You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by eg...@apache.org on 2007/03/12 14:54:39 UTC
svn commit: r517217 - in /incubator/cxf/trunk:
api/src/main/java/org/apache/cxf/message/
api/src/main/java/org/apache/cxf/security/
api/src/main/java/org/apache/cxf/security/transport/
rt/transports/http/src/main/java/org/apache/cxf/transport/http/ rt/...
Author: eglynn
Date: Mon Mar 12 06:54:37 2007
New Revision: 517217
URL: http://svn.apache.org/viewvc?view=rev&rev=517217
Log:
Committing patch for CXF-445 on behalf of Fred Dushin, with some modifications.
Added:
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java (with props)
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java (with props)
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java (with props)
Modified:
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java
incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Exchange.java Mon Mar 12 06:54:37 2007
@@ -19,13 +19,11 @@
package org.apache.cxf.message;
-import java.util.Map;
-
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
import org.apache.cxf.transport.Session;
-public interface Exchange extends Map<String, Object> {
+public interface Exchange extends StringMap {
Message getInMessage();
void setInMessage(Message m);
@@ -70,19 +68,4 @@
* @param b true if the exchange is known to be a one-way exchange
*/
void setOneWay(boolean b);
-
- /**
- * Convenience method for storing/retrieving typed objects from the map.
- * equivalent to: (T)get(key.getName());
- * @param key the key
- * @return the value
- */
- <T> T get(Class<T> key);
- /**
- * Convenience method for storing/retrieving typed objects from the map.
- * equivalent to: put(key.getName(), value);
- * @param key the key
- * @param value the value
- */
- <T> void put(Class<T> key, T value);
}
Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/ExchangeImpl.java Mon Mar 12 06:54:37 2007
@@ -19,13 +19,11 @@
package org.apache.cxf.message;
-import java.util.HashMap;
-
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
import org.apache.cxf.transport.Session;
-public class ExchangeImpl extends HashMap<String, Object> implements Exchange {
+public class ExchangeImpl extends StringMapImpl implements Exchange {
private Destination destination;
private Conduit conduit;
@@ -90,14 +88,6 @@
if (null != m) {
m.setExchange(this);
}
- }
-
- public <T> T get(Class<T> key) {
- return key.cast(get(key.getName()));
- }
-
- public <T> void put(Class<T> key, T value) {
- put(key.getName(), value);
}
public boolean isOneWay() {
Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/Message.java Mon Mar 12 06:54:37 2007
@@ -20,14 +20,13 @@
package org.apache.cxf.message;
import java.util.Collection;
-import java.util.Map;
import java.util.Set;
import org.apache.cxf.interceptor.InterceptorChain;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
-public interface Message extends Map<String, Object> {
+public interface Message extends StringMap {
String TRANSPORT = "org.apache.cxf.transport";
String REQUESTOR_ROLE = "org.apache.cxf.client";
@@ -110,21 +109,6 @@
* @return the set of currently encapsulated content formats
*/
Set<Class<?>> getContentFormats();
-
- /**
- * Convenience method for storing/retrieving typed objects from the map.
- * equivalent to: (T)get(key.getName());
- * @param key the key
- * @return the value
- */
- <T> T get(Class<T> key);
- /**
- * Convenience method for storing/retrieving typed objects from the map.
- * equivalent to: put(key.getName(), value);
- * @param key the key
- * @param value the value
- */
- <T> void put(Class<T> key, T value);
Object getContextualProperty(String key);
}
Modified: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java (original)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/MessageImpl.java Mon Mar 12 06:54:37 2007
@@ -31,7 +31,7 @@
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.Destination;
-public class MessageImpl extends HashMap<String, Object> implements Message {
+public class MessageImpl extends StringMapImpl implements Message {
private Collection<Attachment> attachments;
private Conduit conduit;
private Destination destination;
@@ -103,14 +103,6 @@
public void setInterceptorChain(InterceptorChain ic) {
this.interceptorChain = ic;
- }
-
- public <T> T get(Class<T> key) {
- return key.cast(get(key.getName()));
- }
-
- public <T> void put(Class<T> key, T value) {
- put(key.getName(), value);
}
public Object getContextualProperty(String key) {
Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java?view=auto&rev=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java (added)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java Mon Mar 12 06:54:37 2007
@@ -0,0 +1,41 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.message;
+
+import java.util.Map;
+
+public interface StringMap extends Map<String, Object> {
+
+ /**
+ * Convenience method for storing/retrieving typed objects from the map.
+ * equivalent to: (T)get(key.getName());
+ * @param key the key
+ * @return the value
+ */
+ <T> T get(Class<T> key);
+
+ /**
+ * Convenience method for storing/retrieving typed objects from the map.
+ * equivalent to: put(key.getName(), value);
+ * @param key the key
+ * @param value the value
+ */
+ <T> void put(Class<T> key, T value);
+}
Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMap.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java?view=auto&rev=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java (added)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java Mon Mar 12 06:54:37 2007
@@ -0,0 +1,35 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.message;
+
+import java.util.HashMap;
+
+public class StringMapImpl
+ extends HashMap<String, Object>
+ implements StringMap {
+
+ public <T> T get(Class<T> key) {
+ return key.cast(get(key.getName()));
+ }
+
+ public <T> void put(Class<T> key, T value) {
+ put(key.getName(), value);
+ }
+}
Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/message/StringMapImpl.java
------------------------------------------------------------------------------
svn:eol-style = native
Added: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java?view=auto&rev=517217
==============================================================================
--- incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java (added)
+++ incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java Mon Mar 12 06:54:37 2007
@@ -0,0 +1,96 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.security.transport;
+
+import java.security.cert.Certificate;
+import javax.net.ssl.SSLSession;
+
+/**
+ * An immutable struct that contains information about a negotiated
+ * TLS Session, including the (potentially negotiated) peer certificates
+ * as well as the currently effective TLS ciper suite.
+ */
+public class TLSSessionInfo {
+
+ private final SSLSession sslSession;
+ private final Certificate[] peerCertificates;
+ private final String cipherSuite;
+
+ /**
+ * This constructor has the effect of calling
+ * TLSSessionInfo(null, suite)
+ */
+ public TLSSessionInfo(
+ final String suite
+ ) {
+ this(suite, null, null);
+ }
+
+ /**
+ * @param suite
+ * The negotiated cipher suite
+ * This parameter may not be null, by contract
+ *
+ * @param session
+ * The JSSE representation of the SSL Session
+ * negotiated with the peer (optionally null, if
+ * it is unavailable)
+ *
+ * @param certs
+ * the peer X.509 certificate chain (optinally null)
+ */
+ public TLSSessionInfo(
+ final String suite,
+ final SSLSession session,
+ final Certificate[] certs
+ ) {
+ assert suite != null;
+ cipherSuite = suite;
+ sslSession = session;
+ peerCertificates = certs;
+ }
+
+ /**
+ * @return the negotiated cipher suite. This attribute is
+ * guaranteed to be non-null.
+ */
+ public final String getChipherSuite() {
+ return cipherSuite;
+ }
+
+ /**
+ * @return the peer X.509 certificate chain, as negotiated
+ * though the TLS handshake. This attribute may be
+ * null, for example, if the SSL peer has not been
+ * authenticated.
+ */
+ public final Certificate[] getPeerCertificates() {
+ return peerCertificates;
+ }
+
+ /**
+ * @return the negotiated SSL Session. This attribute may be
+ * null if it is unavailable from the underlying
+ * transport.
+ */
+ public final SSLSession getSSLSession() {
+ return sslSession;
+ }
+}
Propchange: incubator/cxf/trunk/api/src/main/java/org/apache/cxf/security/transport/TLSSessionInfo.java
------------------------------------------------------------------------------
svn:eol-style = native
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java Mon Mar 12 06:54:37 2007
@@ -43,6 +43,7 @@
import org.apache.cxf.transport.AbstractDestination;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.ConduitInitiator;
+import org.apache.cxf.transport.https.SSLUtils;
import org.apache.cxf.transports.http.QueryHandler;
import org.apache.cxf.transports.http.QueryHandlerRegistry;
import org.mortbay.http.HttpRequest;
@@ -256,11 +257,11 @@
inMessage.put(Message.BASE_PATH, new URL(endpointInfo.getAddress()).getPath());
}
inMessage.put(Message.FIXED_PARAMETER_ORDER, isFixedParameterOrder());
- inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE);
-
+ inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE);
setHeaders(inMessage);
-
inMessage.setDestination(this);
+
+ SSLUtils.propogateSecureSession(req, inMessage);
incomingObserver.onMessage(inMessage);
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Mon Mar 12 06:54:37 2007
@@ -28,6 +28,7 @@
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
@@ -41,11 +42,19 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocket;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.security.FiltersType;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.transport.TLSSessionInfo;
+import org.mortbay.http.HttpConnection;
+import org.mortbay.http.HttpRequest;
/**
* Holder for utility methods related to manipulating SSL settings, common
@@ -59,6 +68,7 @@
private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
+ private static final String SERVLET_SSL_SESSION_ATTRIBUTE = "javax.net.ssl.session";
private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
@@ -522,6 +532,60 @@
return wantClientAuthentication;
}
+ /**
+ * Propogate in the message a TLSSessionInfo instance representative
+ * of the TLS-specific information in the HTTP request.
+ *
+ * @param req the Jetty request
+ * @param message the Message
+ */
+ public static void propogateSecureSession(HttpRequest req,
+ Message message) {
+ final HttpConnection httpCon = req.getHttpConnection();
+ if (httpCon != null) {
+ final Object connection = httpCon.getConnection();
+ if (connection instanceof SSLSocket) {
+ final SSLSocket socket = (SSLSocket) connection;
+ final SSLSession session = socket.getSession();
+ Certificate[] certs = null;
+ try {
+ certs = session.getPeerCertificates();
+ } catch (final SSLPeerUnverifiedException e) {
+ // peer has not been verified
+ }
+ message.put(TLSSessionInfo.class,
+ new TLSSessionInfo(session.getCipherSuite(),
+ session,
+ certs));
+ }
+ }
+ }
+
+ /**
+ * Propogate in the message a TLSSessionInfo instance representative
+ * of the TLS-specific information in the HTTP request.
+ *
+ * @param req the servlet request
+ * @param message the Message
+ */
+ public static void propogateSecureServletSession(HttpServletRequest request,
+ Message message) {
+ SSLSession session =
+ (SSLSession) request.getAttribute(SERVLET_SSL_SESSION_ATTRIBUTE);
+ if (session != null) {
+ Certificate[] certs = null;
+ try {
+ certs = session.getPeerCertificates();
+ } catch (final SSLPeerUnverifiedException e) {
+ // peer has not been verified
+ }
+ message.put(TLSSessionInfo.class,
+ new TLSSessionInfo(session.getCipherSuite(),
+ session,
+ certs));
+ }
+ }
+
protected static void logUnSupportedPolicies(Object policy,
boolean client,
String[] unsupported,
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/servlet/ServletController.java Mon Mar 12 06:54:37 2007
@@ -46,6 +46,7 @@
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.tools.common.extensions.soap.SoapAddress;
import org.apache.cxf.tools.util.SOAPBindingUtil;
+import org.apache.cxf.transport.https.SSLUtils;
import org.apache.cxf.transports.http.QueryHandler;
import org.apache.cxf.transports.http.QueryHandlerRegistry;
import org.apache.cxf.wsdl11.ServiceWSDLBuilder;
@@ -168,7 +169,7 @@
inMessage.put(Message.QUERY_STRING, request.getQueryString());
inMessage.put(Message.CONTENT_TYPE, request.getContentType());
inMessage.put(Message.ENCODING, request.getCharacterEncoding());
-
+ SSLUtils.propogateSecureServletSession(request, inMessage);
d.doMessage(inMessage);
} catch (IOException e) {
throw new ServletException(e);
Modified: incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java (original)
+++ incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/http/JettyHTTPDestination.java Mon Mar 12 06:54:37 2007
@@ -36,6 +36,7 @@
import org.apache.cxf.message.MessageImpl;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.ConduitInitiator;
+import org.apache.cxf.transport.https.SSLUtils;
import org.apache.cxf.transports.http.QueryHandler;
import org.apache.cxf.transports.http.QueryHandlerRegistry;
import org.mortbay.jetty.HttpConnection;
@@ -200,8 +201,9 @@
inMessage.put(Message.ASYNC_POST_RESPONSE_DISPATCH, Boolean.TRUE);
setHeaders(inMessage);
-
inMessage.setDestination(this);
+
+ SSLUtils.propogateSecureSession(req, inMessage);
incomingObserver.onMessage(inMessage);
@@ -212,6 +214,5 @@
LOG.fine("Finished servicing http request on thread: " + Thread.currentThread());
}
}
- }
-
+ }
}
Modified: incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original)
+++ incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Mon Mar 12 06:54:37 2007
@@ -26,6 +26,7 @@
import java.io.IOException;
import java.lang.reflect.Method;
import java.security.KeyStore;
+import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
@@ -34,10 +35,15 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLPeerUnverifiedException;
+import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
+import javax.servlet.http.HttpServletRequest;
import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.security.transport.TLSSessionInfo;
/**
* Holder for utility methods related to manipulating SSL settings, common
@@ -51,10 +57,11 @@
private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
-
+ private static final String SERVLET_SSL_SESSION_ATTRIBUTE = "javax.net.ssl.session";
+
private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
-
+
private SSLUtils() {
}
@@ -423,6 +430,55 @@
return wantClientAuthentication;
}
+ /**
+ * Propogate in the message a TLSSessionInfo instance representative
+ * of the TLS-specific information in the HTTP request.
+ *
+ * @param req the Jetty request
+ * @param message the Message
+ */
+ public static void propogateSecureSession(HttpServletRequest request,
+ Message message) {
+ SSLSession session =
+ (SSLSession) request.getAttribute("javax.net.ssl.session");
+ if (session != null) {
+ Certificate[] certs = null;
+ try {
+ certs = session.getPeerCertificates();
+ } catch (final SSLPeerUnverifiedException e) {
+ // peer has not been verified
+ }
+ message.put(TLSSessionInfo.class,
+ new TLSSessionInfo(session.getCipherSuite(),
+ session,
+ certs));
+ }
+ }
+
+ /**
+ * Propogate in the message a TLSSessionInfo instance representative
+ * of the TLS-specific information in the HTTP request.
+ *
+ * @param req the servlet request
+ * @param message the Message
+ */
+ public static void propogateSecureServletSession(HttpServletRequest request,
+ Message message) {
+ SSLSession session =
+ (SSLSession) request.getAttribute(SERVLET_SSL_SESSION_ATTRIBUTE);
+ if (session != null) {
+ Certificate[] certs = null;
+ try {
+ certs = session.getPeerCertificates();
+ } catch (final SSLPeerUnverifiedException e) {
+ // peer has not been verified
+ }
+ message.put(TLSSessionInfo.class,
+ new TLSSessionInfo(session.getCipherSuite(),
+ session,
+ certs));
+ }
+ }
protected static void logUnSupportedPolicies(Object policy,
boolean client,
Modified: incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java (original)
+++ incubator/cxf/trunk/rt/transports/http2/src/main/java/org/apache/cxf/transport/servlet/ServletController.java Mon Mar 12 06:54:37 2007
@@ -47,6 +47,7 @@
import org.apache.cxf.tools.common.extensions.soap.SoapAddress;
import org.apache.cxf.tools.util.SOAPBindingUtil;
import org.apache.cxf.transport.http.AbstractHTTPDestination;
+import org.apache.cxf.transport.https.SSLUtils;
import org.apache.cxf.transports.http.QueryHandler;
import org.apache.cxf.transports.http.QueryHandlerRegistry;
import org.apache.cxf.wsdl11.ServiceWSDLBuilder;
@@ -166,7 +167,7 @@
inMessage.put(Message.QUERY_STRING, request.getQueryString());
inMessage.put(Message.CONTENT_TYPE, request.getContentType());
inMessage.put(Message.ENCODING, request.getCharacterEncoding());
-
+ SSLUtils.propogateSecureServletSession(request, inMessage);
d.doMessage(inMessage);
} catch (IOException e) {
throw new ServletException(e);
Modified: incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java?view=diff&rev=517217&r1=517216&r2=517217
==============================================================================
--- incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http2/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java Mon Mar 12 06:54:37 2007
@@ -44,6 +44,7 @@
import org.apache.cxf.message.ExchangeImpl;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.security.transport.TLSSessionInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.transport.Conduit;
import org.apache.cxf.transport.ConduitInitiator;
@@ -399,6 +400,8 @@
response.flushBuffer();
EasyMock.expectLastCall();
}
+ request.getAttribute("javax.net.ssl.session");
+ EasyMock.expectLastCall().andReturn(null);
}
if (decoupled) {
@@ -458,6 +461,8 @@
assertEquals("unexpected query",
inMessage.get(Message.QUERY_STRING),
"?name");
+ assertNull("unexpected query",
+ inMessage.get(TLSSessionInfo.class));
verifyRequestHeaders();