You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ff...@apache.org on 2012/03/27 11:28:18 UTC
svn commit: r1305789 - in /cxf/branches/2.4.x-fixes: ./
api/src/main/java/org/apache/cxf/configuration/jsse/
api/src/main/resources/schemas/configuration/
rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/
rt/transports/http/s...
Author: ffang
Date: Tue Mar 27 09:28:18 2012
New Revision: 1305789
URL: http://svn.apache.org/viewvc?rev=1305789&view=rev
Log:
Merged revisions 1305786 via svnmerge from
https://svn.apache.org/repos/asf/cxf/branches/2.5.x-fixes
................
r1305786 | ffang | 2012-03-27 17:15:12 +0800 (二, 27 3 2012) | 9 lines
Merged revisions 1305775 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1305775 | ffang | 2012-03-27 16:30:32 +0800 (二, 27 3 2012) | 1 line
[CXF-4204]CXF https transport should support to specify the cert alias name
........
................
Added:
cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java
- copied unchanged from r1305786, cxf/branches/2.5.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/AliasedX509ExtendedKeyManager.java
Modified:
cxf/branches/2.4.x-fixes/ (props changed)
cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml
Propchange: cxf/branches/2.4.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java (original)
+++ cxf/branches/2.4.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java Tue Mar 27 09:28:18 2012
@@ -41,7 +41,7 @@ public class TLSParameterBase {
private CertificateConstraintsType certConstraints;
private SecureRandom secureRandom;
private String protocol;
-
+ private String certAlias;
/**
* Set the JSSE provider. If not set,
* it uses system default.
@@ -164,4 +164,19 @@ public class TLSParameterBase {
public String getSecureSocketProtocol() {
return protocol;
}
+
+ /**
+ * This parameter configures the cert alias used on server side
+ * this is useful when keystore has multiple certs
+ */
+ public final void setCertAlias(String ctAlias) {
+ certAlias = ctAlias;
+ }
+
+ /**
+ * This parameter retrieves the cert alias specified on server side
+ */
+ public String getCertAlias() {
+ return certAlias;
+ }
}
Modified: cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd (original)
+++ cxf/branches/2.4.x-fixes/api/src/main/resources/schemas/configuration/security.xsd Tue Mar 27 09:28:18 2012
@@ -432,6 +432,13 @@
</xs:documentation>
</xs:annotation>
</xs:element>
+ <xs:element name="certAlias" type="xs:string" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the Certificate Alias.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:all>
<xs:attribute name="useHttpsURLConnectionDefaultSslSocketFactory" type="pt:ParameterizedBoolean" default="false">
<xs:annotation>
@@ -542,6 +549,13 @@
</xs:documentation>
</xs:annotation>
</xs:element>
+ <xs:element name="certAlias" type="xs:string" minOccurs="0">
+ <xs:annotation>
+ <xs:documentation>
+ This element contains the Certificate Alias.
+ </xs:documentation>
+ </xs:annotation>
+ </xs:element>
</xs:all>
<xs:attribute name="jsseProvider" type="xs:string">
<xs:annotation>
Modified: cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/CXFJettySslSocketConnector.java Tue Mar 27 09:28:18 2012
@@ -26,11 +26,13 @@ import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
+import javax.net.ssl.X509KeyManager;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.ReflectionInvokationHandler;
import org.apache.cxf.configuration.security.ClientAuthentication;
import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
import org.apache.cxf.transport.https.SSLUtils;
import org.eclipse.jetty.server.ssl.SslSelectChannelConnector;
@@ -47,7 +49,7 @@ public class CXFJettySslSocketConnector
protected SecureRandom secureRandom;
protected List<String> cipherSuites;
protected FiltersType cipherSuitesFilter;
-
+
/**
* Set the cipherSuites
*/
@@ -83,6 +85,7 @@ public class CXFJettySslSocketConnector
secureRandom = random;
}
+
/**
* Set the ClientAuthentication (from the JAXB type) that
* configures an HTTP Destination.
@@ -114,6 +117,9 @@ public class CXFJettySslSocketConnector
? SSLContext.getInstance(proto)
: SSLContext.getInstance(proto, getCxfSslContextFactory().getProvider());
+ if (getCxfSslContextFactory().getCertAlias() != null) {
+ getKeyManagersWithCertAlias();
+ }
context.init(keyManagers, trustManagers, secureRandom);
String[] cs =
@@ -128,6 +134,17 @@ public class CXFJettySslSocketConnector
return context;
}
+ protected void getKeyManagersWithCertAlias() throws Exception {
+ if (getCxfSslContextFactory().getCertAlias() != null) {
+ for (int idx = 0; idx < keyManagers.length; idx++) {
+ if (keyManagers[idx] instanceof X509KeyManager) {
+ keyManagers[idx] = new AliasedX509ExtendedKeyManager(
+ getCxfSslContextFactory().getCertAlias(), (X509KeyManager)keyManagers[idx]);
+ }
+ }
+ }
+ }
+
public CxfSslContextFactory getCxfSslContextFactory() {
try {
Object o = getClass().getMethod("getSslContextFactory").invoke(this);
@@ -155,6 +172,10 @@ public class CXFJettySslSocketConnector
void setProtocol(String secureSocketProtocol);
void setProvider(String jsseProvider);
+
+ void setCertAlias(String certAlias);
+
+ String getCertAlias();
}
}
Modified: cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http-jetty/src/main/java/org/apache/cxf/transport/https_jetty/JettySslConnectorFactory.java Tue Mar 27 09:28:18 2012
@@ -87,6 +87,7 @@ public final class JettySslConnectorFact
con.getCxfSslContextFactory().setProvider(tlsServerParameters.getJsseProvider());
con.setCipherSuites(tlsServerParameters.getCipherSuites());
con.setCipherSuitesFilter(tlsServerParameters.getCipherSuitesFilter());
+ con.getCxfSslContextFactory().setCertAlias(tlsServerParameters.getCertAlias());
}
Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java Tue Mar 27 09:28:18 2012
@@ -116,6 +116,9 @@ public final class TLSClientParametersCo
if (params.isSetSslCacheTimeout()) {
ret.setSslCacheTimeout(params.getSslCacheTimeout());
}
+ if (params.isSetCertAlias()) {
+ ret.setCertAlias(params.getCertAlias());
+ }
return ret;
}
Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSServerParametersConfig.java Tue Mar 27 09:28:18 2012
@@ -69,5 +69,8 @@ public class TLSServerParametersConfig
if (params.isSetCertConstraints()) {
this.setCertConstraints(params.getCertConstraints());
}
+ if (params.isSetCertAlias()) {
+ this.setCertAlias(params.getCertAlias());
+ }
}
}
Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Tue Mar 27 09:28:18 2012
@@ -32,13 +32,16 @@ import java.util.logging.Logger;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
+import javax.net.ssl.X509KeyManager;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.ReflectionInvokationHandler;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
+
/**
* This HttpsURLConnectionFactory implements the HttpURLConnectionFactory
* for using the given SSL Policy to configure TLS connections for "https:"
@@ -147,7 +150,11 @@ public class HttpsURLConnectionFactory {
SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
.getInstance(protocol, provider);
ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
- ctx.init(tlsClientParameters.getKeyManagers(), tlsClientParameters.getTrustManagers(),
+ KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
+ if (tlsClientParameters.getCertAlias() != null) {
+ getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
+ }
+ ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
tlsClientParameters.getSecureRandom());
// The "false" argument means opposite of exclude.
@@ -239,6 +246,22 @@ public class HttpsURLConnectionFactory {
protected void addLogHandler(Handler handler) {
LOG.addHandler(handler);
}
+
+ protected void getKeyManagersWithCertAlias(TLSClientParameters tlsClientParameters,
+ KeyManager[] keyManagers) throws GeneralSecurityException {
+ if (tlsClientParameters.getCertAlias() != null) {
+ for (int idx = 0; idx < keyManagers.length; idx++) {
+ if (keyManagers[idx] instanceof X509KeyManager) {
+ try {
+ keyManagers[idx] = new AliasedX509ExtendedKeyManager(
+ tlsClientParameters.getCertAlias(), (X509KeyManager)keyManagers[idx]);
+ } catch (Exception e) {
+ throw new GeneralSecurityException(e);
+ }
+ }
+ }
+ }
+ }
}
Modified: cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml?rev=1305789&r1=1305788&r2=1305789&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml (original)
+++ cxf/branches/2.4.x-fixes/systests/transports/src/test/java/org/apache/cxf/systest/http/resources/jaxws-server.xml Tue Mar 27 09:28:18 2012
@@ -86,6 +86,8 @@ under the License.
<sec:keyStore type="JKS" password="password"
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
</sec:trustManagers>
+ <sec:clientAuthentication want="true" required="true"/>
+ <sec:certAlias>bethal</sec:certAlias>
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>
@@ -103,7 +105,8 @@ under the License.
<sec:keyStore type="JKS" password="password"
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
</sec:trustManagers>
+ <sec:certAlias>morpit</sec:certAlias>
</http:tlsClientParameters>
</http:conduit>
-</beans>
\ No newline at end of file
+</beans>