cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ningji...@apache.org
Subject svn commit: r541568 [2/4] - in /incubator/cxf/trunk: api/src/main/java/org/apache/cxf/configuration/jsse/ common/schemas/src/main/resources/schemas/configuration/ distribution/src/main/release/samples/hello_world_https/ distribution/src/main/release/sa...
Date Fri, 25 May 2007 06:44:32 GMT
Modified: incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/client.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/client.xml?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/client.xml (original)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/client.xml Thu May 24 23:44:27 2007
@@ -1,49 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
-  
-  http://www.apache.org/licenses/LICENSE-2.0
-  
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:sec="http://cxf.apache.org/configuration/security"
-  xmlns:http="http://cxf.apache.org/transports/http/configuration"
-  xsi:schemaLocation="
-http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd
-http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
-
-  <http:conduit id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
-
-    <http:sslClient>
-      <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
-      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
-      <sec:KeyPassword>celtixpass</sec:KeyPassword>
-      <sec:TrustStore>src/demo/hw_https/resources/abigcompany_ca.pem</sec:TrustStore>
-      <sec:CiphersuiteFilters>
-        <!-- these filters ensure that a ciphersuite with
-          export-suitable but non-null encryption is used,
-          and prefers the stronger SHA over MD5 message digests -->
-        <sec:include>.*_EXPORT_.*</sec:include>
-        <sec:include>.*_EXPORT1024_.*</sec:include>
-        <sec:include>.*_WITH_DES_.*</sec:include>
-        <sec:exclude>.*_WITH_NULL_.*</sec:exclude>
-        <sec:exclude>.*_MD5</sec:exclude>
-      </sec:CiphersuiteFilters>
-    </http:sslClient>
-  </http:conduit>
-
-
-</beans>

Modified: incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/insecure_client.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/insecure_client.xml?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/insecure_client.xml (original)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/insecure_client.xml Thu May 24 23:44:27 2007
@@ -1,30 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
-  
-  http://www.apache.org/licenses/LICENSE-2.0
-  
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:http="http://cxf.apache.org/transports/http/configuration"
-  xsi:schemaLocation="
-http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd
-http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
-
-  <http:conduit id="{http://apache.org/hello_world_soap_http}SoapPort.http-conduit">
-  </http:conduit>
-
-</beans>

Modified: incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/server.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/server.xml?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/server.xml (original)
+++ incubator/cxf/trunk/distribution/src/main/release/samples/hello_world_https/server.xml Thu May 24 23:44:27 2007
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Licensed to the Apache Software Foundation (ASF) under one
-  or more contributor license agreements. See the NOTICE file
-  distributed with this work for additional information
-  regarding copyright ownership. The ASF licenses this file
-  to you under the Apache License, Version 2.0 (the
-  "License"); you may not use this file except in compliance
-  with the License. You may obtain a copy of the License at
-  
-  http://www.apache.org/licenses/LICENSE-2.0
-  
-  Unless required by applicable law or agreed to in writing,
-  software distributed under the License is distributed on an
-  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-  KIND, either express or implied. See the License for the
-  specific language governing permissions and limitations
-  under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-  xmlns:sec="http://cxf.apache.org/configuration/security"
-  xmlns:http="http://cxf.apache.org/transports/http/configuration"
-  xsi:schemaLocation="
-http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schema/transports/http.xsd
-http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
-
-  <http:destination id="{http://apache.org/hello_world_soap_http}GreeterImplPort.http-destination">
-    <http:sslServer>
-      <sec:Keystore>src/demo/hw_https/resources/celtix.p12</sec:Keystore>
-      <sec:KeystoreType>PKCS12</sec:KeystoreType>
-      <sec:KeystorePassword>celtixpass</sec:KeystorePassword>
-      <sec:KeyPassword>celtixpass</sec:KeyPassword>
-      <sec:WantClientAuthentication>true</sec:WantClientAuthentication>
-      <sec:RequireClientAuthentication>true</sec:RequireClientAuthentication>
-      <sec:TrustStore>src/demo/hw_https/resources/celtixp12.truststore</sec:TrustStore>
-      <sec:CiphersuiteFilters>
-        <!-- these filters ensure that a ciphersuite with
-          export-suitable or null encryption is used,
-          but exclude anonymous Diffie-Hellman key change as
-          this is vulnerable to man-in-the-middle attacks -->
-        <sec:include>.*_EXPORT_.*</sec:include>
-        <sec:include>.*_EXPORT1024_.*</sec:include>
-        <sec:include>.*_WITH_DES_.*</sec:include>
-        <sec:include>.*_WITH_NULL_.*</sec:include>
-        <sec:exclude>.*_DH_anon_.*</sec:exclude>
-      </sec:CiphersuiteFilters>
-    </http:sslServer>
-  </http:destination>
-
-</beans>

Modified: incubator/cxf/trunk/rt/transports/http-jetty/pom.xml
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/pom.xml?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/pom.xml (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/pom.xml Thu May 24 23:44:27 2007
@@ -76,7 +76,7 @@
         <dependency>
             <groupId>org.mortbay.jetty</groupId>
             <artifactId>jetty</artifactId>
-            <version>6.1.2rc0</version>
+            <version>6.1.3</version>
         </dependency>       
         <dependency>
             <groupId>org.slf4j</groupId>

Modified: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java Thu May 24 23:44:27 2007
@@ -32,6 +32,8 @@
 import org.apache.cxf.Bus;
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.StringUtils;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.security.SSLServerPolicy;
 import org.apache.cxf.message.Message;
 import org.apache.cxf.message.MessageImpl;
 import org.apache.cxf.security.SecurityContext;
@@ -46,42 +48,40 @@
 
 public class JettyHTTPDestination extends AbstractHTTPDestination {
     
-    private static final Logger LOG = LogUtils.getL7dLogger(JettyHTTPDestination.class);
+    private static final Logger LOG =
+        LogUtils.getL7dLogger(JettyHTTPDestination.class);
 
-    protected ServerEngine engine;
-    protected ServerEngine alternateEngine;
+    
+    protected JettyHTTPServerEngine engine;
     protected JettyHTTPTransportFactory transportFactory;
+    protected JettyHTTPServerEngineFactory serverEngineFactory;
     protected URL nurl;
     
     /**
-     * Constructor, using Jetty server engine.
-     * 
-     * @param b the associated Bus
-     * @param ci the associated conduit initiator
-     * @param endpointInfo the endpoint info of the destination
-     * @throws IOException
+     * This variable signifies that finalizeConfig() has been called.
+     * It gets called after this object has been spring configured.
+     * It is used to automatically reinitialize things when resources
+     * are reset, such as setTlsServerParameters().
      */
-    public JettyHTTPDestination(Bus b, JettyHTTPTransportFactory ci, 
-                                EndpointInfo endpointInfo) throws IOException {
-        this(b, ci, endpointInfo, null);
-    }
-
+    private boolean configFinalized;
+     
     /**
-     * Constructor, allowing subsititution of server engine.
+     * Constructor, using Jetty server engine.
      * 
      * @param b the associated Bus
      * @param ci the associated conduit initiator
      * @param endpointInfo the endpoint info of the destination
-     * @param eng the server engine
      * @throws IOException
      */
-    public JettyHTTPDestination(Bus b, JettyHTTPTransportFactory ci, 
-                                EndpointInfo endpointInfo, ServerEngine eng)
-        throws IOException {
+    public JettyHTTPDestination(
+            Bus                       b,
+            JettyHTTPTransportFactory ci, 
+            EndpointInfo              endpointInfo
+    ) throws IOException {
         //Add the defualt port if the address is missing it
         super(b, ci, endpointInfo, true);
-        alternateEngine = eng;
         this.transportFactory = ci;
+        this.serverEngineFactory = ci.getJettyHTTPServerEngineFactory();
         nurl = new URL(endpointInfo.getAddress());
     }
 
@@ -93,22 +93,115 @@
      * Post-configure retreival of server engine.
      */
     protected void retrieveEngine() {
-        engine = alternateEngine != null
-                 ? alternateEngine
-                 : JettyHTTPServerEngine.getForPort(bus,
-                                                    nurl.getProtocol(),
-                                                    nurl.getPort(),
-                                                    getSslServer());
+        if (this.getTlsServerParameters() != null) {
+            if (!"https".equals(nurl.getProtocol())) {
+                throw new RuntimeException(
+                        "Wrong protocol for TLS configuration: proto: " 
+                        + nurl.getProtocol());
+            }
+            // If the previous engine was "https", we have to shut it down as
+            // it cannot be reconfigured.
+            if (engine != null 
+                && "https".equals(engine.getProtocol())
+                && nurl.getPort() == engine.getPort()) {
+                engine.shutdown();
+            }
+            engine = serverEngineFactory.getForPort(
+                                 nurl.getProtocol(),
+                                 nurl.getPort(),
+                                 getTlsServerParameters());
+        // TODO: Remove when old SSL config is gone
+        } else if (this.getSslServer() != null) {
+            if (!"https".equals(nurl.getProtocol())) {
+                throw new RuntimeException(
+                        "Wrong protocol for TLS configuration: proto: " 
+                        + nurl.getProtocol());
+            }
+            // If the previous engine was "https", we have to shut it down as
+            // it cannot be reconfigured.
+            if (engine != null 
+                && "https".equals(engine.getProtocol())
+                && nurl.getPort() == engine.getPort()) {
+                engine.shutdown();
+            }
+            engine = serverEngineFactory.getForPort(nurl.getProtocol(),
+                                                nurl.getPort(),
+                                                getSslServer());
+        } else {
+            // We may still have "https", but we might still get the configuration from
+            // http-listener.
+
+            // If the previous engine was "https", we have to shut it down as
+            // it cannot be reconfigured.
+            if (engine != null && "https".equals(nurl.getPort())
+                && "https".equals(engine.getProtocol())
+                && nurl.getPort() == engine.getPort()) {
+                engine.shutdown();
+            }
+            // This should throw an exception if TLS is not configured 
+            // for http-listener and the protocol is "https".
+            engine = serverEngineFactory.getForPort(nurl.getProtocol(),
+                                                nurl.getPort());
+        }
+        assert engine != null;
+    }
+    
+    /**
+     * This method is used to finalize the configuration
+     * after the configuration items have been set.
+     *
+     */
+    public void finalizeConfig() {
+        retrieveEngine();
+        configFinalized = true;
     }
     
     /**
+     * This method sets the SSLServerPolicy for this destination. Changing
+     * the SSLServerPolicy object internally will not affect this destination.
+     * This method must be called to reconfigure the Destination.
+     * 
+     * @param policy
+     */
+    @Deprecated
+    @Override
+    public void setSslServer(SSLServerPolicy policy) {
+        super.setSslServer(policy);
+        if (configFinalized) {
+            deactivate();
+            engine.shutdown();
+            engine = null;
+            retrieveEngine();
+        }
+    }
+
+    /**
+     * This method sets the TLS Server Parameters for this destination. 
+     * Changing the TLSServerParameters object internally will not affect this 
+     * destination.
+     * This method must be called to reconfigure the Destination.
+     * 
+     * @param params
+     */
+    @Override
+    public void setTlsServerParameters(TLSServerParameters params) {
+        super.setTlsServerParameters(params);
+        if (configFinalized) {
+            deactivate();
+            engine.shutdown();
+            engine = null;
+            retrieveEngine();
+        }
+    }
+    /**
      * Activate receipt of incoming messages.
      */
     protected void activate() {
         LOG.log(Level.FINE, "Activating receipt of incoming messages");
         try {
             URL url = new URL(endpointInfo.getAddress());
-            engine.addServant(url, new JettyHTTPHandler(this, contextMatchOnExact()));
+            engine.addServant(url, 
+                    new JettyHTTPHandler(this, contextMatchOnExact()));
             
         } catch (Exception e) {
             LOG.log(Level.WARNING, "URL creation failed: ", e);

Modified: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java Thu May 24 23:44:27 2007
@@ -19,12 +19,13 @@
 
 package org.apache.cxf.transport.http_jetty;
 
+import java.io.IOException;
 import java.net.URL;
-import java.util.HashMap;
-import java.util.Map;
+import java.security.GeneralSecurityException;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.jsse.spring.TLSServerParametersConfig;
 import org.apache.cxf.configuration.security.SSLServerPolicy;
 import org.apache.cxf.transport.HttpUriMapper;
 import org.apache.cxf.transport.http.listener.HTTPListenerConfigBean;
@@ -37,11 +38,10 @@
 
 
 
-public final class JettyHTTPServerEngine extends HTTPListenerConfigBean implements ServerEngine {
+public class JettyHTTPServerEngine
+    extends HTTPListenerConfigBean 
+    implements ServerEngine {
     private static final long serialVersionUID = 1L;
-    
-    private static Map<Integer, JettyHTTPServerEngine> portMap =
-        new HashMap<Integer, JettyHTTPServerEngine>();
    
     private int servantCount;
     private Server server;
@@ -49,9 +49,54 @@
     private JettyConnectorFactory connectorFactory;
     private ContextHandlerCollection contexts;
     
+    /**
+     * This field holds the protocol this engine is for. "http" or "https".
+     */
+    private final String protocol;
+    
     private final int port;
     
-    JettyHTTPServerEngine(Bus bus, String protocol, int p) {
+    /**
+     * This field holds the TLS ServerParameters that are programatically
+     * configured. The tlsServerParamers (due to JAXB) holds the struct
+     * placed by SpringConfig.
+     */
+    private TLSServerParameters tlsProgrammaticServerParameters;
+    
+    /**
+     * This boolean signfies that SpringConfig is over. finalizeConfig
+     * has been called.
+     */
+    private boolean configFinalized;
+    
+    /**
+     * This is the Server Engine Factory. This factory caches some 
+     * engines based on port numbers.
+     */
+    private JettyHTTPServerEngineFactory factory;
+    
+    JettyHTTPServerEngine(JettyHTTPServerEngineFactory fac, Bus bus,
+            String proto, int p) {
+        factory = fac;
+        protocol = proto;
+        port = p;
+    }
+
+    // TODO: remove when old SSL config is gone.
+    @Deprecated
+    JettyHTTPServerEngine(JettyHTTPServerEngineFactory fac, Bus bus,
+            String proto, int p, SSLServerPolicy policy) {
+        factory = fac;
+        sslServer = policy;
+        protocol = proto;
+        port = p;
+    }
+
+    JettyHTTPServerEngine(JettyHTTPServerEngineFactory fac, Bus bus,
+            String proto, int p, TLSServerParameters params) {
+        factory = fac;
+        tlsProgrammaticServerParameters = params;
+        protocol = proto;
         port = p;
     }
     
@@ -59,39 +104,28 @@
         return JettyHTTPServerEngine.class.getName() + "." + port;
     }
 
-    static synchronized JettyHTTPServerEngine getForPort(Bus bus, String protocol, int p) {
-        return getForPort(bus, protocol, p, null);
+    /**
+     * Returns the protocol "http" or "https" for which this engine
+     * was configured.
+     */
+    public String getProtocol() {
+        return protocol;
     }
-
-    static synchronized JettyHTTPServerEngine getForPort(Bus bus,
-                                                         String protocol,
-                                                         int p,
-                                                         SSLServerPolicy sslServerPolicy) {
-        JettyHTTPServerEngine ref = portMap.get(p);
-        if (ref == null) {
-            ref = new JettyHTTPServerEngine(bus, protocol, p);
-            configure(bus, ref);
-            ref.init(sslServerPolicy);
-            ref.retrieveListenerFactory();
-            portMap.put(p, ref);
-        }
-        return ref;
-    }
-    
-    public static synchronized void destroyForPort(int p) {
-        JettyHTTPServerEngine ref = portMap.remove(p);
-        if (ref != null && ref.server != null) {
-            try {
-                ref.connector.close();
-                ref.server.stop();
-                ref.server.destroy();
-                ref.server = null;
-                ref.listener = null;            
-            } catch (Exception e) {
-                // TODO Auto-generated catch block
-                e.printStackTrace();
-            }            
-        }
+    
+    /**
+     * Returns the port number for which this server engine was configured.
+     * @return
+     */
+    public int getPort() {
+        return port;
+    }
+    
+    /**
+     * This method will shut down the server engine and
+     * remove it from the factory's cache. 
+     */
+    public void shutdown() {
+        factory.destroyForPort(port);
     }
     
     /**
@@ -241,19 +275,50 @@
         }
         return ret;
     }
-    
-    protected static void configure(Bus bus, Object bean) {
-        Configurer configurer = bus.getExtension(Configurer.class);
-        if (null != configurer) {
-            configurer.configureBean(bean);
+
+    protected void retrieveListenerFactory() {
+        if (tlsProgrammaticServerParameters != null) {
+            connectorFactory = JettyHTTPTransportFactory
+                    .getConnectorFactory(tlsProgrammaticServerParameters);
+        // TODO: remove when old SSL Config is gone.
+        } else if (isSetSslServer()) {
+            connectorFactory = JettyHTTPTransportFactory
+                    .getConnectorFactory(getSslServer());
+        } else {
+            connectorFactory = JettyHTTPTransportFactory
+                    .getConnectorFactory((TLSServerParameters) null);
         }
     }
+    
+    /**
+     * This method is called after configure on this object.
+     */
+    protected void finalizeConfig() throws GeneralSecurityException,
+            IOException {
 
-    private void retrieveListenerFactory() {
-        connectorFactory = JettyHTTPTransportFactory.getConnectorFactory(getSslServer());
+        // If the listener was spring configured, convert those structs
+        // to real configuration with KeyManagers and TrustManagers.
+        if (this.tlsProgrammaticServerParameters == null
+                && isSetTlsServerParameters()) {
+            tlsProgrammaticServerParameters = 
+                new TLSServerParametersConfig(getTlsServerParameters());
+        }
+        if (!isSetListener()) {
+            setListener(new HTTPListenerPolicy());
+        }
+        if ("https".equals(protocol)
+                && tlsProgrammaticServerParameters == null 
+                && !isSetSslServer()) {
+            throw new RuntimeException(
+                    "Protocol is \"https\" without suitable "
+                            + "programmatic or spring configuration.");
+        }
+        retrieveListenerFactory();
+        this.configFinalized = true;
     }
     
-    private void init(SSLServerPolicy sslServerPolicy) {
+    @Deprecated
+    protected void init(SSLServerPolicy sslServerPolicy) {
         if (!isSetSslServer()) {
             setSslServer(sslServerPolicy);
         }
@@ -261,4 +326,121 @@
             setListener(new HTTPListenerPolicy());
         }
     }
+    
+    @Deprecated
+    @Override
+    public void setSslServer(SSLServerPolicy policy) {
+        super.setSslServer(policy);
+        if (this.configFinalized) {
+            this.retrieveListenerFactory();
+        }
+    }
+    /**
+     * This method is called to possibly reconfigure a listener. 
+     */
+    protected void reconfigure(String proto, TLSServerParameters tlsParams) {
+        if (!getProtocol().equals(proto)) {
+            throw new RuntimeException(
+                    "Cannot reconfigure an allocated server port with "
+                    + "different protocol."
+                    + " Port: " + port + " to Protocol " + proto);
+        }
+        if ("https".equals(proto)) {
+            // TLS/SSL Parameters have not yet been set.
+            if (tlsProgrammaticServerParameters == null) {
+                if (!isSetSslServer()) {
+                    try {
+                        setProgrammaticTlsServerParameters(tlsParams);
+                    } catch (Exception e) {
+                        throw new RuntimeException(
+                                "Could not initialize configuration of "
+                                + getBeanName() + ".", e);
+                    }
+                } else {
+                    throw new RuntimeException(
+                        "Cannot reconfigure an allocated TLS server port. "
+                        + "Port = " + port);
+                }
+            } else if (tlsProgrammaticServerParameters != tlsParams) {
+                throw new RuntimeException(
+                    "Cannot reconfigure an allocated TLS server port. "
+                    + "Port = " + port);
+            }
+        }
+        
+    }
+
+    /**
+     * This method is called to possibly reconfigure a listener. 
+     * @param proto
+     * @param policy
+     */
+    @Deprecated
+    protected void reconfigure(String proto, SSLServerPolicy policy) {
+        if (!getProtocol().equals(proto)) {
+            throw new RuntimeException(
+                    "Cannot reconfigure an allocated server port with "
+                    + "different protocol."
+                    + " Port: " + port + " to Protocol " + proto);
+        }
+        if ("https".equals(proto)) {
+            // TLS/SSL Parameters have not yet been set.
+            if (!isSetSslServer()) {
+                if (tlsProgrammaticServerParameters == null) {
+                    try {
+                        setSslServer(policy);
+                    } catch (Exception e) {
+                        throw new RuntimeException(
+                                "Could not initialize configuration of "
+                                + getBeanName() + ".", e);
+                    }
+                } else {
+                    throw new RuntimeException(
+                            "Cannot reconfigure an allocated TLS server port. "
+                            + "Port = " + port);
+                }
+            } else if (getSslServer() != policy) {
+                throw new RuntimeException(
+                    "Cannot reconfigure an allocated TLS server port. Port = " 
+                    + port);
+            }
+        }
+    }
+
+    /**
+     * This method is called by the ServerEngine Factory to destroy the 
+     * listener.
+     *
+     */
+    protected void stop() throws Exception {
+        if (server != null) {
+            connector.close();
+            server.stop();
+            server.destroy();
+            server   = null;
+            listener = null;
+        }
+    }
+    
+    /**
+     * This method is used to programmatically set the TLSServerParameters.
+     * This method must be used to dynamically configure the http-listener.
+     */
+    public void setProgrammaticTlsServerParameters(TLSServerParameters params) {
+        tlsProgrammaticServerParameters = params;
+        if (this.configFinalized) {
+            this.retrieveListenerFactory();
+        }
+    }
+    
+    /**
+     * This method returns the programmatically set TLSServerParameters, not
+     * the TLSServerParametersType, which is the JAXB generated type used 
+     * in SpringConfiguration.
+     * @return
+     */
+    public TLSServerParameters getProgrammaticTlsServerParameters() {
+        return tlsProgrammaticServerParameters;
+    }
+    
 }

Added: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactory.java?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactory.java (added)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactory.java Thu May 24 23:44:27 2007
@@ -0,0 +1,166 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.http_jetty;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.security.SSLServerPolicy;
+
+public class JettyHTTPServerEngineFactory {
+
+    /**
+     * This map holds references for allocated ports.
+     */
+    // HACK!!! All system tests do not shut down bus correct,
+    // or the bus does not shutdown all endpoints correctly,
+    // so that these are shared amongst busses. Which is
+    // hogwash!! This was static before I changed it, and I
+    // tried to make it local.  Now, we get address in use
+    // Bind exceptions because these server engines aren't
+    // shared!! What hog wash. Propper shutdowns people!
+    
+    // We will keep it static until
+    // we can resolve the problems in the System tests.
+    // TODO: Fix the System Tests so that they shutdown the 
+    // buses that they are using and that the buses actually
+    // shutdown the destinations and their server engines
+    // properly. This will require a bit of lifecyle and reference
+    // counting on Destinations to server engines, if they are 
+    // going to be shared, but they should by no means be 
+    // shared accross buses, right?
+    private static Map<Integer, JettyHTTPServerEngine> portMap =
+        new HashMap<Integer, JettyHTTPServerEngine>();
+    
+    /**
+     * The bus.
+     */
+    private Bus bus;
+    
+    protected JettyHTTPServerEngineFactory(Bus b) {
+        bus = b;
+    }
+    
+    /**
+     * Allocate a JettyServer engine for a particular port. This call is allows 
+     * the Spring configuration of the engine. If the protocol is "https" it 
+     * must find a suitable configuration or this call will throw an error.
+     */
+    synchronized JettyHTTPServerEngine getForPort(String protocol, int p) {
+
+        return getForPort(protocol, p, (TLSServerParameters) null);
+    }
+
+    /**
+     * Allocate a Jetty server engine for a particular port, and an ssl 
+     * server policy.
+     * This call in order to remain consistent with previous implemenation 
+     * does NOT override any spring configuration. That may be a bug. 
+     * This method is deprecated in favor of using TLSServerParameters.
+     */
+    @Deprecated
+    synchronized JettyHTTPServerEngine getForPort(
+            String protocol,
+            int p,
+            SSLServerPolicy sslServerPolicy
+    ) {
+        JettyHTTPServerEngine ref = portMap.get(p);
+        if (ref == null) {
+            ref = new JettyHTTPServerEngine(this, bus, protocol, p);
+            configure(ref);
+            // This previous incantaion says programatic configuration does not 
+            // override because init tests to see if sslServer is already set 
+            // and if so, ignores this sslServerPolicy. 
+            // This situation has been fixed with tlsServerParameters.
+            ref.init(sslServerPolicy);
+            ref.retrieveListenerFactory();
+            portMap.put(p, ref);
+        } else {
+            // This will throw an exception if the reference cannot be 
+            // reconfigured
+            ref.reconfigure(protocol, sslServerPolicy);
+        }
+        return ref;
+    }
+    
+    /**
+     * Allocate a Jetty server engine for a particular port with TLS parameters.
+     * If tlsParams is not null, it overrides any spring configuration of TLS 
+     * parameters.
+     */
+    synchronized JettyHTTPServerEngine getForPort(
+            String protocol,
+            int p,
+            TLSServerParameters tlsParams
+    ) {
+        JettyHTTPServerEngine ref = portMap.get(p);
+        if (ref == null) {
+            ref = new JettyHTTPServerEngine(this, bus, protocol, p);
+            configure(ref);
+            // Programatic configuration overrides Spring configuration.
+            if (tlsParams != null) {
+                ref.setProgrammaticTlsServerParameters(tlsParams);
+            }
+            try { 
+                ref.finalizeConfig();
+            } catch (Exception e) {
+                throw new RuntimeException(
+                        "Could not initialize configuration of "
+                        + ref.getBeanName() + ".", e);
+            }
+            portMap.put(p, ref);
+        } else {
+            // This call will throw an exception if the engine cannot be 
+            // reconfigured.
+            ref.reconfigure(protocol, tlsParams);
+        }
+        return ref;
+    }
+    
+    /**
+     * This method removes the Server Engine from the port map and stops it.
+     */
+    public synchronized void destroyForPort(int port) {
+        JettyHTTPServerEngine ref = portMap.remove(port);
+        if (ref != null) {
+            try {
+                ref.stop();
+            } catch (Exception e) {
+                // TODO Auto-generated catch block
+                e.printStackTrace();
+            }            
+        }
+    }
+
+    /**
+     * This call configures the Server Engine as Spring Bean.
+     * @param bean
+     */
+    protected void configure(JettyHTTPServerEngine bean) {
+        Configurer configurer = bus.getExtension(Configurer.class);
+        if (null != configurer) {
+            configurer.configureBean(bean);
+        }
+    }
+
+    
+}

Propchange: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactory.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactory.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPTransportFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPTransportFactory.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPTransportFactory.java (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPTransportFactory.java Thu May 24 23:44:27 2007
@@ -25,6 +25,7 @@
 import javax.annotation.Resource;
 
 import org.apache.cxf.Bus;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
 import org.apache.cxf.configuration.security.SSLServerPolicy;
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.Destination;
@@ -35,18 +36,35 @@
 
 
 public class JettyHTTPTransportFactory extends AbstractHTTPTransportFactory {
-    Map<String, JettyHTTPDestination> destinations = new HashMap<String, JettyHTTPDestination>();
+    Map<String, JettyHTTPDestination> destinations = 
+        new HashMap<String, JettyHTTPDestination>();
+    
+    /**
+     * This field contains the JettyHTTPServerEngineFactory.
+     * It holds a cache of engines that may be used for particular ports.
+     */
+    private JettyHTTPServerEngineFactory serverEngineFactory;
     
     public JettyHTTPTransportFactory() {
         super();
-        
     }
     
     @Resource(name = "bus")
     public void setBus(Bus b) {
         super.setBus(b);
+        // This cannot be called twice;
+        assert serverEngineFactory == null;
+        
+        serverEngineFactory = new JettyHTTPServerEngineFactory(b);
     }
 
+    /**
+     * This method returns the Jetty HTTP Server Engine Factory.
+     */
+    protected JettyHTTPServerEngineFactory getJettyHTTPServerEngineFactory() {
+        return serverEngineFactory;
+    }
+    
     @Override
     public Destination getDestination(EndpointInfo endpointInfo) throws IOException {
         String addr = endpointInfo.getAddress();
@@ -60,6 +78,11 @@
     
     private synchronized JettyHTTPDestination createDestination(EndpointInfo endpointInfo) 
         throws IOException {
+        // Cached Destinations could potentially use an "https" destination 
+        // created by somebody else that will not be able to be reconfigured. 
+        // As a result of trying would shutdown the server engine that may
+        // be in use.
+        
         JettyHTTPDestination destination = destinations.get(endpointInfo.getAddress());
         if (destination == null) {
             destination = new JettyHTTPDestination(getBus(), this, endpointInfo);
@@ -67,11 +90,12 @@
             destinations.put(endpointInfo.getAddress(), destination);
             
             configure(destination);
-            destination.retrieveEngine(); 
+            destination.finalizeConfig(); 
         }
         return destination;
     }
 
+    @Deprecated
     protected static JettyConnectorFactory getConnectorFactory(SSLServerPolicy policy) {
         return policy == null
                ? new JettyConnectorFactory() {                     
@@ -83,5 +107,24 @@
                    }
                }
                : new JettySslConnectorFactory(policy);
+    }
+    
+    /**
+     * This method creates a connector factory. If there are TLS parameters
+     * then it creates a TLS enabled one.
+     */
+    protected static JettyConnectorFactory getConnectorFactory(
+            TLSServerParameters tlsParams
+    ) {
+        return tlsParams == null
+               ? new JettyConnectorFactory() {                     
+                   public AbstractConnector createConnector(int port) {
+                       SelectChannelConnector result = new SelectChannelConnector();
+                       //SocketConnector result = new SocketConnector();
+                       result.setPort(port);
+                       return result;
+                   }
+               }
+               : new JettySslConnectorFactory(tlsParams);
     }
 }

Added: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java (added)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java Thu May 24 23:44:27 2007
@@ -0,0 +1,130 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.https_jetty;
+
+
+import java.security.SecureRandom;
+import java.util.List;
+import java.util.logging.Logger;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLServerSocketFactory;
+import javax.net.ssl.TrustManager;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.security.ClientAuthentication;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.transport.https.SSLUtils;
+import org.mortbay.jetty.security.SslSocketConnector;
+
+/**
+ * This class extends the Jetty SslSocketConnector, which allows
+ * us to configure it more in tune with the JSSE, using KeyManagers
+ * and TrustManagers. Also, Jetty version 6.1.3 has a bug where
+ * the Trust store needs a password.
+ */
+public class CXFJettySslSocketConnector extends SslSocketConnector {
+    private static final Logger LOG = LogUtils.getL7dLogger(CXFJettySslSocketConnector.class);    
+    
+    protected KeyManager[]   keyManagers;
+    protected TrustManager[] trustManagers;
+    protected SecureRandom   secureRandom;
+    protected List<String>   cipherSuites;
+    protected FiltersType    cipherSuitesFilter;
+    
+    /**
+     * Set the cipherSuites
+     */
+    protected void setCipherSuites(List<String> cs) {
+        cipherSuites = cs;
+    }
+    
+    /**
+     * Set the CipherSuites Filter
+     */
+    protected void setCipherSuitesFilter(FiltersType filter) {
+        cipherSuitesFilter = filter;
+    }
+    
+    /**
+     * Set the KeyManagers.
+     */
+    protected void setKeyManagers(KeyManager[] kmgrs) {
+        keyManagers = kmgrs;
+    }
+    
+    /**
+     * Set the TrustManagers.
+     */
+    protected void setTrustManagers(TrustManager[] tmgrs) {
+        trustManagers = tmgrs;
+    }
+    
+    /**
+     * Set the SecureRandom Parameters
+     */
+    protected void setSecureRandom(SecureRandom random) {
+        secureRandom = random;
+    }
+    
+    /**
+     * Set the ClientAuthentication (from the JAXB type) that
+     * configures an HTTP Destination.
+     */
+    protected void setClientAuthentication(ClientAuthentication clientAuth) {
+        if (clientAuth.isSetWant()) {
+            setWantClientAuth(clientAuth.isWant());
+        }
+        if (clientAuth.isSetRequired()) {
+            setNeedClientAuth(clientAuth.isRequired());
+        }
+    }
+    
+    /**
+     * We create our own socket factory.
+     */
+    @Override
+    protected SSLServerSocketFactory createFactory()
+        throws Exception {
+    
+        String proto = getProtocol() == null
+               ? "TLS"
+               : getProtocol();
+        
+        SSLContext context = getProvider() == null
+               ? SSLContext.getInstance(proto)
+               : SSLContext.getInstance(proto, getProvider());
+
+        context.init(keyManagers, trustManagers, secureRandom);
+
+        SSLServerSocketFactory con = context.getServerSocketFactory();
+        
+        String[] cs = 
+            SSLUtils.getCiphersuites(
+                    cipherSuites,
+                    SSLUtils.getServerSupportedCipherSuites(context),
+                    cipherSuitesFilter,
+                    LOG, true);
+        
+        setExcludeCipherSuites(cs);
+        return con;
+    }
+
+}

Propchange: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java Thu May 24 23:44:27 2007
@@ -23,37 +23,47 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
 
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
 import org.apache.cxf.configuration.security.SSLServerPolicy;
 import org.apache.cxf.transport.http_jetty.JettyConnectorFactory;
 import org.apache.cxf.transport.https.SSLUtils;
 import org.mortbay.jetty.AbstractConnector;
-import org.mortbay.jetty.security.SslSocketConnector;
 
 
 public final class JettySslConnectorFactory implements JettyConnectorFactory {
     private static final long serialVersionUID = 1L;
     private static final Logger LOG = LogUtils.getL7dLogger(JettySslConnectorFactory.class);    
     
+    @Deprecated
     private static final String[] UNSUPPORTED =
     {"SessionCaching", "SessionCacheKey", "MaxChainLength",
      "CertValidator", "TrustStoreAlgorithm", "TrustStoreType"};
 
     private static final String[] DERIVATIVE = {"CiphersuiteFilters"};
     
+    @Deprecated
     SSLServerPolicy sslPolicy;
         
+    TLSServerParameters tlsServerParameters;
+    
     /**
      * Constructor.
      * 
      * @param policy the applicable SSLServerPolicy (guaranteed non-null)
      */
+    @Deprecated
     public JettySslConnectorFactory(SSLServerPolicy policy) {
         this.sslPolicy = policy;
     }    
     
+    public JettySslConnectorFactory(TLSServerParameters params) {
+        tlsServerParameters = params;
+    }
     
     /**
      * Create a SSL Connector.
@@ -61,43 +71,83 @@
      * @param p the listen port
      */
     public AbstractConnector createConnector(int port) {
-        SslSocketConnector secureConnector = new SslSocketConnector();
-        secureConnector.setPort(port);
-        decorate(secureConnector);
-        return secureConnector;
+        if (tlsServerParameters != null) {
+            CXFJettySslSocketConnector secureConnector = 
+                new CXFJettySslSocketConnector();
+            secureConnector.setPort(port);
+            decorateCXFJettySslSocketConnector(secureConnector);
+            return secureConnector;
+        }
+        if (sslPolicy != null) {
+            //SslSocketConnector secureConnector = new SslSocketConnector();
+            CXFJettySslSocketConnector secureConnector = 
+                new CXFJettySslSocketConnector();
+            secureConnector.setPort(port);
+            decorate(secureConnector);
+            return secureConnector;
+        }
+        assert false;
+        return null;
+    }
+    
+    /**
+     * This method sets the security properties for the CXF extension
+     * of the JettySslConnector.
+     */
+    private void decorateCXFJettySslSocketConnector(
+            CXFJettySslSocketConnector con
+    ) {
+        con.setKeyManagers(tlsServerParameters.getKeyManagers());
+        con.setTrustManagers(tlsServerParameters.getTrustManagers());
+        con.setSecureRandom(tlsServerParameters.getSecureRandom());
+        con.setClientAuthentication(
+                tlsServerParameters.getClientAuthentication());
+        con.setProtocol(tlsServerParameters.getSecureSocketProtocol());
+        con.setProvider(tlsServerParameters.getJsseProvider());
+        con.setCipherSuites(tlsServerParameters.getCipherSuites());
+        con.setCipherSuitesFilter(tlsServerParameters.getCipherSuitesFilter());
     }
     
     /**
      * Decorate listener with applicable SSL settings.
+     * This method will be deprecated after old SSL configuration is gone.
+     * This method has been modified to use the CXF extension 
+     * to the JettySslSocketConnector so that we may upgrade to 
+     * Jetty 6.1.3.
      * 
      * @param listener the secure listener
      */
-    public void decorate(SslSocketConnector secureListener) {
+    @Deprecated
+    public void decorate(CXFJettySslSocketConnector secureListener) {
+        
+        // This has been modified to work with Jetty 6.1.3 and our
+        // extended JettySslSocketConnector, because they have a bug
+        // in which processing the TrustStore throws a null pointer
+        // exception if the trust store doesn't have a password set.
+        
         String keyStoreLocation =
             SSLUtils.getKeystore(sslPolicy.getKeystore(), LOG);
-        secureListener.setKeystore(keyStoreLocation);
+        //secureListener.setKeystore(keyStoreLocation);
         String keyStoreType =
             SSLUtils.getKeystoreType(sslPolicy.getKeystoreType(), LOG);
-        secureListener.setKeystoreType(keyStoreType);
+        //secureListener.setKeystoreType(keyStoreType);
         String keyStorePassword =
             SSLUtils.getKeystorePassword(sslPolicy.getKeystorePassword(), LOG);
-        secureListener.setPassword(keyStorePassword);
+        //secureListener.setPassword(keyStorePassword);
         String keyPassword =
             SSLUtils.getKeyPassword(sslPolicy.getKeyPassword(), LOG);
-        secureListener.setKeyPassword(keyPassword);
+        //secureListener.setKeyPassword(keyPassword);
         String keyStoreMgrFactoryAlgorithm =
             SSLUtils.getKeystoreAlgorithm(sslPolicy.getKeystoreAlgorithm(),
                                           LOG);
-        secureListener.setSslKeyManagerFactoryAlgorithm(keyStoreMgrFactoryAlgorithm);
-        
-        System.setProperty("javax.net.ssl.trustStore",
-                           SSLUtils.getTrustStore(sslPolicy.getTrustStore(),
-                                                  LOG));
+        //secureListener.setSslKeyManagerFactoryAlgorithm(keyStoreMgrFactoryAlgorithm);
+
         String secureSocketProtocol =
             SSLUtils.getSecureSocketProtocol(sslPolicy.getSecureSocketProtocol(),
                                              LOG);
         secureListener.setProtocol(secureSocketProtocol);
-        //need to Check it
+        
+
         secureListener.setWantClientAuth(
             SSLUtils.getWantClientAuthentication(
                                    sslPolicy.isSetWantClientAuthentication(),
@@ -109,22 +159,56 @@
                                 sslPolicy.isRequireClientAuthentication(),
                                 LOG));
         
+        String trustStoreType =
+            SSLUtils.getTrustStoreType(sslPolicy.getTrustStoreType(), LOG);
+        
+        String trustStoreLocation = 
+            SSLUtils.getTrustStore(sslPolicy.getTrustStore(), LOG);
+        
+        String trustStoreMgrFactoryAlgorithm =
+            SSLUtils.getTrustStoreAlgorithm(
+                    sslPolicy.getTrustStoreAlgorithm(), LOG);
+
+        //System.setProperty("javax.net.ssl.trustStore",
+        //                   SSLUtils.getTrustStore(sslPolicy.getTrustStore(),
+        //                                          LOG));
+        //need to Check it
         try {
-            SSLContext ctx = SSLUtils.getSSLContext(
-                secureSocketProtocol,
+            KeyManager[] keyManagers =
                 SSLUtils.getKeyStoreManagers(keyStoreLocation,
-                                             keyStoreType,
-                                             keyStorePassword,
-                                             keyPassword,
-                                             keyStoreMgrFactoryAlgorithm,
-                                             secureSocketProtocol,
-                                             LOG),
-                null);
+                                     keyStoreType,
+                                     keyStorePassword,
+                                     keyPassword,
+                                     keyStoreMgrFactoryAlgorithm,
+                                     secureSocketProtocol,
+                                     LOG);
+            secureListener.setKeyManagers(keyManagers);
+            
+            // On the client side, it was strange that if you Keystore was 
+            // of type PCKS12, then your TrustStore location had to point to
+            // was a PEM encoded CA Certificate. However, in this code before
+            // modification, it didn't seem like the TrustSTore
+            // had to be a single PEM CA certificate if the Keystore was
+            // of type PKCS12. So, we use false here for pkcs12 parameter.
+            
+            TrustManager[] trustManagers =
+                SSLUtils.getTrustStoreManagers(
+                        false, 
+                        trustStoreType, trustStoreLocation, 
+                        trustStoreMgrFactoryAlgorithm, LOG);
+
+            secureListener.setTrustManagers(trustManagers);
+            
+            SSLContext ctx = SSLUtils.getSSLContext(
+                    secureSocketProtocol, keyManagers, trustManagers);
+                
             secureListener.setExcludeCipherSuites(
-                SSLUtils.getCiphersuites(sslPolicy.getCiphersuites(),
-                                         SSLUtils.getServerSupportedCipherSuites(ctx),
-                                         sslPolicy.getCiphersuiteFilters(),
-                                         LOG, true));
+                SSLUtils.getCiphersuites(
+                        sslPolicy.getCiphersuites(),
+                        SSLUtils.getServerSupportedCipherSuites(ctx),
+                        sslPolicy.getCiphersuiteFilters(),
+                        LOG, true));
+            
         } catch (Exception e) {
             LogUtils.log(LOG, Level.SEVERE, "SSL_CONTEXT_INIT_FAILURE", e);
         }

Modified: incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestinationTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestinationTest.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestinationTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestinationTest.java Thu May 24 23:44:27 2007
@@ -86,7 +86,7 @@
     private EndpointInfo endpointInfo;
     private EndpointReferenceType address;
     private EndpointReferenceType replyTo;
-    private ServerEngine engine;
+    private JettyHTTPServerEngine engine;
     private HTTPServerPolicy policy;
     private JettyHTTPDestination destination;
     private Request request;
@@ -101,6 +101,27 @@
     private List<QueryHandler> queryHandlerList;
     private JettyHTTPTransportFactory transportFactory; 
 
+    /**
+     * This class replaces the engine in the Jetty Destination.
+     */
+    private class EasyMockJettyHTTPDestination
+        extends JettyHTTPDestination {
+
+        public EasyMockJettyHTTPDestination(
+                Bus                       b,
+                JettyHTTPTransportFactory ci, 
+                EndpointInfo              endpointInfo,
+                JettyHTTPServerEngine     easyMockEngine
+        ) throws IOException {
+            super(b, ci, endpointInfo);
+            engine = easyMockEngine;
+        }
+        
+        @Override
+        public void retrieveEngine() {
+            // Leave engine alone.
+        }
+    }
     @After
     public void tearDown() {
        
@@ -317,14 +338,13 @@
         endpointInfo.addExtensor(policy); 
         endpointInfo.addExtensor(new SSLServerPolicy()); 
         
-        engine = EasyMock.createMock(ServerEngine.class);
+        engine = EasyMock.createMock(JettyHTTPServerEngine.class);
         EasyMock.replay();
         endpointInfo.setAddress(NOWHERE + "bar/foo");
         
-        JettyHTTPDestination dest = new JettyHTTPDestination(bus,
-                                                             transportFactory,
-                                                             endpointInfo,
-                                                             engine);
+        JettyHTTPDestination dest = 
+            new EasyMockJettyHTTPDestination(
+                    bus, transportFactory, endpointInfo, engine);
         assertEquals(policy, dest.getServer());
     }
         
@@ -397,7 +417,8 @@
         return setUpDestination(false, false);
     };
     
-    private JettyHTTPDestination setUpDestination(boolean contextMatchOnStem, boolean mockedBus)
+    private JettyHTTPDestination setUpDestination(
+            boolean contextMatchOnStem, boolean mockedBus)
         throws Exception {
         policy = new HTTPServerPolicy();
         address = getEPR("bar/foo");
@@ -421,7 +442,7 @@
         };
         transportFactory.setBus(bus);
         
-        engine = EasyMock.createMock(ServerEngine.class);
+        engine = EasyMock.createMock(JettyHTTPServerEngine.class);
         ServiceInfo serviceInfo = new ServiceInfo();
         serviceInfo.setName(new QName("bla", "Service"));        
         endpointInfo = new EndpointInfo(serviceInfo, "");
@@ -436,7 +457,7 @@
         EasyMock.expectLastCall();
         EasyMock.replay(engine);
         
-        JettyHTTPDestination dest = new JettyHTTPDestination(bus,
+        JettyHTTPDestination dest = new EasyMockJettyHTTPDestination(bus,
                                                              transportFactory,
                                                              endpointInfo,
                                                              engine);

Modified: incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineTest.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineTest.java Thu May 24 23:44:27 2007
@@ -34,11 +34,13 @@
 
     private Bus bus;
     private IMocksControl control;
+    private JettyHTTPServerEngineFactory factory;
     
     @Before
     public void setUp() throws Exception {
         control = EasyMock.createNiceControl();
         bus = control.createMock(Bus.class);
+        factory = new JettyHTTPServerEngineFactory(bus);
         
         Configurer configurer = new ConfigurerImpl(); 
         
@@ -49,43 +51,43 @@
     
     @Test
     public void testEngineEquality() {
-        JettyHTTPServerEngine engine = JettyHTTPServerEngine.getForPort(bus, "http", 1234);
+        JettyHTTPServerEngine engine = factory.getForPort("http", 1234);
         assertTrue("Engine references for the same port should point to the same instance",
-                   engine == JettyHTTPServerEngine.getForPort(bus, "http", 1234));
+                   engine == factory.getForPort("http", 1234));
         assertFalse("Engine references for the different ports should point to diff instances",
-                   engine == JettyHTTPServerEngine.getForPort(bus, "http", 1235));    
-        JettyHTTPServerEngine.destroyForPort(1234);
-        JettyHTTPServerEngine.destroyForPort(1235);
+                   engine == factory.getForPort("http", 1235));    
+        factory.destroyForPort(1234);
+        factory.destroyForPort(1235);
     }
     
     @Test
     public void testNoSSLServerPolicySet() {
-        JettyHTTPServerEngine engine = JettyHTTPServerEngine.getForPort(bus, "http", 1234);
+        JettyHTTPServerEngine engine = factory.getForPort("http", 1234);
         assertFalse("SSLServerPolicy must not be set", engine.isSetSslServer());
-        engine = JettyHTTPServerEngine.getForPort(bus, "http", 1235, null);
+        engine = factory.getForPort("http", 1235, (SSLServerPolicy) null);
         assertFalse("SSLServerPolicy must not be set", engine.isSetSslServer());
-        JettyHTTPServerEngine engine2 = JettyHTTPServerEngine.getForPort(bus, "http", 1234, 
+        JettyHTTPServerEngine engine2 = factory.getForPort("http", 1234, 
                                                    new SSLServerPolicy());
         assertFalse("SSLServerPolicy must not be set for already intialized engine", 
                     engine2.isSetSslServer());
-        JettyHTTPServerEngine.destroyForPort(1234);
-        JettyHTTPServerEngine.destroyForPort(1235);
+        factory.destroyForPort(1234);
+        factory.destroyForPort(1235);
     }
     
     @Test
     public void testDestinationSSLServerPolicy() {
         SSLServerPolicy policy = new SSLServerPolicy();
-        JettyHTTPServerEngine engine = JettyHTTPServerEngine.getForPort(bus, "http", 1234, 
+        JettyHTTPServerEngine engine = factory.getForPort("http", 1234, 
                                                                         policy);
         assertTrue("SSLServerPolicy must be set", engine.getSslServer() == policy);
-        JettyHTTPServerEngine engine2 = JettyHTTPServerEngine.getForPort(bus, "http", 1234, 
+        JettyHTTPServerEngine engine2 = factory.getForPort("http", 1234, 
                                                    new SSLServerPolicy());
         assertTrue("Engine references for the same port should point to the same instance",
                    engine == engine2);
         assertTrue("SSLServerPolicy must not be set for already intialized engine", 
                     engine.getSslServer() == policy);
         
-        JettyHTTPServerEngine.destroyForPort(1234);
+        factory.destroyForPort(1234);
     }
 
 }

Modified: incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactoryTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactoryTest.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactoryTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactoryTest.java Thu May 24 23:44:27 2007
@@ -19,7 +19,7 @@
 
 package org.apache.cxf.transport.https_jetty;
 
-import java.io.File;
+//import java.io.File;
 import java.net.URISyntaxException;
 import java.net.URL;
 import java.util.Properties;
@@ -27,8 +27,8 @@
 import java.util.logging.LogRecord;
 
 
-import org.apache.cxf.configuration.security.FiltersType;
-import org.apache.cxf.configuration.security.ObjectFactory;
+//import org.apache.cxf.configuration.security.FiltersType;
+//import org.apache.cxf.configuration.security.ObjectFactory;
 import org.apache.cxf.configuration.security.SSLServerPolicy;
 import org.apache.cxf.transport.https.SSLUtils;
 
@@ -37,7 +37,6 @@
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.Test;
-import org.mortbay.jetty.security.SslSocketConnector;
 
 
 public class JettySslConnectorFactoryTest extends Assert {
@@ -45,16 +44,17 @@
         "../../../../../../../../"
         + "http/src/test/java/org/apache/cxf/transport/https/";
 
-    private static final String[] EXPORT_CIPHERS =
-    {"SSL_RSA_WITH_NULL_MD5", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_DES_CBC_SHA"};
-    private static final String[] NON_EXPORT_CIPHERS =
-    {"SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"};
+//  PMD non use because of commented out stuff below  
+//    private static final String[] EXPORT_CIPHERS =
+//    {"SSL_RSA_WITH_NULL_MD5", "SSL_RSA_EXPORT_WITH_RC4_40_MD5", "SSL_RSA_WITH_DES_CBC_SHA"};
+//    private static final String[] NON_EXPORT_CIPHERS =
+//    {"SSL_RSA_WITH_RC4_128_MD5", "SSL_RSA_WITH_3DES_EDE_CBC_SHA"};
 
-    private SslSocketConnector sslConnector;
+    private CXFJettySslSocketConnector sslConnector;
     
     @Before
     public void setUp() throws Exception {
-        sslConnector = new SslSocketConnector();
+        sslConnector = new CXFJettySslSocketConnector();
     }
 
     @After
@@ -126,7 +126,7 @@
         }
     }
     */
-    
+/*    With Jetty 6.1.3 this kind of configuration tests no longer apply.
     @Test
     public void testSetAllData() throws Exception {       
         String keyStoreStr = getPath("resources/defaultkeystore");
@@ -397,6 +397,7 @@
         assertTrue("Expected excluded ciphersuite not included",
                    handler.checkLogContainsString("The enabled cipher suites have been filtered down to")); 
     }
+*/
 
     @Test
     public void testAllValidDataJKS() throws Exception {        
@@ -459,21 +460,21 @@
         factory.addLogHandler(handler);
         return factory;
     }
-    
-    private static String overrideHome() {
-        String oldHome = System.getProperty("user.home");
-        String tmpHome = "" + System.getProperty("java.io.tmpdir")
-                         + File.separator
-                         + System.getProperty("user.name")
-                         + File.separator
-                         + System.currentTimeMillis();
-        System.setProperty("user.home", tmpHome);
-        return oldHome;
-    }
-   
-    private static void restoreHome(String oldHome) {
-        System.setProperty("user.home", oldHome);
-    }
+//  PMD non use because of commented out stuff above  
+//    private static String overrideHome() {
+//        String oldHome = System.getProperty("user.home");
+//        String tmpHome = "" + System.getProperty("java.io.tmpdir")
+//                         + File.separator
+//                         + System.getProperty("user.name")
+//                         + File.separator
+//                         + System.currentTimeMillis();
+//        System.setProperty("user.home", tmpHome);
+//        return oldHome;
+//    }
+//   
+//    private static void restoreHome(String oldHome) {
+//        System.setProperty("user.home", oldHome);
+//    }
 
     
     protected static String getPath(String fileName) throws URISyntaxException {

Added: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java (added)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java Thu May 24 23:44:27 2007
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.configuration.jsse.spring;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.security.TLSClientParametersType;
+
+/**
+ * This class provides the TLSServerParameters that programmatically
+ * configure a HTTPDestination. It is initialized with the JAXB
+ * type TLSClientParametersType which is used in Spring Configuration
+ * of the http-conduit bean.
+ */
+public class TLSClientParametersConfig 
+    extends TLSClientParameters {
+    
+    public TLSClientParametersConfig(TLSClientParametersType params) 
+        throws GeneralSecurityException,
+               IOException {
+        
+        this.setCipherSuitesFilter(params.getCipherSuitesFilter());
+        if (params.isSetCipherSuites()) {
+            this.setCipherSuites(params.getCipherSuites().getCipherSuite());
+        }
+        this.setJsseProvider(params.getJsseProvider());
+        this.setSecureSocketProtocol(params.getSecureSocketProtocol());
+        this.setSecureRandom(
+                TLSParameterJaxBUtils.getSecureRandom(
+                        params.getSecureRandomParameters()));
+        this.setKeyManagers(
+                TLSParameterJaxBUtils.getKeyManagers(params.getKeyManagers()));
+        this.setTrustManagers(
+                TLSParameterJaxBUtils.getTrustManagers(params.getTrustManagers()));
+    }
+
+}

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java (added)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java Thu May 24 23:44:27 2007
@@ -0,0 +1,167 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.configuration.jsse.spring;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.SecureRandom;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.SecureRandomParameters;
+import org.apache.cxf.configuration.security.TrustManagersType;
+
+/**
+ * This class provides some functionality to convert the JAXB 
+ * generated types in the security.xsd to the items needed
+ * to programatically configure the HTTPConduit and HTTPDesination
+ * with TLSClientParameters and TLSServerParameters respectively.
+ */
+public final class TLSParameterJaxBUtils {
+
+    private TLSParameterJaxBUtils() {
+        // empty
+    }
+    /**
+     * This method converts the JAXB generated type into a SecureRandom.
+     */
+    public static SecureRandom getSecureRandom(
+            SecureRandomParameters secureRandomParams
+    ) throws GeneralSecurityException {
+
+        SecureRandom secureRandom = null;
+        if (secureRandomParams != null) {
+            String secureRandomAlg = 
+                secureRandomParams.getAlgorithm();
+            String randomProvider =
+                secureRandomParams.getProvider();
+            if (randomProvider != null) {
+                secureRandom = secureRandomAlg != null
+                               ? SecureRandom.getInstance(
+                                       secureRandomAlg, 
+                                       randomProvider)
+                               : null;
+            } else {
+                secureRandom = secureRandomAlg != null
+                               ? SecureRandom.getInstance(
+                                       secureRandomAlg)
+                               : null;
+            }
+        }
+        return secureRandom;
+    }
+    /**
+     * This method converts a JAXB generated KeyStoreType into a KeyStore.
+     */
+    public static KeyStore getKeyStore(KeyStoreType kst)
+        throws GeneralSecurityException,
+               IOException {
+        
+        String type = kst.isSetType()
+                    ? kst.getType()
+                    : KeyStore.getDefaultType();
+                    
+        char[] password = kst.isSetPassword()
+                    ? kst.getPassword().toCharArray()
+                    : null;
+
+        KeyStore keyStore = !kst.isSetProvider()
+                    ? KeyStore.getInstance(type)
+                    : KeyStore.getInstance(type, kst.getProvider());
+        
+        if (kst.isSetFile()) {
+            keyStore.load(new FileInputStream(kst.getFile()), password);
+        }
+        if (kst.isSetResource()) {
+            keyStore.load(kst.getClass().getClassLoader().getResourceAsStream(kst.getResource()), password);
+        }
+        if (kst.isSetUrl()) {
+            keyStore.load(new URL(kst.getUrl()).openStream(), password);
+        }
+        return keyStore;
+    }
+
+    /**
+     * This method converts the JAXB KeyManagersType into a list of 
+     * JSSE KeyManagers.
+     */
+    public static KeyManager[] getKeyManagers(KeyManagersType kmc) 
+        throws GeneralSecurityException,
+               IOException {
+        
+        KeyStore keyStore = getKeyStore(kmc.getKeyStore());
+        
+        if (keyStore == null) {
+            return null;
+        }
+        
+        String alg = kmc.isSetFactoryAlgorithm() 
+                     ? kmc.getFactoryAlgorithm()
+                     : KeyManagerFactory.getDefaultAlgorithm();
+        
+        char[] keyPass = kmc.isSetKeyPassword()
+                     ? kmc.getKeyPassword().toCharArray()
+                     : null;
+                     
+        KeyManagerFactory fac = 
+                     kmc.isSetProvider()
+                     ? KeyManagerFactory.getInstance(alg, kmc.getProvider())
+                     : KeyManagerFactory.getInstance(alg);
+                     
+        fac.init(keyStore, keyPass);
+        
+        return fac.getKeyManagers();
+    }
+
+    /**
+     * This method converts the JAXB KeyManagersType into a list of 
+     * JSSE TrustManagers.
+     */
+    public static TrustManager[] getTrustManagers(TrustManagersType kmc) 
+        throws GeneralSecurityException,
+               IOException {
+        
+        KeyStore keyStore = getKeyStore(kmc.getKeyStore());
+        
+        if (keyStore == null) {
+            return null;
+        }
+        
+        String alg = kmc.isSetFactoryAlgorithm()
+                     ? kmc.getFactoryAlgorithm()
+                     : KeyManagerFactory.getDefaultAlgorithm();
+        
+        TrustManagerFactory fac = 
+                     kmc.isSetProvider()
+                     ? TrustManagerFactory.getInstance(alg, kmc.getProvider())
+                     : TrustManagerFactory.getInstance(alg);
+                     
+        fac.init(keyStore);
+        
+        return fac.getTrustManagers();
+    }
+}

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Added: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java?view=auto&rev=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java (added)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java Thu May 24 23:44:27 2007
@@ -0,0 +1,53 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.configuration.jsse.spring;
+
+import java.io.IOException;
+import java.security.GeneralSecurityException;
+
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.security.TLSServerParametersType;
+
+/**
+ * This class is used by Spring Config to convert the TLSServerParameters
+ * JAXB generated type into programmatic TLS Server Parameters for the
+ * configuration of the http-destination.
+ */
+public class TLSServerParametersConfig 
+    extends TLSServerParameters {
+
+    public TLSServerParametersConfig(TLSServerParametersType params) 
+        throws GeneralSecurityException,
+               IOException {
+        
+        this.setCipherSuitesFilter(params.getCipherSuitesFilter());
+        if (params.isSetCipherSuites()) {
+            this.setCipherSuites(params.getCipherSuites().getCipherSuite());
+        }
+        this.setJsseProvider(params.getJsseProvider());
+        this.setSecureRandom(
+                TLSParameterJaxBUtils.getSecureRandom(
+                        params.getSecureRandomParameters()));
+        this.setClientAuthentication(params.getClientAuthentication());
+        this.setKeyManagers(
+                TLSParameterJaxBUtils.getKeyManagers(params.getKeyManagers()));
+        this.setTrustManagers(
+                TLSParameterJaxBUtils.getTrustManagers(params.getTrustManagers()));
+    }
+}

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java Thu May 24 23:44:27 2007
@@ -42,6 +42,7 @@
 import org.apache.cxf.common.util.Base64Utility;
 import org.apache.cxf.common.util.StringUtils;
 import org.apache.cxf.configuration.Configurable;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.configuration.security.SSLServerPolicy;
 import org.apache.cxf.helpers.CastUtils;
@@ -85,6 +86,11 @@
     protected String contextMatchStrategy = "stem";
     protected boolean fixedParameterOrder;
     protected boolean multiplexWithAddress;
+    
+    /**
+     *  This field holds the TLS Server Parameters for this Destination.
+     */
+    protected TLSServerParameters tlsServerParameters;
 
     /**
      * Constructor
@@ -459,12 +465,14 @@
             String address = (String)context.get(Message.PATH_INFO);
             if (null != address) {
                 int afterLastSlashIndex = address.lastIndexOf("/") + 1;
-                if (afterLastSlashIndex > 0 && afterLastSlashIndex < address.length()) {
+                if (afterLastSlashIndex > 0 
+                        && afterLastSlashIndex < address.length()) {
                     id = address.substring(afterLastSlashIndex);
                 }
             } else {
                 getLogger().log(Level.WARNING,
-                                new org.apache.cxf.common.i18n.Message("MISSING_PATH_INFO", LOG).toString());
+                    new org.apache.cxf.common.i18n.Message(
+                            "MISSING_PATH_INFO", LOG).toString());
             }
         } else {
             return super.getId(context);
@@ -511,15 +519,25 @@
     public void setServer(HTTPServerPolicy server) {
         this.server = server;
     }
-
+    
+    @Deprecated
     public SSLServerPolicy getSslServer() {
         return sslServer;
     }
 
+    @Deprecated
     public void setSslServer(SSLServerPolicy sslServer) {
         this.sslServer = sslServer;
     }
+    
+    public void setTlsServerParameters(TLSServerParameters params) {
+        this.tlsServerParameters = params;
+    }
 
+    public TLSServerParameters getTlsServerParameters() {
+        return this.tlsServerParameters;
+    }
+    
     public void assertMessage(Message message) {
         PolicyUtils.assertServerPolicy(message, server); 
     }

Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPTransportFactory.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPTransportFactory.java?view=diff&rev=541568&r1=541567&r2=541568
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPTransportFactory.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPTransportFactory.java Thu May 24 23:44:27 2007
@@ -238,12 +238,19 @@
     static HttpURLConnectionFactory getConnectionFactory(
         HTTPConduit configuredConduit
     ) {
-        if (configuredConduit.getSslClient() == null) {
-            return new HttpURLConnectionFactoryImpl();
-        } else {
-            return new HttpsURLConnectionFactory(
+        HttpURLConnectionFactory fac = null;
+
+        if (configuredConduit.getTlsClientParameters() != null) {
+            fac = new HttpsURLConnectionFactory(
+                             configuredConduit.getTlsClientParameters());
+        // TODO: remove when old SSL config is gone
+        } else if (configuredConduit.getSslClient() != null) {
+            fac = new HttpsURLConnectionFactory(
                              configuredConduit.getSslClient());
+        } else {
+            fac = new HttpURLConnectionFactoryImpl();
         }
+        return fac;
     }   
     
     private static class HttpEndpointInfo extends EndpointInfo {



Mime
View raw message