You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/02/11 14:39:27 UTC
cxf git commit: Adding hostname verification tests for http-hc
Repository: cxf
Updated Branches:
refs/heads/master 71a1d1425 -> 69da964ce
Adding hostname verification tests for http-hc
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/69da964c
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/69da964c
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/69da964c
Branch: refs/heads/master
Commit: 69da964cee97052c5fe78cbdf23674a911919f5d
Parents: 71a1d14
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Wed Feb 11 13:36:08 2015 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Wed Feb 11 13:36:29 2015 +0000
----------------------------------------------------------------------
.../http/asyncclient/AsyncHTTPConduit.java | 8 ++++-
.../hostname/HostnameVerificationTest.java | 32 ++++++++++++++++++++
2 files changed, 39 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/69da964c/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
----------------------------------------------------------------------
diff --git a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
index 47bf717..6d9ff3d 100644
--- a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
+++ b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
@@ -519,6 +519,8 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit {
tlsClientParameters = new TLSClientParameters();
}
final SSLContext sslcontext = getSSLContext(tlsClientParameters);
+ final HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils
+ .getHostnameVerifier(tlsClientParameters);
regBuilder
.register("https",
new SSLIOSessionStrategy(sslcontext) {
@@ -530,6 +532,10 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit {
protected void verifySession(final HttpHost host,
final IOSession iosession,
final SSLSession sslsession) throws SSLException {
+ if (!verifier.verify(host.getHostName(), sslsession)) {
+ throw new SSLException("Could not verify host " + host.getHostName());
+ }
+
iosession.setAttribute("cxf.handshake.done", Boolean.TRUE);
setSSLSession(sslsession);
}
@@ -873,7 +879,7 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit {
}
ctx.init(keyManagers, tlsClientParameters.getTrustManagers(),
tlsClientParameters.getSecureRandom());
-
+
sslContext = ctx;
lastTlsHash = hash;
sslState = null;
http://git-wip-us.apache.org/repos/asf/cxf/blob/69da964c/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
index 3769ecb..9ab2752 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
@@ -21,6 +21,8 @@ package org.apache.cxf.systest.https.hostname;
import java.net.URL;
+import javax.xml.ws.BindingProvider;
+
import org.apache.cxf.Bus;
import org.apache.cxf.bus.spring.SpringBusFactory;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
@@ -78,6 +80,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+ // Enable Async
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -107,6 +114,16 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
// expected
}
+ // Enable Async
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+
+ try {
+ port.greetMe("Kitty");
+ fail("Failure expected on a non-matching subject alternative name");
+ } catch (Exception ex) {
+ // expected
+ }
+
((java.io.Closeable)port).close();
bus.shutdown(true);
}
@@ -130,6 +147,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT3);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ // Enable Async
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
bus.shutdown(true);
@@ -159,6 +181,16 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
} catch (Exception ex) {
// expected
}
+
+ // Enable Async
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+
+ try {
+ port.greetMe("Kitty");
+ fail("Failure expected with no matching Subject Alt Name or CN");
+ } catch (Exception ex) {
+ // expected
+ }
((java.io.Closeable)port).close();
bus.shutdown(true);