You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/17 13:48:06 UTC
[2/3] cxf git commit: CXF-7252 -
TLSParameterJaxBUtils.getTrustManagers getting password from wrong system
property
CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
# Conflicts:
# core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
# core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6e7c86d2
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6e7c86d2
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6e7c86d2
Branch: refs/heads/3.1.x-fixes
Commit: 6e7c86d202f19a6159ee7c7b888504f39a65090b
Parents: 15aa0d6
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Feb 17 13:44:40 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Feb 17 13:46:22 2017 +0000
----------------------------------------------------------------------
.../apache/cxf/configuration/jsse/SSLUtils.java | 44 ++++++++++++++++++++
.../jsse/TLSParameterJaxBUtils.java | 35 +++++++++++++---
2 files changed, 74 insertions(+), 5 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7c86d2/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index 4132b35..71f24fd 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -559,14 +559,23 @@ public final class SSLUtils {
}
public static String getTrustStoreType(String trustStoreType, Logger log) {
+ return getTrustStoreType(trustStoreType, log, DEFAULT_TRUST_STORE_TYPE);
+ }
+
+ public static String getTrustStoreType(String trustStoreType, Logger log, String def) {
String logMsg = null;
if (trustStoreType != null) {
logMsg = "TRUST_STORE_TYPE_SET";
} else {
//Can default to JKS
trustStoreType = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType");
+<<<<<<< HEAD
if (trustStoreType == null) {
trustStoreType = DEFAULT_TRUST_STORE_TYPE;
+=======
+ if (trustStoreType == null) {
+ trustStoreType = def;
+>>>>>>> 19a4d72... CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
logMsg = "TRUST_STORE_TYPE_NOT_SET";
} else {
logMsg = "TRUST_STORE_TYPE_SYSTEM_SET";
@@ -576,6 +585,41 @@ public final class SSLUtils {
return trustStoreType;
}
+<<<<<<< HEAD
+=======
+ public static String getTruststorePassword(String trustStorePassword,
+ Logger log) {
+ String logMsg = null;
+ if (trustStorePassword != null) {
+ logMsg = "TRUST_STORE_PASSWORD_SET";
+ } else {
+ trustStorePassword =
+ SystemPropertyAction.getProperty("javax.net.ssl.trustStorePassword");
+ logMsg = trustStorePassword != null
+ ? "TRUST_STORE_PASSWORD_SYSTEM_PROPERTY_SET"
+ : "TRUST_STORE_PASSWORD_NOT_SET";
+ }
+ LogUtils.log(log, Level.FINE, logMsg);
+ return trustStorePassword;
+ }
+
+ public static String getTruststoreProvider(String trustStoreProvider, Logger log) {
+ String logMsg = null;
+ if (trustStoreProvider != null) {
+ logMsg = "TRUST_STORE_PROVIDER_SET";
+ } else {
+ trustStoreProvider = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreProvider", null);
+ if (trustStoreProvider == null) {
+ logMsg = "TRUST_STORE_PROVIDER_NOT_SET";
+ } else {
+ logMsg = "TRUST_STORE_PROVIDER_SYSTEM_SET";
+ }
+ }
+ LogUtils.log(log, Level.FINE, logMsg, trustStoreProvider);
+ return trustStoreProvider;
+ }
+
+>>>>>>> 19a4d72... CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
public static String getSecureSocketProtocol(String secureSocketProtocol,
Logger log) {
if (secureSocketProtocol != null) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/6e7c86d2/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
index e8743b7..44eca7b 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
@@ -95,31 +95,56 @@ public final class TLSParameterJaxBUtils {
}
return secureRandom;
}
+
+ public static KeyStore getKeyStore(KeyStoreType kst) throws GeneralSecurityException, IOException {
+ return getKeyStore(kst, false);
+ }
+
/**
* This method converts a JAXB generated KeyStoreType into a KeyStore.
*/
- public static KeyStore getKeyStore(KeyStoreType kst)
+ public static KeyStore getKeyStore(KeyStoreType kst, boolean trustStore)
throws GeneralSecurityException,
IOException {
if (kst == null) {
return null;
}
- String type = SSLUtils.getKeystoreType(kst.isSetType()
+ String type = null;
+ if (trustStore) {
+ type = SSLUtils.getTrustStoreType(kst.isSetType()
+ ? kst.getType() : null, LOG, KeyStore.getDefaultType());
+ } else {
+ type = SSLUtils.getKeystoreType(kst.isSetType()
? kst.getType() : null, LOG, KeyStore.getDefaultType());
+ }
char[] password = kst.isSetPassword()
? deobfuscate(kst.getPassword())
: null;
if (password == null) {
- String tmp = SSLUtils.getKeystorePassword(null, LOG);
+ String tmp = null;
+ if (trustStore) {
+ tmp = SSLUtils.getTruststorePassword(null, LOG);
+ } else {
+ tmp = SSLUtils.getKeystorePassword(null, LOG);
+ }
if (tmp != null) {
password = tmp.toCharArray();
}
}
+<<<<<<< HEAD
String provider = SSLUtils.getKeystoreProvider(kst.isSetProvider()
? kst.getProvider() : null,
LOG);
+=======
+ String provider = null;
+ if (trustStore) {
+ provider = SSLUtils.getTruststoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG);
+ } else {
+ provider = SSLUtils.getKeystoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG);
+ }
+>>>>>>> 19a4d72... CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
KeyStore keyStore = provider == null
? KeyStore.getInstance(type)
: KeyStore.getInstance(type, provider);
@@ -256,7 +281,7 @@ public final class TLSParameterJaxBUtils {
throws GeneralSecurityException,
IOException {
- KeyStore keyStore = getKeyStore(kmc.getKeyStore());
+ KeyStore keyStore = getKeyStore(kmc.getKeyStore(), false);
String alg = kmc.isSetFactoryAlgorithm()
? kmc.getFactoryAlgorithm()
@@ -316,7 +341,7 @@ public final class TLSParameterJaxBUtils {
final KeyStore keyStore =
tmc.isSetKeyStore()
- ? getKeyStore(tmc.getKeyStore())
+ ? getKeyStore(tmc.getKeyStore(), true)
: (tmc.isSetCertStore()
? getKeyStore(tmc.getCertStore())
: (KeyStore) null);