[1/2] cxf git commit: [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 8341f4e08 -> 23408fdbb [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password (cherry picked from commit e877d30982ae970738495160090a8e948f33c199) (cherry picked from commit a11b4b530f18d5d87e9bca3d7b2f6a71bcf0d00c) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f4955276 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f4955276 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f4955276 Branch: refs/heads/3.0.x-fixes Commit: f49552767f77e1510d3abd24ab243d9693ed45c1 Parents: 8341f4e Author: Freeman FangAuthored: Tue Jun 13 16:36:37 2017 +0800 Committer: Freeman Fang Committed: Wed Jun 14 10:45:42 2017 +0800 -- .../jsse/MultiKeyPasswordKeyManager.java| 83 +++ .../jsse/TLSClientParametersConfig.java | 10 ++- .../jsse/TLSParameterJaxBUtils.java | 36 .../jsse/TLSServerParametersConfig.java | 10 ++- .../cxf/systest/https/conduit/jaxws-server.xml | 8 +- .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes 6 files changed, 139 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/f4955276/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java new file mode 100644 index 000..c6dcbc9 --- /dev/null +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java @@ -0,0 +1,83 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.configuration.jsse; + +import java.net.Socket; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509KeyManager; + +public class MultiKeyPasswordKeyManager implements X509KeyManager { +private final KeyStore mKeyStore; +private final String mKeyAlias; +private final String mKeyPassword; + +public MultiKeyPasswordKeyManager(KeyStore keystore, String keyAlias, String keyPassword) { +mKeyStore = keystore; +mKeyAlias = keyAlias; +mKeyPassword = keyPassword; +} + +public String[] getClientAliases(String keyType, Principal[] issuers) { +return new String[] { +mKeyAlias +}; +} + +public String[] getServerAliases(String keyType, Principal[] issuers) { +return new String[] { +mKeyAlias +}; +} +public X509Certificate[] getCertificateChain(String alias) { +Certificate[] chain = null; +try { +chain = mKeyStore.getCertificateChain(alias); +} catch (KeyStoreException kse) { +throw new RuntimeException(kse); +} +final X509Certificate[] certChain = new X509Certificate[chain.length]; +for (int i = 0; i < chain.length; i++) { +certChain[i] = (X509Certificate)chain[i]; +} +return certChain; +} + +public PrivateKey getPrivateKey(String alias) { +try { +return (PrivateKey)mKeyStore.getKey(alias, mKeyPassword.toCharArray()); +} catch (GeneralSecurityException gse) { +throw new RuntimeException(gse); +} +} + +public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { +return mKeyAlias; +} + +public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { +return mKeyAlias; +} + +}
[2/2] cxf git commit: resolve cherry-pick conflicts
resolve cherry-pick conflicts Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/23408fdb Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/23408fdb Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/23408fdb Branch: refs/heads/3.0.x-fixes Commit: 23408fdbbd30dc1836d60c72bf93ffb215504cdd Parents: f495527 Author: Freeman FangAuthored: Wed Jun 14 12:42:09 2017 +0800 Committer: Freeman Fang Committed: Wed Jun 14 12:42:09 2017 +0800 -- .../configuration/jsse/TLSParameterJaxBUtils.java | 7 --- .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes testutils/src/test/resources/keys/MultipleKeys.jks | Bin 4391 -> 0 bytes 3 files changed, 4 insertions(+), 3 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/23408fdb/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java index 18b0228..cdb4a9e 100644 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.java @@ -293,19 +293,20 @@ public final class TLSParameterJaxBUtils { throws GeneralSecurityException, IOException { -KeyStore keyStore = getKeyStore(kmc.getKeyStore(), false); +KeyStore keyStore = getKeyStore(kmc.getKeyStore()); String alg = kmc.isSetFactoryAlgorithm() ? kmc.getFactoryAlgorithm() : KeyManagerFactory.getDefaultAlgorithm(); -char[] keyPass = getKeyPassword(kmc); +char[] keyPass = kmc.isSetKeyPassword() + ? deobfuscate(kmc.getKeyPassword()) + : null; KeyManagerFactory fac = kmc.isSetProvider() ? KeyManagerFactory.getInstance(alg, kmc.getProvider()) : KeyManagerFactory.getInstance(alg); - try { fac.init(keyStore, keyPass); http://git-wip-us.apache.org/repos/asf/cxf/blob/23408fdb/systests/transports/src/test/resources/keys/MultipleKeys.jks -- diff --git a/systests/transports/src/test/resources/keys/MultipleKeys.jks b/systests/transports/src/test/resources/keys/MultipleKeys.jks new file mode 100644 index 000..9e6c477 Binary files /dev/null and b/systests/transports/src/test/resources/keys/MultipleKeys.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/23408fdb/testutils/src/test/resources/keys/MultipleKeys.jks -- diff --git a/testutils/src/test/resources/keys/MultipleKeys.jks b/testutils/src/test/resources/keys/MultipleKeys.jks deleted file mode 100644 index 9e6c477..000 Binary files a/testutils/src/test/resources/keys/MultipleKeys.jks and /dev/null differ
[1/2] cxf git commit: [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 6ed365ef2 -> 07ee787c4 [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password (cherry picked from commit e877d30982ae970738495160090a8e948f33c199) Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/a11b4b53 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/a11b4b53 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/a11b4b53 Branch: refs/heads/3.1.x-fixes Commit: a11b4b530f18d5d87e9bca3d7b2f6a71bcf0d00c Parents: 4fd67ac Author: Freeman FangAuthored: Tue Jun 13 16:36:37 2017 +0800 Committer: Freeman Fang Committed: Tue Jun 13 19:15:48 2017 +0800 -- .../jsse/MultiKeyPasswordKeyManager.java| 83 +++ .../jsse/TLSClientParametersConfig.java | 10 ++- .../jsse/TLSParameterJaxBUtils.java | 36 .../jsse/TLSServerParametersConfig.java | 10 ++- .../cxf/systest/https/conduit/jaxws-server.xml | 8 +- .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes 6 files changed, 139 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/a11b4b53/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java new file mode 100644 index 000..c6dcbc9 --- /dev/null +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java @@ -0,0 +1,83 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.configuration.jsse; + +import java.net.Socket; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509KeyManager; + +public class MultiKeyPasswordKeyManager implements X509KeyManager { +private final KeyStore mKeyStore; +private final String mKeyAlias; +private final String mKeyPassword; + +public MultiKeyPasswordKeyManager(KeyStore keystore, String keyAlias, String keyPassword) { +mKeyStore = keystore; +mKeyAlias = keyAlias; +mKeyPassword = keyPassword; +} + +public String[] getClientAliases(String keyType, Principal[] issuers) { +return new String[] { +mKeyAlias +}; +} + +public String[] getServerAliases(String keyType, Principal[] issuers) { +return new String[] { +mKeyAlias +}; +} +public X509Certificate[] getCertificateChain(String alias) { +Certificate[] chain = null; +try { +chain = mKeyStore.getCertificateChain(alias); +} catch (KeyStoreException kse) { +throw new RuntimeException(kse); +} +final X509Certificate[] certChain = new X509Certificate[chain.length]; +for (int i = 0; i < chain.length; i++) { +certChain[i] = (X509Certificate)chain[i]; +} +return certChain; +} + +public PrivateKey getPrivateKey(String alias) { +try { +return (PrivateKey)mKeyStore.getKey(alias, mKeyPassword.toCharArray()); +} catch (GeneralSecurityException gse) { +throw new RuntimeException(gse); +} +} + +public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { +return mKeyAlias; +} + +public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { +return mKeyAlias; +} + +}
[2/2] cxf git commit: Merge branch '3.1.x-fixes' of https://git-wip-us.apache.org/repos/asf/cxf into 3.1.x-fixes
Merge branch '3.1.x-fixes' of https://git-wip-us.apache.org/repos/asf/cxf into 3.1.x-fixes Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/07ee787c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/07ee787c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/07ee787c Branch: refs/heads/3.1.x-fixes Commit: 07ee787c4fa3b86f88f3cd87c2264f1b2f27885c Parents: a11b4b5 6ed365e Author: Freeman FangAuthored: Wed Jun 14 10:32:30 2017 +0800 Committer: Freeman Fang Committed: Wed Jun 14 10:32:30 2017 +0800 -- .../java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java| 2 +- .../org/apache/cxf/rs/security/jose/common/JoseException.java | 7 +-- .../org/apache/cxf/rs/security/jose/jwe/JweException.java | 2 +- .../org/apache/cxf/rs/security/jose/jwk/JwkException.java | 7 +-- .../org/apache/cxf/rs/security/jose/jws/JwsException.java | 2 +- .../org/apache/cxf/rs/security/jose/jwt/JwtException.java | 7 +-- 6 files changed, 18 insertions(+), 9 deletions(-) --
cxf git commit: [CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke applied, This closes #280
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 02da972c8 -> 6ed365ef2 [CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke applied, This closes #280 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/6ed365ef Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/6ed365ef Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/6ed365ef Branch: refs/heads/3.1.x-fixes Commit: 6ed365ef26d3fd99e141fe6bdb9d5a4172965e94 Parents: 02da972 Author: Sergey BeryozkinAuthored: Tue Jun 13 17:03:52 2017 +0100 Committer: Sergey Beryozkin Committed: Tue Jun 13 17:05:23 2017 +0100 -- .../main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/6ed365ef/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java -- diff --git a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java index 350e28f..108db51 100644 --- a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java +++ b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java @@ -473,7 +473,7 @@ public class Swagger2Feature extends AbstractSwaggerFeature { protected static class SwaggerUIResourceFilter implements ContainerRequestFilter { private static final Pattern PATTERN = Pattern.compile( - ".*js|.*gz|.*map|oauth2*[.]html|.*png|.*css|.*ico|" + ".*[.]js|.*[.]gz|.*[.]map|oauth2*[.]html|.*[.]png|.*[.]css|.*[.]ico|" + "/css/.*|/images/.*|/lib/.*|/fonts/.*" );
cxf git commit: [CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke applied, This closes #280
Repository: cxf Updated Branches: refs/heads/master d9a4a0bac -> e16d3a57a [CXF-7400] Add dots to SwaggerUIResourceFilter regex, patch from Cody Raethke applied, This closes #280 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e16d3a57 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e16d3a57 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e16d3a57 Branch: refs/heads/master Commit: e16d3a57a36674ad7e4eb4a98d629ec9a7264201 Parents: d9a4a0b Author: Sergey BeryozkinAuthored: Tue Jun 13 17:03:52 2017 +0100 Committer: Sergey Beryozkin Committed: Tue Jun 13 17:03:52 2017 +0100 -- .../main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java| 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e16d3a57/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java -- diff --git a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java index 36dfd3d..8dceb29 100644 --- a/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java +++ b/rt/rs/description-swagger/src/main/java/org/apache/cxf/jaxrs/swagger/Swagger2Feature.java @@ -472,7 +472,7 @@ public class Swagger2Feature extends AbstractSwaggerFeature { protected static class SwaggerUIResourceFilter implements ContainerRequestFilter { private static final Pattern PATTERN = Pattern.compile( - ".*js|.*gz|.*map|oauth2*[.]html|.*png|.*css|.*ico|" + ".*[.]js|.*[.]gz|.*[.]map|oauth2*[.]html|.*[.]png|.*[.]css|.*[.]ico|" + "/css/.*|/images/.*|/lib/.*|/fonts/.*" );
cxf git commit: [CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, This closes #277
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 4fd67ac58 -> 02da972c8 [CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, This closes #277 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/02da972c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/02da972c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/02da972c Branch: refs/heads/3.1.x-fixes Commit: 02da972c8b7261c2acf20abb9ac39da0fdab6d6a Parents: 4fd67ac Author: Sergey BeryozkinAuthored: Tue Jun 13 16:44:26 2017 +0100 Committer: Sergey Beryozkin Committed: Tue Jun 13 16:45:19 2017 +0100 -- .../org/apache/cxf/rs/security/jose/common/JoseException.java | 7 +-- .../org/apache/cxf/rs/security/jose/jwe/JweException.java | 2 +- .../org/apache/cxf/rs/security/jose/jwk/JwkException.java | 7 +-- .../org/apache/cxf/rs/security/jose/jws/JwsException.java | 2 +- .../org/apache/cxf/rs/security/jose/jwt/JwtException.java | 7 +-- 5 files changed, 17 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java index ffaf2d1..c495a95 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java @@ -24,10 +24,13 @@ public class JoseException extends RuntimeException { public JoseException() { } -public JoseException(String error) { -super(error); +public JoseException(String message) { +super(message); } public JoseException(Throwable cause) { super(cause); } +public JoseException(String message, Throwable cause) { +super(message, cause); +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java index 7896ee5..16077d9 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java @@ -28,7 +28,7 @@ public class JweException extends JoseException { this(status, null); } public JweException(Error status, Throwable cause) { -super(cause); +super(status != null ? status.toString() : null, cause); this.status = status; } public Error getError() { http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java index da54572..d580a43 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java @@ -26,10 +26,13 @@ public class JwkException extends JoseException { public JwkException() { } -public JwkException(String error) { -super(error); +public JwkException(String message) { +super(message); } public JwkException(Throwable cause) { super(cause); } +public JwkException(String message, Throwable cause) { +super(message, cause); +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/02da972c/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java index
cxf git commit: [CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, This closes #277
Repository: cxf Updated Branches: refs/heads/master e877d3098 -> d9a4a0bac [CXF-7393] Add message to jws/jwe exceptions, patch from Amir Behnam applied, This closes #277 Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d9a4a0ba Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d9a4a0ba Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d9a4a0ba Branch: refs/heads/master Commit: d9a4a0bac14ae5639b03222b902f4a9df9fb173d Parents: e877d30 Author: Sergey BeryozkinAuthored: Tue Jun 13 16:44:26 2017 +0100 Committer: Sergey Beryozkin Committed: Tue Jun 13 16:44:26 2017 +0100 -- .../org/apache/cxf/rs/security/jose/common/JoseException.java | 7 +-- .../org/apache/cxf/rs/security/jose/jwe/JweException.java | 2 +- .../org/apache/cxf/rs/security/jose/jwk/JwkException.java | 7 +-- .../org/apache/cxf/rs/security/jose/jws/JwsException.java | 2 +- .../org/apache/cxf/rs/security/jose/jwt/JwtException.java | 7 +-- 5 files changed, 17 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java index ffaf2d1..c495a95 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/common/JoseException.java @@ -24,10 +24,13 @@ public class JoseException extends RuntimeException { public JoseException() { } -public JoseException(String error) { -super(error); +public JoseException(String message) { +super(message); } public JoseException(Throwable cause) { super(cause); } +public JoseException(String message, Throwable cause) { +super(message, cause); +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java index 7896ee5..16077d9 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwe/JweException.java @@ -28,7 +28,7 @@ public class JweException extends JoseException { this(status, null); } public JweException(Error status, Throwable cause) { -super(cause); +super(status != null ? status.toString() : null, cause); this.status = status; } public Error getError() { http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java index da54572..d580a43 100644 --- a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java +++ b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jwk/JwkException.java @@ -26,10 +26,13 @@ public class JwkException extends JoseException { public JwkException() { } -public JwkException(String error) { -super(error); +public JwkException(String message) { +super(message); } public JwkException(Throwable cause) { super(cause); } +public JwkException(String message, Throwable cause) { +super(message, cause); +} } http://git-wip-us.apache.org/repos/asf/cxf/blob/d9a4a0ba/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java -- diff --git a/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java b/rt/rs/security/jose-parent/jose/src/main/java/org/apache/cxf/rs/security/jose/jws/JwsException.java index
cxf git commit: [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password
Repository: cxf Updated Branches: refs/heads/master 20663ce50 -> e877d3098 [CXF-7401]CXF http-jetty fails to get private key if the jks keystore file contains multiple private keys with different password Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e877d309 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e877d309 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e877d309 Branch: refs/heads/master Commit: e877d30982ae970738495160090a8e948f33c199 Parents: 20663ce Author: Freeman FangAuthored: Tue Jun 13 16:36:37 2017 +0800 Committer: Freeman Fang Committed: Tue Jun 13 16:36:37 2017 +0800 -- .../jsse/MultiKeyPasswordKeyManager.java| 83 +++ .../jsse/TLSClientParametersConfig.java | 10 ++- .../jsse/TLSParameterJaxBUtils.java | 36 .../jsse/TLSServerParametersConfig.java | 10 ++- .../cxf/systest/https/conduit/jaxws-server.xml | 8 +- .../src/test/resources/keys/MultipleKeys.jks| Bin 0 -> 4391 bytes 6 files changed, 139 insertions(+), 8 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/e877d309/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java -- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java new file mode 100644 index 000..c6dcbc9 --- /dev/null +++ b/core/src/main/java/org/apache/cxf/configuration/jsse/MultiKeyPasswordKeyManager.java @@ -0,0 +1,83 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.configuration.jsse; + +import java.net.Socket; +import java.security.GeneralSecurityException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.Principal; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import javax.net.ssl.X509KeyManager; + +public class MultiKeyPasswordKeyManager implements X509KeyManager { +private final KeyStore mKeyStore; +private final String mKeyAlias; +private final String mKeyPassword; + +public MultiKeyPasswordKeyManager(KeyStore keystore, String keyAlias, String keyPassword) { +mKeyStore = keystore; +mKeyAlias = keyAlias; +mKeyPassword = keyPassword; +} + +public String[] getClientAliases(String keyType, Principal[] issuers) { +return new String[] { +mKeyAlias +}; +} + +public String[] getServerAliases(String keyType, Principal[] issuers) { +return new String[] { +mKeyAlias +}; +} +public X509Certificate[] getCertificateChain(String alias) { +Certificate[] chain = null; +try { +chain = mKeyStore.getCertificateChain(alias); +} catch (KeyStoreException kse) { +throw new RuntimeException(kse); +} +final X509Certificate[] certChain = new X509Certificate[chain.length]; +for (int i = 0; i < chain.length; i++) { +certChain[i] = (X509Certificate)chain[i]; +} +return certChain; +} + +public PrivateKey getPrivateKey(String alias) { +try { +return (PrivateKey)mKeyStore.getKey(alias, mKeyPassword.toCharArray()); +} catch (GeneralSecurityException gse) { +throw new RuntimeException(gse); +} +} + +public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket) { +return mKeyAlias; +} + +public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket) { +return mKeyAlias; +} + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/e877d309/core/src/main/java/org/apache/cxf/configuration/jsse/TLSClientParametersConfig.java