Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id F2BB3107C0 for ; Tue, 27 Aug 2013 16:44:31 +0000 (UTC) Received: (qmail 84457 invoked by uid 500); 27 Aug 2013 16:44:31 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 84216 invoked by uid 500); 27 Aug 2013 16:44:27 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 84204 invoked by uid 99); 27 Aug 2013 16:44:26 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Aug 2013 16:44:26 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Aug 2013 16:44:23 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 7C3682388906; Tue, 27 Aug 2013 16:44:03 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1517872 - in /cxf/trunk: core/src/main/java/org/apache/cxf/configuration/jsse/ rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/ rt/transports/http-n... Date: Tue, 27 Aug 2013 16:44:03 -0000 To: commits@cxf.apache.org From: sergeyb@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20130827164403.7C3682388906@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: sergeyb Date: Tue Aug 27 16:44:02 2013 New Revision: 1517872 URL: http://svn.apache.org/r1517872 Log: [CXF-5135] Support for HTTPS configuraion Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java (with props) Modified: cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml Modified: cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java URL: http://svn.apache.org/viewvc/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java (original) +++ cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java Tue Aug 27 16:44:02 2013 @@ -20,6 +20,7 @@ package org.apache.cxf.configuration.jss import java.util.List; +import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLSocketFactory; /** @@ -33,7 +34,23 @@ public class TLSClientParameters extends private int sslCacheTimeout = 86400; private boolean useHttpsURLConnectionDefaultSslSocketFactory; private boolean useHttpsURLConnectionDefaultHostnameVerifier; - + private HostnameVerifier hostnameVerifier; + + /** + * Set custom HostnameVerifier + * @param verifier hostname verifier + */ + public void setHostnameVerifier(HostnameVerifier verifier) { + hostnameVerifier = verifier; + } + + /** + * Get custom HostnameVerifier + * @return hostname verifier + */ + public HostnameVerifier getHostnameVerifier() { + return hostnameVerifier; + } /** * Set whether or not JSEE should omit checking if the host name * specified in the URL matches that of the Common Name Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java (original) +++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java Tue Aug 27 16:44:02 2013 @@ -22,7 +22,10 @@ import java.security.KeyStore; import java.util.Map; import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; +import javax.ws.rs.ProcessingException; import javax.ws.rs.RuntimeType; import javax.ws.rs.client.Client; import javax.ws.rs.client.ClientBuilder; @@ -95,25 +98,44 @@ public class ClientBuilderImpl extends C @Override public ClientBuilder hostnameVerifier(HostnameVerifier verifier) { - secConfig.setVerifier(verifier); + secConfig.getTlsClientParams().setHostnameVerifier(verifier); return this; } @Override public ClientBuilder sslContext(SSLContext sslContext) { + secConfig.getTlsClientParams().setKeyManagers(null); + secConfig.getTlsClientParams().setTrustManagers(null); secConfig.setSslContext(sslContext); return this; } @Override public ClientBuilder keyStore(KeyStore store, char[] password) { - // TODO Auto-generated method stub + secConfig.setSslContext(null); + try { + KeyManagerFactory tmf = + KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + tmf.init(store, password); + secConfig.getTlsClientParams().setKeyManagers(tmf.getKeyManagers()); + } catch (Exception ex) { + throw new ProcessingException(ex); + } return this; } @Override public ClientBuilder trustStore(KeyStore store) { - secConfig.setTrustStore(store); + secConfig.setSslContext(null); + try { + TrustManagerFactory tmf = + TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(store); + secConfig.getTlsClientParams().setTrustManagers(tmf.getTrustManagers()); + } catch (Exception ex) { + throw new ProcessingException(ex); + } + return this; } Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java (original) +++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java Tue Aug 27 16:44:02 2013 @@ -27,6 +27,7 @@ import java.util.Set; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import javax.ws.rs.ProcessingException; import javax.ws.rs.client.Client; import javax.ws.rs.client.Invocation.Builder; import javax.ws.rs.client.WebTarget; @@ -37,10 +38,12 @@ import javax.ws.rs.core.MediaType; import javax.ws.rs.core.UriBuilder; import javax.ws.rs.core.UriBuilderException; +import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.jaxrs.client.ClientProviderFactory; import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean; import org.apache.cxf.jaxrs.client.WebClient; import org.apache.cxf.jaxrs.model.FilterProviderInfo; +import org.apache.cxf.transport.https.SSLUtils; public class ClientImpl implements Client { private Configurable configImpl; @@ -97,13 +100,23 @@ public class ClientImpl implements Clien @Override public HostnameVerifier getHostnameVerifier() { checkClosed(); - return secConfig.getVerifier(); + return secConfig.getTlsClientParams().getHostnameVerifier(); } @Override public SSLContext getSslContext() { checkClosed(); - return secConfig.getSslContext(); + if (secConfig.getSslContext() != null) { + return secConfig.getSslContext(); + } else if (secConfig.getTlsClientParams().getTrustManagers() != null) { + try { + return SSLUtils.getSSLContext(secConfig.getTlsClientParams()); + } catch (Exception ex) { + throw new ProcessingException(ex); + } + } else { + return null; + } } private void checkClosed() { @@ -205,6 +218,13 @@ public class ClientImpl implements Clien pf.setDynamicConfiguration(getConfiguration()); WebClient.getConfig(targetClient).getRequestContext().putAll(getConfiguration().getProperties()); + // TLS + TLSClientParameters tlsParams = secConfig.getTlsClientParams(); + if (tlsParams.getSSLSocketFactory() != null + || tlsParams.getTrustManagers() != null) { + WebClient.getConfig(targetClient).getHttpConduit().setTlsClientParameters(tlsParams); + } + // start building the invocation return new InvocationBuilderImpl(WebClient.fromClient(targetClient)); } Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java (original) +++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java Tue Aug 27 16:44:02 2013 @@ -18,32 +18,31 @@ */ package org.apache.cxf.jaxrs.client.spec; -import java.security.KeyStore; - -import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLContext; +import org.apache.cxf.configuration.jsse.TLSClientParameters; + public class TLSConfiguration { private SSLContext sslContext; - private HostnameVerifier verifier; - private KeyStore trustStore; + private TLSClientParameters tlsClientParams = new TLSClientParameters(); + public SSLContext getSslContext() { return sslContext; } public void setSslContext(SSLContext sslContext) { this.sslContext = sslContext; + if (sslContext == null) { + tlsClientParams.setSSLSocketFactory(null); + } else { + tlsClientParams.setSSLSocketFactory(sslContext.getSocketFactory()); + } } - public HostnameVerifier getVerifier() { - return verifier; - } - public void setVerifier(HostnameVerifier verifier) { - this.verifier = verifier; - } - public KeyStore getTrustStore() { - return trustStore; + public TLSClientParameters getTlsClientParams() { + return tlsClientParams; } - public void setTrustStore(KeyStore trustStore) { - this.trustStore = trustStore; + public void setTlsClientParams(TLSClientParameters tlsClientParams) { + this.tlsClientParams = tlsClientParams; } + } Modified: cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java (original) +++ cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java Tue Aug 27 16:44:02 2013 @@ -41,7 +41,6 @@ import java.util.Map; import java.util.concurrent.Future; import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; @@ -65,7 +64,6 @@ import org.apache.cxf.transport.http.Hea import org.apache.cxf.transport.http.URLConnectionHTTPConduit; import org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduitFactory.UseAsyncPolicy; import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager; -import org.apache.cxf.transport.https.CertificateHostnameVerifier; import org.apache.cxf.transport.https.HttpsURLConnectionInfo; import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; import org.apache.cxf.version.Version; @@ -620,14 +618,8 @@ public class AsyncHTTPConduit extends UR throw new IOException("No SSLSession detected"); } } - HostnameVerifier verifier; - if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { - verifier = HttpsURLConnection.getDefaultHostnameVerifier(); - } else if (tlsClientParameters.isDisableCNCheck()) { - verifier = CertificateHostnameVerifier.ALLOW_ALL; - } else { - verifier = CertificateHostnameVerifier.DEFAULT; - } + HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils + .getHostnameVerifier(tlsClientParameters); if (!verifier.verify(url.getHost(), session)) { throw new IOException("Could not verify host " + url.getHost()); } Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java (original) +++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java Tue Aug 27 16:44:02 2013 @@ -19,6 +19,7 @@ package org.apache.cxf.transport.http.netty.client; + import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -36,7 +37,6 @@ import java.util.Map; import java.util.Set; import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLSession; import org.apache.cxf.Bus; @@ -49,7 +49,6 @@ import org.apache.cxf.message.MessageUti import org.apache.cxf.service.model.EndpointInfo; import org.apache.cxf.transport.http.Headers; import org.apache.cxf.transport.http.URLConnectionHTTPConduit; -import org.apache.cxf.transport.https.CertificateHostnameVerifier; import org.apache.cxf.transport.https.HttpsURLConnectionInfo; import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; import org.apache.cxf.version.Version; @@ -70,6 +69,7 @@ import io.netty.handler.codec.http.HttpC import io.netty.handler.codec.http.HttpResponse; import io.netty.handler.ssl.SslHandler; + public class NettyHttpConduit extends URLConnectionHTTPConduit implements BusLifeCycleListener { public static final String USE_ASYNC = "use.async.http.conduit"; final NettyHttpConduitFactory factory; @@ -328,14 +328,8 @@ public class NettyHttpConduit extends UR } connect(true); - HostnameVerifier verifier; - if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { - verifier = HttpsURLConnection.getDefaultHostnameVerifier(); - } else if (tlsClientParameters.isDisableCNCheck()) { - verifier = CertificateHostnameVerifier.ALLOW_ALL; - } else { - verifier = CertificateHostnameVerifier.DEFAULT; - } + HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils + .getHostnameVerifier(tlsClientParameters); if (!verifier.verify(url.getHost(), session)) { throw new IOException("Could not verify host " + url.getHost()); Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original) +++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Tue Aug 27 16:44:02 2013 @@ -179,14 +179,8 @@ public class HttpsURLConnectionFactory { } - HostnameVerifier verifier; - if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { - verifier = HttpsURLConnection.getDefaultHostnameVerifier(); - } else if (tlsClientParameters.isDisableCNCheck()) { - verifier = CertificateHostnameVerifier.ALLOW_ALL; - } else { - verifier = CertificateHostnameVerifier.DEFAULT; - } + HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils + .getHostnameVerifier(tlsClientParameters); if (connection instanceof HttpsURLConnection) { // handle the expected case (javax.net.ssl) Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original) +++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Tue Aug 27 16:44:02 2013 @@ -20,6 +20,8 @@ package org.apache.cxf.transport.https; import java.security.GeneralSecurityException; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; @@ -34,6 +36,21 @@ public final class SSLUtils { //Helper class } + public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters) { + HostnameVerifier verifier; + + if (tlsClientParameters.getHostnameVerifier() != null) { + verifier = tlsClientParameters.getHostnameVerifier(); + } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { + verifier = HttpsURLConnection.getDefaultHostnameVerifier(); + } else if (tlsClientParameters.isDisableCNCheck()) { + verifier = CertificateHostnameVerifier.ALLOW_ALL; + } else { + verifier = CertificateHostnameVerifier.DEFAULT; + } + return verifier; + } + public static SSLContext getSSLContext(TLSParameterBase parameters) throws Exception { // TODO do we need to cache the context String provider = parameters.getJsseProvider(); Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java?rev=1517872&view=auto ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java (added) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java Tue Aug 27 16:44:02 2013 @@ -0,0 +1,118 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.jaxrs.security; + +import java.io.FileInputStream; +import java.security.KeyStore; + +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManagerFactory; +import javax.ws.rs.client.Client; +import javax.ws.rs.client.ClientBuilder; +import javax.ws.rs.client.WebTarget; +import javax.ws.rs.core.MediaType; + +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.systest.jaxrs.Book; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.transport.https.CertificateHostnameVerifier; +import org.apache.cxf.transport.https.SSLUtils; + +import org.junit.BeforeClass; +import org.junit.Test; + +public class JAXRS20HttpsBookTest extends AbstractBusClientServerTestBase { + public static final String PORT = BookHttpsServer.PORT; + + @BeforeClass + public static void startServers() throws Exception { + assertTrue("server did not launch correctly", + launchServer(BookHttpsServer.class, true)); + } + + @Test + public void testGetBook() throws Exception { + + ClientBuilder builder = ClientBuilder.newBuilder(); + + KeyStore trustStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks", + "password"); + + builder.trustStore(trustStore); + builder.hostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL); + + KeyStore keyStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks", + "password"); + builder.keyStore(keyStore, "password"); + + Client client = builder.build(); + + WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123"); + Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class); + assertEquals(123, b.getId()); + } + + @Test + public void testGetBookSslContext() throws Exception { + + ClientBuilder builder = ClientBuilder.newBuilder(); + + SSLContext sslContext = createSSLContext(); + builder.sslContext(sslContext); + + builder.hostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL); + + + Client client = builder.build(); + + WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123"); + Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class); + assertEquals(123, b.getId()); + } + + private KeyStore loadStore(String trustStoreFile, String password) throws Exception { + KeyStore store = KeyStore.getInstance("JKS"); + store.load(new FileInputStream(trustStoreFile), password.toCharArray()); + return store; + } + + private SSLContext createSSLContext() throws Exception { + TLSClientParameters tlsParams = new TLSClientParameters(); + + KeyStore trustStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks", + "password"); + + TrustManagerFactory tmf = + TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(trustStore); + tlsParams.setTrustManagers(tmf.getTrustManagers()); + + KeyStore keyStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks", + "password"); + + KeyManagerFactory kmf = + KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(keyStore, "password".toCharArray()); + tlsParams.setKeyManagers(kmf.getKeyManagers()); + + return SSLUtils.getSSLContext(tlsParams); + } +} Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java ------------------------------------------------------------------------------ svn:eol-style = native Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java ------------------------------------------------------------------------------ svn:keywords = Rev Date Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml?rev=1517872&r1=1517871&r2=1517872&view=diff ============================================================================== --- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml (original) +++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml Tue Aug 27 16:44:02 2013 @@ -43,6 +43,15 @@ under the License. + + .*_EXPORT_.* + .*_EXPORT1024_.* + .*_WITH_DES_.* + .*_WITH_AES_.* + .*_WITH_NULL_.* + .*_DH_anon_.* + +