camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrea Cosentino (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CAMEL-10628) camel jetty9 endpoint configured with sslContextParametersRef and jetty handlers causes SSL handshake failure
Date Wed, 21 Dec 2016 11:28:58 GMT

    [ https://issues.apache.org/jira/browse/CAMEL-10628?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15766814#comment-15766814
] 

Andrea Cosentino commented on CAMEL-10628:
------------------------------------------

This can't go in 2.17.x because there we are still based on Jetty8 and 

org.eclipse.jetty.server.SslConnectionFactory

doesn't exist in Jetty 8

> camel jetty9 endpoint configured with sslContextParametersRef and jetty handlers causes
SSL handshake failure
> -------------------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-10628
>                 URL: https://issues.apache.org/jira/browse/CAMEL-10628
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-jetty
>    Affects Versions: 2.18.0, 2.18.1
>            Reporter: Joe Luo
>            Assignee: Andrea Cosentino
>             Fix For: 2.18.2
>
>         Attachments: patch.txt
>
>
> I have a camel route using Rest DSL with Jetty component:
> {code}
> <camelContext id="camel" trace="true" streamCache="true" xmlns="http://camel.apache.org/schema/blueprint">
>       <restConfiguration component="jetty" bindingMode="off" scheme="https" host="localhost"
port="9080" contextPath="/">
>         <endpointProperty key="sslContextParametersRef" value="sslContextParameter"/>
>         <endpointProperty key="handlers" value="#securityHandler"/>
>         <endpointProperty key="matchOnUriPrefix" value="true"/>
>       </restConfiguration>
>       <rest path="/customerservice">
>           <get uri="/customers" >
>               <to uri="direct:processGet"/>
>           </get>
>           <get uri="/customers/{id}" >
>               <to uri="direct:processGet"/>
>           </get>
>           <post uri="/customers" consumes="application/json" produces="application/json">
>               <to uri="direct:processPost"/>
>           </post>
>       </rest>
> {code}
> The underlying camel jetty component is configured with sslContextParametersRef and a
Jetty Handler org.eclipse.jetty.security.ConstraintSecurityHandler to enforce SecurityConstraints
on the Jetty endpoint. 
> If I remove the Jetty ConstraintSecurityHandler, it works fine, for instance:
> {code}
> <camelContext id="camel" trace="true" streamCache="true" xmlns="http://camel.apache.org/schema/blueprint">
>       <restConfiguration component="jetty" bindingMode="off" scheme="https" host="localhost"
port="9080" contextPath="/">
>         <endpointProperty key="sslContextParametersRef" value="sslContextParameter"/>
>         <!--endpointProperty key="handlers" value="#securityHandler"/-->
>         <endpointProperty key="matchOnUriPrefix" value="true"/>
>       </restConfiguration>
> {code}
> But when I add the Jetty ConstraintSecurityHandler back to the camel Rest DSL, I am getting
following error:
> {code}
> ***
> %% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
> qtp1424237190-118, fatal error: 40: no cipher suites in common
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
> %% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
> qtp1424237190-118, SEND TLSv1 ALERT:  fatal, description = handshake_failure
> qtp1424237190-118, WRITE: TLSv1 Alert, length = 2
> qtp1424237190-118, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException:
no cipher suites in common
> {code}
> The root cause is that if we want to add a Jetty hander, we need to stop Jetty server.
As part of Jetty server stop process, it's SslConnectionFactory also needs to stop, as well
as SslContextFactory. Here is doStop() method of SslContextFactory in Jetty 9.2.x code base:
> {code}
> public class SslContextFactory extends AbstractLifeCycle
> ...
>     protected void doStop() throws Exception
>      {
>          _context = null;
>          super.doStop();
>      }
> {code}
> We can see that it resets SSLContext to null. When the jetty server restarts, SslContextFactory
creates a new SSLContext object instead, therefore, losing all the SSL properties from the
original <camel:sslContextParameters> configuration. 
> We need to preserve the SSLContext before stopping the jetty server so we can reset the
SSLContext back after the jetty server is restarted.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message