You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by eg...@apache.org on 2007/03/27 11:30:33 UTC
svn commit: r522837 - in /incubator/cxf/trunk/rt/transports/http/src:
main/java/org/apache/cxf/transport/https/SSLUtils.java
test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
Author: eglynn
Date: Tue Mar 27 02:30:32 2007
New Revision: 522837
URL: http://svn.apache.org/viewvc?view=rev&rev=522837
Log:
Fix to receiver-side SSL context retrieval logic, committed on behalf of Fred Dushin.
Modified:
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
Modified: incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java?view=diff&rev=522837&r1=522836&r2=522837
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java Tue Mar 27 02:30:32 2007
@@ -42,8 +42,6 @@
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLPeerUnverifiedException;
-import javax.net.ssl.SSLSession;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.servlet.http.HttpServletRequest;
@@ -66,7 +64,8 @@
private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
- private static final String SSL_SESSION_ATTRIBUTE = "javax.net.ssl.session";
+ private static final String SSL_CIPHER_SUITE_ATTRIBUTE = "javax.servlet.request.cipher_suite";
+ private static final String SSL_PEER_CERT_CHAIN_ATTRIBUTE = "javax.servlet.request.X509Certificate";
private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
@@ -549,46 +548,17 @@
*/
public static void propogateSecureSession(HttpServletRequest request,
Message message) {
- SSLSession session =
- (SSLSession) request.getAttribute(SSL_SESSION_ATTRIBUTE);
- if (session != null) {
- Certificate[] certs = null;
- try {
- certs = session.getPeerCertificates();
- } catch (final SSLPeerUnverifiedException e) {
- // peer has not been verified
- }
+ final String cipherSuite =
+ (String) request.getAttribute(SSL_CIPHER_SUITE_ATTRIBUTE);
+ if (cipherSuite != null) {
+ final Certificate[] certs =
+ (Certificate[]) request.getAttribute(SSL_PEER_CERT_CHAIN_ATTRIBUTE);
message.put(TLSSessionInfo.class,
- new TLSSessionInfo(session.getCipherSuite(),
- session,
+ new TLSSessionInfo(cipherSuite,
+ null,
certs));
}
}
-
- /**
- * Propogate in the message a TLSSessionInfo instance representative
- * of the TLS-specific information in the HTTP request.
- *
- * @param req the servlet request
- * @param message the Message
-
- public static void propogateSecureServletSession(HttpServletRequest request,
- Message message) {
- SSLSession session =
- (SSLSession) request.getAttribute(SERVLET_SSL_SESSION_ATTRIBUTE);
- if (session != null) {
- Certificate[] certs = null;
- try {
- certs = session.getPeerCertificates();
- } catch (final SSLPeerUnverifiedException e) {
- // peer has not been verified
- }
- message.put(TLSSessionInfo.class,
- new TLSSessionInfo(session.getCipherSuite(),
- session,
- certs));
- }
- }*/
protected static void logUnSupportedPolicies(Object policy,
boolean client,
Modified: incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java?view=diff&rev=522837&r1=522836&r2=522837
==============================================================================
--- incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java (original)
+++ incubator/cxf/trunk/rt/transports/http/src/test/java/org/apache/cxf/transport/http/JettyHTTPDestinationTest.java Tue Mar 27 02:30:32 2007
@@ -445,8 +445,12 @@
response.flushBuffer();
EasyMock.expectLastCall();
}
+ request.getAttribute("javax.servlet.request.cipher_suite");
+ EasyMock.expectLastCall().andReturn("anythingwilldoreally");
request.getAttribute("javax.net.ssl.session");
EasyMock.expectLastCall().andReturn(null);
+ request.getAttribute("javax.servlet.request.X509Certificate");
+ EasyMock.expectLastCall().andReturn(null);
}
}
@@ -537,7 +541,7 @@
assertEquals("unexpected query",
inMessage.get(Message.QUERY_STRING),
"?name");
- assertNull("unexpected query",
+ assertNotNull("unexpected query",
inMessage.get(TLSSessionInfo.class));
verifyRequestHeaders();