cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From egl...@apache.org
Subject svn commit: r468050 [1/2] - in /incubator/cxf/trunk/rt: bindings/http/src/main/java/org/apache/cxf/binding/http/ frontend/jaxws/src/main/java/org/apache/cxf/jaxws/interceptors/ frontend/simple/src/main/java/org/apache/cxf/service/factory/ transports/ht...
Date Thu, 26 Oct 2006 16:03:56 GMT
Author: eglynn
Date: Thu Oct 26 09:03:54 2006
New Revision: 468050

URL: http://svn.apache.org/viewvc?view=rev&rev=468050
Log:
* Added support for Jetty SSL listener
* Refactored SSL settings logic to remove widespread duplication across client- & server-side
* Minor fix-ups in HTTP config
* Fixed recent PMD violations


Added:
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyListenerFactory.java   (with props)
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/JettySslListenerFactory.java
      - copied, changed from r438444, incubator/cxf/branches/post_apache_integration/rt/transports/http/src/main/java/org/objectweb/celtix/transports/https/JettySslListenerConfigurer.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java   (with props)
    incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/JettySslListenerFactoryTest.java
      - copied, changed from r438444, incubator/cxf/branches/post_apache_integration/rt/transports/http/src/test/java/org/objectweb/celtix/transports/https/JettySslListenerConfigurerTest.java
Modified:
    incubator/cxf/trunk/rt/bindings/http/src/main/java/org/apache/cxf/binding/http/IriDecoderHelper.java
    incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/interceptors/DispatchOutInterceptor.java
    incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/AbstractEndpointFactory.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPTransportFactory.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPServerEngine.java
    incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
    incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java

Modified: incubator/cxf/trunk/rt/bindings/http/src/main/java/org/apache/cxf/binding/http/IriDecoderHelper.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/bindings/http/src/main/java/org/apache/cxf/binding/http/IriDecoderHelper.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/bindings/http/src/main/java/org/apache/cxf/binding/http/IriDecoderHelper.java (original)
+++ incubator/cxf/trunk/rt/bindings/http/src/main/java/org/apache/cxf/binding/http/IriDecoderHelper.java Thu Oct 26 09:03:54 2006
@@ -222,7 +222,7 @@
                 }
                 
                 // insert the element at the appropriate position
-                Element insertBeforeEl = getElement(root, i);
+                Element insertBeforeEl = getIndexedElement(root, i);
                 if (insertBeforeEl != null) {
                     root.insertBefore(ec, insertBeforeEl);
                 } else {
@@ -244,7 +244,7 @@
         return doc;
     }
 
-    private static Element getElement(Element e, int i) {
+    private static Element getIndexedElement(Element e, int i) {
         NodeList childNodes = e.getChildNodes();
         int elNum = 0;
         for (int j = 0; j < childNodes.getLength(); j++) {

Modified: incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/interceptors/DispatchOutInterceptor.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/interceptors/DispatchOutInterceptor.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/interceptors/DispatchOutInterceptor.java (original)
+++ incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/interceptors/DispatchOutInterceptor.java Thu Oct 26 09:03:54 2006
@@ -80,15 +80,14 @@
                     msg.writeTo(os);
                 }
             } else if (message instanceof XMLMessage) {
-                if (m == Service.Mode.MESSAGE) {
-                    if (obj instanceof SOAPMessage) {
-                        throw new RuntimeException("SOAPMessage is not valid in MESSAGE mode with XML/HTTP");
-                    }
-                } else if (m == Service.Mode.PAYLOAD) {
-                    if (obj instanceof SOAPMessage || obj instanceof DataSource) {
-                        throw new RuntimeException(obj.getClass()
-                                                   + " is not valid in PAYLOAD mode with XML/HTTP");
-                    }
+                if (m == Service.Mode.MESSAGE
+                    && obj instanceof SOAPMessage) {
+                    throw new RuntimeException("SOAPMessage is not valid in MESSAGE mode with XML/HTTP");
+                } else if (m == Service.Mode.PAYLOAD
+                           && (obj instanceof SOAPMessage
+                               || obj instanceof DataSource)) {
+                    throw new RuntimeException(obj.getClass()
+                                               + " is not valid in PAYLOAD mode with XML/HTTP");
                 }
                 doTransform(obj, os);
             }

Modified: incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/AbstractEndpointFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/AbstractEndpointFactory.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/AbstractEndpointFactory.java (original)
+++ incubator/cxf/trunk/rt/frontend/simple/src/main/java/org/apache/cxf/service/factory/AbstractEndpointFactory.java Thu Oct 26 09:03:54 2006
@@ -68,7 +68,7 @@
             ei.setAddress(getAddress()); 
         }                        
         
-        setProperties(ei);
+        setProps(ei);
         
         ep = service.getEndpoints().get(ei.getName());
         if (ep == null) {
@@ -78,7 +78,7 @@
         return ep;
     }
 
-    private void setProperties(EndpointInfo ei) {
+    private void setProps(EndpointInfo ei) {
         if (properties == null) {
             return;
         }

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java Thu Oct 26 09:03:54 2006
@@ -42,7 +42,6 @@
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.configuration.ConfigurationProvider;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
-import org.apache.cxf.configuration.security.SSLClientPolicy;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.io.AbstractWrappedOutputStream;
 import org.apache.cxf.message.Exchange;
@@ -139,7 +138,7 @@
         endpointInfo = ei;
         connectionFactory = factory != null
                             ? factory
-                            : getDefaultConnectionFactory();
+                            : HTTPTransportFactory.getConnectionFactory(sslClient);
         decoupledEngine = eng;
         url = t == null
               ? new URL(getAddress())
@@ -288,20 +287,6 @@
     }
     
     /**
-     * @return default URLConnectionFactory
-     */
-    private URLConnectionFactory getDefaultConnectionFactory() {
-        return new URLConnectionFactory() {
-            public URLConnection createConnection(Proxy proxy, URL u)
-                throws IOException {
-                return proxy != null 
-                       ? u.openConnection(proxy)
-                       : u.openConnection();
-            }
-        };
-    }
-    
-    /**
      * Get the target reference which may be constructor-provided or 
      * configured.
      * 
@@ -605,9 +590,6 @@
         }
         if (!isSetProxyAuthorization()) {
             setProxyAuthorization(new AuthorizationPolicy());
-        }
-        if (!isSetSslClient()) {
-            setSslClient(new SSLClientPolicy());
         }
 
         List <ConfigurationProvider> providers = getOverwriteProviders();

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPTransportFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPTransportFactory.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPTransportFactory.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPTransportFactory.java Thu Oct 26 09:03:54 2006
@@ -20,6 +20,9 @@
 package org.apache.cxf.transport.http;
 
 import java.io.IOException;
+import java.net.Proxy;
+import java.net.URL;
+import java.net.URLConnection;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -33,6 +36,8 @@
 
 import org.apache.cxf.Bus;
 import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.security.SSLClientPolicy;
+import org.apache.cxf.configuration.security.SSLServerPolicy;
 import org.apache.cxf.service.Service;
 import org.apache.cxf.service.model.BindingInfo;
 import org.apache.cxf.service.model.EndpointInfo;
@@ -44,8 +49,12 @@
 import org.apache.cxf.transport.Destination;
 import org.apache.cxf.transport.DestinationFactory;
 import org.apache.cxf.transport.DestinationFactoryManager;
+import org.apache.cxf.transport.https.HttpsURLConnectionFactory;
+import org.apache.cxf.transport.https.JettySslListenerFactory;
 import org.apache.cxf.ws.addressing.EndpointReferenceType;
 import org.apache.cxf.wsdl11.WSDLEndpointFactory;
+import org.mortbay.http.SocketListener;
+import org.mortbay.util.InetAddrPort;
 import org.xmlsoap.schemas.wsdl.http.AddressType;
 
 public class HTTPTransportFactory extends AbstractTransportFactory implements ConduitInitiator,
@@ -100,19 +109,13 @@
     public Conduit getConduit(EndpointInfo endpointInfo, EndpointReferenceType target) throws IOException {
         HTTPConduit conduit = target == null
             ? new HTTPConduit(bus, endpointInfo) : new HTTPConduit(bus, endpointInfo, target);
-        Configurer configurer = bus.getExtension(Configurer.class);
-        if (null != configurer) {
-            configurer.configureBean(conduit);
-        }
+        configure(conduit);
         return conduit;
     }
 
     public Destination getDestination(EndpointInfo endpointInfo) throws IOException {
         JettyHTTPDestination destination = new JettyHTTPDestination(bus, this, endpointInfo);
-        Configurer configurer = bus.getExtension(Configurer.class);
-        if (null != configurer) {
-            configurer.configureBean(destination);
-        }
+        configure(destination);
         return destination;
     }
 
@@ -145,5 +148,35 @@
 
     public Set<String> getUriPrefixes() {
         return URI_PREFIXES;
+    }
+
+    protected void configure(Object bean) {
+        Configurer configurer = bus.getExtension(Configurer.class);
+        if (null != configurer) {
+            configurer.configureBean(bean);
+        }
+    }
+
+    protected static URLConnectionFactory getConnectionFactory(SSLClientPolicy policy) {
+        return policy == null
+               ? new URLConnectionFactory() {
+                       public URLConnection createConnection(Proxy proxy, URL u)
+                           throws IOException {
+                           return proxy != null 
+                                  ? u.openConnection(proxy)
+                                  : u.openConnection();
+                       }
+                   }
+               : new HttpsURLConnectionFactory(policy);
+    }
+    
+    protected static JettyListenerFactory getListenerFactory(SSLServerPolicy policy) {
+        return policy == null
+               ? new JettyListenerFactory() {
+                       public SocketListener createListener(int port) {
+                           return new SocketListener(new InetAddrPort(port));
+                       }
+                   }
+               : new JettySslListenerFactory(policy);
     }
 }

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPServerEngine.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPServerEngine.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPServerEngine.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPServerEngine.java Thu Oct 26 09:03:54 2006
@@ -25,7 +25,7 @@
 import java.util.Map;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.configuration.security.SSLServerPolicy;
+import org.apache.cxf.configuration.Configurer;
 import org.apache.cxf.transport.http.listener.HTTPListenerConfigBean;
 import org.apache.cxf.transports.http.configuration.HTTPListenerPolicy;
 import org.mortbay.http.HttpContext;
@@ -64,6 +64,7 @@
         JettyHTTPServerEngine ref = portMap.get(p);
         if (ref == null) {
             ref = new JettyHTTPServerEngine(bus, protocol, p);
+            configure(bus, ref);
             portMap.put(p, ref);
         }
         return ref;
@@ -100,7 +101,7 @@
         if (server == null) {
             server = new HttpServer();
             
-            // REVISIT creare SSL listener if neccessary
+            // REVISIT create SSL listener if neccessary
             listener = new SocketListener(new InetAddrPort(port));
            
             if (getListener().isSetMinThreads()) {
@@ -245,13 +246,17 @@
         }
         return ret;
     }
+    
+    protected static void configure(Bus bus, Object bean) {
+        Configurer configurer = bus.getExtension(Configurer.class);
+        if (null != configurer) {
+            configurer.configureBean(bean);
+        }
+    }
 
     private void init() {
         if (!isSetListener()) {
             setListener(new HTTPListenerPolicy());
-        }
-        if (!isSetSslServer()) {
-            setSslServer(new SSLServerPolicy());
         }
     }
 }

Added: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyListenerFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyListenerFactory.java?view=auto&rev=468050
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyListenerFactory.java (added)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyListenerFactory.java Thu Oct 26 09:03:54 2006
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.transport.http;
+
+import org.mortbay.http.SocketListener;
+
+/**
+ * Encapsulates creation of Jetty listener.
+ */
+public interface JettyListenerFactory {
+
+    /**
+     * Create a Listener.
+     * 
+     * @param port the listen port
+     */
+    SocketListener createListener(int port);
+}

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyListenerFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Thu Oct 26 09:03:54 2006
@@ -19,29 +19,16 @@
  
 package org.apache.cxf.transport.https;
 
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
-import java.io.DataInputStream;
-import java.io.FileInputStream;
 import java.io.IOException;
-import java.lang.reflect.Method;
 import java.net.Proxy;
 import java.net.URL;
 import java.net.URLConnection;
-import java.security.KeyStore;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.List;
 import java.util.logging.Handler;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.configuration.security.SSLClientPolicy;
@@ -52,16 +39,23 @@
     private static final long serialVersionUID = 1L;
     private static final Logger LOG =
         LogUtils.getL7dLogger(HttpsURLConnectionFactory.class);
-    private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
-    private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
-    private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
-    private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
-    private static final String PKCS12_TYPE = "PKCS12";
     
-    // REVISIT inject this resource
+    private static final String[] UNSUPPORTED =
+    {"SessionCaching", "SessionCacheKey", "MaxChainLength",
+     "CertValidator", "ProxyHost", "ProxyPort"};
+    
     SSLClientPolicy sslPolicy;
     
     /**
+     * Constructor.
+     * 
+     * @param policy the applicable SSLClientPolicy (guaranteed non-null)
+     */
+    public HttpsURLConnectionFactory(SSLClientPolicy policy) {
+        sslPolicy = policy;
+    }
+    
+    /**
      * Create a URLConnection, proxified if neccessary.
      * 
      * @param proxy non-null if connection should be proxified
@@ -79,434 +73,76 @@
         return connection;
     }
     
-    protected void setSSLPolicy(SSLClientPolicy p) {
-        sslPolicy = p;
-    }
-    
-    protected void decorate(HttpsURLConnection connection) {
-        String keyStoreLocation = setupKeystore();
-        String keyStoreType = setupKeystoreType();
-        String keyStorePassword = setupKeystorePassword();
-        String keyPassword = setupKeyPassword();
-        String keystoreKeyManagerFactoryAlgorithm = setupKeystoreAlgorithm();
-        String trustStoreKeyManagerFactoryAlgorithm = setupTrustStoreAlgorithm();
-        String[] cipherSuites = setupCiphersuites();
-        String trustStoreLocation = setupTrustStore();
-        String trustStoreType = setupTrustStoreType();
-        String secureSocketProtocol = setupSecureSocketProtocol();
-        setupSessionCaching();
-        setupSessionCacheKey();
-        setupMaxChainLength();
-        setupCertValidator();
-        setupProxyHost();
-        setupProxyPort();
+    /**
+     * Decorate connection with applicable SSL settings.
+     * 
+     * @param secureConnection the secure connection
+     */
+    protected void decorate(HttpsURLConnection secureConnection) {
+        String keyStoreLocation =
+            SSLUtils.getKeystore(sslPolicy.getKeystore(), LOG);
+        String keyStoreType =
+            SSLUtils.getKeystoreType(sslPolicy.getKeystoreType(), LOG);
+        String keyStorePassword =
+            SSLUtils.getKeystorePassword(sslPolicy.getKeystorePassword(), LOG);
+        String keyPassword =
+            SSLUtils.getKeyPassword(sslPolicy.getKeyPassword(), LOG);
+        String keyStoreMgrFactoryAlgorithm =
+            SSLUtils.getKeystoreAlgorithm(sslPolicy.getKeystoreAlgorithm(),
+                                          LOG);
+        String trustStoreMgrFactoryAlgorithm =
+            SSLUtils.getTrustStoreAlgorithm(sslPolicy.getTrustStoreAlgorithm(),
+                                            LOG);
+        String[] cipherSuites =
+            SSLUtils.getCiphersuites(sslPolicy.getCiphersuites(), LOG);
+        String trustStoreLocation =
+            SSLUtils.getTrustStore(sslPolicy.getTrustStore(), LOG);
+        String trustStoreType =
+            SSLUtils.getTrustStoreType(sslPolicy.getTrustStoreType(), LOG);
+        String secureSocketProtocol =
+            SSLUtils.getSecureSocketProtocol(sslPolicy.getSecureSocketProtocol(),
+                                             LOG);
         
         try {
             SSLContext sslctx = SSLContext.getInstance(secureSocketProtocol);
-            boolean pkcs12 = keyStoreType.equalsIgnoreCase(PKCS12_TYPE);
-            sslctx.init(getKeyStoreManagers(pkcs12,
-                                            keyStoreLocation,
-                                            keyStoreType,
-                                            keyStorePassword,
-                                            keyPassword,
-                                            keystoreKeyManagerFactoryAlgorithm,
-                                            secureSocketProtocol),
-                        getTrustStoreManagers(pkcs12,
-                                              trustStoreType,
-                                              trustStoreLocation,
-                                              trustStoreKeyManagerFactoryAlgorithm),
-                        null);
-            connection.setSSLSocketFactory(new SSLSocketFactoryWrapper(sslctx.getSocketFactory(), 
-                                                                       cipherSuites));
+            boolean pkcs12 =
+                keyStoreType.equalsIgnoreCase(SSLUtils.PKCS12_TYPE);
+            sslctx.init(
+                SSLUtils.getKeyStoreManagers(keyStoreLocation,
+                                             keyStoreType,
+                                             keyStorePassword,
+                                             keyPassword,
+                                             keyStoreMgrFactoryAlgorithm,
+                                             secureSocketProtocol,
+                                             LOG),
+                SSLUtils.getTrustStoreManagers(pkcs12,
+                                               trustStoreType,
+                                               trustStoreLocation,
+                                               trustStoreMgrFactoryAlgorithm,
+                                               LOG),
+                null);
+            secureConnection.setSSLSocketFactory(
+                new SSLSocketFactoryWrapper(sslctx.getSocketFactory(),
+                                            cipherSuites));
         } catch (Exception e) {
             LogUtils.log(LOG, Level.SEVERE, "SSL_CONTEXT_INIT_FAILURE", e);
         }
-    }
-    
-    private KeyManager[] getKeyStoreManagers(boolean pkcs12,
-                                             String keyStoreLocation,
-                                             String keyStoreType,
-                                             String keyStorePassword,
-                                             String keyPassword,
-                                             String keystoreKeyManagerFactoryAlgorithm,
-                                             String secureSocketProtocol)
-        throws Exception {
-        //TODO for performance reasons we should cache
-        // the KeymanagerFactory and TrustManagerFactory 
-        if ((keyStorePassword != null)
-            && (keyPassword != null) 
-            && (!keyStorePassword.equals(keyPassword))) {
-            LogUtils.log(LOG, Level.WARNING, "KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD");
-        }
-        KeyManager[] keystoreManagers = null;        
-        KeyManagerFactory kmf = 
-            KeyManagerFactory.getInstance(keystoreKeyManagerFactoryAlgorithm);  
-        KeyStore ks = KeyStore.getInstance(keyStoreType);
-        
-        if (pkcs12) {
-            FileInputStream fis = new FileInputStream(keyStoreLocation);
-            DataInputStream dis = new DataInputStream(fis);
-            byte[] bytes = new byte[dis.available()];
-            dis.readFully(bytes);
-            ByteArrayInputStream bin = new ByteArrayInputStream(bytes);
-            
-            if (keyStorePassword != null) {
-                keystoreManagers =
-                    loadKeyStore(kmf, ks, bin, keyStoreLocation, keyStorePassword);
-            }
-        } else {        
-            byte[] sslCert = loadClientCredential(keyStoreLocation);
-            
-            if (sslCert != null && sslCert.length > 0 && keyStorePassword != null) {
-                ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
-                keystoreManagers =
-                    loadKeyStore(kmf, ks, bin, keyStoreLocation, keyStorePassword);
-            }  
-        }
-        if ((keyStorePassword == null) && (keyStoreLocation != null)) {
-            LogUtils.log(LOG, Level.WARNING,
-                         "FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD", 
-                         new Object[]{keyStoreLocation});
-        }
-        return keystoreManagers;
-    }
-
-    private KeyManager[] loadKeyStore(KeyManagerFactory kmf,
-                                      KeyStore ks,
-                                      ByteArrayInputStream bin,
-                                      String keyStoreLocation,
-                                      String keyStorePassword) {
-        KeyManager[] keystoreManagers = null;
-        try {
-            ks.load(bin, keyStorePassword.toCharArray());
-            kmf.init(ks, keyStorePassword.toCharArray());
-            keystoreManagers = kmf.getKeyManagers();
-            LogUtils.log(LOG, Level.INFO, "LOADED_KEYSTORE", new Object[]{keyStoreLocation});
-        } catch (Exception e) {
-            LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_KEYSTORE", 
-                     new Object[]{keyStoreLocation, e.getMessage()});
-        } 
-        return keystoreManagers;
-    }
-
-    private TrustManager[] getTrustStoreManagers(boolean pkcs12,
-                                                 String trustStoreType,
-                                                 String trustStoreLocation,
-                                                 String trustStoreKeyManagerFactoryAlgorithm)
-        throws Exception {
-        // ************************* Load Trusted CA file *************************
-        
-        TrustManager[] trustStoreManagers = null;
-        KeyStore trustedCertStore = KeyStore.getInstance(trustStoreType);
-
-        if (pkcs12) {
-            //TODO could support multiple trust cas
-            trustStoreManagers = new TrustManager[1];
-            
-            trustedCertStore.load(null, "".toCharArray());
-            CertificateFactory cf = CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE);
-            byte[] caCert = loadCACert(trustStoreLocation);
-            try {
-                if (caCert != null) {
-                    ByteArrayInputStream cabin = new ByteArrayInputStream(caCert);
-                    X509Certificate cert = (X509Certificate)cf.generateCertificate(cabin);
-                    trustedCertStore.setCertificateEntry(cert.getIssuerDN().toString(), cert);
-                    cabin.close();
-                }
-            } catch (Exception e) {
-                LogUtils.log(LOG, Level.WARNING, "FAILED_TO_LOAD_TRUST_STORE", 
-                             new Object[]{trustStoreLocation, e.getMessage()});
-            } 
-        } else {
-            trustedCertStore.load(new FileInputStream(trustStoreLocation), null);
-        }
-        
-        TrustManagerFactory tmf  = 
-            TrustManagerFactory.getInstance(trustStoreKeyManagerFactoryAlgorithm);
-        tmf.init(trustedCertStore);
-        LogUtils.log(LOG, Level.INFO, "LOADED_TRUST_STORE", new Object[]{trustStoreLocation});            
-        trustStoreManagers = tmf.getTrustManagers();
-
-        return trustStoreManagers;
-    }
-    
-    private static byte[] loadClientCredential(String fileName) throws IOException {
-        if (fileName == null) {
-            return null;
-        }
-        FileInputStream in = new FileInputStream(fileName);
-        ByteArrayOutputStream out = new ByteArrayOutputStream();
-        byte[] buf = new byte[512];
-        int i = in.read(buf);
-        while (i  > 0) {
-            out.write(buf, 0, i);
-            i = in.read(buf);
-        }
-        in.close();
-        return out.toByteArray();
-    }
-
-    private static byte[] loadCACert(String fileName) throws IOException {
-        if (fileName == null) {
-            return null;
-        }
-        FileInputStream in = new FileInputStream(fileName);
-        ByteArrayOutputStream out = new ByteArrayOutputStream();
-        byte[] buf = new byte[512];
-        int i = in.read(buf);
         
-        while (i > 0) {
-            out.write(buf, 0, i);
-            i = in.read(buf);
-        }
-        in.close();
-        return out.toByteArray();
-    }
-
-    public String setupKeystore() {
-        String keyStoreLocation = null;
-        String logMsg = null;
-        if (sslPolicy.isSetKeystore()) {
-            keyStoreLocation = sslPolicy.getKeystore();
-            logMsg = "KEY_STORE_SET";
-        } else {
-            keyStoreLocation = System.getProperty("javax.net.ssl.keyStore");
-            if (keyStoreLocation != null) {
-                logMsg = "KEY_STORE_SYSTEM_PROPERTY_SET";
-            } else {
-                keyStoreLocation = System.getProperty("user.home") + "/.keystore";
-                logMsg = "KEY_STORE_NOT_SET";
-            }
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg, new Object[]{keyStoreLocation});
-        return keyStoreLocation;
-    }
-    
-    public String setupKeystoreType() {
-        String keyStoreType = null;
-        String logMsg = null;
-        if (sslPolicy.isSetKeystoreType()) {
-            keyStoreType = sslPolicy.getKeystoreType();
-            logMsg = "KEY_STORE_TYPE_SET";
-        } else {
-            keyStoreType = DEFAULT_KEYSTORE_TYPE;
-            logMsg = "KEY_STORE_TYPE_NOT_SET";
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg, new Object[]{keyStoreType});
-        return keyStoreType;
-    }  
-    
-    public String setupKeystorePassword() {
-        String keyStorePassword = null;
-        String logMsg = null;
-        if (sslPolicy.isSetKeystorePassword()) {
-            logMsg = "KEY_STORE_PASSWORD_SET";
-            keyStorePassword = sslPolicy.getKeystorePassword();
-        } else {
-            keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
-            logMsg = keyStorePassword != null
-                     ? "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET"
-                     : "KEY_STORE_PASSWORD_NOT_SET";
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg);
-        return keyStorePassword;        
-    }
-    
-    public String setupKeyPassword() {
-        String keyPassword = null;
-        String logMsg = null;
-        if (sslPolicy.isSetKeyPassword()) {
-            logMsg = "KEY_PASSWORD_SET";
-            keyPassword = sslPolicy.getKeyPassword();
-        } else {
-            keyPassword = System.getProperty("javax.net.ssl.keyStorePassword");
-            logMsg = keyPassword != null
-                     ? "KEY_PASSWORD_SYSTEM_PROPERTY_SET"
-                     : "KEY_PASSWORD_NOT_SET";
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg);
-        return keyPassword;
-    }
-
-    public String setupKeystoreAlgorithm() {
-        String keystoreKeyManagerFactoryAlgorithm = null;
-        String logMsg = null;
-        if (sslPolicy.isSetKeystoreAlgorithm()) {
-            keystoreKeyManagerFactoryAlgorithm = sslPolicy.getKeystoreAlgorithm(); 
-            logMsg = "KEY_STORE_ALGORITHM_SET";
-        } else {
-            keystoreKeyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
-            logMsg = "KEY_STORE_ALGORITHM_NOT_SET";
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg, 
-                     new Object[] {keystoreKeyManagerFactoryAlgorithm});
-        return keystoreKeyManagerFactoryAlgorithm;
-    } 
-    
-    public String setupTrustStoreAlgorithm() {
-        String trustStoreKeyManagerFactoryAlgorithm = null;
-        String logMsg = null;
-        if (sslPolicy.isSetKeystoreAlgorithm()) {
-            trustStoreKeyManagerFactoryAlgorithm = sslPolicy.getTrustStoreAlgorithm(); 
-            logMsg = "TRUST_STORE_ALGORITHM_SET";
-        } else {
-            trustStoreKeyManagerFactoryAlgorithm = TrustManagerFactory.getDefaultAlgorithm();
-            logMsg = "TRUST_STORE_ALGORITHM_NOT_SET";
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg, 
-                     new Object[] {trustStoreKeyManagerFactoryAlgorithm});
-        return trustStoreKeyManagerFactoryAlgorithm;
-    }    
-    
-    public String[] setupCiphersuites() {
-        String[] cipherSuites = null;
-        if (sslPolicy.isSetCiphersuites()) {
-            
-            List<String> cipherSuitesList = sslPolicy.getCiphersuites();
-            int numCipherSuites = cipherSuitesList.size();
-            cipherSuites = new String[numCipherSuites];
-            String ciphsStr = null;
-            for (int i = 0; i < numCipherSuites; i++) {
-                cipherSuites[i] = cipherSuitesList.get(i);
-                if (ciphsStr == null) {
-                    ciphsStr = cipherSuites[i];
-                } else {
-                    ciphsStr += ", " + cipherSuites[i];
-                }
-            }
-            LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_SET", new Object[]{ciphsStr});
-        } else {
-            LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_NOT_SET");
-        }
-        return cipherSuites;
-    }         
-    
-    public String setupTrustStore() {
-        String trustStoreLocation;
-        String logMsg = null;
-        if (sslPolicy.isSetTrustStore()) {
-            trustStoreLocation = sslPolicy.getTrustStore();
-            logMsg = "TRUST_STORE_SET";
-        } else {
-            
-            trustStoreLocation = System.getProperty("javax.net.ssl.trustStore");
-            if (trustStoreLocation != null) {
-                logMsg = "TRUST_STORE_SYSTEM_PROPERTY_SET";
-            } else {
-                trustStoreLocation =
-                    System.getProperty("java.home") + "/lib/security/cacerts";
-                logMsg = "TRUST_STORE_NOT_SET";
-            }
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg, new Object[]{trustStoreLocation});
-        return trustStoreLocation;
-    }
-    
-    public String setupTrustStoreType() {
-        String trustStoreType = null;
-        String logMsg = null;
-        if (sslPolicy.isSetTrustStoreType()) {
-            trustStoreType = sslPolicy.getTrustStoreType();
-            logMsg = "TRUST_STORE_TYPE_SET";
-        } else {
-            //Can default to JKS
-            trustStoreType = DEFAULT_TRUST_STORE_TYPE;
-            logMsg = "TRUST_STORE_TYPE_NOT_SET";
-        }
-        LogUtils.log(LOG, Level.INFO, logMsg, new Object[]{trustStoreType});
-        return trustStoreType;
-    }
-    
-    public String setupSecureSocketProtocol() {
-        String secureSocketProtocol = null;
-        if (!sslPolicy.isSetSecureSocketProtocol()) {
-            LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_NOT_SET");
-            secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
-        } else {
-            secureSocketProtocol = sslPolicy.getSecureSocketProtocol();
-            LogUtils.log(LOG,
-                         Level.INFO,
-                         "SECURE_SOCKET_PROTOCOL_SET",
-                         new Object[] {secureSocketProtocol});
-        }
-        return secureSocketProtocol;
+        SSLUtils.logUnSupportedPolicies(sslPolicy,
+                                        true,
+                                        UNSUPPORTED,
+                                        LOG);
     }
     
-    public boolean setupSessionCaching() {
-        if (sslPolicy.isSetSessionCaching()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", 
-                         new Object[]{"SessionCaching"});
-        }
-        return true;
-    }  
-    
-    public boolean setupSessionCacheKey() {
-        if (sslPolicy.isSetSessionCacheKey()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", 
-                         new Object[]{"SessionCacheKey"});
-        }
-        return true;
-    }  
-    
-    public boolean setupMaxChainLength() {
-        if (sslPolicy.isSetMaxChainLength()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", 
-                         new Object[]{"MaxChainLength"});
-        }
-        return true;
-    }  
-    
-    public boolean setupCertValidator() {
-        if (sslPolicy.isSetCertValidator()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", 
-                         new Object[]{"CertValidator"});
-        }
-        return true;
-    }      
-    
-    public boolean setupProxyHost() {
-        if (sslPolicy.isSetProxyHost()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", 
-                         new Object[]{"ProxyHost"});
-        }
-        return true;
-    } 
-
-    public boolean setupProxyPort() {
-        if (sslPolicy.isSetProxyPort()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_CLIENT_POLICY_DATA", 
-                         new Object[]{"ProxyPort"});
-        }
-        return true;
-    } 
-    
     /*
      *  For development and testing only
-     */   
-    protected boolean testAllDataHasSetupMethod() {
-        Method[] sslPolicyMethods = sslPolicy.getClass().getDeclaredMethods();
-        Class[] classArgs = null;
-
-        for (int i = 0; i < sslPolicyMethods.length; i++) {
-            String sslPolicyMethodName = sslPolicyMethods[i].getName();
-            if (sslPolicyMethodName.startsWith("isSet")) {
-                String dataName = 
-                    sslPolicyMethodName.substring("isSet".length(), sslPolicyMethodName.length());
-                String thisMethodName = "setup" + dataName;
-                try {
-                    this.getClass().getMethod(thisMethodName, classArgs);
-                } catch (Exception e) {
-                    e.printStackTrace(); 
-                    return false;
-                }
-                
-            }
-        }
-        return true;
-    }
-    
+     */
     protected void addLogHandler(Handler handler) {
         LOG.addHandler(handler);
+    }
+       
+    protected String[] getUnSupported() {
+        return UNSUPPORTED;
     }
 }
 

Copied: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/JettySslListenerFactory.java (from r438444, incubator/cxf/branches/post_apache_integration/rt/transports/http/src/main/java/org/objectweb/celtix/transports/https/JettySslListenerConfigurer.java)
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/JettySslListenerFactory.java?view=diff&rev=468050&p1=incubator/cxf/branches/post_apache_integration/rt/transports/http/src/main/java/org/objectweb/celtix/transports/https/JettySslListenerConfigurer.java&r1=438444&p2=incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/JettySslListenerFactory.java&r2=468050
==============================================================================
--- incubator/cxf/branches/post_apache_integration/rt/transports/http/src/main/java/org/objectweb/celtix/transports/https/JettySslListenerConfigurer.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/JettySslListenerFactory.java Thu Oct 26 09:03:54 2006
@@ -1,331 +1,115 @@
-package org.objectweb.celtix.transports.https;
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.transport.https;
 
-import java.lang.reflect.Method;
-import java.util.List;
 import java.util.logging.Handler;
-import java.util.logging.Level;
 import java.util.logging.Logger;
 
-import javax.net.ssl.KeyManagerFactory;
-
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.security.SSLServerPolicy;
+import org.apache.cxf.transport.http.JettyListenerFactory;
+import org.mortbay.http.SocketListener;
 import org.mortbay.http.SslListener;
-import org.objectweb.celtix.bus.configuration.security.SSLServerPolicy;
-import org.objectweb.celtix.common.logging.LogUtils;
-import org.objectweb.celtix.configuration.Configuration;
-
+import org.mortbay.util.InetAddrPort;
 
-public final class JettySslListenerConfigurer {
+public final class JettySslListenerFactory implements JettyListenerFactory {
     private static final long serialVersionUID = 1L;
-    private static final Logger LOG = LogUtils.getL7dLogger(JettySslListenerConfigurer.class);
-    private static final String DEFAUL_KEYSTORE_TYPE = "PKCS12";
-    private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
-    private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
-    private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
+    private static final Logger LOG = LogUtils.getL7dLogger(JettySslListenerFactory.class);    
     
+    private static final String[] UNSUPPORTED =
+    {"SessionCaching", "SessionCacheKey", "MaxChainLength",
+     "CertValidator", "TrustStoreAlgorithm", "TrustStoreType"};
     
-    private Configuration httpListenerCfg;
-    private SSLServerPolicy sslPolicy;
-    private SslListener secureListener;
-    
-        
-    public JettySslListenerConfigurer(Configuration cfg, 
-                                    SSLServerPolicy sslPolicyParam, 
-                                    SslListener secureListenerParam) {
-       
-        this.httpListenerCfg = cfg;
-        this.sslPolicy = sslPolicyParam;
-        this.secureListener = secureListenerParam; 
-    }
-    
-    public void configure() {
-        setupSecurityConfigurer();
-        setupKeystore();
-        setupKeystoreType();
-        setupKeystorePassword();
-        setupKeyPassword();
-        setupWantClientAuthentication();
-        setupRequireClientAuthentication();
-        setupKeystoreAlgorithm();
-        setupCiphersuites();
-        setupTrustStore();
-        setupTrustStoreType();
-        setupSecureSocketProtocol();
-        setupTrustStoreAlgorithm();
-        setupSessionCaching();
-        setupSessionCacheKey();
-        setupMaxChainLength();
-        setupCertValidator();
+    SSLServerPolicy sslPolicy;
         
+    /**
+     * Constructor.
+     * 
+     * @param policy the applicable SSLServerPolicy (guaranteed non-null)
+     */
+    public JettySslListenerFactory(SSLServerPolicy policy) {
+        this.sslPolicy = policy;
     }
     
-    public boolean setupKeystore() {
-        String keyStoreLocation = null;
-        if (sslPolicy.isSetKeystore()) {
-            keyStoreLocation = sslPolicy.getKeystore();
-            secureListener.setKeystore(keyStoreLocation);
-            LogUtils.log(LOG, Level.INFO, "KEY_STORE_SET", new Object[] {keyStoreLocation});
-            return true;           
-        }
-        keyStoreLocation = System.getProperty("javax.net.ssl.keyStore");
-        if (keyStoreLocation != null) {
-            LogUtils.log(LOG, Level.INFO, "KEY_STORE_SET", new Object[] {keyStoreLocation});
-            secureListener.setKeystore(keyStoreLocation);
-            return true;
-        }
-
-        keyStoreLocation = System.getProperty("user.home") + "/.keystore"; 
-        secureListener.setKeystore(keyStoreLocation);
-        LogUtils.log(LOG, Level.INFO, "KEY_STORE_NOT_SET", new Object[] {keyStoreLocation});
-        return true;
-
+    /**
+     * Create a Listener.
+     * 
+     * @param p the listen port
+     */
+    public SocketListener createListener(int port) {
+        SslListener secureListener = new SslListener(new InetAddrPort(port));
+        decorate(secureListener);
+        return secureListener;
     }
     
-    public boolean setupKeystoreType() {
+    /**
+     * Decorate listener with applicable SSL settings.
+     * 
+     * @param listener the secure listener
+     */
+    public void decorate(SslListener secureListener) {
+        secureListener.setKeystore(
+            SSLUtils.getKeystore(sslPolicy.getKeystore(), LOG));
+        secureListener.setKeystoreType(
+            SSLUtils.getKeystoreType(sslPolicy.getKeystoreType(), LOG));
+        secureListener.setPassword(
+            SSLUtils.getKeystorePassword(sslPolicy.getKeystorePassword(),
+                                         LOG));
+        secureListener.setKeyPassword(
+            SSLUtils.getKeyPassword(sslPolicy.getKeyPassword(), LOG));
+        secureListener.setAlgorithm(
+            SSLUtils.getKeystoreAlgorithm(sslPolicy.getKeystoreAlgorithm(),
+                                          LOG));
+        secureListener.setCipherSuites(
+            SSLUtils.getCiphersuites(sslPolicy.getCiphersuites(), LOG));
+        System.setProperty("javax.net.ssl.trustStore",
+                           SSLUtils.getTrustStore(sslPolicy.getTrustStore(),
+                                                  LOG));
+        secureListener.setProtocol(
+            SSLUtils.getSecureSocketProtocol(sslPolicy.getSecureSocketProtocol(),
+                                             LOG));
+        secureListener.setWantClientAuth(
+            SSLUtils.getWantClientAuthentication(
+                                   sslPolicy.isSetWantClientAuthentication(),
+                                   sslPolicy.isWantClientAuthentication(),
+                                   LOG));
+        secureListener.setNeedClientAuth(
+            SSLUtils.getRequireClientAuthentication(
+                                sslPolicy.isSetRequireClientAuthentication(),
+                                sslPolicy.isRequireClientAuthentication(),
+                                LOG));
         
-        if (!sslPolicy.isSetKeystoreType()) {
-            LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_NOT_SET", new Object[] {DEFAUL_KEYSTORE_TYPE});
-            //Can default to JKs so return true
-            secureListener.setKeystoreType(DEFAUL_KEYSTORE_TYPE);
-            return true;
-        }
-        String keyStoreType = sslPolicy.getKeystoreType();
-        LogUtils.log(LOG, Level.INFO, "KEY_STORE_TYPE_SET", new Object[] {keyStoreType});
-        secureListener.setKeystoreType(keyStoreType);
-        return true;
-    }  
-    
-    public boolean setupKeystorePassword() {
-        String keyStorePassword = null;
-        if (sslPolicy.isSetKeystorePassword()) {
-            keyStorePassword = sslPolicy.getKeystorePassword();
-            secureListener.setPassword(keyStorePassword);
-            return true;           
-        }
-        keyStorePassword = System.getProperty("javax.net.ssl.keyStorePassword");
-        if (keyStorePassword != null) {
-            secureListener.setPassword(keyStorePassword);
-            return true;
-        }
-        LogUtils.log(LOG, Level.SEVERE, "KEY_STORE_PASSWORD_NOT_SET");
-        return false;
-
-    }
-    
-    public void setupKeystoreAlgorithm() {
-        String keyManagerFactoryAlgorithm  = null;
-        if (sslPolicy.isSetKeystoreAlgorithm()) {
-            keyManagerFactoryAlgorithm = sslPolicy.getKeystoreAlgorithm(); 
-            secureListener.setAlgorithm(keyManagerFactoryAlgorithm);
-            LogUtils.log(LOG, Level.INFO, 
-                         "KEY_STORE_ALGORITHM_SET", 
-                         new Object[] {keyManagerFactoryAlgorithm});
-        }
-        keyManagerFactoryAlgorithm = KeyManagerFactory.getDefaultAlgorithm();
-        LogUtils.log(LOG, Level.INFO, 
-                     "KEY_STORE_ALGORITHM_NOT_SET", 
-                     new Object[] {keyManagerFactoryAlgorithm});
-    } 
-    
-    public void setupTrustStoreAlgorithm() {
-        if (sslPolicy.isSetTrustStoreAlgorithm()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA", 
-                         new Object[]{"TrustStoreAlgorithm"});
-        }
-    } 
-    
-    public boolean setupKeyPassword() {
-        String keyPassword = null;
-        if (sslPolicy.isSetKeyPassword()) {
-            keyPassword = sslPolicy.getKeyPassword();
-            secureListener.setKeyPassword(keyPassword);
-            return true;
-        }
-        keyPassword = System.getProperty("javax.net.ssl.keyStorePassword");
-        if (keyPassword == null) {
-            LogUtils.log(LOG, Level.INFO, "KEY_PASSWORD_NOT_SET");
-        }
-        secureListener.setKeyPassword(keyPassword);
-        return true;
-    }
-    
-    public boolean setupRequireClientAuthentication() {
-        if (!sslPolicy.isSetRequireClientAuthentication()) {
-            LogUtils.log(LOG, Level.WARNING, "REQUIRE_CLIENT_AUTHENTICATION_NOT_SET");
-            secureListener.setNeedClientAuth(DEFAULT_REQUIRE_CLIENT_AUTHENTICATION);
-            return true;
-        }
-        Boolean holder = sslPolicy.isRequireClientAuthentication();
-        boolean setRequireClientAuthentication = holder.booleanValue();
-        LogUtils.log(LOG, Level.INFO, "REQUIRE_CLIENT_AUTHENTICATION_SET", 
-                     new Object[]{setRequireClientAuthentication});
-        secureListener.setNeedClientAuth(setRequireClientAuthentication);
-        return true;
+        SSLUtils.logUnSupportedPolicies(sslPolicy,
+                                        false,
+                                        UNSUPPORTED,
+                                        LOG);
     }
-    
-    public boolean setupWantClientAuthentication() {
-        if (!sslPolicy.isSetWantClientAuthentication()) {
-            LogUtils.log(LOG, Level.WARNING, "WANT_CLIENT_AUTHENTICATION_NOT_SET");
-            secureListener.setWantClientAuth(DEFAULT_WANT_CLIENT_AUTHENTICATION);            
-            return true;
-        }
-         
-        Boolean holder = sslPolicy.isWantClientAuthentication();
-        boolean setWantClientAuthentication = holder.booleanValue();
-        LogUtils.log(LOG, Level.INFO, "WANT_CLIENT_AUTHENTICATION_SET", 
-                     new Object[]{setWantClientAuthentication});
-        secureListener.setWantClientAuth(setWantClientAuthentication);
-        return true;
-    }    
-    
-    public boolean setupCiphersuites() {
-        if (sslPolicy.isSetCiphersuites()) {
-            
-            List<String> cipherSuites = sslPolicy.getCiphersuites();
-            int numCipherSuites = cipherSuites.size();
-            String[] ciphs = new String[numCipherSuites];
-            String ciphsStr = null;
-            for (int i = 0; i < numCipherSuites; i++) {
-                ciphs[i] = cipherSuites.get(i);
-                if (ciphsStr == null) {
-                    ciphsStr = ciphs[i];
-                } else {
-                    ciphsStr += ", " + ciphs[i];
-                }
-                
-            }
-            LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_SET", new Object[]{ciphsStr});
-            secureListener.setCipherSuites(ciphs);
-        }
-        LogUtils.log(LOG, Level.INFO, "CIPHERSUITE_NOT_SET");
-        return true;
-    }         
-    
-    public boolean setupTrustStore() {
-        String trustStore = null;
-        if (sslPolicy.isSetTrustStore()) {
-            trustStore = sslPolicy.getTrustStore();
-            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_SET", 
-                             new Object[]{trustStore});
-        }
-        if (trustStore == null) {
-            trustStore = System.getProperty("javax.net.ssl.trustStore");
-        }
-        if (trustStore == null) {
-            
-            trustStore = System.getProperty("java.home") + "/lib/security/cacerts";
-            LogUtils.log(LOG, Level.INFO, "TRUST_STORE_NOT_SET", new Object[]{trustStore});
-        } 
 
-        System.setProperty("javax.net.ssl.trustStore", trustStore);
-        return true;
-    }    
-    
-    public boolean setupTrustStoreType() {
-        if (sslPolicy.isSetTrustStoreType()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA", 
-                         new Object[]{"TrustStoreType"});
-            return true;
-        }
-        return true;
-    }
-    
-    public void setupSecureSocketProtocol() {
-        String secureSocketProtocol = null;
-        if (!sslPolicy.isSetSecureSocketProtocol()) {
-            LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_NOT_SET");
-            secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
-            return;
-        }
-        secureSocketProtocol = sslPolicy.getSecureSocketProtocol();
-        secureListener.setProtocol(secureSocketProtocol);
-        LogUtils.log(LOG, Level.INFO, "SECURE_SOCKET_PROTOCOL_SET", new Object[] {secureSocketProtocol});
-    } 
-    
-    public boolean setupSessionCaching() {
-        if (sslPolicy.isSetSessionCaching()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA", 
-                         new Object[]{"SessionCaching"});
-        }
-        return true;
-    }  
-    
-    public boolean setupSessionCacheKey() {
-        if (sslPolicy.isSetSessionCacheKey()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA", 
-                         new Object[]{"SessionCacheKey"});
-        }
-        return true;
-    }  
-    
-    public boolean setupMaxChainLength() {
-        if (sslPolicy.isSetMaxChainLength()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA", 
-                         new Object[]{"MaxChainLength"});
-        }
-        return true;
-    }  
-    
-    public boolean setupCertValidator() {
-        if (sslPolicy.isSetCertValidator()) {
-            LogUtils.log(LOG, Level.WARNING, "UNSUPPORTED_SSL_SERVER_POLICY_DATA", 
-                         new Object[]{"CertValidator"});
-        }
-        return true;
-    }  
-    
-    public void setupSecurityConfigurer() {
-        String systemProperty = "celtix.security.configurer."
-                                + httpListenerCfg.getId().toString();
-        String securityConfigurerName = System.getProperty(systemProperty);
-        if ((securityConfigurerName == null) 
-            || (securityConfigurerName.equals(""))) {
-            return;
-        }
-        LogUtils.log(LOG, Level.WARNING, "UNOFFICIAL_SECURITY_CONFIGURER");
-        try {
-            Class clazz = Class.forName(securityConfigurerName);
-            Method configure = clazz.getDeclaredMethod("configure", SSLServerPolicy.class);
-            Object[] params = new Object[]{sslPolicy};
-            Object configurer = clazz.newInstance();
-            configure.invoke(configurer, params);
-            LogUtils.log(LOG, Level.INFO, "SUCCESS_INVOKING_SECURITY_CONFIGURER", 
-                         new Object[]{securityConfigurerName});
-            
-        } catch (Exception e) {
-            LogUtils.log(LOG, Level.SEVERE, "ERROR_INVOKING_SECURITY_CONFIGURER", 
-                         new Object[]{securityConfigurerName, e.getMessage()});
-        }
-    }
-    
     /* 
-     * For development only
+     * For development & testing only
      */
-    protected  boolean testAllDataHasSetupMethod() {
-        Method[] sslPolicyMethods = sslPolicy.getClass().getDeclaredMethods();
-        Class[] classArgs = null;
-
-        for (int i = 0; i < sslPolicyMethods.length; i++) {
-            String sslPolicyMethodName = sslPolicyMethods[i].getName();
-            if (sslPolicyMethodName.startsWith("isSet")) {
-                String dataName = 
-                    sslPolicyMethodName.substring("isSet".length(), sslPolicyMethodName.length());
-                String thisMethodName = "setup" + dataName;
-                try {
-                    this.getClass().getMethod(thisMethodName, classArgs);
-                } catch (Exception e) {
-                    return false;
-                }
-                
-            }
-        }
-        return true;
-    }
-    
-    protected SslListener getSslListener() {
-        return secureListener;
-    }
-    
     protected void addLogHandler(Handler handler) {
         LOG.addHandler(handler);
+    }
+    
+    protected String[] getUnSupported() {
+        return UNSUPPORTED;
     }
 }

Added: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=auto&rev=468050
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (added)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Thu Oct 26 09:03:54 2006
@@ -0,0 +1,493 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.transport.https;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.security.KeyStore;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.cxf.common.logging.LogUtils;
+
+/**
+ * Holder for utility methods related to manipulating SSL settings, common
+ * to the connection and listener factories (previously duplicated).
+ */
+public final class SSLUtils {
+
+    static final String PKCS12_TYPE = "PKCS12";
+
+    private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
+    private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
+    private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
+    private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
+    
+    private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
+    private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
+
+
+    private SSLUtils() {
+    }    
+    
+    protected static KeyManager[] getKeyStoreManagers(
+                                          String keyStoreLocation,
+                                          String keyStoreType,
+                                          String keyStorePassword,
+                                          String keyPassword,
+                                          String keyStoreMgrFactoryAlgorithm,
+                                          String secureSocketProtocol,
+                                          Logger log)
+        throws Exception {
+        //TODO for performance reasons we should cache
+        // the KeymanagerFactory and TrustManagerFactory 
+        if ((keyStorePassword != null)
+            && (keyPassword != null) 
+            && (!keyStorePassword.equals(keyPassword))) {
+            LogUtils.log(log,
+                         Level.WARNING,
+                         "KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD");
+        }
+        KeyManager[] keystoreManagers = null;        
+        KeyManagerFactory kmf = 
+            KeyManagerFactory.getInstance(keyStoreMgrFactoryAlgorithm);  
+        KeyStore ks = KeyStore.getInstance(keyStoreType);
+        
+        if (keyStoreType.equalsIgnoreCase(PKCS12_TYPE)) {
+            FileInputStream fis = new FileInputStream(keyStoreLocation);
+            DataInputStream dis = new DataInputStream(fis);
+            byte[] bytes = new byte[dis.available()];
+            dis.readFully(bytes);
+            ByteArrayInputStream bin = new ByteArrayInputStream(bytes);
+            
+            if (keyStorePassword != null) {
+                keystoreManagers = loadKeyStore(kmf,
+                                                ks,
+                                                bin,
+                                                keyStoreLocation,
+                                                keyStorePassword,
+                                                log);
+            }
+        } else {        
+            byte[] sslCert = loadClientCredential(keyStoreLocation);
+            
+            if (sslCert != null && sslCert.length > 0 && keyStorePassword != null) {
+                ByteArrayInputStream bin = new ByteArrayInputStream(sslCert);
+                keystoreManagers = loadKeyStore(kmf,
+                                                ks,
+                                                bin,
+                                                keyStoreLocation,
+                                                keyStorePassword,
+                                                log);
+            }  
+        }
+        if ((keyStorePassword == null) && (keyStoreLocation != null)) {
+            LogUtils.log(log, Level.WARNING,
+                         "FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD", 
+                         new Object[]{keyStoreLocation});
+        }
+        return keystoreManagers;
+    }
+
+    protected static KeyManager[] loadKeyStore(KeyManagerFactory kmf,
+                                               KeyStore ks,
+                                               ByteArrayInputStream bin,
+                                               String keyStoreLocation,
+                                               String keyStorePassword,
+                                               Logger log) {
+        KeyManager[] keystoreManagers = null;
+        try {
+            ks.load(bin, keyStorePassword.toCharArray());
+            kmf.init(ks, keyStorePassword.toCharArray());
+            keystoreManagers = kmf.getKeyManagers();
+            LogUtils.log(log,
+                         Level.INFO,
+                         "LOADED_KEYSTORE",
+                         new Object[]{keyStoreLocation});
+        } catch (Exception e) {
+            LogUtils.log(log,
+                         Level.WARNING,
+                         "FAILED_TO_LOAD_KEYSTORE", 
+                         new Object[]{keyStoreLocation, e.getMessage()});
+        } 
+        return keystoreManagers;
+    }
+
+    protected static TrustManager[] getTrustStoreManagers(
+                                        boolean pkcs12,
+                                        String trustStoreType,
+                                        String trustStoreLocation,
+                                        String trustStoreMgrFactoryAlgorithm,
+                                        Logger log)
+        throws Exception {
+        // ********************** Load Trusted CA file **********************
+        
+        TrustManager[] trustStoreManagers = null;
+        KeyStore trustedCertStore = KeyStore.getInstance(trustStoreType);
+
+        if (pkcs12) {
+            //TODO could support multiple trust cas
+            trustStoreManagers = new TrustManager[1];
+            
+            trustedCertStore.load(null, "".toCharArray());
+            CertificateFactory cf = CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE);
+            byte[] caCert = loadCACert(trustStoreLocation);
+            try {
+                if (caCert != null) {
+                    ByteArrayInputStream cabin = new ByteArrayInputStream(caCert);
+                    X509Certificate cert = (X509Certificate)cf.generateCertificate(cabin);
+                    trustedCertStore.setCertificateEntry(cert.getIssuerDN().toString(), cert);
+                    cabin.close();
+                }
+            } catch (Exception e) {
+                LogUtils.log(log, Level.WARNING, "FAILED_TO_LOAD_TRUST_STORE", 
+                             new Object[]{trustStoreLocation, e.getMessage()});
+            } 
+        } else {
+            trustedCertStore.load(new FileInputStream(trustStoreLocation), null);
+        }
+        
+        TrustManagerFactory tmf  = 
+            TrustManagerFactory.getInstance(trustStoreMgrFactoryAlgorithm);
+        tmf.init(trustedCertStore);
+        LogUtils.log(log,
+                     Level.INFO,
+                     "LOADED_TRUST_STORE",
+                     new Object[]{trustStoreLocation});
+        trustStoreManagers = tmf.getTrustManagers();
+
+        return trustStoreManagers;
+    }
+    
+    protected static byte[] loadClientCredential(String fileName) throws IOException {
+        if (fileName == null) {
+            return null;
+        }
+        FileInputStream in = new FileInputStream(fileName);
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        byte[] buf = new byte[512];
+        int i = in.read(buf);
+        while (i  > 0) {
+            out.write(buf, 0, i);
+            i = in.read(buf);
+        }
+        in.close();
+        return out.toByteArray();
+    }
+
+    protected static byte[] loadCACert(String fileName) throws IOException {
+        if (fileName == null) {
+            return null;
+        }
+        FileInputStream in = new FileInputStream(fileName);
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        byte[] buf = new byte[512];
+        int i = in.read(buf);
+        
+        while (i > 0) {
+            out.write(buf, 0, i);
+            i = in.read(buf);
+        }
+        in.close();
+        return out.toByteArray();
+    }
+
+    public static String getKeystore(String keyStoreLocation, Logger log) {
+        String logMsg = null;
+        if (keyStoreLocation != null) {
+            logMsg = "KEY_STORE_SET";
+        } else {
+            keyStoreLocation = System.getProperty("javax.net.ssl.keyStore");
+            if (keyStoreLocation != null) {
+                logMsg = "KEY_STORE_SYSTEM_PROPERTY_SET";
+            } else {
+                keyStoreLocation =
+                    System.getProperty("user.home") + "/.keystore";
+                logMsg = "KEY_STORE_NOT_SET";
+            }
+        }
+        LogUtils.log(log, Level.INFO, logMsg, new Object[]{keyStoreLocation});
+        return keyStoreLocation;
+    }
+    
+    public static String getKeystoreType(String keyStoreType, Logger log) {
+        String logMsg = null;
+        if (keyStoreType != null) {
+            logMsg = "KEY_STORE_TYPE_SET";
+        } else {
+            keyStoreType = DEFAULT_KEYSTORE_TYPE;
+            logMsg = "KEY_STORE_TYPE_NOT_SET";
+        }
+        LogUtils.log(log, Level.INFO, logMsg, new Object[]{keyStoreType});
+        return keyStoreType;
+    }  
+    
+    public static String getKeystorePassword(String keyStorePassword,
+                                             Logger log) {
+        String logMsg = null;
+        if (keyStorePassword != null) {
+            logMsg = "KEY_STORE_PASSWORD_SET";
+        } else {
+            keyStorePassword =
+                System.getProperty("javax.net.ssl.keyStorePassword");
+            logMsg = keyStorePassword != null
+                     ? "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET"
+                     : "KEY_STORE_PASSWORD_NOT_SET";
+        }
+        LogUtils.log(log, Level.INFO, logMsg);
+        return keyStorePassword;        
+    }
+    
+    public static String getKeyPassword(String keyPassword, Logger log) {
+        String logMsg = null;
+        if (keyPassword != null) {
+            logMsg = "KEY_PASSWORD_SET";
+        } else {
+            keyPassword =
+                System.getProperty("javax.net.ssl.keyStorePassword");
+            logMsg = keyPassword != null
+                     ? "KEY_PASSWORD_SYSTEM_PROPERTY_SET"
+                     : "KEY_PASSWORD_NOT_SET";
+        }
+        LogUtils.log(log, Level.INFO, logMsg);
+        return keyPassword;
+    }
+
+    public static String getKeystoreAlgorithm(
+                                          String keyStoreMgrFactoryAlgorithm,
+                                          Logger log) {
+        String logMsg = null;
+        if (keyStoreMgrFactoryAlgorithm != null) {
+            logMsg = "KEY_STORE_ALGORITHM_SET";
+        } else {
+            keyStoreMgrFactoryAlgorithm =
+                KeyManagerFactory.getDefaultAlgorithm();
+            logMsg = "KEY_STORE_ALGORITHM_NOT_SET";
+        }
+        LogUtils.log(log, Level.INFO, logMsg, 
+                     new Object[] {keyStoreMgrFactoryAlgorithm});
+        return keyStoreMgrFactoryAlgorithm;
+    } 
+    
+    public static String getTrustStoreAlgorithm(
+                                        String trustStoreMgrFactoryAlgorithm,
+                                        Logger log) {
+        String logMsg = null;
+        if (trustStoreMgrFactoryAlgorithm != null) {
+            logMsg = "TRUST_STORE_ALGORITHM_SET";
+        } else {
+            trustStoreMgrFactoryAlgorithm =
+                TrustManagerFactory.getDefaultAlgorithm();
+            logMsg = "TRUST_STORE_ALGORITHM_NOT_SET";
+        }
+        LogUtils.log(log, Level.INFO, logMsg, 
+                     new Object[] {trustStoreMgrFactoryAlgorithm});
+        return trustStoreMgrFactoryAlgorithm;
+    }    
+    
+    public static String[] getCiphersuites(List<String> cipherSuitesList,
+                                           Logger log) {
+        String[] cipherSuites = null;
+        if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+            int numCipherSuites = cipherSuitesList.size();
+            cipherSuites = new String[numCipherSuites];
+            String ciphsStr = null;
+            for (int i = 0; i < numCipherSuites; i++) {
+                cipherSuites[i] = cipherSuitesList.get(i);
+                if (ciphsStr == null) {
+                    ciphsStr = cipherSuites[i];
+                } else {
+                    ciphsStr += ", " + cipherSuites[i];
+                }
+            }
+            LogUtils.log(log, Level.INFO, "CIPHERSUITE_SET", new Object[]{ciphsStr});
+        } else {
+            LogUtils.log(log, Level.INFO, "CIPHERSUITE_NOT_SET");
+        }
+        return cipherSuites;
+    }         
+    
+    public static String getTrustStore(String trustStoreLocation, Logger log) {
+        String logMsg = null;
+        if (trustStoreLocation != null) {
+            logMsg = "TRUST_STORE_SET";
+        } else {            
+            trustStoreLocation = System.getProperty("javax.net.ssl.trustStore");
+            if (trustStoreLocation != null) {
+                logMsg = "TRUST_STORE_SYSTEM_PROPERTY_SET";
+            } else {
+                trustStoreLocation =
+                    System.getProperty("java.home") + "/lib/security/cacerts";
+                logMsg = "TRUST_STORE_NOT_SET";
+            }
+        }
+        LogUtils.log(log, Level.INFO, logMsg, new Object[]{trustStoreLocation});
+        return trustStoreLocation;
+    }
+    
+    public static String getTrustStoreType(String trustStoreType, Logger log) {
+        String logMsg = null;
+        if (trustStoreType != null) {
+            logMsg = "TRUST_STORE_TYPE_SET";
+        } else {
+            //Can default to JKS
+            trustStoreType = DEFAULT_TRUST_STORE_TYPE;
+            logMsg = "TRUST_STORE_TYPE_NOT_SET";
+        }
+        LogUtils.log(log, Level.INFO, logMsg, new Object[]{trustStoreType});
+        return trustStoreType;
+    }
+    
+    public static String getSecureSocketProtocol(String secureSocketProtocol,
+                                                 Logger log) {
+        if (secureSocketProtocol != null) {
+            LogUtils.log(log,
+                         Level.INFO,
+                         "SECURE_SOCKET_PROTOCOL_SET",
+                         new Object[] {secureSocketProtocol});
+        } else {
+            LogUtils.log(log, Level.INFO, "SECURE_SOCKET_PROTOCOL_NOT_SET");
+            secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
+        }
+        return secureSocketProtocol;
+    }
+    
+    public static boolean getRequireClientAuthentication(
+                                    boolean isSetRequireClientAuthentication,
+                                    Boolean isRequireClientAuthentication,
+                                    Logger log) {
+        boolean requireClientAuthentication =
+            DEFAULT_REQUIRE_CLIENT_AUTHENTICATION;
+        if (isSetRequireClientAuthentication) {
+            requireClientAuthentication =
+                isRequireClientAuthentication.booleanValue();
+            LogUtils.log(log,
+                         Level.INFO,
+                         "REQUIRE_CLIENT_AUTHENTICATION_SET", 
+                         new Object[]{requireClientAuthentication});
+        } else {
+            LogUtils.log(log,
+                         Level.WARNING,
+                         "REQUIRE_CLIENT_AUTHENTICATION_NOT_SET");
+        }
+        return requireClientAuthentication;
+    }
+    
+    public static boolean getWantClientAuthentication(
+                                       boolean isSetWantClientAuthentication,
+                                       Boolean isWantClientAuthentication,
+                                       Logger log) {
+        boolean wantClientAuthentication =
+            DEFAULT_WANT_CLIENT_AUTHENTICATION;
+        if (isSetWantClientAuthentication) {
+            wantClientAuthentication =
+                isWantClientAuthentication.booleanValue();
+            LogUtils.log(log,
+                         Level.INFO,
+                         "WANT_CLIENT_AUTHENTICATION_SET", 
+                         new Object[]{wantClientAuthentication});
+        } else {
+            LogUtils.log(log,
+                         Level.WARNING,
+                         "WANT_CLIENT_AUTHENTICATION_NOT_SET");
+        } 
+        return wantClientAuthentication;
+    }    
+   
+    protected static void logUnSupportedPolicies(Object policy,
+                                                 boolean client,
+                                                 String[] unsupported,
+                                                 Logger log) {
+        for (int i = 0; i < unsupported.length; i++) {
+            try {
+                Method method = policy.getClass().getMethod("isSet" + unsupported[i]);
+                boolean isSet =
+                    ((Boolean)method.invoke(policy, (Object[])null)).booleanValue();
+                logUnSupportedPolicy(isSet, client, unsupported[i], log);
+            } catch (Exception e) {
+                // ignore
+            }
+        }
+    }
+    
+    private static void logUnSupportedPolicy(boolean isSet,
+                                             boolean client,
+                                             String policy,
+                                             Logger log) {
+        if (isSet) {
+            LogUtils.log(log,
+                         Level.WARNING,
+                         client
+                         ? "UNSUPPORTED_SSL_CLIENT_POLICY_DATA"
+                         : "UNSUPPORTED_SSL_SERVER_POLICY_DATA",
+                         new Object[]{policy});
+        }    
+    }
+    
+    protected static boolean testAllDataHasSetupMethod(Object policy,
+                                                       String[] unsupported) {
+        Method[] sslPolicyMethods = policy.getClass().getDeclaredMethods();
+        Method[] methods = SSLUtils.class.getMethods();
+        boolean ok = true;
+        
+        for (int i = 0; i < sslPolicyMethods.length && ok; i++) {
+            String sslPolicyMethodName = sslPolicyMethods[i].getName();
+            if (sslPolicyMethodName.startsWith("isSet")) {
+                String dataName = 
+                    sslPolicyMethodName.substring("isSet".length(),
+                                                  sslPolicyMethodName.length());
+                String thisMethodName = "get" + dataName;
+                ok = hasMethod(methods, thisMethodName)
+                     || isUnSupported(unsupported, dataName);
+            }
+        }
+        return ok;
+    }
+    
+    private static boolean hasMethod(Method[] methods, String methodName) {
+        boolean found = false;
+        for (int i = 0; i < methods.length && !found; i++) {
+            found = methods[i].getName().equals(methodName);
+        }
+        return found;
+    }
+    
+    private static boolean isUnSupported(String[] unsupported,
+                                         String dataName) {
+        boolean found = false;
+        for (int i = 0; i < unsupported.length && !found; i++) {
+            found = unsupported[i].equals(dataName);
+        }
+        return found;
+        
+    }
+}

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java?view=diff&rev=468050&r1=468049&r2=468050
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java Thu Oct 26 09:03:54 2006
@@ -31,7 +31,7 @@
 
 public class HttpsURLConnectionFactoryTest extends TestCase {
 
-    private static final String DROP_BACK_SRC_DIR = 
+    protected static final String DROP_BACK_SRC_DIR = 
         "../../../../../../../"
         + "src/test/java/org/apache/cxf/transport/https/";
 
@@ -132,7 +132,7 @@
         sslClientPolicy.setKeyPassword("defaultkeypass");
         sslClientPolicy.setKeystorePassword("defaultkeypass");
         sslClientPolicy.setTrustStoreType("JKS");
-        sslClientPolicy.setTrustStoreAlgorithm("JKS");
+        //sslClientPolicy.setTrustStoreAlgorithm("JKS");
         sslClientPolicy.setSecureSocketProtocol("TLSv1");
         sslClientPolicy.setSessionCacheKey("Anything");
         sslClientPolicy.setSessionCaching(true);
@@ -435,22 +435,22 @@
     }
 
     public void testAllElementsHaveSetupMethod() throws Exception {
-        SSLClientPolicy sslClientPolicy = new SSLClientPolicy();
+        SSLClientPolicy policy = new SSLClientPolicy();
         TestLogHandler handler = new TestLogHandler();
-        HttpsURLConnectionFactory factory = createFactory(sslClientPolicy,
+        HttpsURLConnectionFactory factory = createFactory(policy,
                                                           "https://dummyurl",
                                                           handler);
         assertTrue("A new element has been " + "added to SSLClientPolicy without a corresponding "
-                   + "setup method in the configurer.", factory.testAllDataHasSetupMethod());
+                   + "setup method in the configurer.",
+                   SSLUtils.testAllDataHasSetupMethod(policy, factory.getUnSupported()));
     }
 
-    private HttpsURLConnectionFactory createFactory(SSLClientPolicy sslClientPolicy,
+    private HttpsURLConnectionFactory createFactory(SSLClientPolicy policy,
                                                     String urlStr,
                                                     TestLogHandler handler) 
         throws Exception {
         HttpsURLConnectionFactory factory =
-            new HttpsURLConnectionFactory();
-        factory.setSSLPolicy(sslClientPolicy);
+            new HttpsURLConnectionFactory(policy);
         factory.addLogHandler(handler);
         return factory;
     }



Mime
View raw message