[1/2] cxf git commit: [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password

2017-06-13 Thread ffang 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 8341f4e08 -> 23408fdbb


[CXF-7401]CXF http-jetty fails to get private key if the jks keystore file 
contains multiple private keys with different password

(cherry picked from commit e877d30982ae970738495160090a8e948f33c199)
(cherry picked from commit a11b4b530f18d5d87e9bca3d7b2f6a71bcf0d00c)


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f4955276
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f4955276
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f4955276

Branch: refs/heads/3.0.x-fixes
Commit: f49552767f77e1510d3abd24ab243d9693ed45c1
Parents: 8341f4e
Author: Freeman Fang 
Authored: Tue Jun 13 16:36:37 2017 +0800
Committer: Freeman Fang 
Committed: Wed Jun 14 10:45:42 2017 +0800

--
 .../jsse/MultiKeyPasswordKeyManager.java|  83 +++
 .../jsse/TLSClientParametersConfig.java |  10 ++-
 .../jsse/TLSParameterJaxBUtils.java |  36 
 .../jsse/TLSServerParametersConfig.java |  10 ++-
 .../cxf/systest/https/conduit/jaxws-server.xml  |   8 +-
 .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes
 6 files changed, 139 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/f4955276/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
--
diff --git 
a/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
 
b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
new file mode 100644
index 000..c6dcbc9
--- /dev/null
+++ 
b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.configuration.jsse;
+
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509KeyManager;
+
+public class MultiKeyPasswordKeyManager implements X509KeyManager {
+private final KeyStore mKeyStore;
+private final String mKeyAlias;
+private final String mKeyPassword;
+
+public MultiKeyPasswordKeyManager(KeyStore keystore, String keyAlias, 
String keyPassword) {
+mKeyStore = keystore;
+mKeyAlias = keyAlias;
+mKeyPassword = keyPassword;
+}
+
+public String[] getClientAliases(String keyType, Principal[] issuers) {
+return new String[] {
+mKeyAlias
+};
+}
+
+public String[] getServerAliases(String keyType, Principal[] issuers) {
+return new String[] {
+mKeyAlias
+};
+}
+public X509Certificate[] getCertificateChain(String alias) {
+Certificate[] chain = null;
+try {
+chain = mKeyStore.getCertificateChain(alias);
+} catch (KeyStoreException kse) {
+throw new RuntimeException(kse);
+}
+final X509Certificate[] certChain = new X509Certificate[chain.length];
+for (int i = 0; i < chain.length; i++) {
+certChain[i] = (X509Certificate)chain[i];
+}
+return certChain;
+}
+
+public PrivateKey getPrivateKey(String alias) {
+try {
+return (PrivateKey)mKeyStore.getKey(alias, 
mKeyPassword.toCharArray());
+} catch (GeneralSecurityException gse) {
+throw new RuntimeException(gse);
+}
+}
+
+public String chooseClientAlias(String[] keyType, Principal[] issuers, 
Socket socket) {
+return mKeyAlias;
+}
+
+public String chooseServerAlias(String keyType, Principal[] issuers, 
Socket socket) {
+return mKeyAlias;
+}
+
+}

[2/2] cxf git commit: resolve cherry-pick conflicts

2017-06-13 Thread ffang 
resolve cherry-pick conflicts


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/23408fdb
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/23408fdb
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/23408fdb

Branch: refs/heads/3.0.x-fixes
Commit: 23408fdbbd30dc1836d60c72bf93ffb215504cdd
Parents: f495527
Author: Freeman Fang 
Authored: Wed Jun 14 12:42:09 2017 +0800
Committer: Freeman Fang 
Committed: Wed Jun 14 12:42:09 2017 +0800

--
 .../configuration/jsse/TLSParameterJaxBUtils.java   |   7 ---
 .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes
 testutils/src/test/resources/keys/MultipleKeys.jks  | Bin 4391 -> 0 bytes
 3 files changed, 4 insertions(+), 3 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/23408fdb/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
--
diff --git 
a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
 
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
index 18b0228..cdb4a9e 100644
--- 
a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
+++ 
b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java
@@ -293,19 +293,20 @@ public final class TLSParameterJaxBUtils {
 throws GeneralSecurityException,
IOException {
 
-KeyStore keyStore = getKeyStore(kmc.getKeyStore(), false);
+KeyStore keyStore = getKeyStore(kmc.getKeyStore());
 
 String alg = kmc.isSetFactoryAlgorithm()
  ? kmc.getFactoryAlgorithm()
  : KeyManagerFactory.getDefaultAlgorithm();
 
-char[] keyPass = getKeyPassword(kmc);
+char[] keyPass = kmc.isSetKeyPassword()
+ ? deobfuscate(kmc.getKeyPassword())
+ : null;
 
 KeyManagerFactory fac =
  kmc.isSetProvider()
  ? KeyManagerFactory.getInstance(alg, kmc.getProvider())
  : KeyManagerFactory.getInstance(alg);
- 
 try { 
 fac.init(keyStore, keyPass);
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/23408fdb/systests/transports/src/test/resources/keys/MultipleKeys.jks
--
diff --git a/systests/transports/src/test/resources/keys/MultipleKeys.jks 
b/systests/transports/src/test/resources/keys/MultipleKeys.jks
new file mode 100644
index 000..9e6c477
Binary files /dev/null and 
b/systests/transports/src/test/resources/keys/MultipleKeys.jks differ

http://git-wip-us.apache.org/repos/asf/cxf/blob/23408fdb/testutils/src/test/resources/keys/MultipleKeys.jks
--
diff --git a/testutils/src/test/resources/keys/MultipleKeys.jks 
b/testutils/src/test/resources/keys/MultipleKeys.jks
deleted file mode 100644
index 9e6c477..000
Binary files a/testutils/src/test/resources/keys/MultipleKeys.jks and /dev/null 
differ

[1/2] cxf git commit: [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password

2017-06-13 Thread ffang 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 6ed365ef2 -> 07ee787c4


[CXF-7401]CXF http-jetty fails to get private key if the jks keystore file 
contains multiple private keys with different password

(cherry picked from commit e877d30982ae970738495160090a8e948f33c199)


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a11b4b53
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a11b4b53
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a11b4b53

Branch: refs/heads/3.1.x-fixes
Commit: a11b4b530f18d5d87e9bca3d7b2f6a71bcf0d00c
Parents: 4fd67ac
Author: Freeman Fang 
Authored: Tue Jun 13 16:36:37 2017 +0800
Committer: Freeman Fang 
Committed: Tue Jun 13 19:15:48 2017 +0800

--
 .../jsse/MultiKeyPasswordKeyManager.java|  83 +++
 .../jsse/TLSClientParametersConfig.java |  10 ++-
 .../jsse/TLSParameterJaxBUtils.java |  36 
 .../jsse/TLSServerParametersConfig.java |  10 ++-
 .../cxf/systest/https/conduit/jaxws-server.xml  |   8 +-
 .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes
 6 files changed, 139 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/a11b4b53/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
--
diff --git 
a/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
 
b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
new file mode 100644
index 000..c6dcbc9
--- /dev/null
+++ 
b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.configuration.jsse;
+
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509KeyManager;
+
+public class MultiKeyPasswordKeyManager implements X509KeyManager {
+private final KeyStore mKeyStore;
+private final String mKeyAlias;
+private final String mKeyPassword;
+
+public MultiKeyPasswordKeyManager(KeyStore keystore, String keyAlias, 
String keyPassword) {
+mKeyStore = keystore;
+mKeyAlias = keyAlias;
+mKeyPassword = keyPassword;
+}
+
+public String[] getClientAliases(String keyType, Principal[] issuers) {
+return new String[] {
+mKeyAlias
+};
+}
+
+public String[] getServerAliases(String keyType, Principal[] issuers) {
+return new String[] {
+mKeyAlias
+};
+}
+public X509Certificate[] getCertificateChain(String alias) {
+Certificate[] chain = null;
+try {
+chain = mKeyStore.getCertificateChain(alias);
+} catch (KeyStoreException kse) {
+throw new RuntimeException(kse);
+}
+final X509Certificate[] certChain = new X509Certificate[chain.length];
+for (int i = 0; i < chain.length; i++) {
+certChain[i] = (X509Certificate)chain[i];
+}
+return certChain;
+}
+
+public PrivateKey getPrivateKey(String alias) {
+try {
+return (PrivateKey)mKeyStore.getKey(alias, 
mKeyPassword.toCharArray());
+} catch (GeneralSecurityException gse) {
+throw new RuntimeException(gse);
+}
+}
+
+public String chooseClientAlias(String[] keyType, Principal[] issuers, 
Socket socket) {
+return mKeyAlias;
+}
+
+public String chooseServerAlias(String keyType, Principal[] issuers, 
Socket socket) {
+return mKeyAlias;
+}
+
+}

[2/2] cxf git commit: Merge branch '3.1.x-fixes' of https://git-wip-us.apache.org/repos/asf/cxf into 3.1.x-fixes

2017-06-13 Thread ffang 
Merge branch '3.1.x-fixes' of https://git-wip-us.apache.org/repos/asf/cxf into 
3.1.x-fixes


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/07ee787c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/07ee787c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/07ee787c

Branch: refs/heads/3.1.x-fixes
Commit: 07ee787c4fa3b86f88f3cd87c2264f1b2f27885c
Parents: a11b4b5 6ed365e
Author: Freeman Fang 
Authored: Wed Jun 14 10:32:30 2017 +0800
Committer: Freeman Fang 
Committed: Wed Jun 14 10:32:30 2017 +0800

--
 .../java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java| 2 +-
 .../org/apache/cxf/rs/security/jose/common/JoseException.java | 7 +--
 .../org/apache/cxf/rs/security/jose/jwe/JweException.java | 2 +-
 .../org/apache/cxf/rs/security/jose/jwk/JwkException.java | 7 +--
 .../org/apache/cxf/rs/security/jose/jws/JwsException.java | 2 +-
 .../org/apache/cxf/rs/security/jose/jwt/JwtException.java | 7 +--
 6 files changed, 18 insertions(+), 9 deletions(-)
--

cxf git commit: [CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke applied, This closes #280

2017-06-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 02da972c8 -> 6ed365ef2


[CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke 
applied, This closes #280


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6ed365ef
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6ed365ef
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6ed365ef

Branch: refs/heads/3.1.x-fixes
Commit: 6ed365ef26d3fd99e141fe6bdb9d5a4172965e94
Parents: 02da972
Author: Sergey Beryozkin 
Authored: Tue Jun 13 17:03:52 2017 +0100
Committer: Sergey Beryozkin 
Committed: Tue Jun 13 17:05:23 2017 +0100

--
 .../main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/6ed365ef/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
--
diff --git 
a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
 
b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
index 350e28f..108db51 100644
--- 
a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
+++ 
b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
@@ -473,7 +473,7 @@ public class Swagger2Feature extends AbstractSwaggerFeature 
{
 protected static class SwaggerUIResourceFilter implements 
ContainerRequestFilter {
 private static final Pattern PATTERN =
 Pattern.compile(
-  ".*js|.*gz|.*map|oauth2*[.]html|.*png|.*css|.*ico|"
+  
".*[.]js|.*[.]gz|.*[.]map|oauth2*[.]html|.*[.]png|.*[.]css|.*[.]ico|"
   + "/css/.*|/images/.*|/lib/.*|/fonts/.*"
 );

cxf git commit: [CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke applied, This closes #280

2017-06-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master d9a4a0bac -> e16d3a57a


[CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke 
applied, This closes #280


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e16d3a57
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e16d3a57
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e16d3a57

Branch: refs/heads/master
Commit: e16d3a57a36674ad7e4eb4a98d629ec9a7264201
Parents: d9a4a0b
Author: Sergey Beryozkin 
Authored: Tue Jun 13 17:03:52 2017 +0100
Committer: Sergey Beryozkin 
Committed: Tue Jun 13 17:03:52 2017 +0100

--
 .../main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java| 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/e16d3a57/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
--
diff --git 
a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
 
b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
index 36dfd3d..8dceb29 100644
--- 
a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
+++ 
b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java
@@ -472,7 +472,7 @@ public class Swagger2Feature extends AbstractSwaggerFeature 
{
 protected static class SwaggerUIResourceFilter implements 
ContainerRequestFilter {
 private static final Pattern PATTERN =
 Pattern.compile(
-  ".*js|.*gz|.*map|oauth2*[.]html|.*png|.*css|.*ico|"
+  
".*[.]js|.*[.]gz|.*[.]map|oauth2*[.]html|.*[.]png|.*[.]css|.*[.]ico|"
   + "/css/.*|/images/.*|/lib/.*|/fonts/.*"
 );

cxf git commit: [CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, This closes #277

2017-06-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 4fd67ac58 -> 02da972c8


[CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, 
This closes #277


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/02da972c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/02da972c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/02da972c

Branch: refs/heads/3.1.x-fixes
Commit: 02da972c8b7261c2acf20abb9ac39da0fdab6d6a
Parents: 4fd67ac
Author: Sergey Beryozkin 
Authored: Tue Jun 13 16:44:26 2017 +0100
Committer: Sergey Beryozkin 
Committed: Tue Jun 13 16:45:19 2017 +0100

--
 .../org/apache/cxf/rs/security/jose/common/JoseException.java | 7 +--
 .../org/apache/cxf/rs/security/jose/jwe/JweException.java | 2 +-
 .../org/apache/cxf/rs/security/jose/jwk/JwkException.java | 7 +--
 .../org/apache/cxf/rs/security/jose/jws/JwsException.java | 2 +-
 .../org/apache/cxf/rs/security/jose/jwt/JwtException.java | 7 +--
 5 files changed, 17 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
index ffaf2d1..c495a95 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
@@ -24,10 +24,13 @@ public class JoseException extends RuntimeException {
 public JoseException() {
 
 }
-public JoseException(String error) {
-super(error);
+public JoseException(String message) {
+super(message);
 }
 public JoseException(Throwable cause) {
 super(cause);
 }
+public JoseException(String message, Throwable cause) {
+super(message, cause);
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
index 7896ee5..16077d9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
@@ -28,7 +28,7 @@ public class JweException extends JoseException {
 this(status, null);
 }
 public JweException(Error status, Throwable cause) {
-super(cause);
+super(status != null ? status.toString() : null, cause);
 this.status = status;
 }
 public Error getError() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
index da54572..d580a43 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
@@ -26,10 +26,13 @@ public class JwkException extends JoseException {
 public JwkException() {
 
 }
-public JwkException(String error) {
-super(error);
+public JwkException(String message) {
+super(message);
 }
 public JwkException(Throwable cause) {
 super(cause);
 }
+public JwkException(String message, Throwable cause) {
+super(message, cause);
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java
index

cxf git commit: [CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, This closes #277

2017-06-13 Thread sergeyb 
Repository: cxf
Updated Branches:
  refs/heads/master e877d3098 -> d9a4a0bac


[CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, 
This closes #277


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d9a4a0ba
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d9a4a0ba
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d9a4a0ba

Branch: refs/heads/master
Commit: d9a4a0bac14ae5639b03222b902f4a9df9fb173d
Parents: e877d30
Author: Sergey Beryozkin 
Authored: Tue Jun 13 16:44:26 2017 +0100
Committer: Sergey Beryozkin 
Committed: Tue Jun 13 16:44:26 2017 +0100

--
 .../org/apache/cxf/rs/security/jose/common/JoseException.java | 7 +--
 .../org/apache/cxf/rs/security/jose/jwe/JweException.java | 2 +-
 .../org/apache/cxf/rs/security/jose/jwk/JwkException.java | 7 +--
 .../org/apache/cxf/rs/security/jose/jws/JwsException.java | 2 +-
 .../org/apache/cxf/rs/security/jose/jwt/JwtException.java | 7 +--
 5 files changed, 17 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
index ffaf2d1..c495a95 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java
@@ -24,10 +24,13 @@ public class JoseException extends RuntimeException {
 public JoseException() {
 
 }
-public JoseException(String error) {
-super(error);
+public JoseException(String message) {
+super(message);
 }
 public JoseException(Throwable cause) {
 super(cause);
 }
+public JoseException(String message, Throwable cause) {
+super(message, cause);
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
index 7896ee5..16077d9 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java
@@ -28,7 +28,7 @@ public class JweException extends JoseException {
 this(status, null);
 }
 public JweException(Error status, Throwable cause) {
-super(cause);
+super(status != null ? status.toString() : null, cause);
 this.status = status;
 }
 public Error getError() {

http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
index da54572..d580a43 100644
--- 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
+++ 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java
@@ -26,10 +26,13 @@ public class JwkException extends JoseException {
 public JwkException() {
 
 }
-public JwkException(String error) {
-super(error);
+public JwkException(String message) {
+super(message);
 }
 public JwkException(Throwable cause) {
 super(cause);
 }
+public JwkException(String message, Throwable cause) {
+super(message, cause);
+}
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java
--
diff --git 
a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java
 
b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java
index

cxf git commit: [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password

2017-06-13 Thread ffang 
Repository: cxf
Updated Branches:
  refs/heads/master 20663ce50 -> e877d3098


[CXF-7401]CXF http-jetty fails to get private key if the jks keystore file 
contains multiple private keys with different password


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e877d309
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e877d309
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e877d309

Branch: refs/heads/master
Commit: e877d30982ae970738495160090a8e948f33c199
Parents: 20663ce
Author: Freeman Fang 
Authored: Tue Jun 13 16:36:37 2017 +0800
Committer: Freeman Fang 
Committed: Tue Jun 13 16:36:37 2017 +0800

--
 .../jsse/MultiKeyPasswordKeyManager.java|  83 +++
 .../jsse/TLSClientParametersConfig.java |  10 ++-
 .../jsse/TLSParameterJaxBUtils.java |  36 
 .../jsse/TLSServerParametersConfig.java |  10 ++-
 .../cxf/systest/https/conduit/jaxws-server.xml  |   8 +-
 .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes
 6 files changed, 139 insertions(+), 8 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/e877d309/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
--
diff --git 
a/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
 
b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
new file mode 100644
index 000..c6dcbc9
--- /dev/null
+++ 
b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java
@@ -0,0 +1,83 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.configuration.jsse;
+
+import java.net.Socket;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.security.cert.X509Certificate;
+import javax.net.ssl.X509KeyManager;
+
+public class MultiKeyPasswordKeyManager implements X509KeyManager {
+private final KeyStore mKeyStore;
+private final String mKeyAlias;
+private final String mKeyPassword;
+
+public MultiKeyPasswordKeyManager(KeyStore keystore, String keyAlias, 
String keyPassword) {
+mKeyStore = keystore;
+mKeyAlias = keyAlias;
+mKeyPassword = keyPassword;
+}
+
+public String[] getClientAliases(String keyType, Principal[] issuers) {
+return new String[] {
+mKeyAlias
+};
+}
+
+public String[] getServerAliases(String keyType, Principal[] issuers) {
+return new String[] {
+mKeyAlias
+};
+}
+public X509Certificate[] getCertificateChain(String alias) {
+Certificate[] chain = null;
+try {
+chain = mKeyStore.getCertificateChain(alias);
+} catch (KeyStoreException kse) {
+throw new RuntimeException(kse);
+}
+final X509Certificate[] certChain = new X509Certificate[chain.length];
+for (int i = 0; i < chain.length; i++) {
+certChain[i] = (X509Certificate)chain[i];
+}
+return certChain;
+}
+
+public PrivateKey getPrivateKey(String alias) {
+try {
+return (PrivateKey)mKeyStore.getKey(alias, 
mKeyPassword.toCharArray());
+} catch (GeneralSecurityException gse) {
+throw new RuntimeException(gse);
+}
+}
+
+public String chooseClientAlias(String[] keyType, Principal[] issuers, 
Socket socket) {
+return mKeyAlias;
+}
+
+public String chooseServerAlias(String keyType, Principal[] issuers, 
Socket socket) {
+return mKeyAlias;
+}
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/e877d309/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java