You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by bu...@apache.org on 2017/03/23 14:47:45 UTC

svn commit: r1008856 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html docs/tls-configuration.html

Author: buildbot
Date: Thu Mar 23 14:47:45 2017
New Revision: 1008856

Log:
Production update by buildbot for cxf

Modified:
    websites/production/cxf/content/cache/docs.pageCache
    websites/production/cxf/content/docs/jax-rs-jose.html
    websites/production/cxf/content/docs/tls-configuration.html

Modified: websites/production/cxf/content/cache/docs.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/cxf/content/docs/jax-rs-jose.html
==============================================================================
--- websites/production/cxf/content/docs/jax-rs-jose.html (original)
+++ websites/production/cxf/content/docs/jax-rs-jose.html Thu Mar 23 14:47:45 2017
@@ -119,11 +119,11 @@ Apache CXF -- JAX-RS JOSE
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p>&#160;</p><p>&#160;</p><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1470318419994 {padding: 0px;}
-div.rbtoc1470318419994 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1470318419994 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1490280432451 {padding: 0px;}
+div.rbtoc1490280432451 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1490280432451 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1470318419994">
+/*]]>*/</style></p><div class="toc-macro rbtoc1490280432451">
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-Introduction">Introduction</a></li><li><a shape="rect" href="#JAX-RSJOSE-MavenDependencies">Maven Dependencies</a></li><li><a shape="rect" href="#JAX-RSJOSE-JavaandJCEPolicy">Java and JCE Policy&#160;</a></li><li><a shape="rect" href="#JAX-RSJOSE-JOSEOverviewandImplementation">JOSE Overview and Implementation</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-JWAAlgorithms">JWA Algorithms</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWKKeys">JWK Keys</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSSignature">JWS Signature</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#JAX-RSJOSE-SignatureandVerificationProviders">Signature and Verification Providers</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSCompact">JWS Compact</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSJSON">JWS JSON</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithDetachedContent">JWS with Detached Content</a></li><li><a shape="rect" href="#JAX-RSJOSE-JWSwithUnencodedPayload">JWS with Unencoded Payload</a></li></ul>
@@ -329,7 +329,14 @@ KeyEncryptionProvider keyEncryption2 = J
 
 
 // Create ContentEncryptionProvider:
-ContentEncryptionProvider contentEncryption = new AesGcmContentEncryptionAlgorithm(CEK_BYTES, ContentAlgorithm.A128GCM);
+// Starting from CXF 3.1.11:
+ContentEncryptionProvider contentEncryption = new AesGcmContentEncryptionAlgorithm(ContentAlgorithm.A128GCM, true);
+// or 
+// ContentEncryptionProvider contentEncryption = JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM, true);
+
+// Before CXF 3.1.1 a CEK needs to be pre-generated when dealing with multiple recipients:
+//ContentEncryptionProvider contentEncryption = new AesGcmContentEncryptionAlgorithm(CEK_BYTES, ContentAlgorithm.A128GCM);
+
 // If a single recipient then this line is enough:
 //ContentEncryptionProvider contentEncryption = JweUtils.getContentEncryptionProvider(ContentAlgorithm.A128GCM);
 

Modified: websites/production/cxf/content/docs/tls-configuration.html
==============================================================================
--- websites/production/cxf/content/docs/tls-configuration.html (original)
+++ websites/production/cxf/content/docs/tls-configuration.html Thu Mar 23 14:47:45 2017
@@ -117,11 +117,11 @@ Apache CXF -- TLS Configuration
            <!-- Content -->
            <div class="wiki-content">
 <div id="ConfluenceContent"><p><style type="text/css">/*<![CDATA[*/
-div.rbtoc1435780155861 {padding: 0px;}
-div.rbtoc1435780155861 ul {list-style: disc;margin-left: 0px;}
-div.rbtoc1435780155861 li {margin-left: 0px;padding-left: 0px;}
+div.rbtoc1490280431469 {padding: 0px;}
+div.rbtoc1490280431469 ul {list-style: disc;margin-left: 0px;}
+div.rbtoc1490280431469 li {margin-left: 0px;padding-left: 0px;}
 
-/*]]>*/</style></p><div class="toc-macro rbtoc1435780155861">
+/*]]>*/</style></p><div class="toc-macro rbtoc1490280431469">
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS Parameters common to both Clients and Servers</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-KeyManagers">Key Managers</a></li><li><a shape="rect" href="#TLSConfiguration-TrustManagers">Trust Managers</a></li><li><a shape="rect" href="#TLSConfiguration-CipherSuitesFilter">CipherSuites Filter</a></li><li><a shape="rect" href="#TLSConfiguration-CertConstraints">Cert Constraints</a></li></ul>
 </li><li><a shape="rect" href="#TLSConfiguration-ClientTLSParameters">Client TLS Parameters</a>
@@ -129,7 +129,7 @@ div.rbtoc1435780155861 li {margin-left:
 </li><li><a shape="rect" href="#TLSConfiguration-ServerTLSParameters">Server TLS Parameters</a>
 <ul class="toc-indentation"><li><a shape="rect" href="#TLSConfiguration-ClientAuthentication">Client Authentication</a></li></ul>
 </li></ul>
-</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS Parameters common to both Clients and Servers</h1><p>The TLS Parameters common to both Clients and Servers are given <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a>:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Key Managers to hold X509 certificates.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>tru
 stManagers</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Trust Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>TrustManagers to validate peer X509 certificates.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>jsseProvider</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default provider associated with protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE provider name.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuites</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be supported.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" class="confluenceTd
 "><p>filters of the supported CipherSuites that will be supported and used if available.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>certConstraints</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Certificate Constraints specification.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure Random</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom specification.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example are "SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><co
 de>certAlias</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Cert alias to use. Useful when keystore has multiple certs.</p></td></tr></tbody></table></div><p>&#160;</p><p>Note that from CXF 3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the client side, and on the service side (if Jetty is used), unless "SSLv3" is explicitly specified for the "secureSocketProtocol" parameter.</p><h2 id="TLSConfiguration-KeyManagers">Key Managers</h2><p>The Key Managers configuration item is used to retrieve key information. It is required for a Server, but is only required for a Client when the Server requires Client Authentication.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Key Manager sample</b></div><div class="codeContent panelContent pdl">
+</div><h1 id="TLSConfiguration-TLSParameterscommontobothClientsandServers">TLS Parameters common to both Clients and Servers</h1><p>The TLS Parameters common to both Clients and Servers are given <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/cxf/trunk/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterBase.java">here</a>:</p><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Attribute</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>keyManagers</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Key Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Key Managers to hold X509 certificates.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>tru
 stManagers</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Trust Managers</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>TrustManagers to validate peer X509 certificates.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>jsseProvider</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default provider associated with protocol</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JSSE provider name.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuites</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default cipher suites</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>CipherSuites that will be supported.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>cipherSuitesFilter</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" class="confluenceTd
 "><p>filters of the supported CipherSuites that will be supported and used if available.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>certConstraints</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Certificate Constraints specification.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>secureRandomParameters</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>JVM default Secure Random</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>SecureRandom specification.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><code>secureSocketProtocol</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>"TLS"</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Protocol Name. Most common example are "SSL", "TLS" or "TLSv1".</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p><co
 de>certAlias</code></p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>&#160;</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Cert alias to use. Useful when keystore has multiple certs.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><code>enableRevocation</code> <strong>CXF 3.1.11</strong></td><td colspan="1" rowspan="1" class="confluenceTd">"false"</td><td colspan="1" rowspan="1" class="confluenceTd"><p>This attribute specifies whether to enable revocation when checking the client/server certificate.</p><p>To enable "ocsp" this should be set to "true" (along with the Java Security property "ocsp.enable").</p></td></tr></tbody></table></div><p>&#160;</p><p>Note that from CXF 3.0.3 and 2.7.14, the SSLv3 protocol is disabled on the client side, and on the service side (if Jetty is used), unless "SSLv3" is explicitly specified for the "secureSocketProtocol" parameter.</p><h2 id="TLSConfiguration-KeyManagers">Key Managers</h2><p>The Key Managers c
 onfiguration item is used to retrieve key information. It is required for a Server, but is only required for a Client when the Server requires Client Authentication.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeHeader panelHeader pdl" style="border-bottom-width: 1px;"><b>Key Manager sample</b></div><div class="codeContent panelContent pdl">
 <pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">    &lt;httpj:tlsServerParameters&gt;
         ...
         &lt;sec:keyManagers keyPassword="stskpass"&gt;