You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/17 13:44:54 UTC
cxf git commit: CXF-7252 - TLSParameterJaxBUtils.getTrustManagers
getting password from wrong system property
Repository: cxf
Updated Branches:
refs/heads/master 8b86ab84a -> 19a4d72a3
CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/19a4d72a
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/19a4d72a
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/19a4d72a
Branch: refs/heads/master
Commit: 19a4d72a32f1e18bec621af403ecdf21d97453af
Parents: 8b86ab8
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Fri Feb 17 13:44:40 2017 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Fri Feb 17 13:44:40 2017 +0000
----------------------------------------------------------------------
.../apache/cxf/configuration/jsse/SSLUtils.java | 40 +++++++++++++++++++-
.../jsse/TLSParameterJaxBUtils.java | 35 +++++++++++++----
2 files changed, 65 insertions(+), 10 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/19a4d72a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index 24e162d..1853a60 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -557,8 +557,12 @@ public final class SSLUtils {
LogUtils.log(log, Level.FINE, logMsg, trustStoreLocation);
return trustStoreLocation;
}
-
+
public static String getTrustStoreType(String trustStoreType, Logger log) {
+ return getTrustStoreType(trustStoreType, log, DEFAULT_TRUST_STORE_TYPE);
+ }
+
+ public static String getTrustStoreType(String trustStoreType, Logger log, String def) {
String logMsg = null;
if (trustStoreType != null) {
logMsg = "TRUST_STORE_TYPE_SET";
@@ -566,7 +570,7 @@ public final class SSLUtils {
//Can default to JKS
trustStoreType = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType");
if (trustStoreType == null) {
- trustStoreType = DEFAULT_TRUST_STORE_TYPE;
+ trustStoreType = def;
logMsg = "TRUST_STORE_TYPE_NOT_SET";
} else {
logMsg = "TRUST_STORE_TYPE_SYSTEM_SET";
@@ -575,6 +579,38 @@ public final class SSLUtils {
LogUtils.log(log, Level.FINE, logMsg, trustStoreType);
return trustStoreType;
}
+
+ public static String getTruststorePassword(String trustStorePassword,
+ Logger log) {
+ String logMsg = null;
+ if (trustStorePassword != null) {
+ logMsg = "TRUST_STORE_PASSWORD_SET";
+ } else {
+ trustStorePassword =
+ SystemPropertyAction.getProperty("javax.net.ssl.trustStorePassword");
+ logMsg = trustStorePassword != null
+ ? "TRUST_STORE_PASSWORD_SYSTEM_PROPERTY_SET"
+ : "TRUST_STORE_PASSWORD_NOT_SET";
+ }
+ LogUtils.log(log, Level.FINE, logMsg);
+ return trustStorePassword;
+ }
+
+ public static String getTruststoreProvider(String trustStoreProvider, Logger log) {
+ String logMsg = null;
+ if (trustStoreProvider != null) {
+ logMsg = "TRUST_STORE_PROVIDER_SET";
+ } else {
+ trustStoreProvider = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreProvider", null);
+ if (trustStoreProvider == null) {
+ logMsg = "TRUST_STORE_PROVIDER_NOT_SET";
+ } else {
+ logMsg = "TRUST_STORE_PROVIDER_SYSTEM_SET";
+ }
+ }
+ LogUtils.log(log, Level.FINE, logMsg, trustStoreProvider);
+ return trustStoreProvider;
+ }
public static String getSecureSocketProtocol(String secureSocketProtocol,
Logger log) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/19a4d72a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
index 644a1e9..ee6bf58 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
@@ -95,31 +95,50 @@ public final class TLSParameterJaxBUtils {
}
return secureRandom;
}
+
+ public static KeyStore getKeyStore(KeyStoreType kst) throws GeneralSecurityException, IOException {
+ return getKeyStore(kst, false);
+ }
+
/**
* This method converts a JAXB generated KeyStoreType into a KeyStore.
*/
- public static KeyStore getKeyStore(KeyStoreType kst)
+ public static KeyStore getKeyStore(KeyStoreType kst, boolean trustStore)
throws GeneralSecurityException,
IOException {
if (kst == null) {
return null;
}
- String type = SSLUtils.getKeystoreType(kst.isSetType()
+ String type = null;
+ if (trustStore) {
+ type = SSLUtils.getTrustStoreType(kst.isSetType()
+ ? kst.getType() : null, LOG, KeyStore.getDefaultType());
+ } else {
+ type = SSLUtils.getKeystoreType(kst.isSetType()
? kst.getType() : null, LOG, KeyStore.getDefaultType());
+ }
char[] password = kst.isSetPassword()
? deobfuscate(kst.getPassword())
: null;
if (password == null) {
- String tmp = SSLUtils.getKeystorePassword(null, LOG);
+ String tmp = null;
+ if (trustStore) {
+ tmp = SSLUtils.getTruststorePassword(null, LOG);
+ } else {
+ tmp = SSLUtils.getKeystorePassword(null, LOG);
+ }
if (tmp != null) {
password = tmp.toCharArray();
}
}
- String provider = SSLUtils.getKeystoreProvider(kst.isSetProvider()
- ? kst.getProvider() : null,
- LOG);
+ String provider = null;
+ if (trustStore) {
+ provider = SSLUtils.getTruststoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG);
+ } else {
+ provider = SSLUtils.getKeystoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG);
+ }
KeyStore keyStore = provider == null
? KeyStore.getInstance(type)
: KeyStore.getInstance(type, provider);
@@ -256,7 +275,7 @@ public final class TLSParameterJaxBUtils {
throws GeneralSecurityException,
IOException {
- KeyStore keyStore = getKeyStore(kmc.getKeyStore());
+ KeyStore keyStore = getKeyStore(kmc.getKeyStore(), false);
String alg = kmc.isSetFactoryAlgorithm()
? kmc.getFactoryAlgorithm()
@@ -316,7 +335,7 @@ public final class TLSParameterJaxBUtils {
final KeyStore keyStore =
tmc.isSetKeyStore()
- ? getKeyStore(tmc.getKeyStore())
+ ? getKeyStore(tmc.getKeyStore(), true)
: (tmc.isSetCertStore()
? getKeyStore(tmc.getCertStore())
: (KeyStore) null);