You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/10/03 16:14:42 UTC
[cxf] 01/07: Adding TLSv1.3 tests
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 37e9a9b3ed51cb9042fd288ab5f9b847e96bff1d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 10:30:41 2018 +0100
Adding TLSv1.3 tests
---
.../https/ciphersuites/CipherSuitesTest.java | 78 +++++++++++++++++++++-
.../ciphersuites/ciphersuites-client-tlsv13.xml | 37 ++++++++++
.../https/ciphersuites/ciphersuites-server.xml | 6 +-
3 files changed, 117 insertions(+), 4 deletions(-)
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index d55f5f6..d3d1945 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -44,6 +44,7 @@ import org.apache.hello_world.Greeter;
import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
+import org.junit.Assume;
import org.junit.BeforeClass;
/**
@@ -241,7 +242,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testRC4Included() throws Exception {
String version = System.getProperty("java.version");
- if (JavaUtils.isJava9Compatible()
+ if (JavaUtils.isJava9Compatible()
|| version.length() > 1 && 1.8D <= Double.parseDouble(version.substring(0, 3))
) {
// RC4 not supported since JDK8
@@ -548,6 +549,81 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // Both client + server include AES, client enables a TLS v1.3 CipherSuite
+ @org.junit.Test
+ public void testAESIncludedTLSv13() throws Exception {
+ // Doesn't work with IBM JDK
+ if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
+ return;
+ }
+ Assume.assumeTrue(JavaUtils.isJava11Compatible());
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-tlsv13.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ // Both client + server include AES, client enables a TLS v1.3 CipherSuite
+ @org.junit.Test
+ public void testAESIncludedTLSv13ViaCode() throws Exception {
+ // Doesn't work with IBM JDK
+ if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
+ return;
+ }
+ Assume.assumeTrue(JavaUtils.isJava11Compatible());
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT);
+
+ Client client = ClientProxy.getClient(port);
+ HTTPConduit conduit = (HTTPConduit) client.getConduit();
+
+ TLSClientParameters tlsParams = new TLSClientParameters();
+ X509TrustManager trustManager = new NoOpX509TrustManager();
+ TrustManager[] trustManagers = new TrustManager[1];
+ trustManagers[0] = trustManager;
+ tlsParams.setTrustManagers(trustManagers);
+ tlsParams.setDisableCNCheck(true);
+
+ tlsParams.setSecureSocketProtocol("TLSv1.3");
+ tlsParams.setCipherSuites(Collections.singletonList("TLS_AES_128_GCM_SHA256"));
+
+ conduit.setTlsClientParameters(tlsParams);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
// Both client + server include AES, client is TLSv1.1
@org.junit.Test
public void testAESIncludedTLSv11() throws Exception {
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client-tlsv13.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client-tlsv13.xml
new file mode 100644
index 0000000..5c7c89d
--- /dev/null
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client-tlsv13.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-b [...]
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="https://localhost:.*">
+ <http:tlsClientParameters disableCNCheck="true" secureSocketProtocol="TLSv1.3">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuites>
+ <sec:cipherSuite>TLS_AES_128_GCM_SHA256</sec:cipherSuite>
+ </sec:cipherSuites>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
index 49b1027..09545ff 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
@@ -33,7 +33,7 @@
</sec:keyManagers>
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuitesFilter>
- <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_AES_.*</sec:include>
<sec:exclude>SSL_RSA_WITH_DES_CBC_SHA</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
@@ -63,7 +63,7 @@
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_RC4_.*</sec:include>
- <sec:exclude>.*_WITH_AES_.*</sec:exclude>
+ <sec:exclude>.*_AES_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
@@ -129,7 +129,7 @@
</sec:keyManagers>
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuitesFilter>
- <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_AES_.*</sec:include>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>