camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From davscl...@apache.org
Subject [1/2] camel git commit: CAMEL-11482: SSLContextParameters settings are not properly copied to Jetty SslContextFactory. Thanks to Roman Vottner for reporting.
Date Tue, 26 Sep 2017 12:51:20 GMT
Repository: camel
Updated Branches:
  refs/heads/camel-2.19.x 7bcefc1a9 -> f57a88ef9
  refs/heads/master 300c1277f -> 614e52694


CAMEL-11482: SSLContextParameters settings are not properly copied to Jetty SslContextFactory.
Thanks to Roman Vottner for reporting.


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/614e5269
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/614e5269
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/614e5269

Branch: refs/heads/master
Commit: 614e52694f4d2cdfce3be60ae9a79d3defb97aba
Parents: 300c127
Author: Claus Ibsen <davsclaus@apache.org>
Authored: Tue Sep 26 14:34:17 2017 +0200
Committer: Claus Ibsen <davsclaus@apache.org>
Committed: Tue Sep 26 14:35:11 2017 +0200

----------------------------------------------------------------------
 .../component/jetty/JettyHttpComponent.java     | 35 ++++++++++
 .../component/jetty9/JettyHttpComponent9.java   | 35 ++++++----
 .../jetty/ExcludeCipherSuitesTest.java          | 71 ++++++++++++++++++++
 3 files changed, 129 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/614e5269/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
index 71db799..ac1ecd4 100644
--- a/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
+++ b/components/camel-jetty-common/src/main/java/org/apache/camel/component/jetty/JettyHttpComponent.java
@@ -621,6 +621,41 @@ public abstract class JettyHttpComponent extends HttpCommonComponent
implements
         if (ssl != null) {
             answer.setSslContext(ssl.createSSLContext(getCamelContext()));
         }
+
+        // jetty default is
+        // addExcludeProtocols("SSL", "SSLv2", "SSLv2Hello", "SSLv3");
+        // setExcludeCipherSuites("^.*_(MD5|SHA|SHA1)$");
+
+        // configure include/exclude ciphers and protocols
+        if (ssl != null && ssl.getCipherSuitesFilter() != null)  {
+            List<String> includeCiphers = ssl.getCipherSuitesFilter().getInclude();
+            if (includeCiphers != null && !includeCiphers.isEmpty()) {
+                String[] arr = includeCiphers.toArray(new String[includeCiphers.size()]);
+                answer.setIncludeCipherSuites(arr);
+            } else {
+                answer.setIncludeCipherSuites(".*");
+            }
+            List<String> excludeCiphers = ssl.getCipherSuitesFilter().getExclude();
+            if (excludeCiphers != null && !excludeCiphers.isEmpty()) {
+                String[] arr = excludeCiphers.toArray(new String[excludeCiphers.size()]);
+                answer.setExcludeCipherSuites(arr);
+            }
+        }
+        if (ssl != null && ssl.getSecureSocketProtocolsFilter() != null) {
+            List<String> includeProtocols = ssl.getSecureSocketProtocolsFilter().getInclude();
+            if (includeProtocols != null && !includeProtocols.isEmpty()) {
+                String[] arr = includeProtocols.toArray(new String[includeProtocols.size()]);
+                answer.setIncludeProtocols(arr);
+            } else {
+                answer.setIncludeProtocols(".*");
+            }
+            List<String> excludeProtocols = ssl.getSecureSocketProtocolsFilter().getExclude();
+            if (excludeProtocols != null && !excludeProtocols.isEmpty()) {
+                String[] arr = excludeProtocols.toArray(new String[excludeProtocols.size()]);
+                answer.setExcludeProtocols(arr);
+            }
+        }
+
         return answer;
     }
 

http://git-wip-us.apache.org/repos/asf/camel/blob/614e5269/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpComponent9.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpComponent9.java
b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpComponent9.java
index 5ba4d02..ae9cd72 100644
--- a/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpComponent9.java
+++ b/components/camel-jetty9/src/main/java/org/apache/camel/component/jetty9/JettyHttpComponent9.java
@@ -36,9 +36,13 @@ import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.SslConnectionFactory;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 public class JettyHttpComponent9 extends JettyHttpComponent {
 
+    private static final Logger LOG = LoggerFactory.getLogger(JettyHttpComponent9.class);
+
     protected CamelHttpClient createCamelHttpClient(HttpClientTransport transport, SslContextFactory
sslContextFactory) {
         return new CamelHttpClient9(transport, sslContextFactory);
     }
@@ -52,7 +56,7 @@ public class JettyHttpComponent9 extends JettyHttpComponent {
                                                       SslContextFactory sslcf) {
         try {
             String host = endpoint.getHttpUri().getHost();
-            int porto = endpoint.getPort();
+            int port = endpoint.getPort();
             org.eclipse.jetty.server.HttpConfiguration httpConfig = new org.eclipse.jetty.server.HttpConfiguration();
             httpConfig.setSendServerVersion(endpoint.isSendServerVersion());
             httpConfig.setSendDateHeader(endpoint.isSendDateHeader());
@@ -87,24 +91,31 @@ public class JettyHttpComponent9 extends JettyHttpComponent {
             }
             connectionFactories.add(httpFactory);
             result.setConnectionFactories(connectionFactories);
-            result.setPort(porto);
+            result.setPort(port);
             if (host != null) {
                 result.setHost(host);
             }
-            if (getSslSocketConnectorProperties() != null && "https".equals(endpoint.getProtocol()))
{
-                // must copy the map otherwise it will be deleted
-                Map<String, Object> properties = new HashMap<String, Object>(getSslSocketConnectorProperties());
-                IntrospectionSupport.setProperties(sslcf, properties);
-                if (properties.size() > 0) {
-                    throw new IllegalArgumentException("There are " + properties.size()
-                        + " parameters that couldn't be set on the SocketConnector."
-                        + " Check the uri if the parameters are spelt correctly and that
they are properties of the SelectChannelConnector."
-                        + " Unknown parameters=[" + properties + "]");
-                }                
+            if (sslcf != null) {
+                if (getSslSocketConnectorProperties() != null && "https".equals(endpoint.getProtocol()))
{
+                    // must copy the map otherwise it will be deleted
+                    Map<String, Object> properties = new HashMap<String, Object>(getSslSocketConnectorProperties());
+                    IntrospectionSupport.setProperties(sslcf, properties);
+                    if (properties.size() > 0) {
+                        throw new IllegalArgumentException("There are " + properties.size()
+                            + " parameters that couldn't be set on the SocketConnector."
+                            + " Check the uri if the parameters are spelt correctly and that
they are properties of the SelectChannelConnector."
+                            + " Unknown parameters=[" + properties + "]");
+                    }
+                }
+
+                LOG.info("Connector on port: {} is using includeCipherSuites: {} excludeCipherSuites:
{} includeProtocols: {} excludeProtocols: {}",
+                    port, sslcf.getIncludeCipherSuites(), sslcf.getExcludeCipherSuites(),
sslcf.getIncludeProtocols(), sslcf.getExcludeProtocols());
             }
+
             return result;
         } catch (Exception e) {
             throw ObjectHelper.wrapRuntimeCamelException(e);
         }
     }
+
 }

http://git-wip-us.apache.org/repos/asf/camel/blob/614e5269/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/ExcludeCipherSuitesTest.java
----------------------------------------------------------------------
diff --git a/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/ExcludeCipherSuitesTest.java
b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/ExcludeCipherSuitesTest.java
new file mode 100644
index 0000000..9d7ab98
--- /dev/null
+++ b/components/camel-jetty9/src/test/java/org/apache/camel/component/jetty/ExcludeCipherSuitesTest.java
@@ -0,0 +1,71 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.jetty;
+
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.util.jsse.FilterParameters;
+import org.apache.camel.util.jsse.KeyManagersParameters;
+import org.apache.camel.util.jsse.KeyStoreParameters;
+import org.apache.camel.util.jsse.SSLContextParameters;
+import org.junit.Ignore;
+import org.junit.Test;
+
+@Ignore
+public class ExcludeCipherSuitesTest extends BaseJettyTest {
+
+    protected String pwd = "changeit";
+
+    private SSLContextParameters createSslContextParameters() throws Exception {
+        KeyStoreParameters ksp = new KeyStoreParameters();
+        ksp.setResource(this.getClass().getClassLoader().getResource("jsse/localhost.ks").toString());
+        ksp.setPassword(pwd);
+        
+        KeyManagersParameters kmp = new KeyManagersParameters();
+        kmp.setKeyPassword(pwd);
+        kmp.setKeyStore(ksp);
+        
+        SSLContextParameters sslContextParameters = new SSLContextParameters();
+        sslContextParameters.setKeyManagers(kmp);
+
+        FilterParameters filter = new FilterParameters();
+        filter.getExclude().add("^.*_(MD5|SHA|SHA1)$");
+        sslContextParameters.setCipherSuitesFilter(filter);
+
+        return sslContextParameters;
+    }
+
+    @Test
+    public void testExclude() throws Exception {
+        getMockEndpoint("mock:a").expectedBodiesReceived(1);
+
+        template.sendBody("jetty:https://localhost:" + getPort() + "/test", "Hello World");
+
+        assertMockEndpointsSatisfied();
+    }
+
+    @Override
+    protected RouteBuilder createRouteBuilder() throws Exception {
+        return new RouteBuilder() {
+            public void configure() throws Exception {
+                JettyHttpComponent jetty = getContext().getComponent("jetty", JettyHttpComponent.class);
+                jetty.setSslContextParameters(createSslContextParameters());
+
+                from("jetty:https://localhost:" + getPort() + "/test").to("mock:a");
+            }
+        };
+    }
+}
\ No newline at end of file


Mime
View raw message