You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/07/05 16:51:45 UTC
[cxf] 01/02: CXF-7782 - Client session context is null before SSL
context initialization
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 9291b7b8c58c8e5c4eecbcdc7117afe386004cc4
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Thu Jul 5 15:45:16 2018 +0100
CXF-7782 - Client session context is null before SSL context initialization
(cherry picked from commit 4d3db73226e7cc6241616be4e7979d3c3357c350)
(cherry picked from commit a6337854bff6c0187d51a44926bef5d6eaadebc6)
# Conflicts:
# rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
---
.../org/apache/cxf/transport/https/SSLUtils.java | 10 ++---
systests/transports/pom.xml | 6 +++
.../systest/https/clientauth/ClientAuthTest.java | 52 ++++++++++++++++++++++
3 files changed, 63 insertions(+), 5 deletions(-)
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
index d197a80..1ccf1e2 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
@@ -68,11 +68,7 @@ public final class SSLUtils {
SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
.getInstance(protocol, provider);
-
- if (parameters instanceof TLSClientParameters) {
- ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout());
- }
-
+
KeyManager[] keyManagers = parameters.getKeyManagers();
if (keyManagers == null && parameters instanceof TLSClientParameters) {
keyManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(LOG);
@@ -82,6 +78,10 @@ public final class SSLUtils {
ctx.init(configuredKeyManagers, parameters.getTrustManagers(),
parameters.getSecureRandom());
+ if (parameters instanceof TLSClientParameters && ctx.getClientSessionContext() != null) {
+ ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout());
+ }
+
return ctx;
}
diff --git a/systests/transports/pom.xml b/systests/transports/pom.xml
index 47af5ad..3072351 100644
--- a/systests/transports/pom.xml
+++ b/systests/transports/pom.xml
@@ -262,5 +262,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bctls-jdk15on</artifactId>
+ <version>${cxf.bcprov.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
index ea79448..571144a 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
@@ -22,6 +22,7 @@ package org.apache.cxf.systest.https.clientauth;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
+import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
@@ -45,6 +46,8 @@ import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.hello_world.Greeter;
import org.apache.hello_world.services.SOAPService;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@@ -359,6 +362,55 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
((java.io.Closeable)port).close();
}
+ // See CXF-7782
+ @org.junit.Test
+ public void testBouncyCastleProvider() throws Exception {
+ try {
+ Security.addProvider(new BouncyCastleProvider());
+ Security.addProvider(new BouncyCastleJsseProvider());
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+
+ // Set up (shared) KeyManagers/TrustManagers
+ X509TrustManager trustManager = new NoOpX509TrustManager();
+ TrustManager[] trustManagers = new TrustManager[1];
+ trustManagers[0] = trustManager;
+
+ KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+
+ try (InputStream inputStream = ClassLoaderUtils.getResourceAsStream("keymanagers.jks", this.getClass())) {
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(inputStream, "password".toCharArray());
+
+ kmf.init(keyStore, "password".toCharArray());
+ }
+ KeyManager[] keyManagers = kmf.getKeyManagers();
+
+ // First call to PORT using Morpit
+ TLSClientParameters tlsParams = new TLSClientParameters();
+ tlsParams.setJsseProvider(new BouncyCastleJsseProvider().getName());
+ tlsParams.setKeyManagers(keyManagers);
+ tlsParams.setCertAlias("morpit");
+ tlsParams.setTrustManagers(trustManagers);
+ tlsParams.setDisableCNCheck(true);
+
+ Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT);
+ Client client = ClientProxy.getClient(port);
+ HTTPConduit http = (HTTPConduit) client.getConduit();
+ http.setTlsClientParameters(tlsParams);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+ ((java.io.Closeable)port).close();
+ } finally {
+ Security.removeProvider(new BouncyCastleJsseProvider().getName());
+ Security.removeProvider(new BouncyCastleProvider().getName());
+ }
+ }
+
private static final class DisableCNCheckVerifier implements HostnameVerifier {
@Override