cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject git commit: Backported [CXF-5652]
Date Wed, 23 Jul 2014 12:03:12 GMT
Repository: cxf
Updated Branches:
  refs/heads/2.7.x-fixes 4d7fc38d6 -> 10199c1e3


Backported [CXF-5652]


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/10199c1e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/10199c1e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/10199c1e

Branch: refs/heads/2.7.x-fixes
Commit: 10199c1e35b9e286ce63631a0aeff63a8bc6abf2
Parents: 4d7fc38
Author: Andrei Shakirin <andrei.shakirin@gmail.com>
Authored: Wed Jul 23 14:02:59 2014 +0200
Committer: Andrei Shakirin <andrei.shakirin@gmail.com>
Committed: Wed Jul 23 14:02:59 2014 +0200

----------------------------------------------------------------------
 .../apache/cxf/configuration/jsse/SSLUtils.java | 126 +++++++++++++------
 .../https/HttpsURLConnectionFactory.java        |   3 +
 2 files changed, 90 insertions(+), 39 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/10199c1e/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
----------------------------------------------------------------------
diff --git a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index aaa58f3..2918cec 100644
--- a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -61,6 +61,8 @@ public final class SSLUtils {
     private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
     private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
     private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
+
+    private static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
     
     private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
     private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
@@ -144,6 +146,35 @@ public final class SSLUtils {
         return keystoreManagers;
     }
 
+    public static KeyManager[] getDefaultKeyStoreManagers(Logger log) {
+        String location = getKeystore(null, log);
+        String keyStorePassword = getKeystorePassword(null, log);
+        String keyPassword = getKeyPassword(null, log);
+        FileInputStream fis = null;
+        
+        try {
+            KeyManagerFactory kmf = 
+                KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 

+            KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+            
+            fis = new FileInputStream(location);
+            ks.load(fis, (keyStorePassword != null) ? keyStorePassword.toCharArray() : null);
+            kmf.init(ks, (keyPassword != null) ? keyPassword.toCharArray() : null);
+            return kmf.getKeyManagers();
+        } catch (Exception e) {
+            log.warning("Default key managers cannot be initialized: " + e.getMessage());
+            return null;
+        } finally {
+            if (fis != null) {
+                try {
+                    fis.close();
+                } catch (IOException e) {
+                    log.warning("Keystore stream cannot be closed: " + e.getMessage());
+                }
+            }
+        }
+    }
+    
     public static KeyManager[] loadKeyStore(KeyManagerFactory kmf,
                                                KeyStore ks,
                                                ByteArrayInputStream bin,
@@ -402,53 +433,70 @@ public final class SSLUtils {
         String[] cipherSuites = null;
         if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
             cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-        } else {
-            LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET");
-            if (filters == null) {
-                LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");           
    
+            return cipherSuites;
+        }
+        if (!exclude) {
+            cipherSuites = getSystemCiphersuites(log);
+            if (cipherSuites != null) {
+                return cipherSuites;
             }
-            List<String> filteredCipherSuites = new ArrayList<String>();
-            List<String> excludedCipherSuites = new ArrayList<String>();
-            List<Pattern> includes =
-                filters != null
+        }
+        LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET");
+        if (filters == null) {
+            LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");
+        }
+        List<String> filteredCipherSuites = new ArrayList<String>();
+        List<String> excludedCipherSuites = new ArrayList<String>();
+        List<Pattern> includes =
+            filters != null
                 ? compileRegexPatterns(filters.getInclude(), true, log)
                 : compileRegexPatterns(DEFAULT_CIPHERSUITE_FILTERS_INCLUDE, true, log);
-            List<Pattern> excludes =
-                filters != null
+        List<Pattern> excludes =
+            filters != null
                 ? compileRegexPatterns(filters.getExclude(), false, log)
                 : compileRegexPatterns(DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE, true, log);
-            for (int i = 0; i < supportedCipherSuites.length; i++) {
-                if (matchesOneOf(supportedCipherSuites[i], includes)
-                    && !matchesOneOf(supportedCipherSuites[i], excludes)) {
-                    LogUtils.log(log,
-                                 Level.FINE,
-                                 "CIPHERSUITE_INCLUDED",
-                                 supportedCipherSuites[i]);
-                    filteredCipherSuites.add(supportedCipherSuites[i]);
-                } else {
-                    LogUtils.log(log,
-                                 Level.FINE,
-                                 "CIPHERSUITE_EXCLUDED",
-                                 supportedCipherSuites[i]);
-                    excludedCipherSuites.add(supportedCipherSuites[i]);
-                }
-            }
-            LogUtils.log(log,
-                         Level.FINE,
-                         "CIPHERSUITES_FILTERED",
-                         filteredCipherSuites);
-            LogUtils.log(log,
-                         Level.FINE,
-                         "CIPHERSUITES_EXCLUDED",
-                         excludedCipherSuites);
-            if (exclude) {
-                cipherSuites = getCiphersFromList(excludedCipherSuites, log, exclude);
+        for (int i = 0; i < supportedCipherSuites.length; i++) {
+            if (matchesOneOf(supportedCipherSuites[i], includes)
+                && !matchesOneOf(supportedCipherSuites[i], excludes)) {
+                LogUtils.log(log,
+                             Level.FINE,
+                             "CIPHERSUITE_INCLUDED",
+                             supportedCipherSuites[i]);
+                filteredCipherSuites.add(supportedCipherSuites[i]);
             } else {
-                cipherSuites = getCiphersFromList(filteredCipherSuites, log, exclude);
+                LogUtils.log(log,
+                             Level.FINE,
+                             "CIPHERSUITE_EXCLUDED",
+                             supportedCipherSuites[i]);
+                excludedCipherSuites.add(supportedCipherSuites[i]);
             }
-        } 
+        }
+        LogUtils.log(log,
+                     Level.FINE,
+                     "CIPHERSUITES_FILTERED",
+                     filteredCipherSuites);
+        LogUtils.log(log,
+                     Level.FINE,
+                     "CIPHERSUITES_EXCLUDED",
+                     excludedCipherSuites);
+        if (exclude) {
+            cipherSuites = getCiphersFromList(excludedCipherSuites, log, exclude);
+        } else {
+            cipherSuites = getCiphersFromList(filteredCipherSuites, log, exclude);
+        }
         return cipherSuites;
-    }         
+    }
+
+    private static String[] getSystemCiphersuites(Logger log) {
+        String jvmCipherSuites = System.getProperty(HTTPS_CIPHER_SUITES);
+        if ((jvmCipherSuites != null) && (!jvmCipherSuites.isEmpty())) {
+            LogUtils.log(log, Level.FINE, "CIPHERSUITES_SYSTEM_PROPERTY_SET", jvmCipherSuites);
+            return jvmCipherSuites.split(",");
+        } else {
+            return null;
+        }
+        
+    }
     
     private static List<Pattern> compileRegexPatterns(List<String> regexes,
                                                       boolean include,

http://git-wip-us.apache.org/repos/asf/cxf/blob/10199c1e/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index d8b9001..ac8f90d 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -164,6 +164,9 @@ public class HttpsURLConnectionFactory {
             if (tlsClientParameters.getCertAlias() != null) {
                 getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
             }
+            if (keyManagers == null) {
+                keyManagers = SSLUtils.getDefaultKeyStoreManagers(LOG);
+            }
             ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
                      tlsClientParameters.getSecureRandom());
 


Mime
View raw message