cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
Date Fri, 17 Feb 2017 13:44:54 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 8b86ab84a -> 19a4d72a3


CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/19a4d72a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/19a4d72a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/19a4d72a

Branch: refs/heads/master
Commit: 19a4d72a32f1e18bec621af403ecdf21d97453af
Parents: 8b86ab8
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Feb 17 13:44:40 2017 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Feb 17 13:44:40 2017 +0000

----------------------------------------------------------------------
 .../apache/cxf/configuration/jsse/SSLUtils.java | 40 +++++++++++++++++++-
 .../jsse/TLSParameterJaxBUtils.java             | 35 +++++++++++++----
 2 files changed, 65 insertions(+), 10 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/19a4d72a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index 24e162d..1853a60 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -557,8 +557,12 @@ public final class SSLUtils {
         LogUtils.log(log, Level.FINE, logMsg, trustStoreLocation);
         return trustStoreLocation;
     }
-
+    
     public static String getTrustStoreType(String trustStoreType, Logger log) {
+        return getTrustStoreType(trustStoreType, log, DEFAULT_TRUST_STORE_TYPE);
+    }
+
+    public static String getTrustStoreType(String trustStoreType, Logger log, String def)
{
         String logMsg = null;
         if (trustStoreType != null) {
             logMsg = "TRUST_STORE_TYPE_SET";
@@ -566,7 +570,7 @@ public final class SSLUtils {
             //Can default to JKS
             trustStoreType = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType");
             if (trustStoreType == null) {
-                trustStoreType = DEFAULT_TRUST_STORE_TYPE;
+                trustStoreType = def;
                 logMsg = "TRUST_STORE_TYPE_NOT_SET";
             } else {
                 logMsg = "TRUST_STORE_TYPE_SYSTEM_SET";
@@ -575,6 +579,38 @@ public final class SSLUtils {
         LogUtils.log(log, Level.FINE, logMsg, trustStoreType);
         return trustStoreType;
     }
+    
+    public static String getTruststorePassword(String trustStorePassword,
+                                             Logger log) {
+        String logMsg = null;
+        if (trustStorePassword != null) {
+            logMsg = "TRUST_STORE_PASSWORD_SET";
+        } else {
+            trustStorePassword =
+                SystemPropertyAction.getProperty("javax.net.ssl.trustStorePassword");
+            logMsg = trustStorePassword != null
+                     ? "TRUST_STORE_PASSWORD_SYSTEM_PROPERTY_SET"
+                     : "TRUST_STORE_PASSWORD_NOT_SET";
+        }
+        LogUtils.log(log, Level.FINE, logMsg);
+        return trustStorePassword;
+    }
+    
+    public static String getTruststoreProvider(String trustStoreProvider, Logger log) {
+        String logMsg = null;
+        if (trustStoreProvider != null) {
+            logMsg = "TRUST_STORE_PROVIDER_SET";
+        } else {
+            trustStoreProvider = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreProvider",
null);
+            if (trustStoreProvider == null) {
+                logMsg = "TRUST_STORE_PROVIDER_NOT_SET";
+            } else {
+                logMsg = "TRUST_STORE_PROVIDER_SYSTEM_SET";
+            }
+        }
+        LogUtils.log(log, Level.FINE, logMsg, trustStoreProvider);
+        return trustStoreProvider;
+    }
 
     public static String getSecureSocketProtocol(String secureSocketProtocol,
                                                  Logger log) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/19a4d72a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
index 644a1e9..ee6bf58 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
@@ -95,31 +95,50 @@ public final class TLSParameterJaxBUtils {
         }
         return secureRandom;
     }
+
+    public static KeyStore getKeyStore(KeyStoreType kst) throws GeneralSecurityException,
IOException {
+        return getKeyStore(kst, false);
+    }
+
     /**
      * This method converts a JAXB generated KeyStoreType into a KeyStore.
      */
-    public static KeyStore getKeyStore(KeyStoreType kst)
+    public static KeyStore getKeyStore(KeyStoreType kst, boolean trustStore)
         throws GeneralSecurityException,
                IOException {
 
         if (kst == null) {
             return null;
         }
-        String type = SSLUtils.getKeystoreType(kst.isSetType()
+        String type = null;
+        if (trustStore) {
+            type = SSLUtils.getTrustStoreType(kst.isSetType()
+                                     ? kst.getType() : null, LOG, KeyStore.getDefaultType());
+        } else {
+            type = SSLUtils.getKeystoreType(kst.isSetType()
                                  ? kst.getType() : null, LOG, KeyStore.getDefaultType());
+        }
 
         char[] password = kst.isSetPassword()
                     ? deobfuscate(kst.getPassword())
                     : null;
         if (password == null) {
-            String tmp = SSLUtils.getKeystorePassword(null, LOG);
+            String tmp = null;
+            if (trustStore) {
+                tmp = SSLUtils.getTruststorePassword(null, LOG);
+            } else {
+                tmp = SSLUtils.getKeystorePassword(null, LOG);
+            }
             if (tmp != null) {
                 password = tmp.toCharArray();
             }
         }
-        String provider = SSLUtils.getKeystoreProvider(kst.isSetProvider()
-                                                       ? kst.getProvider() : null,
-                                                       LOG);
+        String provider = null;
+        if (trustStore) {
+            provider = SSLUtils.getTruststoreProvider(kst.isSetProvider() ? kst.getProvider()
: null, LOG);
+        } else {
+            provider = SSLUtils.getKeystoreProvider(kst.isSetProvider() ? kst.getProvider()
: null, LOG);
+        }
         KeyStore keyStore = provider == null
                     ? KeyStore.getInstance(type)
                     : KeyStore.getInstance(type, provider);
@@ -256,7 +275,7 @@ public final class TLSParameterJaxBUtils {
         throws GeneralSecurityException,
                IOException {
 
-        KeyStore keyStore = getKeyStore(kmc.getKeyStore());
+        KeyStore keyStore = getKeyStore(kmc.getKeyStore(), false);
 
         String alg = kmc.isSetFactoryAlgorithm()
                      ? kmc.getFactoryAlgorithm()
@@ -316,7 +335,7 @@ public final class TLSParameterJaxBUtils {
 
         final KeyStore keyStore =
             tmc.isSetKeyStore()
-                ? getKeyStore(tmc.getKeyStore())
+                ? getKeyStore(tmc.getKeyStore(), true)
                 : (tmc.isSetCertStore()
                     ? getKeyStore(tmc.getCertStore())
                     : (KeyStore) null);


Mime
View raw message