This is an automated email from the ASF dual-hosted git repository.
apupier pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git
The following commit(s) were added to refs/heads/main by this push:
new a82d5c3de85f CAMEL-23358 - Adapt
SSLContextParametersTest.testSignatureSchemesFilter for JDK 26
a82d5c3de85f is described below
commit a82d5c3de85f0df31fcf874dfc0e3de4a83a862c
Author: Aurélien Pupier <[email protected]>
AuthorDate: Wed Jul 15 16:11:59 2026 +0200
CAMEL-23358 - Adapt SSLContextParametersTest.testSignatureSchemesFilter
for JDK 26
The method getSignatureSchemes is now providing a non-empty list.
Consequently, the tests need to be adapted. I choose to create a
dedicated test to see a bit clearer the difference with previous JDK
version.
Signed-off-by: Aurélien Pupier <[email protected]>
---
.../support/jsse/SSLContextParametersTest.java | 64 +++++++++++++++++++++-
1 file changed, 63 insertions(+), 1 deletion(-)
diff --git
a/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
b/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
index 077e25d68a72..d23cf5f71550 100644
---
a/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
+++
b/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
@@ -986,7 +986,7 @@ public class SSLContextParametersTest extends
AbstractJsseParametersTest {
}
@Test
- @EnabledForJreRange(min = JRE.JAVA_21)
+ @EnabledForJreRange(min = JRE.JAVA_21, max = JRE.JAVA_25)
public void testSignatureSchemesFilter() throws Exception {
// Note: SSLParameters.getSignatureSchemes() returns null by default
(unlike getNamedGroups()),
// so filters operate on explicitly provided schemes rather than JDK
defaults.
@@ -1047,6 +1047,68 @@ public class SSLContextParametersTest extends
AbstractJsseParametersTest {
assertEquals(0,
getSignatureSchemes(serverSocket.getSSLParameters()).length);
}
+ @Test
+ @EnabledForJreRange(min = JRE.JAVA_26)
+ public void testSignatureSchemesFilter_postJDK26() throws Exception {
+ // Note: SSLParameters.getSignatureSchemes() returns non-null by
default (unlike on JDK 25-)
+
+ // default - no filter, keeps defaults (null)
+ SSLContextParameters scp = new SSLContextParameters();
+ SSLContext context = scp.createSSLContext(null);
+
+ SSLEngine engine = context.createSSLEngine();
+ SSLSocket socket = (SSLSocket)
context.getSocketFactory().createSocket();
+ SSLServerSocket serverSocket = (SSLServerSocket)
context.getServerSocketFactory().createServerSocket();
+
+ assertNotNull(getSignatureSchemes(engine.getSSLParameters()));
+ assertNotNull(getSignatureSchemes(socket.getSSLParameters()));
+ assertNotNull(getSignatureSchemes(serverSocket.getSSLParameters()));
+
+ int defaultSignatureSchemeNumber =
getSignatureSchemes(engine.getSSLParameters()).length;
+
+ // empty filter - no includes means no schemes match (empty array)
+ FilterParameters filter = new FilterParameters();
+ scp.setSignatureSchemesFilter(filter);
+ context = scp.createSSLContext(null);
+ engine = context.createSSLEngine();
+ socket = (SSLSocket) context.getSocketFactory().createSocket();
+ serverSocket = (SSLServerSocket)
context.getServerSocketFactory().createServerSocket();
+
+ assertEquals(0, getSignatureSchemes(engine.getSSLParameters()).length);
+ assertEquals(0, getSignatureSchemes(socket.getSSLParameters()).length);
+ assertEquals(0,
getSignatureSchemes(serverSocket.getSSLParameters()).length);
+
+ // explicit schemes override filter - filter ignored when schemes are
set
+ SignatureSchemesParameters ssp = new SignatureSchemesParameters();
+ List<String> allSchemes = new LinkedList<>();
+ allSchemes.add("ecdsa_secp256r1_sha256");
+ allSchemes.add("ecdsa_secp384r1_sha384");
+ allSchemes.add("rsa_pss_rsae_sha256");
+ allSchemes.add("ed25519");
+ ssp.setSignatureScheme(allSchemes);
+ scp.setSignatureSchemes(ssp);
+
+ filter.getInclude().add("ecdsa_.*");
+ context = scp.createSSLContext(null);
+ engine = context.createSSLEngine();
+
+ // explicit schemes take precedence over filter
+ assertEquals(4, getSignatureSchemes(engine.getSSLParameters()).length);
+
+ // clear explicit schemes, keep filter - now filter applies to JDK
defaults
+ scp.setSignatureSchemes(null);
+ filter.getInclude().clear();
+ filter.getInclude().add(".*");
+ context = scp.createSSLContext(null);
+ engine = context.createSSLEngine();
+ socket = (SSLSocket) context.getSocketFactory().createSocket();
+ serverSocket = (SSLServerSocket)
context.getServerSocketFactory().createServerSocket();
+
+ assertEquals(defaultSignatureSchemeNumber,
getSignatureSchemes(engine.getSSLParameters()).length);
+ assertEquals(defaultSignatureSchemeNumber,
getSignatureSchemes(socket.getSSLParameters()).length);
+ assertEquals(defaultSignatureSchemeNumber,
getSignatureSchemes(serverSocket.getSSLParameters()).length);
+ }
+
@Test
@EnabledForJreRange(min = JRE.JAVA_21)
public void testSignatureSchemesDoNotAffectOtherSettings() throws
Exception {