Repository: cxf Updated Branches: refs/heads/master 8b86ab84a -> 19a4d72a3
CXF-7252 - TLSParameterJaxBUtils.getTrustManagers getting password from wrong system property Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/19a4d72a Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/19a4d72a Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/19a4d72a Branch: refs/heads/master Commit: 19a4d72a32f1e18bec621af403ecdf21d97453af Parents: 8b86ab8 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Feb 17 13:44:40 2017 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Feb 17 13:44:40 2017 +0000 ---------------------------------------------------------------------- .../apache/cxf/configuration/jsse/SSLUtils.java | 40 +++++++++++++++++++- .../jsse/TLSParameterJaxBUtils.java | 35 +++++++++++++---- 2 files changed, 65 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/19a4d72a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index 24e162d..1853a60 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -557,8 +557,12 @@ public final class SSLUtils { LogUtils.log(log, Level.FINE, logMsg, trustStoreLocation); return trustStoreLocation; } - + public static String getTrustStoreType(String trustStoreType, Logger log) { + return getTrustStoreType(trustStoreType, log, DEFAULT_TRUST_STORE_TYPE); + } + + public static String getTrustStoreType(String trustStoreType, Logger log, String def) { String logMsg = null; if (trustStoreType != null) { logMsg = "TRUST_STORE_TYPE_SET"; @@ -566,7 +570,7 @@ public final class SSLUtils { //Can default to JKS trustStoreType = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType"); if (trustStoreType == null) { - trustStoreType = DEFAULT_TRUST_STORE_TYPE; + trustStoreType = def; logMsg = "TRUST_STORE_TYPE_NOT_SET"; } else { logMsg = "TRUST_STORE_TYPE_SYSTEM_SET"; @@ -575,6 +579,38 @@ public final class SSLUtils { LogUtils.log(log, Level.FINE, logMsg, trustStoreType); return trustStoreType; } + + public static String getTruststorePassword(String trustStorePassword, + Logger log) { + String logMsg = null; + if (trustStorePassword != null) { + logMsg = "TRUST_STORE_PASSWORD_SET"; + } else { + trustStorePassword = + SystemPropertyAction.getProperty("javax.net.ssl.trustStorePassword"); + logMsg = trustStorePassword != null + ? "TRUST_STORE_PASSWORD_SYSTEM_PROPERTY_SET" + : "TRUST_STORE_PASSWORD_NOT_SET"; + } + LogUtils.log(log, Level.FINE, logMsg); + return trustStorePassword; + } + + public static String getTruststoreProvider(String trustStoreProvider, Logger log) { + String logMsg = null; + if (trustStoreProvider != null) { + logMsg = "TRUST_STORE_PROVIDER_SET"; + } else { + trustStoreProvider = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreProvider", null); + if (trustStoreProvider == null) { + logMsg = "TRUST_STORE_PROVIDER_NOT_SET"; + } else { + logMsg = "TRUST_STORE_PROVIDER_SYSTEM_SET"; + } + } + LogUtils.log(log, Level.FINE, logMsg, trustStoreProvider); + return trustStoreProvider; + } public static String getSecureSocketProtocol(String secureSocketProtocol, Logger log) { http://git-wip-us.apache.org/repos/asf/cxf/blob/19a4d72a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java index 644a1e9..ee6bf58 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java @@ -95,31 +95,50 @@ public final class TLSParameterJaxBUtils { } return secureRandom; } + + public static KeyStore getKeyStore(KeyStoreType kst) throws GeneralSecurityException, IOException { + return getKeyStore(kst, false); + } + /** * This method converts a JAXB generated KeyStoreType into a KeyStore. */ - public static KeyStore getKeyStore(KeyStoreType kst) + public static KeyStore getKeyStore(KeyStoreType kst, boolean trustStore) throws GeneralSecurityException, IOException { if (kst == null) { return null; } - String type = SSLUtils.getKeystoreType(kst.isSetType() + String type = null; + if (trustStore) { + type = SSLUtils.getTrustStoreType(kst.isSetType() + ? kst.getType() : null, LOG, KeyStore.getDefaultType()); + } else { + type = SSLUtils.getKeystoreType(kst.isSetType() ? kst.getType() : null, LOG, KeyStore.getDefaultType()); + } char[] password = kst.isSetPassword() ? deobfuscate(kst.getPassword()) : null; if (password == null) { - String tmp = SSLUtils.getKeystorePassword(null, LOG); + String tmp = null; + if (trustStore) { + tmp = SSLUtils.getTruststorePassword(null, LOG); + } else { + tmp = SSLUtils.getKeystorePassword(null, LOG); + } if (tmp != null) { password = tmp.toCharArray(); } } - String provider = SSLUtils.getKeystoreProvider(kst.isSetProvider() - ? kst.getProvider() : null, - LOG); + String provider = null; + if (trustStore) { + provider = SSLUtils.getTruststoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG); + } else { + provider = SSLUtils.getKeystoreProvider(kst.isSetProvider() ? kst.getProvider() : null, LOG); + } KeyStore keyStore = provider == null ? KeyStore.getInstance(type) : KeyStore.getInstance(type, provider); @@ -256,7 +275,7 @@ public final class TLSParameterJaxBUtils { throws GeneralSecurityException, IOException { - KeyStore keyStore = getKeyStore(kmc.getKeyStore()); + KeyStore keyStore = getKeyStore(kmc.getKeyStore(), false); String alg = kmc.isSetFactoryAlgorithm() ? kmc.getFactoryAlgorithm() @@ -316,7 +335,7 @@ public final class TLSParameterJaxBUtils { final KeyStore keyStore = tmc.isSetKeyStore() - ? getKeyStore(tmc.getKeyStore()) + ? getKeyStore(tmc.getKeyStore(), true) : (tmc.isSetCertStore() ? getKeyStore(tmc.getCertStore()) : (KeyStore) null);