Author: dkulp
Date: Wed Jan 4 21:06:46 2012
New Revision: 1227321
URL: http://svn.apache.org/viewvc?rev=1227321&view=rev
Log:
[CXF-4008] Check the javax.net.ssl.keyStore* props
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/Messages.properties
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java?rev=1227321&r1=1227320&r2=1227321&view=diff
==============================================================================
---
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
(original)
+++
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
Wed Jan 4 21:06:46 2012
@@ -20,6 +20,7 @@ package org.apache.cxf.configuration.jss
import java.io.FileInputStream;
import java.io.IOException;
+import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
@@ -45,6 +46,7 @@ import org.apache.cxf.configuration.secu
import org.apache.cxf.configuration.security.KeyStoreType;
import org.apache.cxf.configuration.security.SecureRandomParameters;
import org.apache.cxf.configuration.security.TrustManagersType;
+import org.apache.cxf.transport.https.SSLUtils;
/**
* This class provides some functionality to convert the JAXB
@@ -98,17 +100,24 @@ public final class TLSParameterJaxBUtils
if (kst == null) {
return null;
}
- String type = kst.isSetType()
- ? kst.getType()
- : KeyStore.getDefaultType();
+ String type = SSLUtils.getKeystoreType(kst.isSetType()
+ ? kst.getType() : null, LOG,
KeyStore.getDefaultType());
char[] password = kst.isSetPassword()
? deobfuscate(kst.getPassword())
: null;
-
- KeyStore keyStore = !kst.isSetProvider()
+ if (password == null) {
+ String tmp = SSLUtils.getKeystorePassword(null, LOG);
+ if (tmp != null) {
+ password = tmp.toCharArray();
+ }
+ }
+ String provider = SSLUtils.getKeystoreProvider(kst.isSetProvider()
+ ? kst.getProvider() :
null,
+ LOG);
+ KeyStore keyStore = provider == null
? KeyStore.getInstance(type)
- : KeyStore.getInstance(type, kst.getProvider());
+ : KeyStore.getInstance(type, provider);
if (kst.isSetFile()) {
keyStore.load(new FileInputStream(kst.getFile()), password);
@@ -125,7 +134,12 @@ public final class TLSParameterJaxBUtils
} else if (kst.isSetUrl()) {
keyStore.load(new URL(kst.getUrl()).openStream(), password);
} else {
- keyStore.load(null, password);
+ String loc = SSLUtils.getKeystore(null, LOG);
+ InputStream ins = null;
+ if (loc != null) {
+ ins = new FileInputStream(loc);
+ }
+ keyStore.load(ins, password);
}
return keyStore;
}
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/Messages.properties
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/Messages.properties?rev=1227321&r1=1227320&r2=1227321&view=diff
==============================================================================
---
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/Messages.properties
(original)
+++
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/Messages.properties
Wed Jan 4 21:06:46 2012
@@ -26,8 +26,12 @@ UNSUPPORTED_SSL_SERVER_POLICY_DATA = Uns
KEY_STORE_NOT_SET = The location of the key store has not been set via a
system parameter or through configuration so the default value of {0} will be
used.
KEY_STORE_SET = The keystore location is set to {0}.
KEY_STORE_SYSTEM_PROPERTY_SET = The keystore location is set via a system
property to {0}.
-KEY_STORE_TYPE_NOT_SET = The key store type has not been set in configuration
so the default value of {0} will be used.
+KEY_STORE_TYPE_NOT_SET = The keystore type has not been set in configuration
so the default value of {0} will be used.
+KEY_STORE_TYPE_SYSTEM_SET = The keystore type is set via a system property to
{0}.
KEY_STORE_TYPE_SET = The key store type has been set in configuration to {0}.
+KEY_STORE_PROVIDER_NOT_SET = The keystore provider has not been set in
configuration so the default value of {0} will be used.
+KEY_STORE_PROVIDER_SYSTEM_SET = The keystore provider is set via a system
property to {0}.
+KEY_STORE_PROVIDER_SET = The key store provider has been set in configuration
to {0}.
LOADED_KEYSTORE = Successfully loaded keystore, {0}.
FAILED_TO_LOAD_KEYSTORE = Loading the keystore {0}, failed with the following
problem: {1}.
FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD = Loading the keystore. {0}, failed
because the password is not set.
@@ -36,6 +40,7 @@ TRUST_STORE_SET = The trust store locati
TRUST_STORE_SYSTEM_PROPERTY_SET = The trust store location has been via a
system property to {0}.
TRUST_STORE_TYPE_NOT_SET = The trust store type has not been set in
configuration so the default value of {0} will be used.
TRUST_STORE_TYPE_SET = The trust store type has been set in configuration to
{0}.
+TRUST_STORE_TYPE_SYSTEM_SET = The trust store type has been set via a system
property to {0}.
FAILED_TO_LOAD_TRUST_STORE = Loading the truststore, {0}, failed with the
following problem: {1}.
LOADED_TRUST_STORE = Successfully loaded trust store, {0}.
KEY_STORE_PASSWORD_NOT_SET = The key store password has not been set via a
system property or through configuration, reading data from the keystore will
fail.
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?rev=1227321&r1=1227320&r2=1227321&view=diff
==============================================================================
---
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
(original)
+++
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
Wed Jan 4 21:06:46 2012
@@ -261,16 +261,39 @@ public final class SSLUtils {
}
public static String getKeystoreType(String keyStoreType, Logger log) {
+ return getKeystoreType(keyStoreType, log, DEFAULT_KEYSTORE_TYPE);
+ }
+ public static String getKeystoreType(String keyStoreType, Logger log,
String def) {
String logMsg = null;
if (keyStoreType != null) {
logMsg = "KEY_STORE_TYPE_SET";
} else {
- keyStoreType = DEFAULT_KEYSTORE_TYPE;
- logMsg = "KEY_STORE_TYPE_NOT_SET";
+ keyStoreType =
SystemPropertyAction.getProperty("javax.net.ssl.keyStoreType", null);
+ if (keyStoreType == null) {
+ keyStoreType = def;
+ logMsg = "KEY_STORE_TYPE_NOT_SET";
+ } else {
+ logMsg = "KEY_STORE_TYPE_SYSTEM_SET";
+ }
}
LogUtils.log(log, Level.FINE, logMsg, keyStoreType);
return keyStoreType;
}
+ public static String getKeystoreProvider(String keyStoreProvider, Logger
log) {
+ String logMsg = null;
+ if (keyStoreProvider != null) {
+ logMsg = "KEY_STORE_PROVIDER_SET";
+ } else {
+ keyStoreProvider =
SystemPropertyAction.getProperty("javax.net.ssl.keyStoreProvider", null);
+ if (keyStoreProvider == null) {
+ logMsg = "KEY_STORE_PROVIDER_NOT_SET";
+ } else {
+ logMsg = "KEY_STORE_PROVIDER_SYSTEM_SET";
+ }
+ }
+ LogUtils.log(log, Level.FINE, logMsg, keyStoreProvider);
+ return keyStoreProvider;
+ }
public static String getKeystorePassword(String keyStorePassword,
Logger log) {
@@ -294,7 +317,11 @@ public final class SSLUtils {
logMsg = "KEY_PASSWORD_SET";
} else {
keyPassword =
-
SystemPropertyAction.getProperty("javax.net.ssl.keyStorePassword");
+ SystemPropertyAction.getProperty("javax.net.ssl.keyPassword");
+ if (keyPassword == null) {
+ keyPassword =
+
SystemPropertyAction.getProperty("javax.net.ssl.keyStorePassword");
+ }
logMsg = keyPassword != null
? "KEY_PASSWORD_SYSTEM_PROPERTY_SET"
: "KEY_PASSWORD_NOT_SET";
@@ -478,8 +505,13 @@ public final class SSLUtils {
logMsg = "TRUST_STORE_TYPE_SET";
} else {
//Can default to JKS
- trustStoreType = DEFAULT_TRUST_STORE_TYPE;
- logMsg = "TRUST_STORE_TYPE_NOT_SET";
+ trustStoreType =
SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType");
+ if (trustStoreType == null) {
+ trustStoreType = DEFAULT_TRUST_STORE_TYPE;
+ logMsg = "TRUST_STORE_TYPE_NOT_SET";
+ } else {
+ logMsg = "TRUST_STORE_TYPE_SYSTEM_SET";
+ }
}
LogUtils.log(log, Level.FINE, logMsg, trustStoreType);
return trustStoreType;
