cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From clecl...@apache.org
Subject svn commit: r918786 - in /cxf/trunk: api/src/main/java/org/apache/cxf/configuration/jsse/ common/schemas/src/main/resources/schemas/configuration/ rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/ rt/transports/http/src/main/ja...
Date Thu, 04 Mar 2010 00:11:59 GMT
Author: cleclerc
Date: Thu Mar  4 00:11:59 2010
New Revision: 918786

URL: http://svn.apache.org/viewvc?rev=918786&view=rev
Log:
[CXF-2688] revert change

Modified:
    cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
    cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java

Modified: cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=918786&r1=918785&r2=918786&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
(original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
Thu Mar  4 00:11:59 2010
@@ -28,7 +28,6 @@
 public class TLSClientParameters extends TLSParameterBase {
     private boolean disableCNCheck;
     private SSLSocketFactory sslSocketFactory;    
-    private boolean trustAllCertificates;
 
     /**
      * Set whether or not JSEE should omit checking if the host name
@@ -50,22 +49,6 @@
     }
 
     /**
-     * Returns whether or not JSSE omits checking X509 certificates 
-     * validity (using an 'accept all' X509TrustManager).
-     */
-    public boolean isTrustAllCertificates() {
-        return trustAllCertificates;
-    }
-
-    /**
-     * Set whether or not JSSE should omit checking X509 certificates 
-     * validity (using an 'accept all' {@link javax.net.ssl.X509TrustManager}).
-     */
-    public void setTrustAllCertificates(boolean trustAllCertificates) {
-        this.trustAllCertificates = trustAllCertificates;
-    }
-
-    /**
      * This sets the SSLSocketFactory to use, causing all other properties of
      * this bean (and its superclass) to get ignored (this takes precendence).
      */

Modified: cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd?rev=918786&r1=918785&r2=918786&view=diff
==============================================================================
--- cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd (original)
+++ cxf/trunk/common/schemas/src/main/resources/schemas/configuration/security.xsd Thu Mar
 4 00:11:59 2010
@@ -443,16 +443,6 @@
                 </xs:documentation>
              </xs:annotation>
            </xs:attribute>
-           <xs:attribute name="trustAllCertificates" type="pt:ParameterizedBoolean" default="false">
-             <xs:annotation>
-                <xs:documentation>
-                This attribute specifies if JSSE should omit checking X509
-                certificates validity (using an 'accept all X509TrustManager').  
-                Default is false; this attribute should not be set to true during 
-                production use. Since 2.2.7.
-                </xs:documentation>
-             </xs:annotation>
-           </xs:attribute>
            <xs:attribute name="jsseProvider"          type="xs:string">
               <xs:annotation>
                 <xs:documentation>

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java?rev=918786&r1=918785&r2=918786&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
Thu Mar  4 00:11:59 2010
@@ -65,9 +65,6 @@
         if (params.isDisableCNCheck()) {
             ret.setDisableCNCheck(true);
         }
-        if (params.isTrustAllCertificates()) {
-            ret.setTrustAllCertificates(true);
-        }
         if (params.isSetSecureSocketProtocol()) {
             ret.setSecureSocketProtocol(params.getSecureSocketProtocol());
         }

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=918786&r1=918785&r2=918786&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Thu Mar  4 00:11:59 2010
@@ -175,30 +175,27 @@
                       ? SSLContext.getInstance(protocol)
                       : SSLContext.getInstance(protocol, provider);
             
-            TrustManager[] trustManagers;
-            if (tlsClientParameters.isTrustAllCertificates()) {
-                trustManagers = new TrustManager[] {
-                    new javax.net.ssl.X509TrustManager() {
-                        public java.security.cert.X509Certificate[] getAcceptedIssuers()
{
-                            return null;
-                        }
-
-                        public void checkClientTrusted(java.security.cert.X509Certificate[]
certs,
-                                                       String authType) {
-                        }
+                      
 
-                        public void checkServerTrusted(java.security.cert.X509Certificate[]
certs,
-                                                       String authType) {
-                        }
+            TrustManager[] trustAllCerts = tlsClientParameters.getTrustManagers();
+            /*
+            TrustManager[] trustAllCerts = new TrustManager[] {
+                new javax.net.ssl.X509TrustManager() {
+                    public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+                        return null;
                     }
-                };
-            } else {
-                trustManagers = tlsClientParameters.getTrustManagers();
-            }
-            
+                    public void checkClientTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                    }
+                    public void checkServerTrusted(
+                        java.security.cert.X509Certificate[] certs, String authType) {
+                    }
+                }
+            };
+            */         
             ctx.init(
                 tlsClientParameters.getKeyManagers(),
-                trustManagers, 
+                trustAllCerts, 
                 tlsClientParameters.getSecureRandom());
             
             // The "false" argument means opposite of exclude.
@@ -214,13 +211,12 @@
                                                         tlsClientParameters.getSecureSocketProtocol());
         }
         
-        HostnameVerifier hostnameVerifier = tlsClientParameters.isDisableCNCheck() 
-            || tlsClientParameters.isTrustAllCertificates() ? CertificateHostnameVerifier.ALLOW_ALL

-            : CertificateHostnameVerifier.DEFAULT;
+        HostnameVerifier verifier = tlsClientParameters.isDisableCNCheck() 
+            ? CertificateHostnameVerifier.ALLOW_ALL : CertificateHostnameVerifier.DEFAULT;
         if (connection instanceof HttpsURLConnection) {
             // handle the expected case (javax.net.ssl)
             HttpsURLConnection conn = (HttpsURLConnection) connection;
-            conn.setHostnameVerifier(hostnameVerifier);
+            conn.setHostnameVerifier(verifier);
             conn.setSSLSocketFactory(socketFactory);
         } else {
             // handle the deprecated sun case and other possible hidden API's 
@@ -228,7 +224,7 @@
             try {
                 Method method = connection.getClass().getMethod("getHostnameVerifier");
                 
-                InvocationHandler handler = new ReflectionInvokationHandler(hostnameVerifier)
{
+                InvocationHandler handler = new ReflectionInvokationHandler(verifier) {
                     public Object invoke(Object proxy, 
                                          Method method, 
                                          Object[] args) throws Throwable {



Mime
View raw message