You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/20 17:41:22 UTC
[3/3] cxf git commit: [CXF-6359] - NullPointerException when
certAlias specified but no keyManagers are configured. Thanks to Tom Pasierb
for the patch
[CXF-6359] - NullPointerException when certAlias specified but no keyManagers are configured. Thanks to Tom Pasierb for the patch
Conflicts:
rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/3102eb53
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/3102eb53
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/3102eb53
Branch: refs/heads/2.7.x-fixes
Commit: 3102eb53f1d049e77b7e556efadded2435beee60
Parents: 20b341b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Mon Apr 20 11:44:12 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Mon Apr 20 16:41:15 2015 +0100
----------------------------------------------------------------------
.../https/HttpsURLConnectionFactory.java | 11 +-
.../https/HttpsURLConnectionFactoryTest.java | 128 +++++++++++++++++++
.../transport/https/resources/defaultkeystore2 | Bin 0 -> 2240 bytes
3 files changed, 138 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/3102eb53/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
index 992280d..f7afe64 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
@@ -163,12 +163,21 @@ public class HttpsURLConnectionFactory {
.getInstance(protocol, provider);
ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
+<<<<<<< HEAD
if (tlsClientParameters.getCertAlias() != null) {
getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
}
if (keyManagers == null) {
keyManagers = SSLUtils.getDefaultKeyStoreManagers(LOG);
}
+=======
+ if (keyManagers == null) {
+ keyManagers = SSLUtils.getDefaultKeyStoreManagers(LOG);
+ }
+ if (tlsClientParameters.getCertAlias() != null) {
+ getKeyManagersWithCertAlias(tlsClientParameters, keyManagers);
+ }
+>>>>>>> d657398... [CXF-6359] - NullPointerException when certAlias specified but no keyManagers are configured. Thanks to Tom Pasierb for the patch
ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
tlsClientParameters.getSecureRandom());
@@ -266,7 +275,7 @@ public class HttpsURLConnectionFactory {
protected void getKeyManagersWithCertAlias(TLSClientParameters tlsClientParameters,
KeyManager[] keyManagers) throws GeneralSecurityException {
- if (tlsClientParameters.getCertAlias() != null) {
+ if (tlsClientParameters.getCertAlias() != null && keyManagers != null) {
for (int idx = 0; idx < keyManagers.length; idx++) {
if (keyManagers[idx] instanceof X509KeyManager
&& !(keyManagers[idx] instanceof AliasedX509ExtendedKeyManager)) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/3102eb53/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
new file mode 100644
index 0000000..0a7a17c
--- /dev/null
+++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/HttpsURLConnectionFactoryTest.java
@@ -0,0 +1,128 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.https;
+
+import java.lang.reflect.Field;
+import javax.net.ssl.HttpsURLConnection;
+
+import org.apache.cxf.common.util.ReflectionUtil;
+import org.apache.cxf.configuration.jsse.SSLUtils;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.easymock.EasyMock;
+import org.junit.Assert;
+import org.junit.Test;
+
+public class HttpsURLConnectionFactoryTest {
+
+ @Test
+ public void noExplicitKeystoreNoCertAlias() throws Exception {
+ clearDefaults();
+ System.clearProperty("javax.net.ssl.keyStore");
+ System.clearProperty("javax.net.ssl.keyStorePassword");
+
+ HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+ Assert.assertNull(factory.socketFactory);
+
+ TLSClientParameters tlsClientParams = new TLSClientParameters();
+ tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+
+ HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+ try {
+ factory.decorateWithTLS(tlsClientParams, conn);
+ } catch (NullPointerException e) {
+ Assert.fail("should not fail with NullPointerException");
+ }
+ }
+
+ @Test
+ public void noExplicitKeystoreWithCertAlias() throws Exception {
+ clearDefaults();
+ System.clearProperty("javax.net.ssl.keyStore");
+ System.clearProperty("javax.net.ssl.keyStorePassword");
+
+ HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+ Assert.assertNull(factory.socketFactory);
+
+ TLSClientParameters tlsClientParams = new TLSClientParameters();
+ tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+ tlsClientParams.setCertAlias("someAlias");
+
+ HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+ try {
+ factory.decorateWithTLS(tlsClientParams, conn);
+ } catch (NullPointerException e) {
+ Assert.fail("should not fail with NullPointerException");
+ }
+ }
+
+ @Test
+ public void defaultKeystoreNoCertAlias() throws Exception {
+ clearDefaults();
+ String keystorePath = getClass().getResource("resources/defaultkeystore2").getPath();
+ System.setProperty("javax.net.ssl.keyStore", keystorePath);
+ System.setProperty("javax.net.ssl.keyStorePassword", "123456");
+
+ HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+ Assert.assertNull(factory.socketFactory);
+
+ TLSClientParameters tlsClientParams = new TLSClientParameters();
+ tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+
+ HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+ try {
+ factory.decorateWithTLS(tlsClientParams, conn);
+ } catch (NullPointerException e) {
+ Assert.fail("should not fail with NullPointerException");
+ }
+ }
+
+ @Test
+ public void defaultKeystoreWithCertAlias() throws Exception {
+ clearDefaults();
+ String keystorePath = getClass().getResource("resources/defaultkeystore2").getPath();
+ System.setProperty("javax.net.ssl.keyStore", keystorePath);
+ System.setProperty("javax.net.ssl.keyStorePassword", "123456");
+
+ HttpsURLConnectionFactory factory = new HttpsURLConnectionFactory();
+ Assert.assertNull(factory.socketFactory);
+
+ TLSClientParameters tlsClientParams = new TLSClientParameters();
+ tlsClientParams.setUseHttpsURLConnectionDefaultSslSocketFactory(false);
+ tlsClientParams.setCertAlias("someAlias");
+
+ HttpsURLConnection conn = EasyMock.createMock(HttpsURLConnection.class);
+
+ try {
+ factory.decorateWithTLS(tlsClientParams, conn);
+ } catch (NullPointerException e) {
+ Assert.fail("should not fail with NullPointerException");
+ }
+ }
+
+ private void clearDefaults() throws IllegalAccessException {
+ Field defaultManagers = ReflectionUtil.getDeclaredField(SSLUtils.class, "defaultManagers");
+ ReflectionUtil.setAccessible(defaultManagers);
+
+ defaultManagers.set(SSLUtils.class, null);
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/3102eb53/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2 b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2
new file mode 100644
index 0000000..195e1f3
Binary files /dev/null and b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/resources/defaultkeystore2 differ