This is an automated email from the ASF dual-hosted git repository.

apupier pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new a82d5c3de85f CAMEL-23358 - Adapt 
SSLContextParametersTest.testSignatureSchemesFilter for JDK 26
a82d5c3de85f is described below

commit a82d5c3de85f0df31fcf874dfc0e3de4a83a862c
Author: AurĂ©lien Pupier <[email protected]>
AuthorDate: Wed Jul 15 16:11:59 2026 +0200

    CAMEL-23358 - Adapt SSLContextParametersTest.testSignatureSchemesFilter
    for JDK 26
    
    The method getSignatureSchemes is now providing a non-empty list.
    Consequently, the tests need to be adapted. I choose to create a
    dedicated test to see a bit clearer the difference with previous JDK
    version.
    
    Signed-off-by: AurĂ©lien Pupier <[email protected]>
---
 .../support/jsse/SSLContextParametersTest.java     | 64 +++++++++++++++++++++-
 1 file changed, 63 insertions(+), 1 deletion(-)

diff --git 
a/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
 
b/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
index 077e25d68a72..d23cf5f71550 100644
--- 
a/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
+++ 
b/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java
@@ -986,7 +986,7 @@ public class SSLContextParametersTest extends 
AbstractJsseParametersTest {
     }
 
     @Test
-    @EnabledForJreRange(min = JRE.JAVA_21)
+    @EnabledForJreRange(min = JRE.JAVA_21, max = JRE.JAVA_25)
     public void testSignatureSchemesFilter() throws Exception {
         // Note: SSLParameters.getSignatureSchemes() returns null by default 
(unlike getNamedGroups()),
         // so filters operate on explicitly provided schemes rather than JDK 
defaults.
@@ -1047,6 +1047,68 @@ public class SSLContextParametersTest extends 
AbstractJsseParametersTest {
         assertEquals(0, 
getSignatureSchemes(serverSocket.getSSLParameters()).length);
     }
 
+    @Test
+    @EnabledForJreRange(min = JRE.JAVA_26)
+    public void testSignatureSchemesFilter_postJDK26() throws Exception {
+        // Note: SSLParameters.getSignatureSchemes() returns non-null by 
default (unlike on JDK 25-)
+
+        // default - no filter, keeps defaults (null)
+        SSLContextParameters scp = new SSLContextParameters();
+        SSLContext context = scp.createSSLContext(null);
+
+        SSLEngine engine = context.createSSLEngine();
+        SSLSocket socket = (SSLSocket) 
context.getSocketFactory().createSocket();
+        SSLServerSocket serverSocket = (SSLServerSocket) 
context.getServerSocketFactory().createServerSocket();
+
+        assertNotNull(getSignatureSchemes(engine.getSSLParameters()));
+        assertNotNull(getSignatureSchemes(socket.getSSLParameters()));
+        assertNotNull(getSignatureSchemes(serverSocket.getSSLParameters()));
+
+        int defaultSignatureSchemeNumber = 
getSignatureSchemes(engine.getSSLParameters()).length;
+
+        // empty filter - no includes means no schemes match (empty array)
+        FilterParameters filter = new FilterParameters();
+        scp.setSignatureSchemesFilter(filter);
+        context = scp.createSSLContext(null);
+        engine = context.createSSLEngine();
+        socket = (SSLSocket) context.getSocketFactory().createSocket();
+        serverSocket = (SSLServerSocket) 
context.getServerSocketFactory().createServerSocket();
+
+        assertEquals(0, getSignatureSchemes(engine.getSSLParameters()).length);
+        assertEquals(0, getSignatureSchemes(socket.getSSLParameters()).length);
+        assertEquals(0, 
getSignatureSchemes(serverSocket.getSSLParameters()).length);
+
+        // explicit schemes override filter - filter ignored when schemes are 
set
+        SignatureSchemesParameters ssp = new SignatureSchemesParameters();
+        List<String> allSchemes = new LinkedList<>();
+        allSchemes.add("ecdsa_secp256r1_sha256");
+        allSchemes.add("ecdsa_secp384r1_sha384");
+        allSchemes.add("rsa_pss_rsae_sha256");
+        allSchemes.add("ed25519");
+        ssp.setSignatureScheme(allSchemes);
+        scp.setSignatureSchemes(ssp);
+
+        filter.getInclude().add("ecdsa_.*");
+        context = scp.createSSLContext(null);
+        engine = context.createSSLEngine();
+
+        // explicit schemes take precedence over filter
+        assertEquals(4, getSignatureSchemes(engine.getSSLParameters()).length);
+
+        // clear explicit schemes, keep filter - now filter applies to JDK 
defaults
+        scp.setSignatureSchemes(null);
+        filter.getInclude().clear();
+        filter.getInclude().add(".*");
+        context = scp.createSSLContext(null);
+        engine = context.createSSLEngine();
+        socket = (SSLSocket) context.getSocketFactory().createSocket();
+        serverSocket = (SSLServerSocket) 
context.getServerSocketFactory().createServerSocket();
+
+        assertEquals(defaultSignatureSchemeNumber, 
getSignatureSchemes(engine.getSSLParameters()).length);
+        assertEquals(defaultSignatureSchemeNumber, 
getSignatureSchemes(socket.getSSLParameters()).length);
+        assertEquals(defaultSignatureSchemeNumber, 
getSignatureSchemes(serverSocket.getSSLParameters()).length);
+    }
+
     @Test
     @EnabledForJreRange(min = JRE.JAVA_21)
     public void testSignatureSchemesDoNotAffectOtherSettings() throws 
Exception {

Reply via email to