cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: [CXF-6359] - NullPointerException when certAlias specified but no keyManagers are configured. Thanks to Tom Pasierb for the patch
Date Mon, 20 Apr 2015 12:23:46 GMT
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 1731258de -> d657398ab


[CXF-6359] - NullPointerException when certAlias specified but no keyManagers are configured.
Thanks to Tom Pasierb for the patch


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d657398a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d657398a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d657398a

Branch: refs/heads/3.0.x-fixes
Commit: d657398ab7bf94f516a3e9794a5729e4e927849e
Parents: 1731258
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Mon Apr 20 11:44:12 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Mon Apr 20 12:42:14 2015 +0100

----------------------------------------------------------------------
 .../https/HttpsURLConnectionFactory.java        |  10 +-
 .../https/HttpsURLConnectionFactoryTest.java    | 128 +++++++++++++++++++
 .../transport/https/resources/defaultkeystore2  | Bin 0 -> 2240 bytes
 3 files changed, 133 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d657398a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index 4d1ec43..a8c3494 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -161,12 +161,12 @@ public class HttpsURLConnectionFactory {
                 .getInstance(protocol, provider);
             ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
             KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
-            if (tlsClientParameters.getCertAlias() != null) {
-                getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
-            }            
             if (keyManagers == null) {
                 keyManagers = SSLUtils.getDefaultKeyStoreManagers(LOG);
-            }            
+            }
+            if (tlsClientParameters.getCertAlias() != null) {
+                getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
+            }
             ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
                      tlsClientParameters.getSecureRandom());
 
@@ -258,7 +258,7 @@ public class HttpsURLConnectionFactory {
     
     protected void getKeyManagersWithCertAlias(TLSClientParameters tlsClientParameters,
                                                KeyManager[] keyManagers) throws GeneralSecurityException
{
-        if (tlsClientParameters.getCertAlias() != null) {
+        if (tlsClientParameters.getCertAlias() != null && keyManagers != null) {
             for (int idx = 0; idx < keyManagers.length; idx++) {
                 if (keyManagers[idx] instanceof X509KeyManager
                     && !(keyManagers[idx] instanceof AliasedX509ExtendedKeyManager))
{

http://git-wip-us.apache.org/repos/asf/cxf/blob/d657398a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
new file mode 100644
index 0000000..0a7a17c
--- /dev/null
+++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.https;
+
+import java.lang.reflect.Field;
+import javax.net.ssl.HttpsURLConnection;
+
+import org.apache.cxf.common.util.ReflectionUtil;
+import org.apache.cxf.configuration.jsse.SSLUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.easymock.EasyMock;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class HttpsURLConnectionFactoryTest {
+
+    @Test
+    public void noExplicitKeystoreNoCertAlias() throws Exception {
+        clearDefaults();
+        System.clearProperty("javax.net.ssl.keyStore");
+        System.clearProperty("javax.net.ssl.keyStorePassword");
+
+        HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+        Assert.assertNull(factory.socketFactory);
+
+        TLSClientParameters tlsClientParams = new TLSClientParameters();
+        tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+
+        HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+        try {
+            factory.decorateWithTLS(tlsClientParams, conn);
+        } catch (NullPointerException e) {
+            Assert.fail("should not fail with NullPointerException");
+        }
+    }
+
+    @Test
+    public void noExplicitKeystoreWithCertAlias() throws Exception {
+        clearDefaults();
+        System.clearProperty("javax.net.ssl.keyStore");
+        System.clearProperty("javax.net.ssl.keyStorePassword");
+
+        HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+        Assert.assertNull(factory.socketFactory);
+
+        TLSClientParameters tlsClientParams = new TLSClientParameters();
+        tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+        tlsClientParams.setCertAlias("someAlias");
+
+        HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+        try {
+            factory.decorateWithTLS(tlsClientParams, conn);
+        } catch (NullPointerException e) {
+            Assert.fail("should not fail with NullPointerException");
+        }
+    }
+
+    @Test
+    public void defaultKeystoreNoCertAlias() throws Exception {
+        clearDefaults();
+        String keystorePath = getClass().getResource("resources/defaultkeystore2").getPath();
+        System.setProperty("javax.net.ssl.keyStore", keystorePath);
+        System.setProperty("javax.net.ssl.keyStorePassword", "123456");
+
+        HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+        Assert.assertNull(factory.socketFactory);
+
+        TLSClientParameters tlsClientParams = new TLSClientParameters();
+        tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+
+        HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+        try {
+            factory.decorateWithTLS(tlsClientParams, conn);
+        } catch (NullPointerException e) {
+            Assert.fail("should not fail with NullPointerException");
+        }
+    }
+
+    @Test
+    public void defaultKeystoreWithCertAlias() throws Exception {
+        clearDefaults();
+        String keystorePath = getClass().getResource("resources/defaultkeystore2").getPath();
+        System.setProperty("javax.net.ssl.keyStore", keystorePath);
+        System.setProperty("javax.net.ssl.keyStorePassword", "123456");
+
+        HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+        Assert.assertNull(factory.socketFactory);
+
+        TLSClientParameters tlsClientParams = new TLSClientParameters();
+        tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+        tlsClientParams.setCertAlias("someAlias");
+
+        HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+        try {
+            factory.decorateWithTLS(tlsClientParams, conn);
+        } catch (NullPointerException e) {
+            Assert.fail("should not fail with NullPointerException");
+        }
+    }
+
+    private void clearDefaults() throws IllegalAccessException {
+        Field defaultManagers = ReflectionUtil.getDeclaredField(SSLUtils.class, "defaultManagers");
+        ReflectionUtil.setAccessible(defaultManagers);
+
+        defaultManagers.set(SSLUtils.class, null);
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/d657398a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2
b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2
new file mode 100644
index 0000000..195e1f3
Binary files /dev/null and b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2
differ


Mime
View raw message