camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ningji...@apache.org
Subject git commit: CAMEL-7947 Support to set SSLContext in the camel-restlet
Date Fri, 31 Oct 2014 08:48:36 GMT
Repository: camel
Updated Branches:
  refs/heads/master c8e2b3e21 -> ec78c692b


CAMEL-7947 Support to set SSLContext in the camel-restlet


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/ec78c692
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/ec78c692
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/ec78c692

Branch: refs/heads/master
Commit: ec78c692b655922a78f8c2584253707c80dc887d
Parents: c8e2b3e
Author: Willem Jiang <willem.jiang@gmail.com>
Authored: Fri Oct 31 16:47:49 2014 +0800
Committer: Willem Jiang <willem.jiang@gmail.com>
Committed: Fri Oct 31 16:48:15 2014 +0800

----------------------------------------------------------------------
 .../component/restlet/RestletComponent.java     |  76 ++++++++++++++
 .../component/restlet/RestletEndpoint.java      |  10 ++
 ...estletHttpsWithSSLContextParametersTest.java | 103 +++++++++++++++++++
 .../src/test/resources/jsse/localhost.ks        | Bin 0 -> 1265 bytes
 4 files changed, 189 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/ec78c692/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
----------------------------------------------------------------------
diff --git a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
index c5f582a..2d62bf0 100644
--- a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
+++ b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletComponent.java
@@ -16,13 +16,19 @@
  */
 package org.apache.camel.component.restlet;
 
+import java.io.IOException;
 import java.net.URI;
+import java.security.GeneralSecurityException;
+import java.security.InvalidParameterException;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLEngine;
+
 import org.apache.camel.CamelContext;
 import org.apache.camel.Consumer;
 import org.apache.camel.Endpoint;
@@ -35,6 +41,7 @@ import org.apache.camel.util.HostUtils;
 import org.apache.camel.util.ObjectHelper;
 import org.apache.camel.util.URISupport;
 import org.apache.camel.util.UnsafeUriCharactersEncoder;
+import org.apache.camel.util.jsse.SSLContextParameters;
 import org.restlet.Component;
 import org.restlet.Restlet;
 import org.restlet.Server;
@@ -236,6 +243,67 @@ public class RestletComponent extends HeaderFilterStrategyComponent implements
R
     protected Server createServer(RestletEndpoint endpoint) {
         return new Server(component.getContext().createChildContext(), Protocol.valueOf(endpoint.getProtocol()),
endpoint.getPort());
     }
+    
+    protected String stringArrayToString(String[] strings) {
+        StringBuffer result = new StringBuffer();
+        for (String str : strings) {
+            result.append(str);
+            result.append(" ");
+        }
+        return result.toString();
+    }
+    
+    protected void setupServerWithSSLContext(Series<Parameter> params, SSLContextParameters
scp) throws GeneralSecurityException, IOException {
+        // set the SSLContext parameters
+        params.add("sslContextFactory",
+            "org.restlet.engine.ssl.DefaultSslContextFactory");
+        
+        SSLContext context = scp.createSSLContext();
+        SSLEngine engine = context.createSSLEngine();
+        
+        params.add("enabledProtocols", stringArrayToString(engine.getEnabledProtocols()));
+        params.add("enabledCipherSuites", stringArrayToString(engine.getEnabledCipherSuites()));
+        
+        if (scp.getSecureSocketProtocol() != null) {
+            params.add("protocol", scp.getSecureSocketProtocol());
+        }
+        if (scp.getServerParameters() != null && scp.getServerParameters().getClientAuthentication()
!= null) {
+            boolean b = !scp.getServerParameters().getClientAuthentication().equals("NONE");
+            params.add("needClientAuthentication", String.valueOf(b));
+        }
+        if (scp.getKeyManagers() != null) { 
+            if (scp.getKeyManagers().getAlgorithm() != null) {
+                params.add("keyManagerAlgorithm", scp.getKeyManagers().getAlgorithm());
+            }
+            if (scp.getKeyManagers().getKeyPassword() != null) {
+                params.add("keyPassword", scp.getKeyManagers().getKeyPassword());
+            }
+            if (scp.getKeyManagers().getKeyStore().getResource() != null) {
+                params.add("keyStorePath", scp.getKeyManagers().getKeyStore().getResource());
+            }
+            if (scp.getKeyManagers().getKeyStore().getPassword() != null) {
+                params.add("keyStorePassword", scp.getKeyManagers().getKeyStore().getPassword());
+            }
+            if (scp.getKeyManagers().getKeyStore().getType() != null) {
+                params.add("keyStoreType", scp.getKeyManagers().getKeyStore().getType());
+            }
+        }
+        
+        if (scp.getTrustManagers() != null) { 
+            if (scp.getTrustManagers().getAlgorithm() != null) {
+                params.add("trustManagerAlgorithm", scp.getKeyManagers().getAlgorithm());
+            }
+            if (scp.getTrustManagers().getKeyStore().getResource() != null) {
+                params.add("trustStorePath", scp.getTrustManagers().getKeyStore().getResource());
+            }
+            if (scp.getTrustManagers().getKeyStore().getPassword() != null) {
+                params.add("trustStorePassword", scp.getTrustManagers().getKeyStore().getPassword());
+            }
+            if (scp.getTrustManagers().getKeyStore().getType() != null) {
+                params.add("trustStoreType", scp.getTrustManagers().getKeyStore().getType());
+            }
+        }
+    }
 
     protected void addServerIfNecessary(RestletEndpoint endpoint) throws Exception {
         String key = buildKey(endpoint);
@@ -248,6 +316,14 @@ public class RestletComponent extends HeaderFilterStrategyComponent implements
R
 
                 // Add any Restlet server parameters that were included
                 Series<Parameter> params = server.getContext().getParameters();
+                
+                if (endpoint.getProtocol().equals("https")) {
+                    SSLContextParameters scp = endpoint.getSslContextParameters();
+                    if (endpoint.getSslContextParameters() == null) {
+                        throw new InvalidParameterException("Need to specify the SSLContextParameters
option here!");
+                    }
+                    setupServerWithSSLContext(params, scp);
+                }
 
                 if (getControllerDaemon() != null) {
                     params.add("controllerDaemon", getControllerDaemon().toString());

http://git-wip-us.apache.org/repos/asf/camel/blob/ec78c692/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletEndpoint.java
----------------------------------------------------------------------
diff --git a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletEndpoint.java
b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletEndpoint.java
index 0e451fc..a3ebcd6 100644
--- a/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletEndpoint.java
+++ b/components/camel-restlet/src/main/java/org/apache/camel/component/restlet/RestletEndpoint.java
@@ -28,6 +28,7 @@ import org.apache.camel.impl.DefaultEndpoint;
 import org.apache.camel.spi.HeaderFilterStrategy;
 import org.apache.camel.spi.HeaderFilterStrategyAware;
 import org.apache.camel.util.CollectionStringBuffer;
+import org.apache.camel.util.jsse.SSLContextParameters;
 import org.restlet.data.Method;
 
 /**
@@ -65,6 +66,7 @@ public class RestletEndpoint extends DefaultEndpoint implements HeaderFilterStra
     private RestletBinding restletBinding;
     private boolean throwExceptionOnFailure = true;
     private boolean disableStreamCache;
+    private SSLContextParameters scp;
 
     public RestletEndpoint(RestletComponent component, String remaining) throws Exception
{
         super(remaining, component);
@@ -227,6 +229,14 @@ public class RestletEndpoint extends DefaultEndpoint implements HeaderFilterStra
     public void setDisableStreamCache(boolean disableStreamCache) {
         this.disableStreamCache = disableStreamCache;
     }
+    
+    public SSLContextParameters getSslContextParameters() {
+        return scp;
+    }
+    
+    public void setSslContextParameters(SSLContextParameters scp) {
+        this.scp = scp;
+    }
 
     // Update the endpointUri with the restlet method information
     protected void updateEndpointUri() {

http://git-wip-us.apache.org/repos/asf/camel/blob/ec78c692/components/camel-restlet/src/test/java/org/apache/camel/component/restlet/RestletHttpsWithSSLContextParametersTest.java
----------------------------------------------------------------------
diff --git a/components/camel-restlet/src/test/java/org/apache/camel/component/restlet/RestletHttpsWithSSLContextParametersTest.java
b/components/camel-restlet/src/test/java/org/apache/camel/component/restlet/RestletHttpsWithSSLContextParametersTest.java
new file mode 100644
index 0000000..3f21371
--- /dev/null
+++ b/components/camel-restlet/src/test/java/org/apache/camel/component/restlet/RestletHttpsWithSSLContextParametersTest.java
@@ -0,0 +1,103 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.restlet;
+
+import java.net.URL;
+
+import org.apache.camel.Exchange;
+import org.apache.camel.Processor;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.impl.JndiRegistry;
+import org.apache.camel.util.jsse.KeyManagersParameters;
+import org.apache.camel.util.jsse.KeyStoreParameters;
+import org.apache.camel.util.jsse.SSLContextParameters;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.entity.StringEntity;
+import org.junit.Test;
+
+/**
+ * @version 
+ */
+public class RestletHttpsWithSSLContextParametersTest extends RestletTestSupport {
+    
+    private static final String REQUEST_MESSAGE = 
+        "<mail><body>HelloWorld!</body><subject>test</subject><to>x@y.net</to></mail>";
+    
+    @Override
+    protected JndiRegistry createRegistry() throws Exception {
+        KeyStoreParameters ksp = new KeyStoreParameters();
+        ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").getPath().toString());
+        ksp.setPassword("changeit");
+
+        KeyManagersParameters kmp = new KeyManagersParameters();
+        kmp.setKeyPassword("changeit");
+        kmp.setKeyStore(ksp);
+
+        SSLContextParameters sslContextParameters = new SSLContextParameters();
+        sslContextParameters.setKeyManagers(kmp);
+
+        JndiRegistry registry = super.createRegistry();
+        registry.bind("mySSLContextParameters", sslContextParameters);
+
+        return registry;
+    }
+
+    
+
+    @Override
+    protected RouteBuilder createRouteBuilder() {
+        return new RouteBuilder() {
+            @Override
+            public void configure() throws Exception {
+                // enable POST support
+                from("restlet:https://localhost:" + portNum + "/users/?restletMethods=post&sslContextParameters=#mySSLContextParameters")
+                    .process(new Processor() {
+                        public void process(Exchange exchange) throws Exception {
+                            String body = exchange.getIn().getBody(String.class);
+                            assertNotNull(body);
+                            assertTrue("Get a wrong request message", body.indexOf(REQUEST_MESSAGE)
>= 0);
+                            exchange.getOut().setBody("<status>OK</status>");
+                            exchange.getOut().setHeader(Exchange.CONTENT_TYPE, "application/xml");
+                        }
+                    });
+            }
+        };
+    }
+
+    @Test
+    public void testPostXml() throws Exception {
+        postRequestMessage(REQUEST_MESSAGE);
+    }
+   
+    private void postRequestMessage(String message) throws Exception {
+        // ensure jsse clients can validate the self signed dummy localhost cert, 
+        // use the server keystore as the trust store for these tests
+        URL trustStoreUrl = this.getClass().getClassLoader().getResource("jsse/localhost.ks");
+        System.setProperty("javax.net.ssl.trustStore", trustStoreUrl.toURI().getPath());
+        
+        HttpPost post = new HttpPost("https://localhost:" + portNum + "/users/");
+        post.addHeader(Exchange.CONTENT_TYPE, "application/xml");
+        post.setEntity(new StringEntity(message));
+
+        HttpResponse response = doExecute(post);
+        assertHttpResponse(response, 200, "application/xml");
+        String s = context.getTypeConverter().convertTo(String.class, response.getEntity().getContent());
+        assertEquals("<status>OK</status>", s);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/camel/blob/ec78c692/components/camel-restlet/src/test/resources/jsse/localhost.ks
----------------------------------------------------------------------
diff --git a/components/camel-restlet/src/test/resources/jsse/localhost.ks b/components/camel-restlet/src/test/resources/jsse/localhost.ks
new file mode 100644
index 0000000..f285418
Binary files /dev/null and b/components/camel-restlet/src/test/resources/jsse/localhost.ks
differ


Mime
View raw message