cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject svn commit: r1305789 - in /cxf/branches/2.4.x-fixes: ./ api/src/main/java/org/apache/cxf/configuration/jsse/ api/src/main/resources/schemas/configuration/ rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/ rt/transports/http/s...
Date Tue, 27 Mar 2012 09:28:18 GMT
Author: ffang
Date: Tue Mar 27 09:28:18 2012
New Revision: 1305789

URL: http://svn.apache.org/viewvc?rev=1305789&view=rev
Log:
Merged revisions 1305786 via svnmerge from 
https://svn.apache.org/repos/asf/cxf/branches/2.5.x-fixes

................
  r1305786 | ffang | 2012-03-27 17:15:12 +0800 (二, 27  3 2012) | 9 lines
  
  Merged revisions 1305775 via svnmerge from 
  https://svn.apache.org/repos/asf/cxf/trunk
  
  ........
    r1305775 | ffang | 2012-03-27 16:30:32 +0800 (二, 27  3 2012) | 1 line
    
    [CXF-4204]CXF https transport should support to specify the cert alias name
  ........
................

Added:
    cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java
      - copied unchanged from r1305786, cxf/branches/2.5.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java
Modified:
    cxf/branches/2.4.x-fixes/   (props changed)
    cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
    cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
    cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
    cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
    cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
    cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
    cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
    cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml

Propchange: cxf/branches/2.4.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
(original)
+++ cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
Tue Mar 27 09:28:18 2012
@@ -41,7 +41,7 @@ public class TLSParameterBase {
     private CertificateConstraintsType certConstraints;
     private SecureRandom    secureRandom;
     private String          protocol;
-    
+    private String          certAlias;
     /**
      * Set the JSSE provider. If not set,
      * it uses system default.
@@ -164,4 +164,19 @@ public class TLSParameterBase {
     public String getSecureSocketProtocol() {
         return protocol;
     }
+    
+    /**
+     * This parameter configures the cert alias used on server side
+     * this is useful when keystore has multiple certs
+     */
+    public final void setCertAlias(String ctAlias) {
+        certAlias = ctAlias;
+    }
+    
+    /**
+     * This parameter retrieves the cert alias specified on server side
+     */
+    public String getCertAlias() {
+        return certAlias;
+    }
 }

Modified: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd (original)
+++ cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd Tue
Mar 27 09:28:18 2012
@@ -432,6 +432,13 @@
                 </xs:documentation>
               </xs:annotation>
            </xs:element>
+           <xs:element name="certAlias" type="xs:string" minOccurs="0">
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the Certificate Alias.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
         </xs:all>
            <xs:attribute name="useHttpsURLConnectionDefaultSslSocketFactory" type="pt:ParameterizedBoolean"
default="false">
              <xs:annotation>
@@ -542,6 +549,13 @@
                 </xs:documentation>
               </xs:annotation>
            </xs:element>
+           <xs:element name="certAlias" type="xs:string" minOccurs="0">
+              <xs:annotation>
+                <xs:documentation>
+                This element contains the Certificate Alias.
+                </xs:documentation>
+              </xs:annotation>
+           </xs:element>
         </xs:all>
            <xs:attribute name="jsseProvider"          type="xs:string">
               <xs:annotation>

Modified: cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
Tue Mar 27 09:28:18 2012
@@ -26,11 +26,13 @@ import java.util.logging.Logger;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509KeyManager;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.ReflectionInvokationHandler;
 import org.apache.cxf.configuration.security.ClientAuthentication;
 import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
 import org.apache.cxf.transport.https.SSLUtils;
 import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
 
@@ -47,7 +49,7 @@ public class CXFJettySslSocketConnector 
     protected SecureRandom   secureRandom;
     protected List<String>   cipherSuites;
     protected FiltersType    cipherSuitesFilter;
-    
+       
     /**
      * Set the cipherSuites
      */
@@ -83,6 +85,7 @@ public class CXFJettySslSocketConnector 
         secureRandom = random;
     }
     
+    
     /**
      * Set the ClientAuthentication (from the JAXB type) that
      * configures an HTTP Destination.
@@ -114,6 +117,9 @@ public class CXFJettySslSocketConnector 
             ? SSLContext.getInstance(proto)
                 : SSLContext.getInstance(proto, getCxfSslContextFactory().getProvider());
             
+        if (getCxfSslContextFactory().getCertAlias() != null) {
+            getKeyManagersWithCertAlias();
+        }
         context.init(keyManagers, trustManagers, secureRandom);
 
         String[] cs = 
@@ -128,6 +134,17 @@ public class CXFJettySslSocketConnector 
         return context;
     }
     
+    protected void getKeyManagersWithCertAlias() throws Exception {
+        if (getCxfSslContextFactory().getCertAlias() != null) {
+            for (int idx = 0; idx < keyManagers.length; idx++) {
+                if (keyManagers[idx] instanceof X509KeyManager) {
+                    keyManagers[idx] = new AliasedX509ExtendedKeyManager(
+                        getCxfSslContextFactory().getCertAlias(), (X509KeyManager)keyManagers[idx]);
+                }
+            }
+        }
+    }
+    
     public CxfSslContextFactory getCxfSslContextFactory() {
         try {
             Object o = getClass().getMethod("getSslContextFactory").invoke(this);
@@ -155,6 +172,10 @@ public class CXFJettySslSocketConnector 
         void setProtocol(String secureSocketProtocol);
 
         void setProvider(String jsseProvider);
+        
+        void setCertAlias(String certAlias);
+        
+        String getCertAlias();
     }
     
 }

Modified: cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
Tue Mar 27 09:28:18 2012
@@ -87,6 +87,7 @@ public final class JettySslConnectorFact
         con.getCxfSslContextFactory().setProvider(tlsServerParameters.getJsseProvider());
         con.setCipherSuites(tlsServerParameters.getCipherSuites());
         con.setCipherSuitesFilter(tlsServerParameters.getCipherSuitesFilter());
+        con.getCxfSslContextFactory().setCertAlias(tlsServerParameters.getCertAlias());
     }
 
 

Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
Tue Mar 27 09:28:18 2012
@@ -116,6 +116,9 @@ public final class TLSClientParametersCo
         if (params.isSetSslCacheTimeout()) {
             ret.setSslCacheTimeout(params.getSslCacheTimeout());
         }
+        if (params.isSetCertAlias()) {
+            ret.setCertAlias(params.getCertAlias());
+        }
         return ret;
     }
     

Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
Tue Mar 27 09:28:18 2012
@@ -69,5 +69,8 @@ public class TLSServerParametersConfig 
         if (params.isSetCertConstraints()) {
             this.setCertConstraints(params.getCertConstraints());
         }
+        if (params.isSetCertAlias()) {
+            this.setCertAlias(params.getCertAlias());
+        }
     }
 }

Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Tue Mar 27 09:28:18 2012
@@ -32,13 +32,16 @@ import java.util.logging.Logger;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.X509KeyManager;
 
 import org.apache.cxf.common.logging.LogUtils;
 import org.apache.cxf.common.util.ReflectionInvokationHandler;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
 
+
 /**
  * This HttpsURLConnectionFactory implements the HttpURLConnectionFactory
  * for using the given SSL Policy to configure TLS connections for "https:"
@@ -147,7 +150,11 @@ public class HttpsURLConnectionFactory {
             SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
                 .getInstance(protocol, provider);
             ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
-            ctx.init(tlsClientParameters.getKeyManagers(), tlsClientParameters.getTrustManagers(),
+            KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
+            if (tlsClientParameters.getCertAlias() != null) {
+                getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
+            }
+            ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
                      tlsClientParameters.getSecureRandom());
 
             // The "false" argument means opposite of exclude.
@@ -239,6 +246,22 @@ public class HttpsURLConnectionFactory {
     protected void addLogHandler(Handler handler) {
         LOG.addHandler(handler);
     }
+    
+    protected void getKeyManagersWithCertAlias(TLSClientParameters tlsClientParameters,
+                                               KeyManager[] keyManagers) throws GeneralSecurityException
{
+        if (tlsClientParameters.getCertAlias() != null) {
+            for (int idx = 0; idx < keyManagers.length; idx++) {
+                if (keyManagers[idx] instanceof X509KeyManager) {
+                    try {
+                        keyManagers[idx] = new AliasedX509ExtendedKeyManager(
+                            tlsClientParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]);
+                    } catch (Exception e) {
+                        throw new GeneralSecurityException(e);
+                    }
+                }
+            }
+        }
+    }
 
 }
 

Modified: cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml
(original)
+++ cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml
Tue Mar 27 09:28:18 2012
@@ -86,6 +86,8 @@ under the License.
 	          	<sec:keyStore type="JKS" password="password"
 	               file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
 	     		</sec:trustManagers>
+                <sec:clientAuthentication want="true" required="true"/>
+                <sec:certAlias>bethal</sec:certAlias>
             </httpj:tlsServerParameters>
         </httpj:engine>
     </httpj:engine-factory>
@@ -103,7 +105,8 @@ under the License.
 	           <sec:keyStore type="JKS" password="password"
 	               file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
 	        </sec:trustManagers>
+            <sec:certAlias>morpit</sec:certAlias>
         </http:tlsClientParameters>
     </http:conduit>
 
-</beans>
\ No newline at end of file
+</beans>



Mime
View raw message