From 2321f4c0abba42d8d8cd1667d0a01ea096ee5bb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aur=C3=A9lien=20Pupier?= Date: Wed, 15 Jul 2026 16:11:59 +0200 Subject: [PATCH] CAMEL-23358 - Adapt SSLContextParametersTest.testSignatureSchemesFilter for JDK 26 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The method getSignatureSchemes is now providing a non-empty list. Consequently, the tests need to be adapted. I choose to create a dedicated test to see a bit clearer the difference with previous JDK version. Signed-off-by: Aurélien Pupier --- .../jsse/SSLContextParametersTest.java | 64 ++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java b/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java index 077e25d68a72d..d23cf5f71550d 100644 --- a/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java +++ b/core/camel-core/src/test/java/org/apache/camel/support/jsse/SSLContextParametersTest.java @@ -986,7 +986,7 @@ public void testSignatureSchemes() throws Exception { } @Test - @EnabledForJreRange(min = JRE.JAVA_21) + @EnabledForJreRange(min = JRE.JAVA_21, max = JRE.JAVA_25) public void testSignatureSchemesFilter() throws Exception { // Note: SSLParameters.getSignatureSchemes() returns null by default (unlike getNamedGroups()), // so filters operate on explicitly provided schemes rather than JDK defaults. @@ -1047,6 +1047,68 @@ public void testSignatureSchemesFilter() throws Exception { assertEquals(0, getSignatureSchemes(serverSocket.getSSLParameters()).length); } + @Test + @EnabledForJreRange(min = JRE.JAVA_26) + public void testSignatureSchemesFilter_postJDK26() throws Exception { + // Note: SSLParameters.getSignatureSchemes() returns non-null by default (unlike on JDK 25-) + + // default - no filter, keeps defaults (null) + SSLContextParameters scp = new SSLContextParameters(); + SSLContext context = scp.createSSLContext(null); + + SSLEngine engine = context.createSSLEngine(); + SSLSocket socket = (SSLSocket) context.getSocketFactory().createSocket(); + SSLServerSocket serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); + + assertNotNull(getSignatureSchemes(engine.getSSLParameters())); + assertNotNull(getSignatureSchemes(socket.getSSLParameters())); + assertNotNull(getSignatureSchemes(serverSocket.getSSLParameters())); + + int defaultSignatureSchemeNumber = getSignatureSchemes(engine.getSSLParameters()).length; + + // empty filter - no includes means no schemes match (empty array) + FilterParameters filter = new FilterParameters(); + scp.setSignatureSchemesFilter(filter); + context = scp.createSSLContext(null); + engine = context.createSSLEngine(); + socket = (SSLSocket) context.getSocketFactory().createSocket(); + serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); + + assertEquals(0, getSignatureSchemes(engine.getSSLParameters()).length); + assertEquals(0, getSignatureSchemes(socket.getSSLParameters()).length); + assertEquals(0, getSignatureSchemes(serverSocket.getSSLParameters()).length); + + // explicit schemes override filter - filter ignored when schemes are set + SignatureSchemesParameters ssp = new SignatureSchemesParameters(); + List allSchemes = new LinkedList<>(); + allSchemes.add("ecdsa_secp256r1_sha256"); + allSchemes.add("ecdsa_secp384r1_sha384"); + allSchemes.add("rsa_pss_rsae_sha256"); + allSchemes.add("ed25519"); + ssp.setSignatureScheme(allSchemes); + scp.setSignatureSchemes(ssp); + + filter.getInclude().add("ecdsa_.*"); + context = scp.createSSLContext(null); + engine = context.createSSLEngine(); + + // explicit schemes take precedence over filter + assertEquals(4, getSignatureSchemes(engine.getSSLParameters()).length); + + // clear explicit schemes, keep filter - now filter applies to JDK defaults + scp.setSignatureSchemes(null); + filter.getInclude().clear(); + filter.getInclude().add(".*"); + context = scp.createSSLContext(null); + engine = context.createSSLEngine(); + socket = (SSLSocket) context.getSocketFactory().createSocket(); + serverSocket = (SSLServerSocket) context.getServerSocketFactory().createServerSocket(); + + assertEquals(defaultSignatureSchemeNumber, getSignatureSchemes(engine.getSSLParameters()).length); + assertEquals(defaultSignatureSchemeNumber, getSignatureSchemes(socket.getSSLParameters()).length); + assertEquals(defaultSignatureSchemeNumber, getSignatureSchemes(serverSocket.getSSLParameters()).length); + } + @Test @EnabledForJreRange(min = JRE.JAVA_21) public void testSignatureSchemesDoNotAffectOtherSettings() throws Exception {