You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2013/08/27 18:44:03 UTC
svn commit: r1517872 - in /cxf/trunk:
core/src/main/java/org/apache/cxf/configuration/jsse/
rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/
rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/
rt/transports/http-n...
Author: sergeyb
Date: Tue Aug 27 16:44:02 2013
New Revision: 1517872
URL: http://svn.apache.org/r1517872
Log:
[CXF-5135] Support for HTTPS configuraion
Added:
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java (with props)
Modified:
cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java
cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java
cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java
cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml
Modified: cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
URL: http://svn.apache.org/viewvc/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java (original)
+++ cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java Tue Aug 27 16:44:02 2013
@@ -20,6 +20,7 @@ package org.apache.cxf.configuration.jss
import java.util.List;
+import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLSocketFactory;
/**
@@ -33,7 +34,23 @@ public class TLSClientParameters extends
private int sslCacheTimeout = 86400;
private boolean useHttpsURLConnectionDefaultSslSocketFactory;
private boolean useHttpsURLConnectionDefaultHostnameVerifier;
-
+ private HostnameVerifier hostnameVerifier;
+
+ /**
+ * Set custom HostnameVerifier
+ * @param verifier hostname verifier
+ */
+ public void setHostnameVerifier(HostnameVerifier verifier) {
+ hostnameVerifier = verifier;
+ }
+
+ /**
+ * Get custom HostnameVerifier
+ * @return hostname verifier
+ */
+ public HostnameVerifier getHostnameVerifier() {
+ return hostnameVerifier;
+ }
/**
* Set whether or not JSEE should omit checking if the host name
* specified in the URL matches that of the Common Name
Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java (original)
+++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientBuilderImpl.java Tue Aug 27 16:44:02 2013
@@ -22,7 +22,10 @@ import java.security.KeyStore;
import java.util.Map;
import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.ws.rs.ProcessingException;
import javax.ws.rs.RuntimeType;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
@@ -95,25 +98,44 @@ public class ClientBuilderImpl extends C
@Override
public ClientBuilder hostnameVerifier(HostnameVerifier verifier) {
- secConfig.setVerifier(verifier);
+ secConfig.getTlsClientParams().setHostnameVerifier(verifier);
return this;
}
@Override
public ClientBuilder sslContext(SSLContext sslContext) {
+ secConfig.getTlsClientParams().setKeyManagers(null);
+ secConfig.getTlsClientParams().setTrustManagers(null);
secConfig.setSslContext(sslContext);
return this;
}
@Override
public ClientBuilder keyStore(KeyStore store, char[] password) {
- // TODO Auto-generated method stub
+ secConfig.setSslContext(null);
+ try {
+ KeyManagerFactory tmf =
+ KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ tmf.init(store, password);
+ secConfig.getTlsClientParams().setKeyManagers(tmf.getKeyManagers());
+ } catch (Exception ex) {
+ throw new ProcessingException(ex);
+ }
return this;
}
@Override
public ClientBuilder trustStore(KeyStore store) {
- secConfig.setTrustStore(store);
+ secConfig.setSslContext(null);
+ try {
+ TrustManagerFactory tmf =
+ TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(store);
+ secConfig.getTlsClientParams().setTrustManagers(tmf.getTrustManagers());
+ } catch (Exception ex) {
+ throw new ProcessingException(ex);
+ }
+
return this;
}
Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java (original)
+++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/ClientImpl.java Tue Aug 27 16:44:02 2013
@@ -27,6 +27,7 @@ import java.util.Set;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
+import javax.ws.rs.ProcessingException;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Invocation.Builder;
import javax.ws.rs.client.WebTarget;
@@ -37,10 +38,12 @@ import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriBuilderException;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.jaxrs.client.ClientProviderFactory;
import org.apache.cxf.jaxrs.client.JAXRSClientFactoryBean;
import org.apache.cxf.jaxrs.client.WebClient;
import org.apache.cxf.jaxrs.model.FilterProviderInfo;
+import org.apache.cxf.transport.https.SSLUtils;
public class ClientImpl implements Client {
private Configurable<Client> configImpl;
@@ -97,13 +100,23 @@ public class ClientImpl implements Clien
@Override
public HostnameVerifier getHostnameVerifier() {
checkClosed();
- return secConfig.getVerifier();
+ return secConfig.getTlsClientParams().getHostnameVerifier();
}
@Override
public SSLContext getSslContext() {
checkClosed();
- return secConfig.getSslContext();
+ if (secConfig.getSslContext() != null) {
+ return secConfig.getSslContext();
+ } else if (secConfig.getTlsClientParams().getTrustManagers() != null) {
+ try {
+ return SSLUtils.getSSLContext(secConfig.getTlsClientParams());
+ } catch (Exception ex) {
+ throw new ProcessingException(ex);
+ }
+ } else {
+ return null;
+ }
}
private void checkClosed() {
@@ -205,6 +218,13 @@ public class ClientImpl implements Clien
pf.setDynamicConfiguration(getConfiguration());
WebClient.getConfig(targetClient).getRequestContext().putAll(getConfiguration().getProperties());
+ // TLS
+ TLSClientParameters tlsParams = secConfig.getTlsClientParams();
+ if (tlsParams.getSSLSocketFactory() != null
+ || tlsParams.getTrustManagers() != null) {
+ WebClient.getConfig(targetClient).getHttpConduit().setTlsClientParameters(tlsParams);
+ }
+
// start building the invocation
return new InvocationBuilderImpl(WebClient.fromClient(targetClient));
}
Modified: cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java (original)
+++ cxf/trunk/rt/rs/client/src/main/java/org/apache/cxf/jaxrs/client/spec/TLSConfiguration.java Tue Aug 27 16:44:02 2013
@@ -18,32 +18,31 @@
*/
package org.apache.cxf.jaxrs.client.spec;
-import java.security.KeyStore;
-
-import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.SSLContext;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+
public class TLSConfiguration {
private SSLContext sslContext;
- private HostnameVerifier verifier;
- private KeyStore trustStore;
+ private TLSClientParameters tlsClientParams = new TLSClientParameters();
+
public SSLContext getSslContext() {
return sslContext;
}
public void setSslContext(SSLContext sslContext) {
this.sslContext = sslContext;
+ if (sslContext == null) {
+ tlsClientParams.setSSLSocketFactory(null);
+ } else {
+ tlsClientParams.setSSLSocketFactory(sslContext.getSocketFactory());
+ }
}
- public HostnameVerifier getVerifier() {
- return verifier;
- }
- public void setVerifier(HostnameVerifier verifier) {
- this.verifier = verifier;
- }
- public KeyStore getTrustStore() {
- return trustStore;
+ public TLSClientParameters getTlsClientParams() {
+ return tlsClientParams;
}
- public void setTrustStore(KeyStore trustStore) {
- this.trustStore = trustStore;
+ public void setTlsClientParams(TLSClientParameters tlsClientParams) {
+ this.tlsClientParams = tlsClientParams;
}
+
}
Modified: cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java (original)
+++ cxf/trunk/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java Tue Aug 27 16:44:02 2013
@@ -41,7 +41,6 @@ import java.util.Map;
import java.util.concurrent.Future;
import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
@@ -65,7 +64,6 @@ import org.apache.cxf.transport.http.Hea
import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
import org.apache.cxf.transport.http.asyncclient.AsyncHTTPConduitFactory.UseAsyncPolicy;
import org.apache.cxf.transport.https.AliasedX509ExtendedKeyManager;
-import org.apache.cxf.transport.https.CertificateHostnameVerifier;
import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.apache.cxf.version.Version;
@@ -620,14 +618,8 @@ public class AsyncHTTPConduit extends UR
throw new IOException("No SSLSession detected");
}
}
- HostnameVerifier verifier;
- if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
- verifier = HttpsURLConnection.getDefaultHostnameVerifier();
- } else if (tlsClientParameters.isDisableCNCheck()) {
- verifier = CertificateHostnameVerifier.ALLOW_ALL;
- } else {
- verifier = CertificateHostnameVerifier.DEFAULT;
- }
+ HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils
+ .getHostnameVerifier(tlsClientParameters);
if (!verifier.verify(url.getHost(), session)) {
throw new IOException("Could not verify host " + url.getHost());
}
Modified: cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java (original)
+++ cxf/trunk/rt/transports/http-netty/netty-client/src/main/java/org/apache/cxf/transport/http/netty/client/NettyHttpConduit.java Tue Aug 27 16:44:02 2013
@@ -19,6 +19,7 @@
package org.apache.cxf.transport.http.netty.client;
+
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
@@ -36,7 +37,6 @@ import java.util.Map;
import java.util.Set;
import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLSession;
import org.apache.cxf.Bus;
@@ -49,7 +49,6 @@ import org.apache.cxf.message.MessageUti
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.http.Headers;
import org.apache.cxf.transport.http.URLConnectionHTTPConduit;
-import org.apache.cxf.transport.https.CertificateHostnameVerifier;
import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
import org.apache.cxf.version.Version;
@@ -70,6 +69,7 @@ import io.netty.handler.codec.http.HttpC
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.ssl.SslHandler;
+
public class NettyHttpConduit extends URLConnectionHTTPConduit implements BusLifeCycleListener {
public static final String USE_ASYNC = "use.async.http.conduit";
final NettyHttpConduitFactory factory;
@@ -328,14 +328,8 @@ public class NettyHttpConduit extends UR
}
connect(true);
- HostnameVerifier verifier;
- if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
- verifier = HttpsURLConnection.getDefaultHostnameVerifier();
- } else if (tlsClientParameters.isDisableCNCheck()) {
- verifier = CertificateHostnameVerifier.ALLOW_ALL;
- } else {
- verifier = CertificateHostnameVerifier.DEFAULT;
- }
+ HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils
+ .getHostnameVerifier(tlsClientParameters);
if (!verifier.verify(url.getHost(), session)) {
throw new IOException("Could not verify host " + url.getHost());
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Tue Aug 27 16:44:02 2013
@@ -179,14 +179,8 @@ public class HttpsURLConnectionFactory {
}
- HostnameVerifier verifier;
- if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
- verifier = HttpsURLConnection.getDefaultHostnameVerifier();
- } else if (tlsClientParameters.isDisableCNCheck()) {
- verifier = CertificateHostnameVerifier.ALLOW_ALL;
- } else {
- verifier = CertificateHostnameVerifier.DEFAULT;
- }
+ HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils
+ .getHostnameVerifier(tlsClientParameters);
if (connection instanceof HttpsURLConnection) {
// handle the expected case (javax.net.ssl)
Modified: cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original)
+++ cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Tue Aug 27 16:44:02 2013
@@ -20,6 +20,8 @@ package org.apache.cxf.transport.https;
import java.security.GeneralSecurityException;
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLEngine;
@@ -34,6 +36,21 @@ public final class SSLUtils {
//Helper class
}
+ public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters) {
+ HostnameVerifier verifier;
+
+ if (tlsClientParameters.getHostnameVerifier() != null) {
+ verifier = tlsClientParameters.getHostnameVerifier();
+ } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) {
+ verifier = HttpsURLConnection.getDefaultHostnameVerifier();
+ } else if (tlsClientParameters.isDisableCNCheck()) {
+ verifier = CertificateHostnameVerifier.ALLOW_ALL;
+ } else {
+ verifier = CertificateHostnameVerifier.DEFAULT;
+ }
+ return verifier;
+ }
+
public static SSLContext getSSLContext(TLSParameterBase parameters) throws Exception {
// TODO do we need to cache the context
String provider = parameters.getJsseProvider();
Added: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java?rev=1517872&view=auto
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java (added)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java Tue Aug 27 16:44:02 2013
@@ -0,0 +1,118 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.jaxrs.security;
+
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManagerFactory;
+import javax.ws.rs.client.Client;
+import javax.ws.rs.client.ClientBuilder;
+import javax.ws.rs.client.WebTarget;
+import javax.ws.rs.core.MediaType;
+
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.systest.jaxrs.Book;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.transport.https.CertificateHostnameVerifier;
+import org.apache.cxf.transport.https.SSLUtils;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class JAXRS20HttpsBookTest extends AbstractBusClientServerTestBase {
+ public static final String PORT = BookHttpsServer.PORT;
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue("server did not launch correctly",
+ launchServer(BookHttpsServer.class, true));
+ }
+
+ @Test
+ public void testGetBook() throws Exception {
+
+ ClientBuilder builder = ClientBuilder.newBuilder();
+
+ KeyStore trustStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks",
+ "password");
+
+ builder.trustStore(trustStore);
+ builder.hostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
+
+ KeyStore keyStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks",
+ "password");
+ builder.keyStore(keyStore, "password");
+
+ Client client = builder.build();
+
+ WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123");
+ Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class);
+ assertEquals(123, b.getId());
+ }
+
+ @Test
+ public void testGetBookSslContext() throws Exception {
+
+ ClientBuilder builder = ClientBuilder.newBuilder();
+
+ SSLContext sslContext = createSSLContext();
+ builder.sslContext(sslContext);
+
+ builder.hostnameVerifier(CertificateHostnameVerifier.ALLOW_ALL);
+
+
+ Client client = builder.build();
+
+ WebTarget target = client.target("https://localhost:" + PORT + "/bookstore/securebooks/123");
+ Book b = target.request().accept(MediaType.APPLICATION_XML_TYPE).get(Book.class);
+ assertEquals(123, b.getId());
+ }
+
+ private KeyStore loadStore(String trustStoreFile, String password) throws Exception {
+ KeyStore store = KeyStore.getInstance("JKS");
+ store.load(new FileInputStream(trustStoreFile), password.toCharArray());
+ return store;
+ }
+
+ private SSLContext createSSLContext() throws Exception {
+ TLSClientParameters tlsParams = new TLSClientParameters();
+
+ KeyStore trustStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks",
+ "password");
+
+ TrustManagerFactory tmf =
+ TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
+ tmf.init(trustStore);
+ tlsParams.setTrustManagers(tmf.getTrustManagers());
+
+ KeyStore keyStore = loadStore("src/test/java/org/apache/cxf/systest/http/resources/Morpit.jks",
+ "password");
+
+ KeyManagerFactory kmf =
+ KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ kmf.init(keyStore, "password".toCharArray());
+ tlsParams.setKeyManagers(kmf.getKeyManagers());
+
+ return SSLUtils.getSSLContext(tlsParams);
+ }
+}
Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/JAXRS20HttpsBookTest.java
------------------------------------------------------------------------------
svn:keywords = Rev Date
Modified: cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml?rev=1517872&r1=1517871&r2=1517872&view=diff
==============================================================================
--- cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml (original)
+++ cxf/trunk/systests/jaxrs/src/test/java/org/apache/cxf/systest/jaxrs/security/jaxrs-https-server.xml Tue Aug 27 16:44:02 2013
@@ -43,6 +43,15 @@ under the License.
<sec:keyStore type="JKS" password="password"
file="src/test/java/org/apache/cxf/systest/http/resources/Truststore.jks"/>
</sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true" />
</httpj:tlsServerParameters>
</httpj:engine>
</httpj:engine-factory>