Author: ffang Date: Tue Mar 27 09:28:18 2012 New Revision: 1305789 URL: http://svn.apache.org/viewvc?rev=1305789&view=rev Log: Merged revisions 1305786 via svnmerge from https://svn.apache.org/repos/asf/cxf/branches/2.5.x-fixes
................ r1305786 | ffang | 2012-03-27 17:15:12 +0800 (二, 27 3 2012) | 9 lines Merged revisions 1305775 via svnmerge from https://svn.apache.org/repos/asf/cxf/trunk ........ r1305775 | ffang | 2012-03-27 16:30:32 +0800 (二, 27 3 2012) | 1 line [CXF-4204]CXF https transport should support to specify the cert alias name ........ ................ Added: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java - copied unchanged from r1305786, cxf/branches/2.5.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java Modified: cxf/branches/2.4.x-fixes/ (props changed) cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml Propchange: cxf/branches/2.4.x-fixes/ ------------------------------------------------------------------------------ Binary property 'svnmerge-integrated' - no diff available. Modified: cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java (original) +++ cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java Tue Mar 27 09:28:18 2012 @@ -41,7 +41,7 @@ public class TLSParameterBase { private CertificateConstraintsType certConstraints; private SecureRandom secureRandom; private String protocol; - + private String certAlias; /** * Set the JSSE provider. If not set, * it uses system default. @@ -164,4 +164,19 @@ public class TLSParameterBase { public String getSecureSocketProtocol() { return protocol; } + + /** + * This parameter configures the cert alias used on server side + * this is useful when keystore has multiple certs + */ + public final void setCertAlias(String ctAlias) { + certAlias = ctAlias; + } + + /** + * This parameter retrieves the cert alias specified on server side + */ + public String getCertAlias() { + return certAlias; + } } Modified: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd (original) +++ cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd Tue Mar 27 09:28:18 2012 @@ -432,6 +432,13 @@ </xs:documentation> </xs:annotation> </xs:element> + <xs:element name="certAlias" type="xs:string" minOccurs="0"> + <xs:annotation> + <xs:documentation> + This element contains the Certificate Alias. + </xs:documentation> + </xs:annotation> + </xs:element> </xs:all> <xs:attribute name="useHttpsURLConnectionDefaultSslSocketFactory" type="pt:ParameterizedBoolean" default="false"> <xs:annotation> @@ -542,6 +549,13 @@ </xs:documentation> </xs:annotation> </xs:element> + <xs:element name="certAlias" type="xs:string" minOccurs="0"> + <xs:annotation> + <xs:documentation> + This element contains the Certificate Alias. + </xs:documentation> + </xs:annotation> + </xs:element> </xs:all> <xs:attribute name="jsseProvider" type="xs:string"> <xs:annotation> Modified: cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java (original) +++ cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java Tue Mar 27 09:28:18 2012 @@ -26,11 +26,13 @@ import java.util.logging.Logger; import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; +import javax.net.ssl.X509KeyManager; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.ReflectionInvokationHandler; import org.apache.cxf.configuration.security.ClientAuthentication; import org.apache.cxf.configuration.security.FiltersType; +import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager; import org.apache.cxf.transport.https.SSLUtils; import org.eclipse.jetty.server.ssl.SslSelectChannelConnector; @@ -47,7 +49,7 @@ public class CXFJettySslSocketConnector protected SecureRandom secureRandom; protected List<String> cipherSuites; protected FiltersType cipherSuitesFilter; - + /** * Set the cipherSuites */ @@ -83,6 +85,7 @@ public class CXFJettySslSocketConnector secureRandom = random; } + /** * Set the ClientAuthentication (from the JAXB type) that * configures an HTTP Destination. @@ -114,6 +117,9 @@ public class CXFJettySslSocketConnector ? SSLContext.getInstance(proto) : SSLContext.getInstance(proto, getCxfSslContextFactory().getProvider()); + if (getCxfSslContextFactory().getCertAlias() != null) { + getKeyManagersWithCertAlias(); + } context.init(keyManagers, trustManagers, secureRandom); String[] cs = @@ -128,6 +134,17 @@ public class CXFJettySslSocketConnector return context; } + protected void getKeyManagersWithCertAlias() throws Exception { + if (getCxfSslContextFactory().getCertAlias() != null) { + for (int idx = 0; idx < keyManagers.length; idx++) { + if (keyManagers[idx] instanceof X509KeyManager) { + keyManagers[idx] = new AliasedX509ExtendedKeyManager( + getCxfSslContextFactory().getCertAlias(), (X509KeyManager)keyManagers[idx]); + } + } + } + } + public CxfSslContextFactory getCxfSslContextFactory() { try { Object o = getClass().getMethod("getSslContextFactory").invoke(this); @@ -155,6 +172,10 @@ public class CXFJettySslSocketConnector void setProtocol(String secureSocketProtocol); void setProvider(String jsseProvider); + + void setCertAlias(String certAlias); + + String getCertAlias(); } } Modified: cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java (original) +++ cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java Tue Mar 27 09:28:18 2012 @@ -87,6 +87,7 @@ public final class JettySslConnectorFact con.getCxfSslContextFactory().setProvider(tlsServerParameters.getJsseProvider()); con.setCipherSuites(tlsServerParameters.getCipherSuites()); con.setCipherSuitesFilter(tlsServerParameters.getCipherSuitesFilter()); + con.getCxfSslContextFactory().setCertAlias(tlsServerParameters.getCertAlias()); } Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java (original) +++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java Tue Mar 27 09:28:18 2012 @@ -116,6 +116,9 @@ public final class TLSClientParametersCo if (params.isSetSslCacheTimeout()) { ret.setSslCacheTimeout(params.getSslCacheTimeout()); } + if (params.isSetCertAlias()) { + ret.setCertAlias(params.getCertAlias()); + } return ret; } Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java (original) +++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java Tue Mar 27 09:28:18 2012 @@ -69,5 +69,8 @@ public class TLSServerParametersConfig if (params.isSetCertConstraints()) { this.setCertConstraints(params.getCertConstraints()); } + if (params.isSetCertAlias()) { + this.setCertAlias(params.getCertAlias()); + } } } Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original) +++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Tue Mar 27 09:28:18 2012 @@ -32,13 +32,16 @@ import java.util.logging.Logger; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLSocketFactory; +import javax.net.ssl.X509KeyManager; import org.apache.cxf.common.logging.LogUtils; import org.apache.cxf.common.util.ReflectionInvokationHandler; import org.apache.cxf.configuration.jsse.TLSClientParameters; + /** * This HttpsURLConnectionFactory implements the HttpURLConnectionFactory * for using the given SSL Policy to configure TLS connections for "https:" @@ -147,7 +150,11 @@ public class HttpsURLConnectionFactory { SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext .getInstance(protocol, provider); ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout()); - ctx.init(tlsClientParameters.getKeyManagers(), tlsClientParameters.getTrustManagers(), + KeyManager[] keyManagers = tlsClientParameters.getKeyManagers(); + if (tlsClientParameters.getCertAlias() != null) { + getKeyManagersWithCertAlias(tlsClientParameters, keyManagers); + } + ctx.init(keyManagers, tlsClientParameters.getTrustManagers(), tlsClientParameters.getSecureRandom()); // The "false" argument means opposite of exclude. @@ -239,6 +246,22 @@ public class HttpsURLConnectionFactory { protected void addLogHandler(Handler handler) { LOG.addHandler(handler); } + + protected void getKeyManagersWithCertAlias(TLSClientParameters tlsClientParameters, + KeyManager[] keyManagers) throws GeneralSecurityException { + if (tlsClientParameters.getCertAlias() != null) { + for (int idx = 0; idx < keyManagers.length; idx++) { + if (keyManagers[idx] instanceof X509KeyManager) { + try { + keyManagers[idx] = new AliasedX509ExtendedKeyManager( + tlsClientParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]); + } catch (Exception e) { + throw new GeneralSecurityException(e); + } + } + } + } + } } Modified: cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml?rev=1305789&r1=1305788&r2=1305789&view=diff ============================================================================== --- cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml (original) +++ cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml Tue Mar 27 09:28:18 2012 @@ -86,6 +86,8 @@ under the License. <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> </sec:trustManagers> + <sec:clientAuthentication want="true" required="true"/> + <sec:certAlias>bethal</sec:certAlias> </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> @@ -103,7 +105,8 @@ under the License. <sec:keyStore type="JKS" password="password" file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/> </sec:trustManagers> + <sec:certAlias>morpit</sec:certAlias> </http:tlsClientParameters> </http:conduit> -</beans> \ No newline at end of file +</beans>
