Repository: camel Updated Branches: refs/heads/camel-2.13.x 2f2dde16c -> f98cfda6d refs/heads/camel-2.14.x d37afded6 -> e6cc689f4 refs/heads/master bc056bcc1 -> c10a91ace
CAMEL-7940 - disable SSL by default in netty components Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/c10a91ac Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/c10a91ac Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/c10a91ac Branch: refs/heads/master Commit: c10a91ace9f789510ddf84a216e43ebfeabe02b6 Parents: bc056bc Author: Jonathan Anstey <jans...@gmail.com> Authored: Tue Oct 28 10:24:37 2014 -0230 Committer: Jonathan Anstey <jans...@gmail.com> Committed: Tue Oct 28 10:24:48 2014 -0230 ---------------------------------------------------------------------- .../component/netty/http/HttpClientPipelineFactory.java | 1 + .../component/netty/http/HttpServerPipelineFactory.java | 1 + .../netty/http/HttpServerSharedPipelineFactory.java | 1 + .../component/netty/DefaultClientPipelineFactory.java | 4 +++- .../component/netty/DefaultServerPipelineFactory.java | 5 ++++- .../netty/NettyServerBootstrapConfiguration.java | 12 +++++++++++- .../netty4/http/HttpClientInitializerFactory.java | 1 + .../netty4/http/HttpServerInitializerFactory.java | 1 + .../netty4/http/HttpServerSharedInitializerFactory.java | 1 + .../camel/component/netty4/http/NettyHttpSSLTest.java | 1 - .../netty4/DefaultClientInitializerFactory.java | 1 + .../netty4/DefaultServerInitializerFactory.java | 1 + .../netty4/NettyServerBootstrapConfiguration.java | 10 ++++++++++ 13 files changed, 36 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java index 019a6cd..9c85c9d 100644 --- a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java +++ b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java @@ -174,6 +174,7 @@ public class HttpClientPipelineFactory extends ClientPipelineFactory { } else if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(true); + engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java index 22ea852..565534c 100644 --- a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java +++ b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java @@ -184,6 +184,7 @@ public class HttpServerPipelineFactory extends ServerPipelineFactory { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth()); + engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java index cca79bc..c920fd4 100644 --- a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java +++ b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java @@ -151,6 +151,7 @@ public class HttpServerSharedPipelineFactory extends HttpServerPipelineFactory { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); engine.setNeedClientAuth(configuration.isNeedClientAuth()); + engine.setEnabledProtocols(configuration.getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java index 71c8a40..fe6dd9b 100644 --- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java +++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java @@ -1,5 +1,5 @@ /** - * Licensed to the Apache Software Foundation (ASF) under one or more + * Licensed to the Apache Software Foundation (ASF) under one or more * contributor license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright ownership. * The ASF licenses this file to You under the Apache License, Version 2.0 @@ -18,6 +18,7 @@ package org.apache.camel.component.netty; import java.util.List; import java.util.concurrent.TimeUnit; + import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; @@ -154,6 +155,7 @@ public class DefaultClientPipelineFactory extends ClientPipelineFactory { return producer.getConfiguration().getSslHandler(); } else if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); + engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(",")); engine.setUseClientMode(true); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java index 4df0394..33f264a 100644 --- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java +++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java @@ -17,6 +17,7 @@ package org.apache.camel.component.netty; import java.util.List; + import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; @@ -171,8 +172,10 @@ public class DefaultServerPipelineFactory extends ServerPipelineFactory { return consumer.getConfiguration().getSslHandler(); } else if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); - engine.setUseClientMode(false); + engine.setUseClientMode(false); engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth()); + engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(",")); + return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java ---------------------------------------------------------------------- diff --git a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java index fd0c498..647d4cc 100644 --- a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java +++ b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java @@ -55,6 +55,7 @@ public class NettyServerBootstrapConfiguration implements Cloneable { protected String trustStoreResource; protected String keyStoreFormat = "JKS"; protected String securityProvider = "SunX509"; + protected String enabledProtocols = "TLSv1,TLSv1.1,TLSv1.2"; protected String passphrase; protected BossPool bossPool; protected WorkerPool workerPool; @@ -328,6 +329,14 @@ public class NettyServerBootstrapConfiguration implements Cloneable { this.networkInterface = networkInterface; } + public String getEnabledProtocols() { + return enabledProtocols; + } + + public void setEnabledProtocols(String enabledProtocols) { + this.enabledProtocols = enabledProtocols; + } + /** * Checks if the other {@link NettyServerBootstrapConfiguration} is compatible * with this, as a Netty listener bound on port X shares the same common @@ -411,7 +420,7 @@ public class NettyServerBootstrapConfiguration implements Cloneable { return isCompatible; } - + public String toStringBootstrapConfiguration() { return "NettyServerBootstrapConfiguration{" + "protocol='" + protocol + '\'' @@ -435,6 +444,7 @@ public class NettyServerBootstrapConfiguration implements Cloneable { + ", sslHandler=" + sslHandler + ", sslContextParameters='" + sslContextParameters + '\'' + ", needClientAuth=" + needClientAuth + + ", enabledProtocols='" + enabledProtocols + ", keyStoreFile=" + keyStoreFile + ", trustStoreFile=" + trustStoreFile + ", keyStoreResource='" + keyStoreResource + '\'' http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpClientInitializerFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpClientInitializerFactory.java b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpClientInitializerFactory.java index bda2f9e..6bf8869 100644 --- a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpClientInitializerFactory.java +++ b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpClientInitializerFactory.java @@ -178,6 +178,7 @@ public class HttpClientInitializerFactory extends ClientInitializerFactory { } else if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(true); + engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerInitializerFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerInitializerFactory.java b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerInitializerFactory.java index c7f40ea..833c5bc 100644 --- a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerInitializerFactory.java +++ b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerInitializerFactory.java @@ -179,6 +179,7 @@ public class HttpServerInitializerFactory extends ServerInitializerFactory { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth()); + engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerSharedInitializerFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerSharedInitializerFactory.java b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerSharedInitializerFactory.java index 44d3273..c687641 100644 --- a/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerSharedInitializerFactory.java +++ b/components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerSharedInitializerFactory.java @@ -150,6 +150,7 @@ public class HttpServerSharedInitializerFactory extends HttpServerInitializerFac SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); engine.setNeedClientAuth(configuration.isNeedClientAuth()); + engine.setEnabledProtocols(configuration.getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty4-http/src/test/java/org/apache/camel/component/netty4/http/NettyHttpSSLTest.java ---------------------------------------------------------------------- diff --git a/components/camel-netty4-http/src/test/java/org/apache/camel/component/netty4/http/NettyHttpSSLTest.java b/components/camel-netty4-http/src/test/java/org/apache/camel/component/netty4/http/NettyHttpSSLTest.java index 94d8553..9218468 100644 --- a/components/camel-netty4-http/src/test/java/org/apache/camel/component/netty4/http/NettyHttpSSLTest.java +++ b/components/camel-netty4-http/src/test/java/org/apache/camel/component/netty4/http/NettyHttpSSLTest.java @@ -98,7 +98,6 @@ public class NettyHttpSSLTest extends BaseNettyTest { } }); context.start(); - String out = template.requestBody("https://localhost:{{port}}", "Hello World", String.class); assertEquals("Bye World", out); http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultClientInitializerFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultClientInitializerFactory.java b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultClientInitializerFactory.java index d262e02..b35ba4e 100644 --- a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultClientInitializerFactory.java +++ b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultClientInitializerFactory.java @@ -157,6 +157,7 @@ public class DefaultClientInitializerFactory extends ClientInitializerFactory { } else if (sslContext != null) { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(true); + engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultServerInitializerFactory.java ---------------------------------------------------------------------- diff --git a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultServerInitializerFactory.java b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultServerInitializerFactory.java index b942c8a..0f080c6 100644 --- a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultServerInitializerFactory.java +++ b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultServerInitializerFactory.java @@ -177,6 +177,7 @@ public class DefaultServerInitializerFactory extends ServerInitializerFactory { SSLEngine engine = sslContext.createSSLEngine(); engine.setUseClientMode(false); engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth()); + engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(",")); return new SslHandler(engine); } http://git-wip-us.apache.org/repos/asf/camel/blob/c10a91ac/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyServerBootstrapConfiguration.java ---------------------------------------------------------------------- diff --git a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyServerBootstrapConfiguration.java b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyServerBootstrapConfiguration.java index 8380849..c392962 100644 --- a/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyServerBootstrapConfiguration.java +++ b/components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyServerBootstrapConfiguration.java @@ -55,6 +55,7 @@ public class NettyServerBootstrapConfiguration implements Cloneable { protected String trustStoreResource; protected String keyStoreFormat; protected String securityProvider; + protected String enabledProtocols = "TLSv1,TLSv1.1,TLSv1.2"; protected String passphrase; protected EventLoopGroup bossGroup; protected EventLoopGroup workerGroup; @@ -328,6 +329,14 @@ public class NettyServerBootstrapConfiguration implements Cloneable { this.networkInterface = networkInterface; } + public String getEnabledProtocols() { + return enabledProtocols; + } + + public void setEnabledProtocols(String enabledProtocols) { + this.enabledProtocols = enabledProtocols; + } + /** * Checks if the other {@link NettyServerBootstrapConfiguration} is compatible * with this, as a Netty listener bound on port X shares the same common @@ -435,6 +444,7 @@ public class NettyServerBootstrapConfiguration implements Cloneable { + ", sslHandler=" + sslHandler + ", sslContextParameters='" + sslContextParameters + '\'' + ", needClientAuth=" + needClientAuth + + ", enabledProtocols='" + enabledProtocols + ", keyStoreFile=" + keyStoreFile + ", trustStoreFile=" + trustStoreFile + ", keyStoreResource='" + keyStoreResource + '\''