You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by cl...@apache.org on 2010/03/04 01:20:52 UTC
svn commit: r918788 - in /cxf/branches/2.2.x-fixes:
api/src/main/java/org/apache/cxf/configuration/jsse/
common/schemas/src/main/resources/schemas/configuration/
rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/
rt/transports/h...
Author: cleclerc
Date: Thu Mar 4 00:20:51 2010
New Revision: 918788
URL: http://svn.apache.org/viewvc?rev=918788&view=rev
Log:
[CXF-2688] revert change
Modified:
cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Modified: cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java?rev=918788&r1=918787&r2=918788&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java (original)
+++ cxf/branches/2.2.x-fixes/api/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParameters.java Thu Mar 4 00:20:51 2010
@@ -28,7 +28,6 @@
public class TLSClientParameters extends TLSParameterBase {
private boolean disableCNCheck;
private SSLSocketFactory sslSocketFactory;
- private boolean trustAllCertificates;
/**
* Set whether or not JSEE should omit checking if the host name
@@ -50,22 +49,6 @@
}
/**
- * Returns whether or not JSSE omits checking X509 certificates
- * validity (using an 'accept all' X509TrustManager).
- */
- public boolean isTrustAllCertificates() {
- return trustAllCertificates;
- }
-
- /**
- * Set whether or not JSSE should omit checking X509 certificates
- * validity (using an 'accept all' {@link javax.net.ssl.X509TrustManager}).
- */
- public void setTrustAllCertificates(boolean trustAllCertificates) {
- this.trustAllCertificates = trustAllCertificates;
- }
-
- /**
* This sets the SSLSocketFactory to use, causing all other properties of
* this bean (and its superclass) to get ignored (this takes precendence).
*/
Modified: cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd?rev=918788&r1=918787&r2=918788&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd (original)
+++ cxf/branches/2.2.x-fixes/common/schemas/src/main/resources/schemas/configuration/security.xsd Thu Mar 4 00:20:51 2010
@@ -443,16 +443,6 @@
</xs:documentation>
</xs:annotation>
</xs:attribute>
- <xs:attribute name="trustAllCertificates" type="pt:ParameterizedBoolean" default="false">
- <xs:annotation>
- <xs:documentation>
- This attribute specifies if JSSE should omit checking X509
- certificates validity (using an 'accept all X509TrustManager').
- Default is false; this attribute should not be set to true during
- production use. Since 2.2.7.
- </xs:documentation>
- </xs:annotation>
- </xs:attribute>
<xs:attribute name="jsseProvider" type="xs:string">
<xs:annotation>
<xs:documentation>
Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java?rev=918788&r1=918787&r2=918788&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java (original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/configuration/jsse/spring/TLSClientParametersConfig.java Thu Mar 4 00:20:51 2010
@@ -63,9 +63,6 @@
if (params.isDisableCNCheck()) {
ret.setDisableCNCheck(true);
}
- if (params.isTrustAllCertificates()) {
- ret.setTrustAllCertificates(true);
- }
if (params.isSetSecureSocketProtocol()) {
ret.setSecureSocketProtocol(params.getSecureSocketProtocol());
}
Modified: cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL: http://svn.apache.org/viewvc/cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=918788&r1=918787&r2=918788&view=diff
==============================================================================
--- cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java (original)
+++ cxf/branches/2.2.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java Thu Mar 4 00:20:51 2010
@@ -175,30 +175,27 @@
? SSLContext.getInstance(protocol)
: SSLContext.getInstance(protocol, provider);
- TrustManager[] trustManagers;
- if (tlsClientParameters.isTrustAllCertificates()) {
- trustManagers = new TrustManager[] {
- new javax.net.ssl.X509TrustManager() {
- public java.security.cert.X509Certificate[] getAcceptedIssuers() {
- return null;
- }
-
- public void checkClientTrusted(java.security.cert.X509Certificate[] certs,
- String authType) {
- }
+
- public void checkServerTrusted(java.security.cert.X509Certificate[] certs,
- String authType) {
- }
+ TrustManager[] trustAllCerts = tlsClientParameters.getTrustManagers();
+ /*
+ TrustManager[] trustAllCerts = new TrustManager[] {
+ new javax.net.ssl.X509TrustManager() {
+ public java.security.cert.X509Certificate[] getAcceptedIssuers() {
+ return null;
}
- };
- } else {
- trustManagers = tlsClientParameters.getTrustManagers();
- }
-
+ public void checkClientTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ public void checkServerTrusted(
+ java.security.cert.X509Certificate[] certs, String authType) {
+ }
+ }
+ };
+ */
ctx.init(
tlsClientParameters.getKeyManagers(),
- trustManagers,
+ trustAllCerts,
tlsClientParameters.getSecureRandom());
// The "false" argument means opposite of exclude.
@@ -214,13 +211,12 @@
tlsClientParameters.getSecureSocketProtocol());
}
- HostnameVerifier hostnameVerifier = tlsClientParameters.isDisableCNCheck()
- || tlsClientParameters.isTrustAllCertificates() ? CertificateHostnameVerifier.ALLOW_ALL
- : CertificateHostnameVerifier.DEFAULT;
+ HostnameVerifier verifier = tlsClientParameters.isDisableCNCheck()
+ ? CertificateHostnameVerifier.ALLOW_ALL : CertificateHostnameVerifier.DEFAULT;
if (connection instanceof HttpsURLConnection) {
// handle the expected case (javax.net.ssl)
HttpsURLConnection conn = (HttpsURLConnection) connection;
- conn.setHostnameVerifier(hostnameVerifier);
+ conn.setHostnameVerifier(verifier);
conn.setSSLSocketFactory(socketFactory);
} else {
// handle the deprecated sun case and other possible hidden API's
@@ -228,7 +224,7 @@
try {
Method method = connection.getClass().getMethod("getHostnameVerifier");
- InvocationHandler handler = new ReflectionInvokationHandler(hostnameVerifier) {
+ InvocationHandler handler = new ReflectionInvokationHandler(verifier) {
public Object invoke(Object proxy,
Method method,
Object[] args) throws Throwable {