Author: ay
Date: Thu Jul 19 16:02:16 2012
New Revision: 1363406
URL: http://svn.apache.org/viewvc?rev=1363406&view=rev
Log:
Merged revisions 1361283 via svn merge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1361283 | ay | 2012-07-13 18:20:56 +0200 (Fri, 13 Jul 2012) | 1 line
[CXF-4423] more flexibility in configuring httpconduit's tlsClientParameters
........
Added:
cxf/branches/2.6.x-fixes/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/
- copied from r1361283,
cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
- copied unchanged from r1361283,
cxf/trunk/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified:
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
(original)
+++
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java
Thu Jul 19 16:02:16 2012
@@ -24,12 +24,15 @@ import java.security.GeneralSecurityExce
import java.util.HashSet;
import java.util.Set;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import javax.xml.stream.XMLStreamReader;
+import org.w3c.dom.Node;
import org.apache.cxf.common.injection.NoJSR250Annotations;
import org.apache.cxf.common.jaxb.JAXBContextCache;
@@ -73,6 +76,11 @@ public final class TLSClientParametersCo
TLSClientParameters ret = new TLSClientParameters();
boolean usingDefaults =
params.isUseHttpsURLConnectionDefaultSslSocketFactory();
+
+ TLSClientParametersTypeInternal iparams = null;
+ if (params instanceof TLSClientParametersTypeInternal) {
+ iparams = (TLSClientParametersTypeInternal)params;
+ }
if (params.isDisableCNCheck()) {
ret.setDisableCNCheck(true);
@@ -118,6 +126,12 @@ public final class TLSClientParametersCo
if (params.isSetCertAlias()) {
ret.setCertAlias(params.getCertAlias());
}
+ if (iparams != null && iparams.isSetKeyManagersRef() &&
!usingDefaults) {
+ ret.setKeyManagers(iparams.getKeyManagersRef());
+ }
+ if (iparams != null && iparams.isSetTrustManagersRef() &&
!usingDefaults) {
+ ret.setTrustManagers(iparams.getTrustManagersRef());
+ }
return ret;
}
@@ -145,5 +159,49 @@ public final class TLSClientParametersCo
throw new RuntimeException(e);
}
}
+
+ public static <T> T createTLSClientParameter(Node data, Class<T> cls) {
+ Unmarshaller u;
+ try {
+ u = getContext().createUnmarshaller();
+ Object obj = u.unmarshal(data, cls);
+ if (obj instanceof JAXBElement<?>) {
+ JAXBElement<?> el = (JAXBElement<?>)obj;
+ obj = el.getValue();
+ }
+ return cls.cast(obj);
+ } catch (JAXBException e) {
+ throw new RuntimeException("Could not parse configuration.", e);
+ }
+ }
+
+ public static class TLSClientParametersTypeInternal extends
TLSClientParametersType {
+ private KeyManager[] keyManagersRef;
+ private TrustManager[] trustManagersRef;
+
+ public KeyManager[] getKeyManagersRef() {
+ return keyManagersRef;
+ }
+
+ public void setKeyManagersRef(KeyManager[] keyManagersRef) {
+ this.keyManagersRef = keyManagersRef;
+ }
+
+ public boolean isSetKeyManagersRef() {
+ return this.keyManagersRef != null;
+ }
+ public TrustManager[] getTrustManagersRef() {
+ return trustManagersRef;
+ }
+
+ public void setTrustManagersRef(TrustManager[] trustManagersRef) {
+ this.trustManagersRef = trustManagersRef;
+ }
+
+ public boolean isSetTrustManagersRef() {
+ return this.trustManagersRef != null;
+ }
+
+ }
}
Modified:
cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
(original)
+++
cxf/branches/2.6.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
Thu Jul 19 16:02:16 2012
@@ -265,6 +265,15 @@
</xs:documentation>
</xs:annotation>
</xs:attribute>
+ <xs:attribute name="ref" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the reference to the KeyManagers bean.
This
+ attribute allows the KeyManagers instance to be constructed by
other
+ means and referenced from this object.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="TrustManagersType">
@@ -308,6 +317,15 @@
</xs:documentation>
</xs:annotation>
</xs:attribute>
+ <xs:attribute name="ref" type="xs:string">
+ <xs:annotation>
+ <xs:documentation>
+ This attribute contains the reference to the TrustManagers
bean. This
+ attribute allows the TrustManagers instance to be constructed
by other
+ means and referenced from this object.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:attribute>
</xs:complexType>
<xs:complexType name="CipherSuites">
Modified:
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/spring/HttpConduitBeanDefinitionParser.java
Thu Jul 19 16:02:16 2012
@@ -18,21 +18,24 @@
*/
package org.apache.cxf.transport.http.spring;
-import java.io.StringWriter;
-
import javax.xml.namespace.QName;
-import javax.xml.stream.XMLStreamException;
-import javax.xml.stream.XMLStreamWriter;
+import org.w3c.dom.Attr;
import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParametersConfig;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
+import org.apache.cxf.configuration.security.CipherSuites;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy;
+import org.apache.cxf.configuration.security.SecureRandomParameters;
+import org.apache.cxf.configuration.security.TrustManagersType;
import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
-import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.transport.http.MessageTrustDecider;
import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
@@ -46,6 +49,8 @@ public class HttpConduitBeanDefinitionPa
private static final String HTTP_NS =
"http://cxf.apache.org/transports/http/configuration";;
+ private static final String SECURITY_NS =
+ "http://cxf.apache.org/configuration/security";;
@Override
public void doParse(Element element, ParserContext ctx,
BeanDefinitionBuilder bean) {
@@ -103,20 +108,77 @@ public class HttpConduitBeanDefinitionPa
* generated type unmarshalled from the selected node.
*/
@SuppressWarnings("deprecation")
- public void mapTLSClientParameters(Element n, BeanDefinitionBuilder bean) {
- StringWriter writer = new StringWriter();
- XMLStreamWriter xmlWriter = StaxUtils.createXMLStreamWriter(writer);
- try {
- StaxUtils.copy(n, xmlWriter);
- xmlWriter.flush();
- } catch (XMLStreamException e) {
- throw new RuntimeException(e);
+ public void mapTLSClientParameters(Element e, BeanDefinitionBuilder bean) {
+ BeanDefinitionBuilder paramsbean
+ =
BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.TLSClientParametersTypeInternal.class);
+
+ // read the attributes
+ NamedNodeMap as = e.getAttributes();
+ for (int i = 0; i < as.getLength(); i++) {
+ Attr a = (Attr) as.item(i);
+ if (a.getNamespaceURI() == null) {
+ String aname = a.getLocalName();
+ if
("useHttpsURLConnectionDefaultSslSocketFactory".equals(aname)
+ ||
"useHttpsURLConnectionDefaultHostnameVerifier".equals(aname)
+ || "disableCNCheck".equals(aname)) {
+ paramsbean.addPropertyValue(aname,
Boolean.parseBoolean(a.getValue()));
+ } else if ("jsseProvider".equals(aname)
+ || "secureSocketProtocol".equals(aname)) {
+ paramsbean.addPropertyValue(aname, a.getNodeValue());
+ } else if ("sslCacheTimeout".equals(aname)) {
+ paramsbean.addPropertyValue(aname,
Integer.parseInt(a.getNodeValue()));
+ }
+ }
+ }
+
+ // read the child elements
+ Node n = e.getFirstChild();
+ while (n != null) {
+ if (Node.ELEMENT_NODE != n.getNodeType()
+ || !SECURITY_NS.equals(n.getNamespaceURI())) {
+ n = n.getNextSibling();
+ continue;
+ }
+ String ename = n.getLocalName();
+ // Schema should require that no more than one each of these exist.
+ String ref = ((Element)n).getAttribute("ref");
+
+ if ("keyManagers".equals(ename)) {
+ if (ref != null && ref.length() > 0) {
+ paramsbean.addPropertyReference("keyManagersRef", ref);
+ } else {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
KeyManagersType.class));
+ }
+ } else if ("trustManagers".equals(ename)) {
+ if (ref != null && ref.length() > 0) {
+ paramsbean.addPropertyReference("trustManagersRef", ref);
+ } else {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
TrustManagersType.class));
+ }
+ } else if ("cipherSuites".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
CipherSuites.class));
+ } else if ("cipherSuitesFilter".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
FiltersType.class));
+ } else if ("secureRandomParameters".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
SecureRandomParameters.class));
+ } else if ("certConstraints".equals(ename)) {
+ paramsbean.addPropertyValue(ename,
+ TLSClientParametersConfig.createTLSClientParameter(n,
CertificateConstraintsType.class));
+ } else if ("certAlias".equals(ename)) {
+ paramsbean.addPropertyValue(ename, n.getTextContent());
+ }
+ n = n.getNextSibling();
}
BeanDefinitionBuilder jaxbbean
=
BeanDefinitionBuilder.rootBeanDefinition(TLSClientParametersConfig.class);
-
jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParameters");
- jaxbbean.addConstructorArg(writer.toString());
+
jaxbbean.getRawBeanDefinition().setFactoryMethodName("createTLSClientParametersFromType");
+ jaxbbean.addConstructorArg(paramsbean.getBeanDefinition());
bean.addPropertyValue("tlsClientParameters",
jaxbbean.getBeanDefinition());
}
Modified:
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=1363406&r1=1363405&r2=1363406&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
(original)
+++
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Thu Jul 19 16:02:16 2012
@@ -21,10 +21,16 @@ package org.apache.cxf.systest.http;
import java.net.URL;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.BusFactory;
import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.hello_world.Greeter;
@@ -143,7 +149,11 @@ public class HTTPSClientTest extends Abs
testSuccessfulCall("resources/jaxws-publish.xml",
"https://localhost:"; + PORT1 +
"/SoapContext/HttpsPort");
}
-
+ @Test
+ public final void testJaxwsTLSRefsEndpoint() throws Exception {
+ testSuccessfulCall("resources/jaxws-tlsrefs-publish.xml",
+ "https://localhost:"; + PORT1 +
"/SoapContext/HttpsPort");
+ }
@Test
public final void testPKCS12Endpoint() throws Exception {
testSuccessfulCall("resources/pkcs12.xml",
@@ -163,4 +173,37 @@ public class HTTPSClientTest extends Abs
true);
}
+
+ public static class ClientManagersFactory {
+ public static KeyManager[] getKeyManagers() {
+ KeyManagersType kmt = new KeyManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ kmt.setKeyStore(kst);
+ kmt.setKeyPassword("password");
+ try {
+ return TLSParameterJaxBUtils.getKeyManagers(kmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve key managers",
e);
+ }
+ }
+
+ public static TrustManager[] getTrustManagers() {
+ TrustManagersType tmt = new TrustManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ tmt.setKeyStore(kst);
+ try {
+ return TLSParameterJaxBUtils.getTrustManagers(tmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve trust
managers", e);
+ }
+ }
+ }
}
