cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1239213 - /cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
Date Wed, 01 Feb 2012 17:16:23 GMT
Author: dkulp
Date: Wed Feb  1 17:16:22 2012
New Revision: 1239213

URL: http://svn.apache.org/viewvc?rev=1239213&view=rev
Log:
Update OSGi http-conduit config stuff to support TLS stuff

Modified:
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java?rev=1239213&r1=1239212&r2=1239213&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/osgi/HTTPTransportActivator.java
Wed Feb  1 17:16:22 2012
@@ -22,15 +22,27 @@ package org.apache.cxf.transport.http.os
 import java.util.Dictionary;
 import java.util.Enumeration;
 import java.util.IdentityHashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.Properties;
+import java.util.StringTokenizer;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.jsse.spring.TLSParameterJaxBUtils;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.CertStoreType;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
+import org.apache.cxf.configuration.security.CombinatorType;
+import org.apache.cxf.configuration.security.DNConstraintsType;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
 import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
+import org.apache.cxf.configuration.security.SecureRandomParameters;
+import org.apache.cxf.configuration.security.TrustManagersType;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.HTTPConduitConfigurer;
 import org.apache.cxf.transports.http.configuration.ConnectionType;
@@ -46,6 +58,27 @@ import org.osgi.service.cm.ManagedServic
 import org.osgi.util.tracker.ServiceTracker;
 
 /**
+ * This class registers a HTTPConduitConfigurer that will pull information from the 
+ * config:admin service to configure conduits.   With the Felix file based impl, the
+ * format for that would be in files named org.apache.cxf.http.conduits-XYZ.cfg
+ * that has a list of properties like:
+ * 
+ * url: Regex url to match the configuration
+ * client.*
+ * tlsClientParameters.*
+ * proxyAuthorization.*
+ * authorization.*
+ * 
+ * Where each of those is a prefix for the attributes that would be on the elements 
+ * of the http:conduit configuration defined at:
+ * 
+ * http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ * 
+ * For example:
+ * client.ReceiveTimeout: 1000
+ * authorization.Username: Foo
+ * tlsClientParameters.keyManagers.keyStore.file: mykeys.jks
+ * etc....
  * 
  */
 public class HTTPTransportActivator 
@@ -167,6 +200,9 @@ public class HTTPTransportActivator 
     private void applyTlsClientParameters(Dictionary<String, String> d, HTTPConduit
c) {
         Enumeration<String> keys = d.keys();
         TLSClientParameters p = c.getTlsClientParameters();
+        SecureRandomParameters srp = null;
+        KeyManagersType kmt = null;
+        TrustManagersType tmt = null;
         while (keys.hasMoreElements()) {
             String k = keys.nextElement();
             if (k.startsWith("tlsClientParameters.")) {
@@ -177,12 +213,171 @@ public class HTTPTransportActivator 
                 String v = d.get(k);
                 k = k.substring("tlsClientParameters.".length());
 
-                if ("".equals(v)) {
-                    //
+                if ("secureSocketProtocol".equals(k)) {
+                    p.setSecureSocketProtocol(v);
+                } else if ("sslCacheTimeout".equals(k)) {
+                    p.setSslCacheTimeout(Integer.parseInt(v));
+                } else if ("jsseProvider".equals(k)) {
+                    p.setJsseProvider(v);
+                } else if ("disableCNCheck".equals(k)) {
+                    p.setDisableCNCheck(Boolean.parseBoolean(v));
+                } else if ("useHttpsURLConnectionDefaultHostnameVerifier".equals(k)) {
+                    p.setUseHttpsURLConnectionDefaultHostnameVerifier(Boolean.parseBoolean(v));
+                } else if ("useHttpsURLConnectionDefaultSslSocketFactory".equals(k)) {
+                    p.setUseHttpsURLConnectionDefaultSslSocketFactory(Boolean.parseBoolean(v));
+                } else if (k.startsWith("certConstraints.")) {
+                    k = k.substring("certConstraints.".length());
+                    CertificateConstraintsType cct = p.getCertConstraints();
+                    if (cct == null) {
+                        cct = new CertificateConstraintsType();
+                        p.setCertConstraints(cct);
+                    }
+                    DNConstraintsType dnct = null;
+                    if (k.startsWith("SubjectDNConstraints.")) {
+                        dnct = cct.getSubjectDNConstraints();
+                        if (dnct == null) {
+                            dnct = new DNConstraintsType();
+                            cct.setSubjectDNConstraints(dnct);
+                        }
+                        k = k.substring("SubjectDNConstraints.".length());
+                    } else if (k.startsWith("IssuerDNConstraints.")) {
+                        dnct = cct.getIssuerDNConstraints();
+                        if (dnct == null) {
+                            dnct = new DNConstraintsType();
+                            cct.setIssuerDNConstraints(dnct);
+                        }
+                        k = k.substring("IssuerDNConstraints.".length());
+                    }
+                    if ("combinator".equals(k)) {
+                        dnct.setCombinator(CombinatorType.fromValue(v));
+                    } else if ("RegularExpression".equals(k)) {
+                        dnct.getRegularExpression().add(k);
+                    }
+                } else if (k.startsWith("secureRandomParameters.")) {
+                    k = k.substring("secureRandomParameters.".length());
+                    if (srp == null) {
+                        srp = new SecureRandomParameters();
+                    }
+                    if ("algorithm".equals(k)) {
+                        srp.setAlgorithm(v);
+                    } else if ("provider".equals(k)) {
+                        srp.setProvider(v);
+                    }
+                } else if (k.startsWith("cipherSuitesFilter.")) {
+                    k = k.substring("cipherSuitesFilter.".length());
+                    StringTokenizer st = new StringTokenizer(v, ",");
+                    FiltersType ft = p.getCipherSuitesFilter();
+                    if (ft == null) {
+                        p.setCipherSuitesFilter(ft);
+                    }
+                    List<String> lst = "include".equals(k) ? ft.getInclude() : ft.getExclude();
+                    while (st.hasMoreTokens()) {
+                        lst.add(st.nextToken());
+                    }
+                } else if (k.startsWith("cipherSuites")) {
+                    StringTokenizer st = new StringTokenizer(v, ",");
+                    while (st.hasMoreTokens()) {
+                        p.getCipherSuites().add(st.nextToken());
+                    }
+                } else if (k.startsWith("trustManagers.")) {
+                    tmt = getTrustManagers(tmt,
+                                          k.substring("trustManagers.".length()),
+                                          v);
+                } else if (k.startsWith("keyManagers.")) {
+                    kmt = getKeyManagers(kmt,
+                                         k.substring("keyManagers.".length()),
+                                         v);
                 }
-                //TODO - map properties into tls information 
             }
         }
+        
+        try {
+            if (srp != null) {
+                p.setSecureRandom(TLSParameterJaxBUtils.getSecureRandom(srp));
+            }
+            if (kmt != null) {
+                p.setKeyManagers(TLSParameterJaxBUtils.getKeyManagers(kmt));
+            }
+            if (tmt != null) {
+                p.setTrustManagers(TLSParameterJaxBUtils.getTrustManagers(tmt));
+            }
+        } catch (RuntimeException e) {
+            throw e;
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    private KeyManagersType getKeyManagers(KeyManagersType keyManagers, String k, String
v) {
+        if (keyManagers == null) {
+            keyManagers = new KeyManagersType();
+        }
+        if ("factoryAlgorithm".equals(k)) {
+            keyManagers.setFactoryAlgorithm(v);
+        } else if ("provider".equals(k)) {
+            keyManagers.setProvider(v);
+        } else if ("keyPassword".equals(k)) {
+            keyManagers.setKeyPassword(v);
+        } else if (k.startsWith("keyStore.")) {
+            keyManagers.setKeyStore(getKeyStore(keyManagers.getKeyStore(),
+                                                k.substring("keyStore.".length()),
+                                                v));
+        }
+        return keyManagers;
+    }
+
+    private KeyStoreType getKeyStore(KeyStoreType ks, String k, String v) {
+        if (ks == null) {
+            ks = new KeyStoreType();
+        }
+        if ("type".equals(k)) {
+            ks.setType(v);
+        } else if ("password".equals(k)) {
+            ks.setPassword(v);
+        } else if ("provider".equals(k)) {
+            ks.setProvider(v);
+        } else if ("url".equals(k)) {
+            ks.setUrl(v);
+        } else if ("file".equals(k)) {
+            ks.setFile(v);
+        } else if ("resource".equals(k)) {
+            ks.setResource(v);
+        }
+        return ks;
+    }
+
+    private TrustManagersType getTrustManagers(TrustManagersType tmt, String k, String v)
{
+        if (tmt == null) {
+            tmt = new TrustManagersType();
+        }
+        if ("provider".equals(k)) {
+            tmt.setProvider(v);
+        } else if ("factoryAlgorithm".equals(k)) {
+            tmt.setFactoryAlgorithm(v);
+        } else if (k.startsWith("keyStore.")) {
+            tmt.setKeyStore(getKeyStore(tmt.getKeyStore(),
+                                        k.substring("keyStore.".length()),
+                                        v));
+        } else if (k.startsWith("certStore")) {
+            tmt.setCertStore(getCertStore(tmt.getCertStore(),
+                                          k.substring("certStore.".length()),
+                                          v));
+        }
+        return tmt;
+    }
+
+    private CertStoreType getCertStore(CertStoreType cs, String k, String v) {
+        if (cs == null) {
+            cs = new CertStoreType();
+        }
+        if ("file".equals(k)) {
+            cs.setFile(v);
+        } else if ("url".equals(k)) {
+            cs.setUrl(v);
+        } else if ("resource".equals(k)) {
+            cs.setResource(v);
+        }
+        return cs;
     }
 
     private void applyProxyAuthorization(Dictionary<String, String> d, HTTPConduit
c) {



Mime
View raw message