CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
# Conflicts: # core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java # core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6e7c86d2 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6e7c86d2 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6e7c86d2 Branch: refs/heads/3.1.x-fixes Commit: 6e7c86d202f19a6159ee7c7b888504f39a65090b Parents: 15aa0d6 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Feb 17 13:44:40 2017 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Feb 17 13:46:22 2017 +0000 ---------------------------------------------------------------------- .../apache/cxf/configuration/jsse/SSLUtils.java | 44 ++++++++++++++++++++ .../jsse/TLSParameterJaxBUtils.java | 35 +++++++++++++--- 2 files changed, 74 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7c86d2/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index 4132b35..71f24fd 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -559,14 +559,23 @@ public final class SSLUtils { } public static String getTrustStoreType(String trustStoreType, Logger log) { + return getTrustStoreType(trustStoreType, log, DEFAULT_TRUST_STORE_TYPE); + } + + public static String getTrustStoreType(String trustStoreType, Logger log, String def) { String logMsg = null; if (trustStoreType != null) { logMsg = "TRUST_STORE_TYPE_SET"; } else { //Can default to JKS trustStoreType = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType"); +<<<<<<< HEAD if (trustStoreType == null) { trustStoreType = DEFAULT_TRUST_STORE_TYPE; +======= + if (trustStoreType == null) { + trustStoreType = def; +>>>>>>> 19a4d72... CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property logMsg = "TRUST_STORE_TYPE_NOT_SET"; } else { logMsg = "TRUST_STORE_TYPE_SYSTEM_SET"; @@ -576,6 +585,41 @@ public final class SSLUtils { return trustStoreType; } +<<<<<<< HEAD +======= + public static String getTruststorePassword(String trustStorePassword, + Logger log) { + String logMsg = null; + if (trustStorePassword != null) { + logMsg = "TRUST_STORE_PASSWORD_SET"; + } else { + trustStorePassword = + SystemPropertyAction.getProperty("javax.net.ssl.trustStorePassword"); + logMsg = trustStorePassword != null + ? "TRUST_STORE_PASSWORD_SYSTEM_PROPERTY_SET" + : "TRUST_STORE_PASSWORD_NOT_SET"; + } + LogUtils.log(log, Level.FINE, logMsg); + return trustStorePassword; + } + + public static String getTruststoreProvider(String trustStoreProvider, Logger log) { + String logMsg = null; + if (trustStoreProvider != null) { + logMsg = "TRUST_STORE_PROVIDER_SET"; + } else { + trustStoreProvider = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreProvider", null); + if (trustStoreProvider == null) { + logMsg = "TRUST_STORE_PROVIDER_NOT_SET"; + } else { + logMsg = "TRUST_STORE_PROVIDER_SYSTEM_SET"; + } + } + LogUtils.log(log, Level.FINE, logMsg, trustStoreProvider); + return trustStoreProvider; + } + +>>>>>>> 19a4d72... CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property public static String getSecureSocketProtocol(String secureSocketProtocol, Logger log) { if (secureSocketProtocol != null) { http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7c86d2/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java index e8743b7..44eca7b 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java @@ -95,31 +95,56 @@ public final class TLSParameterJaxBUtils { } return secureRandom; } + + public static KeyStore getKeyStore(KeyStoreType kst) throws GeneralSecurityException, IOException { + return getKeyStore(kst, false); + } + /** * This method converts a JAXB generated KeyStoreType into a KeyStore. */ - public static KeyStore getKeyStore(KeyStoreType kst) + public static KeyStore getKeyStore(KeyStoreType kst, boolean trustStore) throws GeneralSecurityException, IOException { if (kst == null) { return null; } - String type = SSLUtils.getKeystoreType(kst.isSetType() + String type = null; + if (trustStore) { + type = SSLUtils.getTrustStoreType(kst.isSetType() + ? kst.getType() : null, LOG, KeyStore.getDefaultType()); + } else { + type = SSLUtils.getKeystoreType(kst.isSetType() ? kst.getType() : null, LOG, KeyStore.getDefaultType()); + } char[] password = kst.isSetPassword() ? deobfuscate(kst.getPassword()) : null; if (password == null) { - String tmp = SSLUtils.getKeystorePassword(null, LOG); + String tmp = null; + if (trustStore) { + tmp = SSLUtils.getTruststorePassword(null, LOG); + } else { + tmp = SSLUtils.getKeystorePassword(null, LOG); + } if (tmp != null) { password = tmp.toCharArray(); } } +<<<<<<< HEAD String provider = SSLUtils.getKeystoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG); +======= + String provider = null; + if (trustStore) { + provider = SSLUtils.getTruststoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG); + } else { + provider = SSLUtils.getKeystoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG); + } +>>>>>>> 19a4d72... CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property KeyStore keyStore = provider == null ? KeyStore.getInstance(type) : KeyStore.getInstance(type, provider); @@ -256,7 +281,7 @@ public final class TLSParameterJaxBUtils { throws GeneralSecurityException, IOException { - KeyStore keyStore = getKeyStore(kmc.getKeyStore()); + KeyStore keyStore = getKeyStore(kmc.getKeyStore(), false); String alg = kmc.isSetFactoryAlgorithm() ? kmc.getFactoryAlgorithm() @@ -316,7 +341,7 @@ public final class TLSParameterJaxBUtils { final KeyStore keyStore = tmc.isSetKeyStore() - ? getKeyStore(tmc.getKeyStore()) + ? getKeyStore(tmc.getKeyStore(), true) : (tmc.isSetCertStore() ? getKeyStore(tmc.getCertStore()) : (KeyStore) null);
