Author: dkulp
Date: Tue Aug 21 13:18:00 2007
New Revision: 568252
URL: http://svn.apache.org/viewvc?rev=568252&view=rev
Log:
[CXF-929] Store the SSLSocketFactory so the URL connection can actually honor
the Keep-Alive stuff.
Modified:
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf
Modified:
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
URL:
http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java?rev=568252&r1=568251&r2=568252&view=diff
==============================================================================
---
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
(original)
+++
incubator/cxf/trunk/rt/transports/http/src/main/java/org/apache/cxf/transport/https/HttpsURLConnectionFactory.java
Tue Aug 21 13:18:00 2007
@@ -34,6 +34,7 @@
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSession;
+import javax.net.ssl.SSLSocketFactory;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
@@ -59,6 +60,8 @@
private static final Logger LOG =
LogUtils.getL7dLogger(HttpsURLConnectionFactory.class);
+ private static final HostnameVerifier VERIFIER = new
AlwaysTrueHostnameVerifier();
+
/*
* For development and testing only
*/
@@ -82,6 +85,12 @@
* this factory.
*/
TLSClientParameters tlsClientParameters;
+
+
+ /**
+ * Cache the last SSLContext to avoid recreation
+ */
+ SSLSocketFactory socketFactory;
/**
* This constructor initialized the factory with the configured TLS
@@ -156,7 +165,7 @@
* returning true, delegate the trust decision to the
* MessageTrustDecider.
*/
- private class AlwaysTrueHostnameVerifier implements HostnameVerifier {
+ private static class AlwaysTrueHostnameVerifier implements
HostnameVerifier {
public boolean verify(
String hostname,
@@ -171,43 +180,42 @@
* This method assigns the various TLS parameters on the HttpsURLConnection
* from the TLS Client Parameters.
*/
- protected void decorateWithTLS(HttpsURLConnection connection)
+ protected synchronized void decorateWithTLS(HttpsURLConnection connection)
throws NoSuchAlgorithmException,
NoSuchProviderException,
KeyManagementException {
- String provider = tlsClientParameters.getJsseProvider();
-
- String protocol = tlsClientParameters.getSecureSocketProtocol() != null
- ? tlsClientParameters.getSecureSocketProtocol()
- : "TLS";
-
- SSLContext ctx = provider == null
- ? SSLContext.getInstance(protocol)
- : SSLContext.getInstance(protocol, provider);
-
- ctx.init(
- tlsClientParameters.getKeyManagers(),
- tlsClientParameters.getTrustManagers(),
- tlsClientParameters.getSecureRandom());
-
- // The "false" argument means opposite of exclude.
- String[] cipherSuites =
- SSLUtils.getCiphersuites(tlsClientParameters.getCipherSuites(),
- SSLUtils.getSupportedCipherSuites(ctx),
-
tlsClientParameters.getCipherSuitesFilter(),
- LOG, false);
-
- connection.setHostnameVerifier(
- new AlwaysTrueHostnameVerifier());
-
- // The SSLSocketFactoryWrapper enables certain cipher suites
- // from the policy.
- connection.setSSLSocketFactory(
- new SSLSocketFactoryWrapper(ctx.getSocketFactory(),
- cipherSuites));
-
+ if (socketFactory == null) {
+ String provider = tlsClientParameters.getJsseProvider();
+
+ String protocol = tlsClientParameters.getSecureSocketProtocol() !=
null
+ ? tlsClientParameters.getSecureSocketProtocol()
+ : "TLS";
+
+ SSLContext ctx = provider == null
+ ? SSLContext.getInstance(protocol)
+ : SSLContext.getInstance(protocol, provider);
+
+ ctx.init(
+ tlsClientParameters.getKeyManagers(),
+ tlsClientParameters.getTrustManagers(),
+ tlsClientParameters.getSecureRandom());
+
+ // The "false" argument means opposite of exclude.
+ String[] cipherSuites =
+ SSLUtils.getCiphersuites(tlsClientParameters.getCipherSuites(),
+
SSLUtils.getSupportedCipherSuites(ctx),
+
tlsClientParameters.getCipherSuitesFilter(),
+ LOG, false);
+ // The SSLSocketFactoryWrapper enables certain cipher suites
+ // from the policy.
+ socketFactory = new SSLSocketFactoryWrapper(ctx.getSocketFactory(),
+ cipherSuites);
+ }
+ connection.setHostnameVerifier(VERIFIER);
+ connection.setSSLSocketFactory(socketFactory);
}
+
/*
* For development and testing only
*/
Modified:
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf
URL:
http://svn.apache.org/viewvc/incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf?rev=568252&r1=568251&r2=568252&view=diff
==============================================================================
---
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf
(original)
+++
incubator/cxf/trunk/systests/src/test/java/org/apache/cxf/systest/http/resources/BethalClientConfig.cxf
Tue Aug 21 13:18:00 2007
@@ -60,7 +60,7 @@
<sec:UserName>Betty</sec:UserName>
<sec:Password>password</sec:Password>
</http:authorization>
- <http:client AutoRedirect="true"/>
+ <http:client AutoRedirect="true" Connection="Keep-Alive"/>
</http:conduit>
