You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/12/17 19:02:09 UTC
[5/5] cxf git commit: Fix for last commit
Fix for last commit
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/28c26cea
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/28c26cea
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/28c26cea
Branch: refs/heads/2.7.x-fixes
Commit: 28c26ceadf867116cf4faf56823e749373bd4410
Parents: ec245d8
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Dec 17 18:01:56 2014 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Dec 17 18:01:56 2014 +0000
----------------------------------------------------------------------
.../https/HttpsURLConnectionFactory.java | 6 +-
.../apache/cxf/transport/https/SSLUtils.java | 116 -------------------
2 files changed, 4 insertions(+), 118 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/28c26cea/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index cd03a91..992280d 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -42,6 +42,8 @@ import org.apache.cxf.common.util.ReflectionInvokationHandler;
import org.apache.cxf.common.util.ReflectionUtil;
import org.apache.cxf.configuration.jsse.SSLUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier;
+import org.apache.cxf.transport.https.httpclient.PublicSuffixMatcherLoader;
/**
@@ -188,9 +190,9 @@ public class HttpsURLConnectionFactory {
if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
verifier = HttpsURLConnection.getDefaultHostnameVerifier();
} else if (tlsClientParameters.isDisableCNCheck()) {
- verifier = CertificateHostnameVerifier.ALLOW_ALL;
+ verifier = new AllowAllHostnameVerifier();
} else {
- verifier = CertificateHostnameVerifier.DEFAULT;
+ verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
}
if (connection instanceof HttpsURLConnection) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/28c26cea/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
deleted file mode 100644
index 183f80e..0000000
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
+++ /dev/null
@@ -1,116 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.transport.https;
-
-import java.security.GeneralSecurityException;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
-import javax.net.ssl.X509KeyManager;
-
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
-import org.apache.cxf.configuration.jsse.TLSParameterBase;
-import org.apache.cxf.configuration.jsse.TLSServerParameters;
-
-import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier;
-import org.apache.cxf.transport.https.httpclient.PublicSuffixMatcherLoader;
-
-public final class SSLUtils {
- private SSLUtils() {
- //Helper class
- }
-
- public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters) {
- HostnameVerifier verifier;
-
- if (tlsClientParameters.getHostnameVerifier() != null) {
- verifier = tlsClientParameters.getHostnameVerifier();
- } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
- verifier = HttpsURLConnection.getDefaultHostnameVerifier();
- } else if (tlsClientParameters.isDisableCNCheck()) {
- verifier = new AllowAllHostnameVerifier();
- } else {
- verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault());
- }
- return verifier;
- }
-
- public static SSLContext getSSLContext(TLSParameterBase parameters) throws Exception {
- // TODO do we need to cache the context
- String provider = parameters.getJsseProvider();
-
- String protocol = parameters.getSecureSocketProtocol() != null ? parameters
- .getSecureSocketProtocol() : "TLS";
-
- SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
- .getInstance(protocol, provider);
-
- if (parameters instanceof TLSClientParameters) {
- ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout());
- }
-
- // TODO setting on the server side
-
- KeyManager[] keyManagers = parameters.getKeyManagers();
- if (parameters.getCertAlias() != null) {
- getKeyManagersWithCertAlias(parameters, keyManagers);
- }
- ctx.init(keyManagers, parameters.getTrustManagers(),
- parameters.getSecureRandom());
-
- return ctx;
- }
-
- protected static void getKeyManagersWithCertAlias(TLSParameterBase tlsParameters,
- KeyManager[] keyManagers)
- throws GeneralSecurityException {
- if (tlsParameters.getCertAlias() != null) {
- for (int idx = 0; idx < keyManagers.length; idx++) {
- if (keyManagers[idx] instanceof X509KeyManager) {
- try {
- keyManagers[idx] = new AliasedX509ExtendedKeyManager(tlsParameters.getCertAlias(),
- (X509KeyManager)keyManagers[idx]);
- } catch (Exception e) {
- throw new GeneralSecurityException(e);
- }
- }
- }
- }
- }
-
- public static SSLEngine createServerSSLEngine(TLSServerParameters parameters) throws Exception {
- SSLContext sslContext = getSSLContext(parameters);
- SSLEngine serverEngine = sslContext.createSSLEngine();
- serverEngine.setUseClientMode(false);
- serverEngine.setNeedClientAuth(parameters.getClientAuthentication().isRequired());
- return serverEngine;
- }
-
- public static SSLEngine createClientSSLEngine(TLSClientParameters parameters) throws Exception {
- SSLContext sslContext = getSSLContext(parameters);
- SSLEngine clientEngine = sslContext.createSSLEngine();
- clientEngine.setUseClientMode(true);
- return clientEngine;
- }
-
-
-}