Repository: camel Updated Branches: refs/heads/master 359f4c5c4 -> bda2666d7
CAMEL-9762 - Add setters on CipherSuitesParameters and SecureSocketProtocolsParameters Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/bda2666d Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/bda2666d Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/bda2666d Branch: refs/heads/master Commit: bda2666d72fadeeb6b11a7e502fe2556a94b69cc Parents: 359f4c5 Author: Antoine DESSAIGNE <antoine.dessai...@gmail.com> Authored: Fri Mar 25 17:18:53 2016 +0100 Committer: Claus Ibsen <davscl...@apache.org> Committed: Fri Mar 25 17:27:16 2016 +0100 ---------------------------------------------------------------------- .../camel/util/jsse/CipherSuitesParameters.java | 17 +- .../jsse/SecureSocketProtocolsParameters.java | 17 +- .../util/jsse/SSLContextParametersTest.java | 333 ++++++++++--------- ...ractBaseSSLContextParametersFactoryBean.java | 42 +-- 4 files changed, 210 insertions(+), 199 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java index 64b0611..0a038f1 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/CipherSuitesParameters.java @@ -17,14 +17,12 @@ package org.apache.camel.util.jsse; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; /** * Represents a list of TLS/SSL cipher suite names. */ public class CipherSuitesParameters { - private List<String> cipherSuite; /** @@ -34,19 +32,26 @@ public class CipherSuitesParameters { */ public List<String> getCipherSuite() { if (this.cipherSuite == null) { - this.cipherSuite = new ArrayList<String>(); + this.cipherSuite = new ArrayList<>(); } return this.cipherSuite; } + /** + * Sets the cipher suite. It creates a copy of the given cipher suite. + * + * @param cipherSuite cipher suite + */ + public void setCipherSuite(List<String> cipherSuite) { + this.cipherSuite = cipherSuite == null ? null : new ArrayList<>(cipherSuite); + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); builder.append("CipherSuitesParameters[cipherSuite="); - builder.append(Arrays.toString(getCipherSuite().toArray(new String[getCipherSuite().size()]))); + builder.append(getCipherSuite()); builder.append("]"); return builder.toString(); } - - } http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java ---------------------------------------------------------------------- diff --git a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java index de63a80..0f15407 100644 --- a/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java +++ b/camel-core/src/main/java/org/apache/camel/util/jsse/SecureSocketProtocolsParameters.java @@ -17,14 +17,12 @@ package org.apache.camel.util.jsse; import java.util.ArrayList; -import java.util.Arrays; import java.util.List; /** * Represents a list of TLS/SSL cipher suite names. */ public class SecureSocketProtocolsParameters { - private List<String> secureSocketProtocol; /** @@ -34,19 +32,26 @@ public class SecureSocketProtocolsParameters { */ public List<String> getSecureSocketProtocol() { if (this.secureSocketProtocol == null) { - this.secureSocketProtocol = new ArrayList<String>(); + this.secureSocketProtocol = new ArrayList<>(); } return this.secureSocketProtocol; } + /** + * Sets the list of secure socket protocol names. It creates a copy of the given protocol list. + * + * @param secureSocketProtocol list of secure socket protocol names + */ + public void setSecureSocketProtocol(List<String> secureSocketProtocol) { + this.secureSocketProtocol = secureSocketProtocol == null ? null : new ArrayList<>(secureSocketProtocol); + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); builder.append("SecureSocketProtocolsParameters[secureSocketProtocol="); - builder.append(Arrays.toString(getSecureSocketProtocol().toArray(new String[getSecureSocketProtocol().size()]))); + builder.append(getSecureSocketProtocol()); builder.append("]"); return builder.toString(); } - - } http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java ---------------------------------------------------------------------- diff --git a/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java b/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java index 0247a4d..fccc45a 100644 --- a/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java +++ b/camel-core/src/test/java/org/apache/camel/util/jsse/SSLContextParametersTest.java @@ -18,6 +18,7 @@ package org.apache.camel.util.jsse; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.LinkedList; import java.util.List; import java.util.regex.Pattern; @@ -31,18 +32,18 @@ import junit.framework.AssertionFailedError; import org.apache.camel.CamelContext; public class SSLContextParametersTest extends AbstractJsseParametersTest { - + public void testFilter() { SSLContextParameters parameters = new SSLContextParameters(); - - Collection<String> result = parameters.filter(null, + + Collection<String> result = parameters.filter(null, Arrays.asList(new String[]{"SSLv3", "TLSv1", "TLSv1.1"}), Arrays.asList(new Pattern[]{Pattern.compile("TLS.*")}), Arrays.asList(new Pattern[0])); assertEquals(2, result.size()); assertStartsWith(result, "TLS"); - - result = parameters.filter(null, + + result = parameters.filter(null, Arrays.asList(new String[]{"SSLv3", "TLSv1", "TLSv1.1"}), Arrays.asList(new Pattern[]{Pattern.compile(".*")}), Arrays.asList(new Pattern[]{Pattern.compile("SSL.*")})); @@ -55,134 +56,134 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertEquals("Get a wrong message", "The values should not be null", ex.getMessage()); } } - + public void testPropertyPlaceholders() throws Exception { - + CamelContext camelContext = this.createPropertiesPlaceholderAwareContext(); - + KeyStoreParameters ksp = new KeyStoreParameters(); ksp.setCamelContext(camelContext); - + ksp.setType("{{keyStoreParameters.type}}"); ksp.setProvider("{{keyStoreParameters.provider}}"); ksp.setResource("{{keyStoreParameters.resource}}"); ksp.setPassword("{{keyStoreParamerers.password}}"); - + KeyManagersParameters kmp = new KeyManagersParameters(); kmp.setCamelContext(camelContext); kmp.setKeyStore(ksp); - + kmp.setKeyPassword("{{keyManagersParameters.keyPassword}}"); kmp.setAlgorithm("{{keyManagersParameters.algorithm}}"); kmp.setProvider("{{keyManagersParameters.provider}}"); - + TrustManagersParameters tmp = new TrustManagersParameters(); tmp.setCamelContext(camelContext); tmp.setKeyStore(ksp); - + tmp.setAlgorithm("{{trustManagersParameters.algorithm}}"); tmp.setProvider("{{trustManagersParameters.provider}}"); - + CipherSuitesParameters csp = new CipherSuitesParameters(); - csp.getCipherSuite().add("{{cipherSuite.0}}"); - + csp.setCipherSuite(Collections.singletonList("{{cipherSuite.0}}")); + SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters(); - sspp.getSecureSocketProtocol().add("{{secureSocketProtocol.0}}"); - + sspp.setSecureSocketProtocol(Collections.singletonList("{{secureSocketProtocol.0}}")); + SSLContextServerParameters scsp = new SSLContextServerParameters(); scsp.setCamelContext(camelContext); scsp.setClientAuthentication("{{sslContextServerParameters.clientAuthentication}}"); - + SSLContextParameters scp = new SSLContextParameters(); scp.setCamelContext(camelContext); scp.setKeyManagers(kmp); scp.setTrustManagers(tmp); scp.setServerParameters(scsp); - + scp.setProvider("{{sslContextParameters.provider}}"); scp.setSecureSocketProtocol("{{sslContextParameters.protocol}}"); scp.setSessionTimeout("{{sslContextParameters.sessionTimeout}}"); - + scp.setCipherSuites(csp); scp.setSecureSocketProtocols(sspp); - + SSLContext context = scp.createSSLContext(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); assertTrue(serverSocket.getNeedClientAuth()); context.getSocketFactory().createSocket(); context.createSSLEngine(); } - + public void testServerParametersClientAuthentication() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); - SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); - - + SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); + + SSLContextParameters scp = new SSLContextParameters(); SSLContextServerParameters scsp = new SSLContextServerParameters(); - + scp.setServerParameters(scsp); SSLContext context = scp.createSSLContext(); - - + + SSLEngine engine = context.createSSLEngine(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(controlServerSocket.getWantClientAuth(), serverSocket.getWantClientAuth()); assertEquals(controlServerSocket.getNeedClientAuth(), serverSocket.getNeedClientAuth()); assertEquals(controlEngine.getWantClientAuth(), engine.getWantClientAuth()); assertEquals(controlEngine.getNeedClientAuth(), engine.getNeedClientAuth()); - + // ClientAuthentication - NONE scsp.setClientAuthentication(ClientAuthentication.NONE.name()); context = scp.createSSLContext(); engine = context.createSSLEngine(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(false, serverSocket.getWantClientAuth()); assertEquals(false, serverSocket.getNeedClientAuth()); assertEquals(false, engine.getWantClientAuth()); assertEquals(false, engine.getNeedClientAuth()); - + // ClientAuthentication - WANT scsp.setClientAuthentication(ClientAuthentication.WANT.name()); context = scp.createSSLContext(); engine = context.createSSLEngine(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(true, serverSocket.getWantClientAuth()); assertEquals(false, serverSocket.getNeedClientAuth()); assertEquals(true, engine.getWantClientAuth()); assertEquals(false, engine.getNeedClientAuth()); - + // ClientAuthentication - REQUIRE scsp.setClientAuthentication(ClientAuthentication.REQUIRE.name()); context = scp.createSSLContext(); engine = context.createSSLEngine(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(false, serverSocket.getWantClientAuth()); assertEquals(true, serverSocket.getNeedClientAuth()); assertEquals(false, engine.getWantClientAuth()); assertEquals(true, engine.getNeedClientAuth()); } - + public void testServerParameters() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); - SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); - - + SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); + + SSLContextParameters scp = new SSLContextParameters(); SSLContextServerParameters scsp = new SSLContextServerParameters(); - + scp.setServerParameters(scsp); SSLContext context = scp.createSSLContext(); - + SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); @@ -196,18 +197,18 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); assertEquals(controlServerSocket.getWantClientAuth(), serverSocket.getWantClientAuth()); assertEquals(controlServerSocket.getNeedClientAuth(), serverSocket.getNeedClientAuth()); - + // No csp or filter on server params passes through shared config scp.setCipherSuites(new CipherSuitesParameters()); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // Csp on server params scp.setCipherSuites(null); CipherSuitesParameters csp = new CipherSuitesParameters(); @@ -216,11 +217,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // Cipher suites filter on server params FilterParameters filter = new FilterParameters(); filter.getExclude().add(".*"); @@ -230,11 +231,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // Csp on server overrides cipher suites filter on server filter.getInclude().add(".*"); filter.getExclude().clear(); @@ -243,11 +244,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // Sspp on server params SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters(); scsp.setSecureSocketProtocols(sspp); @@ -255,11 +256,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertEquals(0, serverSocket.getEnabledProtocols().length); - + // Secure socket protocols filter on client params filter = new FilterParameters(); filter.getExclude().add(".*"); @@ -268,11 +269,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertEquals(0, serverSocket.getEnabledProtocols().length); - + // Sspp on client params overrides secure socket protocols filter on client filter.getInclude().add(".*"); filter.getExclude().clear(); @@ -281,51 +282,51 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertEquals(0, serverSocket.getEnabledProtocols().length); - + // Server session timeout only affects server session configuration scsp.setSessionTimeout("12345"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(controlContext.getClientSessionContext().getSessionTimeout(), context.getClientSessionContext().getSessionTimeout()); assertEquals(12345, context.getServerSessionContext().getSessionTimeout()); } - + private void checkProtocols(String[] control, String[] configured) { - //With the IBM JDK, an "default" unconfigured control socket is more - //restricted than with the Sun JDK. For example, with + //With the IBM JDK, an "default" unconfigured control socket is more + //restricted than with the Sun JDK. For example, with //SSLContext.getInstance("TLS"), on Sun, you get // TLSv1, SSLv3, SSLv2Hello //but with IBM, you only get: // TLSv1 //We'll check to make sure the "default" protocols are amongst the list - //that are in after configuration. + //that are in after configuration. assertTrue(Arrays.asList(configured).containsAll(Arrays.asList(control))); } - + public void testClientParameters() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); - SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); - + SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); + SSLContextParameters scp = new SSLContextParameters(); SSLContextClientParameters sccp = new SSLContextClientParameters(); - + scp.setClientParameters(sccp); SSLContext context = scp.createSSLContext(); - + SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); @@ -333,16 +334,16 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); - + // No csp or filter on client params passes through shared config scp.setCipherSuites(new CipherSuitesParameters()); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, socket.getEnabledCipherSuites().length); - + // Csp on client params scp.setCipherSuites(null); CipherSuitesParameters csp = new CipherSuitesParameters(); @@ -351,11 +352,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertEquals(0, socket.getEnabledCipherSuites().length); assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); - + // Cipher suites filter on client params FilterParameters filter = new FilterParameters(); filter.getExclude().add(".*"); @@ -365,11 +366,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertEquals(0, socket.getEnabledCipherSuites().length); assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); - + // Csp on client overrides cipher suites filter on client filter.getInclude().add(".*"); filter.getExclude().clear(); @@ -378,11 +379,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertEquals(0, socket.getEnabledCipherSuites().length); assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); - + // Sspp on client params SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters(); sccp.setSecureSocketProtocols(sspp); @@ -390,11 +391,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertEquals(0, socket.getEnabledProtocols().length); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); - + // Secure socket protocols filter on client params filter = new FilterParameters(); filter.getExclude().add(".*"); @@ -403,7 +404,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertEquals(0, socket.getEnabledProtocols().length); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); @@ -416,64 +417,64 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertEquals(0, socket.getEnabledProtocols().length); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); - + // Client session timeout only affects client session configuration sccp.setSessionTimeout("12345"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(controlContext.getServerSessionContext().getSessionTimeout(), context.getServerSessionContext().getSessionTimeout()); assertEquals(12345, context.getClientSessionContext().getSessionTimeout()); } - + public void testCipherSuites() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); - SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); - + SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); + // default SSLContextParameters scp = new SSLContextParameters(); - + SSLContext context = scp.createSSLContext(); - + SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); - - + + // empty csp - + CipherSuitesParameters csp = new CipherSuitesParameters(); scp.setCipherSuites(csp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // explicit csp - - csp.getCipherSuite().add(controlEngine.getEnabledCipherSuites()[0]); + + csp.setCipherSuite(Collections.singletonList(controlEngine.getEnabledCipherSuites()[0])); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(1, engine.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); @@ -482,7 +483,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertEquals(controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]); // explicit csp overrides filter - + FilterParameters filter = new FilterParameters(); filter.getInclude().add(".*"); scp.setCipherSuitesFilter(filter); @@ -490,7 +491,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(1, engine.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], engine.getEnabledCipherSuites()[0]); assertEquals(1, socket.getEnabledCipherSuites().length); @@ -498,70 +499,70 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertEquals(1, socket.getEnabledCipherSuites().length); assertEquals(controlEngine.getEnabledCipherSuites()[0], serverSocket.getEnabledCipherSuites()[0]); } - + public void testCipherSuitesFilter() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); - SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); - + SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); + // default SSLContextParameters scp = new SSLContextParameters(); - + SSLContext context = scp.createSSLContext(); - + CipherSuitesParameters csp = new CipherSuitesParameters(); scp.setCipherSuites(csp); - + SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledCipherSuites(), engine.getEnabledCipherSuites())); assertTrue(Arrays.equals(controlSocket.getEnabledCipherSuites(), socket.getEnabledCipherSuites())); assertTrue(Arrays.equals(this.getDefaultCipherSuiteIncludes(controlServerSocket.getSupportedCipherSuites()), serverSocket.getEnabledCipherSuites())); - - - // empty filter + + + // empty filter FilterParameters filter = new FilterParameters(); scp.setCipherSuitesFilter(filter); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // explicit filter filter.getInclude().add(".*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // explicit filter with excludes (excludes overrides) filter.getExclude().add(".*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledCipherSuites().length); assertEquals(0, socket.getEnabledCipherSuites().length); assertEquals(0, serverSocket.getEnabledCipherSuites().length); - + // explicit filter single include - + filter.getInclude().clear(); filter.getExclude().clear(); - csp.getCipherSuite().add("TLS_RSA_WITH_AES_128_CBC_SHA"); + csp.setCipherSuite(Collections.singletonList("TLS_RSA_WITH_AES_128_CBC_SHA")); filter.getInclude().add("TLS.*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); @@ -584,53 +585,53 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); - SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); - + SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); + // default SSLContextParameters scp = new SSLContextParameters(); - + SSLContext context = scp.createSSLContext(); - + SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + // default disable the SSL* protocols assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); //checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols()); - + // empty sspp - + SecureSocketProtocolsParameters sspp = new SecureSocketProtocolsParameters(); scp.setSecureSocketProtocols(sspp); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledProtocols().length); assertEquals(0, socket.getEnabledProtocols().length); assertEquals(0, serverSocket.getEnabledProtocols().length); - + // explicit sspp - - sspp.getSecureSocketProtocol().add("TLSv1"); + + sspp.setSecureSocketProtocol(Collections.singletonList("TLSv1")); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(1, engine.getEnabledProtocols().length); assertEquals("TLSv1", engine.getEnabledProtocols()[0]); assertEquals(1, socket.getEnabledProtocols().length); assertEquals("TLSv1", socket.getEnabledProtocols()[0]); assertEquals(1, serverSocket.getEnabledProtocols().length); assertEquals("TLSv1", serverSocket.getEnabledProtocols()[0]); - + // explicit sspp overrides filter - + FilterParameters filter = new FilterParameters(); filter.getInclude().add(".*"); scp.setSecureSocketProtocolsFilter(filter); @@ -649,49 +650,49 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertEquals("TLSv1", serverSocket.getEnabledProtocols()[0]); } } - + public void testSecureSocketProtocolsFilter() throws Exception { SSLContext controlContext = SSLContext.getInstance("TLS"); controlContext.init(null, null, null); SSLEngine controlEngine = controlContext.createSSLEngine(); SSLSocket controlSocket = (SSLSocket) controlContext.getSocketFactory().createSocket(); - SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); - + SSLServerSocket controlServerSocket = (SSLServerSocket) controlContext.getServerSocketFactory().createServerSocket(); + // default SSLContextParameters scp = new SSLContextParameters(); - + SSLContext context = scp.createSSLContext(); - + SSLEngine engine = context.createSSLEngine(); SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + // default disable the SSL* protocols assertStartsWith(engine.getEnabledProtocols(), "TLS"); assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); // empty filter - + FilterParameters filter = new FilterParameters(); scp.setSecureSocketProtocolsFilter(filter); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledProtocols().length); assertEquals(0, socket.getEnabledProtocols().length); assertEquals(0, serverSocket.getEnabledProtocols().length); - + // explicit filter - + filter.getInclude().add(".*"); context = scp.createSSLContext(); engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertTrue(Arrays.equals(controlEngine.getEnabledProtocols(), engine.getEnabledProtocols())); assertTrue(Arrays.equals(controlSocket.getEnabledProtocols(), socket.getEnabledProtocols())); checkProtocols(controlServerSocket.getEnabledProtocols(), serverSocket.getEnabledProtocols()); @@ -702,11 +703,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { engine = context.createSSLEngine(); socket = (SSLSocket) context.getSocketFactory().createSocket(); serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); - + assertEquals(0, engine.getEnabledProtocols().length); assertEquals(0, socket.getEnabledProtocols().length); assertEquals(0, serverSocket.getEnabledProtocols().length); - + // explicit filter single include filter.getInclude().clear(); filter.getExclude().clear(); @@ -726,30 +727,30 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); } } - + public void testSessionTimeout() throws Exception { SSLContextParameters scp = new SSLContextParameters(); scp.setSessionTimeout("60"); - + SSLContext context = scp.createSSLContext(); - + assertEquals(60, context.getClientSessionContext().getSessionTimeout()); assertEquals(60, context.getServerSessionContext().getSessionTimeout()); - + scp.setSessionTimeout("0"); - + context = scp.createSSLContext(); - + assertEquals(0, context.getClientSessionContext().getSessionTimeout()); assertEquals(0, context.getServerSessionContext().getSessionTimeout()); - + } - + public void testDefaultSecureSocketProtocol() throws Exception { SSLContextParameters scp = new SSLContextParameters(); - + SSLContext context = scp.createSSLContext(); - + assertEquals("TLS", context.getProtocol()); SSLEngine engine = context.createSSLEngine(); @@ -761,11 +762,11 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertStartsWith(socket.getEnabledProtocols(), "TLS"); assertStartsWith(serverSocket.getEnabledProtocols(), "TLS"); } - + public void testSecureSocketProtocol() throws Exception { SSLContextParameters scp = new SSLContextParameters(); scp.setSecureSocketProtocol("SSLv3"); - + SSLContext context = scp.createSSLContext(); assertEquals("SSLv3", context.getProtocol()); @@ -781,7 +782,7 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { // allow SSL* protocols by explicitly asking for them final SecureSocketProtocolsParameters protocols = new SecureSocketProtocolsParameters(); - protocols.getSecureSocketProtocol().add("SSLv3"); + protocols.setSecureSocketProtocol(Collections.singletonList("SSLv3")); scp.setSecureSocketProtocols(protocols); context = scp.createSSLContext(); @@ -796,38 +797,38 @@ public class SSLContextParametersTest extends AbstractJsseParametersTest { assertEquals(serverSocket.getEnabledProtocols().length, 1); assertEquals(serverSocket.getEnabledProtocols()[0], "SSLv3"); } - + public void testProvider() throws Exception { SSLContextParameters scp = new SSLContextParameters(); scp.createSSLContext(); - + SSLContext context = scp.createSSLContext(); - + SSLContext defaultContext = SSLContext.getDefault(); - + assertEquals(defaultContext.getProvider().getName(), context.getProvider().getName()); } - + protected String[] getDefaultCipherSuiteIncludes(String[] availableCipherSuites) { List<String> enabled = new LinkedList<String>(); - + for (String string : availableCipherSuites) { if (!string.contains("_anon_") && !string.contains("_NULL_") && !string.contains("_EXPORT_") && !string.contains("_DES_")) { enabled.add(string); } } - + return enabled.toArray(new String[enabled.size()]); } - + protected void assertStartsWith(String[] values, String prefix) { assertNotNull("The values should not be null", values); for (String value : values) { assertTrue(value + " does not start with the prefix " + prefix, value.startsWith(prefix)); } } - + protected void assertStartsWith(Collection<String> values, String prefix) { assertNotNull("The values should not be null", values); for (String value : values) { http://git-wip-us.apache.org/repos/asf/camel/blob/bda2666d/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java ---------------------------------------------------------------------- diff --git a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java index 3c38434..1079bcd 100644 --- a/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java +++ b/components/camel-core-xml/src/main/java/org/apache/camel/core/xml/util/jsse/AbstractBaseSSLContextParametersFactoryBean.java @@ -26,73 +26,73 @@ import org.apache.camel.util.jsse.SecureSocketProtocolsParameters; @XmlTransient public abstract class AbstractBaseSSLContextParametersFactoryBean<T extends BaseSSLContextParameters> extends AbstractJsseUtilFactoryBean<T> { - + private CipherSuitesParametersDefinition cipherSuites; - + private FilterParametersDefinition cipherSuitesFilter; - + private SecureSocketProtocolsParametersDefinition secureSocketProtocols; - + private FilterParametersDefinition secureSocketProtocolsFilter; - + @XmlAttribute private String sessionTimeout; - + @XmlTransient private T instance; - + @Override public final T getObject() throws Exception { if (this.isSingleton()) { - if (instance == null) { - instance = createInstanceInternal(); + if (instance == null) { + instance = createInstanceInternal(); } - + return instance; } else { return createInstanceInternal(); - } + } } - + protected abstract T createInstance() throws Exception; - + private T createInstanceInternal() throws Exception { T newInstance = createInstance(); newInstance.setCamelContext(getCamelContext()); if (cipherSuites != null) { CipherSuitesParameters cipherSuitesInstance = new CipherSuitesParameters(); - cipherSuitesInstance.getCipherSuite().addAll(cipherSuites.getCipherSuite()); + cipherSuitesInstance.setCipherSuite(cipherSuites.getCipherSuite()); newInstance.setCipherSuites(cipherSuitesInstance); } - + if (cipherSuitesFilter != null) { newInstance.setCipherSuitesFilter(createFilterParameters(cipherSuitesFilter)); } - + if (secureSocketProtocols != null) { SecureSocketProtocolsParameters secureSocketProtocolsInstance = new SecureSocketProtocolsParameters(); - secureSocketProtocolsInstance.getSecureSocketProtocol().addAll(secureSocketProtocols.getSecureSocketProtocol()); + secureSocketProtocolsInstance.setSecureSocketProtocol(secureSocketProtocols.getSecureSocketProtocol()); newInstance.setSecureSocketProtocols(secureSocketProtocolsInstance); } - + if (secureSocketProtocolsFilter != null) { newInstance.setSecureSocketProtocolsFilter(createFilterParameters(secureSocketProtocolsFilter)); } - + if (sessionTimeout != null) { newInstance.setSessionTimeout(sessionTimeout); } return newInstance; } - + private FilterParameters createFilterParameters(FilterParametersDefinition definition) { FilterParameters filter = new FilterParameters(); filter.getInclude().addAll(definition.getInclude()); filter.getExclude().addAll(definition.getExclude()); filter.setCamelContext(getCamelContext()); - + return filter; }
