cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1456660 - in /cxf/branches/2.7.x-fixes: api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Date Thu, 14 Mar 2013 20:39:25 GMT
Author: dkulp
Date: Thu Mar 14 20:39:24 2013
New Revision: 1456660

URL: http://svn.apache.org/r1456660
Log:
Merged revisions 1456611 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/trunk

........
  r1456611 | dkulp | 2013-03-14 14:47:38 -0400 (Thu, 14 Mar 2013) | 2 lines

  [CXF-4895] FIx problem of reusing socketFactory after tlsclientparams have changed.

........

Modified:
    cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
    cxf/branches/2.7.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java

Modified: cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=1456660&r1=1456659&r2=1456660&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
(original)
+++ cxf/branches/2.7.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
Thu Mar 14 20:39:24 2013
@@ -127,6 +127,11 @@ public class TLSClientParameters extends
     
     public int hashCode() {
         int hash = disableCNCheck ? 37 : 17;
+        if (sslSocketFactory != null) {
+            hash = hash * 41 + System.identityHashCode(sslSocketFactory);
+        }
+        hash = hash(hash, useHttpsURLConnectionDefaultSslSocketFactory);
+        hash = hash(hash, useHttpsURLConnectionDefaultHostnameVerifier);
         hash = hash(hash, sslCacheTimeout);
         hash = hash(hash, secureRandom);
         hash = hash(hash, protocol);
@@ -170,35 +175,38 @@ public class TLSClientParameters extends
         if (o instanceof TLSClientParameters) {
             TLSClientParameters that = (TLSClientParameters)o;
             boolean eq = disableCNCheck == that.disableCNCheck;
-            eq |= sslCacheTimeout == that.sslCacheTimeout;
-            eq |= secureRandom == that.secureRandom;
-            eq |= equals(certAlias, that.certAlias);
-            eq |= equals(protocol, that.protocol);
-            eq |= equals(provider, that.provider);
-            eq |= equals(ciphersuites, that.ciphersuites);
-            eq |= equals(keyManagers, that.keyManagers);
-            eq |= equals(trustManagers, that.trustManagers);
+            eq &= sslSocketFactory == that.sslSocketFactory;
+            eq &= useHttpsURLConnectionDefaultSslSocketFactory == that.useHttpsURLConnectionDefaultSslSocketFactory;
+            eq &= useHttpsURLConnectionDefaultHostnameVerifier == that.useHttpsURLConnectionDefaultHostnameVerifier;
+            eq &= sslCacheTimeout == that.sslCacheTimeout;
+            eq &= secureRandom == that.secureRandom;
+            eq &= equals(certAlias, that.certAlias);
+            eq &= equals(protocol, that.protocol);
+            eq &= equals(provider, that.provider);
+            eq &= equals(ciphersuites, that.ciphersuites);
+            eq &= equals(keyManagers, that.keyManagers);
+            eq &= equals(trustManagers, that.trustManagers);
             if (cipherSuiteFilters != null) {
                 if (that.cipherSuiteFilters != null) {
-                    eq |= equals(cipherSuiteFilters.getExclude(), that.cipherSuiteFilters.getExclude());
-                    eq |= equals(cipherSuiteFilters.getInclude(), that.cipherSuiteFilters.getInclude());
+                    eq &= equals(cipherSuiteFilters.getExclude(), that.cipherSuiteFilters.getExclude());
+                    eq &= equals(cipherSuiteFilters.getInclude(), that.cipherSuiteFilters.getInclude());
                 } else {
                     eq = false;
                 }
             } else {
-                eq |= that.cipherSuiteFilters == null;
+                eq &= that.cipherSuiteFilters == null;
             }
             if (certConstraints != null) {
                 if (that.certConstraints != null) {
-                    eq |= equals(certConstraints.getIssuerDNConstraints(), 
+                    eq &= equals(certConstraints.getIssuerDNConstraints(), 
                                  that.certConstraints.getIssuerDNConstraints());
-                    eq |= equals(certConstraints.getSubjectDNConstraints(),
+                    eq &= equals(certConstraints.getSubjectDNConstraints(),
                                  that.certConstraints.getSubjectDNConstraints());
                 } else {
                     eq = false;
                 }
             } else {
-                eq |= that.certConstraints == null;
+                eq &= that.certConstraints == null;
             }
             return eq;
         }

Modified: cxf/branches/2.7.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.7.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1456660&r1=1456659&r2=1456660&view=diff
==============================================================================
--- cxf/branches/2.7.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/branches/2.7.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Thu Mar 14 20:39:24 2013
@@ -66,6 +66,7 @@ public class HttpsURLConnectionFactory {
      * Cache the last SSLContext to avoid recreation
      */
     SSLSocketFactory socketFactory;
+    int lastTlsHash;
     
     /**
      * This constructor initialized the factory with the configured TLS
@@ -129,6 +130,13 @@ public class HttpsURLConnectionFactory {
     protected synchronized void decorateWithTLS(TLSClientParameters tlsClientParameters,

             HttpURLConnection connection) throws GeneralSecurityException {
 
+        
+        int hash = tlsClientParameters.hashCode();
+        if (hash != lastTlsHash) {
+            lastTlsHash = hash;
+            socketFactory = null;
+        }
+        
         // always reload socketFactory from HttpsURLConnection.defaultSSLSocketFactory and

         // tlsClientParameters.sslSocketFactory to allow runtime configuration change
         if (tlsClientParameters.isUseHttpsURLConnectionDefaultSslSocketFactory()) {



Mime
View raw message