Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 1ED33D5D8 for ; Thu, 14 Mar 2013 20:54:05 +0000 (UTC) Received: (qmail 87332 invoked by uid 500); 14 Mar 2013 20:54:05 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 87278 invoked by uid 500); 14 Mar 2013 20:54:05 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 87271 invoked by uid 99); 14 Mar 2013 20:54:05 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Mar 2013 20:54:05 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 14 Mar 2013 20:54:01 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 5B8332388906; Thu, 14 Mar 2013 20:51:55 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1456672 - in /cxf/branches/2.6.x-fixes: api/src/main/java/org/apache/cxf/configuration/jsse/ rt/transports/http/src/main/java/org/apache/cxf/transport/https/ Date: Thu, 14 Mar 2013 20:51:55 -0000 To: commits@cxf.apache.org From: dkulp@apache.org X-Mailer: svnmailer-1.0.8-patched Message-Id: <20130314205155.5B8332388906@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: dkulp Date: Thu Mar 14 20:51:54 2013 New Revision: 1456672 URL: http://svn.apache.org/r1456672 Log: Merged revisions 1456660 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes ........ r1456660 | dkulp | 2013-03-14 16:39:24 -0400 (Thu, 14 Mar 2013) | 10 lines Merged revisions 1456611 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1456611 | dkulp | 2013-03-14 14:47:38 -0400 (Thu, 14 Mar 2013) | 2 lines [CXF-4895] FIx problem of reusing socketFactory after tlsclientparams have changed. ........ ........ Modified: cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Modified: cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=1456672&r1=1456671&r2=1456672&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java (original) +++ cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java Thu Mar 14 20:51:54 2013 @@ -18,6 +18,7 @@ */ package org.apache.cxf.configuration.jsse; +import java.util.List; import javax.net.ssl.SSLSocketFactory; /** @@ -122,4 +123,123 @@ public class TLSClientParameters extends boolean useHttpsURLConnectionDefaultHostnameVerifier) { this.useHttpsURLConnectionDefaultHostnameVerifier = useHttpsURLConnectionDefaultHostnameVerifier; } + + public int hashCode() { + int hash = disableCNCheck ? 37 : 17; + if (sslSocketFactory != null) { + hash = hash * 41 + System.identityHashCode(sslSocketFactory); + } + hash = hash(hash, useHttpsURLConnectionDefaultSslSocketFactory); + hash = hash(hash, useHttpsURLConnectionDefaultHostnameVerifier); + hash = hash(hash, sslCacheTimeout); + hash = hash(hash, secureRandom); + hash = hash(hash, protocol); + hash = hash(hash, certAlias); + hash = hash(hash, provider); + for (String cs : ciphersuites) { + hash = hash(hash, cs); + } + hash = hash(hash, keyManagers); + hash = hash(hash, trustManagers); + if (cipherSuiteFilters != null) { + hash = hash(hash, cipherSuiteFilters.getInclude()); + hash = hash(hash, cipherSuiteFilters.getExclude()); + } + if (certConstraints != null) { + hash = hash(hash, certConstraints.getIssuerDNConstraints()); + hash = hash(hash, certConstraints.getSubjectDNConstraints()); + } + return hash; + } + private int hash(int i, Object o) { + if (o != null) { + i = i * 37 + o.hashCode(); + } + return i; + } + private int hash(int i, Object[] os) { + if (os == null) { + return i; + } + for (Object o: os) { + i = hash(i, o); + } + return i; + } + + public boolean equals(Object o) { + if (o == this) { + return true; + } + if (o instanceof TLSClientParameters) { + TLSClientParameters that = (TLSClientParameters)o; + boolean eq = disableCNCheck == that.disableCNCheck; + eq &= sslSocketFactory == that.sslSocketFactory; + eq &= useHttpsURLConnectionDefaultSslSocketFactory == that.useHttpsURLConnectionDefaultSslSocketFactory; + eq &= useHttpsURLConnectionDefaultHostnameVerifier == that.useHttpsURLConnectionDefaultHostnameVerifier; + eq &= sslCacheTimeout == that.sslCacheTimeout; + eq &= secureRandom == that.secureRandom; + eq &= equals(certAlias, that.certAlias); + eq &= equals(protocol, that.protocol); + eq &= equals(provider, that.provider); + eq &= equals(ciphersuites, that.ciphersuites); + eq &= equals(keyManagers, that.keyManagers); + eq &= equals(trustManagers, that.trustManagers); + if (cipherSuiteFilters != null) { + if (that.cipherSuiteFilters != null) { + eq &= equals(cipherSuiteFilters.getExclude(), that.cipherSuiteFilters.getExclude()); + eq &= equals(cipherSuiteFilters.getInclude(), that.cipherSuiteFilters.getInclude()); + } else { + eq = false; + } + } else { + eq &= that.cipherSuiteFilters == null; + } + if (certConstraints != null) { + if (that.certConstraints != null) { + eq &= equals(certConstraints.getIssuerDNConstraints(), + that.certConstraints.getIssuerDNConstraints()); + eq &= equals(certConstraints.getSubjectDNConstraints(), + that.certConstraints.getSubjectDNConstraints()); + } else { + eq = false; + } + } else { + eq &= that.certConstraints == null; + } + return eq; + } + return false; + } + + private static boolean equals(final List obj1, final List obj2) { + if (obj1.size() == obj2.size()) { + for (int x = 0; x < obj1.size(); x++) { + if (!equals(obj1.get(x), obj2.get(x))) { + return false; + } + } + return true; + } + return false; + } + private static boolean equals(final Object obj1, final Object obj2) { + return obj1 == null ? obj2 == null : obj1.equals(obj2); + } + private static boolean equals(final Object[] a1, final Object[] a2) { + if (a1 == null) { + return a2 == null; + } else { + if (a2 != null && a1.length == a2.length) { + for (int i = 0; i < a1.length; i++) { + if (!equals(a1[i], a2[i])) { + return false; + } + } + return true; + } else { + return false; + } + } + } } Modified: cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java?rev=1456672&r1=1456671&r2=1456672&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java (original) +++ cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java Thu Mar 14 20:51:54 2013 @@ -33,15 +33,15 @@ import org.apache.cxf.configuration.secu * to both client and server sides. */ public class TLSParameterBase { - private KeyManager[] keyManagers; - private TrustManager[] trustManagers; - private String provider; - private List ciphersuites = new ArrayList(); - private FiltersType cipherSuiteFilters; - private CertificateConstraintsType certConstraints; - private SecureRandom secureRandom; - private String protocol; - private String certAlias; + protected KeyManager[] keyManagers; + protected TrustManager[] trustManagers; + protected String provider; + protected List ciphersuites = new ArrayList(); + protected FiltersType cipherSuiteFilters; + protected CertificateConstraintsType certConstraints; + protected SecureRandom secureRandom; + protected String protocol; + protected String certAlias; /** * Set the JSSE provider. If not set, * it uses system default. Modified: cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1456672&r1=1456671&r2=1456672&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original) +++ cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Thu Mar 14 20:51:54 2013 @@ -65,6 +65,7 @@ public class HttpsURLConnectionFactory { * Cache the last SSLContext to avoid recreation */ SSLSocketFactory socketFactory; + int lastTlsHash; /** * This constructor initialized the factory with the configured TLS @@ -128,6 +129,13 @@ public class HttpsURLConnectionFactory { protected synchronized void decorateWithTLS(TLSClientParameters tlsClientParameters, HttpURLConnection connection) throws GeneralSecurityException { + + int hash = tlsClientParameters.hashCode(); + if (hash != lastTlsHash) { + lastTlsHash = hash; + socketFactory = null; + } + // always reload socketFactory from HttpsURLConnection.defaultSSLSocketFactory and // tlsClientParameters.sslSocketFactory to allow runtime configuration change if (tlsClientParameters.isUseHttpsURLConnectionDefaultSslSocketFactory()) {