buildbot success in ASF Buildbot on cxf-site-production
The Buildbot has detected a restored build on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4627 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: Build succeeded! Sincerely, -The Buildbot
buildbot failure in ASF Buildbot on cxf-site-production
The Buildbot has detected a new failure on builder cxf-site-production while building ASF Buildbot. Full details are available at: http://ci.apache.org/builders/cxf-site-production/builds/4626 Buildbot URL: http://ci.apache.org/ Buildslave for this Build: bb-cms-slave Build Reason: The Nightly scheduler named 'cxf-site-production' triggered this build Build Source Stamp: [branch cxf/web] HEAD Blamelist: BUILD FAILED: failed compile Sincerely, -The Buildbot
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 2fccfdcdb -> b4bfa886e Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/b4bfa886 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/b4bfa886 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/b4bfa886 Branch: refs/heads/3.1.x-fixes Commit: b4bfa886ee80b681b09eb578c69a03a43ea964e2 Parents: 2fccfdc Author: Alessio Soldano Authored: Fri Jan 8 23:30:02 2016 +0100 Committer: Alessio Soldano Committed: Fri Jan 8 23:30:02 2016 +0100 -- .gitmergeinfo | 1 + 1 file changed, 1 insertion(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/b4bfa886/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index b6394a2..436297c 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -15,4 +15,5 @@ B f0e08b7bea2660542e18294d490e68c7b14aaa4b B f1b56150d6520e73d2ade2296c3b2f13839e63e5 B f94e1dd9b2a8d27ec5a27bfb7c026e3ae2350e39 B fb30f8bffc85fcc3208fcc0e1eda4b54a89b5d37 +M 0222768baf6b60742c4a8332308edf2be0f4a2e4 M 8583a24ac541dc373503d7a6c59cd90890acdae3
cxf git commit: [CXF-6739] Refactor to reduce memory pressure in org.apache.cxf.attachment.AttachmentDeserializer: * reset and reuse the same StringBuilder for fetching each line from the message inpu
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 785994070 -> 2fccfdcdb [CXF-6739] Refactor to reduce memory pressure in org.apache.cxf.attachment.AttachmentDeserializer: * reset and reuse the same StringBuilder for fetching each line from the message input stream, instead of allocating a new one (using 128 bytes) every time * avoid the ArrayList intermediate model and directly convert the StringBuilder into entries for the resulting TreeMap object * remove part of the special treatment of lines strating with spaces, as with the existing code there's no way such a line could be added to the headerLines list while the buffer is empty unless it's the first line from the stream (which means the headerLines will be empty and hence there's no need to worry about appending it to the previous one). Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2fccfdcd Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2fccfdcd Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2fccfdcd Branch: refs/heads/3.1.x-fixes Commit: 2fccfdcdbcd3a8bb8ea740eda499b48b74dbaf65 Parents: 7859940 Author: Alessio Soldano Authored: Fri Jan 8 13:31:40 2016 +0100 Committer: Alessio Soldano Committed: Fri Jan 8 23:27:37 2016 +0100 -- .../cxf/attachment/AttachmentDeserializer.java | 109 +++ 1 file changed, 42 insertions(+), 67 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/2fccfdcd/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java -- diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java b/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java index 8d54660..e8dd326 100644 --- a/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java +++ b/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java @@ -312,73 +312,41 @@ public class AttachmentDeserializer { private Map> loadPartHeaders(InputStream in) throws IOException { -List headerLines = new ArrayList(10); StringBuilder buffer = new StringBuilder(128); -String line; +StringBuilder b = new StringBuilder(128); +Map> heads = new TreeMap>(String.CASE_INSENSITIVE_ORDER); // loop until we hit the end or a null line -while ((line = readLine(in)) != null) { +while (readLine(in, b)) { // lines beginning with white space get special handling -if (line.startsWith(" ") || line.startsWith("\t")) { -// this gets handled using the logic defined by -// the addHeaderLine method. If this line is a continuation, but -// there's nothing before it, just call addHeaderLine to add it -// to the last header in the headers list -if (buffer.length() == 0) { -addHeaderLine(headerLines, line); -} else { +char c = b.charAt(0); +if (c == ' ' || c == '\t') { +if (buffer.length() != 0) { // preserve the line break and append the continuation buffer.append("\r\n"); -buffer.append(line); +buffer.append(b); } } else { // if we have a line pending in the buffer, flush it if (buffer.length() > 0) { -addHeaderLine(headerLines, buffer.toString()); +addHeaderLine(heads, buffer); buffer.setLength(0); } // add this to the accumulator -buffer.append(line); +buffer.append(b); } } // if we have a line pending in the buffer, flush it if (buffer.length() > 0) { -addHeaderLine(headerLines, buffer.toString()); -} -Map> heads = new TreeMap>(String.CASE_INSENSITIVE_ORDER); -for (String h: headerLines) { -int separator = h.indexOf(':'); -String name = null; -String value = ""; -if (separator == -1) { -name = h.trim(); -} else { -name = h.substring(0, separator); -// step past the separator. Now we need to remove any leading white space characters. -separator++; - -while (separator < h.length()) { -char ch = h.charAt(separator); -if (ch != ' ' && ch != '\t' && ch != '\r' && ch != '\n') { -break; -} -separator++; -} -value = h.substr
cxf git commit: [CXF-6739] Refactor to reduce memory pressure in org.apache.cxf.attachment.AttachmentDeserializer: * reset and reuse the same StringBuilder for fetching each line from the message inpu
Repository: cxf Updated Branches: refs/heads/master 8be09c80a -> 0222768ba [CXF-6739] Refactor to reduce memory pressure in org.apache.cxf.attachment.AttachmentDeserializer: * reset and reuse the same StringBuilder for fetching each line from the message input stream, instead of allocating a new one (using 128 bytes) every time * avoid the ArrayList intermediate model and directly convert the StringBuilder into entries for the resulting TreeMap object * remove part of the special treatment of lines strating with spaces, as with the existing code there's no way such a line could be added to the headerLines list while the buffer is empty unless it's the first line from the stream (which means the headerLines will be empty and hence there's no need to worry about appending it to the previous one). Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/0222768b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/0222768b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/0222768b Branch: refs/heads/master Commit: 0222768baf6b60742c4a8332308edf2be0f4a2e4 Parents: 8be09c8 Author: Alessio Soldano Authored: Fri Jan 8 13:31:40 2016 +0100 Committer: Alessio Soldano Committed: Fri Jan 8 22:32:06 2016 +0100 -- .../cxf/attachment/AttachmentDeserializer.java | 109 +++ 1 file changed, 42 insertions(+), 67 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/0222768b/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java -- diff --git a/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java b/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java index 8d54660..e8dd326 100644 --- a/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java +++ b/core/src/main/java/org/apache/cxf/attachment/AttachmentDeserializer.java @@ -312,73 +312,41 @@ public class AttachmentDeserializer { private Map> loadPartHeaders(InputStream in) throws IOException { -List headerLines = new ArrayList(10); StringBuilder buffer = new StringBuilder(128); -String line; +StringBuilder b = new StringBuilder(128); +Map> heads = new TreeMap>(String.CASE_INSENSITIVE_ORDER); // loop until we hit the end or a null line -while ((line = readLine(in)) != null) { +while (readLine(in, b)) { // lines beginning with white space get special handling -if (line.startsWith(" ") || line.startsWith("\t")) { -// this gets handled using the logic defined by -// the addHeaderLine method. If this line is a continuation, but -// there's nothing before it, just call addHeaderLine to add it -// to the last header in the headers list -if (buffer.length() == 0) { -addHeaderLine(headerLines, line); -} else { +char c = b.charAt(0); +if (c == ' ' || c == '\t') { +if (buffer.length() != 0) { // preserve the line break and append the continuation buffer.append("\r\n"); -buffer.append(line); +buffer.append(b); } } else { // if we have a line pending in the buffer, flush it if (buffer.length() > 0) { -addHeaderLine(headerLines, buffer.toString()); +addHeaderLine(heads, buffer); buffer.setLength(0); } // add this to the accumulator -buffer.append(line); +buffer.append(b); } } // if we have a line pending in the buffer, flush it if (buffer.length() > 0) { -addHeaderLine(headerLines, buffer.toString()); -} -Map> heads = new TreeMap>(String.CASE_INSENSITIVE_ORDER); -for (String h: headerLines) { -int separator = h.indexOf(':'); -String name = null; -String value = ""; -if (separator == -1) { -name = h.trim(); -} else { -name = h.substring(0, separator); -// step past the separator. Now we need to remove any leading white space characters. -separator++; - -while (separator < h.length()) { -char ch = h.charAt(separator); -if (ch != ' ' && ch != '\t' && ch != '\r' && ch != '\n') { -break; -} -separator++; -} -value = h.substring(separa
[1/2] cxf git commit: Updating HostnameVerifier as per recent changes in httpclient
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 5c8e6c86e -> 6cdfe4bab Updating HostnameVerifier as per recent changes in httpclient Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99276baf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99276baf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99276baf Branch: refs/heads/3.0.x-fixes Commit: 99276baf0a2e6f8aaa08586d21ed905c5cce574e Parents: 5c8e6c8 Author: Colm O hEigeartaigh Authored: Fri Jan 8 16:48:43 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 16:50:15 2016 + -- .../httpclient/DefaultHostnameVerifier.java | 71 ++--- .../transport/https/httpclient/DomainType.java | 37 +++ .../https/httpclient/PublicSuffixList.java | 11 +- .../httpclient/PublicSuffixListParser.java | 105 ++- .../https/httpclient/PublicSuffixMatcher.java | 99 ++--- .../httpclient/DefaultHostnameVerifierTest.java | 14 ++- 6 files changed, 254 insertions(+), 83 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/99276baf/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java index 8fb067f..5d3287c 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java @@ -58,6 +58,8 @@ import org.apache.cxf.common.logging.LogUtils; */ public final class DefaultHostnameVerifier implements HostnameVerifier { +enum TYPE { IPv4, IPv6, DNS }; + static final int DNS_NAME_TYPE = 2; static final int IP_ADDRESS_TYPE = 7; @@ -90,16 +92,29 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { public void verify( final String host, final X509Certificate cert) throws SSLException { -final boolean ipv4 = InetAddressUtils.isIPv4Address(host); -final boolean ipv6 = InetAddressUtils.isIPv6Address(host); -final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; +TYPE hostFormat = TYPE.DNS; +if (InetAddressUtils.isIPv4Address(host)) { +hostFormat = TYPE.IPv4; +} else { +String s = host; +if (s.startsWith("[") && s.endsWith("]")) { +s = host.substring(1, host.length() - 1); +} +if (InetAddressUtils.isIPv6Address(s)) { +hostFormat = TYPE.IPv6; +} +} +final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { -if (ipv4) { +switch (hostFormat) { +case IPv4: matchIPAddress(host, subjectAlts); -} else if (ipv6) { +break; +case IPv6: matchIPv6Address(host, subjectAlts); -} else { +break; +default: matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { @@ -108,7 +123,7 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { -throw new SSLException("Certificate subject for <" + host + "> doesn't contain " +throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); @@ -160,35 +175,23 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { + "common name of the certificate subject: " + cn); } } + +static boolean matchDomainRoot(final String host, final String domainRoot) { +if (domainRoot == null) { +return false; +} +return host.endsWith(domainRoot) && (host.length() == domainRoot.length() +|| host.charAt(host.length() - domainRoot.length() - 1) == '.'); +} private static boolean matchIdentity(final Stri
[2/2] cxf git commit: Fixing merge
Fixing merge Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6cdfe4ba Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6cdfe4ba Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6cdfe4ba Branch: refs/heads/3.0.x-fixes Commit: 6cdfe4babfd9f8bd066f8d39ed0049001ac2fd0d Parents: 99276ba Author: Colm O hEigeartaigh Authored: Fri Jan 8 16:53:42 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 16:53:42 2016 + -- .../https/httpclient/PublicSuffixListParser.java | 10 +- .../https/httpclient/DefaultHostnameVerifierTest.java | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6cdfe4ba/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java index 5c4df13..2e1c124 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/PublicSuffixListParser.java @@ -52,8 +52,8 @@ public final class PublicSuffixListParser { * @throws java.io.IOException on error while reading from list */ public PublicSuffixList parse(final Reader reader) throws IOException { -final List rules = new ArrayList<>(); -final List exceptions = new ArrayList<>(); +final List rules = new ArrayList(); +final List exceptions = new ArrayList(); final BufferedReader r = new BufferedReader(reader); String line; @@ -94,7 +94,7 @@ public final class PublicSuffixListParser { * @since 4.5 */ public List parseByType(final Reader reader) throws IOException { -final List result = new ArrayList<>(2); +final List result = new ArrayList(2); final BufferedReader r = new BufferedReader(reader); @@ -142,12 +142,12 @@ public final class PublicSuffixListParser { if (isException) { if (exceptions == null) { -exceptions = new ArrayList<>(); +exceptions = new ArrayList(); } exceptions.add(line); } else { if (rules == null) { -rules = new ArrayList<>(); +rules = new ArrayList(); } rules.add(line); } http://git-wip-us.apache.org/repos/asf/cxf/blob/6cdfe4ba/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java -- diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java index 3ec14d1..b16dbfa 100644 --- a/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java +++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifierTest.java @@ -50,7 +50,7 @@ public class DefaultHostnameVerifierTest { private DefaultHostnameVerifier implWithPublicSuffixCheck; @Before -public void setup() { +public void setUp() { impl = new DefaultHostnameVerifier(); publicSuffixMatcher = new PublicSuffixMatcher(DomainType.ICANN, Arrays.asList("com", "co.jp", "gov.uk"), null); implWithPublicSuffixCheck = new DefaultHostnameVerifier(publicSuffixMatcher);
cxf git commit: Updating HostnameVerifier as per recent changes in httpclient
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 69b2098d6 -> 785994070 Updating HostnameVerifier as per recent changes in httpclient Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/78599407 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/78599407 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/78599407 Branch: refs/heads/3.1.x-fixes Commit: 7859940700f57e2624eafacbe6218a0053d34c78 Parents: 69b2098 Author: Colm O hEigeartaigh Authored: Fri Jan 8 16:48:43 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 16:49:22 2016 + -- .../httpclient/DefaultHostnameVerifier.java | 71 ++--- .../transport/https/httpclient/DomainType.java | 37 +++ .../https/httpclient/PublicSuffixList.java | 11 +- .../httpclient/PublicSuffixListParser.java | 105 ++- .../https/httpclient/PublicSuffixMatcher.java | 99 ++--- .../httpclient/DefaultHostnameVerifierTest.java | 14 ++- 6 files changed, 254 insertions(+), 83 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/78599407/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java index 8fb067f..5d3287c 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java @@ -58,6 +58,8 @@ import org.apache.cxf.common.logging.LogUtils; */ public final class DefaultHostnameVerifier implements HostnameVerifier { +enum TYPE { IPv4, IPv6, DNS }; + static final int DNS_NAME_TYPE = 2; static final int IP_ADDRESS_TYPE = 7; @@ -90,16 +92,29 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { public void verify( final String host, final X509Certificate cert) throws SSLException { -final boolean ipv4 = InetAddressUtils.isIPv4Address(host); -final boolean ipv6 = InetAddressUtils.isIPv6Address(host); -final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; +TYPE hostFormat = TYPE.DNS; +if (InetAddressUtils.isIPv4Address(host)) { +hostFormat = TYPE.IPv4; +} else { +String s = host; +if (s.startsWith("[") && s.endsWith("]")) { +s = host.substring(1, host.length() - 1); +} +if (InetAddressUtils.isIPv6Address(s)) { +hostFormat = TYPE.IPv6; +} +} +final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { -if (ipv4) { +switch (hostFormat) { +case IPv4: matchIPAddress(host, subjectAlts); -} else if (ipv6) { +break; +case IPv6: matchIPv6Address(host, subjectAlts); -} else { +break; +default: matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { @@ -108,7 +123,7 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { -throw new SSLException("Certificate subject for <" + host + "> doesn't contain " +throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); @@ -160,35 +175,23 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { + "common name of the certificate subject: " + cn); } } + +static boolean matchDomainRoot(final String host, final String domainRoot) { +if (domainRoot == null) { +return false; +} +return host.endsWith(domainRoot) && (host.length() == domainRoot.length() +|| host.charAt(host.length() - domainRoot.length() - 1) == '.'); +} private static boolean matchIdentity(final Stri
cxf git commit: Updating HostnameVerifier as per recent changes in httpclient
Repository: cxf Updated Branches: refs/heads/master 9754ca7ba -> 8be09c80a Updating HostnameVerifier as per recent changes in httpclient Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8be09c80 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8be09c80 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8be09c80 Branch: refs/heads/master Commit: 8be09c80a4a57d05b20be80b7ce04dbd3f19ea53 Parents: 9754ca7 Author: Colm O hEigeartaigh Authored: Fri Jan 8 16:48:43 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 16:48:43 2016 + -- .../httpclient/DefaultHostnameVerifier.java | 71 ++--- .../transport/https/httpclient/DomainType.java | 37 +++ .../https/httpclient/PublicSuffixList.java | 11 +- .../httpclient/PublicSuffixListParser.java | 105 ++- .../https/httpclient/PublicSuffixMatcher.java | 99 ++--- .../httpclient/DefaultHostnameVerifierTest.java | 14 ++- 6 files changed, 254 insertions(+), 83 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/8be09c80/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java index 8fb067f..5d3287c 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java @@ -58,6 +58,8 @@ import org.apache.cxf.common.logging.LogUtils; */ public final class DefaultHostnameVerifier implements HostnameVerifier { +enum TYPE { IPv4, IPv6, DNS }; + static final int DNS_NAME_TYPE = 2; static final int IP_ADDRESS_TYPE = 7; @@ -90,16 +92,29 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { public void verify( final String host, final X509Certificate cert) throws SSLException { -final boolean ipv4 = InetAddressUtils.isIPv4Address(host); -final boolean ipv6 = InetAddressUtils.isIPv6Address(host); -final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; +TYPE hostFormat = TYPE.DNS; +if (InetAddressUtils.isIPv4Address(host)) { +hostFormat = TYPE.IPv4; +} else { +String s = host; +if (s.startsWith("[") && s.endsWith("]")) { +s = host.substring(1, host.length() - 1); +} +if (InetAddressUtils.isIPv6Address(s)) { +hostFormat = TYPE.IPv6; +} +} +final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { -if (ipv4) { +switch (hostFormat) { +case IPv4: matchIPAddress(host, subjectAlts); -} else if (ipv6) { +break; +case IPv6: matchIPv6Address(host, subjectAlts); -} else { +break; +default: matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { @@ -108,7 +123,7 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { -throw new SSLException("Certificate subject for <" + host + "> doesn't contain " +throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); @@ -160,35 +175,23 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { + "common name of the certificate subject: " + cn); } } + +static boolean matchDomainRoot(final String host, final String domainRoot) { +if (domainRoot == null) { +return false; +} +return host.endsWith(domainRoot) && (host.length() == domainRoot.length() +|| host.charAt(host.length() - domainRoot.length() - 1) == '.'); +} private static boolean matchIdentity(final String host, f
cxf git commit: Recording .gitmergeinfo Changes
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 9c8d92890 -> 5c8e6c86e Recording .gitmergeinfo Changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5c8e6c86 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5c8e6c86 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5c8e6c86 Branch: refs/heads/3.0.x-fixes Commit: 5c8e6c86eb9f34bf0355ba62d1449d7e8ad591b7 Parents: 9c8d928 Author: Colm O hEigeartaigh Authored: Fri Jan 8 13:45:16 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 13:45:16 2016 + -- .gitmergeinfo | 2 ++ 1 file changed, 2 insertions(+) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/5c8e6c86/.gitmergeinfo -- diff --git a/.gitmergeinfo b/.gitmergeinfo index 7c8a413..4b39755 100644 --- a/.gitmergeinfo +++ b/.gitmergeinfo @@ -242,6 +242,7 @@ B 69176e3dd7c69901d03f6d93bb365df784f06525 B 698227f4a2a9341e2d4de2de6a7d827f1958fd90 B 698cd0483b99f9638ce05557e1137ffce86d4185 B 6994a35eaf0a71dc392dcb094a6f418ef37a12f4 +B 69b2098d6e3bc83e26b614c5766b808f6d23f108 B 6a328a5c03cf04330293221fb1bb44173afa790f B 6a778890e91542ce0f8b92c6bbf3c3d403fa7aaa B 6a77cd049fc39bfd27dfe364fc7c1970e58cc455 @@ -481,6 +482,7 @@ B d021b9041e00518099947274455b2027326a3c7c B d04f83cecea57d92052f3bf1f4eea7f4adfac6c6 B d0c5c3defab6dbb9619f8fd291f2e06b685cb03c B d1c7f1f6be4ce14bd0e99ec9672d9c1957515f35 +B d2ee79c9371fa23ecd8e2a3a0d907c3256466f28 B d391d9371d8505c7774308c4fbbb9bc57ffd34a6 B d3e9295d3acfe3c970a325bbbafdba83a0d6e83c B d3ea067659eb3f765df0bee6ce7b4abb55f76ab5
[2/2] cxf git commit: Minor changes
Minor changes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/69b2098d Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/69b2098d Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/69b2098d Branch: refs/heads/3.1.x-fixes Commit: 69b2098d6e3bc83e26b614c5766b808f6d23f108 Parents: d2ee79c Author: Colm O hEigeartaigh Authored: Fri Jan 8 13:44:12 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 13:44:12 2016 + -- .../wss4j/policyhandlers/AsymmetricBindingHandler.java | 8 .../cxf/systest/sts/asymmetric/AsymmetricBindingTest.java| 2 ++ 2 files changed, 6 insertions(+), 4 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/69b2098d/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 564cece..d16b521 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -19,7 +19,6 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; -import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; @@ -479,13 +478,14 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (!isRequestor() && securityToken != null && securityToken.getX509Certificate() != null) { encr.setUseThisCert(securityToken.getX509Certificate()); -} else if (!isRequestor() && securityToken != null +} else { /* TODO when WSS4J 2.1.5 is released else if (!isRequestor() && securityToken != null && securityToken.getKey() instanceof PublicKey) { encr.setUseThisPublicKey((PublicKey)securityToken.getKey()); -} else { +} */ setEncryptionUser(encr, encrToken, false, crypto); } -if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) { +if (!encr.isCertSet() // TODO when WSS4J 2.1.5 is released&& encr.getUseThisPublicKey() == null +&& crypto == null) { unassertPolicy(recToken, "Missing security configuration. " + "Make sure jaxws:client element is configured " + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value."); http://git-wip-us.apache.org/repos/asf/cxf/blob/69b2098d/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java index cb4627c..68eaec5 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java @@ -177,7 +177,9 @@ public class AsymmetricBindingTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } +// TODO enable when WSS4J 2.1.5 is released, and some stuff in the AsymmetricBindingHandler @org.junit.Test +@org.junit.Ignore public void testUsernameTokenSAML2KeyValue() throws Exception { // TODO if (test.isStreaming() || STAX_PORT.equals(test.getPort())) {
[1/2] cxf git commit: Support referencing a SAML PublicKey with the Asymmetric Binding + KeyValue
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 4e68076d7 -> 69b2098d6 Support referencing a SAML PublicKey with the Asymmetric Binding + KeyValue Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d2ee79c9 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d2ee79c9 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d2ee79c9 Branch: refs/heads/3.1.x-fixes Commit: d2ee79c9371fa23ecd8e2a3a0d907c3256466f28 Parents: 4e68076 Author: Colm O hEigeartaigh Authored: Fri Jan 8 12:14:17 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 13:38:31 2016 + -- .../AsymmetricBindingHandler.java | 6 +++- .../IssuedTokenPolicyValidator.java | 3 ++ .../sts/asymmetric/AsymmetricBindingTest.java | 35 +++- .../cxf/systest/sts/asymmetric/DoubleIt.wsdl| 3 ++ .../cxf/systest/sts/asymmetric/cxf-client.xml | 30 + .../cxf/systest/sts/asymmetric/cxf-service.xml | 7 .../systest/sts/asymmetric/cxf-stax-service.xml | 8 + 7 files changed, 90 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d2ee79c9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 2508447..564cece 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -19,6 +19,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; +import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; @@ -478,10 +479,13 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (!isRequestor() && securityToken != null && securityToken.getX509Certificate() != null) { encr.setUseThisCert(securityToken.getX509Certificate()); +} else if (!isRequestor() && securityToken != null +&& securityToken.getKey() instanceof PublicKey) { + encr.setUseThisPublicKey((PublicKey)securityToken.getKey()); } else { setEncryptionUser(encr, encrToken, false, crypto); } -if (!encr.isCertSet() && crypto == null) { +if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) { unassertPolicy(recToken, "Missing security configuration. " + "Make sure jaxws:client element is configured " + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value."); http://git-wip-us.apache.org/repos/asf/cxf/blob/d2ee79c9/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java index 73f3f29..c2c21f2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java @@ -270,6 +270,9 @@ public class IssuedTokenPolicyValidator extends AbstractSamlPolicyValidator { if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } +if (subjectKeyInfo.getPublicKey() != null) { +token.setKey(subjectKeyInfo.getPublicKey()); +} } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); http://git-wip-us.apache.org/repos/asf/cxf/blob/d2ee79c9/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cx
cxf git commit: Support referencing a SAML PublicKey with the Asymmetric Binding + KeyValue
Repository: cxf Updated Branches: refs/heads/master 8a4e85b24 -> 9754ca7ba Support referencing a SAML PublicKey with the Asymmetric Binding + KeyValue Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/9754ca7b Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/9754ca7b Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/9754ca7b Branch: refs/heads/master Commit: 9754ca7bab38fc8e73df276488ff63295fcb2b82 Parents: 8a4e85b Author: Colm O hEigeartaigh Authored: Fri Jan 8 12:14:17 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 12:14:17 2016 + -- .../AsymmetricBindingHandler.java | 6 +++- .../IssuedTokenPolicyValidator.java | 3 ++ .../sts/asymmetric/AsymmetricBindingTest.java | 35 +++- .../cxf/systest/sts/asymmetric/DoubleIt.wsdl| 3 ++ .../cxf/systest/sts/asymmetric/cxf-client.xml | 30 + .../cxf/systest/sts/asymmetric/cxf-service.xml | 7 .../systest/sts/asymmetric/cxf-stax-service.xml | 8 + 7 files changed, 90 insertions(+), 2 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java index 2508447..564cece 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.java @@ -19,6 +19,7 @@ package org.apache.cxf.ws.security.wss4j.policyhandlers; +import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collection; @@ -478,10 +479,13 @@ public class AsymmetricBindingHandler extends AbstractBindingBuilder { if (!isRequestor() && securityToken != null && securityToken.getX509Certificate() != null) { encr.setUseThisCert(securityToken.getX509Certificate()); +} else if (!isRequestor() && securityToken != null +&& securityToken.getKey() instanceof PublicKey) { + encr.setUseThisPublicKey((PublicKey)securityToken.getKey()); } else { setEncryptionUser(encr, encrToken, false, crypto); } -if (!encr.isCertSet() && crypto == null) { +if (!encr.isCertSet() && encr.getUseThisPublicKey() == null && crypto == null) { unassertPolicy(recToken, "Missing security configuration. " + "Make sure jaxws:client element is configured " + "with a " + SecurityConstants.ENCRYPT_PROPERTIES + " value."); http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java -- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java index 73f3f29..c2c21f2 100644 --- a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/wss4j/policyvalidators/IssuedTokenPolicyValidator.java @@ -270,6 +270,9 @@ public class IssuedTokenPolicyValidator extends AbstractSamlPolicyValidator { if (certs != null && certs.length > 0) { token.setX509Certificate(certs[0], null); } +if (subjectKeyInfo.getPublicKey() != null) { +token.setKey(subjectKeyInfo.getPublicKey()); +} } if (assertionWrapper.getSaml1() != null) { token.setTokenType(WSConstants.WSS_SAML_TOKEN_TYPE); http://git-wip-us.apache.org/repos/asf/cxf/blob/9754ca7b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java -- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/asymmetric/AsymmetricBindingTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/