cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From serg...@apache.org
Subject svn commit: r1517872 - in /cxf/trunk: core/src/main/java/org/apache/cxf/configuration/jsse/ rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/ rt/transports/http-n...
Date Tue, 27 Aug 2013 16:44:03 GMT
Author: sergeyb
Date: Tue Aug 27 16:44:02 2013
New Revision: 1517872

URL: http://svn.apache.org/r1517872
Log:
[CXF-5135] Support for HTTPS configuraion

Added:
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
  (with props)
Modified:
    cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
    cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java
    cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java
    cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java
    cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
    cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
    cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
    cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml

Modified: cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
URL: http://svn.apache.org/viewvc/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
(original)
+++ cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
Tue Aug 27 16:44:02 2013
@@ -20,6 +20,7 @@ package org.apache.cxf.configuration.jss
 
 import java.util.List;
 
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLSocketFactory;
 
 /**
@@ -33,7 +34,23 @@ public class TLSClientParameters extends
     private int sslCacheTimeout = 86400;
     private boolean useHttpsURLConnectionDefaultSslSocketFactory;
     private boolean useHttpsURLConnectionDefaultHostnameVerifier;
-
+    private HostnameVerifier hostnameVerifier;
+    
+    /**
+     * Set custom HostnameVerifier
+     * @param verifier hostname verifier
+     */
+    public void setHostnameVerifier(HostnameVerifier verifier) {
+        hostnameVerifier = verifier;    
+    }
+    
+    /**
+     * Get custom HostnameVerifier
+     * @return hostname verifier
+     */
+    public HostnameVerifier getHostnameVerifier() {
+        return hostnameVerifier; 
+    }
     /**
      * Set whether or not JSEE should omit checking if the host name
      * specified in the URL matches that of the Common Name

Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java
(original)
+++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java
Tue Aug 27 16:44:02 2013
@@ -22,7 +22,10 @@ import java.security.KeyStore;
 import java.util.Map;
 
 import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.ws.rs.ProcessingException;
 import javax.ws.rs.RuntimeType;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.ClientBuilder;
@@ -95,25 +98,44 @@ public class ClientBuilderImpl extends C
 
     @Override
     public ClientBuilder hostnameVerifier(HostnameVerifier verifier) {
-        secConfig.setVerifier(verifier);
+        secConfig.getTlsClientParams().setHostnameVerifier(verifier);
         return this;
     }
 
     @Override
     public ClientBuilder sslContext(SSLContext sslContext) {
+        secConfig.getTlsClientParams().setKeyManagers(null);
+        secConfig.getTlsClientParams().setTrustManagers(null);
         secConfig.setSslContext(sslContext);
         return this;
     }
 
     @Override
     public ClientBuilder keyStore(KeyStore store, char[] password) {
-        // TODO Auto-generated method stub
+        secConfig.setSslContext(null);
+        try {
+            KeyManagerFactory tmf = 
+                KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+            tmf.init(store, password);
+            secConfig.getTlsClientParams().setKeyManagers(tmf.getKeyManagers());
+        } catch (Exception ex) {
+            throw new ProcessingException(ex);
+        }
         return this;
     }
     
     @Override
     public ClientBuilder trustStore(KeyStore store) {
-        secConfig.setTrustStore(store);
+        secConfig.setSslContext(null);
+        try {
+            TrustManagerFactory tmf = 
+                TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+            tmf.init(store);
+            secConfig.getTlsClientParams().setTrustManagers(tmf.getTrustManagers());
+        } catch (Exception ex) {
+            throw new ProcessingException(ex);
+        }
+        
         return this;
     }
 

Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java
(original)
+++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java
Tue Aug 27 16:44:02 2013
@@ -27,6 +27,7 @@ import java.util.Set;
 
 import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
+import javax.ws.rs.ProcessingException;
 import javax.ws.rs.client.Client;
 import javax.ws.rs.client.Invocation.Builder;
 import javax.ws.rs.client.WebTarget;
@@ -37,10 +38,12 @@ import javax.ws.rs.core.MediaType;
 import javax.ws.rs.core.UriBuilder;
 import javax.ws.rs.core.UriBuilderException;
 
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.jaxrs.client.ClientProviderFactory;
 import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.model.FilterProviderInfo;
+import org.apache.cxf.transport.https.SSLUtils;
 
 public class ClientImpl implements Client {
     private Configurable<Client> configImpl;
@@ -97,13 +100,23 @@ public class ClientImpl implements Clien
     @Override
     public HostnameVerifier getHostnameVerifier() {
         checkClosed();
-        return secConfig.getVerifier();
+        return secConfig.getTlsClientParams().getHostnameVerifier();
     }
 
     @Override
     public SSLContext getSslContext() {
         checkClosed();
-        return secConfig.getSslContext();
+        if (secConfig.getSslContext() != null) {
+            return secConfig.getSslContext();
+        } else if (secConfig.getTlsClientParams().getTrustManagers() != null) {
+            try {
+                return SSLUtils.getSSLContext(secConfig.getTlsClientParams());
+            } catch (Exception ex) {
+                throw new ProcessingException(ex);
+            }
+        } else {
+            return null;
+        }
     }
     
     private void checkClosed() {
@@ -205,6 +218,13 @@ public class ClientImpl implements Clien
             pf.setDynamicConfiguration(getConfiguration());
             WebClient.getConfig(targetClient).getRequestContext().putAll(getConfiguration().getProperties());
             
+            // TLS
+            TLSClientParameters tlsParams = secConfig.getTlsClientParams();
+            if (tlsParams.getSSLSocketFactory() != null 
+                || tlsParams.getTrustManagers() != null) {
+                WebClient.getConfig(targetClient).getHttpConduit().setTlsClientParameters(tlsParams);
+            }
+            
             // start building the invocation
             return new InvocationBuilderImpl(WebClient.fromClient(targetClient));
         }

Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java
(original)
+++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java
Tue Aug 27 16:44:02 2013
@@ -18,32 +18,31 @@
  */
 package org.apache.cxf.jaxrs.client.spec;
 
-import java.security.KeyStore;
-
-import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+
 
 public class TLSConfiguration {
     private SSLContext sslContext;
-    private HostnameVerifier verifier;
-    private KeyStore trustStore;
+    private TLSClientParameters tlsClientParams = new TLSClientParameters();
+    
     public SSLContext getSslContext() {
         return sslContext;
     }
     public void setSslContext(SSLContext sslContext) {
         this.sslContext = sslContext;
+        if (sslContext == null) {
+            tlsClientParams.setSSLSocketFactory(null);
+        } else {
+            tlsClientParams.setSSLSocketFactory(sslContext.getSocketFactory());
+        }
     }
-    public HostnameVerifier getVerifier() {
-        return verifier;
-    }
-    public void setVerifier(HostnameVerifier verifier) {
-        this.verifier = verifier;
-    }
-    public KeyStore getTrustStore() {
-        return trustStore;
+    public TLSClientParameters getTlsClientParams() {
+        return tlsClientParams;
     }
-    public void setTrustStore(KeyStore trustStore) {
-        this.trustStore = trustStore;
+    public void setTlsClientParams(TLSClientParameters tlsClientParams) {
+        this.tlsClientParams = tlsClientParams;
     }
+    
 }

Modified: cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
(original)
+++ cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
Tue Aug 27 16:44:02 2013
@@ -41,7 +41,6 @@ import java.util.Map;
 import java.util.concurrent.Future;
 
 import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
@@ -65,7 +64,6 @@ import org.apache.cxf.transport.http.Hea
 import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
 import org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduitFactory.UseAsyncPolicy;
 import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
-import org.apache.cxf.transport.https.CertificateHostnameVerifier;
 import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
 import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
 import org.apache.cxf.version.Version;
@@ -620,14 +618,8 @@ public class AsyncHTTPConduit extends UR
                     throw new IOException("No SSLSession detected");
                 }
             }
-            HostnameVerifier verifier;
-            if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
-                verifier = HttpsURLConnection.getDefaultHostnameVerifier();
-            } else if (tlsClientParameters.isDisableCNCheck()) {
-                verifier = CertificateHostnameVerifier.ALLOW_ALL;
-            } else {
-                verifier = CertificateHostnameVerifier.DEFAULT;
-            }
+            HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils
+                .getHostnameVerifier(tlsClientParameters);
             if (!verifier.verify(url.getHost(), session)) {
                 throw new IOException("Could not verify host " + url.getHost());
             }

Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
(original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
Tue Aug 27 16:44:02 2013
@@ -19,6 +19,7 @@
 
 package org.apache.cxf.transport.http.netty.client;
 
+
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@@ -36,7 +37,6 @@ import java.util.Map;
 import java.util.Set;
 
 import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.SSLSession;
 
 import org.apache.cxf.Bus;
@@ -49,7 +49,6 @@ import org.apache.cxf.message.MessageUti
 import org.apache.cxf.service.model.EndpointInfo;
 import org.apache.cxf.transport.http.Headers;
 import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
-import org.apache.cxf.transport.https.CertificateHostnameVerifier;
 import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
 import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
 import org.apache.cxf.version.Version;
@@ -70,6 +69,7 @@ import io.netty.handler.codec.http.HttpC
 import io.netty.handler.codec.http.HttpResponse;
 import io.netty.handler.ssl.SslHandler;
 
+
 public class NettyHttpConduit extends URLConnectionHTTPConduit implements BusLifeCycleListener
{
     public static final String USE_ASYNC = "use.async.http.conduit";
     final NettyHttpConduitFactory factory;
@@ -328,14 +328,8 @@ public class NettyHttpConduit extends UR
             }
             connect(true);
            
-            HostnameVerifier verifier;
-            if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
-                verifier = HttpsURLConnection.getDefaultHostnameVerifier();
-            } else if (tlsClientParameters.isDisableCNCheck()) {
-                verifier = CertificateHostnameVerifier.ALLOW_ALL;
-            } else {
-                verifier = CertificateHostnameVerifier.DEFAULT;
-            }
+            HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils
+                .getHostnameVerifier(tlsClientParameters);
             
             if (!verifier.verify(url.getHost(), session)) {
                 throw new IOException("Could not verify host " + url.getHost());

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Tue Aug 27 16:44:02 2013
@@ -179,14 +179,8 @@ public class HttpsURLConnectionFactory {
         }
         
         
-        HostnameVerifier verifier;
-        if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
-            verifier = HttpsURLConnection.getDefaultHostnameVerifier();
-        } else if (tlsClientParameters.isDisableCNCheck()) {
-            verifier = CertificateHostnameVerifier.ALLOW_ALL;
-        } else {
-            verifier = CertificateHostnameVerifier.DEFAULT;
-        }
+        HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils
+            .getHostnameVerifier(tlsClientParameters);
         
         if (connection instanceof HttpsURLConnection) {
             // handle the expected case (javax.net.ssl)

Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
(original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
Tue Aug 27 16:44:02 2013
@@ -20,6 +20,8 @@ package org.apache.cxf.transport.https;
 
 import java.security.GeneralSecurityException;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
 import javax.net.ssl.KeyManager;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
@@ -34,6 +36,21 @@ public final class SSLUtils {
         //Helper class
     }
     
+    public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters)
{
+        HostnameVerifier verifier;
+        
+        if (tlsClientParameters.getHostnameVerifier() != null) {
+            verifier = tlsClientParameters.getHostnameVerifier();
+        } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier())
{
+            verifier = HttpsURLConnection.getDefaultHostnameVerifier();
+        } else if (tlsClientParameters.isDisableCNCheck()) {
+            verifier = CertificateHostnameVerifier.ALLOW_ALL;
+        } else {
+            verifier = CertificateHostnameVerifier.DEFAULT;
+        }
+        return verifier;
+    }
+    
     public static SSLContext getSSLContext(TLSParameterBase parameters) throws Exception
{
         // TODO do we need to cache the context
         String provider = parameters.getJsseProvider();

Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java?rev=1517872&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
(added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
Tue Aug 27 16:44:02 2013
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.WebTarget;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.systest.jaxrs.Book;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.transport.https.CertificateHostnameVerifier;
+import org.apache.cxf.transport.https.SSLUtils;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRS20HttpsBookTest extends AbstractBusClientServerTestBase {
+    public static final String PORT = BookHttpsServer.PORT;
+    
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue("server did not launch correctly",
+                   launchServer(BookHttpsServer.class, true));
+    }
+
+    @Test
+    public void testGetBook() throws Exception {
+        
+        ClientBuilder builder = ClientBuilder.newBuilder();
+        
+        KeyStore trustStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks",
+                                       "password");
+        
+        builder.trustStore(trustStore);
+        builder.hostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
+        
+        KeyStore keyStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks",
+            "password");
+        builder.keyStore(keyStore, "password");
+        
+        Client client = builder.build();
+        
+        WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123");
+        Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class);
+        assertEquals(123, b.getId());
+    }
+    
+    @Test
+    public void testGetBookSslContext() throws Exception {
+        
+        ClientBuilder builder = ClientBuilder.newBuilder();
+        
+        SSLContext sslContext = createSSLContext();
+        builder.sslContext(sslContext);
+        
+        builder.hostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
+        
+        
+        Client client = builder.build();
+        
+        WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123");
+        Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class);
+        assertEquals(123, b.getId());
+    }
+    
+    private KeyStore loadStore(String trustStoreFile, String password) throws Exception {
+        KeyStore store = KeyStore.getInstance("JKS");
+        store.load(new FileInputStream(trustStoreFile), password.toCharArray());
+        return store;
+    }
+    
+    private SSLContext createSSLContext() throws Exception {
+        TLSClientParameters tlsParams = new TLSClientParameters();
+        
+        KeyStore trustStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks",
+            "password");
+        
+        TrustManagerFactory tmf = 
+            TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+        tmf.init(trustStore);
+        tlsParams.setTrustManagers(tmf.getTrustManagers());
+        
+        KeyStore keyStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks",
+            "password");
+        
+        KeyManagerFactory kmf = 
+            KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        kmf.init(keyStore, "password".toCharArray());
+        tlsParams.setKeyManagers(kmf.getKeyManagers());
+        
+        return SSLUtils.getSSLContext(tlsParams);
+    }
+}

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
------------------------------------------------------------------------------
    svn:keywords = Rev Date

Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml
(original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml
Tue Aug 27 16:44:02 2013
@@ -43,6 +43,15 @@ under the License.
 	          	<sec:keyStore type="JKS" password="password"
 	               file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
 	     		</sec:trustManagers>
+	     		<sec:cipherSuitesFilter>
+                    <sec:include>.*_EXPORT_.*</sec:include>
+                    <sec:include>.*_EXPORT1024_.*</sec:include>
+                    <sec:include>.*_WITH_DES_.*</sec:include>
+                    <sec:include>.*_WITH_AES_.*</sec:include>
+                    <sec:include>.*_WITH_NULL_.*</sec:include>
+                    <sec:exclude>.*_DH_anon_.*</sec:exclude>
+                </sec:cipherSuitesFilter>
+	     		<sec:clientAuthentication want="true" required="true" />
             </httpj:tlsServerParameters>
         </httpj:engine>
     </httpj:engine-factory>



Mime
View raw message