cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 1798afb80 -> 566787ec5 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/566787ec Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/566787ec Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/566787ec Branch: refs/heads/2.7.x-fixes Commit: 566787ec5cc6b9519e575df6434e212ff384c85a Parents: 1798afb Author: Colm O hEigeartaigh Authored: Fri Mar 13 23:18:09 2015 + Committer: Colm O hEigeartaigh Committed: Fri Mar 13 23:18:09 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/566787ec/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 8f66ef3..c41ca79 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -1279,6 +1279,7 @@ B aab6216c1a32ce7f37792066b4dbbbe9ca04b90e B ab1cd2bba38e4209991bd108158a08036f097b5e B ab5e64e0414bcbe0e8a5c5b8575289db816acccb B ab8818b7c15adb227e9e4bfb7ed4293bffcfa3eb +B abe4cba67337556651787d3e14f3ecf472cd7f80 B abe5b35ec859a2bae12c44bb4a7a8f1a118c6cf6 B abfbb35df11021077417e1ac631ed3315c9b625b B ac2f3f8c4f435ee71f5a7bc27f2d934a24628732
cxf git commit: Disable test when unlimited security policies are not installed
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes f5b751cc4 -> abe4cba67
Disable test when unlimited security policies are not installed
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/abe4cba6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/abe4cba6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/abe4cba6
Branch: refs/heads/3.0.x-fixes
Commit: abe4cba67337556651787d3e14f3ecf472cd7f80
Parents: f5b751c
Author: Colm O hEigeartaigh
Authored: Fri Mar 13 23:14:10 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Mar 13 23:14:10 2015 +
--
.../https/ciphersuites/CipherSuitesTest.java| 28
1 file changed, 28 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/abe4cba6/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 3a93002..a0cad91 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -21,6 +21,9 @@ package org.apache.cxf.systest.https.ciphersuites;
import java.net.URL;
+import javax.crypto.Cipher;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
@@ -40,6 +43,27 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
static final String PORT3 = allocatePort(CipherSuitesServer.class, 3);
static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
+private static final boolean UNRESTRICTED_POLICIES_INSTALLED;
+static {
+boolean ok = false;
+try {
+byte[] data = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07};
+
+SecretKey key192 = new SecretKeySpec(
+new byte[] {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17},
+"AES");
+Cipher c = Cipher.getInstance("AES");
+c.init(Cipher.ENCRYPT_MODE, key192);
+c.doFinal(data);
+ok = true;
+} catch (Exception e) {
+//
+}
+UNRESTRICTED_POLICIES_INSTALLED = ok;
+}
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -109,6 +133,10 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
// Both client + server include a specific AES CipherSuite (not via a
filter)
@org.junit.Test
public void testAESIncludedExplicitly() throws Exception {
+
+if (!UNRESTRICTED_POLICIES_INSTALLED) {
+return;
+}
SpringBusFactory bf = new SpringBusFactory();
URL busFile =
CipherSuitesTest.class.getResource("ciphersuites-explicit-client.xml");
cxf git commit: [CXF-6294] - Cannot activate TLSv1.2 cipher suites on client on Java7 - Adding a test
Repository: cxf
Updated Branches:
refs/heads/master d1c7f1f6b -> 08f376bdf
[CXF-6294] - Cannot activate TLSv1.2 cipher suites on client on Java7
- Adding a test
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/08f376bd
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/08f376bd
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/08f376bd
Branch: refs/heads/master
Commit: 08f376bdfd744b99132387076f3fc61167a330ec
Parents: d1c7f1f
Author: Colm O hEigeartaigh
Authored: Fri Mar 13 18:46:23 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Mar 13 18:46:23 2015 +
--
.../https/SSLSocketFactoryWrapper.java | 17 -
.../https/ciphersuites/CipherSuitesTest.java| 25 -
.../ciphersuites/ciphersuites-client-tlsv12.xml | 37
3 files changed, 70 insertions(+), 9 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/08f376bd/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
--
diff --git
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
index 6f58e4a..4e635f0 100644
---
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
+++
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/SSLSocketFactoryWrapper.java
@@ -23,7 +23,6 @@ import java.io.IOException;
import java.net.InetAddress;
import java.net.Socket;
import java.net.UnknownHostException;
-
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Handler;
@@ -97,19 +96,21 @@ class SSLSocketFactoryWrapper extends SSLSocketFactory {
private Socket enableCipherSuites(Socket s, Object[] logParams) {
SSLSocket socket = (SSLSocket)s;
-if ((socket != null) && (ciphers != null)) {
-socket.setEnabledCipherSuites(ciphers);
+if (socket == null) {
+LogUtils.log(LOG, Level.SEVERE,
+ "PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET",
+ logParams);
+return socket;
}
-if ((socket != null) && (protocol != null)) {
+
+if (protocol != null) {
String p[] = findProtocols(protocol,
socket.getSupportedProtocols());
if (p != null) {
socket.setEnabledProtocols(p);
}
}
-if (socket == null) {
-LogUtils.log(LOG, Level.SEVERE,
- "PROBLEM_CREATING_OUTBOUND_REQUEST_SOCKET",
- logParams);
+if (ciphers != null) {
+socket.setEnabledCipherSuites(ciphers);
}
return socket;
http://git-wip-us.apache.org/repos/asf/cxf/blob/08f376bd/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 3a93002..a1002e3 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -414,5 +414,28 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
((java.io.Closeable)port).close();
bus.shutdown(true);
}
-
+
+// Both client + server include AES, client enables a TLS v1.2 CipherSuite
+@org.junit.Test
+public void testAESIncludedTLSv12() throws Exception {
+SpringBusFactory bf = new SpringBusFactory();
+URL busFile =
CipherSuitesTest.class.getResource("ciphersuites-client-tlsv12.xml");
+
+Bus bus = bf.createBus(busFile.toString());
+SpringBusFactory.setDefaultBus(bus);
+SpringBusFactory.setThreadDefaultBus(bus);
+
+URL url = SOAPService.WSDL_LOCATION;
+SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+assertNotNull("Service is null", service);
+final Greeter port = service.getHttpsPort();
+assertNotNull("Port is null", port);
+
+updateAddressPort(port, PORT);
+
+assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+((java.io.Closeable)port).close();
+bus.shutdown(true);
+}
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/08f376bd/systests/transports/src/test/resources/org/apache/c
cxf git commit: Updates to get the new wss4j stuff installed in OSGi. (may not work yet)
Repository: cxf
Updated Branches:
refs/heads/master 99b13f1da -> d1c7f1f6b
Updates to get the new wss4j stuff installed in OSGi. (may not work yet)
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d1c7f1f6
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d1c7f1f6
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d1c7f1f6
Branch: refs/heads/master
Commit: d1c7f1f6be4ce14bd0e99ec9672d9c1957515f35
Parents: 99b13f1
Author: Daniel Kulp
Authored: Fri Mar 13 14:14:32 2015 -0400
Committer: Daniel Kulp
Committed: Fri Mar 13 14:14:53 2015 -0400
--
osgi/karaf/features/src/main/resources/features.xml | 1 +
parent/pom.xml | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/d1c7f1f6/osgi/karaf/features/src/main/resources/features.xml
--
diff --git a/osgi/karaf/features/src/main/resources/features.xml
b/osgi/karaf/features/src/main/resources/features.xml
index 74ca7fa..f7052ff 100644
--- a/osgi/karaf/features/src/main/resources/features.xml
+++ b/osgi/karaf/features/src/main/resources/features.xml
@@ -56,6 +56,7 @@
mvn:joda-time/joda-time/${cxf.joda.time.version}
mvn:commons-codec/commons-codec/${cxf.commons-codec.version}
mvn:org.apache.santuario/xmlsec/${cxf.xmlsec.bundle.version}
+mvn:com.google.guava/guava/${cxf.guava.version}
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.opensaml/${cxf.opensaml.osgi.version}
mvn:org.jvnet.staxex/stax-ex/${cxf.stax-ex.version}
mvn:org.apache.servicemix.bundles/org.apache.servicemix.bundles.saaj-impl/${cxf.saaj-impl.bundle.version}
http://git-wip-us.apache.org/repos/asf/cxf/blob/d1c7f1f6/parent/pom.xml
--
diff --git a/parent/pom.xml b/parent/pom.xml
index bed6fc1..83a9de6 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -81,6 +81,7 @@
10.2.2.0
2.9.0
1.2.13_1
+18.0
1.9.4
4.0.2
[4.0,4.1)
@@ -106,7 +107,7 @@
${cxf.jaxb.version}
${cxf.jaxb.version}
${cxf.jaxb.version}
-2.2
+2.7
1.0
1.3.7
8.1.15.v20140411
@@ -124,7 +125,7 @@
20100527_1
20100527
3.1.0
-3.1.0_1
+3.1.0_1-SNAPSHOT
1.7R2
org.apache.geronimo.specs
geronimo-servlet_3.0_spec
[1/3] cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/2.7.x-fixes 16f466dbe -> 1798afb80 Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/baeea673 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/baeea673 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/baeea673 Branch: refs/heads/2.7.x-fixes Commit: baeea673f2dc70e75b816a6d4beb216c7e8dbe6a Parents: 80cdbd7 Author: Colm O hEigeartaigh Authored: Fri Mar 13 17:23:41 2015 + Committer: Colm O hEigeartaigh Committed: Fri Mar 13 17:23:41 2015 + -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/baeea673/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 75d91ec..8f66ef3 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -2638,6 +2638,7 @@ M f5684767d04676304063edecacf8d72896f1524c M f57a75aa40be9ab959ae1fade89c2803f2a5b45e M f584187d09471f28578854e288a7c7d612ea82bc M f5a82c1c393775334725b9de61b94f492cdd1f2f +M f5b751cc44cde43f9bd776fd1f7504c9b7fc54e3 M f61876836d11eb04b47a647a20e6a1d504e93671 M f678cdd89d1ba6be3b5113743cfa5859806ba99a M f68f775a7b95a268e66ebbc832d1f8a30c9ac240
[3/3] cxf git commit: Fixing merge
Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1798afb8
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1798afb8
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1798afb8
Branch: refs/heads/2.7.x-fixes
Commit: 1798afb80ccc53fd6c76b5352372c5d80f55754d
Parents: baeea67
Author: Colm O hEigeartaigh
Authored: Fri Mar 13 17:26:10 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Mar 13 17:26:10 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 25 +-
.../apache/cxf/configuration/jsse/SSLUtils.java | 742 ---
.../https/ciphersuites/CipherSuitesTest.java| 418 ---
.../ciphersuites-explicit-client.xml| 37 -
.../https/ciphersuites/ciphersuites-server.xml | 117 ---
5 files changed, 14 insertions(+), 1325 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index 81994f8..4b0bee1 100644
--- a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -452,17 +452,21 @@ public final class SSLUtils {
String[] supportedCipherSuites,
FiltersType filters,
Logger log, boolean exclude) {
-String[] cipherSuites = null;
-if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
-cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-return cipherSuites;
-}
+// First check the "include" case only. If we have defined explicit
"cipherSuite"
+// configuration, then just return these. Otherwise see if we have
defined ciphersuites
+// via a system property.
if (!exclude) {
-cipherSuites = getSystemCiphersuites(log);
-if (cipherSuites != null) {
-return cipherSuites;
+if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+return getCiphersFromList(cipherSuitesList, log, exclude);
+} else {
+String[] cipherSuites = getSystemCiphersuites(log);
+if (cipherSuites != null) {
+return cipherSuites;
+}
}
}
+
+// Otherwise check the "include/exclude" cipherSuiteFilter
configuration
LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET");
if (filters == null) {
LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");
@@ -502,11 +506,10 @@ public final class SSLUtils {
"CIPHERSUITES_EXCLUDED",
excludedCipherSuites);
if (exclude) {
-cipherSuites = getCiphersFromList(excludedCipherSuites, log,
exclude);
+return getCiphersFromList(excludedCipherSuites, log, exclude);
} else {
-cipherSuites = getCiphersFromList(filteredCipherSuites, log,
exclude);
+return getCiphersFromList(filteredCipherSuites, log, exclude);
}
-return cipherSuites;
}
private static String[] getSystemCiphersuites(Logger log) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
deleted file mode 100644
index ebae85d..000
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ /dev/null
@@ -1,742 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
[2/3] cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Conflicts:
core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/80cdbd72
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/80cdbd72
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/80cdbd72
Branch: refs/heads/2.7.x-fixes
Commit: 80cdbd72891c028d331bd365398cd8ea2843b1bf
Parents: 16f466d
Author: Colm O hEigeartaigh
Authored: Fri Mar 13 17:16:56 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Mar 13 17:23:41 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 742 +++
.../https/ciphersuites/CipherSuitesTest.java| 418 +++
.../ciphersuites-explicit-client.xml| 37 +
.../https/ciphersuites/ciphersuites-server.xml | 117 +++
4 files changed, 1314 insertions(+)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/80cdbd72/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
new file mode 100644
index 000..ebae85d
--- /dev/null
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -0,0 +1,742 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.configuration.jsse;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.DataInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.lang.reflect.Method;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.common.util.SystemPropertyAction;
+import org.apache.cxf.configuration.security.FiltersType;
+
+
+/**
+ * Holder for utility methods related to manipulating SSL settings, common
+ * to the connection and listener factories (previously duplicated).
+ */
+public final class SSLUtils {
+
+static final String PKCS12_TYPE = "PKCS12";
+
+private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
+private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
+private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
+private static final String CERTIFICATE_FACTORY_TYPE = "X.509";
+
+private static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
+
+private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false;
+private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true;
+
+private static final List DEFAULT_CIPHERSUITE_FILTERS_INCLUDE =
+Arrays.asList(new String[] {".*"});
+/**
+ * By default, exclude NULL, anon, EXPORT, DES ciphersuites
+ */
+private static final List DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE =
+Arrays.asList(new String[] {".*_NULL_.*",
+".*_anon_.*",
+".*_EXPORT_.*",
+".*_DES_.*"});
+
+private static volatile KeyManager[] defaultManagers;
cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Repository: cxf
Updated Branches:
refs/heads/3.0.x-fixes a3d605568 -> f5b751cc4
[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f5b751cc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f5b751cc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f5b751cc
Branch: refs/heads/3.0.x-fixes
Commit: f5b751cc44cde43f9bd776fd1f7504c9b7fc54e3
Parents: a3d6055
Author: Colm O hEigeartaigh
Authored: Fri Mar 13 17:16:56 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Mar 13 17:17:59 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 27 --
.../https/ciphersuites/CipherSuitesTest.java| 27 +-
.../ciphersuites-explicit-client.xml| 37
.../https/ciphersuites/ciphersuites-server.xml | 21 +++
4 files changed, 100 insertions(+), 12 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5b751cc/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index 534c256..ebae85d 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -454,17 +454,23 @@ public final class SSLUtils {
String[] supportedCipherSuites,
FiltersType filters,
Logger log, boolean exclude) {
-String[] cipherSuites = null;
-if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
-cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-return cipherSuites;
-}
+
+// First check the "include" case only. If we have defined explicit
"cipherSuite"
+// configuration, then just return these. Otherwise see if we have
defined ciphersuites
+// via a system property.
if (!exclude) {
-cipherSuites = getSystemCiphersuites(log);
-if (cipherSuites != null) {
-return cipherSuites;
+if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+return getCiphersFromList(cipherSuitesList, log, exclude);
+} else {
+String[] cipherSuites = getSystemCiphersuites(log);
+if (cipherSuites != null) {
+return cipherSuites;
+}
}
}
+
+// Otherwise check the "include/exclude" cipherSuiteFilter
configuration
+
LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET");
if (filters == null) {
LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");
@@ -504,11 +510,10 @@ public final class SSLUtils {
"CIPHERSUITES_EXCLUDED",
excludedCipherSuites);
if (exclude) {
-cipherSuites = getCiphersFromList(excludedCipherSuites, log,
exclude);
+return getCiphersFromList(excludedCipherSuites, log, exclude);
} else {
-cipherSuites = getCiphersFromList(filteredCipherSuites, log,
exclude);
+return getCiphersFromList(filteredCipherSuites, log, exclude);
}
-return cipherSuites;
}
private static String[] getSystemCiphersuites(Logger log) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/f5b751cc/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index f37b1f9..3a93002 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -38,6 +38,7 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
static final String PORT = allocatePort(CipherSuitesServer.class);
static final String PORT2 = allocatePort(CipherSuitesServer.class, 2);
static final String PORT3 = allocatePort(CipherSuitesServer.class, 3);
+static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
@BeforeClass
public static void startServers() throws Exception {
@@ -105,6 +106,30 @@ publi
cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Repository: cxf
Updated Branches:
refs/heads/master dfecaa60e -> 99b13f1da
[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99b13f1d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99b13f1d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99b13f1d
Branch: refs/heads/master
Commit: 99b13f1da6998678d2af2e928e04ebad8e121fa3
Parents: dfecaa6
Author: Colm O hEigeartaigh
Authored: Fri Mar 13 17:16:56 2015 +
Committer: Colm O hEigeartaigh
Committed: Fri Mar 13 17:16:56 2015 +
--
.../apache/cxf/configuration/jsse/SSLUtils.java | 27 --
.../https/ciphersuites/CipherSuitesTest.java| 27 +-
.../ciphersuites-explicit-client.xml| 37
.../https/ciphersuites/ciphersuites-server.xml | 21 +++
4 files changed, 100 insertions(+), 12 deletions(-)
--
http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
--
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index b656820..1023f31 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -430,17 +430,23 @@ public final class SSLUtils {
String[] supportedCipherSuites,
FiltersType filters,
Logger log, boolean exclude) {
-String[] cipherSuites = null;
-if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
-cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-return cipherSuites;
-}
+
+// First check the "include" case only. If we have defined explicit
"cipherSuite"
+// configuration, then just return these. Otherwise see if we have
defined ciphersuites
+// via a system property.
if (!exclude) {
-cipherSuites = getSystemCiphersuites(log);
-if (cipherSuites != null) {
-return cipherSuites;
+if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+return getCiphersFromList(cipherSuitesList, log, exclude);
+} else {
+String[] cipherSuites = getSystemCiphersuites(log);
+if (cipherSuites != null) {
+return cipherSuites;
+}
}
}
+
+// Otherwise check the "include/exclude" cipherSuiteFilter
configuration
+
LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET");
if (filters == null) {
LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");
@@ -480,11 +486,10 @@ public final class SSLUtils {
"CIPHERSUITES_EXCLUDED",
excludedCipherSuites);
if (exclude) {
-cipherSuites = getCiphersFromList(excludedCipherSuites, log,
exclude);
+return getCiphersFromList(excludedCipherSuites, log, exclude);
} else {
-cipherSuites = getCiphersFromList(filteredCipherSuites, log,
exclude);
+return getCiphersFromList(filteredCipherSuites, log, exclude);
}
-return cipherSuites;
}
private static String[] getSystemCiphersuites(Logger log) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
--
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index f37b1f9..3a93002 100644
---
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -38,6 +38,7 @@ public class CipherSuitesTest extends
AbstractBusClientServerTestBase {
static final String PORT = allocatePort(CipherSuitesServer.class);
static final String PORT2 = allocatePort(CipherSuitesServer.class, 2);
static final String PORT3 = allocatePort(CipherSuitesServer.class, 3);
+static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
@BeforeClass
public static void startServers() throws Exception {
@@ -105,6 +106,30 @@ public class Ci
svn commit: r943707 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot Date: Fri Mar 13 15:46:50 2015 New Revision: 943707 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html == --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 15:46:50 2015 @@ -118,14 +118,16 @@ Apache CXF -- JAX-RS JOSE /**/ -IntroductionMaven DependenciesJOSE Overview -JWA AlgorithmsJWK KeysJWS SignatureJSON EncryptionJSON Web Tokens -JOSE JAX-RS FiltersConfigurationOAuth2 and JoseThird-Party Alternatives +/*]]>*/ +IntroductionMaven DependenciesJOSE OverviewJWA AlgorithmsJWK KeysJWS SignatureJSON EncryptionJSON Web TokensLinking JWT authentications to JWS or JWE contentJOSE JAX-RS Filters +JWEJWS +Configuration +Encrypting JWK stores +OAuth2 and JoseOIDC and JoseFuture WorkThird-Party Alternatives IntroductionCXF 3.0.x implements https://datatracker.ietf.org/wg/jose/documents/"; rel="nofollow">JOSE.Maven Dependencies - JOSE OverviewJOSE is a set of high quality specifications that specify how data payloads can be signed and/or encrypted with the cryptographic properties set in JSON-formatted metadata (headers).Note that not only JSON documents but also documents in the arbitrary formats can be secured: text, binary data, even XML. JOSE is a key piece of the advanced OAuth2 applications but is also perfect at securing the regular HTTP web service communications. At the moment two signature and encryption output formats are supported: compact and JSON. Compact format is a concatenation of Base64URL-encoded JOSE headers (where the cryptographic signature or encryption properties are set),Base64URL-encoded payload (in the original form if it is signed, otherwise - encrypted), plus Base64URL-encoded signature of the payload or some of encryption process input or outpu t datasuch as an initialization vector, authentication tag, etc. The JSON (full) format is where all the information describing a signature or encryption process is presented in a not-compact, regular JSON document, offering a non-optimized but easier to understand format.The JSON format also supports multiple signatures when signing the content or multiple content key encryptions when encrypting the content which can be useful when multiple recipients are involved.The signature process also supports the detached body mode where the body to be signed is not included in the actual output - assuming that both the consumer and producer know how to access the original payload in order tovalidate the signature. The following subsections will have the examples with more details.JWA AlgorithmsAll JOSE signature and encryption algorithms are grouped and described in a https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-40"; rel="nofollow">JSON Web Algorithms (JWA) specification.The algorithms are split into 3 categories: signature algorithms (MAC, RSA, Elliptic Curve), algorithms for supporting the encryption of content encryption keys (RSA-OAEP, Key Wrap, etc),algorithms for encrypting the actual content (AES GCM, etc).All encryption algorithms produce authentication tags which provides the protection against manipulating the already encrypted content.Refer to this specification to get all the information needed (with the follow up links to the corresponding RFC when applicable) about a particular signature or encryptionalgorithm: the properties, recommended key sizes, other security considerations related to all of or some specific algorithms.CXF offers the initial utility support for working with JWA algorithms in https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=tree;f=rt/rs/security/jose/src/main/java/org/apache/cxf/rs/security/jose/jwa;h=c2b9c5466de8f4b3ad1ea9270c1bc00f07fce862;hb=HEAD";>this package.JWK Keys https://tools.ietf.org/html/draft-ietf-jose-json-web-key-41"; rel="nofollow">Json Web Key (JWK) is a JSON document describing the cryptographic key properties. JWKs ar
svn commit: r943700 - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-jose.html
Author: buildbot Date: Fri Mar 13 14:46:58 2015 New Revision: 943700 Log: Production update by buildbot for cxf Modified: websites/production/cxf/content/cache/docs.pageCache websites/production/cxf/content/docs/jax-rs-jose.html Modified: websites/production/cxf/content/cache/docs.pageCache == Binary files - no diff available. Modified: websites/production/cxf/content/docs/jax-rs-jose.html == --- websites/production/cxf/content/docs/jax-rs-jose.html (original) +++ websites/production/cxf/content/docs/jax-rs-jose.html Fri Mar 13 14:46:58 2015 @@ -32,6 +32,7 @@ + SyntaxHighlighter.defaults['toolbar'] = false; @@ -117,22 +118,46 @@ Apache CXF -- JAX-RS JOSE
+/*]]>*/+
- Introduction
- Maven Dependencies
- JOSE Overview -
- JAX-RS Jose Filters
- OAuth2 and Jose
- Third-Party Alternatives
JOSE JAX-RS Filters Configuration OAuth2 and Jose Third-Party Alternatives Introduction
CXF 3.0.x implements https://datatracker.ietf.org/wg/jose/documents/"; rel="nofollow">JOSE.
Maven Dependencies