cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [5/5] cxf git commit: Fix for last commit
Date Wed, 17 Dec 2014 18:02:09 GMT
Fix for last commit


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/28c26cea
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/28c26cea
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/28c26cea

Branch: refs/heads/2.7.x-fixes
Commit: 28c26ceadf867116cf4faf56823e749373bd4410
Parents: ec245d8
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Dec 17 18:01:56 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Dec 17 18:01:56 2014 +0000

----------------------------------------------------------------------
 .../https/HttpsURLConnectionFactory.java        |   6 +-
 .../apache/cxf/transport/https/SSLUtils.java    | 116 -------------------
 2 files changed, 4 insertions(+), 118 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/28c26cea/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index cd03a91..992280d 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -42,6 +42,8 @@ import org.apache.cxf.common.util.ReflectionInvokationHandler;
 import org.apache.cxf.common.util.ReflectionUtil;
 import org.apache.cxf.configuration.jsse.SSLUtils;
 import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier;
+import org.apache.cxf.transport.https.httpclient.PublicSuffixMatcherLoader;
 
 
 /**
@@ -188,9 +190,9 @@ public class HttpsURLConnectionFactory {
         if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
             verifier = HttpsURLConnection.getDefaultHostnameVerifier();
         } else if (tlsClientParameters.isDisableCNCheck()) {
-            verifier = CertificateHostnameVerifier.ALLOW_ALL;
+            verifier = new AllowAllHostnameVerifier();
         } else {
-            verifier = CertificateHostnameVerifier.DEFAULT;
+            verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
         }
         
         if (connection instanceof HttpsURLConnection) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/28c26cea/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
deleted file mode 100644
index 183f80e..0000000
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.transport.https;
-
-import java.security.GeneralSecurityException;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.X509KeyManager;
-
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
-import org.apache.cxf.configuration.jsse.TLSParameterBase;
-import org.apache.cxf.configuration.jsse.TLSServerParameters;
-
-import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier;
-import org.apache.cxf.transport.https.httpclient.PublicSuffixMatcherLoader;
-
-public final class SSLUtils {
-    private SSLUtils() {
-        //Helper class
-    }
-    
-    public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters)
{
-        HostnameVerifier verifier;
-        
-        if (tlsClientParameters.getHostnameVerifier() != null) {
-            verifier = tlsClientParameters.getHostnameVerifier();
-        } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier())
{
-            verifier = HttpsURLConnection.getDefaultHostnameVerifier();
-        } else if (tlsClientParameters.isDisableCNCheck()) {
-            verifier = new AllowAllHostnameVerifier();
-        } else {
-            verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
-        }
-        return verifier;
-    }
-    
-    public static SSLContext getSSLContext(TLSParameterBase parameters) throws Exception
{
-        // TODO do we need to cache the context
-        String provider = parameters.getJsseProvider();
-
-        String protocol = parameters.getSecureSocketProtocol() != null ? parameters
-            .getSecureSocketProtocol() : "TLS";
-
-        SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
-            .getInstance(protocol, provider);
-        
-        if (parameters instanceof TLSClientParameters) {
-            ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout());
-        }
-        
-        // TODO setting on the server side
-        
-        KeyManager[] keyManagers = parameters.getKeyManagers();
-        if (parameters.getCertAlias() != null) {
-            getKeyManagersWithCertAlias(parameters, keyManagers);
-        }
-        ctx.init(keyManagers, parameters.getTrustManagers(),
-                 parameters.getSecureRandom());
-        
-        return ctx;
-    }
-        
-    protected static void getKeyManagersWithCertAlias(TLSParameterBase tlsParameters,
-                                                      KeyManager[] keyManagers)
-        throws GeneralSecurityException {
-        if (tlsParameters.getCertAlias() != null) {
-            for (int idx = 0; idx < keyManagers.length; idx++) {
-                if (keyManagers[idx] instanceof X509KeyManager) {
-                    try {
-                        keyManagers[idx] = new AliasedX509ExtendedKeyManager(tlsParameters.getCertAlias(),
-                                                                             (X509KeyManager)keyManagers[idx]);
-                    } catch (Exception e) {
-                        throw new GeneralSecurityException(e);
-                    }
-                }
-            }
-        }
-    }
-    
-    public static SSLEngine createServerSSLEngine(TLSServerParameters parameters) throws
Exception {
-        SSLContext sslContext = getSSLContext(parameters);
-        SSLEngine serverEngine = sslContext.createSSLEngine();
-        serverEngine.setUseClientMode(false);
-        serverEngine.setNeedClientAuth(parameters.getClientAuthentication().isRequired());
-        return serverEngine;
-    }
-    
-    public static SSLEngine createClientSSLEngine(TLSClientParameters parameters) throws
Exception {
-        SSLContext sslContext = getSSLContext(parameters);
-        SSLEngine clientEngine = sslContext.createSSLEngine();
-        clientEngine.setUseClientMode(true);
-        return clientEngine;
-    }
-    
-
-}


Mime
View raw message