Fixing commit to http-jetty
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/91ae4b47 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/91ae4b47 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/91ae4b47 Branch: refs/heads/3.0.x-fixes Commit: 91ae4b47a6b51f45e872b8646200ef93ad0b4301 Parents: 31c6342 Author: Colm O hEigeartaigh <[email protected]> Authored: Mon Jan 5 17:21:24 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Mon Jan 5 17:21:24 2015 +0000 ---------------------------------------------------------------------- .../http_jetty/JettyHTTPServerEngine.java | 255 ------------------- .../https_jetty/CXFJettySslSocketConnector.java | 25 +- 2 files changed, 24 insertions(+), 256 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/91ae4b47/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java ---------------------------------------------------------------------- diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java index 83d701c..f95e4f3 100644 --- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java +++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/http_jetty/JettyHTTPServerEngine.java @@ -477,261 +477,6 @@ public class JettyHTTPServerEngine implements ServerEngine { ++servantCount; } -<<<<<<< HEAD -======= - private void addServerMBean() { - if (mBeanContainer == null) { - return; - } - - try { - Object o = getContainer(server); - o.getClass().getMethod("addEventListener", Container.Listener.class).invoke(o, mBeanContainer); - if (Server.getVersion().startsWith("8")) { - return; - } - mBeanContainer.getClass().getMethod("beanAdded", Container.class, Object.class) - .invoke(mBeanContainer, null, server); - } catch (RuntimeException rex) { - throw rex; - } catch (Exception r) { - throw new RuntimeException(r); - } - } - private void removeServerMBean() { - try { - mBeanContainer.getClass().getMethod("beanRemoved", Container.class, Object.class) - .invoke(mBeanContainer, null, server); - } catch (RuntimeException rex) { - throw rex; - } catch (Exception r) { - throw new RuntimeException(r); - } - } - - private Connector createConnector(String hosto, int porto) { - // now we just use the SelectChannelConnector as the default connector - SslContextFactory sslcf = null; - if (tlsServerParameters != null) { - sslcf = new SslContextFactory() { - protected void doStart() throws Exception { - setSslContext(createSSLContext(this)); - super.doStart(); - } - public void checkKeyStore() { - //we'll handle this later - } - }; - decorateCXFJettySslSocketConnector(sslcf); - } - AbstractConnector result = null; - if (!Server.getVersion().startsWith("8")) { - result = createConnectorJetty9(sslcf, hosto, porto); - } else { - result = createConnectorJetty8(sslcf, hosto, porto); - } - - try { - result.getClass().getMethod("setPort", Integer.TYPE).invoke(result, porto); - if (hosto != null) { - result.getClass().getMethod("setHost", String.class).invoke(result, hosto); - } - result.getClass().getMethod("setReuseAddress", Boolean.TYPE).invoke(result, isReuseAddress()); - } catch (RuntimeException rex) { - throw rex; - } catch (Exception ex) { - throw new RuntimeException(ex); - } - - return result; - } - - AbstractConnector createConnectorJetty9(SslContextFactory sslcf, String hosto, int porto) { - //Jetty 9 - AbstractConnector result = null; - try { - Class<?> configClass = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.HttpConfiguration", - Server.class); - Object httpConfig = configClass.newInstance(); - httpConfig.getClass().getMethod("setSendServerVersion", Boolean.TYPE) - .invoke(httpConfig, getSendServerVersion()); - - Object httpFactory = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.HttpConnectionFactory", - Server.class) - .getConstructor(configClass).newInstance(httpConfig); - - Collection<Object> connectionFactories = new ArrayList<Object>(); - result = (AbstractConnector)ClassLoaderUtils.loadClass("org.eclipse.jetty.server.ServerConnector", - Server.class) - .getConstructor(Server.class) - .newInstance(server); - - if (tlsServerParameters != null) { - Class<?> src = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.SecureRequestCustomizer", - Server.class); - httpConfig.getClass().getMethod("addCustomizer", src.getInterfaces()[0]) - .invoke(httpConfig, src.newInstance()); - Object scf = ClassLoaderUtils.loadClass("org.eclipse.jetty.server.SslConnectionFactory", - Server.class).getConstructor(SslContextFactory.class, - String.class) - .newInstance(sslcf, "HTTP/1.1"); - connectionFactories.add(scf); - result.getClass().getMethod("setDefaultProtocol", String.class).invoke(result, "SSL-HTTP/1.1"); - } - connectionFactories.add(httpFactory); - result.getClass().getMethod("setConnectionFactories", Collection.class) - .invoke(result, connectionFactories); - - if (getMaxIdleTime() > 0) { - result.getClass().getMethod("setIdleTimeout", Long.TYPE).invoke(result, new Long(getMaxIdleTime())); - } - - } catch (RuntimeException rex) { - throw rex; - } catch (Exception ex) { - throw new RuntimeException(ex); - } - return result; - } - AbstractConnector createConnectorJetty8(SslContextFactory sslcf, String hosto, int porto) { - //Jetty 8 - AbstractConnector result = null; - try { - if (sslcf == null) { - result = (AbstractConnector)ClassLoaderUtils - .loadClass("org.eclipse.jetty.server.nio.SelectChannelConnector", - Server.class).newInstance(); - } else { - result = (AbstractConnector)ClassLoaderUtils - .loadClass("org.eclipse.jetty.server.ssl.SslSelectChannelConnector", - Server.class).getConstructor(SslContextFactory.class) - .newInstance(sslcf); - } - Server.class.getMethod("setSendServerVersion", Boolean.TYPE).invoke(server, getSendServerVersion()); - if (getMaxIdleTime() > 0) { - result.getClass().getMethod("setMaxIdleTime", Integer.TYPE).invoke(result, getMaxIdleTime()); - } - } catch (RuntimeException rex) { - throw rex; - } catch (Exception ex) { - throw new RuntimeException(ex); - } - return result; - } - - - protected SSLContext createSSLContext(SslContextFactory scf) throws Exception { - String proto = tlsServerParameters.getSecureSocketProtocol() == null - ? "TLS" : tlsServerParameters.getSecureSocketProtocol(); - - // Exclude SSLv3 + SSLv2Hello by default unless the protocol is given as SSLv3 - if (!"SSLv3".equals(proto) && tlsServerParameters.getExcludeProtocols().isEmpty()) { - scf.addExcludeProtocols("SSLv3"); - scf.addExcludeProtocols("SSLv2Hello"); - } else { - for (String p : tlsServerParameters.getExcludeProtocols()) { - scf.addExcludeProtocols(p); - } - } - - SSLContext context = tlsServerParameters.getJsseProvider() == null - ? SSLContext.getInstance(proto) - : SSLContext.getInstance(proto, tlsServerParameters.getJsseProvider()); - - KeyManager keyManagers[] = tlsServerParameters.getKeyManagers(); - if (tlsServerParameters.getCertAlias() != null) { - keyManagers = getKeyManagersWithCertAlias(keyManagers); - } - context.init(tlsServerParameters.getKeyManagers(), - tlsServerParameters.getTrustManagers(), - tlsServerParameters.getSecureRandom()); - - // Set the CipherSuites - final String[] supportedCipherSuites = - SSLUtils.getServerSupportedCipherSuites(context); - - String[] excludedCipherSuites = - SSLUtils.getCiphersuites( - tlsServerParameters.getCipherSuites(), - supportedCipherSuites, - tlsServerParameters.getCipherSuitesFilter(), - LOG, true); - scf.setExcludeCipherSuites(excludedCipherSuites); - - String[] includedCipherSuites = - SSLUtils.getCiphersuites( - tlsServerParameters.getCipherSuites(), - supportedCipherSuites, - tlsServerParameters.getCipherSuitesFilter(), - LOG, false); - scf.setIncludeCipherSuites(includedCipherSuites); - - return context; - } - protected KeyManager[] getKeyManagersWithCertAlias(KeyManager keyManagers[]) throws Exception { - if (tlsServerParameters.getCertAlias() != null) { - for (int idx = 0; idx < keyManagers.length; idx++) { - if (keyManagers[idx] instanceof X509KeyManager) { - keyManagers[idx] = new AliasedX509ExtendedKeyManager( - tlsServerParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]); - } - } - } - return keyManagers; - } - protected void setClientAuthentication(SslContextFactory con, - ClientAuthentication clientAuth) { - con.setWantClientAuth(true); - if (clientAuth != null) { - if (clientAuth.isSetWant()) { - con.setWantClientAuth(clientAuth.isWant()); - } - if (clientAuth.isSetRequired()) { - con.setNeedClientAuth(clientAuth.isRequired()); - } - } - } - /** - * This method sets the security properties for the CXF extension - * of the JettySslConnector. - */ - private void decorateCXFJettySslSocketConnector( - SslContextFactory con - ) { - setClientAuthentication(con, - tlsServerParameters.getClientAuthentication()); - con.setCertAlias(tlsServerParameters.getCertAlias()); - } - - - private static Container getContainer(Object server) { - if (server instanceof Container) { - return (Container)server; - } - try { - return (Container)server.getClass().getMethod("getContainer").invoke(server); - } catch (RuntimeException t) { - throw t; - } catch (Throwable t) { - throw new RuntimeException(t); - } - } - - private static void logConnector(Connector connector) { - try { - String h = (String)connector.getClass().getMethod("getHost").invoke(connector); - int port = (Integer)connector.getClass().getMethod("getPort").invoke(connector); - LOG.finer("connector.host: " - + h == null - ? "null" - : "\"" + h + "\""); - LOG.finer("connector.port: " + port); - } catch (Throwable t) { - //ignore - } - } - ->>>>>>> a97f886... Explicitly "include" ciphersuites for the Jetty Server + some tests for NULL ciphersuites protected void setupThreadPool() { AbstractConnector aconn = (AbstractConnector) connector; if (isSetThreadingParameters()) { http://git-wip-us.apache.org/repos/asf/cxf/blob/91ae4b47/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java ---------------------------------------------------------------------- diff --git a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java index 619850d..48522df 100644 --- a/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java +++ b/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java @@ -140,7 +140,7 @@ public class CXFJettySslSocketConnector extends SslSelectChannelConnector { getKeyManagersWithCertAlias(); } context.init(keyManagers, trustManagers, secureRandom); - +/* String[] cs = SSLUtils.getCiphersuites( cipherSuites, @@ -149,6 +149,27 @@ public class CXFJettySslSocketConnector extends SslSelectChannelConnector { LOG, true); getCxfSslContextFactory().setExcludeCipherSuites(cs); + */ + + // Set the CipherSuites + final String[] supportedCipherSuites = + SSLUtils.getServerSupportedCipherSuites(context); + + String[] excludedCipherSuites = + SSLUtils.getCiphersuites( + cipherSuites, + supportedCipherSuites, + cipherSuitesFilter, + LOG, true); + getCxfSslContextFactory().setExcludeCipherSuites(excludedCipherSuites); + + String[] includedCipherSuites = + SSLUtils.getCiphersuites( + cipherSuites, + supportedCipherSuites, + cipherSuitesFilter, + LOG, false); + getCxfSslContextFactory().setIncludeCipherSuites(includedCipherSuites); return context; } @@ -177,6 +198,8 @@ public class CXFJettySslSocketConnector extends SslSelectChannelConnector { interface CxfSslContextFactory { void setExcludeCipherSuites(String ... cs); + + void setIncludeCipherSuites(String ... cs); String getProtocol();
