This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch camel-2.x
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 8ebae088767b7189d72761a1ea98c40992305144
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Thu Apr 11 13:32:08 2019 +0100
Consolidate TLS configuration
---
.../java/org/apache/camel/coap/CoAPComponent.java | 40 ++------------
.../java/org/apache/camel/coap/CoAPEndpoint.java | 63 +++++++++++++++++++---
.../java/org/apache/camel/coap/CoAPProducer.java | 35 ++----------
3 files changed, 61 insertions(+), 77 deletions(-)
diff --git
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java
index 1a17d94..bf1f515 100644
---
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java
+++
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPComponent.java
@@ -17,8 +17,6 @@
package org.apache.camel.coap;
import java.net.InetSocketAddress;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
@@ -40,7 +38,6 @@ import org.eclipse.californium.core.CoapServer;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.core.network.config.NetworkConfig;
import org.eclipse.californium.scandium.DTLSConnector;
-import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -72,40 +69,9 @@ public class CoAPComponent extends UriEndpointComponent
implements RestConsumerF
InetSocketAddress address = new InetSocketAddress(port);
coapBuilder.setNetworkConfig(config);
- if (endpoint.getKeystore() != null) {
- DtlsConnectorConfig.Builder builder = new
DtlsConnectorConfig.Builder();
- builder.setAddress(address);
- if (endpoint.getAlias() == null) {
- throw new IllegalStateException("An alias must be
configured to use TLS");
- }
- if (endpoint.getPassword() == null) {
- throw new IllegalStateException("A password must be
configured to use TLS");
- }
- if (endpoint.getTruststore() == null) {
- throw new IllegalStateException("A truststore must be
configured to use TLS");
- }
-
- try {
- // Configure the identity
- PrivateKey privateKey =
-
(PrivateKey)endpoint.getKeystore().getKey(endpoint.getAlias(),
endpoint.getPassword());
- builder.setIdentity(privateKey,
endpoint.getKeystore().getCertificateChain(endpoint.getAlias()));
-
- // Add all certificates from the truststore
- builder.setTrustStore(endpoint.getTrustedCerts());
-
- } catch (GeneralSecurityException e) {
- throw new IllegalStateException("Error in configuring
TLS", e);
- }
-
-
builder.setClientAuthenticationRequired(endpoint.isClientAuthenticationRequired());
-
builder.setClientAuthenticationWanted(endpoint.isClientAuthenticationWanted());
-
- if (endpoint.getConfiguredCipherSuites() != null) {
-
builder.setSupportedCipherSuites(endpoint.getConfiguredCipherSuites());
- }
-
- DTLSConnector connector = new DTLSConnector(builder.build());
+ // Configure TLS
+ if (CoAPEndpoint.enableTLS(endpoint.getUri())) {
+ DTLSConnector connector =
endpoint.createDTLSConnector(address, false);
coapBuilder.setConnector(connector);
} else {
coapBuilder.setInetSocketAddress(address);
diff --git
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
index e0a0b7e..6076cc2 100644
---
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
+++
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPEndpoint.java
@@ -17,6 +17,7 @@
package org.apache.camel.coap;
import java.io.IOException;
+import java.net.InetSocketAddress;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
@@ -38,6 +39,8 @@ import org.apache.camel.spi.UriPath;
import org.apache.camel.util.jsse.ClientAuthentication;
import org.apache.camel.util.jsse.KeyStoreParameters;
import org.eclipse.californium.core.CoapServer;
+import org.eclipse.californium.scandium.DTLSConnector;
+import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
/**
* The coap component is used for sending and receiving messages from COAP
capable devices.
@@ -231,7 +234,7 @@ public class CoAPEndpoint extends DefaultEndpoint {
}
}
- public String[] getConfiguredCipherSuites() {
+ private String[] getConfiguredCipherSuites() {
return configuredCipherSuites;
}
@@ -254,17 +257,17 @@ public class CoAPEndpoint extends DefaultEndpoint {
this.clientAuthentication = clientAuthentication;
}
- public boolean isClientAuthenticationRequired() {
+ private boolean isClientAuthenticationRequired() {
return clientAuthentication != null
&& ClientAuthentication.valueOf(clientAuthentication) ==
ClientAuthentication.REQUIRE;
}
- public boolean isClientAuthenticationWanted() {
+ private boolean isClientAuthenticationWanted() {
return clientAuthentication != null
&& ClientAuthentication.valueOf(clientAuthentication) ==
ClientAuthentication.WANT;
}
- public Certificate[] getTrustedCerts() throws KeyStoreException {
+ private Certificate[] getTrustedCerts() throws KeyStoreException {
Enumeration<String> aliases = truststore.aliases();
List<Certificate> trustCerts = new ArrayList<>();
while (aliases.hasMoreElements()) {
@@ -277,10 +280,54 @@ public class CoAPEndpoint extends DefaultEndpoint {
return trustCerts.toArray(new Certificate[0]);
}
+
+ public static boolean enableTLS(URI uri) {
+ return "coaps".equals(uri.getScheme());
+ }
- /*
- public DTLSConnector createDTLSConnector() {
-
+ public DTLSConnector createDTLSConnector(InetSocketAddress address,
boolean client) {
+ if (getTruststore() == null) {
+ throw new IllegalStateException("A truststore must be configured
to use TLS");
+ }
+ if (!client) {
+ if (getKeystore() == null) {
+ throw new IllegalStateException("A keystore must be configured
to use TLS");
+ }
+ if (getAlias() == null) {
+ throw new IllegalStateException("An alias must be configured
to use TLS");
+ }
+ if (getPassword() == null) {
+ throw new IllegalStateException("A password must be configured
to use TLS");
+ }
+ }
+
+ DtlsConnectorConfig.Builder builder = new
DtlsConnectorConfig.Builder();
+ if (client) {
+ builder.setClientOnly();
+ } else {
+ builder.setAddress(address);
+
builder.setClientAuthenticationRequired(isClientAuthenticationRequired());
+
builder.setClientAuthenticationWanted(isClientAuthenticationWanted());
+ }
+
+ try {
+ // Configure the identity if the keystore parameter is specified
+ if (getKeystore() != null) {
+ PrivateKey privateKey =
+ (PrivateKey)getKeystore().getKey(getAlias(),
getPassword());
+ builder.setIdentity(privateKey,
getKeystore().getCertificateChain(getAlias()));
+ }
+
+ // Add all certificates from the truststore
+ builder.setTrustStore(getTrustedCerts());
+ } catch (GeneralSecurityException e) {
+ throw new IllegalStateException("Error in configuring TLS", e);
+ }
+
+ if (getConfiguredCipherSuites() != null) {
+ builder.setSupportedCipherSuites(getConfiguredCipherSuites());
+ }
+
+ return new DTLSConnector(builder.build());
}
- */
}
diff --git
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java
index 588e429..46c8f60 100644
---
a/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java
+++
b/components/camel-coap/src/main/java/org/apache/camel/coap/CoAPProducer.java
@@ -17,8 +17,6 @@
package org.apache.camel.coap;
import java.net.URI;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
import org.apache.camel.Exchange;
import org.apache.camel.Message;
@@ -28,7 +26,6 @@ import org.eclipse.californium.core.CoapResponse;
import org.eclipse.californium.core.coap.MediaTypeRegistry;
import org.eclipse.californium.core.network.CoapEndpoint;
import org.eclipse.californium.scandium.DTLSConnector;
-import org.eclipse.californium.scandium.config.DtlsConnectorConfig;
/**
* The CoAP producer.
@@ -97,35 +94,9 @@ public class CoAPProducer extends DefaultProducer {
}
client = new CoapClient(uri);
- if (endpoint.getTruststore() != null) {
- DtlsConnectorConfig.Builder builder = new
DtlsConnectorConfig.Builder();
- builder.setClientOnly();
-
- try {
- // Configure the identity if the keystore parameter is
specified
- if (endpoint.getKeystore() != null) {
- if (endpoint.getAlias() == null) {
- throw new IllegalStateException("An alias must be
configured to use TLS");
- }
- if (endpoint.getPassword() == null) {
- throw new IllegalStateException("A password must
be configured to use TLS");
- }
- PrivateKey privateKey =
-
(PrivateKey)endpoint.getKeystore().getKey(endpoint.getAlias(),
endpoint.getPassword());
- builder.setIdentity(privateKey,
endpoint.getKeystore().getCertificateChain(endpoint.getAlias()));
- }
-
- // Add all certificates from the truststore
- builder.setTrustStore(endpoint.getTrustedCerts());
- } catch (GeneralSecurityException e) {
- throw new IllegalStateException("Error in configuring
TLS", e);
- }
-
- if (endpoint.getConfiguredCipherSuites() != null) {
-
builder.setSupportedCipherSuites(endpoint.getConfiguredCipherSuites());
- }
-
- DTLSConnector connector = new DTLSConnector(builder.build());
+ // Configure TLS
+ if (CoAPEndpoint.enableTLS((uri))) {
+ DTLSConnector connector = endpoint.createDTLSConnector(null,
true);
CoapEndpoint.Builder coapBuilder = new CoapEndpoint.Builder();
coapBuilder.setConnector(connector);
