Fix for last commit
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/28c26cea Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/28c26cea Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/28c26cea Branch: refs/heads/2.7.x-fixes Commit: 28c26ceadf867116cf4faf56823e749373bd4410 Parents: ec245d8 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Dec 17 18:01:56 2014 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Dec 17 18:01:56 2014 +0000 ---------------------------------------------------------------------- .../https/HttpsURLConnectionFactory.java | 6 +- .../apache/cxf/transport/https/SSLUtils.java | 116 ------------------- 2 files changed, 4 insertions(+), 118 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/28c26cea/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java ---------------------------------------------------------------------- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java index cd03a91..992280d 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java @@ -42,6 +42,8 @@ import org.apache.cxf.common.util.ReflectionInvokationHandler; import org.apache.cxf.common.util.ReflectionUtil; import org.apache.cxf.configuration.jsse.SSLUtils; import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier; +import org.apache.cxf.transport.https.httpclient.PublicSuffixMatcherLoader; /** @@ -188,9 +190,9 @@ public class HttpsURLConnectionFactory { if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { verifier = HttpsURLConnection.getDefaultHostnameVerifier(); } else if (tlsClientParameters.isDisableCNCheck()) { - verifier = CertificateHostnameVerifier.ALLOW_ALL; + verifier = new AllowAllHostnameVerifier(); } else { - verifier = CertificateHostnameVerifier.DEFAULT; + verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault()); } if (connection instanceof HttpsURLConnection) { http://git-wip-us.apache.org/repos/asf/cxf/blob/28c26cea/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java ---------------------------------------------------------------------- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java deleted file mode 100644 index 183f80e..0000000 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLUtils.java +++ /dev/null @@ -1,116 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ -package org.apache.cxf.transport.https; - -import java.security.GeneralSecurityException; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.KeyManager; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; -import javax.net.ssl.X509KeyManager; - -import org.apache.cxf.configuration.jsse.TLSClientParameters; -import org.apache.cxf.configuration.jsse.TLSParameterBase; -import org.apache.cxf.configuration.jsse.TLSServerParameters; - -import org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier; -import org.apache.cxf.transport.https.httpclient.PublicSuffixMatcherLoader; - -public final class SSLUtils { - private SSLUtils() { - //Helper class - } - - public static HostnameVerifier getHostnameVerifier(TLSClientParameters tlsClientParameters) { - HostnameVerifier verifier; - - if (tlsClientParameters.getHostnameVerifier() != null) { - verifier = tlsClientParameters.getHostnameVerifier(); - } else if (tlsClientParameters.isUseHttpsURLConnectionDefaultHostnameVerifier()) { - verifier = HttpsURLConnection.getDefaultHostnameVerifier(); - } else if (tlsClientParameters.isDisableCNCheck()) { - verifier = new AllowAllHostnameVerifier(); - } else { - verifier = new DefaultHostnameVerifier(PublicSuffixMatcherLoader.getDefault()); - } - return verifier; - } - - public static SSLContext getSSLContext(TLSParameterBase parameters) throws Exception { - // TODO do we need to cache the context - String provider = parameters.getJsseProvider(); - - String protocol = parameters.getSecureSocketProtocol() != null ? parameters - .getSecureSocketProtocol() : "TLS"; - - SSLContext ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext - .getInstance(protocol, provider); - - if (parameters instanceof TLSClientParameters) { - ctx.getClientSessionContext().setSessionTimeout(((TLSClientParameters)parameters).getSslCacheTimeout()); - } - - // TODO setting on the server side - - KeyManager[] keyManagers = parameters.getKeyManagers(); - if (parameters.getCertAlias() != null) { - getKeyManagersWithCertAlias(parameters, keyManagers); - } - ctx.init(keyManagers, parameters.getTrustManagers(), - parameters.getSecureRandom()); - - return ctx; - } - - protected static void getKeyManagersWithCertAlias(TLSParameterBase tlsParameters, - KeyManager[] keyManagers) - throws GeneralSecurityException { - if (tlsParameters.getCertAlias() != null) { - for (int idx = 0; idx < keyManagers.length; idx++) { - if (keyManagers[idx] instanceof X509KeyManager) { - try { - keyManagers[idx] = new AliasedX509ExtendedKeyManager(tlsParameters.getCertAlias(), - (X509KeyManager)keyManagers[idx]); - } catch (Exception e) { - throw new GeneralSecurityException(e); - } - } - } - } - } - - public static SSLEngine createServerSSLEngine(TLSServerParameters parameters) throws Exception { - SSLContext sslContext = getSSLContext(parameters); - SSLEngine serverEngine = sslContext.createSSLEngine(); - serverEngine.setUseClientMode(false); - serverEngine.setNeedClientAuth(parameters.getClientAuthentication().isRequired()); - return serverEngine; - } - - public static SSLEngine createClientSSLEngine(TLSClientParameters parameters) throws Exception { - SSLContext sslContext = getSSLContext(parameters); - SSLEngine clientEngine = sslContext.createSSLEngine(); - clientEngine.setUseClientMode(true); - return clientEngine; - } - - -}