cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject [1/3] git commit: Simplify the SSL config since we don't need to support Jetty 7.x.
Date Wed, 06 Aug 2014 15:28:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/master bf879ad99 -> 71488c6fa


Simplify the SSL config since we don't need to support Jetty 7.x.


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/71488c6f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/71488c6f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/71488c6f

Branch: refs/heads/master
Commit: 71488c6fa7635c88285214a0479379aafef9ed3c
Parents: 4f61ca8
Author: Daniel Kulp <dkulp@apache.org>
Authored: Wed Aug 6 11:17:19 2014 -0400
Committer: Daniel Kulp <dkulp@apache.org>
Committed: Wed Aug 6 11:28:21 2014 -0400

----------------------------------------------------------------------
 .../http_jetty/JettyHTTPServerEngine.java       |  60 +++---
 .../https_jetty/CXFJettySslSocketConnector.java | 181 -------------------
 .../https_jetty/JettySslConnectorFactory.java   |  97 ++++++++--
 .../JettyHTTPServerEngineFactoryTest.java       |   9 +-
 4 files changed, 119 insertions(+), 228 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/71488c6f/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index 03540a5..0494237 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -50,11 +50,9 @@ import org.eclipse.jetty.server.handler.ContextHandler;
 import org.eclipse.jetty.server.handler.ContextHandlerCollection;
 import org.eclipse.jetty.server.handler.DefaultHandler;
 import org.eclipse.jetty.server.handler.HandlerCollection;
-import org.eclipse.jetty.server.nio.SelectChannelConnector;
 import org.eclipse.jetty.server.session.HashSessionIdManager;
 import org.eclipse.jetty.server.session.HashSessionManager;
 import org.eclipse.jetty.server.session.SessionHandler;
-import org.eclipse.jetty.server.ssl.SslConnector;
 import org.eclipse.jetty.util.component.Container;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.util.thread.ThreadPool;
@@ -327,8 +325,6 @@ public class JettyHTTPServerEngine
             // create a new jetty server instance if there is no server there           

             server = new Server();
             
-            server.setSendServerVersion(getSendServerVersion());
-            
             if (mBeanContainer != null) {
                 getContainer(server).addEventListener(mBeanContainer);
             }
@@ -636,10 +632,18 @@ public class JettyHTTPServerEngine
         }
         return ret;
     }
+    
+    private boolean isSsl() {
+        if (connector == null) {
+            return false;
+        }
+        //return "https".equalsIgnoreCase(connector.getDefaultConnectionFactory().getProtocol());
+        return connector instanceof org.eclipse.jetty.server.ssl.SslConnector;
+    }
 
     protected void retrieveListenerFactory() {
         if (tlsServerParameters != null) {
-            if (null != connector && !(connector instanceof SslConnector)) {
+            if (connector != null && !isSsl()) {
                 LOG.warning("Connector " + connector + " for JettyServerEngine Port " 
                         + port + " does not support SSL connections.");
                 return;
@@ -649,7 +653,7 @@ public class JettyHTTPServerEngine
             protocol = "https";
             
         } else {
-            if (connector instanceof SslConnector) {
+            if (isSsl()) {
                 throw new RuntimeException("Connector " + connector + " for JettyServerEngine
Port " 
                       + port + " does not support non-SSL connections.");
             }
@@ -666,35 +670,30 @@ public class JettyHTTPServerEngine
     protected JettyConnectorFactory getHTTPConnectorFactory() {
         return new JettyConnectorFactory() {
             public AbstractConnector createConnector(JettyHTTPServerEngine engine, String
hosto, int porto) {
+                
+                
+                // now we just use the SelectChannelConnector as the default connector
+                org.eclipse.jetty.server.nio.SelectChannelConnector result = 
+                    new org.eclipse.jetty.server.nio.SelectChannelConnector();
+                engine.getServer().setSendServerVersion(getSendServerVersion());
+                if (engine.getMaxIdleTime() > 0) {
+                    result.setMaxIdleTime(engine.getMaxIdleTime());
+                }
+                
                 /*
                 HttpConfiguration httpConfig = new HttpConfiguration();
                 httpConfig.setSendServerVersion(getSendServerVersion());
                 HttpConnectionFactory httpFactory = new HttpConnectionFactory(httpConfig);
-                ServerConnector httpConnector = new ServerConnector(server, httpFactory);
-                httpConnector.setPort(porto);
-                httpConnector.setHost(hosto);
+                ServerConnector result = new ServerConnector(server, httpFactory);
                 if (engine.getMaxIdleTime() > 0) {
-                    httpConnector.setIdleTimeout(engine.getMaxIdleTime());
+                    result.setIdleTimeout(engine.getMaxIdleTime());
                 }
-                httpConnector.setReuseAddress(engine.isReuseAddress());
-                return httpConnector;
                 */
                 
-                // now we just use the SelectChannelConnector as the default connector
-                SelectChannelConnector result = 
-                    new SelectChannelConnector();
-                
-                // Regardless the port has to equal the one
-                // we are configured for.
-                assert porto == port;
-                assert hosto == null ? host == null : hosto.equals(host);
+                result.setPort(porto);
                 if (hosto != null) {
                     result.setHost(hosto);
                 }
-                result.setPort(porto);
-                if (engine.getMaxIdleTime() > 0) {
-                    result.setMaxIdleTime(engine.getMaxIdleTime());
-                }
                 result.setReuseAddress(engine.isReuseAddress());
                 return result;
             }
@@ -723,9 +722,16 @@ public class JettyHTTPServerEngine
     }
     
     private void checkConnectorPort() throws IOException {
-        if (null != connector && port != connector.getPort()) {
-            throw new IOException("Error: Connector port " + connector.getPort() + " does
not match"
-                        + " with the server engine port " + port);
+        try {
+            int cp = (Integer)connector.getClass().getMethod("getPort").invoke(connector);
+            if (null != connector && port != cp) {
+                throw new IOException("Error: Connector port " + cp + " does not match"
+                            + " with the server engine port " + port);
+            }
+        } catch (IOException ioe) {
+            throw ioe;
+        } catch (Throwable t) {
+            //ignore...
         }
     }
     

http://git-wip-us.apache.org/repos/asf/cxf/blob/71488c6f/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
deleted file mode 100644
index 42c5ddf..0000000
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
+++ /dev/null
@@ -1,181 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.transport.https_jetty;
-
-
-import java.security.SecureRandom;
-import java.util.List;
-import java.util.logging.Logger;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509KeyManager;
-
-import org.apache.cxf.common.logging.LogUtils;
-import org.apache.cxf.common.util.ReflectionInvokationHandler;
-import org.apache.cxf.configuration.jsse.SSLUtils;
-import org.apache.cxf.configuration.security.ClientAuthentication;
-import org.apache.cxf.configuration.security.FiltersType;
-import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
-import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
-
-/**
- * This class extends the Jetty SslSelectChannelConnector, which allows
- * us to configure it more in tune with the JSSE, using KeyManagers
- * and TrustManagers. 
- */
-public class CXFJettySslSocketConnector extends SslSelectChannelConnector {
-    private static final Logger LOG = LogUtils.getL7dLogger(CXFJettySslSocketConnector.class);
   
-    
-    protected KeyManager[]   keyManagers;
-    protected TrustManager[] trustManagers;
-    protected SecureRandom   secureRandom;
-    protected List<String>   cipherSuites;
-    protected FiltersType    cipherSuitesFilter;
-       
-    /**
-     * Set the cipherSuites
-     */
-    protected void setCipherSuites(List<String> cs) {
-        cipherSuites = cs;
-    }
-    
-    /**
-     * Set the CipherSuites Filter
-     */
-    protected void setCipherSuitesFilter(FiltersType filter) {
-        cipherSuitesFilter = filter;
-    }
-    
-    /**
-     * Set the KeyManagers.
-     */
-    protected void setKeyManagers(KeyManager[] kmgrs) {
-        keyManagers = kmgrs;
-    }
-    
-    /**
-     * Set the TrustManagers.
-     */
-    protected void setTrustManagers(TrustManager[] tmgrs) {
-        trustManagers = tmgrs;
-    }
-    
-    /**
-     * Set the SecureRandom Parameters
-     */
-    protected void setSecureRandom(SecureRandom random) {
-        secureRandom = random;
-    }
-    
-    
-    /**
-     * Set the ClientAuthentication (from the JAXB type) that
-     * configures an HTTP Destination.
-     */
-    protected void setClientAuthentication(ClientAuthentication clientAuth) {
-        getCxfSslContextFactory().setWantClientAuth(true);
-        if (clientAuth != null) {
-            if (clientAuth.isSetWant()) {
-                getCxfSslContextFactory().setWantClientAuth(clientAuth.isWant());
-            }
-            if (clientAuth.isSetRequired()) {
-                getCxfSslContextFactory().setNeedClientAuth(clientAuth.isRequired());
-            }
-        }
-    }
-    
-    protected void doStart() throws Exception {
-        // setup the create SSLContext on the SSLContextFactory
-        getCxfSslContextFactory().setSslContext(createSSLContext());
-        super.doStart();
-    }
-    
-    protected SSLContext createSSLContext() throws Exception  {
-        String proto = getCxfSslContextFactory().getProtocol() == null
-            ? "TLS"
-                : getCxfSslContextFactory().getProtocol();
- 
-        SSLContext context = getCxfSslContextFactory().getProvider() == null
-            ? SSLContext.getInstance(proto)
-                : SSLContext.getInstance(proto, getCxfSslContextFactory().getProvider());
-            
-        if (getCxfSslContextFactory().getCertAlias() != null) {
-            getKeyManagersWithCertAlias();
-        }
-        context.init(keyManagers, trustManagers, secureRandom);
-
-        String[] cs = 
-            SSLUtils.getCiphersuites(
-                    cipherSuites,
-                    SSLUtils.getServerSupportedCipherSuites(context),
-                    cipherSuitesFilter,
-                    LOG, true);
-        
-        getCxfSslContextFactory().setExcludeCipherSuites(cs);
-        
-        return context;
-    }
-    
-    protected void getKeyManagersWithCertAlias() throws Exception {
-        if (getCxfSslContextFactory().getCertAlias() != null) {
-            for (int idx = 0; idx < keyManagers.length; idx++) {
-                if (keyManagers[idx] instanceof X509KeyManager) {
-                    keyManagers[idx] = new AliasedX509ExtendedKeyManager(
-                        getCxfSslContextFactory().getCertAlias(), (X509KeyManager)keyManagers[idx]);
-                }
-            }
-        }
-    }
-    
-    public CxfSslContextFactory getCxfSslContextFactory() {
-        try {
-            Object o = getClass().getMethod("getSslContextFactory").invoke(this);
-            return ReflectionInvokationHandler.createProxyWrapper(o, CxfSslContextFactory.class);
-        } catch (Exception e) {
-            //ignore, the NPE is fine
-        }
-        
-        return null;
-    }
-    
-    interface CxfSslContextFactory {
-        void setExcludeCipherSuites(String ... cs);
-
-        String getProtocol();
-        
-        String getProvider();
-        
-        void setSslContext(SSLContext createSSLContext);
-
-        void setNeedClientAuth(boolean required);
-
-        void setWantClientAuth(boolean want);
-
-        void setProtocol(String secureSocketProtocol);
-
-        void setProvider(String jsseProvider);
-        
-        void setCertAlias(String certAlias);
-        
-        String getCertAlias();
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/71488c6f/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
index da1fbc5..e103d0d 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
@@ -19,16 +19,29 @@
 
 package org.apache.cxf.transport.https_jetty;
 
+import java.util.logging.Logger;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.X509KeyManager;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.SSLUtils;
 import org.apache.cxf.configuration.jsse.TLSServerParameters;
+import org.apache.cxf.configuration.security.ClientAuthentication;
 import org.apache.cxf.transport.http_jetty.JettyConnectorFactory;
 import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine;
+import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
 import org.eclipse.jetty.server.AbstractConnector;
+import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
+import org.eclipse.jetty.util.ssl.SslContextFactory;
 
 /**
  * This class wraps the JettyConnectorFactory and will create 
  * TLS enabled acceptors.
  */
 public final class JettySslConnectorFactory implements JettyConnectorFactory {
+    private static final Logger LOG = LogUtils.getL7dLogger(JettySslConnectorFactory.class);
   
     
     final TLSServerParameters tlsServerParameters;
     
@@ -45,8 +58,9 @@ public final class JettySslConnectorFactory implements JettyConnectorFactory
{
     public AbstractConnector createConnector(JettyHTTPServerEngine engine, String host, int
port) {
         assert tlsServerParameters != null;
         
-        CXFJettySslSocketConnector secureConnector = 
-            new CXFJettySslSocketConnector();
+        SslContextFactory sslcf = new CXFSslContextFactory();
+        SslSelectChannelConnector secureConnector = 
+            new SslSelectChannelConnector(sslcf);
         if (host != null) {
             secureConnector.setHost(host);
         }
@@ -55,27 +69,82 @@ public final class JettySslConnectorFactory implements JettyConnectorFactory
{
             secureConnector.setMaxIdleTime(engine.getMaxIdleTime());
         }
         secureConnector.setReuseAddress(engine.isReuseAddress());
-        decorateCXFJettySslSocketConnector(secureConnector);
+        decorateCXFJettySslSocketConnector(sslcf);
         return secureConnector;
     }
     
+    private class CXFSslContextFactory extends SslContextFactory {
+        public CXFSslContextFactory() {
+            super();
+        }
+        protected void doStart() throws Exception {
+            setSslContext(createSSLContext(this));
+            super.doStart();
+        }
+        public void checkKeyStore() {
+            //we'll handle this later
+        }
+    }
+    
+    protected SSLContext createSSLContext(SslContextFactory scf) throws Exception  {
+        String proto = tlsServerParameters.getSecureSocketProtocol() == null
+            ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
+ 
+        SSLContext context = tlsServerParameters.getJsseProvider() == null
+            ? SSLContext.getInstance(proto)
+                : SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider());
+            
+        KeyManager keyManagers[] = tlsServerParameters.getKeyManagers();
+        if (tlsServerParameters.getCertAlias() != null) {
+            keyManagers = getKeyManagersWithCertAlias(keyManagers);
+        }
+        context.init(tlsServerParameters.getKeyManagers(), 
+                     tlsServerParameters.getTrustManagers(),
+                     tlsServerParameters.getSecureRandom());
+
+        String[] cs = 
+            SSLUtils.getCiphersuites(
+                    tlsServerParameters.getCipherSuites(),
+                    SSLUtils.getServerSupportedCipherSuites(context),
+                    tlsServerParameters.getCipherSuitesFilter(),
+                    LOG, true);
+                
+        scf.setExcludeCipherSuites(cs);
+        return context;
+    }
+    protected KeyManager[] getKeyManagersWithCertAlias(KeyManager keyManagers[]) throws Exception
{
+        if (tlsServerParameters.getCertAlias() != null) {
+            for (int idx = 0; idx < keyManagers.length; idx++) {
+                if (keyManagers[idx] instanceof X509KeyManager) {
+                    keyManagers[idx] = new AliasedX509ExtendedKeyManager(
+                        tlsServerParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]);
+                }
+            }
+        }
+        return keyManagers;
+    }
+    protected void setClientAuthentication(SslContextFactory con,
+                                           ClientAuthentication clientAuth) {
+        con.setWantClientAuth(true);
+        if (clientAuth != null) {
+            if (clientAuth.isSetWant()) {
+                con.setWantClientAuth(clientAuth.isWant());
+            }
+            if (clientAuth.isSetRequired()) {
+                con.setNeedClientAuth(clientAuth.isRequired());
+            }
+        }
+    }    
     /**
      * This method sets the security properties for the CXF extension
      * of the JettySslConnector.
      */
     private void decorateCXFJettySslSocketConnector(
-            CXFJettySslSocketConnector con
+            SslContextFactory con
     ) {
-        con.setKeyManagers(tlsServerParameters.getKeyManagers());
-        con.setTrustManagers(tlsServerParameters.getTrustManagers());
-        con.setSecureRandom(tlsServerParameters.getSecureRandom());
-        con.setClientAuthentication(
-                tlsServerParameters.getClientAuthentication());
-        con.getCxfSslContextFactory().setProtocol(tlsServerParameters.getSecureSocketProtocol());
-        con.getCxfSslContextFactory().setProvider(tlsServerParameters.getJsseProvider());
-        con.setCipherSuites(tlsServerParameters.getCipherSuites());
-        con.setCipherSuitesFilter(tlsServerParameters.getCipherSuitesFilter());
-        con.getCxfSslContextFactory().setCertAlias(tlsServerParameters.getCertAlias());
+        setClientAuthentication(con,
+                                tlsServerParameters.getClientAuthentication());
+        con.setCertAlias(tlsServerParameters.getCertAlias());
     }
 
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/71488c6f/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactoryTest.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactoryTest.java
b/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactoryTest.java
index 07ffb84..e1d4a52 100644
--- a/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactoryTest.java
+++ b/rt/transports/http-jetty/src/test/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngineFactoryTest.java
@@ -95,7 +95,7 @@ public class JettyHTTPServerEngineFactoryTest
      * for TLS.
      */
     @Test
-    public void testMakeSureTransportFactoryHasEngineFactoryConfigured() {
+    public void testMakeSureTransportFactoryHasEngineFactoryConfigured() throws Exception
{
         
         // This file configures the factory to configure
         // port 1234 with default TLS.
@@ -112,11 +112,8 @@ public class JettyHTTPServerEngineFactoryTest
         // The Engine for port 1234 should be configured for TLS.
         // This will throw an error if it is not.
         JettyHTTPServerEngine engine = null;
-        try {
-            engine = factory.createJettyHTTPServerEngine(1234, "https");
-        } catch (Exception e) {
-            fail("Error getting factory" + e);
-        }
+        engine = factory.createJettyHTTPServerEngine(1234, "https");
+        
         assertNotNull("Engine is not available.", engine);
         assertEquals(1234, engine.getPort());
         assertEquals("Not https", "https", engine.getProtocol());


Mime
View raw message