Author: hiranya
Date: Wed Aug 7 18:46:50 2013
New Revision: 1511435
URL: http://svn.apache.org/r1511435
Log:
Refactoring the OCSP/CRL implementation. Applying the patch from SYNAPSE-954
with some modifications
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/CertificateVerificationConfig.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/Constants.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationManager.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheControllerMBean.java
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/CRLVerifierTest.java
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/OCSPVerifierTest.java
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationTest.java
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/TestConstants.java
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/Utils.java
synapse/trunk/java/repository/conf/axis2.xml
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/nhttp/HttpCoreNIOSSLSender.java
Wed Aug 7 18:46:50 2013
@@ -108,8 +108,9 @@ public class HttpCoreNIOSSLSender extend
String hostnameVerifierValue = hostnameVerifier != null ?
hostnameVerifier.getValue().toString() : null;
Parameter revocationVerifierParam =
transportOut.getParameter("CertificateRevocationVerifier");
- return createSSLSetupHandler(hostnameVerifierValue,
- new CertificateVerificationConfig(revocationVerifierParam));
+ CertificateVerificationConfig cvConfig = revocationVerifierParam !=
null ?
+ new CertificateVerificationConfig(revocationVerifierParam) :
null;
+ return createSSLSetupHandler(hostnameVerifierValue, cvConfig);
}
/**
@@ -315,7 +316,7 @@ public class HttpCoreNIOSSLSender extend
throw new SSLException("Host name verification failed for
host : " + address);
}
- if (cvConfig.isEnabled()) {
+ if (cvConfig != null) {
try {
ocspCrl.verifyRevocationStatus(session.getPeerCertificateChain(),
cvConfig.getCacheSize(),
cvConfig.getCacheDuration());
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/passthru/PassThroughHttpSSLSender.java
Wed Aug 7 18:46:50 2013
@@ -109,8 +109,9 @@ public class PassThroughHttpSSLSender ex
String hostnameVerifierValue = hostnameVerifier != null ?
hostnameVerifier.getValue().toString() : null;
Parameter revocationVerifierParam =
transportOut.getParameter("CertificateRevocationVerifier");
- return createSSLSetupHandler(hostnameVerifierValue,
- new CertificateVerificationConfig(revocationVerifierParam));
+ CertificateVerificationConfig cvConfig = revocationVerifierParam !=
null ?
+ new CertificateVerificationConfig(revocationVerifierParam) :
null;
+ return createSSLSetupHandler(hostnameVerifierValue, cvConfig);
}
/**
@@ -316,7 +317,7 @@ public class PassThroughHttpSSLSender ex
throw new SSLException("Host name verification failed for
host : " + address);
}
- if (cvConfig.isEnabled()) {
+ if (cvConfig != null) {
//Do revocation verification of Certificates
try {
ocspCrl.verifyRevocationStatus(session.getPeerCertificateChain(),
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/CertificateVerificationConfig.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/CertificateVerificationConfig.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/CertificateVerificationConfig.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/CertificateVerificationConfig.java
Wed Aug 7 18:46:50 2013
@@ -21,39 +21,29 @@ package org.apache.synapse.transport.uti
import org.apache.axiom.om.OMElement;
import org.apache.axis2.description.Parameter;
-import org.apache.axis2.util.JavaUtils;
import javax.xml.namespace.QName;
public class CertificateVerificationConfig {
- private boolean enabled;
private Integer cacheSize = Constants.CACHE_DEFAULT_ALLOCATED_SIZE;
- private Integer cacheDuration = Constants.CACHE_DEFAULT_DELAY_MINS;
+ private Integer cacheDuration = Constants.CACHE_DEFAULT_DURATION_MINS;
public CertificateVerificationConfig(Parameter param) {
if (param == null) {
- return;
+ throw new IllegalArgumentException("Parameter must not be null");
}
OMElement element = param.getParameterElement();
- OMElement enabledElement = element.getFirstChildWithName(new
QName("Enabled"));
- if (enabledElement != null &&
JavaUtils.isTrueExplicitly(enabledElement.getText())) {
- enabled = true;
- }
OMElement sizeElement = element.getFirstChildWithName(new
QName("CacheSize"));
if (sizeElement != null) {
cacheSize = new Integer(sizeElement.getText());
}
- OMElement delayElement = element.getFirstChildWithName(new
QName("CacheDelayMins"));
- if (delayElement != null) {
- cacheSize = new Integer(delayElement.getText());
+ OMElement durationElement = element.getFirstChildWithName(new
QName("CacheDurationMins"));
+ if (durationElement != null) {
+ cacheDuration = new Integer(durationElement.getText());
}
}
- public boolean isEnabled() {
- return enabled;
- }
-
public Integer getCacheSize() {
return cacheSize;
}
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/Constants.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/Constants.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/Constants.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/Constants.java
Wed Aug 7 18:46:50 2013
@@ -24,9 +24,9 @@ public interface Constants {
public static final int CACHE_MAX_ALLOCATED_SIZE = 10000;
public static final int CACHE_MIN_ALLOCATED_SIZE = 50;
public static final int CACHE_DEFAULT_ALLOCATED_SIZE = 50;
- public static final int CACHE_MAX_DELAY_MINS = 60 * 24;
- public static final int CACHE_MIN_DELAY_MINS = 1;
- public static final int CACHE_DEFAULT_DELAY_MINS = 15;
+ public static final int CACHE_MAX_DURATION_MINS = 60 * 24;
+ public static final int CACHE_MIN_DURATION_MINS = 1;
+ public static final int CACHE_DEFAULT_DURATION_MINS = 15;
public static final String REVOCATION_MANAGER =
"org.apache.synapse.transport.utils.sslcert." +
"RevocationVerificationManager";
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationManager.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationManager.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationManager.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationManager.java
Wed Aug 7 18:46:50 2013
@@ -37,18 +37,18 @@ import java.security.cert.X509Certificat
public class RevocationVerificationManager {
private int cacheSize = Constants.CACHE_DEFAULT_ALLOCATED_SIZE;
- private int cacheDelayMins = Constants.CACHE_DEFAULT_DELAY_MINS;
+ private int cacheDurationMins = Constants.CACHE_DEFAULT_DURATION_MINS;
private static final Log log =
LogFactory.getLog(RevocationVerificationManager.class);
- public RevocationVerificationManager(Integer cacheAllocatedSize, Integer
cacheDelayMins) {
+ public RevocationVerificationManager(Integer cacheAllocatedSize, Integer
cacheDurationMins) {
if (cacheAllocatedSize != null && cacheAllocatedSize >
Constants.CACHE_MIN_ALLOCATED_SIZE
&& cacheAllocatedSize < Constants.CACHE_MAX_ALLOCATED_SIZE) {
this.cacheSize = cacheAllocatedSize;
}
- if (cacheDelayMins != null && cacheDelayMins >
Constants.CACHE_MIN_DELAY_MINS
- && cacheDelayMins < Constants.CACHE_MAX_DELAY_MINS) {
- this.cacheDelayMins = cacheDelayMins;
+ if (cacheDurationMins != null && cacheDurationMins >
Constants.CACHE_MIN_DURATION_MINS
+ && cacheDurationMins < Constants.CACHE_MAX_DURATION_MINS) {
+ this.cacheDurationMins = cacheDurationMins;
}
}
@@ -68,9 +68,9 @@ public class RevocationVerificationManag
long start = System.currentTimeMillis();
OCSPCache ocspCache = OCSPCache.getCache();
- ocspCache.init(cacheSize, cacheDelayMins);
+ ocspCache.init(cacheSize, cacheDurationMins);
CRLCache crlCache = CRLCache.getCache();
- crlCache.init(cacheSize, cacheDelayMins);
+ crlCache.init(cacheSize, cacheDurationMins);
RevocationVerifier[] verifiers = {new OCSPVerifier(ocspCache), new
CRLVerifier(crlCache)};
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheController.java
Wed Aug 7 18:46:50 2013
@@ -37,8 +37,8 @@ public class CacheController implements
return cacheManager.wakeUpNow();
}
- public boolean changeCacheManagerDelayMins(int delay){
- return cacheManager.changeDelay(delay);
+ public boolean changeCacheManagerDurationMins(int duration){
+ return cacheManager.changeDuration(duration);
}
public boolean isCacheManagerRunning() {
@@ -49,7 +49,7 @@ public class CacheController implements
return cache.getCacheSize();
}
- public int getCacheManagerDelayMins(){
- return cacheManager.getDelay();
+ public int getCacheManagerDurationMins(){
+ return cacheManager.getDuration();
}
}
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheControllerMBean.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheControllerMBean.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheControllerMBean.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheControllerMBean.java
Wed Aug 7 18:46:50 2013
@@ -35,10 +35,10 @@ public interface CacheControllerMBean {
/**
* Changes cacheManager task scheduled period.
- * @param delay Delay which cacheManager thread waits to start its task
again.
- * @return true if successfully changed delay. False otherwise.
+ * @param duration Duration which cacheManager thread waits to start its
task again.
+ * @return true if successfully changed duration. False otherwise.
*/
- public boolean changeCacheManagerDelayMins(int delay);
+ public boolean changeCacheManagerDurationMins(int duration);
/**
* @return true if CacheManager is running. False if its stopped.
@@ -51,7 +51,7 @@ public interface CacheControllerMBean {
public int getCacheSize();
/**
- * @return cacheManager delay in minutes.
+ * @return cacheManager duration in minutes.
*/
- public int getCacheManagerDelayMins();
+ public int getCacheManagerDurationMins();
}
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/main/java/org/apache/synapse/transport/utils/sslcert/cache/CacheManager.java
Wed Aug 7 18:46:50 2013
@@ -32,7 +32,7 @@ import java.util.concurrent.TimeUnit;
/**
* Cache Manager takes care of and maintains an LRU cache which implements
ManageableCache Interface.
- * Delay should be configured such that cacheManager is not too much involved
with the cache,
+ * Duration should be configured such that cacheManager is not too much
involved with the cache,
* but manages it optimally.
*/
public class CacheManager {
@@ -45,7 +45,7 @@ public class CacheManager {
private ScheduledFuture scheduledFuture = null;
private ManageableCache cache;
private int cacheMaxSize;
- private int delay;
+ private int duration;
private CacheManagingTask cacheManagingTask;
/**
@@ -55,23 +55,23 @@ public class CacheManager {
* @param cacheMaxSize Maximum size of the cache. If the cache exceeds
this size, LRU values
* will be removed
*/
- public CacheManager(ManageableCache cache, int cacheMaxSize, int delay) {
+ public CacheManager(ManageableCache cache, int cacheMaxSize, int duration)
{
scheduler = Executors.newSingleThreadScheduledExecutor();
this.cache = cache;
this.cacheMaxSize = cacheMaxSize;
this.cacheManagingTask = new CacheManagingTask();
- this.delay = delay;
+ this.duration = duration;
start();
}
/**
- * To Start the CacheManager. Should be called only once per CacheManager
so called in
- * constructor. CacheManager will run its scheduled task every "delay"
number of minutes.
+ * To Start the CacheManager. Should be called only once per CacheManager
hence called in
+ * constructor. CacheManager will run its scheduled task every "duration"
number of minutes.
*/
private boolean start() {
if (scheduledFuture == null || (scheduledFuture.isCancelled())) {
scheduledFuture =
scheduler.scheduleWithFixedDelay(cacheManagingTask,
- delay, delay, TimeUnit.MINUTES);
+ duration, duration, TimeUnit.MINUTES);
log.info(cache.getClass().getSimpleName()+" Cache Manager
Started");
return true;
}
@@ -79,7 +79,7 @@ public class CacheManager {
}
/**
- * To wake cacheManager up at will. If this method is called while its
task is running, it
+ * Used to wake cacheManager up at will. If this method is called while
its task is running, it
* will run its task again soon after its done. CacheManagerTask will be
rescheduled as before.
* @return true if successfully waken up. false otherwise.
*/
@@ -89,7 +89,7 @@ public class CacheManager {
scheduledFuture.cancel(DO_NOT_INTERRUPT_IF_RUNNING);
}
scheduledFuture =
scheduler.scheduleWithFixedDelay(cacheManagingTask,
- 0, delay,TimeUnit.MINUTES);
+ 0, duration,TimeUnit.MINUTES);
log.info(cache.getClass().getSimpleName()+" Cache Manager Wakened
Up.....");
return true;
}
@@ -97,24 +97,24 @@ public class CacheManager {
}
/**
- * Change the cacheManager delay (schedule period) to given value.
- * @param delay new delay to which the cacheManager schedule period should
change.
+ * Change the cacheManager duration (schedule period) to given value.
+ * @param duration new duration to which the cacheManager schedule period
should change.
* @return true if successfully changed. false otherwise.
- * @throws IllegalArgumentException if given delay is not between the
allowed limit.
+ * @throws IllegalArgumentException if given duration is not between the
allowed limit.
*/
- public boolean changeDelay(int delay) throws IllegalArgumentException {
- int min = Constants.CACHE_MIN_DELAY_MINS;
- int max = Constants.CACHE_MAX_DELAY_MINS;
- if (delay < min || delay > max) {
- throw new IllegalArgumentException("Delay time should should be
between " + min +
+ public boolean changeDuration(int duration) throws
IllegalArgumentException {
+ int min = Constants.CACHE_MIN_DURATION_MINS;
+ int max = Constants.CACHE_MAX_DURATION_MINS;
+ if (duration < min || duration > max) {
+ throw new IllegalArgumentException("Duration time should should be
between " + min +
" and " + max + " minutes");
}
- this.delay = delay;
+ this.duration = duration;
return wakeUpNow();
}
- public int getDelay(){
- return delay;
+ public int getDuration(){
+ return duration;
}
/**
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/CRLVerifierTest.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/CRLVerifierTest.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/CRLVerifierTest.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/CRLVerifierTest.java
Wed Aug 7 18:46:50 2013
@@ -20,7 +20,8 @@ package org.apache.synapse.transport.uti
import junit.framework.TestCase;
import org.apache.synapse.transport.utils.sslcert.crl.CRLCache;
-import org.apache.synapse.transport.utils.sslcert.crl.CRLVerifier;import
org.bouncycastle.asn1.DERObjectIdentifier;
+import org.apache.synapse.transport.utils.sslcert.crl.CRLVerifier;
+import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.x509.*;
import org.bouncycastle.x509.X509V2CRLGenerator;
import org.bouncycastle.x509.X509V3CertificateGenerator;
@@ -37,12 +38,15 @@ import java.util.List;
public class CRLVerifierTest extends TestCase {
/**
- * To test CRLVerifier behaviour when a revoked certificate is given, a
fake certificate will be created, signed
- * by a fake root certificate. To make our life easy, the
CrlDistributionPoint extension will be extracted from
- * the real peer certificate in resources directory and copied to the fake
certificate as a certificate extension.
- * So the criDistributionPointURL in the fake certificate will be the same
as in the real certificate.
- * The created X509CRL object will be put to CRLCache against the
criDistributionPointURL. Since the crl is in the
- * cache, there will NOT be a remote call to the CRL server at
criDistributionPointURL.
+ * To test CRLVerifier behaviour when a revoked certificate is given, a
fake certificate will
+ * be created, signed by a fake root certificate. To make our life easy,
+ * the CrlDistributionPoint extension will be extracted from the real peer
certificate in
+ * resources directory and copied to the fake certificate as a certificate
extension. So the
+ * criDistributionPointURL in the fake certificate will be the same as in
the real certificate.
+ * The created X509CRL object will be put to CRLCache against the
criDistributionPointURL.
+ * Since the crl is in the cache, there will NOT be a remote call to the
CRL server at
+ * criDistributionPointURL.
+ *
* @throws Exception
*/
public void testRevokedCertificate() throws Exception {
@@ -60,10 +64,12 @@ public class CRLVerifierTest extends Tes
KeyPair caKeyPair = utils.generateRSAKeyPair();
X509Certificate fakeCACert = utils.generateFakeRootCert(caKeyPair);
- //Create fake peer certificate signed by the fake CA private key. This
will be a revoked certificate.
+ //Create fake peer certificate signed by the fake CA private key. This
will be a revoked
+ // certificate.
KeyPair peerKeyPair = utils.generateRSAKeyPair();
BigInteger revokedSerialNumber = BigInteger.valueOf(111);
- X509Certificate fakeRevokedCertificate =
generateFakePeerCert(revokedSerialNumber, peerKeyPair.getPublic(),
+ X509Certificate fakeRevokedCertificate =
generateFakePeerCert(revokedSerialNumber,
+ peerKeyPair.getPublic(),
caKeyPair.getPrivate(), fakeCACert, realPeerCertificate);
//Create a crl with fakeRevokedCertificate marked as revoked.
@@ -73,15 +79,17 @@ public class CRLVerifierTest extends Tes
cache.init(5, 5);
cache.setCacheValue(crlDistributionPointUrl, x509CRL);
- CRLVerifier crlVerifier = new CRLVerifier(cache);
+ CRLVerifier crlVerifier = new CRLVerifier(cache);
RevocationStatus status =
crlVerifier.checkRevocationStatus(fakeRevokedCertificate, null);
- //the fake crl we created will be checked if the fake certificate is
revoked. So the status should be REVOKED.
+ //the fake crl we created will be checked if the fake certificate is
revoked. So the
+ // status should be REVOKED.
assertTrue(status == RevocationStatus.REVOKED);
}
/**
* This will use Reflection to call getCrlDistributionPoints() private
method in CRLVerifier.
+ *
* @param certificate is a certificate with a proper CRLDistributionPoints
extension.
* @return the extracted cRLDistributionPointUrl.
* @throws Exception
@@ -91,24 +99,30 @@ public class CRLVerifierTest extends Tes
CRLVerifier crlVerifier = new CRLVerifier(null);
// use reflection since getCrlDistributionPoints() is private.
Class<? extends CRLVerifier> crlVerifierClass = crlVerifier.getClass();
- Method getCrlDistributionPoints =
crlVerifierClass.getDeclaredMethod("getCrlDistributionPoints",
X509Certificate.class);
+ Method getCrlDistributionPoints = crlVerifierClass.getDeclaredMethod
+ ("getCrlDistributionPoints", X509Certificate.class);
getCrlDistributionPoints.setAccessible(true);
//getCrlDistributionPoints(..) returns a list of urls. Get the first
one.
- List<String> distPoints = (List<String>)
getCrlDistributionPoints.invoke(crlVerifier, certificate);
+ List<String> distPoints = (List<String>)
getCrlDistributionPoints.invoke(crlVerifier,
+ certificate);
return distPoints.get(0);
}
/**
- * Creates a fake CRL for the fake CA. The fake certificate with the given
revokedSerialNumber will be marked
+ * Creates a fake CRL for the fake CA. The fake certificate with the given
+ * revokedSerialNumber will be marked
* as Revoked in the returned CRL.
- * @param caCert the fake CA certificate.
- * @param caPrivateKey private key of the fake CA.
- * @param revokedSerialNumber the serial number of the fake peer
certificate made to be marked as revoked.
+ *
+ * @param caCert the fake CA certificate.
+ * @param caPrivateKey private key of the fake CA.
+ * @param revokedSerialNumber the serial number of the fake peer
certificate made to be
+ * marked as revoked.
* @return the created fake CRL
* @throws Exception
*/
- public static X509CRL createCRL(X509Certificate caCert, PrivateKey
caPrivateKey, BigInteger revokedSerialNumber)
+ public static X509CRL createCRL(X509Certificate caCert, PrivateKey
caPrivateKey,
+ BigInteger revokedSerialNumber)
throws Exception {
X509V2CRLGenerator crlGen = new X509V2CRLGenerator();
@@ -118,19 +132,23 @@ public class CRLVerifierTest extends Tes
crlGen.setNextUpdate(new Date(now.getTime() +
TestConstants.NEXT_UPDATE_PERIOD));
crlGen.setSignatureAlgorithm("SHA256WithRSAEncryption");
crlGen.addCRLEntry(revokedSerialNumber, now,
CRLReason.privilegeWithdrawn);
- crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new
AuthorityKeyIdentifierStructure(caCert));
+ crlGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false,
+ new AuthorityKeyIdentifierStructure(caCert));
crlGen.addExtension(X509Extensions.CRLNumber, false, new
CRLNumber(BigInteger.valueOf(1)));
return crlGen.generateX509CRL(caPrivateKey, "BC");
}
public X509Certificate generateFakePeerCert(BigInteger serialNumber,
PublicKey entityKey,
- PrivateKey caKey,
X509Certificate caCert, X509Certificate firstCertificate)
+ PrivateKey caKey,
X509Certificate caCert,
+ X509Certificate
firstCertificate)
throws Exception {
Utils utils = new Utils();
- X509V3CertificateGenerator certGen =
utils.getUsableCertificateGenerator(caCert, entityKey, serialNumber);
- certGen.copyAndAddExtension(new
DERObjectIdentifier(X509Extensions.CRLDistributionPoints.getId()), false,
firstCertificate);
+ X509V3CertificateGenerator certGen =
utils.getUsableCertificateGenerator(caCert,
+ entityKey, serialNumber);
+ certGen.copyAndAddExtension(new
DERObjectIdentifier(X509Extensions.CRLDistributionPoints
+ .getId()), false, firstCertificate);
return certGen.generateX509Certificate(caKey, "BC");
}
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/OCSPVerifierTest.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/OCSPVerifierTest.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/OCSPVerifierTest.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/OCSPVerifierTest.java
Wed Aug 7 18:46:50 2013
@@ -39,15 +39,16 @@ import java.util.Vector;
public class OCSPVerifierTest extends TestCase {
/**
- * A fake certificate signed by a fake CA is made as the revoked
certificate. The created OCSP response to the
- * OCSP request will say that that the fake peer certificate is revoked.
The SingleResp derived from the OCSP
- * response will be put in to the cache against the serial number of the
fake peer certificate. Since the SingleResp
- * which corresponds to the revokedSerialNumber is in the cache, there
will NOT be a call to a remote OCSP server.
+ * A fake certificate signed by a fake CA is made as the revoked
certificate. The created OCSP
+ * response to the OCSP request will say that that the fake peer
certificate is revoked. The
+ * SingleResp derived from the OCSP response will be put in to the cache
against the serial
+ * number of the fake peer certificate. Since the SingleResp which
corresponds to the
+ * revokedSerialNumber is in the cache, there will NOT be a call to a
remote OCSP server.
* Note that the serviceUrl passed to cache.setCacheValue(..) is null
since it is not needed.
*
* @throws Exception
*/
- public void testOCSPVerifier() throws Exception{
+ public void testOCSPVerifier() throws Exception {
//Add BouncyCastle as Security Provider.
Security.addProvider(new
org.bouncycastle.jce.provider.BouncyCastleProvider());
@@ -57,74 +58,88 @@ public class OCSPVerifierTest extends Te
KeyPair caKeyPair = utils.generateRSAKeyPair();
X509Certificate caCert = utils.generateFakeRootCert(caKeyPair);
- //Create fake peer certificate signed by the fake CA private key. This
will be a revoked certificate.
+ //Create fake peer certificate signed by the fake CA private key. This
will be a revoked
+ // certificate.
KeyPair peerKeyPair = utils.generateRSAKeyPair();
BigInteger revokedSerialNumber = BigInteger.valueOf(111);
- X509Certificate revokedCertificate =
generateFakePeerCert(revokedSerialNumber, peerKeyPair.getPublic(),
+ X509Certificate revokedCertificate =
generateFakePeerCert(revokedSerialNumber,
+ peerKeyPair.getPublic(),
caKeyPair.getPrivate(), caCert);
- //Create OCSP request to check if certificate with "serialNumber ==
revokedSerialNumber" is revoked.
- OCSPReq request = getOCSPRequest(caCert,revokedSerialNumber);
+ //Create OCSP request to check if certificate with "serialNumber ==
revokedSerialNumber"
+ // is revoked.
+ OCSPReq request = getOCSPRequest(caCert, revokedSerialNumber);
//Create OCSP response saying that certificate with given serialNumber
is revoked.
- CertificateID revokedID = new CertificateID(CertificateID.HASH_SHA1,
caCert, revokedSerialNumber);
- OCSPResp response = generateOCSPResponse(request,
caKeyPair.getPrivate(), caKeyPair.getPublic(), revokedID);
- SingleResp singleResp =
((BasicOCSPResp)response.getResponseObject()).getResponses()[0];
+ CertificateID revokedID = new CertificateID(CertificateID.HASH_SHA1,
caCert,
+ revokedSerialNumber);
+ OCSPResp response = generateOCSPResponse(request,
caKeyPair.getPrivate(),
+ caKeyPair.getPublic(), revokedID);
+ SingleResp singleResp = ((BasicOCSPResp)
response.getResponseObject()).getResponses()[0];
OCSPCache cache = OCSPCache.getCache();
- cache.init(5,5);
- cache.setCacheValue(revokedSerialNumber,singleResp, request, null);
+ cache.init(5, 5);
+ cache.setCacheValue(revokedSerialNumber, singleResp, request, null);
- OCSPVerifier ocspVerifier= new OCSPVerifier(cache);
+ OCSPVerifier ocspVerifier = new OCSPVerifier(cache);
RevocationStatus status =
ocspVerifier.checkRevocationStatus(revokedCertificate, caCert);
- //the cache will have the SingleResponse derived from the OCSP
response and it will be checked to see if the
+ //the cache will have the SingleResponse derived from the OCSP
response and it will be
+ // checked to see if the
//fake certificate is revoked. So the status should be REVOKED.
assertTrue(status == RevocationStatus.REVOKED);
}
/**
- * An OCSP request is made to be given to the fake CA. Reflection is used
to call generateOCSPRequest(..) private
- * method in OCSPVerifier.
+ * An OCSP request is made to be given to the fake CA. Reflection is used
to call
+ * generateOCSPRequest(..) private method in OCSPVerifier.
*
- * @param caCert the fake CA certificate.
- * @param revokedSerialNumber the serial number of the certificate which
needs to be checked if revoked.
+ * @param caCert the fake CA certificate.
+ * @param revokedSerialNumber the serial number of the certificate which
needs to be checked
+ * if revoked.
* @return the created OCSP request.
* @throws Exception
*/
- private OCSPReq getOCSPRequest(X509Certificate caCert, BigInteger
revokedSerialNumber) throws Exception{
+ private OCSPReq getOCSPRequest(X509Certificate caCert, BigInteger
revokedSerialNumber) throws
+ Exception {
OCSPVerifier ocspVerifier = new OCSPVerifier(null);
Class ocspVerifierClass = ocspVerifier.getClass();
- Method generateOCSPRequest =
ocspVerifierClass.getDeclaredMethod("generateOCSPRequest",
X509Certificate.class,
+ Method generateOCSPRequest =
ocspVerifierClass.getDeclaredMethod("generateOCSPRequest",
+ X509Certificate.class,
BigInteger.class);
generateOCSPRequest.setAccessible(true);
- OCSPReq request = (OCSPReq)generateOCSPRequest.invoke(ocspVerifier,
caCert, revokedSerialNumber);
+ OCSPReq request = (OCSPReq) generateOCSPRequest.invoke(ocspVerifier,
caCert,
+ revokedSerialNumber);
return request;
}
/**
- * This makes the corresponding OCSP response to the OCSP request which is
sent to the fake CA. If the request
- * has a certificateID which is marked as revoked by the CA, the OCSP
response will say that the certificate
- * which is referred to by the request, is revoked.
+ * This makes the corresponding OCSP response to the OCSP request which is
sent to the fake CA.
+ * If the request has a certificateID which is marked as revoked by the
CA, the OCSP response
+ * will say that the certificate which is referred to by the request, is
revoked.
*
- * @param request the OCSP request which asks if the certificate is
revoked.
+ * @param request the OCSP request which asks if the certificate is
revoked.
* @param caPrivateKey privateKey of the fake CA.
* @param caPublicKey publicKey of the fake CA
- * @param revokedID the ID at fake CA which is checked against the
certificateId in the request.
+ * @param revokedID the ID at fake CA which is checked against the
certificateId in the
+ * request.
* @return the created OCSP response by the fake CA.
* @throws NoSuchProviderException
* @throws OCSPException
*/
- private OCSPResp generateOCSPResponse(OCSPReq request, PrivateKey
caPrivateKey, PublicKey caPublicKey,
- CertificateID revokedID) throws
NoSuchProviderException, OCSPException {
+ private OCSPResp generateOCSPResponse(OCSPReq request, PrivateKey
caPrivateKey,
+ PublicKey caPublicKey,
+ CertificateID revokedID) throws
+ NoSuchProviderException, OCSPException {
BasicOCSPRespGenerator basicOCSPRespGenerator = new
BasicOCSPRespGenerator(caPublicKey);
X509Extensions requestExtensions = request.getRequestExtensions();
if (requestExtensions != null) {
- X509Extension extension =
requestExtensions.getExtension(OCSPObjectIdentifiers.id_pkix_ocsp_nonce);
+ X509Extension extension =
requestExtensions.getExtension(OCSPObjectIdentifiers
+ .id_pkix_ocsp_nonce);
if (extension != null) {
@@ -146,26 +161,28 @@ public class OCSPVerifierTest extends Te
if (certID.equals(revokedID)) {
- RevokedStatus revokedStatus = new RevokedStatus(new Date(),
CRLReason.privilegeWithdrawn);
+ RevokedStatus revokedStatus = new RevokedStatus(new Date(),
+ CRLReason.privilegeWithdrawn);
Date nextUpdate = new Date(new Date().getTime() +
TestConstants.NEXT_UPDATE_PERIOD);
- basicOCSPRespGenerator.addResponse(certID, revokedStatus ,
nextUpdate , null);
- }
- else {
+ basicOCSPRespGenerator.addResponse(certID, revokedStatus,
nextUpdate, null);
+ } else {
basicOCSPRespGenerator.addResponse(certID,
CertificateStatus.GOOD);
}
}
- BasicOCSPResp basicResp =
basicOCSPRespGenerator.generate("SHA256WithRSA", caPrivateKey, null, new
Date(), "BC");
+ BasicOCSPResp basicResp =
basicOCSPRespGenerator.generate("SHA256WithRSA", caPrivateKey,
+ null, new Date(), "BC");
OCSPRespGenerator respGen = new OCSPRespGenerator();
return respGen.generate(OCSPRespGenerator.SUCCESSFUL, basicResp);
}
private X509Certificate generateFakePeerCert(BigInteger serialNumber,
PublicKey entityKey,
- PrivateKey caKey,
X509Certificate caCert)
+ PrivateKey caKey,
X509Certificate caCert)
throws Exception {
Utils utils = new Utils();
- X509V3CertificateGenerator certGen =
utils.getUsableCertificateGenerator(caCert,entityKey, serialNumber);
+ X509V3CertificateGenerator certGen =
utils.getUsableCertificateGenerator(caCert,
+ entityKey, serialNumber);
return certGen.generateX509Certificate(caKey, "BC");
}
}
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationTest.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationTest.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationTest.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/RevocationVerificationTest.java
Wed Aug 7 18:46:50 2013
@@ -31,11 +31,13 @@ import java.security.cert.X509Certificat
public class RevocationVerificationTest extends TestCase {
/**
- * Tests CRL Path Validation with the use of a real certificate chain. The
verification process will make
- * HTTP calls to remote CRL server URLs extracted from the certificates in
the chain. Usually these certificates
- * will not be revoked. So the path validation must be successful to pass
the test. In case they are revoked
- * or expired, new certificates should be added to the resources directory
and Constants should be modified
- * accordingly. See the interface TestConstants for expiry dates of the
certificates.
+ * Tests CRL Path Validation with the use of a real certificate chain. The
verification process
+ * will make HTTP calls to remote CRL server URLs extracted from the
certificates in the
+ * chain. Usually these certificates will not be revoked. So the path
validation must be
+ * successful to pass the test. In case they are revoked or expired, new
certificates should
+ * be added to the resources directory and Constants should be modified
accordingly. See the
+ * interface TestConstants for expiry dates of the certificates.
+ *
* @throws Exception
*/
public void testCRLPathValidation() throws Exception {
@@ -55,8 +57,9 @@ public class RevocationVerificationTest
}
/**
- * Tests CRL path validation with fake certificates. The path validation
should fail since they are fake and do not
- * contain proper information.
+ * Tests CRL path validation with fake certificates. The path validation
should fail since
+ * they are fake and do not contain proper information.
+ *
* @throws Exception
*/
public void testCRLPathValidationWithFakeCerts() throws Exception {
@@ -75,8 +78,10 @@ public class RevocationVerificationTest
}
/**
- * Tests path validation with OCSP. The process makes remote HTTP requests
to corresponding OCSP servers at the
- * certificate authorities. The path validation must be successful to pass
the test.
+ * Tests path validation with OCSP. The process makes remote HTTP requests
to corresponding
+ * OCSP servers at the certificate authorities. The path validation must
be successful to
+ * pass the test.
+ *
* @throws Exception
*/
public void testOCSPPathValidation() throws Exception {
@@ -95,8 +100,10 @@ public class RevocationVerificationTest
}
/**
- * Tests OCSP path validation with a chain of fake certificates. In order
to pass the test, the path validation
- * should fail since the certificates are fake and do not contain right
information.
+ * Tests OCSP path validation with a chain of fake certificates. In order
to pass the test,
+ * the path validation should fail since the certificates are fake and do
not contain right
+ * information.
+ *
* @throws Exception
*/
public void testOCSPPathValidationWithFakeCerts() throws Exception {
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/TestConstants.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/TestConstants.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/TestConstants.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/TestConstants.java
Wed Aug 7 18:46:50 2013
@@ -26,14 +26,14 @@ public interface TestConstants {
final static int NEXT_UPDATE_PERIOD = 1000000;
/**
- * The certificates in the resources folder will contain the certificates
in the certificate chain from
- * https://www.github.com
- * These certificates are chosen because the certificate issuers support
both CRL and OCSP. Read the certificates for
- * more details.
- *
- * CAUTION: Replace the certificates if they expire or are marked as
revoked by their issuers. At the moment they are
- * valid. The expiry dates of the certificates are as follows:
- *
+ * The certificates in the resources folder will contain the certificates
in the certificate
+ * chain from https://www.github.com
+ * These certificates are chosen because the certificate issuers support
both CRL and OCSP.
+ * Read the certificates for more details.
+ * <p/>
+ * CAUTION: Replace the certificates if they expire or are marked as
revoked by their issuers.
+ * At the moment they are valid. The expiry dates of the certificates are
as follows:
+ * <p/>
* github.com : 09/02/2015
* DigiCertHighAssuranceEVCA-1 : 11/10/2021
* DigiCertHighAssuranceEVRootCA : 11/10/2031
Modified:
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/Utils.java
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/Utils.java?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
---
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/Utils.java
(original)
+++
synapse/trunk/java/modules/transports/core/nhttp/src/test/java/org/apache/synapse/transport/utils/sslcert/Utils.java
Wed Aug 7 18:46:50 2013
@@ -38,8 +38,8 @@ public class Utils {
public X509Certificate generateFakeRootCert(KeyPair pair) throws Exception
{
-
- X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
+
+ X509V1CertificateGenerator certGen = new X509V1CertificateGenerator();
certGen.setSerialNumber(BigInteger.valueOf(1));
certGen.setIssuerDN(new X500Principal("CN=Test CA Certificate"));
certGen.setNotBefore(new Date(System.currentTimeMillis()));
@@ -60,15 +60,18 @@ public class Utils {
}
/**
- * CRLVerifierTest and OCSPVerifierTest both will use this method. This
has common code for both test classes
- * in creating fake peer certificates.
- * @param caCert Certificate of CA which signs the peer certificate which
will be generated.
+ * CRLVerifierTest and OCSPVerifierTest both will use this method. This
has common code for both
+ * test classes in creating fake peer certificates.
+ *
+ * @param caCert Certificate of CA which signs the peer certificate
which will be
+ * generated.
* @param peerPublicKey public key of the peer certificate which will be
generated.
* @param serialNumber serial number of the peer certificate.
* @return
*/
public X509V3CertificateGenerator
getUsableCertificateGenerator(X509Certificate caCert,
- PublicKey
peerPublicKey, BigInteger serialNumber){
+ PublicKey
peerPublicKey,
+ BigInteger
serialNumber) {
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.setSerialNumber(serialNumber);
@@ -84,45 +87,52 @@ public class Utils {
/**
* Generate X509Certificate object from the peer certificate file in
resources directory.
+ *
* @return the created certificate object.
* @throws Exception
*/
- public X509Certificate getRealPeerCertificate()throws Exception {
+ public X509Certificate getRealPeerCertificate() throws Exception {
return createCertificateFromResourceFile(TestConstants.REAL_PEER_CERT);
}
/**
* Create a certificate chain from the certificates in the resources
directory.
+ *
* @return created array of certificates.
* @throws Exception
*/
public X509Certificate[] getRealCertificateChain() throws Exception {
X509Certificate peerCert =
createCertificateFromResourceFile(TestConstants.REAL_PEER_CERT);
- X509Certificate intermediateCert =
createCertificateFromResourceFile(TestConstants.INTERMEDIATE_CERT);
+ X509Certificate intermediateCert =
createCertificateFromResourceFile(TestConstants
+ .INTERMEDIATE_CERT);
X509Certificate rootCert =
createCertificateFromResourceFile(TestConstants.ROOT_CERT);
- return new X509Certificate[]{ peerCert,intermediateCert,rootCert };
+ return new X509Certificate[]{peerCert, intermediateCert, rootCert};
}
/**
- * Generates a fake certificate chain. The array will contain two
certificates, the root and the peer.
+ * Generates a fake certificate chain. The array will contain two
certificates, the root and
+ * the peer.
+ *
* @return the created array of certificates.
* @throws Exception
*/
- public X509Certificate[] getFakeCertificateChain() throws Exception{
+ public X509Certificate[] getFakeCertificateChain() throws Exception {
KeyPair rootKeyPair = generateRSAKeyPair();
X509Certificate rootCert = generateFakeRootCert(rootKeyPair);
KeyPair entityKeyPair = generateRSAKeyPair();
- BigInteger entitySerialNum =BigInteger.valueOf(111);
+ BigInteger entitySerialNum = BigInteger.valueOf(111);
X509V3CertificateGenerator certGen =
getUsableCertificateGenerator(rootCert,
entityKeyPair.getPublic(), entitySerialNum);
- X509Certificate entityCert =
certGen.generateX509Certificate(rootKeyPair.getPrivate(), "BC");
+ X509Certificate entityCert =
certGen.generateX509Certificate(rootKeyPair.getPrivate(),
+ "BC");
return new X509Certificate[]{entityCert, rootCert};
}
- private X509Certificate createCertificateFromResourceFile(String
resourcePath) throws Exception{
+ private X509Certificate createCertificateFromResourceFile(String
resourcePath) throws
+ Exception {
CertificateFactory certFactory =
CertificateFactory.getInstance("X.509", "BC");
File faceBookCertificateFile = new
File(this.getClass().getResource(resourcePath).toURI());
Modified: synapse/trunk/java/repository/conf/axis2.xml
URL:
http://svn.apache.org/viewvc/synapse/trunk/java/repository/conf/axis2.xml?rev=1511435&r1=1511434&r2=1511435&view=diff
==============================================================================
--- synapse/trunk/java/repository/conf/axis2.xml (original)
+++ synapse/trunk/java/repository/conf/axis2.xml Wed Aug 7 18:46:50 2013
@@ -315,9 +315,8 @@
supports Strict|AllowAll|DefaultAndLocalhost or the default if
none specified -->
<!-- Uncomment to enable OCSP/CRL certification revocation
verification support
<parameter name="CertificateRevocationVerifier" locked="false">
- <Enabled>true</Enabled>
<CacheSize>50</CacheSize>
- <CacheDelayMins>15</CacheDelayMins>
+ <CacheDurationMins>15</CacheDurationMins>
</parameter-->
</transportSender>
