm, tms[0]); + } + public void testCreateTrustManagers() throws Exception { TrustManagersParameters tmp = this.createMinimalTrustManagersParameters(); http://git-wip-us.apache.org/repos/asf/camel/blob/6a0f016e/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java ---------------------------------------------------------------------- diff --git a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java index 9fd87cf..de48fe6 100644 --- a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java +++ b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractTrustManagersParametersFactoryBean.java @@ -16,11 +16,13 @@ */ package org.apache.camel.core.xml.util.jsse; +import javax.net.ssl.TrustManager; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlTransient; +import org.apache.camel.util.CamelContextHelper; import org.apache.camel.util.jsse.TrustManagersParameters; @XmlAccessorType(XmlAccessType.FIELD) @@ -32,6 +34,9 @@ public abstract class AbstractTrustManagersParametersFactoryBean extends Abstrac @XmlAttribute protected String algorithm; + @XmlAttribute + protected String trustManager; + @XmlTransient private TrustManagersParameters instance; @@ -50,14 +55,21 @@ public abstract class AbstractTrustManagersParametersFactoryBean extends Abstrac public void setAlgorithm(String value) { this.algorithm = value; } - + + public String getTrustManager() { + return trustManager; + } + + public void setTrustManager(String trustManager) { + this.trustManager = trustManager; + } + @Override public TrustManagersParameters getObject() throws Exception { - if (this.isSingleton()) { + if (isSingleton()) { if (instance == null) { instance = createInstance(); } - return instance; } else { return createInstance(); @@ -79,6 +91,11 @@ public abstract class AbstractTrustManagersParametersFactoryBean extends Abstrac } newInstance.setProvider(provider); newInstance.setCamelContext(getCamelContext()); + + if (trustManager != null) { + TrustManager tm = CamelContextHelper.mandatoryLookup(getCamelContext(), trustManager, TrustManager.class); + newInstance.setTrustManager(tm); + } return newInstance; }
