Return-Path: Delivered-To: apmail-incubator-cxf-commits-archive@locus.apache.org Received: (qmail 26024 invoked from network); 21 Aug 2007 20:18:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Aug 2007 20:18:23 -0000 Received: (qmail 38564 invoked by uid 500); 21 Aug 2007 20:18:19 -0000 Delivered-To: apmail-incubator-cxf-commits-archive@incubator.apache.org Received: (qmail 38517 invoked by uid 500); 21 Aug 2007 20:18:19 -0000 Mailing-List: contact cxf-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: cxf-dev@incubator.apache.org Delivered-To: mailing list cxf-commits@incubator.apache.org Received: (qmail 38508 invoked by uid 99); 21 Aug 2007 20:18:19 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Aug 2007 13:18:19 -0700 X-ASF-Spam-Status: No, hits=-100.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO eris.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 21 Aug 2007 20:18:21 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 44EAC1A981A; Tue, 21 Aug 2007 13:18:01 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r568252 - in /incubator/cxf/trunk: rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf Date: Tue, 21 Aug 2007 20:18:00 -0000 To: cxf-commits@incubator.apache.org From: dkulp@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20070821201801.44EAC1A981A@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dkulp Date: Tue Aug 21 13:18:00 2007 New Revision: 568252 URL: http://svn.apache.org/viewvc?rev=568252&view=rev Log: [CXF-929] Store the SSLSocketFactory so the URL connection can actually honor the Keep-Alive stuff. Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=568252&r1=568251&r2=568252&view=diff ============================================================================== --- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original) +++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Tue Aug 21 13:18:00 2007 @@ -34,6 +34,7 @@ import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocketFactory; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.configuration.jsse.TLSClientParameters; @@ -59,6 +60,8 @@ private static final Logger LOG = LogUtils.getL7dLogger(HttpsURLConnectionFactory.class); + private static final HostnameVerifier VERIFIER = new AlwaysTrueHostnameVerifier(); + /* * For development and testing only */ @@ -82,6 +85,12 @@ * this factory. */ TLSClientParameters tlsClientParameters; + + + /** + * Cache the last SSLContext to avoid recreation + */ + SSLSocketFactory socketFactory; /** * This constructor initialized the factory with the configured TLS @@ -156,7 +165,7 @@ * returning true, delegate the trust decision to the * MessageTrustDecider. */ - private class AlwaysTrueHostnameVerifier implements HostnameVerifier { + private static class AlwaysTrueHostnameVerifier implements HostnameVerifier { public boolean verify( String hostname, @@ -171,43 +180,42 @@ * This method assigns the various TLS parameters on the HttpsURLConnection * from the TLS Client Parameters. */ - protected void decorateWithTLS(HttpsURLConnection connection) + protected synchronized void decorateWithTLS(HttpsURLConnection connection) throws NoSuchAlgorithmException, NoSuchProviderException, KeyManagementException { - String provider = tlsClientParameters.getJsseProvider(); - - String protocol = tlsClientParameters.getSecureSocketProtocol() != null - ? tlsClientParameters.getSecureSocketProtocol() - : "TLS"; - - SSLContext ctx = provider == null - ? SSLContext.getInstance(protocol) - : SSLContext.getInstance(protocol, provider); - - ctx.init( - tlsClientParameters.getKeyManagers(), - tlsClientParameters.getTrustManagers(), - tlsClientParameters.getSecureRandom()); - - // The "false" argument means opposite of exclude. - String[] cipherSuites = - SSLUtils.getCiphersuites(tlsClientParameters.getCipherSuites(), - SSLUtils.getSupportedCipherSuites(ctx), - tlsClientParameters.getCipherSuitesFilter(), - LOG, false); - - connection.setHostnameVerifier( - new AlwaysTrueHostnameVerifier()); - - // The SSLSocketFactoryWrapper enables certain cipher suites - // from the policy. - connection.setSSLSocketFactory( - new SSLSocketFactoryWrapper(ctx.getSocketFactory(), - cipherSuites)); - + if (socketFactory == null) { + String provider = tlsClientParameters.getJsseProvider(); + + String protocol = tlsClientParameters.getSecureSocketProtocol() != null + ? tlsClientParameters.getSecureSocketProtocol() + : "TLS"; + + SSLContext ctx = provider == null + ? SSLContext.getInstance(protocol) + : SSLContext.getInstance(protocol, provider); + + ctx.init( + tlsClientParameters.getKeyManagers(), + tlsClientParameters.getTrustManagers(), + tlsClientParameters.getSecureRandom()); + + // The "false" argument means opposite of exclude. + String[] cipherSuites = + SSLUtils.getCiphersuites(tlsClientParameters.getCipherSuites(), + SSLUtils.getSupportedCipherSuites(ctx), + tlsClientParameters.getCipherSuitesFilter(), + LOG, false); + // The SSLSocketFactoryWrapper enables certain cipher suites + // from the policy. + socketFactory = new SSLSocketFactoryWrapper(ctx.getSocketFactory(), + cipherSuites); + } + connection.setHostnameVerifier(VERIFIER); + connection.setSSLSocketFactory(socketFactory); } + /* * For development and testing only */ Modified: incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf?rev=568252&r1=568251&r2=568252&view=diff ============================================================================== --- incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf (original) +++ incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf Tue Aug 21 13:18:00 2007 @@ -60,7 +60,7 @@ Betty password - +