cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] git commit: Fixing last commit
Date Wed, 05 Nov 2014 17:31:13 GMT
Fixing last commit


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/11725278
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/11725278
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/11725278

Branch: refs/heads/3.0.x-fixes
Commit: 11725278aa954eccb94cc3f59fde43acc3076cef
Parents: 72df21e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Nov 5 17:31:01 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Nov 5 17:31:01 2014 +0000

----------------------------------------------------------------------
 .../http_jetty/JettyHTTPServerEngine.java       | 243 +------------------
 .../osgi/HTTPJettyTransportActivator.java       |   2 +-
 .../https_jetty/CXFJettySslSocketConnector.java |  16 +-
 .../https_jetty/JettySslConnectorFactory.java   |   1 +
 4 files changed, 18 insertions(+), 244 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/11725278/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
index be55bff..47da1c0 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java
@@ -477,248 +477,6 @@ public class JettyHTTPServerEngine
         ++servantCount;
     }
     
-<<<<<<< HEAD
-=======
-    private void addServerMBean() {
-        if (mBeanContainer == null) {
-            return;
-        }        
-        
-        try {
-            Object o = getContainer(server);
-            o.getClass().getMethod("addEventListener", Container.Listener.class).invoke(o,
mBeanContainer);
-            if (Server.getVersion().startsWith("8")) {
-                return;
-            }
-            mBeanContainer.getClass().getMethod("beanAdded", Container.class, Object.class)
-                .invoke(mBeanContainer, null, server);
-        } catch (RuntimeException rex) {
-            throw rex;
-        } catch (Exception r) {
-            throw new RuntimeException(r);
-        }
-    }
-    private void removeServerMBean() {
-        try {
-            mBeanContainer.getClass().getMethod("beanRemoved", Container.class, Object.class)
-                .invoke(mBeanContainer, null, server);
-        } catch (RuntimeException rex) {
-            throw rex;
-        } catch (Exception r) {
-            throw new RuntimeException(r);
-        }
-    }
-
-    private Connector createConnector(String hosto, int porto) {
-        // now we just use the SelectChannelConnector as the default connector
-        SslContextFactory sslcf = null;
-        if (tlsServerParameters != null) { 
-            sslcf = new SslContextFactory() {
-                protected void doStart() throws Exception {
-                    setSslContext(createSSLContext(this));
-                    super.doStart();
-                }
-                public void checkKeyStore() {
-                    //we'll handle this later
-                }
-            };
-            decorateCXFJettySslSocketConnector(sslcf);
-        }
-        AbstractConnector result = null;
-        if (!Server.getVersion().startsWith("8")) {
-            result = createConnectorJetty9(sslcf, hosto, porto);
-        } else {
-            result = createConnectorJetty8(sslcf, hosto, porto);
-        }        
-        
-        try {
-            result.getClass().getMethod("setPort", Integer.TYPE).invoke(result, porto);
-            if (hosto != null) {
-                result.getClass().getMethod("setHost", String.class).invoke(result, hosto);
-            }
-            result.getClass().getMethod("setReuseAddress", Boolean.TYPE).invoke(result, isReuseAddress());
-        } catch (RuntimeException rex) {
-            throw rex;
-        } catch (Exception ex) {
-            throw new RuntimeException(ex);
-        }        
-        
-        return result;
-    }
-    
-    AbstractConnector createConnectorJetty9(SslContextFactory sslcf, String hosto, int porto)
{
-        //Jetty 9
-        AbstractConnector result = null;
-        try {
-            Class<?> configClass = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.HttpConfiguration",

-                                                              Server.class); 
-            Object httpConfig = configClass.newInstance();
-            httpConfig.getClass().getMethod("setSendServerVersion", Boolean.TYPE)
-                .invoke(httpConfig, getSendServerVersion());
-            
-            Object httpFactory = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.HttpConnectionFactory",

-                                                            Server.class)
-                                                            .getConstructor(configClass).newInstance(httpConfig);

-
-            Collection<Object> connectionFactories = new ArrayList<Object>();
-            result = (AbstractConnector)ClassLoaderUtils.loadClass("org.eclipse.jetty.server.ServerConnector",

-                                                                   Server.class)
-                                                                   .getConstructor(Server.class)
-                                                                   .newInstance(server);
-            
-            if (tlsServerParameters != null) {
-                Class<?> src = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.SecureRequestCustomizer",
-                                                          Server.class);
-                httpConfig.getClass().getMethod("addCustomizer", src.getInterfaces()[0])
-                    .invoke(httpConfig, src.newInstance());
-                Object scf = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.SslConnectionFactory",
-                                                        Server.class).getConstructor(SslContextFactory.class,
-                                                                                     String.class)
-                                                        .newInstance(sslcf, "HTTP/1.1");
-                connectionFactories.add(scf);
-                result.getClass().getMethod("setDefaultProtocol", String.class).invoke(result,
"SSL-HTTP/1.1");
-            }
-            connectionFactories.add(httpFactory);
-            result.getClass().getMethod("setConnectionFactories", Collection.class)
-                .invoke(result, connectionFactories);
-            
-            if (getMaxIdleTime() > 0) {
-                result.getClass().getMethod("setIdleTimeout", Long.TYPE).invoke(result, new
Long(getMaxIdleTime()));
-            }
-
-        } catch (RuntimeException rex) {
-            throw rex;
-        } catch (Exception ex) {
-            throw new RuntimeException(ex);
-        }
-        return result;
-    }
-    AbstractConnector createConnectorJetty8(SslContextFactory sslcf, String hosto, int porto)
{
-        //Jetty 8
-        AbstractConnector result = null;
-        try {
-            if (sslcf == null) { 
-                result = (AbstractConnector)ClassLoaderUtils
-                    .loadClass("org.eclipse.jetty.server.nio.SelectChannelConnector",
-                               Server.class).newInstance();
-            } else {
-                result = (AbstractConnector)ClassLoaderUtils
-                    .loadClass("org.eclipse.jetty.server.ssl.SslSelectChannelConnector",
-                               Server.class).getConstructor(SslContextFactory.class)
-                               .newInstance(sslcf);
-            }
-            Server.class.getMethod("setSendServerVersion", Boolean.TYPE).invoke(server, getSendServerVersion());
-            if (getMaxIdleTime() > 0) {
-                result.getClass().getMethod("setMaxIdleTime", Integer.TYPE).invoke(result,
getMaxIdleTime());
-            }
-        } catch (RuntimeException rex) {
-            throw rex;
-        } catch (Exception ex) {
-            throw new RuntimeException(ex);
-        }
-        return result;
-    }
-    
-    
-    protected SSLContext createSSLContext(SslContextFactory scf) throws Exception  {
-        String proto = tlsServerParameters.getSecureSocketProtocol() == null
-            ? "TLS" : tlsServerParameters.getSecureSocketProtocol();
-        
-        // Exclude SSLv3 by default unless the protocol is given as SSLv3
-        if (!"SSLv3".equals(proto) && tlsServerParameters.getExcludeProtocols().isEmpty())
{
-            scf.addExcludeProtocols("SSLv3");
-        } else {
-            for (String p : tlsServerParameters.getExcludeProtocols()) {
-                scf.addExcludeProtocols(p);
-            }
-        }
- 
-        SSLContext context = tlsServerParameters.getJsseProvider() == null
-            ? SSLContext.getInstance(proto)
-                : SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider());
-            
-        KeyManager keyManagers[] = tlsServerParameters.getKeyManagers();
-        if (tlsServerParameters.getCertAlias() != null) {
-            keyManagers = getKeyManagersWithCertAlias(keyManagers);
-        }
-        context.init(tlsServerParameters.getKeyManagers(), 
-                     tlsServerParameters.getTrustManagers(),
-                     tlsServerParameters.getSecureRandom());
-
-        String[] cs = 
-            SSLUtils.getCiphersuites(
-                    tlsServerParameters.getCipherSuites(),
-                    SSLUtils.getServerSupportedCipherSuites(context),
-                    tlsServerParameters.getCipherSuitesFilter(),
-                    LOG, true);
-                
-        scf.setExcludeCipherSuites(cs);
-        return context;
-    }
-    protected KeyManager[] getKeyManagersWithCertAlias(KeyManager keyManagers[]) throws Exception
{
-        if (tlsServerParameters.getCertAlias() != null) {
-            for (int idx = 0; idx < keyManagers.length; idx++) {
-                if (keyManagers[idx] instanceof X509KeyManager) {
-                    keyManagers[idx] = new AliasedX509ExtendedKeyManager(
-                        tlsServerParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]);
-                }
-            }
-        }
-        return keyManagers;
-    }
-    protected void setClientAuthentication(SslContextFactory con,
-                                           ClientAuthentication clientAuth) {
-        con.setWantClientAuth(true);
-        if (clientAuth != null) {
-            if (clientAuth.isSetWant()) {
-                con.setWantClientAuth(clientAuth.isWant());
-            }
-            if (clientAuth.isSetRequired()) {
-                con.setNeedClientAuth(clientAuth.isRequired());
-            }
-        }
-    }    
-    /**
-     * This method sets the security properties for the CXF extension
-     * of the JettySslConnector.
-     */
-    private void decorateCXFJettySslSocketConnector(
-            SslContextFactory con
-    ) {
-        setClientAuthentication(con,
-                                tlsServerParameters.getClientAuthentication());
-        con.setCertAlias(tlsServerParameters.getCertAlias());
-    }
-    
-
-    private static Container getContainer(Object server) {
-        if (server instanceof Container) {
-            return (Container)server;
-        }
-        try {
-            return (Container)server.getClass().getMethod("getContainer").invoke(server);
-        } catch (RuntimeException t) {
-            throw t;
-        } catch (Throwable t) {
-            throw new RuntimeException(t);
-        }
-    }
-
-    private static void logConnector(Connector connector) {
-        try {
-            String h = (String)connector.getClass().getMethod("getHost").invoke(connector);
-            int port = (Integer)connector.getClass().getMethod("getPort").invoke(connector);
-            LOG.finer("connector.host: " 
-                + h == null 
-                  ? "null" 
-                  : "\"" + h + "\"");
-            LOG.finer("connector.port: " + port);
-        } catch (Throwable t) {
-            //ignore
-        }
-    }
-
->>>>>>> 1701e6c... [CXF-6087] - Add a way to exclude (multiple) SSL/TLS
protocols in the HTTPJ namespace
     protected void setupThreadPool() {
         AbstractConnector aconn = (AbstractConnector) connector;
         if (isSetThreadingParameters()) {
@@ -1023,3 +781,4 @@ public class JettyHTTPServerEngine
 }
 
 
+

http://git-wip-us.apache.org/repos/asf/cxf/blob/11725278/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/osgi/HTTPJettyTransportActivator.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/osgi/HTTPJettyTransportActivator.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/osgi/HTTPJettyTransportActivator.java
index b37ed4d..e9df5af 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/osgi/HTTPJettyTransportActivator.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/osgi/HTTPJettyTransportActivator.java
@@ -213,7 +213,7 @@ public class HTTPJettyTransportActivator
                     while (st.hasMoreTokens()) {
                         p.getCipherSuites().add(st.nextToken());
                     }
-                }  else if (k.startsWith("excludeProtocols")) {
+                } else if (k.startsWith("excludeProtocols")) {
                     StringTokenizer st = new StringTokenizer(v, ",");
                     while (st.hasMoreTokens()) {
                         p.getExcludeProtocols().add(st.nextToken());

http://git-wip-us.apache.org/repos/asf/cxf/blob/11725278/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
index c43dcab..072c7d0 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
@@ -49,6 +49,7 @@ public class CXFJettySslSocketConnector extends SslSelectChannelConnector
{
     protected SecureRandom   secureRandom;
     protected List<String>   cipherSuites;
     protected FiltersType    cipherSuitesFilter;
+    protected List<String>   excludeProtocols;
        
     /**
      * Set the cipherSuites
@@ -65,6 +66,13 @@ public class CXFJettySslSocketConnector extends SslSelectChannelConnector
{
     }
     
     /**
+     * Set the protocols to exclude
+     */
+    protected void setExcludeProtocols(List<String> ps) {
+        excludeProtocols = ps;
+    }
+    
+    /**
      * Set the KeyManagers.
      */
     protected void setKeyManagers(KeyManager[] kmgrs) {
@@ -113,8 +121,14 @@ public class CXFJettySslSocketConnector extends SslSelectChannelConnector
{
             ? "TLS"
                 : getCxfSslContextFactory().getProtocol();
  
-        if (!"SSLv3".equals(proto)) {
+        // Exclude SSLv3 by default unless the protocol is given as SSLv3
+        if (!"SSLv3".equals(proto) 
+            && (excludeProtocols == null || excludeProtocols.isEmpty())) {
             getSslContextFactory().addExcludeProtocols("SSLv3");
+        } else if (excludeProtocols != null) {
+            for (String p : excludeProtocols) {
+                getSslContextFactory().addExcludeProtocols(p);
+            }
         }
 
         SSLContext context = getCxfSslContextFactory().getProvider() == null

http://git-wip-us.apache.org/repos/asf/cxf/blob/11725278/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
index 2b6c5d2..807bba7 100644
--- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
+++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
@@ -87,6 +87,7 @@ public final class JettySslConnectorFactory implements JettyConnectorFactory
{
         con.getCxfSslContextFactory().setProvider(tlsServerParameters.getJsseProvider());
         con.setCipherSuites(tlsServerParameters.getCipherSuites());
         con.setCipherSuitesFilter(tlsServerParameters.getCipherSuitesFilter());
+        con.setExcludeProtocols(tlsServerParameters.getExcludeProtocols());
         con.getCxfSslContextFactory().setCertAlias(tlsServerParameters.getCertAlias());
     }
 


Mime
View raw message