You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by dk...@apache.org on 2011/08/10 22:00:27 UTC
svn commit: r1156344 - in /cxf/branches/2.4.x-fixes: ./
rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
Author: dkulp
Date: Wed Aug 10 20:00:27 2011
New Revision: 1156344
URL: http://svn.apache.org/viewvc?rev=1156344&view=rev
Log:
Merged revisions 1156343 via svnmerge from
https://svn.apache.org/repos/asf/cxf/trunk
........
r1156343 | dkulp | 2011-08-10 15:59:20 -0400 (Wed, 10 Aug 2011) | 2 lines
[CXF-3729] Allow use keystores with empty file/url/resource.
Patch from Sergey Zhemzhitsky applied
........
Modified:
cxf/branches/2.4.x-fixes/ (props changed)
cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
Propchange: cxf/branches/2.4.x-fixes/
------------------------------------------------------------------------------
Binary property 'svnmerge-integrated' - no diff available.
Modified: cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java?rev=1156344&r1=1156343&r2=1156344&view=diff
==============================================================================
--- cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java (original)
+++ cxf/branches/2.4.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSParameterJaxBUtils.java Wed Aug 10 20:00:27 2011
@@ -47,13 +47,13 @@ import org.apache.cxf.configuration.secu
import org.apache.cxf.configuration.security.TrustManagersType;
/**
- * This class provides some functionality to convert the JAXB
+ * This class provides some functionality to convert the JAXB
* generated types in the security.xsd to the items needed
* to programatically configure the HTTPConduit and HTTPDestination
* with TLSClientParameters and TLSServerParameters respectively.
*/
public final class TLSParameterJaxBUtils {
-
+
private static final Logger LOG =
LogUtils.getL7dLogger(TLSParameterJaxBUtils.class);
@@ -69,14 +69,14 @@ public final class TLSParameterJaxBUtils
SecureRandom secureRandom = null;
if (secureRandomParams != null) {
- String secureRandomAlg =
+ String secureRandomAlg =
secureRandomParams.getAlgorithm();
String randomProvider =
secureRandomParams.getProvider();
if (randomProvider != null) {
secureRandom = secureRandomAlg != null
? SecureRandom.getInstance(
- secureRandomAlg,
+ secureRandomAlg,
randomProvider)
: null;
} else {
@@ -94,14 +94,14 @@ public final class TLSParameterJaxBUtils
public static KeyStore getKeyStore(KeyStoreType kst)
throws GeneralSecurityException,
IOException {
-
+
if (kst == null) {
return null;
}
String type = kst.isSetType()
? kst.getType()
: KeyStore.getDefaultType();
-
+
char[] password = kst.isSetPassword()
? kst.getPassword().toCharArray()
: null;
@@ -109,37 +109,33 @@ public final class TLSParameterJaxBUtils
KeyStore keyStore = !kst.isSetProvider()
? KeyStore.getInstance(type)
: KeyStore.getInstance(type, kst.getProvider());
-
- if (!"PKCS11".equals(type)) {
- if (kst.isSetFile()) {
- keyStore.load(new FileInputStream(kst.getFile()), password);
- }
- if (kst.isSetResource()) {
- final java.io.InputStream is =
- ClassLoaderUtils.getResourceAsStream(kst.getResource(), kst.getClass());
- if (is == null) {
- final String msg =
- "Could not load keystore resource " + kst.getResource();
- LOG.severe(msg);
- throw new java.io.IOException(msg);
- }
- keyStore.load(is, password);
- }
- if (kst.isSetUrl()) {
- keyStore.load(new URL(kst.getUrl()).openStream(), password);
+
+ if (kst.isSetFile()) {
+ keyStore.load(new FileInputStream(kst.getFile()), password);
+ } else if (kst.isSetResource()) {
+ final java.io.InputStream is =
+ ClassLoaderUtils.getResourceAsStream(kst.getResource(), kst.getClass());
+ if (is == null) {
+ final String msg =
+ "Could not load keystore resource " + kst.getResource();
+ LOG.severe(msg);
+ throw new java.io.IOException(msg);
}
+ keyStore.load(is, password);
+ } else if (kst.isSetUrl()) {
+ keyStore.load(new URL(kst.getUrl()).openStream(), password);
} else {
keyStore.load(null, password);
}
return keyStore;
}
-
+
/**
* This method converts a JAXB generated CertStoreType into a KeyStore.
*/
public static KeyStore getKeyStore(final CertStoreType pst)
throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
-
+
if (pst == null) {
return null;
}
@@ -164,80 +160,80 @@ public final class TLSParameterJaxBUtils
// TODO error?
return null;
}
-
+
/**
* Create a KeyStore containing the trusted CA certificates contained
* in the supplied input stream.
*/
private static KeyStore createTrustStore(final java.io.InputStream is)
throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
-
+
final Collection<? extends Certificate> certs = loadCertificates(is);
- final KeyStore keyStore =
+ final KeyStore keyStore =
KeyStore.getInstance(KeyStore.getDefaultType());
keyStore.load(null, null);
for (Certificate cert : certs) {
final X509Certificate xcert = (X509Certificate) cert;
keyStore.setCertificateEntry(
- xcert.getSubjectX500Principal().getName(),
+ xcert.getSubjectX500Principal().getName(),
cert
);
}
return keyStore;
}
-
+
/**
* load the certificates as X.509 certificates
*/
- private static Collection<? extends Certificate>
+ private static Collection<? extends Certificate>
loadCertificates(final java.io.InputStream is)
throws IOException, CertificateException {
-
+
final CertificateFactory factory = CertificateFactory.getInstance("X.509");
return factory.generateCertificates(is);
}
/**
- * This method converts the JAXB KeyManagersType into a list of
+ * This method converts the JAXB KeyManagersType into a list of
* JSSE KeyManagers.
*/
- public static KeyManager[] getKeyManagers(KeyManagersType kmc)
+ public static KeyManager[] getKeyManagers(KeyManagersType kmc)
throws GeneralSecurityException,
IOException {
-
+
KeyStore keyStore = getKeyStore(kmc.getKeyStore());
-
+
if (keyStore == null) {
return null;
}
-
- String alg = kmc.isSetFactoryAlgorithm()
+
+ String alg = kmc.isSetFactoryAlgorithm()
? kmc.getFactoryAlgorithm()
: KeyManagerFactory.getDefaultAlgorithm();
-
+
char[] keyPass = kmc.isSetKeyPassword()
? kmc.getKeyPassword().toCharArray()
: null;
-
- KeyManagerFactory fac =
+
+ KeyManagerFactory fac =
kmc.isSetProvider()
? KeyManagerFactory.getInstance(alg, kmc.getProvider())
: KeyManagerFactory.getInstance(alg);
-
+
fac.init(keyStore, keyPass);
-
+
return fac.getKeyManagers();
}
/**
- * This method converts the JAXB KeyManagersType into a list of
+ * This method converts the JAXB KeyManagersType into a list of
* JSSE TrustManagers.
*/
- public static TrustManager[] getTrustManagers(TrustManagersType tmc)
+ public static TrustManager[] getTrustManagers(TrustManagersType tmc)
throws GeneralSecurityException,
IOException {
-
- final KeyStore keyStore =
+
+ final KeyStore keyStore =
tmc.isSetKeyStore()
? getKeyStore(tmc.getKeyStore())
: (tmc.isSetCertStore()
@@ -246,18 +242,18 @@ public final class TLSParameterJaxBUtils
if (keyStore == null) {
return null;
}
-
+
String alg = tmc.isSetFactoryAlgorithm()
? tmc.getFactoryAlgorithm()
: KeyManagerFactory.getDefaultAlgorithm();
-
- TrustManagerFactory fac =
+
+ TrustManagerFactory fac =
tmc.isSetProvider()
? TrustManagerFactory.getInstance(alg, tmc.getProvider())
: TrustManagerFactory.getInstance(alg);
-
+
fac.init(keyStore);
-
+
return fac.getTrustManagers();
}
}