cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a.@apache.org
Subject svn commit: r1361283 - in /cxf/trunk: api/src/main/java/org/apache/cxf/configuration/jsse/ api/src/main/resources/schemas/configuration/ rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/ rt/transports/http/src/test/java/org/apache/...
Date Fri, 13 Jul 2012 16:20:56 GMT
Author: ay
Date: Fri Jul 13 16:20:56 2012
New Revision: 1361283

URL: http://svn.apache.org/viewvc?rev=1361283&view=rev
Log:
[CXF-4423] more flexibility in configuring httpconduit's tlsClientParameters

Added:
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
  (with props)
    cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
  (with props)
    cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
  (with props)
Modified:
    cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
    cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
    cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java

Modified: cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
--- cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
(original)
+++ cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
Fri Jul 13 16:20:56 2012
@@ -24,12 +24,15 @@ import java.security.GeneralSecurityExce
 import java.util.HashSet;
 import java.util.Set;
 
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBElement;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
 import javax.xml.stream.XMLStreamReader;
 
+import org.w3c.dom.Node;
 
 import org.apache.cxf.common.injection.NoJSR250Annotations;
 import org.apache.cxf.common.jaxb.JAXBContextCache;
@@ -73,6 +76,11 @@ public final class TLSClientParametersCo
 
         TLSClientParameters ret = new TLSClientParameters(); 
         boolean usingDefaults = params.isUseHttpsURLConnectionDefaultSslSocketFactory();
+
+        TLSClientParametersTypeInternal iparams = null;
+        if (params instanceof TLSClientParametersTypeInternal) {
+            iparams = (TLSClientParametersTypeInternal)params;
+        }
         
         if (params.isDisableCNCheck()) {
             ret.setDisableCNCheck(true);
@@ -118,6 +126,12 @@ public final class TLSClientParametersCo
         if (params.isSetCertAlias()) {
             ret.setCertAlias(params.getCertAlias());
         }
+        if (iparams != null && iparams.isSetKeyManagersRef() && !usingDefaults)
{
+            ret.setKeyManagers(iparams.getKeyManagersRef());
+        }
+        if (iparams != null && iparams.isSetTrustManagersRef() && !usingDefaults)
{
+            ret.setTrustManagers(iparams.getTrustManagersRef());
+        }
         return ret;
     }
     
@@ -145,5 +159,49 @@ public final class TLSClientParametersCo
             throw new RuntimeException(e);
         }
     }
+    
+    public static <T> T createTLSClientParameter(Node data, Class<T> cls) {
+        Unmarshaller u;
+        try {
+            u = getContext().createUnmarshaller();
+            Object obj = u.unmarshal(data, cls);
+            if (obj instanceof JAXBElement<?>) {
+                JAXBElement<?> el = (JAXBElement<?>)obj;
+                obj = el.getValue();
+            }
+            return cls.cast(obj);
+        } catch (JAXBException e) {
+            throw new RuntimeException("Could not parse configuration.", e);
+        }
+    }
+    
+    public static class TLSClientParametersTypeInternal extends TLSClientParametersType {
+        private KeyManager[] keyManagersRef;
+        private TrustManager[] trustManagersRef;
+
+        public KeyManager[] getKeyManagersRef() {
+            return keyManagersRef;
+        }
+
+        public void setKeyManagersRef(KeyManager[] keyManagersRef) {
+            this.keyManagersRef = keyManagersRef;
+        }
+        
+        public boolean isSetKeyManagersRef() {
+            return this.keyManagersRef != null;
+        }
 
+        public TrustManager[] getTrustManagersRef() {
+            return trustManagersRef;
+        }
+
+        public void setTrustManagersRef(TrustManager[] trustManagersRef) {
+            this.trustManagersRef = trustManagersRef;
+        }
+        
+        public boolean isSetTrustManagersRef() {
+            return this.trustManagersRef != null;
+        }
+
+    }
 }

Modified: cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
--- cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd (original)
+++ cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd Fri Jul 13 16:20:56
2012
@@ -265,6 +265,15 @@
                 </xs:documentation>
               </xs:annotation>
             </xs:attribute>
+            <xs:attribute name="ref" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the reference to the KeyManagers bean. This
+                attribute allows the KeyManagers instance to be constructed by other
+                means and referenced from this object.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
     </xs:complexType>
     
     <xs:complexType name="TrustManagersType">
@@ -308,6 +317,15 @@
                 </xs:documentation>
               </xs:annotation>
             </xs:attribute>
+            <xs:attribute name="ref" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the reference to the TrustManagers bean. This
+                attribute allows the TrustManagers instance to be constructed by other
+                means and referenced from this object.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
     </xs:complexType>
     
     <xs:complexType name="CipherSuites">

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
Fri Jul 13 16:20:56 2012
@@ -18,21 +18,24 @@
  */
 package org.apache.cxf.transport.http.spring;
 
-import java.io.StringWriter;
-
 import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamWriter;
 
+import org.w3c.dom.Attr;
 import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.configuration.jsse.TLSClientParametersConfig;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
+import org.apache.cxf.configuration.security.CipherSuites;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
 import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
+import org.apache.cxf.configuration.security.SecureRandomParameters;
+import org.apache.cxf.configuration.security.TrustManagersType;
 import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
-import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.MessageTrustDecider;
 import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
@@ -46,6 +49,8 @@ public class HttpConduitBeanDefinitionPa
 
     private static final String HTTP_NS =
         "http://cxf.apache.org/transports/http/configuration";
+    private static final String SECURITY_NS =
+        "http://cxf.apache.org/configuration/security";
 
     @Override
     public void doParse(Element element, ParserContext ctx, BeanDefinitionBuilder bean) {
@@ -103,20 +108,77 @@ public class HttpConduitBeanDefinitionPa
      * generated type unmarshalled from the selected node.
      */
     @SuppressWarnings("deprecation")
-    public void mapTLSClientParameters(Element n, BeanDefinitionBuilder bean) {
-        StringWriter writer = new StringWriter();
-        XMLStreamWriter xmlWriter = StaxUtils.createXMLStreamWriter(writer);
-        try {
-            StaxUtils.copy(n, xmlWriter);
-            xmlWriter.flush();
-        } catch (XMLStreamException e) {
-            throw new RuntimeException(e);
+    public void mapTLSClientParameters(Element e, BeanDefinitionBuilder bean) {
+        BeanDefinitionBuilder paramsbean 
+            = BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.TLSClientParametersTypeInternal.class);
+        
+        // read the attributes
+        NamedNodeMap as = e.getAttributes();
+        for (int i = 0; i < as.getLength(); i++) {
+            Attr a = (Attr) as.item(i);
+            if (a.getNamespaceURI() == null) {
+                String aname = a.getLocalName();
+                if ("useHttpsURLConnectionDefaultSslSocketFactory".equals(aname) 
+                    || "useHttpsURLConnectionDefaultHostnameVerifier".equals(aname)
+                    || "disableCNCheck".equals(aname)) {
+                    paramsbean.addPropertyValue(aname, Boolean.parseBoolean(a.getValue()));
+                } else if ("jsseProvider".equals(aname) 
+                    || "secureSocketProtocol".equals(aname)) {
+                    paramsbean.addPropertyValue(aname, a.getNodeValue());
+                } else if ("sslCacheTimeout".equals(aname)) {
+                    paramsbean.addPropertyValue(aname, Integer.parseInt(a.getNodeValue()));
+                }
+            }
+        }
+        
+        // read the child elements
+        Node n = e.getFirstChild();
+        while (n != null) {
+            if (Node.ELEMENT_NODE != n.getNodeType() 
+                || !SECURITY_NS.equals(n.getNamespaceURI())) {
+                n = n.getNextSibling();
+                continue;
+            }
+            String ename = n.getLocalName();
+            // Schema should require that no more than one each of these exist.
+            String ref = ((Element)n).getAttribute("ref");
+
+            if ("keyManagers".equals(ename)) {
+                if (ref != null && ref.length() > 0) {
+                    paramsbean.addPropertyReference("keyManagersRef", ref);
+                } else {
+                    paramsbean.addPropertyValue(ename, 
+                        TLSClientParametersConfig.createTLSClientParameter(n, KeyManagersType.class));
+                }
+            } else if ("trustManagers".equals(ename)) {
+                if (ref != null && ref.length() > 0) {
+                    paramsbean.addPropertyReference("trustManagersRef", ref);
+                } else {
+                    paramsbean.addPropertyValue(ename, 
+                        TLSClientParametersConfig.createTLSClientParameter(n, TrustManagersType.class));
+                }
+            } else if ("cipherSuites".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, CipherSuites.class));
+            } else if ("cipherSuitesFilter".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, FiltersType.class));
+            } else if ("secureRandomParameters".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, SecureRandomParameters.class));
+            } else if ("certConstraints".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, CertificateConstraintsType.class));
+            } else if ("certAlias".equals(ename)) {
+                paramsbean.addPropertyValue(ename, n.getTextContent());
+            }
+            n = n.getNextSibling();
         }
 
         BeanDefinitionBuilder jaxbbean 
             = BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.class);
-        jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParameters");
-        jaxbbean.addConstructorArg(writer.toString());
+        jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParametersFromType");
+        jaxbbean.addConstructorArg(paramsbean.getBeanDefinition());
         bean.addPropertyValue("tlsClientParameters", jaxbbean.getBeanDefinition());
     }
     

Added: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java?rev=1361283&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
(added)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,146 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.transport.http.spring;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509TrustManager;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transport.http.HTTPTransportFactory;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * 
+ */
+public class HttpConduitConfigurationTest extends Assert {
+    private static EndpointInfo ei;
+    private Bus bus;
+
+    @BeforeClass
+    public static void setUpOnce() {
+        ei = new EndpointInfo();
+        ei.setName(new QName("http://apache.org/hello_world", "HelloWorld"));
+        ei.setAddress("https://localhost:8443/nopath");
+    }
+    
+    @After
+    public void tearDown() {
+        bus.shutdown(true);
+        BusFactory.setDefaultBus(null);
+    }
+    
+    @Test
+    public void testConduitBean() throws Exception {
+        SpringBusFactory factory = new SpringBusFactory();
+        bus = factory.createBus("org/apache/cxf/transport/http/spring/conduit-bean.xml");
+        HTTPTransportFactory atf = new HTTPTransportFactory(bus);
+        HTTPConduit conduit = (HTTPConduit)atf.getConduit(ei);
+        
+        verifyConduit(conduit);
+    }
+
+    @Test
+    public void testConduitBeanWithTLSReferences() throws Exception {
+        SpringBusFactory factory = new SpringBusFactory();
+        bus = factory.createBus("org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml");
+        HTTPTransportFactory atf = new HTTPTransportFactory(bus);
+        HTTPConduit conduit = (HTTPConduit)atf.getConduit(ei);
+
+        verifyConduit(conduit);
+    }
+
+    private void verifyConduit(HTTPConduit conduit) {
+        AuthorizationPolicy authp = conduit.getAuthorization();
+        assertNotNull(authp);
+        assertEquals("Betty", authp.getUserName());
+        assertEquals("password", authp.getPassword());
+        TLSClientParameters tlscps = conduit.getTlsClientParameters();
+        assertNotNull(tlscps);
+        assertTrue(tlscps.isDisableCNCheck());
+        assertEquals(3600000, tlscps.getSslCacheTimeout());
+        
+        KeyManager[] kms = tlscps.getKeyManagers();
+        assertTrue(kms != null && kms.length == 1);
+        assertTrue(kms[0] instanceof X509KeyManager);
+        
+        TrustManager[] tms = tlscps.getTrustManagers(); 
+        assertTrue(tms != null && tms.length == 1);
+        assertTrue(tms[0] instanceof X509TrustManager);
+        
+        FiltersType csfs = tlscps.getCipherSuitesFilter();
+        assertNotNull(csfs);
+        assertEquals(5, csfs.getInclude().size());
+        assertEquals(1, csfs.getExclude().size());
+    }
+
+    
+    public static final class ManagersFactory {
+    
+        public static KeyManager[] getKeyManagers() {
+            KeyManagersType kmt = new KeyManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setResource("org/apache/cxf/transport/https/resources/Bethal.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            kmt.setKeyStore(kst);
+            kmt.setKeyPassword("password");
+            try {
+                return TLSParameterJaxBUtils.getKeyManagers(kmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve key managers", e);
+            }
+        }
+    
+        public static TrustManager[] getTrustManagers() {
+            TrustManagersType tmt = new TrustManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setResource("org/apache/cxf/transport/https/resources/Gordy.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            tmt.setKeyStore(kst);
+            try {
+                return TLSParameterJaxBUtils.getTrustManagers(tmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve trust managers", e);
+            }
+        }
+    }
+
+}

Added: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml?rev=1361283&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
(added)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:cxf-beans="http://cxf.apache.org/configuration/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration" 
+       xmlns:sec="http://cxf.apache.org/configuration/security"       
+       xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd

+http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd

+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+
+   <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">   
+	   <http:tlsClientParameters sslCacheTimeout="3600000" disableCNCheck="true">
+	      <sec:keyManagers keyPassword="password">
+	           <sec:keyStore type="JKS" password="password"
+	                resource="org/apache/cxf/transport/https/resources/Bethal.jks"/>
+	      </sec:keyManagers>
+	      <sec:trustManagers>
+	          <sec:keyStore type="JKS" password="password"
+	               resource="org/apache/cxf/transport/https/resources/Gordy.jks"/>
+	      </sec:trustManagers>
+	      <sec:cipherSuitesFilter>
+	        <!-- these filters ensure that a ciphersuite with
+	          export-suitable or null encryption is used,
+	          but exclude anonymous Diffie-Hellman key change as
+	          this is vulnerable to man-in-the-middle attacks -->
+	        <sec:include>.*_EXPORT_.*</sec:include>
+	        <sec:include>.*_EXPORT1024_.*</sec:include>
+	        <sec:include>.*_WITH_DES_.*</sec:include>
+            <sec:include>.*_WITH_AES_.*</sec:include>
+	        <sec:include>.*_WITH_NULL_.*</sec:include>
+	        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+	      </sec:cipherSuitesFilter>
+	  </http:tlsClientParameters>
+	  <http:authorization>
+	     <sec:UserName>Betty</sec:UserName>
+	     <sec:Password>password</sec:Password>
+	  </http:authorization>
+      <http:client AutoRedirect="true" Connection="Keep-Alive"/>
+
+   </http:conduit>    
+</beans>

Propchange: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Added: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml?rev=1361283&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
(added)
+++ cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  Licensed to the Apache Software Foundation (ASF) under one
+  or more contributor license agreements. See the NOTICE file
+  distributed with this work for additional information
+  regarding copyright ownership. The ASF licenses this file
+  to you under the Apache License, Version 2.0 (the
+  "License"); you may not use this file except in compliance
+  with the License. You may obtain a copy of the License at
+ 
+  http://www.apache.org/licenses/LICENSE-2.0
+ 
+  Unless required by applicable law or agreed to in writing,
+  software distributed under the License is distributed on an
+  "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+  KIND, either express or implied. See the License for the
+  specific language governing permissions and limitations
+  under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:cxf-beans="http://cxf.apache.org/configuration/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration" 
+       xmlns:sec="http://cxf.apache.org/configuration/security"       
+       xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd

+http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd

+http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+   <bean id="keyManagers" class="org.apache.cxf.transport.http.spring.HttpConduitConfigurationTest$ManagersFactory"
factory-method="getKeyManagers"/>
+   <bean id="trustManagers" class="org.apache.cxf.transport.http.spring.HttpConduitConfigurationTest$ManagersFactory"
factory-method="getTrustManagers"/>
+
+   <http:conduit name="{http://apache.org/hello_world}HelloWorld.http-conduit">   
+	   <http:tlsClientParameters sslCacheTimeout="3600000" disableCNCheck="true">
+	      <sec:keyManagers ref="keyManagers"/>
+	      <sec:trustManagers ref="trustManagers"/>
+	      <sec:cipherSuitesFilter>
+	        <!-- these filters ensure that a ciphersuite with
+	          export-suitable or null encryption is used,
+	          but exclude anonymous Diffie-Hellman key change as
+	          this is vulnerable to man-in-the-middle attacks -->
+	        <sec:include>.*_EXPORT_.*</sec:include>
+	        <sec:include>.*_EXPORT1024_.*</sec:include>
+	        <sec:include>.*_WITH_DES_.*</sec:include>
+            <sec:include>.*_WITH_AES_.*</sec:include>
+	        <sec:include>.*_WITH_NULL_.*</sec:include>
+	        <sec:exclude>.*_DH_anon_.*</sec:exclude>
+	      </sec:cipherSuitesFilter>
+	  </http:tlsClientParameters>
+	  <http:authorization>
+	     <sec:UserName>Betty</sec:UserName>
+	     <sec:Password>password</sec:Password>
+	  </http:authorization>
+      <http:client AutoRedirect="true" Connection="Keep-Alive"/>
+
+   </http:conduit>    
+</beans>

Propchange: cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml

Modified: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
--- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
(original)
+++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Fri Jul 13 16:20:56 2012
@@ -21,10 +21,16 @@ package org.apache.cxf.systest.http;
 
 import java.net.URL;
 
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
 import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
 import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.hello_world.Greeter;
@@ -143,7 +149,11 @@ public class HTTPSClientTest extends Abs
         testSuccessfulCall("resources/jaxws-publish.xml",
                            "https://localhost:" + PORT1 + "/SoapContext/HttpsPort");
     }
-    
+    @Test
+    public final void testJaxwsTLSRefsEndpoint() throws Exception {
+        testSuccessfulCall("resources/jaxws-tlsrefs-publish.xml",
+                           "https://localhost:" + PORT1 + "/SoapContext/HttpsPort");
+    }
     @Test
     public final void testPKCS12Endpoint() throws Exception {
         testSuccessfulCall("resources/pkcs12.xml",
@@ -163,4 +173,37 @@ public class HTTPSClientTest extends Abs
                            true);
         
     }
+    
+    public static class ClientManagersFactory {
+        public static KeyManager[] getKeyManagers() {
+            KeyManagersType kmt = new KeyManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            kmt.setKeyStore(kst);
+            kmt.setKeyPassword("password");
+            try {
+                return TLSParameterJaxBUtils.getKeyManagers(kmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve key managers", e);
+            }
+        }
+    
+        public static TrustManager[] getTrustManagers() {
+            TrustManagersType tmt = new TrustManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            tmt.setKeyStore(kst);
+            try {
+                return TLSParameterJaxBUtils.getTrustManagers(tmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve trust managers", e);
+            }
+        }
+    }
 }

Added: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml?rev=1361283&view=auto
==============================================================================
--- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
(added)
+++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xmlns:http="http://cxf.apache.org/transports/http/configuration"
+       xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"
+       xmlns:jaxws="http://cxf.apache.org/jaxws"
+       xmlns:sec="http://cxf.apache.org/configuration/security"
+       xsi:schemaLocation="
+        http://www.springframework.org/schema/beans                 http://www.springframework.org/schema/beans/spring-beans.xsd
+        http://cxf.apache.org/jaxws                                 http://cxf.apache.org/schemas/jaxws.xsd
+        http://cxf.apache.org/transports/http/configuration         http://cxf.apache.org/schemas/configuration/http-conf.xsd
+        http://cxf.apache.org/transports/http-jetty/configuration   http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+        http://cxf.apache.org/configuration/security                http://cxf.apache.org/schemas/configuration/security.xsd
+        ">
+    <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+    <!-- -->
+    <!-- This Spring config file is designed to represent a minimal -->
+    <!-- configuration for spring-loading a CXF servant, where the -->
+    <!-- servant listens using HTTP/S as the transport protocol. -->
+    <!-- -->
+    <!-- Note that the service endpoint is spring-loaded.  In the -->
+    <!-- scenario in which this config is designed to run, the -->
+    <!-- server application merely instantiates a Bus, and does not -->
+    <!-- publish any services programmatically -->
+    <!-- -->
+
+    <!-- -->
+    <!-- Spring-load an HTTPS servant -->
+    <!-- -->
+    <jaxws:endpoint 
+        id="JaxwsHttpsEndpoint"
+        implementor="org.apache.cxf.systest.http.GreeterImpl"
+        address="https://localhost:${testutil.ports.BusServer.1}/SoapContext/HttpsPort"
+        serviceName="s:SOAPService"
+        endpointName="e:HttpsPort"
+        xmlns:e="http://apache.org/hello_world/services"
+        xmlns:s="http://apache.org/hello_world/services"
+        depends-on="port-9001-tls-config"/>
+
+    <!-- -->
+    <!-- TLS Port configuration parameters for port 9001 -->
+    <!-- -->
+    <httpj:engine-factory id="port-9001-tls-config">
+        <httpj:engine port="${testutil.ports.BusServer.1}">
+            <httpj:tlsServerParameters>
+               <sec:keyManagers keyPassword="password">
+               <sec:keyStore type="JKS" password="password" 
+                    file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+                </sec:keyManagers>
+                <sec:trustManagers>
+                <sec:keyStore type="JKS" password="password"
+                   file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+                </sec:trustManagers>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+
+    <!-- -->
+    <!-- HTTP/S configuration for clients -->
+    <!-- -->
+    <bean id="clientKeyManagers" class="org.apache.cxf.systest.http.HTTPSClientTest$ClientManagersFactory"
factory-method="getKeyManagers"/>
+    <bean id="clientTrustManagers" class="org.apache.cxf.systest.http.HTTPSClientTest$ClientManagersFactory"
factory-method="getTrustManagers"/>
+
+    <http:conduit name="{http://apache.org/hello_world/services}HttpsPort.http-conduit">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:keyManagers ref="clientKeyManagers"/>
+            <sec:trustManagers ref="clientTrustManagers"/>
+        </http:tlsClientParameters>
+    </http:conduit>
+
+</beans>

Propchange: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
------------------------------------------------------------------------------
    svn:executable = *

Propchange: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
------------------------------------------------------------------------------
    svn:mime-type = text/xml



Mime
View raw message