You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/05/10 10:30:26 UTC
[cxf] branch 3.2.x-fixes updated (11f47dc -> 9cbccb6)
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a change to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git.
from 11f47dc [maven-release-plugin] prepare for next development iteration
new cbfedaa CXF-8037 - Apache CXF (AsyncHTTPConduit) ignores system keyStore property
new 9cbccb6 Recording .gitmergeinfo Changes
The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
.gitmergeinfo | 1 +
.../http/asyncclient/AsyncHTTPConduit.java | 8 +-
.../https/ciphersuites/CipherSuitesTest.java | 168 ++++++++-------------
.../systest/https/clientauth/ClientAuthTest.java | 122 +++++++++++++++
.../HostnameVerificationDeprecatedTest.java | 55 +++++--
.../https/hostname/HostnameVerificationTest.java | 77 ++++++----
.../cxf/systest/https/trust/TrustManagerTest.java | 53 +++++++
7 files changed, 330 insertions(+), 154 deletions(-)
[cxf] 02/02: Recording .gitmergeinfo Changes
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 9cbccb68b72fe15cb3cf58a6f078798a34f9dc17
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri May 10 11:21:04 2019 +0100
Recording .gitmergeinfo Changes
---
.gitmergeinfo | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitmergeinfo b/.gitmergeinfo
index bcb54a6..7617d48 100644
--- a/.gitmergeinfo
+++ b/.gitmergeinfo
@@ -550,6 +550,7 @@ M 57f8c554b04af4e06b4e97bb349cbb8adeeb7acc
M 58cc0cd69c4274cb1bbff531107ff2db6f434d67
M 6b8b33acde5eb94ca84121591c68eb3e5e7b294f
M 74e7684b76dfa03310f30a0dc520f61b4a6fa1b3
+M 7808ae48865df413346f523ca6e8df7bcedb2091
M 818d7fc2d21cee96ec5e47c6d914403ebcaeb184
M 85e2ffd0050730339b7422527b86a49f9f08b241
M 86d7c657499b73bdbbd6ba9f1579e76ca0715357
[cxf] 01/02: CXF-8037 - Apache CXF (AsyncHTTPConduit) ignores
system keyStore property
Posted by co...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 3.2.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit cbfedaa38a5f02c18b3fefbbbf8ece011be6d230
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri May 10 11:19:17 2019 +0100
CXF-8037 - Apache CXF (AsyncHTTPConduit) ignores system keyStore property
(cherry picked from commit 7808ae48865df413346f523ca6e8df7bcedb2091)
# Conflicts:
# systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
---
.../http/asyncclient/AsyncHTTPConduit.java | 8 +-
.../https/ciphersuites/CipherSuitesTest.java | 168 ++++++++-------------
.../systest/https/clientauth/ClientAuthTest.java | 122 +++++++++++++++
.../HostnameVerificationDeprecatedTest.java | 55 +++++--
.../https/hostname/HostnameVerificationTest.java | 77 ++++++----
.../cxf/systest/https/trust/TrustManagerTest.java | 53 +++++++
6 files changed, 329 insertions(+), 154 deletions(-)
diff --git a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
index 7df19ce..3091051 100755
--- a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
+++ b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
@@ -891,9 +891,11 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit {
ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
.getInstance(protocol, provider);
- ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
+ if (keyManagers == null) {
+ keyManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(LOG);
+ }
KeyManager[] configuredKeyManagers =
org.apache.cxf.transport.https.SSLUtils.configureKeyManagersWithCertAlias(
tlsClientParameters, keyManagers);
@@ -904,6 +906,10 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit {
}
ctx.init(configuredKeyManagers, trustManagers, tlsClientParameters.getSecureRandom());
+
+ if (ctx.getClientSessionContext() != null) {
+ ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
+ }
}
sslContext = ctx;
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index fe12fef..fdef964 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -22,6 +22,8 @@ package org.apache.cxf.systest.https.ciphersuites;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
import java.util.Collections;
import javax.crypto.Cipher;
@@ -44,10 +46,13 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* A set of tests for TLS ciphersuites
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class CipherSuitesTest extends AbstractBusClientServerTestBase {
static final boolean UNRESTRICTED_POLICIES_INSTALLED;
static {
@@ -76,6 +81,12 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
static final String PORT5 = allocatePort(CipherSuitesServer.class, 5);
+ final Boolean async;
+
+ public CipherSuitesTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -86,6 +97,12 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -94,30 +111,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
// Both client + server include AES
@org.junit.Test
public void testAESIncluded() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
- updateAddressPort(port, PORT);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Both client + server include AES
- @org.junit.Test
- public void testAESIncludedAsync() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
@@ -132,7 +126,9 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
updateAddressPort(port, PORT);
@@ -167,6 +163,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
updateAddressPort(port, PORT4);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -193,37 +194,10 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
- try {
- port.greetMe("Kitty");
- fail("Failure expected on not being able to negotiate a cipher suite");
- } catch (Exception ex) {
- // expected
- }
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Client only includes DHE, server excludes it
- @org.junit.Test
- public void testClientDHEServerExcludesIncludedAsync() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- updateAddressPort(port, PORT);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -254,32 +228,10 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Both client + server include DHE
- @org.junit.Test
- public void testDHEIncludedAsync() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- updateAddressPort(port, PORT2);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -305,37 +257,10 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
- try {
- port.greetMe("Kitty");
- fail("Failure expected on not being able to negotiate a cipher suite");
- } catch (Exception ex) {
- // expected
- }
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Client only includes ECDHE, server only includes DHE
- @org.junit.Test
- public void testClientECDHEServerDHEIncludedAsync() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- updateAddressPort(port, PORT2);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -371,6 +296,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -400,6 +330,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
@@ -444,6 +379,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
@@ -482,6 +422,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
@@ -521,6 +466,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT5);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on not being able to negotiate a cipher suite");
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
index 11a7d23..662d797 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
@@ -25,6 +25,8 @@ import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
@@ -53,14 +55,23 @@ import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* A set of tests for TLS client authentication.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class ClientAuthTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(ClientAuthServer.class);
static final String PORT2 = allocatePort(ClientAuthServer.class, 2);
+ final Boolean async;
+
+ public ClientAuthTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -71,6 +82,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -94,6 +111,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -118,6 +140,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on an untrusted cert");
@@ -147,6 +174,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -158,6 +190,48 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // Ignoring this test as it fails when run as part of the test class - testNoClientCert interferes with it
+ // It succeeds when run with testNoClientCert commented out
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testSystemPropertiesWithEmptyKeystoreConfig() throws Exception {
+ try {
+ System.setProperty("javax.net.ssl.keyStore", "keys/Morpit.jks");
+ System.setProperty("javax.net.ssl.keyStorePassword", "password");
+ System.setProperty("javax.net.ssl.keyPassword", "password");
+ System.setProperty("javax.net.ssl.keyStoreType", "JKS");
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ClientAuthTest.class.getResource("client-no-auth.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ } finally {
+ System.clearProperty("javax.net.ssl.keyStore");
+ System.clearProperty("javax.net.ssl.keyStorePassword");
+ System.clearProperty("javax.net.ssl.keyPassword");
+ System.clearProperty("javax.net.ssl.keyStoreType");
+ }
+ }
+
// Server trusts the issuer of the client cert
@org.junit.Test
public void testChainTrust() throws Exception {
@@ -176,6 +250,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -200,6 +279,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -229,6 +313,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -258,6 +347,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -338,6 +432,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
@@ -356,6 +456,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
updateAddressPort(port, PORT2);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
client = ClientProxy.getClient(port);
http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
@@ -401,6 +507,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
@@ -425,6 +537,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
// Set up KeyManagers/TrustManagers
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
@@ -470,6 +587,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
// Set up KeyManagers/TrustManagers
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
index 9bfcfdf..f5a88c9 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
@@ -20,6 +20,8 @@
package org.apache.cxf.systest.https.hostname;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
@@ -38,17 +40,26 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* A test for hostname verification when the Java system property "java.protocol.handler.pkgs" is set to
* "com.sun.net.ssl.internal.www.protocol". This means that com.sun.net.ssl.HostnameVerifier is used
* instead of the javax version.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(HostnameVerificationDeprecatedServer.class);
static final String PORT2 = allocatePort(HostnameVerificationDeprecatedServer.class, 2);
static final String PORT3 = allocatePort(HostnameVerificationDeprecatedServer.class, 3);
+ final Boolean async;
+
+ public HostnameVerificationDeprecatedTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
@@ -60,6 +71,12 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
System.clearProperty("java.protocol.handler.pkgs");
@@ -85,6 +102,11 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on the hostname verification");
@@ -114,6 +136,11 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -155,10 +182,10 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -203,6 +230,11 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
TLSClientParameters clientParameters = new TLSClientParameters();
clientParameters.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
Client client = ClientProxy.getClient(port);
@@ -210,11 +242,6 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
- // Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
((java.io.Closeable)port).close();
} finally {
if (hostnameVerifier != null) {
@@ -245,10 +272,10 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT2);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -274,10 +301,10 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT3);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
index 66ce164..886cb6a 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
@@ -20,6 +20,8 @@
package org.apache.cxf.systest.https.hostname;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
@@ -38,6 +40,8 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* A set of tests for hostname verification, where the hostname in question is "localhost".
@@ -46,6 +50,7 @@ import org.junit.BeforeClass;
* keytool -genkey -validity 3650 -alias subjalt -keyalg RSA -keystore subjalt.jks
* -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE" -ext SAN=DNS:localhost
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(HostnameVerificationServer.class);
static final String PORT2 = allocatePort(HostnameVerificationServer.class, 2);
@@ -53,6 +58,12 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
static final String PORT4 = allocatePort(HostnameVerificationServer.class, 4);
static final String PORT5 = allocatePort(HostnameVerificationServer.class, 5);
+ final Boolean async;
+
+ public HostnameVerificationTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -63,6 +74,12 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -86,10 +103,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -115,15 +132,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
- try {
- port.greetMe("Kitty");
- fail("Failure expected on a non-matching subject alternative name");
- } catch (Exception ex) {
- // expected
- }
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -154,10 +166,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT3);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -183,15 +195,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
- try {
- port.greetMe("Kitty");
- fail("Failure expected with no matching Subject Alt Name or CN");
- } catch (Exception ex) {
- // expected
- }
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -222,6 +229,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -256,6 +268,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -292,6 +309,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
TLSClientParameters clientParameters = new TLSClientParameters();
clientParameters.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
Client client = ClientProxy.getClient(port);
@@ -299,11 +321,6 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
- // Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
((java.io.Closeable)port).close();
} finally {
if (hostnameVerifier != null) {
@@ -333,10 +350,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT5);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java
index f9edba0..2b77963 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java
@@ -27,11 +27,14 @@ import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
+import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
@@ -47,15 +50,24 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
/**
* A set of tests for specifying a TrustManager
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class TrustManagerTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(TrustServer.class);
static final String PORT2 = allocatePort(TrustServer.class, 2);
static final String PORT3 = allocatePort(TrustServer.class, 3);
+ final Boolean async;
+
+ public TrustManagerTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -72,6 +84,12 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -95,6 +113,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
TLSClientParameters tlsParams = new TLSClientParameters();
X509TrustManager trustManager = new NoOpX509TrustManager();
TrustManager[] trustManagers = new TrustManager[1];
@@ -130,6 +153,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
@@ -172,6 +200,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -205,6 +238,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -235,6 +273,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT3);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
@@ -272,6 +315,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
String invalidPrincipalName = "CN=Bethal2,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
@@ -314,6 +362,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
// Read truststore
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =