cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject svn commit: r1456672 - in /cxf/branches/2.6.x-fixes: api/src/main/java/org/apache/cxf/configuration/jsse/ rt/transports/http/src/main/java/org/apache/cxf/transport/https/
Date Thu, 14 Mar 2013 20:51:55 GMT
Author: dkulp
Date: Thu Mar 14 20:51:54 2013
New Revision: 1456672

URL: http://svn.apache.org/r1456672
Log:
Merged revisions 1456660 via  git cherry-pick from
https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes

........
  r1456660 | dkulp | 2013-03-14 16:39:24 -0400 (Thu, 14 Mar 2013) | 10 lines

  Merged revisions 1456611 via  git cherry-pick from
  https://svn.apache.org/repos/asf/cxf/trunk

  ........
    r1456611 | dkulp | 2013-03-14 14:47:38 -0400 (Thu, 14 Mar 2013) | 2 lines

    [CXF-4895] FIx problem of reusing socketFactory after tlsclientparams have changed.

  ........

........

Modified:
    cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
    cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
    cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java

Modified: cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=1456672&r1=1456671&r2=1456672&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
(original)
+++ cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
Thu Mar 14 20:51:54 2013
@@ -18,6 +18,7 @@
  */
 package org.apache.cxf.configuration.jsse;
 
+import java.util.List;
 import javax.net.ssl.SSLSocketFactory;
 
 /**
@@ -122,4 +123,123 @@ public class TLSClientParameters extends
                       boolean useHttpsURLConnectionDefaultHostnameVerifier) {
         this.useHttpsURLConnectionDefaultHostnameVerifier = useHttpsURLConnectionDefaultHostnameVerifier;
     }
+    
+    public int hashCode() {
+        int hash = disableCNCheck ? 37 : 17;
+        if (sslSocketFactory != null) {
+            hash = hash * 41 + System.identityHashCode(sslSocketFactory);
+        }
+        hash = hash(hash, useHttpsURLConnectionDefaultSslSocketFactory);
+        hash = hash(hash, useHttpsURLConnectionDefaultHostnameVerifier);
+        hash = hash(hash, sslCacheTimeout);
+        hash = hash(hash, secureRandom);
+        hash = hash(hash, protocol);
+        hash = hash(hash, certAlias);
+        hash = hash(hash, provider);
+        for (String cs : ciphersuites) {
+            hash = hash(hash, cs);
+        }
+        hash = hash(hash, keyManagers);
+        hash = hash(hash, trustManagers);
+        if (cipherSuiteFilters != null) {
+            hash = hash(hash, cipherSuiteFilters.getInclude());
+            hash = hash(hash, cipherSuiteFilters.getExclude());
+        }
+        if (certConstraints != null) {
+            hash = hash(hash, certConstraints.getIssuerDNConstraints());
+            hash = hash(hash, certConstraints.getSubjectDNConstraints());
+        }
+        return hash;
+    }
+    private int hash(int i, Object o) {
+        if (o != null) {
+            i = i * 37 + o.hashCode();
+        }
+        return i;
+    }
+    private int hash(int i, Object[] os) {
+        if (os == null) {
+            return i;
+        }
+        for (Object o: os) {
+            i = hash(i, o);
+        }
+        return i;
+    }
+    
+    public boolean equals(Object o) {
+        if (o == this) {
+            return true;
+        }
+        if (o instanceof TLSClientParameters) {
+            TLSClientParameters that = (TLSClientParameters)o;
+            boolean eq = disableCNCheck == that.disableCNCheck;
+            eq &= sslSocketFactory == that.sslSocketFactory;
+            eq &= useHttpsURLConnectionDefaultSslSocketFactory == that.useHttpsURLConnectionDefaultSslSocketFactory;
+            eq &= useHttpsURLConnectionDefaultHostnameVerifier == that.useHttpsURLConnectionDefaultHostnameVerifier;
+            eq &= sslCacheTimeout == that.sslCacheTimeout;
+            eq &= secureRandom == that.secureRandom;
+            eq &= equals(certAlias, that.certAlias);
+            eq &= equals(protocol, that.protocol);
+            eq &= equals(provider, that.provider);
+            eq &= equals(ciphersuites, that.ciphersuites);
+            eq &= equals(keyManagers, that.keyManagers);
+            eq &= equals(trustManagers, that.trustManagers);
+            if (cipherSuiteFilters != null) {
+                if (that.cipherSuiteFilters != null) {
+                    eq &= equals(cipherSuiteFilters.getExclude(), that.cipherSuiteFilters.getExclude());
+                    eq &= equals(cipherSuiteFilters.getInclude(), that.cipherSuiteFilters.getInclude());
+                } else {
+                    eq = false;
+                }
+            } else {
+                eq &= that.cipherSuiteFilters == null;
+            }
+            if (certConstraints != null) {
+                if (that.certConstraints != null) {
+                    eq &= equals(certConstraints.getIssuerDNConstraints(), 
+                                 that.certConstraints.getIssuerDNConstraints());
+                    eq &= equals(certConstraints.getSubjectDNConstraints(),
+                                 that.certConstraints.getSubjectDNConstraints());
+                } else {
+                    eq = false;
+                }
+            } else {
+                eq &= that.certConstraints == null;
+            }
+            return eq;
+        }
+        return false;
+    }
+    
+    private static boolean equals(final List<?> obj1, final List<?> obj2) {
+        if (obj1.size() == obj2.size()) {
+            for (int x = 0; x < obj1.size(); x++) {
+                if (!equals(obj1.get(x), obj2.get(x))) {
+                    return false;
+                }
+            }
+            return true;
+        }
+        return false;
+    }
+    private static boolean equals(final Object obj1, final Object obj2) {
+        return obj1 == null ? obj2 == null : obj1.equals(obj2);
+    }
+    private static boolean equals(final Object[] a1, final Object[] a2) {
+        if (a1 == null) {
+            return a2 == null;
+        } else {
+            if (a2 != null && a1.length == a2.length) {
+                for (int i = 0; i < a1.length; i++) {
+                    if (!equals(a1[i], a2[i])) {
+                        return false;
+                    }
+                }
+                return true;
+            } else {
+                return false;
+            }
+        }
+    }
 }

Modified: cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java?rev=1456672&r1=1456671&r2=1456672&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
(original)
+++ cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
Thu Mar 14 20:51:54 2013
@@ -33,15 +33,15 @@ import org.apache.cxf.configuration.secu
  * to both client and server sides.
  */
 public class TLSParameterBase {
-    private KeyManager[]    keyManagers;
-    private TrustManager[]  trustManagers;
-    private String          provider;
-    private List<String>    ciphersuites = new ArrayList<String>();
-    private FiltersType     cipherSuiteFilters;
-    private CertificateConstraintsType certConstraints;
-    private SecureRandom    secureRandom;
-    private String          protocol;
-    private String          certAlias;
+    protected KeyManager[]    keyManagers;
+    protected TrustManager[]  trustManagers;
+    protected String          provider;
+    protected List<String>    ciphersuites = new ArrayList<String>();
+    protected FiltersType     cipherSuiteFilters;
+    protected CertificateConstraintsType certConstraints;
+    protected SecureRandom    secureRandom;
+    protected String          protocol;
+    protected String          certAlias;
     /**
      * Set the JSSE provider. If not set,
      * it uses system default.

Modified: cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1456672&r1=1456671&r2=1456672&view=diff
==============================================================================
--- cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Thu Mar 14 20:51:54 2013
@@ -65,6 +65,7 @@ public class HttpsURLConnectionFactory {
      * Cache the last SSLContext to avoid recreation
      */
     SSLSocketFactory socketFactory;
+    int lastTlsHash;
     
     /**
      * This constructor initialized the factory with the configured TLS
@@ -128,6 +129,13 @@ public class HttpsURLConnectionFactory {
     protected synchronized void decorateWithTLS(TLSClientParameters tlsClientParameters,

             HttpURLConnection connection) throws GeneralSecurityException {
 
+        
+        int hash = tlsClientParameters.hashCode();
+        if (hash != lastTlsHash) {
+            lastTlsHash = hash;
+            socketFactory = null;
+        }
+        
         // always reload socketFactory from HttpsURLConnection.defaultSSLSocketFactory and

         // tlsClientParameters.sslSocketFactory to allow runtime configuration change
         if (tlsClientParameters.isUseHttpsURLConnectionDefaultSslSocketFactory()) {



Mime
View raw message