cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From a.@apache.org
Subject svn commit: r1363406 - in /cxf/branches/2.6.x-fixes: ./ api/src/main/java/org/apache/cxf/configuration/jsse/ api/src/main/resources/schemas/configuration/ rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/ rt/transports/http/src/tes...
Date Thu, 19 Jul 2012 16:02:16 GMT
Author: ay
Date: Thu Jul 19 16:02:16 2012
New Revision: 1363406

URL: http://svn.apache.org/viewvc?rev=1363406&view=rev
Log:
Merged revisions 1361283 via  svn merge from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1361283 | ay | 2012-07-13 18:20:56 +0200 (Fri, 13 Jul 2012) | 1 line
  
  [CXF-4423] more flexibility in configuring httpconduit's tlsClientParameters
........

Added:
    cxf/branches/2.6.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/
      - copied from r1361283, cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/
    cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
      - copied unchanged from r1361283, cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
Modified:
    cxf/branches/2.6.x-fixes/   (props changed)
    cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
    cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
    cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
    cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java

Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.

Modified: cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
(original)
+++ cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
Thu Jul 19 16:02:16 2012
@@ -24,12 +24,15 @@ import java.security.GeneralSecurityExce
 import java.util.HashSet;
 import java.util.Set;
 
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBElement;
 import javax.xml.bind.JAXBException;
 import javax.xml.bind.Unmarshaller;
 import javax.xml.stream.XMLStreamReader;
 
+import org.w3c.dom.Node;
 
 import org.apache.cxf.common.injection.NoJSR250Annotations;
 import org.apache.cxf.common.jaxb.JAXBContextCache;
@@ -73,6 +76,11 @@ public final class TLSClientParametersCo
 
         TLSClientParameters ret = new TLSClientParameters(); 
         boolean usingDefaults = params.isUseHttpsURLConnectionDefaultSslSocketFactory();
+
+        TLSClientParametersTypeInternal iparams = null;
+        if (params instanceof TLSClientParametersTypeInternal) {
+            iparams = (TLSClientParametersTypeInternal)params;
+        }
         
         if (params.isDisableCNCheck()) {
             ret.setDisableCNCheck(true);
@@ -118,6 +126,12 @@ public final class TLSClientParametersCo
         if (params.isSetCertAlias()) {
             ret.setCertAlias(params.getCertAlias());
         }
+        if (iparams != null && iparams.isSetKeyManagersRef() && !usingDefaults)
{
+            ret.setKeyManagers(iparams.getKeyManagersRef());
+        }
+        if (iparams != null && iparams.isSetTrustManagersRef() && !usingDefaults)
{
+            ret.setTrustManagers(iparams.getTrustManagersRef());
+        }
         return ret;
     }
     
@@ -145,5 +159,49 @@ public final class TLSClientParametersCo
             throw new RuntimeException(e);
         }
     }
+    
+    public static <T> T createTLSClientParameter(Node data, Class<T> cls) {
+        Unmarshaller u;
+        try {
+            u = getContext().createUnmarshaller();
+            Object obj = u.unmarshal(data, cls);
+            if (obj instanceof JAXBElement<?>) {
+                JAXBElement<?> el = (JAXBElement<?>)obj;
+                obj = el.getValue();
+            }
+            return cls.cast(obj);
+        } catch (JAXBException e) {
+            throw new RuntimeException("Could not parse configuration.", e);
+        }
+    }
+    
+    public static class TLSClientParametersTypeInternal extends TLSClientParametersType {
+        private KeyManager[] keyManagersRef;
+        private TrustManager[] trustManagersRef;
+
+        public KeyManager[] getKeyManagersRef() {
+            return keyManagersRef;
+        }
+
+        public void setKeyManagersRef(KeyManager[] keyManagersRef) {
+            this.keyManagersRef = keyManagersRef;
+        }
+        
+        public boolean isSetKeyManagersRef() {
+            return this.keyManagersRef != null;
+        }
 
+        public TrustManager[] getTrustManagersRef() {
+            return trustManagersRef;
+        }
+
+        public void setTrustManagersRef(TrustManager[] trustManagersRef) {
+            this.trustManagersRef = trustManagersRef;
+        }
+        
+        public boolean isSetTrustManagersRef() {
+            return this.trustManagersRef != null;
+        }
+
+    }
 }

Modified: cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd (original)
+++ cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd Thu
Jul 19 16:02:16 2012
@@ -265,6 +265,15 @@
                 </xs:documentation>
               </xs:annotation>
             </xs:attribute>
+            <xs:attribute name="ref" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the reference to the KeyManagers bean. This
+                attribute allows the KeyManagers instance to be constructed by other
+                means and referenced from this object.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
     </xs:complexType>
     
     <xs:complexType name="TrustManagersType">
@@ -308,6 +317,15 @@
                 </xs:documentation>
               </xs:annotation>
             </xs:attribute>
+            <xs:attribute name="ref" type="xs:string">
+              <xs:annotation>
+                <xs:documentation>
+                This attribute contains the reference to the TrustManagers bean. This
+                attribute allows the TrustManagers instance to be constructed by other
+                means and referenced from this object.
+                </xs:documentation>
+              </xs:annotation>
+            </xs:attribute>
     </xs:complexType>
     
     <xs:complexType name="CipherSuites">

Modified: cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
Thu Jul 19 16:02:16 2012
@@ -18,21 +18,24 @@
  */
 package org.apache.cxf.transport.http.spring;
 
-import java.io.StringWriter;
-
 import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamWriter;
 
+import org.w3c.dom.Attr;
 import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
 import org.w3c.dom.Node;
 
 import org.apache.cxf.common.classloader.ClassLoaderUtils;
 import org.apache.cxf.configuration.jsse.TLSClientParametersConfig;
 import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
+import org.apache.cxf.configuration.security.CipherSuites;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
 import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
+import org.apache.cxf.configuration.security.SecureRandomParameters;
+import org.apache.cxf.configuration.security.TrustManagersType;
 import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
-import org.apache.cxf.staxutils.StaxUtils;
 import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.transport.http.MessageTrustDecider;
 import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
@@ -46,6 +49,8 @@ public class HttpConduitBeanDefinitionPa
 
     private static final String HTTP_NS =
         "http://cxf.apache.org/transports/http/configuration";
+    private static final String SECURITY_NS =
+        "http://cxf.apache.org/configuration/security";
 
     @Override
     public void doParse(Element element, ParserContext ctx, BeanDefinitionBuilder bean) {
@@ -103,20 +108,77 @@ public class HttpConduitBeanDefinitionPa
      * generated type unmarshalled from the selected node.
      */
     @SuppressWarnings("deprecation")
-    public void mapTLSClientParameters(Element n, BeanDefinitionBuilder bean) {
-        StringWriter writer = new StringWriter();
-        XMLStreamWriter xmlWriter = StaxUtils.createXMLStreamWriter(writer);
-        try {
-            StaxUtils.copy(n, xmlWriter);
-            xmlWriter.flush();
-        } catch (XMLStreamException e) {
-            throw new RuntimeException(e);
+    public void mapTLSClientParameters(Element e, BeanDefinitionBuilder bean) {
+        BeanDefinitionBuilder paramsbean 
+            = BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.TLSClientParametersTypeInternal.class);
+        
+        // read the attributes
+        NamedNodeMap as = e.getAttributes();
+        for (int i = 0; i < as.getLength(); i++) {
+            Attr a = (Attr) as.item(i);
+            if (a.getNamespaceURI() == null) {
+                String aname = a.getLocalName();
+                if ("useHttpsURLConnectionDefaultSslSocketFactory".equals(aname) 
+                    || "useHttpsURLConnectionDefaultHostnameVerifier".equals(aname)
+                    || "disableCNCheck".equals(aname)) {
+                    paramsbean.addPropertyValue(aname, Boolean.parseBoolean(a.getValue()));
+                } else if ("jsseProvider".equals(aname) 
+                    || "secureSocketProtocol".equals(aname)) {
+                    paramsbean.addPropertyValue(aname, a.getNodeValue());
+                } else if ("sslCacheTimeout".equals(aname)) {
+                    paramsbean.addPropertyValue(aname, Integer.parseInt(a.getNodeValue()));
+                }
+            }
+        }
+        
+        // read the child elements
+        Node n = e.getFirstChild();
+        while (n != null) {
+            if (Node.ELEMENT_NODE != n.getNodeType() 
+                || !SECURITY_NS.equals(n.getNamespaceURI())) {
+                n = n.getNextSibling();
+                continue;
+            }
+            String ename = n.getLocalName();
+            // Schema should require that no more than one each of these exist.
+            String ref = ((Element)n).getAttribute("ref");
+
+            if ("keyManagers".equals(ename)) {
+                if (ref != null && ref.length() > 0) {
+                    paramsbean.addPropertyReference("keyManagersRef", ref);
+                } else {
+                    paramsbean.addPropertyValue(ename, 
+                        TLSClientParametersConfig.createTLSClientParameter(n, KeyManagersType.class));
+                }
+            } else if ("trustManagers".equals(ename)) {
+                if (ref != null && ref.length() > 0) {
+                    paramsbean.addPropertyReference("trustManagersRef", ref);
+                } else {
+                    paramsbean.addPropertyValue(ename, 
+                        TLSClientParametersConfig.createTLSClientParameter(n, TrustManagersType.class));
+                }
+            } else if ("cipherSuites".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, CipherSuites.class));
+            } else if ("cipherSuitesFilter".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, FiltersType.class));
+            } else if ("secureRandomParameters".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, SecureRandomParameters.class));
+            } else if ("certConstraints".equals(ename)) {
+                paramsbean.addPropertyValue(ename,
+                    TLSClientParametersConfig.createTLSClientParameter(n, CertificateConstraintsType.class));
+            } else if ("certAlias".equals(ename)) {
+                paramsbean.addPropertyValue(ename, n.getTextContent());
+            }
+            n = n.getNextSibling();
         }
 
         BeanDefinitionBuilder jaxbbean 
             = BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.class);
-        jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParameters");
-        jaxbbean.addConstructorArg(writer.toString());
+        jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParametersFromType");
+        jaxbbean.addConstructorArg(paramsbean.getBeanDefinition());
         bean.addPropertyValue("tlsClientParameters", jaxbbean.getBeanDefinition());
     }
     

Modified: cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
(original)
+++ cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Thu Jul 19 16:02:16 2012
@@ -21,10 +21,16 @@ package org.apache.cxf.systest.http;
 
 import java.net.URL;
 
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
 import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.BusFactory;
 import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
 import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
 import org.apache.hello_world.Greeter;
@@ -143,7 +149,11 @@ public class HTTPSClientTest extends Abs
         testSuccessfulCall("resources/jaxws-publish.xml",
                            "https://localhost:" + PORT1 + "/SoapContext/HttpsPort");
     }
-    
+    @Test
+    public final void testJaxwsTLSRefsEndpoint() throws Exception {
+        testSuccessfulCall("resources/jaxws-tlsrefs-publish.xml",
+                           "https://localhost:" + PORT1 + "/SoapContext/HttpsPort");
+    }
     @Test
     public final void testPKCS12Endpoint() throws Exception {
         testSuccessfulCall("resources/pkcs12.xml",
@@ -163,4 +173,37 @@ public class HTTPSClientTest extends Abs
                            true);
         
     }
+    
+    public static class ClientManagersFactory {
+        public static KeyManager[] getKeyManagers() {
+            KeyManagersType kmt = new KeyManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            kmt.setKeyStore(kst);
+            kmt.setKeyPassword("password");
+            try {
+                return TLSParameterJaxBUtils.getKeyManagers(kmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve key managers", e);
+            }
+        }
+    
+        public static TrustManager[] getTrustManagers() {
+            TrustManagersType tmt = new TrustManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            tmt.setKeyStore(kst);
+            try {
+                return TLSParameterJaxBUtils.getTrustManagers(tmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve trust managers", e);
+            }
+        }
+    }
 }



Mime
View raw message