CAMEL-7940 - disable SSL by default in netty components

Conflicts:
        
components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java
        
components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpClientInitializerFactory.java
        
components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerInitializerFactory.java
        
components/camel-netty4-http/src/main/java/org/apache/camel/component/netty4/http/HttpServerSharedInitializerFactory.java
        
components/camel-netty4-http/src/test/java/org/apache/camel/component/netty4/http/NettyHttpSSLTest.java
        
components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultClientInitializerFactory.java
        
components/camel-netty4/src/main/java/org/apache/camel/component/netty4/DefaultServerInitializerFactory.java
        
components/camel-netty4/src/main/java/org/apache/camel/component/netty4/NettyServerBootstrapConfiguration.java


Project: http://git-wip-us.apache.org/repos/asf/camel/repo
Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/f98cfda6
Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/f98cfda6
Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/f98cfda6

Branch: refs/heads/camel-2.13.x
Commit: f98cfda6d17e4aa4fc93f8834740e69c4fc50aac
Parents: 2f2dde1
Author: Jonathan Anstey <jans...@gmail.com>
Authored: Tue Oct 28 10:24:37 2014 -0230
Committer: Jonathan Anstey <jans...@gmail.com>
Committed: Tue Oct 28 10:29:12 2014 -0230

----------------------------------------------------------------------
 .../component/netty/http/HttpClientPipelineFactory.java |  1 +
 .../component/netty/http/HttpServerPipelineFactory.java |  1 +
 .../netty/http/HttpServerSharedPipelineFactory.java     |  1 +
 .../component/netty/DefaultClientPipelineFactory.java   |  4 +++-
 .../component/netty/DefaultServerPipelineFactory.java   |  5 ++++-
 .../netty/NettyServerBootstrapConfiguration.java        | 12 +++++++++++-
 6 files changed, 21 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/camel/blob/f98cfda6/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java
----------------------------------------------------------------------
diff --git 
a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java
 
b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java
index 846d690..ce95648 100644
--- 
a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java
+++ 
b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpClientPipelineFactory.java
@@ -174,6 +174,7 @@ public class HttpClientPipelineFactory extends 
ClientPipelineFactory {
         } else if (sslContext != null) {
             SSLEngine engine = sslContext.createSSLEngine();
             engine.setUseClientMode(true);
+            
engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(","));
             return new SslHandler(engine);
         }
 

http://git-wip-us.apache.org/repos/asf/camel/blob/f98cfda6/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java
----------------------------------------------------------------------
diff --git 
a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java
 
b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java
index 37fc58b..b8305ea 100644
--- 
a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java
+++ 
b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerPipelineFactory.java
@@ -186,6 +186,7 @@ public class HttpServerPipelineFactory extends 
ServerPipelineFactory {
             SSLEngine engine = sslContext.createSSLEngine();
             engine.setUseClientMode(false);
             
engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth());
+            
engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(","));
             return new SslHandler(engine);
         }
 

http://git-wip-us.apache.org/repos/asf/camel/blob/f98cfda6/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java
----------------------------------------------------------------------
diff --git 
a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java
 
b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java
index cca79bc..c920fd4 100644
--- 
a/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java
+++ 
b/components/camel-netty-http/src/main/java/org/apache/camel/component/netty/http/HttpServerSharedPipelineFactory.java
@@ -151,6 +151,7 @@ public class HttpServerSharedPipelineFactory extends 
HttpServerPipelineFactory {
             SSLEngine engine = sslContext.createSSLEngine();
             engine.setUseClientMode(false);
             engine.setNeedClientAuth(configuration.isNeedClientAuth());
+            
engine.setEnabledProtocols(configuration.getEnabledProtocols().split(","));
             return new SslHandler(engine);
         }
 

http://git-wip-us.apache.org/repos/asf/camel/blob/f98cfda6/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
----------------------------------------------------------------------
diff --git 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
index 71c8a40..fe6dd9b 100644
--- 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
+++ 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultClientPipelineFactory.java
@@ -1,5 +1,5 @@
 /**
- * Licensed to the Apache Software Foundation (ASF) under one or more
+   * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
@@ -18,6 +18,7 @@ package org.apache.camel.component.netty;
 
 import java.util.List;
 import java.util.concurrent.TimeUnit;
+
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 
@@ -154,6 +155,7 @@ public class DefaultClientPipelineFactory extends 
ClientPipelineFactory  {
             return producer.getConfiguration().getSslHandler();
         } else if (sslContext != null) {
             SSLEngine engine = sslContext.createSSLEngine();
+            
engine.setEnabledProtocols(producer.getConfiguration().getEnabledProtocols().split(","));
             engine.setUseClientMode(true);
             return new SslHandler(engine);
         }

http://git-wip-us.apache.org/repos/asf/camel/blob/f98cfda6/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
----------------------------------------------------------------------
diff --git 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
index 4df0394..33f264a 100644
--- 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
+++ 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/DefaultServerPipelineFactory.java
@@ -17,6 +17,7 @@
 package org.apache.camel.component.netty;
 
 import java.util.List;
+
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 
@@ -171,8 +172,10 @@ public class DefaultServerPipelineFactory extends 
ServerPipelineFactory {
             return consumer.getConfiguration().getSslHandler();
         } else if (sslContext != null) {
             SSLEngine engine = sslContext.createSSLEngine();
-            engine.setUseClientMode(false);
+            engine.setUseClientMode(false);            
             
engine.setNeedClientAuth(consumer.getConfiguration().isNeedClientAuth());
+            
engine.setEnabledProtocols(consumer.getConfiguration().getEnabledProtocols().split(","));
+
             return new SslHandler(engine);
         }
 

http://git-wip-us.apache.org/repos/asf/camel/blob/f98cfda6/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java
----------------------------------------------------------------------
diff --git 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java
 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java
index 666415f..ee18dcd 100644
--- 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java
+++ 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyServerBootstrapConfiguration.java
@@ -55,6 +55,7 @@ public class NettyServerBootstrapConfiguration implements 
Cloneable {
     protected String trustStoreResource;
     protected String keyStoreFormat;
     protected String securityProvider;
+    protected String enabledProtocols = "TLSv1,TLSv1.1,TLSv1.2";
     protected String passphrase;
     protected BossPool bossPool;
     protected WorkerPool workerPool;
@@ -328,6 +329,14 @@ public class NettyServerBootstrapConfiguration implements 
Cloneable {
         this.networkInterface = networkInterface;
     }
 
+    public String getEnabledProtocols() {
+        return enabledProtocols;
+    }
+
+    public void setEnabledProtocols(String enabledProtocols) {
+        this.enabledProtocols = enabledProtocols;
+    }
+    
     /**
      * Checks if the other {@link NettyServerBootstrapConfiguration} is 
compatible
      * with this, as a Netty listener bound on port X shares the same common
@@ -411,7 +420,7 @@ public class NettyServerBootstrapConfiguration implements 
Cloneable {
 
         return isCompatible;
     }
-
+    
     public String toStringBootstrapConfiguration() {
         return "NettyServerBootstrapConfiguration{"
                 + "protocol='" + protocol + '\''
@@ -435,6 +444,7 @@ public class NettyServerBootstrapConfiguration implements 
Cloneable {
                 + ", sslHandler=" + sslHandler
                 + ", sslContextParameters='" + sslContextParameters + '\''
                 + ", needClientAuth=" + needClientAuth
+                + ", enabledProtocols='" + enabledProtocols              
                 + ", keyStoreFile=" + keyStoreFile
                 + ", trustStoreFile=" + trustStoreFile
                 + ", keyStoreResource='" + keyStoreResource + '\''

Reply via email to