Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 526842c9a -> 8fbce9d55
[CXF-6831]should be able to configure the certStore key type (cherry picked from commit 707fac176e4be91b9547c9f3b126247268669057) (cherry picked from commit 8851b636b4819e0385841643366076edcc546f49) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8fbce9d5 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8fbce9d5 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8fbce9d5 Branch: refs/heads/3.0.x-fixes Commit: 8fbce9d55062b2615bc33bf1ef5687f056012b5c Parents: 526842c Author: Freeman Fang <freeman.f...@gmail.com> Authored: Tue Mar 15 15:36:04 2016 +0800 Committer: Freeman Fang <freeman.f...@gmail.com> Committed: Tue Mar 15 15:45:09 2016 +0800 ---------------------------------------------------------------------- .../configuration/jsse/TLSParameterJaxBUtils.java | 17 +++++++++++------ .../resources/schemas/configuration/security.xsd | 9 +++++++++ .../apache/cxf/systest/https/conduit/pkcs12.xml | 4 ++-- .../https/conduit/resource-key-spec-url.xml | 2 +- .../systest/https/conduit/resource-key-spec.xml | 2 +- 5 files changed, 24 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/8fbce9d5/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java index c37abc1..6d94122 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java @@ -168,9 +168,14 @@ public final class TLSParameterJaxBUtils { if (pst == null) { return null; } - + String type; + if (pst.isSetType()) { + type = pst.getType(); + } else { + type = KeyStore.getDefaultType(); + } if (pst.isSetFile()) { - return createTrustStore(new FileInputStream(pst.getFile())); + return createTrustStore(new FileInputStream(pst.getFile()), type); } if (pst.isSetResource()) { final InputStream is = getResourceAsStream(pst.getResource()); @@ -180,10 +185,10 @@ public final class TLSParameterJaxBUtils { LOG.severe(msg); throw new IOException(msg); } - return createTrustStore(is); + return createTrustStore(is, type); } if (pst.isSetUrl()) { - return createTrustStore(new URL(pst.getUrl()).openStream()); + return createTrustStore(new URL(pst.getUrl()).openStream(), type); } // TODO error? return null; @@ -205,12 +210,12 @@ public final class TLSParameterJaxBUtils { * Create a KeyStore containing the trusted CA certificates contained * in the supplied input stream. */ - private static KeyStore createTrustStore(final InputStream is) + private static KeyStore createTrustStore(final InputStream is, String type) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException { final Collection<? extends Certificate> certs = loadCertificates(is); final KeyStore keyStore = - KeyStore.getInstance(KeyStore.getDefaultType()); + KeyStore.getInstance(type); keyStore.load(null, null); for (Certificate cert : certs) { final X509Certificate xcert = (X509Certificate) cert; http://git-wip-us.apache.org/repos/asf/cxf/blob/8fbce9d5/core/src/main/resources/schemas/configuration/security.xsd ---------------------------------------------------------------------- diff --git a/core/src/main/resources/schemas/configuration/security.xsd b/core/src/main/resources/schemas/configuration/security.xsd index 2a2c9de..cdfeb80 100644 --- a/core/src/main/resources/schemas/configuration/security.xsd +++ b/core/src/main/resources/schemas/configuration/security.xsd @@ -192,6 +192,15 @@ 1) "file", 2) "resource", and 3) "url". </xs:documentation> </xs:annotation> + <xs:attribute name="type" type="xs:string"> + <xs:annotation> + <xs:documentation> + This attribute specifies the type of the certstore. + It is highly correlated to the provider. Most common examples + are "jks" "pkcs12". + </xs:documentation> + </xs:annotation> + </xs:attribute> <xs:attribute name="file" type="xs:string"> <xs:annotation> <xs:documentation> http://git-wip-us.apache.org/repos/asf/cxf/blob/8fbce9d5/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml index d01a2a0..2087713 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/pkcs12.xml @@ -49,7 +49,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Bethal.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </httpj:tlsServerParameters> </httpj:engine> @@ -63,7 +63,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit> http://git-wip-us.apache.org/repos/asf/cxf/blob/8fbce9d5/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml index 0e70d13..aab7b0f 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec-url.xml @@ -65,7 +65,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit> http://git-wip-us.apache.org/repos/asf/cxf/blob/8fbce9d5/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml index a1f9bba..efcaa68 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/resource-key-spec.xml @@ -61,7 +61,7 @@ under the License. <sec:keyStore type="pkcs12" password="password" resource="keys/Morpit.p12"/> </sec:keyManagers> <sec:trustManagers> - <sec:certStore resource="keys/Truststore.pem"/> + <sec:certStore type="jks" resource="keys/Truststore.pem"/> </sec:trustManagers> </http:tlsClientParameters> </http:conduit>