Author: ay
Date: Fri Jul 20 18:05:05 2012
New Revision: 1363882
URL: http://svn.apache.org/viewvc?rev=1363882&view=rev
Log:
Merged revisions 1363879 via svn merge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1363879 | ay | 2012-07-20 19:37:18 +0200 (Fri, 20 Jul 2012) | 1 line
[CXF-4438] more flexibility in configuring tlsServerParameters in spring and
blueprint
........
Modified:
cxf/branches/2.6.x-fixes/ (props changed)
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
cxf/branches/2.6.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
Propchange: cxf/branches/2.6.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified:
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java?rev=1363882&r1=1363881&r2=1363882&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
(original)
+++
cxf/branches/2.6.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSServerParametersConfig.java
Fri Jul 20 18:05:05 2012
@@ -21,6 +21,9 @@ package org.apache.cxf.configuration.jss
import java.io.IOException;
import java.security.GeneralSecurityException;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+
import org.apache.cxf.common.injection.NoJSR250Annotations;
import org.apache.cxf.configuration.security.TLSServerParametersType;
@@ -36,6 +39,12 @@ public class TLSServerParametersConfig
public TLSServerParametersConfig(TLSServerParametersType params)
throws GeneralSecurityException,
IOException {
+
+ TLSServerParametersTypeInternal iparams = null;
+ if (params instanceof TLSServerParametersTypeInternal) {
+ iparams = (TLSServerParametersTypeInternal)params;
+ }
+
if (params.isSetSecureSocketProtocol()) {
this.setSecureSocketProtocol(params.getSecureSocketProtocol());
}
@@ -71,5 +80,42 @@ public class TLSServerParametersConfig
if (params.isSetCertAlias()) {
this.setCertAlias(params.getCertAlias());
}
+ if (iparams != null && iparams.isSetKeyManagersRef()) {
+ this.setKeyManagers(iparams.getKeyManagersRef());
+ }
+ if (iparams != null && iparams.isSetTrustManagersRef()) {
+ this.setTrustManagers(iparams.getTrustManagersRef());
+ }
+ }
+
+ public static class TLSServerParametersTypeInternal extends
TLSServerParametersType {
+ private KeyManager[] keyManagersRef;
+ private TrustManager[] trustManagersRef;
+
+ public KeyManager[] getKeyManagersRef() {
+ return keyManagersRef;
+ }
+
+ public void setKeyManagersRef(KeyManager[] keyManagersRef) {
+ this.keyManagersRef = keyManagersRef;
+ }
+
+ public boolean isSetKeyManagersRef() {
+ return this.keyManagersRef != null;
+ }
+
+ public TrustManager[] getTrustManagersRef() {
+ return trustManagersRef;
+ }
+
+ public void setTrustManagersRef(TrustManager[] trustManagersRef) {
+ this.trustManagersRef = trustManagersRef;
+ }
+
+ public boolean isSetTrustManagersRef() {
+ return this.trustManagersRef != null;
+ }
+
}
+
}
Modified:
cxf/branches/2.6.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java?rev=1363882&r1=1363881&r2=1363882&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
(original)
+++
cxf/branches/2.6.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/spring/JettyHTTPServerEngineBeanDefinitionParser.java
Fri Jul 20 18:05:05 2012
@@ -27,13 +27,23 @@ import java.util.List;
import javax.annotation.PostConstruct;
import javax.xml.bind.JAXBContext;
+import org.w3c.dom.Attr;
import org.w3c.dom.Element;
+import org.w3c.dom.NamedNodeMap;
+import org.w3c.dom.Node;
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor;
import org.apache.cxf.common.injection.NoJSR250Annotations;
import org.apache.cxf.configuration.jsse.TLSServerParametersConfig;
+import org.apache.cxf.configuration.security.CertificateConstraintsType;
+import org.apache.cxf.configuration.security.CipherSuites;
+import org.apache.cxf.configuration.security.ClientAuthentication;
+import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.SecureRandomParameters;
import org.apache.cxf.configuration.security.TLSServerParametersType;
+import org.apache.cxf.configuration.security.TrustManagersType;
import org.apache.cxf.configuration.spring.AbstractBeanDefinitionParser;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngine;
@@ -55,6 +65,8 @@ import org.springframework.context.Appli
public class JettyHTTPServerEngineBeanDefinitionParser extends
AbstractBeanDefinitionParser {
+ private static final String SECURITY_NS =
+ "http://cxf.apache.org/configuration/security";;
public void doParse(Element element, ParserContext ctx,
BeanDefinitionBuilder bean) {
@@ -89,12 +101,7 @@ public class JettyHTTPServerEngineBeanDe
while (elem != null) {
String name = elem.getLocalName();
if ("tlsServerParameters".equals(name)) {
- mapElementToJaxbPropertyFactory(elem,
- bean,
- "tlsServerParameters",
-
TLSServerParametersType.class,
-
JettyHTTPServerEngineBeanDefinitionParser.class,
-
"createTLSServerParametersConfig");
+ mapTLSServerParameters(elem, bean);
} else if ("threadingParameters".equals(name)) {
mapElementToJaxbPropertyFactory(elem,
bean,
@@ -140,6 +147,76 @@ public class JettyHTTPServerEngineBeanDe
bean.setLazyInit(false);
}
+ private void mapTLSServerParameters(Element e, BeanDefinitionBuilder bean)
{
+ BeanDefinitionBuilder paramsbean
+ =
BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.TLSServerParametersTypeInternal.class);
+
+ // read the attributes
+ NamedNodeMap as = e.getAttributes();
+ for (int i = 0; i < as.getLength(); i++) {
+ Attr a = (Attr) as.item(i);
+ if (a.getNamespaceURI() == null) {
+ String aname = a.getLocalName();
+ if ("jsseProvider".equals(aname)
+ || "secureSocketProtocol".equals(aname)) {
+ paramsbean.addPropertyValue(aname, a.getValue());
+ }
+ }
+ }
+
+ // read the child elements
+ Node n = e.getFirstChild();
+ while (n != null) {
+ if (Node.ELEMENT_NODE != n.getNodeType()
+ || !SECURITY_NS.equals(n.getNamespaceURI())) {
+ n = n.getNextSibling();
+ continue;
+ }
+ String ename = n.getLocalName();
+ // Schema should require that no more than one each of these exist.
+ String ref = ((Element)n).getAttribute("ref");
+
+ if ("keyManagers".equals(ename)) {
+ if (ref != null && ref.length() > 0) {
+ paramsbean.addPropertyReference("keyManagersRef", ref);
+ } else {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ KeyManagersType.class);
+ }
+ } else if ("trustManagers".equals(ename)) {
+ if (ref != null && ref.length() > 0) {
+ paramsbean.addPropertyReference("trustManagersRef", ref);
+ } else {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ TrustManagersType.class);
+ }
+ } else if ("cipherSuites".equals(ename)) {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ CipherSuites.class);
+ } else if ("cipherSuitesFilter".equals(ename)) {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ FiltersType.class);
+ } else if ("secureRandomParameters".equals(ename)) {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ SecureRandomParameters.class);
+ } else if ("clientAuthentication".equals(ename)) {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ ClientAuthentication.class);
+ } else if ("certConstraints".equals(ename)) {
+ mapElementToJaxbProperty((Element)n, paramsbean, ename,
+ CertificateConstraintsType.class);
+ } else if ("certAlias".equals(ename)) {
+ paramsbean.addPropertyValue(ename, n.getTextContent());
+ }
+ n = n.getNextSibling();
+ }
+
+ BeanDefinitionBuilder jaxbbean
+ =
BeanDefinitionBuilder.rootBeanDefinition(TLSServerParametersConfig.class);
+ jaxbbean.addConstructorArg(paramsbean.getBeanDefinition());
+ bean.addPropertyValue("tlsServerParameters",
jaxbbean.getBeanDefinition());
+ }
+
private static ThreadingParameters toThreadingParameters(
ThreadingParametersType paramtype) {
ThreadingParameters params = new ThreadingParameters();
Modified:
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java?rev=1363882&r1=1363881&r2=1363882&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
(original)
+++
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
Fri Jul 20 18:05:05 2012
@@ -174,7 +174,7 @@ public class HTTPSClientTest extends Abs
}
- public static class ClientManagersFactory {
+ public static class ServerManagersFactory {
public static KeyManager[] getKeyManagers() {
KeyManagersType kmt = new KeyManagersType();
KeyStoreType kst = new KeyStoreType();
@@ -206,4 +206,37 @@ public class HTTPSClientTest extends Abs
}
}
}
+
+ public static class ClientManagersFactory {
+ public static KeyManager[] getKeyManagers() {
+ KeyManagersType kmt = new KeyManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ kmt.setKeyStore(kst);
+ kmt.setKeyPassword("password");
+ try {
+ return TLSParameterJaxBUtils.getKeyManagers(kmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve key managers",
e);
+ }
+ }
+
+ public static TrustManager[] getTrustManagers() {
+ TrustManagersType tmt = new TrustManagersType();
+ KeyStoreType kst = new KeyStoreType();
+
kst.setFile("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ tmt.setKeyStore(kst);
+ try {
+ return TLSParameterJaxBUtils.getTrustManagers(tmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve trust
managers", e);
+ }
+ }
+ }
}
Modified:
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
URL:
http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml?rev=1363882&r1=1363881&r2=1363882&view=diff
==============================================================================
---
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
(original)
+++
cxf/branches/2.6.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-tlsrefs-publish.xml
Fri Jul 20 18:05:05 2012
@@ -59,17 +59,14 @@ under the License.
<!-- -->
<!-- TLS Port configuration parameters for port 9001 -->
<!-- -->
+ <bean id="serverKeyManagers"
class="org.apache.cxf.systest.http.HTTPSClientTest$ServerManagersFactory"
factory-method="getKeyManagers"/>
+ <bean id="serverTrustManagers"
class="org.apache.cxf.systest.http.HTTPSClientTest$ServerManagersFactory"
factory-method="getTrustManagers"/>
+
<httpj:engine-factory id="port-9001-tls-config">
<httpj:engine port="${testutil.ports.BusServer.1}">
<httpj:tlsServerParameters>
- <sec:keyManagers keyPassword="password">
- <sec:keyStore type="JKS" password="password"
-
file="src/test/java/org/apache/cxf/systest/http/resources/Bethal.jks"/>
- </sec:keyManagers>
- <sec:trustManagers>
- <sec:keyStore type="JKS" password="password"
-
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
- </sec:trustManagers>
+ <sec:keyManagers ref="serverKeyManagers"/>
+ <sec:trustManagers ref="serverTrustManagers"/>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
