Repository: cxf Updated Branches: refs/heads/master 9b0e6b8cb -> 707fac176
[CXF-6831]should be able to configure the certStore key type Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/707fac17 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/707fac17 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/707fac17 Branch: refs/heads/master Commit: 707fac176e4be91b9547c9f3b126247268669057 Parents: 9b0e6b8 Author: Freeman Fang <freeman.f...@gmail.com> Authored: Tue Mar 15 15:36:04 2016 +0800 Committer: Freeman Fang <freeman.f...@gmail.com> Committed: Tue Mar 15 15:36:04 2016 +0800 ---------------------------------------------------------------------- .../configuration/jsse/TLSParameterJaxBUtils.java | 17 +++++++++++------ .../resources/schemas/configuration/security.xsd | 9 +++++++++ .../apache/cxf/systest/https/conduit/pkcs12.xml | 4 ++-- .../https/conduit/resource-key-spec-url.xml | 2 +- .../systest/https/conduit/resource-key-spec.xml | 2 +- 5 files changed, 24 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java index ef611a1..e8743b7 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java @@ -159,9 +159,14 @@ public final class TLSParameterJaxBUtils { if (pst == null) { return null; } - + String type; + if (pst.isSetType()) { + type = pst.getType(); + } else { + type = KeyStore.getDefaultType(); + } if (pst.isSetFile()) { - return createTrustStore(new FileInputStream(pst.getFile())); + return createTrustStore(new FileInputStream(pst.getFile()), type); } if (pst.isSetResource()) { final InputStream is = getResourceAsStream(pst.getResource()); @@ -171,10 +176,10 @@ public final class TLSParameterJaxBUtils { LOG.severe(msg); throw new IOException(msg); } - return createTrustStore(is); + return createTrustStore(is, type); } if (pst.isSetUrl()) { - return createTrustStore(new URL(pst.getUrl()).openStream()); + return createTrustStore(new URL(pst.getUrl()).openStream(), type); } // TODO error? return null; @@ -196,12 +201,12 @@ public final class TLSParameterJaxBUtils { * Create a KeyStore containing the trusted CA certificates contained * in the supplied input stream. */ - private static KeyStore createTrustStore(final InputStream is) + private static KeyStore createTrustStore(final InputStream is, String type) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { final Collection<? extends Certificate> certs = loadCertificates(is); final KeyStore keyStore = - KeyStore.getInstance(KeyStore.getDefaultType()); + KeyStore.getInstance(type); keyStore.load(null, null); for (Certificate cert : certs) { final X509Certificate xcert = (X509Certificate) cert; http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/core/src/main/resources/schemas/configuration/security.xsd ---------------------------------------------------------------------- diff --git a/core/src/main/resources/schemas/configuration/security.xsd b/core/src/main/resources/schemas/configuration/security.xsd index f6e05f9..1a10fe3 100644 --- a/core/src/main/resources/schemas/configuration/security.xsd +++ b/core/src/main/resources/schemas/configuration/security.xsd @@ -192,6 +192,15 @@ 1) "file", 2) "resource", and 3) "url". </xs:documentation> </xs:annotation> + <xs:attribute name="type" type="xs:string"> + <xs:annotation> + <xs:documentation> + This attribute specifies the type of the certstore. + It is highly correlated to the provider. Most common examples + are "jks" "pkcs12". + </xs:documentation> + </xs:annotation> + </xs:attribute> <xs:attribute name="file" type="xs:string"> <xs:annotation> <xs:documentation> http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml index d01a2a0..2087713 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml @@ -49,7 +49,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Bethal.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </httpj:tlsServerParameters> </httpj:engine> @@ -63,7 +63,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit> http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml index 0e70d13..aab7b0f 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml @@ -65,7 +65,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit> http://git-wip-us.apache.org/repos/asf/cxf/blob/707fac17/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml index a1f9bba..efcaa68 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml @@ -61,7 +61,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit>