Author: ay
Date: Fri Jul 13 16:20:56 2012
New Revision: 1361283
URL: http://svn.apache.org/viewvc?rev=1361283&view=rev
Log:
[CXF-4423] more flexibility in configuring httpconduit's tlsClientParameters
Added:
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
(with props)
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
(with props)
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
(with props)
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Modified:
cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
---
cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
(original)
+++
cxf/trunk/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
Fri Jul 13 16:20:56 2012
@@ -24,12 +24,15 @@ import java.security.GeneralSecurityExce
import java.util.HashSet;
import java.util.Set;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLStreamReader;
+import org.w3c.dom.Node;
import org.apache.cxf.common.injection.NoJSR250Annotations;
import org.apache.cxf.common.jaxb.JAXBContextCache;
@@ -73,6 +76,11 @@ public final class TLSClientParametersCo
TLSClientParameters ret = new TLSClientParameters();
boolean usingDefaults =
params.isUseHttpsURLConnectionDefaultSslSocketFactory();
+
+ TLSClientParametersTypeInternal iparams = null;
+ if (params instanceof TLSClientParametersTypeInternal) {
+ iparams = (TLSClientParametersTypeInternal)params;
+ }
if (params.isDisableCNCheck()) {
ret.setDisableCNCheck(true);
@@ -118,6 +126,12 @@ public final class TLSClientParametersCo
if (params.isSetCertAlias()) {
ret.setCertAlias(params.getCertAlias());
}
+ if (iparams != null && iparams.isSetKeyManagersRef() &&
!usingDefaults) {
+ ret.setKeyManagers(iparams.getKeyManagersRef());
+ }
+ if (iparams != null && iparams.isSetTrustManagersRef() &&
!usingDefaults) {
+ ret.setTrustManagers(iparams.getTrustManagersRef());
+ }
return ret;
}
@@ -145,5 +159,49 @@ public final class TLSClientParametersCo
throw new RuntimeException(e);
}
}
+
+ public static <T> T createTLSClientParameter(Node data, Class<T> cls) {
+ Unmarshaller u;
+ try {
+ u = getContext().createUnmarshaller();
+ Object obj = u.unmarshal(data, cls);
+ if (obj instanceof JAXBElement<?>) {
+ JAXBElement<?> el = (JAXBElement<?>)obj;
+ obj = el.getValue();
+ }
+ return cls.cast(obj);
+ } catch (JAXBException e) {
+ throw new RuntimeException("Could not parse configuration.", e);
+ }
+ }
+
+ public static class TLSClientParametersTypeInternal extends
TLSClientParametersType {
+ private KeyManager[] keyManagersRef;
+ private TrustManager[] trustManagersRef;
+
+ public KeyManager[] getKeyManagersRef() {
+ return keyManagersRef;
+ }
+
+ public void setKeyManagersRef(KeyManager[] keyManagersRef) {
+ this.keyManagersRef = keyManagersRef;
+ }
+
+ public boolean isSetKeyManagersRef() {
+ return this.keyManagersRef != null;
+ }
+ public TrustManager[] getTrustManagersRef() {
+ return trustManagersRef;
+ }
+
+ public void setTrustManagersRef(TrustManager[] trustManagersRef) {
+ this.trustManagersRef = trustManagersRef;
+ }
+
+ public boolean isSetTrustManagersRef() {
+ return this.trustManagersRef != null;
+ }
+
+ }
}
Modified: cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd
URL:
http://svn.apache.org/viewvc/cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
--- cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd
(original)
+++ cxf/trunk/api/src/main/resources/schemas/configuration/security.xsd Fri Jul
13 16:20:56 2012
@@ -265,6 +265,15 @@
</xs:documentation>
</xs:annotation>
</xs:attribute>
+ <xs:attribute name="ref" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the reference to the KeyManagers bean.
This
+ attribute allows the KeyManagers instance to be constructed by
other
+ means and referenced from this object.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="TrustManagersType">
@@ -308,6 +317,15 @@
</xs:documentation>
</xs:annotation>
</xs:attribute>
+ <xs:attribute name="ref" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the reference to the TrustManagers
bean. This
+ attribute allows the TrustManagers instance to be constructed
by other
+ means and referenced from this object.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="CipherSuites">
Modified:
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
---
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
(original)
+++
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
Fri Jul 13 16:20:56 2012
@@ -18,21 +18,24 @@
*/
package org.apache.cxf.transport.http.spring;
-import java.io.StringWriter;
-
import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamWriter;
+import org.w3c.dom.Attr;
import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParametersConfig;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
+import org.apache.cxf.configuration.security.CipherSuites;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
+import org.apache.cxf.configuration.security.SecureRandomParameters;
+import org.apache.cxf.configuration.security.TrustManagersType;
import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
-import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transport.http.MessageTrustDecider;
import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
@@ -46,6 +49,8 @@ public class HttpConduitBeanDefinitionPa
private static final String HTTP_NS =
"http://cxf.apache.org/transports/http/configuration";;
+ private static final String SECURITY_NS =
+ "http://cxf.apache.org/configuration/security";;
@Override
public void doParse(Element element, ParserContext ctx,
BeanDefinitionBuilder bean) {
@@ -103,20 +108,77 @@ public class HttpConduitBeanDefinitionPa
* generated type unmarshalled from the selected node.
*/
@SuppressWarnings("deprecation")
- public void mapTLSClientParameters(Element n, BeanDefinitionBuilder bean) {
- StringWriter writer = new StringWriter();
- XMLStreamWriter xmlWriter = StaxUtils.createXMLStreamWriter(writer);
- try {
- StaxUtils.copy(n, xmlWriter);
- xmlWriter.flush();
- } catch (XMLStreamException e) {
- throw new RuntimeException(e);
+ public void mapTLSClientParameters(Element e, BeanDefinitionBuilder bean) {
+ BeanDefinitionBuilder paramsbean
+ =
BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.TLSClientParametersTypeInternal.class);
+
+ // read the attributes
+ NamedNodeMap as = e.getAttributes();
+ for (int i = 0; i < as.getLength(); i++) {
+ Attr a = (Attr) as.item(i);
+ if (a.getNamespaceURI() == null) {
+ String aname = a.getLocalName();
+ if
("useHttpsURLConnectionDefaultSslSocketFactory".equals(aname)
+ ||
"useHttpsURLConnectionDefaultHostnameVerifier".equals(aname)
+ || "disableCNCheck".equals(aname)) {
+ paramsbean.addPropertyValue(aname,
Boolean.parseBoolean(a.getValue()));
+ } else if ("jsseProvider".equals(aname)
+ || "secureSocketProtocol".equals(aname)) {
+ paramsbean.addPropertyValue(aname, a.getNodeValue());
+ } else if ("sslCacheTimeout".equals(aname)) {
+ paramsbean.addPropertyValue(aname,
Integer.parseInt(a.getNodeValue()));
+ }
+ }
+ }
+
+ // read the child elements
+ Node n = e.getFirstChild();
+ while (n != null) {
+ if (Node.ELEMENT_NODE != n.getNodeType()
+ || !SECURITY_NS.equals(n.getNamespaceURI())) {
+ n = n.getNextSibling();
+ continue;
+ }
+ String ename = n.getLocalName();
+ // Schema should require that no more than one each of these exist.
+ String ref = ((Element)n).getAttribute("ref");
+
+ if ("keyManagers".equals(ename)) {
+ if (ref != null && ref.length() > 0) {
+ paramsbean.addPropertyReference("keyManagersRef", ref);
+ } else {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
KeyManagersType.class));
+ }
+ } else if ("trustManagers".equals(ename)) {
+ if (ref != null && ref.length() > 0) {
+ paramsbean.addPropertyReference("trustManagersRef", ref);
+ } else {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
TrustManagersType.class));
+ }
+ } else if ("cipherSuites".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
CipherSuites.class));
+ } else if ("cipherSuitesFilter".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
FiltersType.class));
+ } else if ("secureRandomParameters".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
SecureRandomParameters.class));
+ } else if ("certConstraints".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
CertificateConstraintsType.class));
+ } else if ("certAlias".equals(ename)) {
+ paramsbean.addPropertyValue(ename, n.getTextContent());
+ }
+ n = n.getNextSibling();
}
BeanDefinitionBuilder jaxbbean
=
BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.class);
-
jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParameters");
- jaxbbean.addConstructorArg(writer.toString());
+
jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParametersFromType");
+ jaxbbean.addConstructorArg(paramsbean.getBeanDefinition());
bean.addPropertyValue("tlsClientParameters",
jaxbbean.getBeanDefinition());
}
Added:
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java?rev=1361283&view=auto
==============================================================================
---
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
(added)
+++
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,146 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.transport.http.spring;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509KeyManager;
+import javax.net.ssl.X509TrustManager;
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.transport.http.HTTPTransportFactory;
+
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ *
+ */
+public class HttpConduitConfigurationTest extends Assert {
+ private static EndpointInfo ei;
+ private Bus bus;
+
+ @BeforeClass
+ public static void setUpOnce() {
+ ei = new EndpointInfo();
+ ei.setName(new QName("http://apache.org/hello_world";, "HelloWorld"));
+ ei.setAddress("https://localhost:8443/nopath";);
+ }
+
+ @After
+ public void tearDown() {
+ bus.shutdown(true);
+ BusFactory.setDefaultBus(null);
+ }
+
+ @Test
+ public void testConduitBean() throws Exception {
+ SpringBusFactory factory = new SpringBusFactory();
+ bus =
factory.createBus("org/apache/cxf/transport/http/spring/conduit-bean.xml");
+ HTTPTransportFactory atf = new HTTPTransportFactory(bus);
+ HTTPConduit conduit = (HTTPConduit)atf.getConduit(ei);
+
+ verifyConduit(conduit);
+ }
+
+ @Test
+ public void testConduitBeanWithTLSReferences() throws Exception {
+ SpringBusFactory factory = new SpringBusFactory();
+ bus =
factory.createBus("org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml");
+ HTTPTransportFactory atf = new HTTPTransportFactory(bus);
+ HTTPConduit conduit = (HTTPConduit)atf.getConduit(ei);
+
+ verifyConduit(conduit);
+ }
+
+ private void verifyConduit(HTTPConduit conduit) {
+ AuthorizationPolicy authp = conduit.getAuthorization();
+ assertNotNull(authp);
+ assertEquals("Betty", authp.getUserName());
+ assertEquals("password", authp.getPassword());
+ TLSClientParameters tlscps = conduit.getTlsClientParameters();
+ assertNotNull(tlscps);
+ assertTrue(tlscps.isDisableCNCheck());
+ assertEquals(3600000, tlscps.getSslCacheTimeout());
+
+ KeyManager[] kms = tlscps.getKeyManagers();
+ assertTrue(kms != null && kms.length == 1);
+ assertTrue(kms[0] instanceof X509KeyManager);
+
+ TrustManager[] tms = tlscps.getTrustManagers();
+ assertTrue(tms != null && tms.length == 1);
+ assertTrue(tms[0] instanceof X509TrustManager);
+
+ FiltersType csfs = tlscps.getCipherSuitesFilter();
+ assertNotNull(csfs);
+ assertEquals(5, csfs.getInclude().size());
+ assertEquals(1, csfs.getExclude().size());
+ }
+
+
+ public static final class ManagersFactory {
+
+ public static KeyManager[] getKeyManagers() {
+ KeyManagersType kmt = new KeyManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setResource("org/apache/cxf/transport/https/resources/Bethal.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ kmt.setKeyStore(kst);
+ kmt.setKeyPassword("password");
+ try {
+ return TLSParameterJaxBUtils.getKeyManagers(kmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve key managers",
e);
+ }
+ }
+
+ public static TrustManager[] getTrustManagers() {
+ TrustManagersType tmt = new TrustManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setResource("org/apache/cxf/transport/https/resources/Gordy.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ tmt.setKeyStore(kst);
+ try {
+ return TLSParameterJaxBUtils.getTrustManagers(tmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve trust
managers", e);
+ }
+ }
+ }
+
+}
Added:
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml?rev=1361283&view=auto
==============================================================================
---
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
(added)
+++
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:cxf-beans="http://cxf.apache.org/configuration/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
+
+
+ <http:conduit
name="{http://apache.org/hello_world}HelloWorld.http-conduit";>
+ <http:tlsClientParameters sslCacheTimeout="3600000"
disableCNCheck="true">
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password"
+
resource="org/apache/cxf/transport/https/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password"
+
resource="org/apache/cxf/transport/https/resources/Gordy.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ </http:tlsClientParameters>
+ <http:authorization>
+ <sec:UserName>Betty</sec:UserName>
+ <sec:Password>password</sec:Password>
+ </http:authorization>
+ <http:client AutoRedirect="true" Connection="Keep-Alive"/>
+
+ </http:conduit>
+</beans>
Propchange:
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Added:
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml?rev=1361283&view=auto
==============================================================================
---
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
(added)
+++
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:cxf-beans="http://cxf.apache.org/configuration/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xsi:schemaLocation="
+http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
+
+ <bean id="keyManagers"
class="org.apache.cxf.transport.http.spring.HttpConduitConfigurationTest$ManagersFactory"
factory-method="getKeyManagers"/>
+ <bean id="trustManagers"
class="org.apache.cxf.transport.http.spring.HttpConduitConfigurationTest$ManagersFactory"
factory-method="getTrustManagers"/>
+
+ <http:conduit
name="{http://apache.org/hello_world}HelloWorld.http-conduit";>
+ <http:tlsClientParameters sslCacheTimeout="3600000"
disableCNCheck="true">
+ <sec:keyManagers ref="keyManagers"/>
+ <sec:trustManagers ref="trustManagers"/>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ </http:tlsClientParameters>
+ <http:authorization>
+ <sec:UserName>Betty</sec:UserName>
+ <sec:Password>password</sec:Password>
+ </http:authorization>
+ <http:client AutoRedirect="true" Connection="Keep-Alive"/>
+
+ </http:conduit>
+</beans>
Propchange:
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
Modified:
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=1361283&r1=1361282&r2=1361283&view=diff
==============================================================================
---
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
(original)
+++
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Fri Jul 13 16:20:56 2012
@@ -21,10 +21,16 @@ package org.apache.cxf.systest.http;
import java.net.URL;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.BusFactory;
import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.hello_world.Greeter;
@@ -143,7 +149,11 @@ public class HTTPSClientTest extends Abs
testSuccessfulCall("resources/jaxws-publish.xml",
"https://localhost:"; + PORT1 +
"/SoapContext/HttpsPort");
}
-
+ @Test
+ public final void testJaxwsTLSRefsEndpoint() throws Exception {
+ testSuccessfulCall("resources/jaxws-tlsrefs-publish.xml",
+ "https://localhost:"; + PORT1 +
"/SoapContext/HttpsPort");
+ }
@Test
public final void testPKCS12Endpoint() throws Exception {
testSuccessfulCall("resources/pkcs12.xml",
@@ -163,4 +173,37 @@ public class HTTPSClientTest extends Abs
true);
}
+
+ public static class ClientManagersFactory {
+ public static KeyManager[] getKeyManagers() {
+ KeyManagersType kmt = new KeyManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ kmt.setKeyStore(kst);
+ kmt.setKeyPassword("password");
+ try {
+ return TLSParameterJaxBUtils.getKeyManagers(kmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve key managers",
e);
+ }
+ }
+
+ public static TrustManager[] getTrustManagers() {
+ TrustManagersType tmt = new TrustManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ tmt.setKeyStore(kst);
+ try {
+ return TLSParameterJaxBUtils.getTrustManagers(tmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve trust
managers", e);
+ }
+ }
+ }
}
Added:
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
URL:
http://svn.apache.org/viewvc/cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml?rev=1361283&view=auto
==============================================================================
---
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
(added)
+++
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
Fri Jul 13 16:20:56 2012
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+Licensed to the Apache Software Foundation (ASF) under one
+or more contributor license agreements. See the NOTICE file
+distributed with this work for additional information
+regarding copyright ownership. The ASF licenses this file
+to you under the Apache License, Version 2.0 (the
+"License"); you may not use this file except in compliance
+with the License. You may obtain a copy of the License at
+
+http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+KIND, either express or implied. See the License for the
+specific language governing permissions and limitations
+under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xmlns:http="http://cxf.apache.org/transports/http/configuration";
+ xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration";
+ xmlns:jaxws="http://cxf.apache.org/jaxws";
+ xmlns:sec="http://cxf.apache.org/configuration/security";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://cxf.apache.org/jaxws
http://cxf.apache.org/schemas/jaxws.xsd
+ http://cxf.apache.org/transports/http/configuration
http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-jetty/configuration
http://cxf.apache.org/schemas/configuration/http-jetty.xsd
+ http://cxf.apache.org/configuration/security
http://cxf.apache.org/schemas/configuration/security.xsd
+ ">
+ <bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <!-- -->
+ <!-- This Spring config file is designed to represent a minimal -->
+ <!-- configuration for spring-loading a CXF servant, where the -->
+ <!-- servant listens using HTTP/S as the transport protocol. -->
+ <!-- -->
+ <!-- Note that the service endpoint is spring-loaded. In the -->
+ <!-- scenario in which this config is designed to run, the -->
+ <!-- server application merely instantiates a Bus, and does not -->
+ <!-- publish any services programmatically -->
+ <!-- -->
+
+ <!-- -->
+ <!-- Spring-load an HTTPS servant -->
+ <!-- -->
+ <jaxws:endpoint
+ id="JaxwsHttpsEndpoint"
+ implementor="org.apache.cxf.systest.http.GreeterImpl"
+
address="https://localhost:${testutil.ports.BusServer.1}/SoapContext/HttpsPort";
+ serviceName="s:SOAPService"
+ endpointName="e:HttpsPort"
+ xmlns:e="http://apache.org/hello_world/services";
+ xmlns:s="http://apache.org/hello_world/services";
+ depends-on="port-9001-tls-config"/>
+
+ <!-- -->
+ <!-- TLS Port configuration parameters for port 9001 -->
+ <!-- -->
+ <httpj:engine-factory id="port-9001-tls-config">
+ <httpj:engine port="${testutil.ports.BusServer.1}">
+ <httpj:tlsServerParameters>
+ <sec:keyManagers keyPassword="password">
+ <sec:keyStore type="JKS" password="password"
+
file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore type="JKS" password="password"
+
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
+ </sec:trustManagers>
+ </httpj:tlsServerParameters>
+ </httpj:engine>
+ </httpj:engine-factory>
+
+ <!-- -->
+ <!-- HTTP/S configuration for clients -->
+ <!-- -->
+ <bean id="clientKeyManagers"
class="org.apache.cxf.systest.http.HTTPSClientTest$ClientManagersFactory"
factory-method="getKeyManagers"/>
+ <bean id="clientTrustManagers"
class="org.apache.cxf.systest.http.HTTPSClientTest$ClientManagersFactory"
factory-method="getTrustManagers"/>
+
+ <http:conduit
name="{http://apache.org/hello_world/services}HttpsPort.http-conduit";>
+ <http:tlsClientParameters disableCNCheck="true">
+ <sec:keyManagers ref="clientKeyManagers"/>
+ <sec:trustManagers ref="clientTrustManagers"/>
+ </http:tlsClientParameters>
+ </http:conduit>
+
+</beans>
Propchange:
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
------------------------------------------------------------------------------
svn:executable = *
Propchange:
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
------------------------------------------------------------------------------
svn:mime-type = text/xml
