You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2018/10/03 16:14:41 UTC
[cxf] branch master updated (0a25a61 -> 4da4203)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from 0a25a61 Merge pull request #454 from rmannibucau/xbean-asm7-support
new 37e9a9b Adding TLSv1.3 tests
new 05b8db0 Replace RC4 CipherSuite tests as it's not supported from Java >= 8 upwards
new f652464 Disabling a ClientAuthTest with JDK11
new a444dcd Upgrading Jetty + fixing systest failures
new ae99416 Removing unused getSecureSocketsProtocol method
new 2656823 CXF-7862 - Exclude 3DES, MD5, CBC and RC4 ciphersuites as well by default
new 4da4203 Fixing some failing security systests with JDK11
The 7 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.../apache/cxf/configuration/jsse/SSLUtils.java | 25 +---
parent/pom.xml | 2 +-
.../http/spring/HttpConduitConfigurationTest.java | 2 +-
.../cxf/transport/http/spring/conduit-bean.xml | 10 +-
.../transport/http/spring/conduit-tlsrefs-bean.xml | 10 +-
.../https/ciphersuites/CipherSuitesTest.java | 145 +++++++++++----------
.../systest/https/clientauth/ClientAuthTest.java | 4 +
...t-tlsv12.xml => ciphersuites-client-tlsv13.xml} | 4 +-
.../https/ciphersuites/ciphersuites-client.xml | 2 +-
...null-client.xml => ciphersuites-dhe-client.xml} | 2 +-
.../ciphersuites/ciphersuites-explicit-client.xml | 2 +-
.../https/ciphersuites/ciphersuites-rc4-client.xml | 38 ------
.../https/ciphersuites/ciphersuites-server.xml | 15 ++-
...SSecurity10UsernameAuthorizationLegacyTest.java | 4 +-
.../WSSecurity10UsernameAuthorizationTest.java | 8 +-
.../ws/wssec10/server/AuthorizedServer.java | 2 +-
.../ws/wssec10/server/AuthorizedServer2.java | 2 +-
...ed_unauthorized.xml => client_unauthorized.xml} | 4 +-
...ricted_authorized.xml => server_authorized.xml} | 4 +-
...ed_authorized_2.xml => server_authorized_2.xml} | 4 +-
20 files changed, 120 insertions(+), 169 deletions(-)
copy systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/{ciphersuites-client-tlsv12.xml => ciphersuites-client-tlsv13.xml} (95%)
rename systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/{ciphersuites-null-client.xml => ciphersuites-dhe-client.xml} (97%)
delete mode 100644 systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-rc4-client.xml
rename systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/{client_restricted_unauthorized.xml => client_unauthorized.xml} (97%)
rename systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/{server_restricted_authorized.xml => server_authorized.xml} (98%)
rename systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/{server_restricted_authorized_2.xml => server_authorized_2.xml} (98%)
[cxf] 02/07: Replace RC4 CipherSuite tests as it's not supported
from Java >= 8 upwards
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 05b8db050b158d82aad57081a0dbb5e7c92cc3b1
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 12:12:47 2018 +0100
Replace RC4 CipherSuite tests as it's not supported from Java >= 8 upwards
---
.../https/ciphersuites/CipherSuitesTest.java | 46 ++++++++--------------
.../https/ciphersuites/ciphersuites-client.xml | 2 +-
...-rc4-client.xml => ciphersuites-dhe-client.xml} | 3 +-
.../https/ciphersuites/ciphersuites-server.xml | 9 +++--
4 files changed, 23 insertions(+), 37 deletions(-)
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index d3d1945..d4f5acb 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -177,11 +177,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- // Client only includes RC4, server only includes AES
+ // Client only includes DHE, server excludes it
@org.junit.Test
- public void testClientRC4ServerAESIncluded() throws Exception {
+ public void testClientDHEServerExcludesIncluded() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml");
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
@@ -206,11 +206,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- // Client only includes RC4, server only includes AES
+ // Client only includes DHE, server excludes it
@org.junit.Test
- public void testClientRC4ServerAESIncludedAsync() throws Exception {
+ public void testClientDHEServerExcludesIncludedAsync() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml");
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
@@ -238,18 +238,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- // Both client + server include RC4
+ // Both client + server include DHE
@org.junit.Test
- public void testRC4Included() throws Exception {
- String version = System.getProperty("java.version");
- if (JavaUtils.isJava9Compatible()
- || version.length() > 1 && 1.8D <= Double.parseDouble(version.substring(0, 3))
- ) {
- // RC4 not supported since JDK8
- return;
- }
+ public void testDHEIncluded() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml");
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
@@ -269,18 +262,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- // Both client + server include RC4
+ // Both client + server include DHE
@org.junit.Test
- public void testRC4IncludedAsync() throws Exception {
- String version = System.getProperty("java.version");
- if (JavaUtils.isJava9Compatible()
- || version.length() > 1 && 1.8D <= Double.parseDouble(version.substring(0, 3))
- ) {
- // RC4 not supported since JDK8
- return;
- }
+ public void testDHEIncludedAsync() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml");
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
Bus bus = bf.createBus(busFile.toString());
BusFactory.setDefaultBus(bus);
@@ -303,9 +289,9 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- // Client only includes AES, server only includes RC4
+ // Client only includes ECDHE, server only includes DHE
@org.junit.Test
- public void testClientAESServerRC4Included() throws Exception {
+ public void testClientECDHEServerDHEIncluded() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
@@ -332,9 +318,9 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- // Client only includes AES, server only includes RC4
+ // Client only includes ECDHE, server only includes DHE
@org.junit.Test
- public void testClientAESServerRC4IncludedAsync() throws Exception {
+ public void testClientECDHEServerDHEIncludedAsync() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client.xml
index f509336..1e28bd6 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client.xml
@@ -30,7 +30,7 @@
<sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
- <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>TLS_ECDHE_.*</sec:include>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-rc4-client.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-dhe-client.xml
similarity index 95%
rename from systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-rc4-client.xml
rename to systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-dhe-client.xml
index 4c8323d..a5c84b5 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-rc4-client.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-dhe-client.xml
@@ -30,8 +30,7 @@
<sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
- <sec:include>.*_WITH_RC4_.*</sec:include>
- <sec:exclude>.*_WITH_AES_.*</sec:exclude>
+ <sec:include>.*_DHE_.*</sec:include>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
</http:conduit>
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
index 09545ff..041a8cc 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
@@ -35,6 +35,7 @@
<sec:cipherSuitesFilter>
<sec:include>.*_AES_.*</sec:include>
<sec:exclude>SSL_RSA_WITH_DES_CBC_SHA</sec:exclude>
+ <sec:exclude>.*_DHE_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
@@ -54,7 +55,7 @@
</jaxws:inInterceptors>
</jaxws:endpoint>
- <httpj:engine-factory id="rc4-tls-settings">
+ <httpj:engine-factory id="dhe-tls-settings">
<httpj:engine port="${testutil.ports.CipherSuitesServer.2}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
@@ -62,8 +63,8 @@
</sec:keyManagers>
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuitesFilter>
- <sec:include>.*_WITH_RC4_.*</sec:include>
- <sec:exclude>.*_AES_.*</sec:exclude>
+ <sec:include>.*_DHE_.*</sec:include>
+ <sec:exclude>TLS_ECDHE_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
@@ -75,7 +76,7 @@
implementor="org.apache.cxf.systest.http.GreeterImpl"
address="https://localhost:${testutil.ports.CipherSuitesServer.2}/SoapContext/HttpsPort"
serviceName="s:SOAPService"
- endpointName="e:HttpsPort" depends-on="rc4-tls-settings"/>
+ endpointName="e:HttpsPort" depends-on="dhe-tls-settings"/>
<httpj:engine-factory id="null-tls-settings">
<httpj:engine port="${testutil.ports.CipherSuitesServer.3}">
[cxf] 03/07: Disabling a ClientAuthTest with JDK11
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit f652464526edb0cb7eac277ff64c9f2d02e2b920
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 15:10:41 2018 +0100
Disabling a ClientAuthTest with JDK11
---
.../java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
index 11a7d23..d330723 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
@@ -44,6 +44,7 @@ import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.helpers.JavaUtils;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.hello_world.Greeter;
@@ -52,6 +53,7 @@ import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.junit.AfterClass;
+import org.junit.Assume;
import org.junit.BeforeClass;
/**
@@ -367,6 +369,8 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
// See CXF-7782
@org.junit.Test
public void testBouncyCastleProvider() throws Exception {
+ // TODO There seems to be a bug with BC 1.60 + JDK 11
+ Assume.assumeFalse(JavaUtils.isJava11Compatible());
try {
Security.addProvider(new BouncyCastleProvider());
Security.addProvider(new BouncyCastleJsseProvider());
[cxf] 01/07: Adding TLSv1.3 tests
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 37e9a9b3ed51cb9042fd288ab5f9b847e96bff1d
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 10:30:41 2018 +0100
Adding TLSv1.3 tests
---
.../https/ciphersuites/CipherSuitesTest.java | 78 +++++++++++++++++++++-
.../ciphersuites/ciphersuites-client-tlsv13.xml | 37 ++++++++++
.../https/ciphersuites/ciphersuites-server.xml | 6 +-
3 files changed, 117 insertions(+), 4 deletions(-)
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index d55f5f6..d3d1945 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -44,6 +44,7 @@ import org.apache.hello_world.Greeter;
import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
+import org.junit.Assume;
import org.junit.BeforeClass;
/**
@@ -241,7 +242,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
@org.junit.Test
public void testRC4Included() throws Exception {
String version = System.getProperty("java.version");
- if (JavaUtils.isJava9Compatible()
+ if (JavaUtils.isJava9Compatible()
|| version.length() > 1 && 1.8D <= Double.parseDouble(version.substring(0, 3))
) {
// RC4 not supported since JDK8
@@ -548,6 +549,81 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // Both client + server include AES, client enables a TLS v1.3 CipherSuite
+ @org.junit.Test
+ public void testAESIncludedTLSv13() throws Exception {
+ // Doesn't work with IBM JDK
+ if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
+ return;
+ }
+ Assume.assumeTrue(JavaUtils.isJava11Compatible());
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-tlsv13.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ // Both client + server include AES, client enables a TLS v1.3 CipherSuite
+ @org.junit.Test
+ public void testAESIncludedTLSv13ViaCode() throws Exception {
+ // Doesn't work with IBM JDK
+ if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
+ return;
+ }
+ Assume.assumeTrue(JavaUtils.isJava11Compatible());
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client-noconfig.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT);
+
+ Client client = ClientProxy.getClient(port);
+ HTTPConduit conduit = (HTTPConduit) client.getConduit();
+
+ TLSClientParameters tlsParams = new TLSClientParameters();
+ X509TrustManager trustManager = new NoOpX509TrustManager();
+ TrustManager[] trustManagers = new TrustManager[1];
+ trustManagers[0] = trustManager;
+ tlsParams.setTrustManagers(trustManagers);
+ tlsParams.setDisableCNCheck(true);
+
+ tlsParams.setSecureSocketProtocol("TLSv1.3");
+ tlsParams.setCipherSuites(Collections.singletonList("TLS_AES_128_GCM_SHA256"));
+
+ conduit.setTlsClientParameters(tlsParams);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
// Both client + server include AES, client is TLSv1.1
@org.junit.Test
public void testAESIncludedTLSv11() throws Exception {
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client-tlsv13.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client-tlsv13.xml
new file mode 100644
index 0000000..5c7c89d
--- /dev/null
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-client-tlsv13.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-b [...]
+
+ <cxf:bus>
+ <cxf:features>
+ <cxf:logging/>
+ </cxf:features>
+ </cxf:bus>
+ <http:conduit name="https://localhost:.*">
+ <http:tlsClientParameters disableCNCheck="true" secureSocketProtocol="TLSv1.3">
+ <sec:trustManagers>
+ <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
+ </sec:trustManagers>
+ <sec:cipherSuites>
+ <sec:cipherSuite>TLS_AES_128_GCM_SHA256</sec:cipherSuite>
+ </sec:cipherSuites>
+ </http:tlsClientParameters>
+ </http:conduit>
+</beans>
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
index 49b1027..09545ff 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
@@ -33,7 +33,7 @@
</sec:keyManagers>
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuitesFilter>
- <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_AES_.*</sec:include>
<sec:exclude>SSL_RSA_WITH_DES_CBC_SHA</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
@@ -63,7 +63,7 @@
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuitesFilter>
<sec:include>.*_WITH_RC4_.*</sec:include>
- <sec:exclude>.*_WITH_AES_.*</sec:exclude>
+ <sec:exclude>.*_AES_.*</sec:exclude>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
@@ -129,7 +129,7 @@
</sec:keyManagers>
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuitesFilter>
- <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_AES_.*</sec:include>
</sec:cipherSuitesFilter>
</httpj:tlsServerParameters>
</httpj:engine>
[cxf] 07/07: Fixing some failing security systests with JDK11
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 4da42032f95e667a402b113d6daf4bd0514c6d60
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 17:13:56 2018 +0100
Fixing some failing security systests with JDK11
---
.../ws/wssec10/WSSecurity10UsernameAuthorizationLegacyTest.java | 4 ++--
.../systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java | 8 ++++----
.../apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java | 2 +-
.../apache/cxf/systest/ws/wssec10/server/AuthorizedServer2.java | 2 +-
...client_restricted_unauthorized.xml => client_unauthorized.xml} | 4 ++--
.../{server_restricted_authorized.xml => server_authorized.xml} | 4 ++--
...server_restricted_authorized_2.xml => server_authorized_2.xml} | 4 ++--
7 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationLegacyTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationLegacyTest.java
index 112912a..abe2dda 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationLegacyTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationLegacyTest.java
@@ -68,7 +68,7 @@ public class WSSecurity10UsernameAuthorizationLegacyTest extends AbstractBusClie
@Test
public void testClientServerComplexPolicyAuthorized() {
- String configName = "org/apache/cxf/systest/ws/wssec10/client_restricted.xml";
+ String configName = "org/apache/cxf/systest/ws/wssec10/client.xml";
Bus bus = new SpringBusFactory().createBus(configName);
IPingService port = getComplexPolicyPort(bus);
@@ -81,7 +81,7 @@ public class WSSecurity10UsernameAuthorizationLegacyTest extends AbstractBusClie
@Test
public void testClientServerComplexPolicyUnauthorized() {
- String configName = "org/apache/cxf/systest/ws/wssec10/client_restricted_unauthorized.xml";
+ String configName = "org/apache/cxf/systest/ws/wssec10/client_unauthorized.xml";
Bus bus = new SpringBusFactory().createBus(configName);
IPingService port = getComplexPolicyPort(bus);
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
index 26a6662..bb96736 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/WSSecurity10UsernameAuthorizationTest.java
@@ -69,7 +69,7 @@ public class WSSecurity10UsernameAuthorizationTest extends AbstractBusClientServ
@Test
public void testClientServerUTOnlyAuthorized() throws IOException {
- String configName = "org/apache/cxf/systest/ws/wssec10/client_restricted.xml";
+ String configName = "org/apache/cxf/systest/ws/wssec10/client.xml";
Bus bus = new SpringBusFactory().createBus(configName);
IPingService port = getUTOnlyPort(bus, false);
@@ -83,7 +83,7 @@ public class WSSecurity10UsernameAuthorizationTest extends AbstractBusClientServ
@Test
public void testClientServerUTOnlyUnauthorized() throws IOException {
- String configName = "org/apache/cxf/systest/ws/wssec10/client_restricted_unauthorized.xml";
+ String configName = "org/apache/cxf/systest/ws/wssec10/client_unauthorized.xml";
Bus bus = new SpringBusFactory().createBus(configName);
IPingService port = getUTOnlyPort(bus, true);
@@ -101,7 +101,7 @@ public class WSSecurity10UsernameAuthorizationTest extends AbstractBusClientServ
@Test
public void testClientServerComplexPolicyAuthorized() throws IOException {
- String configName = "org/apache/cxf/systest/ws/wssec10/client_restricted.xml";
+ String configName = "org/apache/cxf/systest/ws/wssec10/client.xml";
Bus bus = new SpringBusFactory().createBus(configName);
IPingService port = getComplexPolicyPort(bus);
@@ -115,7 +115,7 @@ public class WSSecurity10UsernameAuthorizationTest extends AbstractBusClientServ
@Test
public void testClientServerComplexPolicyUnauthorized() throws IOException {
- String configName = "org/apache/cxf/systest/ws/wssec10/client_restricted_unauthorized.xml";
+ String configName = "org/apache/cxf/systest/ws/wssec10/client_unauthorized.xml";
Bus bus = new SpringBusFactory().createBus(configName);
IPingService port = getComplexPolicyPort(bus);
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
index a170e92..de527ed 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer.java
@@ -27,7 +27,7 @@ public class AuthorizedServer extends AbstractBusTestServerBase {
static final String PORT = allocatePort(AuthorizedServer.class);
private static String configFileName =
- "org/apache/cxf/systest/ws/wssec10/server_restricted_authorized.xml";
+ "org/apache/cxf/systest/ws/wssec10/server_authorized.xml";
public AuthorizedServer() throws Exception {
diff --git a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer2.java b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer2.java
index ae04f61..73ebd65 100644
--- a/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer2.java
+++ b/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/wssec10/server/AuthorizedServer2.java
@@ -27,7 +27,7 @@ public class AuthorizedServer2 extends AbstractBusTestServerBase {
static final String PORT = allocatePort(AuthorizedServer2.class);
private static String configFileName =
- "org/apache/cxf/systest/ws/wssec10/server_restricted_authorized_2.xml";
+ "org/apache/cxf/systest/ws/wssec10/server_authorized_2.xml";
public AuthorizedServer2() throws Exception {
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_restricted_unauthorized.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_unauthorized.xml
similarity index 97%
rename from systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_restricted_unauthorized.xml
rename to systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_unauthorized.xml
index a09fb2a..36093cb 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_restricted_unauthorized.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/client_unauthorized.xml
@@ -39,10 +39,10 @@
<http:conduit name="https://.*/UserNameOverTransport.*">
<http:tlsClientParameters disableCNCheck="true">
<sec:keyManagers keyPassword="password">
- <sec:keyStore type="jks" password="password" resource="certs/restricted/alice.jks"/>
+ <sec:keyStore type="jks" password="password" resource="keys/alice.jks"/>
</sec:keyManagers>
<sec:trustManagers>
- <sec:keyStore type="jks" password="password" resource="certs/restricted/bob.jks"/>
+ <sec:keyStore type="jks" password="password" resource="keys/bob.jks"/>
</sec:trustManagers>
</http:tlsClientParameters>
</http:conduit>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted_authorized.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_authorized.xml
similarity index 98%
rename from systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted_authorized.xml
rename to systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_authorized.xml
index fd692dd..adaeaec 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted_authorized.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_authorized.xml
@@ -27,10 +27,10 @@
<httpj:engine port="${testutil.ports.wssec10.server.AuthorizedServer.1}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
- <sec:keyStore type="jks" password="password" resource="certs/restricted/bob.jks"/>
+ <sec:keyStore type="jks" password="password" resource="keys/bob.jks"/>
</sec:keyManagers>
<sec:trustManagers>
- <sec:keyStore type="jks" password="password" resource="certs/restricted/alice.jks"/>
+ <sec:keyStore type="jks" password="password" resource="keys/alice.jks"/>
</sec:trustManagers>
<!--
<sec:clientAuthentication want="true" required="true"/>
diff --git a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted_authorized_2.xml b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_authorized_2.xml
similarity index 98%
rename from systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted_authorized_2.xml
rename to systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_authorized_2.xml
index 2705b11..a3a6d46 100644
--- a/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_restricted_authorized_2.xml
+++ b/systests/ws-security/src/test/resources/org/apache/cxf/systest/ws/wssec10/server_authorized_2.xml
@@ -27,10 +27,10 @@
<httpj:engine port="${testutil.ports.AuthorizedServer2.1}">
<httpj:tlsServerParameters>
<sec:keyManagers keyPassword="password">
- <sec:keyStore type="jks" password="password" resource="certs/restricted/bob.jks"/>
+ <sec:keyStore type="jks" password="password" resource="keys/bob.jks"/>
</sec:keyManagers>
<sec:trustManagers>
- <sec:keyStore type="jks" password="password" resource="certs/restricted/alice.jks"/>
+ <sec:keyStore type="jks" password="password" resource="keys/alice.jks"/>
</sec:trustManagers>
<!--
<sec:clientAuthentication want="true" required="true"/>
[cxf] 05/07: Removing unused getSecureSocketsProtocol method
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit ae994168f50894010f1f148ec3b6f35b17e4b63b
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 15:29:51 2018 +0100
Removing unused getSecureSocketsProtocol method
---
.../org/apache/cxf/configuration/jsse/SSLUtils.java | 17 +----------------
1 file changed, 1 insertion(+), 16 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index a974159..acea7cc 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -62,7 +62,6 @@ public final class SSLUtils {
private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
private static final String DEFAULT_TRUST_STORE_TYPE = "JKS";
- private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1";
private static final String HTTPS_CIPHER_SUITES = "https.cipherSuites";
@@ -157,7 +156,7 @@ public final class SSLUtils {
is = getResourceAsStream(location);
}
}
-
+
if (is != null) {
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
@@ -569,18 +568,4 @@ public final class SSLUtils {
return trustStoreProvider;
}
- public static String getSecureSocketProtocol(String secureSocketProtocol,
- Logger log) {
- if (secureSocketProtocol != null) {
- LogUtils.log(log,
- Level.FINE,
- "SECURE_SOCKET_PROTOCOL_SET",
- secureSocketProtocol);
- } else {
- LogUtils.log(log, Level.FINE, "SECURE_SOCKET_PROTOCOL_NOT_SET");
- secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL;
- }
- return secureSocketProtocol;
- }
-
}
[cxf] 06/07: CXF-7862 - Exclude 3DES, MD5,
CBC and RC4 ciphersuites as well by default
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 26568235d6db6ef44a74dac1ea1746319913c354
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 16:39:58 2018 +0100
CXF-7862 - Exclude 3DES, MD5, CBC and RC4 ciphersuites as well by default
---
.../main/java/org/apache/cxf/configuration/jsse/SSLUtils.java | 8 ++++++--
.../transport/http/spring/HttpConduitConfigurationTest.java | 2 +-
.../java/org/apache/cxf/transport/http/spring/conduit-bean.xml | 10 +---------
.../apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml | 10 +---------
4 files changed, 9 insertions(+), 21 deletions(-)
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index acea7cc..9d8467b 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -68,13 +68,17 @@ public final class SSLUtils {
private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_INCLUDE =
Arrays.asList(new String[] {".*"});
/**
- * By default, exclude NULL, anon, EXPORT, DES ciphersuites
+ * By default, exclude NULL, anon, EXPORT, DES, 3DES, MD5, CBC and RC4 ciphersuites
*/
private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE =
Arrays.asList(new String[] {".*_NULL_.*",
".*_anon_.*",
".*_EXPORT_.*",
- ".*_DES_.*"});
+ ".*_DES_.*",
+ ".*_3DES_.*",
+ ".*_MD5",
+ ".*_CBC_.*",
+ ".*_RC4_.*"});
private static volatile KeyManager[] defaultManagers;
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
index 2bcb81d..a480ab6 100644
--- a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
+++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/HttpConduitConfigurationTest.java
@@ -105,7 +105,7 @@ public class HttpConduitConfigurationTest extends Assert {
FiltersType csfs = tlscps.getCipherSuitesFilter();
assertNotNull(csfs);
- assertEquals(5, csfs.getInclude().size());
+ assertEquals(1, csfs.getInclude().size());
assertEquals(1, csfs.getExclude().size());
HTTPClientPolicy clientPolicy = conduit.getClient();
assertEquals(10240, clientPolicy.getChunkLength());
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
index d2e7e7f..bc0dbd3 100644
--- a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
+++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-bean.xml
@@ -27,16 +27,8 @@
<sec:keyStore type="JKS" password="password" resource="org/apache/cxf/transport/https/resources/Gordy.jks"/>
</sec:trustManagers>
<sec:cipherSuitesFilter>
- <!-- these filters ensure that a ciphersuite with
- export-suitable or null encryption is used,
- but exclude anonymous Diffie-Hellman key change as
- this is vulnerable to man-in-the-middle attacks -->
- <sec:include>.*_EXPORT_.*</sec:include>
- <sec:include>.*_EXPORT1024_.*</sec:include>
- <sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
- <sec:include>.*_WITH_NULL_.*</sec:include>
- <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ <sec:exclude>.*_CBC_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
diff --git a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
index a7e60a5..acf654b 100644
--- a/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
+++ b/rt/transports/http/src/test/java/org/apache/cxf/transport/http/spring/conduit-tlsrefs-bean.xml
@@ -25,16 +25,8 @@
<sec:keyManagers ref="keyManagers"/>
<sec:trustManagers ref="trustManagers"/>
<sec:cipherSuitesFilter>
- <!-- these filters ensure that a ciphersuite with
- export-suitable or null encryption is used,
- but exclude anonymous Diffie-Hellman key change as
- this is vulnerable to man-in-the-middle attacks -->
- <sec:include>.*_EXPORT_.*</sec:include>
- <sec:include>.*_EXPORT1024_.*</sec:include>
- <sec:include>.*_WITH_DES_.*</sec:include>
<sec:include>.*_WITH_AES_.*</sec:include>
- <sec:include>.*_WITH_NULL_.*</sec:include>
- <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ <sec:exclude>.*_CBC_.*</sec:exclude>
</sec:cipherSuitesFilter>
</http:tlsClientParameters>
<http:authorization>
[cxf] 04/07: Upgrading Jetty + fixing systest failures
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit a444dcd6d4380cdcced010f0978c9509ee933080
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Wed Oct 3 15:10:58 2018 +0100
Upgrading Jetty + fixing systest failures
---
parent/pom.xml | 2 +-
.../https/ciphersuites/CipherSuitesTest.java | 51 ----------------------
.../ciphersuites/ciphersuites-explicit-client.xml | 2 +-
.../ciphersuites/ciphersuites-null-client.xml | 37 ----------------
.../https/ciphersuites/ciphersuites-server.xml | 2 +-
5 files changed, 3 insertions(+), 91 deletions(-)
diff --git a/parent/pom.xml b/parent/pom.xml
index 1a5b949..4168c2e 100644
--- a/parent/pom.xml
+++ b/parent/pom.xml
@@ -127,7 +127,7 @@
<cxf.joda.time.version>2.9.4</cxf.joda.time.version>
<cxf.jdom.version>1.0</cxf.jdom.version>
<cxf.jettison.version>1.4.0</cxf.jettison.version>
- <cxf.jetty9.version>9.4.11.v20180605</cxf.jetty9.version>
+ <cxf.jetty9.version>9.4.12.v20180830</cxf.jetty9.version>
<cxf.jetty.version>${cxf.jetty9.version}</cxf.jetty.version>
<cxf.jetty.osgi.version>[9.2,10)</cxf.jetty.osgi.version>
<cxf.undertow.version>1.4.21.Final</cxf.undertow.version>
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index d4f5acb..9503101 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -350,57 +350,6 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
- // Both client + server include NULL
- @org.junit.Test
- public void testNULLIncluded() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-null-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
- updateAddressPort(port, PORT3);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Both client + server include NULL
- @org.junit.Test
- public void testNULLIncludedAsync() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-null-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
- // Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- updateAddressPort(port, PORT3);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
// Client does not allow NULL
@org.junit.Test
public void testClientAESServerNULL() throws Exception {
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml
index 03e544a..76daa35 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml
@@ -30,7 +30,7 @@
<sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
</sec:trustManagers>
<sec:cipherSuites>
- <sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA256</sec:cipherSuite>
+ <sec:cipherSuite>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</sec:cipherSuite>
</sec:cipherSuites>
</http:tlsClientParameters>
</http:conduit>
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-null-client.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-null-client.xml
deleted file mode 100644
index e5861d9..0000000
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-null-client.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one
- or more contributor license agreements. See the NOTICE file
- distributed with this work for additional information
- regarding copyright ownership. The ASF licenses this file
- to you under the Apache License, Version 2.0 (the
- "License"); you may not use this file except in compliance
- with the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing,
- software distributed under the License is distributed on an
- "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- KIND, either express or implied. See the License for the
- specific language governing permissions and limitations
- under the License.
--->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-b [...]
-
- <cxf:bus>
- <cxf:features>
- <cxf:logging/>
- </cxf:features>
- </cxf:bus>
- <http:conduit name="https://localhost:.*">
- <http:tlsClientParameters disableCNCheck="true">
- <sec:trustManagers>
- <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
- </sec:trustManagers>
- <sec:cipherSuitesFilter>
- <sec:include>.*_WITH_NULL_.*</sec:include>
- </sec:cipherSuitesFilter>
- </http:tlsClientParameters>
- </http:conduit>
-</beans>
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
index 041a8cc..296fcee 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
@@ -108,7 +108,7 @@
</sec:keyManagers>
<sec:clientAuthentication want="false" required="false"/>
<sec:cipherSuites>
- <sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA256</sec:cipherSuite>
+ <sec:cipherSuite>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</sec:cipherSuite>
</sec:cipherSuites>
</httpj:tlsServerParameters>
</httpj:engine>