cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ff...@apache.org
Subject cxf git commit: [CXF-6831]should be able to configure the certStore key type
Date Tue, 15 Mar 2016 07:36:54 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 9b0e6b8cb -> 707fac176


[CXF-6831]should be able to configure the certStore key type


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/707fac17
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/707fac17
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/707fac17

Branch: refs/heads/master
Commit: 707fac176e4be91b9547c9f3b126247268669057
Parents: 9b0e6b8
Author: Freeman Fang <freeman.fang@gmail.com>
Authored: Tue Mar 15 15:36:04 2016 +0800
Committer: Freeman Fang <freeman.fang@gmail.com>
Committed: Tue Mar 15 15:36:04 2016 +0800

----------------------------------------------------------------------
 .../configuration/jsse/TLSParameterJaxBUtils.java  | 17 +++++++++++------
 .../resources/schemas/configuration/security.xsd   |  9 +++++++++
 .../apache/cxf/systest/https/conduit/pkcs12.xml    |  4 ++--
 .../https/conduit/resource-key-spec-url.xml        |  2 +-
 .../systest/https/conduit/resource-key-spec.xml    |  2 +-
 5 files changed, 24 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
index ef611a1..e8743b7 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
@@ -159,9 +159,14 @@ public final class TLSParameterJaxBUtils {
         if (pst == null) {
             return null;
         }
-
+        String type;
+        if (pst.isSetType()) {
+            type = pst.getType();
+        } else {
+            type = KeyStore.getDefaultType();
+        }
         if (pst.isSetFile()) {
-            return createTrustStore(new FileInputStream(pst.getFile()));
+            return createTrustStore(new FileInputStream(pst.getFile()), type);
         }
         if (pst.isSetResource()) {
             final InputStream is = getResourceAsStream(pst.getResource());
@@ -171,10 +176,10 @@ public final class TLSParameterJaxBUtils {
                 LOG.severe(msg);
                 throw new IOException(msg);
             }
-            return createTrustStore(is);
+            return createTrustStore(is, type);
         }
         if (pst.isSetUrl()) {
-            return createTrustStore(new URL(pst.getUrl()).openStream());
+            return createTrustStore(new URL(pst.getUrl()).openStream(), type);
         }
         // TODO error?
         return null;
@@ -196,12 +201,12 @@ public final class TLSParameterJaxBUtils {
      * Create a KeyStore containing the trusted CA certificates contained
      * in the supplied input stream.
      */
-    private static KeyStore createTrustStore(final InputStream is)
+    private static KeyStore createTrustStore(final InputStream is, String type)
         throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException
{
 
         final Collection<? extends Certificate> certs = loadCertificates(is);
         final KeyStore keyStore =
-            KeyStore.getInstance(KeyStore.getDefaultType());
+            KeyStore.getInstance(type);
         keyStore.load(null, null);
         for (Certificate cert : certs) {
             final X509Certificate xcert = (X509Certificate) cert;

http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/core/src/main/resources/schemas/configuration/security.xsd
----------------------------------------------------------------------
diff --git a/core/src/main/resources/schemas/configuration/security.xsd b/core/src/main/resources/schemas/configuration/security.xsd
index f6e05f9..1a10fe3 100644
--- a/core/src/main/resources/schemas/configuration/security.xsd
+++ b/core/src/main/resources/schemas/configuration/security.xsd
@@ -192,6 +192,15 @@
         1) "file", 2) "resource", and 3) "url".
         </xs:documentation>
       </xs:annotation>
+        <xs:attribute name="type"     type="xs:string">
+          <xs:annotation>
+            <xs:documentation>
+            This attribute specifies the type of the certstore.
+            It is highly correlated to the provider. Most common examples
+            are "jks" "pkcs12".
+            </xs:documentation>
+          </xs:annotation>
+        </xs:attribute>
         <xs:attribute name="file"     type="xs:string">
           <xs:annotation>
             <xs:documentation>

http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml
index d01a2a0..2087713 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml
@@ -49,7 +49,7 @@ under the License.
                     <sec:keyStore type="pkcs12" password="password" resource="keys/Bethal.p12"/>
                 </sec:keyManagers>
                 <sec:trustManagers>
-                    <sec:certStore resource="keys/Truststore.pem"/>
+                    <sec:certStore type="jks" resource="keys/Truststore.pem"/>
                 </sec:trustManagers>
             </httpj:tlsServerParameters>
         </httpj:engine>
@@ -63,7 +63,7 @@ under the License.
                 <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/>
             </sec:keyManagers>
             <sec:trustManagers>
-                <sec:certStore resource="keys/Truststore.pem"/>
+                <sec:certStore type="jks" resource="keys/Truststore.pem"/>
             </sec:trustManagers>
         </http:tlsClientParameters>
     </http:conduit>

http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml
index 0e70d13..aab7b0f 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml
@@ -65,7 +65,7 @@ under the License.
                 <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/>
             </sec:keyManagers>
             <sec:trustManagers>
-                <sec:certStore resource="keys/Truststore.pem"/>
+                <sec:certStore type="jks" resource="keys/Truststore.pem"/>
             </sec:trustManagers>
         </http:tlsClientParameters>
     </http:conduit>

http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml
index a1f9bba..efcaa68 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml
@@ -61,7 +61,7 @@ under the License.
                 <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/>
             </sec:keyManagers>
             <sec:trustManagers>
-                <sec:certStore resource="keys/Truststore.pem"/>
+                <sec:certStore type="jks" resource="keys/Truststore.pem"/>
             </sec:trustManagers>
         </http:tlsClientParameters>
     </http:conduit>


Mime
View raw message