Author: buildbot
Date: Thu Mar 23 14:47:45 2017
New Revision: 1008856
Log:
Production update by buildbot for cxf
Modified:
websites/production/cxf/content/cache/docs.pageCache
websites/production/cxf/content/docs/jax-rs-jose.html
websites/production/cxf/content/docs/tls-configuration.html
Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Thu Mar 23 14:47:45
2017
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p> </p><p> </p><p><style
type="text/css">/*<![CDATA[*/
-div.rbtoc1470318419994 {padding: 0px;}
-div.rbtoc1470318419994 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1470318419994 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1490280432451 {padding: 0px;}
+div.rbtoc1490280432451 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1490280432451 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1470318419994">
+/*]]>*/</style></p><div class="toc-macro rbtoc1490280432451">
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect"
href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a
shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE
Policy </a></li><li><a shape="rect"
href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and
Implementation</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSSignature">JWS Signature</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature and Verification
Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS
Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS
JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS
with Detached Content</a></li><li><a shape="rect"
href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS with Unencoded
Payload</a></li></ul>
@@ -329,7 +329,14 @@ KeyEncryptionProvider keyEncryption2 = J
// Create ContentEncryptionProvider:
-ContentEncryptionProvider contentEncryption = new
AesGcmContentEncryptionAlgorithm(CEK_BYTES, ContentAlgorithm.A128GCM);
+// Starting from CXF 3.1.11:
+ContentEncryptionProvider contentEncryption = new
AesGcmContentEncryptionAlgorithm(ContentAlgorithm.A128GCM, true);
+// or
+// ContentEncryptionProvider contentEncryption =
JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM, true);
+
+// Before CXF 3.1.1 a CEK needs to be pre-generated when dealing with multiple
recipients:
+//ContentEncryptionProvider contentEncryption = new
AesGcmContentEncryptionAlgorithm(CEK_BYTES, ContentAlgorithm.A128GCM);
+
// If a single recipient then this line is enough:
//ContentEncryptionProvider contentEncryption =
JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Thu Mar 23
14:47:45 2017
@@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration
<!-- Content -->
<div class="wiki-content">
<div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1435780155861 {padding: 0px;}
-div.rbtoc1435780155861 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1435780155861 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1490280431469 {padding: 0px;}
+div.rbtoc1490280431469 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1490280431469 li {margin-left: 0px;padding-left: 0px;}
-/*]]>*/</style></p><div class="toc-macro rbtoc1435780155861">
+/*]]>*/</style></p><div class="toc-macro rbtoc1490280431469">
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-KeyManagers">Key Managers</a></li><li><a shape="rect"
href="#TLSConfiguration-TrustManagers">Trust Managers</a></li><li><a
shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites
Filter</a></li><li><a shape="rect"
href="#TLSConfiguration-CertConstraints">Cert Constraints</a></li></ul>
</li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client
TLS Parameters</a>
@@ -129,7 +129,7 @@ div.rbtoc1435780155861 li {margin-left:
</li><li><a shape="rect" href="#TLSConfiguration-ServerTLSParameters">Server
TLS Parameters</a>
<ul class="toc-indentation"><li><a shape="rect"
href="#TLSConfiguration-ClientAuthentication">Client
Authentication</a></li></ul>
</li></ul>
-</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</h1><p>The TLS Parameters common
to both Clients and Servers are given <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java";>here</a>:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key
Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Key
Managers to hold X509 certificates.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>tru
stManagers</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>JVM default Trust Managers</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>TrustManagers to validate peer X509
certificates.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>jsseProvider</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default provider associated with
protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE
provider name.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuites</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be
supported.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd
"><p>filters of the supported CipherSuites that will be supported and used if
available.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>certConstraints</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Certificate Constraints
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure
Random</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example are
"SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><co
de>certAlias</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Cert alias to use. Useful when keystore has multiple
certs.</p></td></tr></tbody></table></div><p> </p><p>Note that from CXF
3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the client side, and on the
service side (if Jetty is used), unless "SSLv3" is explicitly specified for the
"secureSocketProtocol" parameter.</p><h2 id="TLSConfiguration-KeyManagers">Key
Managers</h2><p>The Key Managers configuration item is used to retrieve key
information. It is required for a Server, but is only required for a Client
when the Server requires Client Authentication.</p><div class="code panel pdl"
style="border-width: 1px;"><div class="codeHeader panelHeader pdl"
style="border-bottom-width: 1px;"><b>Key Manager sample</b></div><div
class="codeContent panelContent pdl">
+</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS
Parameters common to both Clients and Servers</h1><p>The TLS Parameters common
to both Clients and Servers are given <a shape="rect" class="external-link"
href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java";>here</a>:</p><div
class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1"
rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1"
rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1"
class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key
Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Key
Managers to hold X509 certificates.</p></td></tr><tr><td colspan="1"
rowspan="1" class="confluenceTd"><p><code>tru
stManagers</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>JVM default Trust Managers</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>TrustManagers to validate peer X509
certificates.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>jsseProvider</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default provider associated with
protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE
provider name.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuites</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be
supported.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd
"><p>filters of the supported CipherSuites that will be supported and used if
available.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>certConstraints</code></p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Certificate Constraints
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure
Random</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom
specification.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td
colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td colspan="1"
rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example are
"SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><p><co
de>certAlias</code></p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p> </p></td><td colspan="1" rowspan="1"
class="confluenceTd"><p>Cert alias to use. Useful when keystore has multiple
certs.</p></td></tr><tr><td colspan="1" rowspan="1"
class="confluenceTd"><code>enableRevocation</code> <strong>CXF
3.1.11</strong></td><td colspan="1" rowspan="1"
class="confluenceTd">"false"</td><td colspan="1" rowspan="1"
class="confluenceTd"><p>This attribute specifies whether to enable revocation
when checking the client/server certificate.</p><p>To enable "ocsp" this should
be set to "true" (along with the Java Security property
"ocsp.enable").</p></td></tr></tbody></table></div><p> </p><p>Note that
from CXF 3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the client side,
and on the service side (if Jetty is used), unless "SSLv3" is explicitly
specified for the "secureSocketProtocol" parameter.</p><h2
id="TLSConfiguration-KeyManagers">Key Managers</h2><p>The Key Managers c
onfiguration item is used to retrieve key information. It is required for a
Server, but is only required for a Client when the Server requires Client
Authentication.</p><div class="code panel pdl" style="border-width: 1px;"><div
class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Key
Manager sample</b></div><div class="codeContent panelContent pdl">
<pre class="brush: xml; gutter: false; theme: Default"
style="font-size:12px;"> <httpj:tlsServerParameters>
...
<sec:keyManagers keyPassword="stskpass">
