cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r828762 - in /cxf/branches/2.2.x-fixes: ./ api/src/main/java/org/apache/cxf/configuration/jsse/ common/schemas/src/main/resources/schemas/configuration/ rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/ rt/transpor...
Date Thu, 22 Oct 2009 15:57:33 GMT
Author: dkulp
Date: Thu Oct 22 15:57:33 2009
New Revision: 828762

URL: http://svn.apache.org/viewvc?rev=828762&view=rev
Log:
Merged revisions 828758 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/trunk

........
  r828758 | dkulp | 2009-10-22 11:41:58 -0400 (Thu, 22 Oct 2009) | 2 lines
  
  [CXF-2491] Add support for TLS cert contraints
  Modified patch from Colm applied
........

Added:
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraints.java
      - copied unchanged from r828758, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraints.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java
      - copied, changed from r828758, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsInterceptor.java
      - copied unchanged from r828758, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsInterceptor.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsJaxBUtils.java
      - copied unchanged from r828758, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsJaxBUtils.java
    cxf/branches/2.2.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
      - copied unchanged from r828758, cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
    cxf/branches/2.2.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server-constraints.xml
      - copied unchanged from r828758, cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server-constraints.xml
Modified:
    cxf/branches/2.2.x-fixes/   (props changed)
    cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
    cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
    cxf/branches/2.2.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
    cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java

Propchange: cxf/branches/2.2.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java?rev=828762&r1=828761&r2=828762&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
(original)
+++ cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
Thu Oct 22 15:57:33 2009
@@ -25,6 +25,7 @@
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.TrustManager;
 
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
 import org.apache.cxf.configuration.security.FiltersType;
 
 /**
@@ -37,6 +38,7 @@
     private String          provider;
     private List<String>    ciphersuites = new ArrayList<String>();
     private FiltersType     cipherSuiteFilters;
+    private CertificateConstraintsType certConstraints;
     private SecureRandom    secureRandom;
     private String          protocol;
     
@@ -125,6 +127,20 @@
     public final void setSecureRandom(SecureRandom random) {
         secureRandom = random;
     }
+    
+    /**
+     * Get the certificate constraints type
+     */
+    public CertificateConstraintsType getCertConstraints() {
+        return certConstraints;
+    }
+    
+    /**
+     * Set the certificate constraints type
+     */
+    public final void setCertConstraints(CertificateConstraintsType constraints) {
+        certConstraints = constraints;
+    }
 
     /**
      * Returns the secure random alogorithm.

Modified: cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd?rev=828762&r1=828761&r2=828762&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
(original)
+++ cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
Thu Oct 22 15:57:33 2009
@@ -336,6 +336,48 @@
         <xs:attribute name="provider"/>
     </xs:complexType>
     
+    <xs:complexType name="CertificateConstraintsType">
+      <xs:annotation>
+        <xs:documentation>
+        This structure holds a list of regular expressions that corresponds to a sequence
of
+        Certificate Constraints on either the Subject or Issuer DN.
+        </xs:documentation>
+      </xs:annotation>
+      <xs:sequence>
+        <xs:element name="SubjectDNConstraints" type="tns:DNConstraintsType" minOccurs="0"/>
+        <xs:element name="IssuerDNConstraints" type="tns:DNConstraintsType" minOccurs="0"/>
+      </xs:sequence>
+    </xs:complexType>
+    
+    <xs:complexType name="DNConstraintsType">
+      <xs:annotation>
+        <xs:documentation>
+        This structure holds a list of regular expressions that corresponds to a sequence
of
+        Certificate Constraints. The optional combinator attribute refers to whether ALL
or
+        ANY of these regular expressions must be satisfied.
+        </xs:documentation>
+      </xs:annotation>
+      <xs:sequence>
+        <xs:choice>
+          <xs:element name="RegularExpression" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+        </xs:choice>
+      </xs:sequence>
+      <xs:attribute name="combinator" type="tns:CombinatorType" default="ALL"/>
+    </xs:complexType>
+    
+    <xs:simpleType name="CombinatorType">
+      <xs:annotation>
+        <xs:documentation>
+        This type refers to whether ALL or ANY of the DNConstraintsType regular expressions

+        must be satisfied.
+        </xs:documentation>
+      </xs:annotation>
+      <xs:restriction base="xs:string">
+        <xs:enumeration value="ANY"/>
+        <xs:enumeration value="ALL"/>
+      </xs:restriction>
+    </xs:simpleType>
+    
     <!-- Although there are common elements of TLSClientParametersType
       ** and TLSServerParametersType they are listed separate so we
       ** can use the xs:all element.
@@ -379,6 +421,13 @@
                 </xs:documentation>
               </xs:annotation>
            </xs:element>
+           <xs:element name="certConstraints" type="tns:CertificateConstraintsType" minOccurs="0">
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the Certificate Constraints specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
         </xs:all>
            <xs:attribute name="disableCNCheck" type="xs:boolean" default="false">
              <xs:annotation>
@@ -454,6 +503,13 @@
                 </xs:documentation>
               </xs:annotation>
            </xs:element>
+           <xs:element name="certConstraints" type="tns:CertificateConstraintsType" minOccurs="0">
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the Certificate Constraints specification.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
         </xs:all>
            <xs:attribute name="jsseProvider"          type="xs:string">
               <xs:annotation>

Modified: cxf/branches/2.2.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java?rev=828762&r1=828761&r2=828762&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPDestination.java
Thu Oct 22 15:57:33 2009
@@ -33,6 +33,8 @@
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.common.i18n.Message;
 import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
 import org.apache.cxf.continuations.ContinuationInfo;
 import org.apache.cxf.continuations.ContinuationProvider;
 import org.apache.cxf.continuations.SuspendedInvocationException;
@@ -45,6 +47,7 @@
 import org.apache.cxf.transport.http.HTTPSession;
 import org.apache.cxf.transport.http_jetty.continuations.JettyContinuationProvider;
 import org.apache.cxf.transport.http_jetty.continuations.JettyContinuationWrapper;
+import org.apache.cxf.transport.https.CertConstraintsJaxBUtils;
 import org.apache.cxf.transports.http.QueryHandler;
 import org.apache.cxf.transports.http.QueryHandlerRegistry;
 import org.apache.cxf.transports.http.StemMatchingQueryHandler;
@@ -116,6 +119,13 @@
         }
 
         assert engine != null;
+        TLSServerParameters serverParameters = engine.getTlsServerParameters();
+        if (serverParameters != null && serverParameters.getCertConstraints() !=
null) {
+            CertificateConstraintsType constraints = serverParameters.getCertConstraints();
+            if (constraints != null) {
+                certConstraints = CertConstraintsJaxBUtils.createCertConstraints(constraints);
+            }
+        }
         
         // When configuring for "http", however, it is still possible that
         // Spring configuration has configured the port for https. 
@@ -297,7 +307,7 @@
             exchange.setInMessage(inMessage);
             exchange.setSession(new HTTPSession(req));
         }
-
+        
         try {    
             incomingObserver.onMessage(inMessage);
             resp.flushBuffer();

Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java?rev=828762&r1=828761&r2=828762&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
Thu Oct 22 15:57:33 2009
@@ -86,6 +86,9 @@
                 TLSParameterJaxBUtils.getTrustManagers(
                         params.getTrustManagers()));
         }
+        if (params.isSetCertConstraints()) {
+            ret.setCertConstraints(params.getCertConstraints());
+        }
         return ret;
     }
     

Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java?rev=828762&r1=828761&r2=828762&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
Thu Oct 22 15:57:33 2009
@@ -62,5 +62,8 @@
                 TLSParameterJaxBUtils.getTrustManagers(
                         params.getTrustManagers()));
         }
+        if (params.isSetCertConstraints()) {
+            this.setCertConstraints(params.getCertConstraints());
+        }
     }
 }

Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java?rev=828762&r1=828761&r2=828762&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/AbstractHTTPDestination.java
Thu Oct 22 15:57:33 2009
@@ -52,6 +52,7 @@
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.HttpHeaderHelper;
+import org.apache.cxf.interceptor.Interceptor;
 import org.apache.cxf.io.AbstractWrappedOutputStream;
 import org.apache.cxf.message.Exchange;
 import org.apache.cxf.message.Message;
@@ -62,6 +63,8 @@
 import org.apache.cxf.transport.Conduit;
 import org.apache.cxf.transport.ConduitInitiator;
 import org.apache.cxf.transport.http.policy.PolicyUtils;
+import org.apache.cxf.transport.https.CertConstraints;
+import org.apache.cxf.transport.https.CertConstraintsInterceptor;
 import org.apache.cxf.transport.https.SSLUtils;
 import org.apache.cxf.transports.http.configuration.HTTPServerPolicy;
 import org.apache.cxf.ws.addressing.EndpointReferenceType;
@@ -97,6 +100,7 @@
     protected String contextMatchStrategy = "stem";
     protected boolean fixedParameterOrder;
     protected boolean multiplexWithAddress;
+    protected CertConstraints certConstraints;
     
     /**
      * Constructor
@@ -326,6 +330,11 @@
         setHeaders(inMessage);
         
         SSLUtils.propogateSecureSession(req, inMessage);
+
+        inMessage.put(CertConstraints.class.getName(), certConstraints);
+        inMessage.put(Message.IN_INTERCEPTORS,
+                Arrays.asList(new Interceptor[] {CertConstraintsInterceptor.INSTANCE}));
+
     }
     
     protected String getBasePath(String contextPath) throws IOException {

Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java?rev=828762&r1=828761&r2=828762&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HTTPConduit.java
Thu Oct 22 15:57:33 2009
@@ -50,6 +50,7 @@
 import org.apache.cxf.configuration.Configurable;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
 import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
 import org.apache.cxf.helpers.CastUtils;
 import org.apache.cxf.helpers.HttpHeaderHelper;
@@ -69,6 +70,9 @@
 import org.apache.cxf.transport.DestinationFactoryManager;
 import org.apache.cxf.transport.MessageObserver;
 import org.apache.cxf.transport.http.policy.PolicyUtils;
+import org.apache.cxf.transport.https.CertConstraints;
+import org.apache.cxf.transport.https.CertConstraintsInterceptor;
+import org.apache.cxf.transport.https.CertConstraintsJaxBUtils;
 import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
 import org.apache.cxf.version.Version;
 import org.apache.cxf.workqueue.AutomaticWorkQueue;
@@ -256,6 +260,8 @@
      */
     private Map<String, Cookie> sessionCookies = new ConcurrentHashMap<String, Cookie>();
     private boolean maintainSession;
+    
+    private CertConstraints certConstraints;
 
     /**
      * Constructor
@@ -478,7 +484,7 @@
      */
     public void prepare(Message message) throws IOException {
         Map<String, List<String>> headers = getSetProtocolHeaders(message);
-        
+
         // This call can possibly change the conduit endpoint address and 
         // protocol from the default set in EndpointInfo that is associated
         // with the Conduit.
@@ -592,9 +598,13 @@
         
         message.put(KEY_HTTP_CONNECTION, connection);
         
+        if (certConstraints != null) {
+            message.put(CertConstraints.class.getName(), certConstraints);
+            message.getInterceptorChain().add(CertConstraintsInterceptor.INSTANCE);
+        }
+        
         // Set the headers on the message according to configured 
         // client side policy.
-        
         setHeadersByPolicy(message, currentURL, headers);
      
         
@@ -1372,6 +1382,10 @@
                     + "trustManagers " + tlsClientParameters.getTrustManagers()
                     + "secureRandom " + tlsClientParameters.getSecureRandom());
             }
+            CertificateConstraintsType constraints = params.getCertConstraints();
+            if (constraints != null) {
+                certConstraints = CertConstraintsJaxBUtils.createCertConstraints(constraints);
+            }
         } else {
             if (LOG.isLoggable(Level.FINE)) {
                 LOG.log(Level.FINE, "Conduit '" + getConduitName()

Copied: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java
(from r828758, cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java)
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java?p2=cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java&p1=cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java&r1=828758&r2=828762&rev=828762&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java
(original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/CertConstraintsFeature.java
Thu Oct 22 15:57:33 2009
@@ -20,7 +20,6 @@
 package org.apache.cxf.transport.https;
 
 import org.apache.cxf.Bus;
-import org.apache.cxf.common.injection.NoJSR250Annotations;
 import org.apache.cxf.configuration.security.CertificateConstraintsType;
 import org.apache.cxf.endpoint.Client;
 import org.apache.cxf.endpoint.Server;
@@ -54,7 +53,6 @@
   ]]>
   </pre>
  */
-@NoJSR250Annotations
 public class CertConstraintsFeature extends AbstractFeature {
     CertificateConstraintsType contraints;
     



Mime
View raw message