diff --git a/server/src/main/java/org/kaazing/gateway/server/context/resolve/DefaultOptionsContext.java b/server/src/main/java/org/kaazing/gateway/server/context/resolve/DefaultOptionsContext.java index 77216ffb79..8c278b48ee 100644 --- a/server/src/main/java/org/kaazing/gateway/server/context/resolve/DefaultOptionsContext.java +++ b/server/src/main/java/org/kaazing/gateway/server/context/resolve/DefaultOptionsContext.java @@ -260,7 +260,11 @@ static Map parseOptions(Node parent) { // Skip over other node types } } - optionsMap.put(node.getLocalName(), nodeValue); + String localName = node.getLocalName(); + if (localName.contains("tls")) { + localName = localName.replace("tls", "ssl"); + } + optionsMap.put(localName, nodeValue); } } return optionsMap; diff --git a/server/src/main/java/org/kaazing/gateway/server/context/resolve/GatewayContextResolver.java b/server/src/main/java/org/kaazing/gateway/server/context/resolve/GatewayContextResolver.java index be8d68c01f..7ab4fd5333 100644 --- a/server/src/main/java/org/kaazing/gateway/server/context/resolve/GatewayContextResolver.java +++ b/server/src/main/java/org/kaazing/gateway/server/context/resolve/GatewayContextResolver.java @@ -383,6 +383,9 @@ private Map resolveSchemes(Collection resolveURIs(String[] acceptURIs) throws URISyntaxExce Collection urisWithPort = new HashSet<>(); for (String uri : acceptURIs) { String resolvedURI = resolveURI(getCanonicalURI(uri, true)); + if (resolvedURI.contains("tls://")) { + resolvedURI = resolvedURI.replace("tls://", "ssl://"); + if (resolvedURI.endsWith("/")) { + resolvedURI = resolvedURI.substring(0, resolvedURI.length() - 1); + } + } urisWithPort.add(resolvedURI); } return urisWithPort; diff --git a/server/src/main/xsd/gateway-config-201511.xsd b/server/src/main/xsd/gateway-config-201511.xsd index 706d2bcbe3..6975c44dc0 100644 --- a/server/src/main/xsd/gateway-config-201511.xsd +++ b/server/src/main/xsd/gateway-config-201511.xsd @@ -1196,6 +1196,14 @@ + + + A comma-separated list of + SSL/TLS ciphersuite names to be used for this + connection. + + + A comma-separated list of @@ -1206,6 +1214,16 @@ + + + A comma-separated list of + SSL/TLS protocol names to be used for this + connection. The protocols names are SSLv2Hello, SSLv3, TLSv1, TLSv1.1, + TLSv1.2. If not specified explicitly, SSLv3 protocol is not + enabled by default (as it is known to have vulnerabilities). + + + @@ -1215,6 +1233,15 @@ + + + + + + + + + @@ -1225,6 +1252,16 @@ + + + + + + + + + + @@ -1240,6 +1277,9 @@ + + + @@ -1261,6 +1301,9 @@ + + + @@ -1284,6 +1327,14 @@ + + + A comma-separated list of + SSL/TLS ciphersuite names to be used for this + connection. + + + A comma-separated list of @@ -1294,6 +1345,16 @@ + + + A comma-separated list of + SSL/TLS protocol names to be used for this + connection. The protocols names are SSLv2Hello, SSLv3, TLSv1, TLSv1.1, + TLSv1.2. If not specified explicitly, SSLv3 protocol is not + enabled by default (as it is known to have vulnerabilities). + + + @@ -1303,6 +1364,15 @@ + + + + + + + + + @@ -1318,6 +1388,9 @@ + + + diff --git a/server/src/main/xsd/gateway-config-201616.xsd b/server/src/main/xsd/gateway-config-201606.xsd similarity index 94% rename from server/src/main/xsd/gateway-config-201616.xsd rename to server/src/main/xsd/gateway-config-201606.xsd index 1890b70a7c..8665fbfdeb 100644 --- a/server/src/main/xsd/gateway-config-201616.xsd +++ b/server/src/main/xsd/gateway-config-201606.xsd @@ -1254,6 +1254,14 @@ connection. + + + + A comma-separated list of + SSL/TLS ciphersuite names to be used for this + connection. + + @@ -1265,6 +1273,16 @@ + + + A comma-separated list of + SSL/TLS protocol names to be used for this + connection. The protocols names are SSLv2Hello, SSLv3, TLSv1, TLSv1.1, + TLSv1.2. If not specified explicitly, SSLv3 protocol is not + enabled by default (as it is known to have vulnerabilities). + + + @@ -1274,6 +1292,15 @@ + + + + + + + + + @@ -1284,6 +1311,16 @@ + + + + + + + + + + @@ -1299,6 +1336,9 @@ + + + @@ -1320,6 +1360,9 @@ + + + @@ -1343,6 +1386,14 @@ + + + A comma-separated list of + SSL/TLS ciphersuite names to be used for this + connection. + + + A comma-separated list of @@ -1353,6 +1404,16 @@ + + + A comma-separated list of + SSL/TLS protocol names to be used for this + connection. The protocols names are SSLv2Hello, SSLv3, TLSv1, TLSv1.1, + TLSv1.2. If not specified explicitly, SSLv3 protocol is not + enabled by default (as it is known to have vulnerabilities). + + + @@ -1362,6 +1423,15 @@ + + + + + + + + + @@ -1377,6 +1447,9 @@ + + + diff --git a/server/src/test/java/org/kaazing/gateway/server/context/resolve/TLStoSSLTest.java b/server/src/test/java/org/kaazing/gateway/server/context/resolve/TLStoSSLTest.java new file mode 100644 index 0000000000..963ee8baf5 --- /dev/null +++ b/server/src/test/java/org/kaazing/gateway/server/context/resolve/TLStoSSLTest.java @@ -0,0 +1,113 @@ +/** + * Copyright 2007-2016, Kaazing Corporation. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.kaazing.gateway.server.context.resolve; + +import java.io.File; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; + +import org.junit.After; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.kaazing.gateway.server.config.june2016.GatewayConfigDocument; +import org.kaazing.gateway.server.config.parse.GatewayConfigParser; + +public class TLStoSSLTest { + + private static final String BASE_PATH = "org/kaazing/gateway/server/config/parse/data/"; + private static final String ACCEPT_XML = "gateway-config-tls-in-accept.xml"; + private static final String ACCEPT_OPTIONS_XML = "gateway-config-tls-accept-options.xml"; + private static final String CONNECT_XML = "gateway-config-tls-in-connect.xml"; + private static final String CONNECT_OPTIONS_XML = "gateway-config-tls-connect-options.xml"; + + private static GatewayConfigParser parser; + private static GatewayContextResolver resolver; + + private File configFile; + + @BeforeClass + public static void init() { + parser = new GatewayConfigParser(); + + try { + ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); + File keyStoreFile = new File(classLoader.getResource("mykeystore.db").toURI()); + + resolver = new GatewayContextResolver(new File(keyStoreFile.getParent()), null, null); + } catch (Exception ex) { + Assert.fail("Failed to load keystore.db, unable to init test due to exception: " + ex); + } + } + + @After + public void deleteConfigFile() { + if (configFile != null) { + configFile.delete(); + } + } + + private File createTempFileFromResource(String resourceName) throws IOException { + File file = File.createTempFile("gateway-config", "xml"); + ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); + InputStream is = classLoader.getResource(resourceName).openStream(); + FileOutputStream fos = new FileOutputStream(file); + int datum; + while ((datum = is.read()) != -1) { + fos.write(datum); + } + fos.flush(); + fos.close(); + return file; + } + + @Test + public void parseAndResolveTLSinAccept() throws Exception { + configFile = createTempFileFromResource( + String.format("%s%s", BASE_PATH, ACCEPT_XML)); + GatewayConfigDocument doc = parser.parse(configFile); + Assert.assertNotNull(doc); + resolver.resolve(doc); + } + + @Test + public void parseAndResolveTLSAcceptOptions() throws Exception { + configFile = createTempFileFromResource( + String.format("%s%s", BASE_PATH, ACCEPT_OPTIONS_XML)); + GatewayConfigDocument doc = parser.parse(configFile); + Assert.assertNotNull(doc); + resolver.resolve(doc); + } + + @Test + public void parseAndResolveTLSinConnect() throws Exception { + configFile = createTempFileFromResource( + String.format("%s%s", BASE_PATH, CONNECT_XML)); + GatewayConfigDocument doc = parser.parse(configFile); + Assert.assertNotNull(doc); + resolver.resolve(doc); + } + + @Test + public void parseAndResolveTLSConnectOptions() throws Exception { + configFile = createTempFileFromResource( + String.format("%s%s", BASE_PATH, CONNECT_OPTIONS_XML)); + GatewayConfigDocument doc = parser.parse(configFile); + Assert.assertNotNull(doc); + resolver.resolve(doc); + } +} diff --git a/server/src/test/java/org/kaazing/gateway/server/util/TestService.java b/server/src/test/java/org/kaazing/gateway/server/util/TestService.java new file mode 100644 index 0000000000..6a751542aa --- /dev/null +++ b/server/src/test/java/org/kaazing/gateway/server/util/TestService.java @@ -0,0 +1,49 @@ +/** + * Copyright 2007-2016, Kaazing Corporation. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.kaazing.gateway.server.util; + +import org.kaazing.gateway.service.Service; +import org.kaazing.gateway.service.ServiceContext; + +public class TestService implements Service{ + + @Override + public String getType() { + return "testService-extension"; + } + + @Override + public void init(ServiceContext serviceContext) throws Exception { + // needs to initialization + } + + @Override + public void start() throws Exception { + } + + @Override + public void stop() throws Exception { + } + + @Override + public void quiesce() throws Exception { + } + + @Override + public void destroy() throws Exception { + } + +} diff --git a/server/src/test/java/org/kaazing/gateway/server/util/TestServiceFactorySpi.java b/server/src/test/java/org/kaazing/gateway/server/util/TestServiceFactorySpi.java new file mode 100644 index 0000000000..e0836f2828 --- /dev/null +++ b/server/src/test/java/org/kaazing/gateway/server/util/TestServiceFactorySpi.java @@ -0,0 +1,37 @@ +/** + * Copyright 2007-2016, Kaazing Corporation. All rights reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.kaazing.gateway.server.util; + +import java.util.Collection; +import java.util.Collections; + +import org.kaazing.gateway.service.Service; +import org.kaazing.gateway.service.ServiceFactorySpi; +import org.kaazing.gateway.server.util.TestService; + +public class TestServiceFactorySpi extends ServiceFactorySpi { + + @Override + public Collection getServiceTypes() { + return Collections.singletonList("testService-extension"); + } + + @Override + public Service newService(String serviceType) { + assert "testService-extension".endsWith(serviceType); + return new TestService(); + } +} diff --git a/server/src/test/resources/META-INF/services/org.kaazing.gateway.service.ServiceFactorySpi b/server/src/test/resources/META-INF/services/org.kaazing.gateway.service.ServiceFactorySpi new file mode 100644 index 0000000000..309c876eb7 --- /dev/null +++ b/server/src/test/resources/META-INF/services/org.kaazing.gateway.service.ServiceFactorySpi @@ -0,0 +1 @@ +org.kaazing.gateway.server.util.TestServiceFactorySpi diff --git a/server/src/test/resources/mykeystore.db b/server/src/test/resources/mykeystore.db new file mode 100644 index 0000000000..bb1e010aa5 Binary files /dev/null and b/server/src/test/resources/mykeystore.db differ diff --git a/server/src/test/resources/mykeystore.pw b/server/src/test/resources/mykeystore.pw new file mode 100644 index 0000000000..3497d7ebf2 --- /dev/null +++ b/server/src/test/resources/mykeystore.pw @@ -0,0 +1 @@ +ab987c diff --git a/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-accept-options.xml b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-accept-options.xml new file mode 100644 index 0000000000..9e3125fbbd --- /dev/null +++ b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-accept-options.xml @@ -0,0 +1,60 @@ + + + + + + + + proxy + wss://localhost:8001 + testService-extension + + DEFAULT + TLSv1 + disabled + required + + + + + + + JCEKS + mykeystore.db + mykeystore.pw + + + + truststore.db + + + + + + diff --git a/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-connect-options.xml b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-connect-options.xml new file mode 100644 index 0000000000..26dba707e0 --- /dev/null +++ b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-connect-options.xml @@ -0,0 +1,60 @@ + + + + + + + + proxy + wss://localhost:8001 + tls://localhost:8001 + testService-extension + + DEFAULT + TLSv1 + enabled + + + + + + + JCEKS + mykeystore.db + mykeystore.pw + + + + truststore.db + + + + + + diff --git a/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-in-accept.xml b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-in-accept.xml new file mode 100644 index 0000000000..7bbb2dab8f --- /dev/null +++ b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-in-accept.xml @@ -0,0 +1,54 @@ + + + + + + + + proxy + tls://localhost:8001 + echo + + + + + + JCEKS + mykeystore.db + mykeystore.pw + + + + truststore.db + + + + + + diff --git a/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-in-connect.xml b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-in-connect.xml new file mode 100644 index 0000000000..610fab0807 --- /dev/null +++ b/server/src/test/resources/org/kaazing/gateway/server/config/parse/data/gateway-config-tls-in-connect.xml @@ -0,0 +1,55 @@ + + + + + + + + proxy + wss://localhost:8001 + tls://localhost:8001 + testService-extension + + + + + + JCEKS + mykeystore.db + mykeystore.pw + + + + truststore.db + + + + + + diff --git a/transport/spi/src/main/java/org/kaazing/gateway/transport/TransportFactory.java b/transport/spi/src/main/java/org/kaazing/gateway/transport/TransportFactory.java index 002e420a13..5c076fe18d 100644 --- a/transport/spi/src/main/java/org/kaazing/gateway/transport/TransportFactory.java +++ b/transport/spi/src/main/java/org/kaazing/gateway/transport/TransportFactory.java @@ -78,6 +78,9 @@ public Transport getTransport(String transportName) { } public Transport getTransportForScheme(String schemeName) { + if (schemeName.contains("tls")) { + schemeName = schemeName.replace("tls", "ssl"); + } Transport transport = transportsBySchemeName.get(schemeName); if (transport == null) { throw new IllegalArgumentException("Unrecognized scheme:" + schemeName);