cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/4] cxf git commit: Adding a checker on the TLS CipherSuite
Date Fri, 29 May 2015 13:22:56 GMT
Adding a checker on the TLS CipherSuite


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9a0788b9
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9a0788b9
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9a0788b9

Branch: refs/heads/3.0.x-fixes
Commit: 9a0788b91c7dc63c1232a5d27c59958d42c7bdc1
Parents: a2922b7
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri May 29 11:10:25 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri May 29 13:46:25 2015 +0100

----------------------------------------------------------------------
 .../https/ciphersuites/CipherSuiteChecker.java  | 60 ++++++++++++++++++++
 .../https/ciphersuites/ciphersuites-server.xml  |  8 ++-
 2 files changed, 67 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/9a0788b9/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuiteChecker.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuiteChecker.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuiteChecker.java
new file mode 100644
index 0000000..34f2fda
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuiteChecker.java
@@ -0,0 +1,60 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.https.ciphersuites;
+
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.security.transport.TLSSessionInfo;
+
+/**
+ * A service side interceptor to check that the negotiated TLS protocol matches a desired
+ * algorithm
+ */
+public class CipherSuiteChecker extends AbstractPhaseInterceptor<Message> {
+    
+    private String requiredAlgorithm;
+    
+    public CipherSuiteChecker() {
+        super(Phase.PRE_INVOKE);
+    }
+    
+    public CipherSuiteChecker(String phase) {
+        super(phase);
+    }
+
+    public void handleMessage(Message mc) throws Fault {
+        TLSSessionInfo session = mc.get(TLSSessionInfo.class);
+        if (!session.getCipherSuite().contains(requiredAlgorithm)) {
+            throw new Fault(new Exception("Required algorithm not found"));
+        }
+    }
+
+    public String getRequiredAlgorithm() {
+        return requiredAlgorithm;
+    }
+
+    public void setRequiredAlgorithm(String requiredAlgorithm) {
+        this.requiredAlgorithm = requiredAlgorithm;
+    }
+
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/9a0788b9/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
index 6ce8b0a..e5b382e 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
@@ -45,7 +45,13 @@
                      implementor="org.apache.cxf.systest.http.GreeterImpl" 
                      address="https://localhost:${testutil.ports.CipherSuitesServer}/SoapContext/HttpsPort"

                      serviceName="s:SOAPService" 
-                     endpointName="e:HttpsPort" depends-on="aes-tls-settings"/>
+                     endpointName="e:HttpsPort" depends-on="aes-tls-settings">
+        <jaxws:inInterceptors>
+            <bean class="org.apache.cxf.systest.https.ciphersuites.CipherSuiteChecker">
+                <property name="requiredAlgorithm" value="AES"/>
+            </bean>
+        </jaxws:inInterceptors>
+    </jaxws:endpoint>
     
     
     <httpj:engine-factory id="rc4-tls-settings">


Mime
View raw message