Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8A413D645 for ; Fri, 20 Jul 2012 17:37:43 +0000 (UTC) Received: (qmail 87144 invoked by uid 500); 20 Jul 2012 17:37:43 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 87088 invoked by uid 500); 20 Jul 2012 17:37:43 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 87081 invoked by uid 99); 20 Jul 2012 17:37:43 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jul 2012 17:37:43 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 20 Jul 2012 17:37:39 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 45E7323888FD; Fri, 20 Jul 2012 17:37:19 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1363879 - in /cxf/trunk: api/src/main/java/org/apache/cxf/configuration/jsse/ rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/ systests/transports/src/test/java/org/apache/cxf/systest/http/ systests/transp... Date: Fri, 20 Jul 2012 17:37:19 -0000 To: commits@cxf.apache.org From: ay@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20120720173719.45E7323888FD@eris.apache.org> Author: ay Date: Fri Jul 20 17:37:18 2012 New Revision: 1363879 URL: http://svn.apache.org/viewvc?rev=1363879&view=rev Log: [CXF-4438] more flexibility in configuring tlsServerParameters in spring and blueprint Modified: cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml Modified: cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java URL: http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java?rev=1363879&r1=1363878&r2=1363879&view=diff ============================================================================== --- cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java (original) +++ cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java Fri Jul 20 17:37:18 2012 @@ -21,6 +21,9 @@ package org.apache.cxf.configuration.jss import java.io.IOException; import java.security.GeneralSecurityException; +import javax.net.ssl.KeyManager; +import javax.net.ssl.TrustManager; + import org.apache.cxf.common.injection.NoJSR250Annotations; import org.apache.cxf.configuration.security.TLSServerParametersType; @@ -36,6 +39,12 @@ public class TLSServerParametersConfig public TLSServerParametersConfig(TLSServerParametersType params) throws GeneralSecurityException, IOException { + + TLSServerParametersTypeInternal iparams = null; + if (params instanceof TLSServerParametersTypeInternal) { + iparams = (TLSServerParametersTypeInternal)params; + } + if (params.isSetSecureSocketProtocol()) { this.setSecureSocketProtocol(params.getSecureSocketProtocol()); } @@ -71,5 +80,42 @@ public class TLSServerParametersConfig if (params.isSetCertAlias()) { this.setCertAlias(params.getCertAlias()); } + if (iparams != null && iparams.isSetKeyManagersRef()) { + this.setKeyManagers(iparams.getKeyManagersRef()); + } + if (iparams != null && iparams.isSetTrustManagersRef()) { + this.setTrustManagers(iparams.getTrustManagersRef()); + } + } + + public static class TLSServerParametersTypeInternal extends TLSServerParametersType { + private KeyManager[] keyManagersRef; + private TrustManager[] trustManagersRef; + + public KeyManager[] getKeyManagersRef() { + return keyManagersRef; + } + + public void setKeyManagersRef(KeyManager[] keyManagersRef) { + this.keyManagersRef = keyManagersRef; + } + + public boolean isSetKeyManagersRef() { + return this.keyManagersRef != null; + } + + public TrustManager[] getTrustManagersRef() { + return trustManagersRef; + } + + public void setTrustManagersRef(TrustManager[] trustManagersRef) { + this.trustManagersRef = trustManagersRef; + } + + public boolean isSetTrustManagersRef() { + return this.trustManagersRef != null; + } + } + } Modified: cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java?rev=1363879&r1=1363878&r2=1363879&view=diff ============================================================================== --- cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java (original) +++ cxf/trunk/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java Fri Jul 20 17:37:18 2012 @@ -27,13 +27,23 @@ import java.util.List; import javax.annotation.PostConstruct; import javax.xml.bind.JAXBContext; +import org.w3c.dom.Attr; import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor; import org.apache.cxf.common.injection.NoJSR250Annotations; import org.apache.cxf.configuration.jsse.TLSServerParametersConfig; +import org.apache.cxf.configuration.security.CertificateConstraintsType; +import org.apache.cxf.configuration.security.CipherSuites; +import org.apache.cxf.configuration.security.ClientAuthentication; +import org.apache.cxf.configuration.security.FiltersType; +import org.apache.cxf.configuration.security.KeyManagersType; +import org.apache.cxf.configuration.security.SecureRandomParameters; import org.apache.cxf.configuration.security.TLSServerParametersType; +import org.apache.cxf.configuration.security.TrustManagersType; import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine; @@ -55,6 +65,8 @@ import org.springframework.context.Appli public class JettyHTTPServerEngineBeanDefinitionParser extends AbstractBeanDefinitionParser { + private static final String SECURITY_NS = + "http://cxf.apache.org/configuration/security"; public void doParse(Element element, ParserContext ctx, BeanDefinitionBuilder bean) { @@ -89,12 +101,7 @@ public class JettyHTTPServerEngineBeanDe while (elem != null) { String name = elem.getLocalName(); if ("tlsServerParameters".equals(name)) { - mapElementToJaxbPropertyFactory(elem, - bean, - "tlsServerParameters", - TLSServerParametersType.class, - JettyHTTPServerEngineBeanDefinitionParser.class, - "createTLSServerParametersConfig"); + mapTLSServerParameters(elem, bean); } else if ("threadingParameters".equals(name)) { mapElementToJaxbPropertyFactory(elem, bean, @@ -140,6 +147,76 @@ public class JettyHTTPServerEngineBeanDe bean.setLazyInit(false); } + private void mapTLSServerParameters(Element e, BeanDefinitionBuilder bean) { + BeanDefinitionBuilder paramsbean + = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.TLSServerParametersTypeInternal.class); + + // read the attributes + NamedNodeMap as = e.getAttributes(); + for (int i = 0; i < as.getLength(); i++) { + Attr a = (Attr) as.item(i); + if (a.getNamespaceURI() == null) { + String aname = a.getLocalName(); + if ("jsseProvider".equals(aname) + || "secureSocketProtocol".equals(aname)) { + paramsbean.addPropertyValue(aname, a.getValue()); + } + } + } + + // read the child elements + Node n = e.getFirstChild(); + while (n != null) { + if (Node.ELEMENT_NODE != n.getNodeType() + || !SECURITY_NS.equals(n.getNamespaceURI())) { + n = n.getNextSibling(); + continue; + } + String ename = n.getLocalName(); + // Schema should require that no more than one each of these exist. + String ref = ((Element)n).getAttribute("ref"); + + if ("keyManagers".equals(ename)) { + if (ref != null && ref.length() > 0) { + paramsbean.addPropertyReference("keyManagersRef", ref); + } else { + mapElementToJaxbProperty((Element)n, paramsbean, ename, + KeyManagersType.class); + } + } else if ("trustManagers".equals(ename)) { + if (ref != null && ref.length() > 0) { + paramsbean.addPropertyReference("trustManagersRef", ref); + } else { + mapElementToJaxbProperty((Element)n, paramsbean, ename, + TrustManagersType.class); + } + } else if ("cipherSuites".equals(ename)) { + mapElementToJaxbProperty((Element)n, paramsbean, ename, + CipherSuites.class); + } else if ("cipherSuitesFilter".equals(ename)) { + mapElementToJaxbProperty((Element)n, paramsbean, ename, + FiltersType.class); + } else if ("secureRandomParameters".equals(ename)) { + mapElementToJaxbProperty((Element)n, paramsbean, ename, + SecureRandomParameters.class); + } else if ("clientAuthentication".equals(ename)) { + mapElementToJaxbProperty((Element)n, paramsbean, ename, + ClientAuthentication.class); + } else if ("certConstraints".equals(ename)) { + mapElementToJaxbProperty((Element)n, paramsbean, ename, + CertificateConstraintsType.class); + } else if ("certAlias".equals(ename)) { + paramsbean.addPropertyValue(ename, n.getTextContent()); + } + n = n.getNextSibling(); + } + + BeanDefinitionBuilder jaxbbean + = BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.class); + jaxbbean.addConstructorArg(paramsbean.getBeanDefinition()); + bean.addPropertyValue("tlsServerParameters", jaxbbean.getBeanDefinition()); + } + private static ThreadingParameters toThreadingParameters( ThreadingParametersType paramtype) { ThreadingParameters params = new ThreadingParameters(); Modified: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=1363879&r1=1363878&r2=1363879&view=diff ============================================================================== --- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java (original) +++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java Fri Jul 20 17:37:18 2012 @@ -174,7 +174,7 @@ public class HTTPSClientTest extends Abs } - public static class ClientManagersFactory { + public static class ServerManagersFactory { public static KeyManager[] getKeyManagers() { KeyManagersType kmt = new KeyManagersType(); KeyStoreType kst = new KeyStoreType(); @@ -206,4 +206,37 @@ public class HTTPSClientTest extends Abs } } } + + public static class ClientManagersFactory { + public static KeyManager[] getKeyManagers() { + KeyManagersType kmt = new KeyManagersType(); + KeyStoreType kst = new KeyStoreType(); + kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks"); + kst.setPassword("password"); + kst.setType("JKS"); + + kmt.setKeyStore(kst); + kmt.setKeyPassword("password"); + try { + return TLSParameterJaxBUtils.getKeyManagers(kmt); + } catch (Exception e) { + throw new RuntimeException("failed to retrieve key managers", e); + } + } + + public static TrustManager[] getTrustManagers() { + TrustManagersType tmt = new TrustManagersType(); + KeyStoreType kst = new KeyStoreType(); + kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"); + kst.setPassword("password"); + kst.setType("JKS"); + + tmt.setKeyStore(kst); + try { + return TLSParameterJaxBUtils.getTrustManagers(tmt); + } catch (Exception e) { + throw new RuntimeException("failed to retrieve trust managers", e); + } + } + } } Modified: cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml URL: http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml?rev=1363879&r1=1363878&r2=1363879&view=diff ============================================================================== --- cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml (original) +++ cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml Fri Jul 20 17:37:18 2012 @@ -59,17 +59,14 @@ under the License. + + + - - - - - - + +