You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/12/11 13:02:09 UTC
[3/6] cxf git commit: Moved https specific tests into a new directory
Moved https specific tests into a new directory
Conflicts:
systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java
systests/transports/src/test/resources/org/apache/cxf/systest/https/jaxws-publish-callback.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1b7c93cc
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1b7c93cc
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1b7c93cc
Branch: refs/heads/3.0.x-fixes
Commit: 1b7c93cc8c89cfe4647c29805e921800aebf52c6
Parents: 3c07e4a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Dec 11 11:57:11 2014 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Dec 11 11:59:26 2014 +0000
----------------------------------------------------------------------
.../cxf/systest/http/CertConstraintsTest.java | 163 -----
.../cxf/systest/http/HTTPConduitTest.java | 651 +------------------
.../cxf/systest/http/HTTPSClientTest.java | 245 -------
.../apache/cxf/systest/http/PushBack401.java | 223 -------
.../apache/cxf/systest/http/TrustHandler.java | 58 --
.../cxf/systest/https/CertConstraintsTest.java | 162 +++++
.../cxf/systest/https/HTTPSClientTest.java | 244 +++++++
.../https/KeyPasswordCallbackHandler.java | 39 ++
.../apache/cxf/systest/https/PushBack401.java | 223 +++++++
.../org/apache/cxf/systest/http/Abost.cxf | 2 +-
.../org/apache/cxf/systest/http/Bethal.cxf | 84 ---
.../cxf/systest/http/BethalClientBeans.xml | 24 -
.../cxf/systest/http/BethalClientConfig.cxf | 69 --
.../org/apache/cxf/systest/http/Gordy.cxf | 77 ---
.../org/apache/cxf/systest/http/Hurlon.cxf | 2 +-
.../org/apache/cxf/systest/http/Morpit.cxf | 75 ---
.../org/apache/cxf/systest/http/Poltim.cxf | 77 ---
.../org/apache/cxf/systest/http/Tarpin.cxf | 77 ---
.../apache/cxf/systest/http/jaxws-publish.xml | 64 --
.../systest/http/jaxws-server-constraints.xml | 255 --------
.../apache/cxf/systest/http/jaxws-server.xml | 77 ---
.../cxf/systest/http/jaxws-tlsrefs-publish.xml | 60 --
.../org/apache/cxf/systest/http/pkcs12.xml | 70 --
.../cxf/systest/http/resource-key-spec-url.xml | 72 --
.../cxf/systest/http/resource-key-spec.xml | 68 --
.../org/apache/cxf/systest/https/Bethal.cxf | 72 ++
.../cxf/systest/https/BethalClientBeans.xml | 24 +
.../cxf/systest/https/BethalClientConfig.cxf | 57 ++
.../org/apache/cxf/systest/https/Gordy.cxf | 65 ++
.../org/apache/cxf/systest/https/Morpit.cxf | 63 ++
.../org/apache/cxf/systest/https/Poltim.cxf | 65 ++
.../org/apache/cxf/systest/https/Tarpin.cxf | 65 ++
.../systest/https/jaxws-publish-callback.xml | 64 ++
.../apache/cxf/systest/https/jaxws-publish.xml | 64 ++
.../systest/https/jaxws-server-constraints.xml | 255 ++++++++
.../apache/cxf/systest/https/jaxws-server.xml | 77 +++
.../cxf/systest/https/jaxws-tlsrefs-publish.xml | 60 ++
.../org/apache/cxf/systest/https/pkcs12.xml | 70 ++
.../cxf/systest/https/resource-key-spec-url.xml | 72 ++
.../cxf/systest/https/resource-key-spec.xml | 68 ++
40 files changed, 1820 insertions(+), 2482 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
deleted file mode 100644
index 5beb2c0..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
+++ /dev/null
@@ -1,163 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import java.net.URL;
-
-import javax.xml.ws.BindingProvider;
-
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.configuration.Configurer;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.hello_world.Greeter;
-import org.apache.hello_world.services.SOAPService;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * This test is meant to run against a spring-loaded HTTP/S service. It tests the certificate
- * constraints logic.
- */
-public class CertConstraintsTest extends AbstractBusClientServerTestBase {
- //
- // data
- //
-
- @BeforeClass
- public static void allocatePorts() {
- BusServer.resetPortMap();
- }
-
- /**
- * the package path used to locate resources specific to this test
- */
- private void setTheConfiguration(String config) {
- //System.setProperty("javax.net.debug", "all");
- try {
- System.setProperty(
- Configurer.USER_CFG_FILE_PROPERTY_URL,
- CertConstraintsTest.class.getResource(config).toString()
- );
- } catch (final Exception e) {
- e.printStackTrace();
- }
- }
-
- public void startServers() throws Exception {
- assertTrue(
- "Server failed to launch",
- // run the server in the same process
- // set this to false to fork a new process
- launchServer(BusServer.class, true)
- );
- }
-
-
- public void stopServers() throws Exception {
- stopAllServers();
- System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
- BusFactory.setDefaultBus(null);
- BusFactory.setThreadDefaultBus(null);
- }
-
-
- //
- // tests
- //
- public final void testSuccessfulCall(String address) throws Exception {
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
- BindingProvider provider = (BindingProvider)port;
- provider.getRequestContext().put(
- BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
- address);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
- }
-
- public final void testFailedCall(String address) throws Exception {
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
- BindingProvider provider = (BindingProvider)port;
- provider.getRequestContext().put(
- BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
- address);
-
- try {
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
- fail("Failure expected");
- } catch (javax.xml.ws.soap.SOAPFaultException ex) {
- // expected
- } catch (javax.xml.ws.WebServiceException ex) {
- // expected
- }
- }
-
- @Test
- public final void testCertConstraints() throws Exception {
- setTheConfiguration("jaxws-server-constraints.xml");
- startServers();
-
- //
- // Good Subject DN
- //
- testSuccessfulCall("https://localhost:" + BusServer.getPort(0) + "/SoapContext/HttpsPort");
- //
- // Bad Subject DN
- //
- testFailedCall("https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
- //
- // Mixed Subject DN (ALL)
- //
- testFailedCall("https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");
- //
- // Mixed Subject DN (ANY)
- //
- testSuccessfulCall("https://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpsPort");
- //
- // Mixed Issuer DN (ALL)
- //
- testFailedCall("https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
- //
- // Mixed Issuer DN (ANY)
- //
- testSuccessfulCall("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort");
- //
- // Bad server Subject DN
- //
- testFailedCall("https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
- //
- // Bad server Issuer DN
- //
- testFailedCall("https://localhost:" + BusServer.getPort(7) + "/SoapContext/HttpsPort");
-
- stopServers();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
index a193aae..bd35ade 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
@@ -20,14 +20,8 @@
package org.apache.cxf.systest.http;
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
import java.net.MalformedURLException;
-import java.net.URI;
import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
@@ -36,46 +30,20 @@ import java.util.logging.Level;
import java.util.logging.LogManager;
import java.util.logging.Logger;
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
import javax.xml.namespace.QName;
-
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.BusApplicationContext;
import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
-import org.apache.cxf.configuration.security.AuthorizationPolicy;
-import org.apache.cxf.configuration.security.FiltersType;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.frontend.ClientProxy;
-import org.apache.cxf.message.Message;
import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
-import org.apache.cxf.transport.http.HTTPConduit;
-import org.apache.cxf.transport.http.MessageTrustDecider;
-import org.apache.cxf.transport.http.URLConnectionInfo;
-import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
-import org.apache.cxf.transport.http.auth.HttpAuthHeader;
-import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
-
-import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
-
-import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
-
import org.apache.hello_world.Greeter;
import org.apache.hello_world.services.SOAPService;
-
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
-import org.springframework.context.ApplicationContext;
-
/**
* This class tests several issues and Conduit policies based
* on a set up of redirecting servers.
@@ -83,88 +51,30 @@ import org.springframework.context.ApplicationContext;
*
* Http Redirection:
*
- * Rethwel(http:9004) ------\
- * ----> Mortimer (http:9000)
- * Poltim(https:9005) ------/
- *
- * HttpS redirection/Trust:
- *
- * Tarpin(https:9003) ----> Gordy(https:9001) ----> Bethal(https:9002)
+ * Rethwel(http:9004) ----> Mortimer (http:9000)
*
* Redirect Loop:
*
* Hurlon (http:9006) ----> Abost(http:9007) ----\
* ^ |
* |-------------------------------------------/
- *
- * Hostname Verifier Test
- *
- * Morpit (https:9008)
- *
- * </pre>
- * The Bethal server issues 401 with differing realms depending on the
- * User name given in the authorization header.
- * <p>
- * The Morpit has a CN that is not equal to "localhost" to kick in
- * the Hostname Verifier.
*/
public class HTTPConduitTest extends AbstractBusClientServerTestBase {
private static final boolean IN_PROCESS = true;
- private static TLSClientParameters tlsClientParameters = new TLSClientParameters();
private static List<String> servers = new ArrayList<String>();
private static Map<String, String> addrMap = new TreeMap<String, String>();
- static {
- try {
- //System.setProperty("javax.net.debug", "all");
- URL key = Server.class.getResource("../../../../../keys/Morpit.jks");
- String keystore = new File(key.toURI()).getAbsolutePath();
- //System.out.println("Keystore: " + keystore);
- KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, "password"), "password");
-
- key = Server.class.getResource("../../../../../keys/Truststore.jks");
-
- String truststore = new File(key.toURI()).getAbsolutePath();
- //System.out.println("Truststore: " + truststore);
- TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, "password"));
-
- tlsClientParameters.setKeyManagers(kmgrs);
- tlsClientParameters.setTrustManagers(tmgrs);
- FiltersType filters = new FiltersType();
- filters.getInclude().add(".*_EXPORT_.*");
- filters.getInclude().add(".*_EXPORT1024_.*");
- filters.getInclude().add(".*_WITH_DES_.*");
- filters.getInclude().add(".*_WITH_AES_.*");
- filters.getInclude().add(".*_WITH_NULL_.*");
- filters.getInclude().add(".*_DH_anon_.*");
- tlsClientParameters.setCipherSuitesFilter(filters);
- } catch (Exception e) {
- throw new RuntimeException("Static initialization failed", e);
- }
- }
-
private final QName serviceName =
new QName("http://apache.org/hello_world", "SOAPService");
- private final QName bethalQ =
- new QName("http://apache.org/hello_world", "Bethal");
- private final QName gordyQ =
- new QName("http://apache.org/hello_world", "Gordy");
- private final QName tarpinQ =
- new QName("http://apache.org/hello_world", "Tarpin");
private final QName rethwelQ =
new QName("http://apache.org/hello_world", "Rethwel");
private final QName mortimerQ =
new QName("http://apache.org/hello_world", "Mortimer");
- private final QName poltimQ =
- new QName("http://apache.org/hello_world", "Poltim");
private final QName hurlonQ =
new QName("http://apache.org/hello_world", "Hurlon");
- // PMD Violation because it is not used, but
- // it is here for completeness.
- //private final QName abostQ =
- //new QName("http://apache.org/hello_world", "Abost");
+
public HTTPConduitTest() {
}
@@ -178,15 +88,9 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
BusServer.resetPortMap();
addrMap.clear();
addrMap.put("Mortimer", "http://localhost:" + getPort("PORT0") + "/");
- addrMap.put("Tarpin", "https://localhost:" + getPort("PORT3") + "/");
- addrMap.put("Rethwel", "http://localhost:" + getPort("PORT4") + "/");
- addrMap.put("Poltim", "https://localhost:" + getPort("PORT5") + "/");
- addrMap.put("Gordy", "https://localhost:" + getPort("PORT1") + "/");
- addrMap.put("Bethal", "https://localhost:" + getPort("PORT2") + "/");
- addrMap.put("Abost", "http://localhost:" + getPort("PORT7") + "/");
- addrMap.put("Hurlon", "http://localhost:" + getPort("PORT6") + "/");
- addrMap.put("Morpit", "https://localhost:" + getPort("PORT8") + "/");
- tlsClientParameters.setDisableCNCheck(true);
+ addrMap.put("Rethwel", "http://localhost:" + getPort("PORT1") + "/");
+ addrMap.put("Abost", "http://localhost:" + getPort("PORT2") + "/");
+ addrMap.put("Hurlon", "http://localhost:" + getPort("PORT3") + "/");
servers.clear();
}
@@ -235,58 +139,6 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
}
}
- public static KeyStore getKeyStore(String ksType, String file, String ksPassword)
- throws GeneralSecurityException,
- IOException {
-
- String type = ksType != null
- ? ksType
- : KeyStore.getDefaultType();
-
- char[] password = ksPassword != null
- ? ksPassword.toCharArray()
- : null;
-
- // We just use the default Keystore provider
- KeyStore keyStore = KeyStore.getInstance(type);
-
- keyStore.load(new FileInputStream(file), password);
-
- return keyStore;
- }
-
- public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
- throws GeneralSecurityException,
- IOException {
- // For tests, we just use the default algorithm
- String alg = KeyManagerFactory.getDefaultAlgorithm();
-
- char[] keyPass = keyPassword != null
- ? keyPassword.toCharArray()
- : null;
-
- // For tests, we just use the default provider.
- KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
-
- fac.init(keyStore, keyPass);
-
- return fac.getKeyManagers();
- }
-
- public static TrustManager[] getTrustManagers(KeyStore keyStore)
- throws GeneralSecurityException,
- IOException {
- // For tests, we just use the default algorithm
- String alg = TrustManagerFactory.getDefaultAlgorithm();
-
- // For tests, we just use the default provider.
- TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
-
- fac.init(keyStore);
-
- return fac.getTrustManagers();
- }
-
//methods that a subclass can override to inject a Proxy into the flow
//and assert the proxy was appropriately called
public void configureProxy(Client c) {
@@ -349,7 +201,6 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
*
* Note: Unfortunately, the invocation will
* "fail" for any number of other reasons.
- *
*/
@Test
public void testHttp2HttpRedirectFail() throws Exception {
@@ -364,7 +215,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
assertNotNull("Port is null", rethwel);
- updateAddressPort(rethwel, getPort("PORT4"));
+ updateAddressPort(rethwel, getPort("PORT1"));
configureProxy(ClientProxy.getClient(rethwel));
String answer = null;
@@ -414,7 +265,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
assertNotNull("Service is null", service);
Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
- updateAddressPort(rethwel, getPort("PORT4"));
+ updateAddressPort(rethwel, getPort("PORT1"));
assertNotNull("Port is null", rethwel);
configureProxy(ClientProxy.getClient(rethwel));
@@ -436,8 +287,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
startServer("Abost");
startServer("Hurlon");
- URL config = getClass().getResource(
- "Http2HttpLoopRedirectFail.cxf");
+ URL config = getClass().getResource("Http2HttpLoopRedirectFail.cxf");
// We go through the back door, setting the default bus.
new DefaultBusFactory().createBus(config);
@@ -450,7 +300,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
Greeter hurlon = service.getPort(hurlonQ, Greeter.class);
assertNotNull("Port is null", hurlon);
- updateAddressPort(hurlon, getPort("PORT6"));
+ updateAddressPort(hurlon, getPort("PORT3"));
configureProxy(ClientProxy.getClient(hurlon));
String answer = null;
@@ -464,489 +314,6 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
}
assertProxyRequestCount(2);
}
- /**
- * This methods tests a basic https connection to Bethal.
- * It supplies an authorization policy with premetive user/pass
- * to avoid the 401.
- */
- @Test
- public void testHttpsBasicConnectionWithConfig() throws Exception {
- startServer("Bethal");
-
- URL config = getClass().getResource(
- "BethalClientConfig.cxf");
-
- // We go through the back door, setting the default bus.
- new DefaultBusFactory().createBus(config);
- URL wsdl = getClass().getResource("greeting.wsdl");
- assertNotNull("WSDL is null", wsdl);
-
- SOAPService service = new SOAPService(wsdl, serviceName);
- assertNotNull("Service is null", service);
-
- Greeter bethal = service.getPort(bethalQ, Greeter.class);
-
- assertNotNull("Port is null", bethal);
- updateAddressPort(bethal, getPort("PORT2"));
- verifyBethalClient(bethal);
- }
-
- @Test
- public void testGetClientFromSpringContext() throws Exception {
- startServer("Bethal");
-
- BusFactory.setDefaultBus(null);
- // The client bean configuration file
- URL beans = getClass().getResource("BethalClientBeans.xml");
- // We go through the back door, setting the default bus.
- Bus bus = new DefaultBusFactory().createBus(beans);
-
- ApplicationContext context = bus.getExtension(BusApplicationContext.class);
- Greeter bethal = (Greeter)context.getBean("Bethal");
- updateAddressPort(bethal, getPort("PORT2"));
- // verify the client side's setting
- verifyBethalClient(bethal);
- }
-
-
-
- // we just verify the configurations are loaded successfully
- private void verifyBethalClient(Greeter bethal) {
- Client client = ClientProxy.getClient(bethal);
-
- HTTPConduit http =
- (HTTPConduit) client.getConduit();
-
- HTTPClientPolicy httpClientPolicy = http.getClient();
- assertEquals("the httpClientPolicy's autoRedirect should be true",
- true, httpClientPolicy.isAutoRedirect());
- TLSClientParameters tlsParameters = http.getTlsClientParameters();
- assertNotNull("the http conduit's tlsParameters should not be null", tlsParameters);
-
-
- // If we set any name, but Edward, Mary, or George,
- // and a password of "password" we will get through
- // Bethal.
- AuthorizationPolicy authPolicy = http.getAuthorization();
- assertEquals("Set the wrong user name from the configuration",
- "Betty", authPolicy.getUserName());
- assertEquals("Set the wrong pass word form the configuration",
- "password", authPolicy.getPassword());
-
- configureProxy(ClientProxy.getClient(bethal));
-
- String answer = bethal.sayHi();
- answer = bethal.sayHi();
- answer = bethal.sayHi();
- answer = bethal.sayHi();
- answer = bethal.sayHi();
- assertTrue("Unexpected answer: " + answer,
- "Bonjour from Bethal".equals(answer));
-
- //With HTTPS, it will just be a CONNECT to the proxy and all the
- //data is encrypted. Thus, the proxy cannot distinquish the requests
- assertProxyRequestCount(0);
- }
-
- /**
- * This methods tests a basic https connection to Bethal.
- * It supplies an authorization policy with premetive user/pass
- * to avoid the 401.
- */
- @Test
- public void testHttpsBasicConnection() throws Exception {
- startServer("Bethal");
-
- URL wsdl = getClass().getResource("greeting.wsdl");
- assertNotNull("WSDL is null", wsdl);
-
- SOAPService service = new SOAPService(wsdl, serviceName);
- assertNotNull("Service is null", service);
-
- Greeter bethal = service.getPort(bethalQ, Greeter.class);
- assertNotNull("Port is null", bethal);
- updateAddressPort(bethal, getPort("PORT2"));
-
- // Okay, I'm sick of configuration files.
- // This also tests dynamic configuration of the conduit.
- Client client = ClientProxy.getClient(bethal);
- HTTPConduit http =
- (HTTPConduit) client.getConduit();
-
- HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-
- httpClientPolicy.setAutoRedirect(false);
- // If we set any name, but Edward, Mary, or George,
- // and a password of "password" we will get through
- // Bethal.
- AuthorizationPolicy authPolicy = new AuthorizationPolicy();
- authPolicy.setUserName("Betty");
- authPolicy.setPassword("password");
-
- http.setClient(httpClientPolicy);
- http.setTlsClientParameters(tlsClientParameters);
- http.setAuthorization(authPolicy);
-
- configureProxy(client);
- String answer = bethal.sayHi();
- assertTrue("Unexpected answer: " + answer,
- "Bonjour from Bethal".equals(answer));
- assertProxyRequestCount(0);
- }
-
-
- @Test
- public void testHttpsRedirectToHttpFail() throws Exception {
- startServer("Mortimer");
- startServer("Poltim");
-
- URL wsdl = getClass().getResource("greeting.wsdl");
- assertNotNull("WSDL is null", wsdl);
-
- SOAPService service = new SOAPService(wsdl, serviceName);
- assertNotNull("Service is null", service);
-
- Greeter poltim = service.getPort(poltimQ, Greeter.class);
- assertNotNull("Port is null", poltim);
- updateAddressPort(poltim, getPort("PORT5"));
-
- // Okay, I'm sick of configuration files.
- // This also tests dynamic configuration of the conduit.
- Client client = ClientProxy.getClient(poltim);
- HTTPConduit http =
- (HTTPConduit) client.getConduit();
-
- HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-
- httpClientPolicy.setAutoRedirect(true);
-
- http.setClient(httpClientPolicy);
- http.setTlsClientParameters(tlsClientParameters);
- configureProxy(client);
- poltim.sayHi();
- //client -> poltim is https and thus not recorded but then redirected to mortimer
- //client -> mortimer is http and recoreded
- assertProxyRequestCount(1);
- }
-
- class MyHttpsTrustDecider extends MessageTrustDecider {
-
- private String[] trustName;
- private int called;
-
- MyHttpsTrustDecider(String name) {
- trustName = new String[] {name};
- }
-
- MyHttpsTrustDecider(String[] name) {
- trustName = name;
- }
-
- public int wasCalled() {
- return called;
- }
-
- public void establishTrust(
- String conduitName,
- URLConnectionInfo cinfo,
- Message message
- ) throws UntrustedURLConnectionIOException {
-
- called++;
-
- HttpsURLConnectionInfo ci = (HttpsURLConnectionInfo) cinfo;
- boolean trusted = false;
- for (int i = 0; i < trustName.length; i++) {
- trusted = trusted
- || ci.getPeerPrincipal()
- .toString().contains("OU=" + trustName[i]);
- }
- if (!trusted) {
- throw new UntrustedURLConnectionIOException(
- "Peer Principal \""
- + ci.getPeerPrincipal()
- + "\" does not contain "
- + getTrustNames());
- }
- }
-
- private String getTrustNames() {
- StringBuffer sb = new StringBuffer();
- for (int i = 0; i < trustName.length; i++) {
- sb.append("\"OU=");
- sb.append(trustName[i]);
- sb.append("\"");
- if (i < trustName.length - 1) {
- sb.append(", ");
- }
- }
- return sb.toString();
- }
- }
-
-
- @Test
- public void testHttpsTrust() throws Exception {
- startServer("Bethal");
-
- URL wsdl = getClass().getResource("greeting.wsdl");
- assertNotNull("WSDL is null", wsdl);
-
- SOAPService service = new SOAPService(wsdl, serviceName);
- assertNotNull("Service is null", service);
-
- Greeter bethal = service.getPort(bethalQ, Greeter.class);
- assertNotNull("Port is null", bethal);
- updateAddressPort(bethal, getPort("PORT2"));
-
- // Okay, I'm sick of configuration files.
- // This also tests dynamic configuration of the conduit.
- Client client = ClientProxy.getClient(bethal);
- HTTPConduit http =
- (HTTPConduit) client.getConduit();
-
- HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-
- httpClientPolicy.setAutoRedirect(false);
- // If we set any name, but Edward, Mary, or George,
- // and a password of "password" we will get through
- // Bethal.
- AuthorizationPolicy authPolicy = new AuthorizationPolicy();
- authPolicy.setUserName("Betty");
- authPolicy.setPassword("password");
-
- http.setClient(httpClientPolicy);
- http.setTlsClientParameters(tlsClientParameters);
- http.setAuthorization(authPolicy);
-
- // Our expected server should be OU=Bethal
- http.setTrustDecider(new MyHttpsTrustDecider("Bethal"));
-
- configureProxy(client);
- String answer = bethal.sayHi();
- assertTrue("Unexpected answer: " + answer,
- "Bonjour from Bethal".equals(answer));
- assertProxyRequestCount(0);
-
-
- // Nobody will not equal OU=Bethal
- MyHttpsTrustDecider trustDecider =
- new MyHttpsTrustDecider("Nobody");
- http.setTrustDecider(trustDecider);
- try {
- answer = bethal.sayHi();
- fail("Unexpected answer from Bethal: " + answer);
- } catch (Exception e) {
- //e.printStackTrace();
- //assertTrue("Trust Decider was not called",
- // 0 > trustDecider.wasCalled());
- }
- assertProxyRequestCount(0);
- }
-
- @Test
- public void testHttpsTrustRedirect() throws Exception {
- startServer("Tarpin");
- startServer("Gordy");
- startServer("Bethal");
-
- URL wsdl = getClass().getResource("greeting.wsdl");
- assertNotNull("WSDL is null", wsdl);
-
- SOAPService service = new SOAPService(wsdl, serviceName);
- assertNotNull("Service is null", service);
-
- Greeter tarpin = service.getPort(tarpinQ, Greeter.class);
- assertNotNull("Port is null", tarpin);
- updateAddressPort(tarpin, getPort("PORT3"));
-
- // Okay, I'm sick of configuration files.
- // This also tests dynamic configuration of the conduit.
- Client client = ClientProxy.getClient(tarpin);
- HTTPConduit http =
- (HTTPConduit) client.getConduit();
-
- HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-
- httpClientPolicy.setAutoRedirect(true);
- // If we set any name, but Edward, Mary, or George,
- // and a password of "password" we will get through
- // Bethal.
- AuthorizationPolicy authPolicy = new AuthorizationPolicy();
- authPolicy.setUserName("Betty");
- authPolicy.setPassword("password");
-
- http.setClient(httpClientPolicy);
- http.setTlsClientParameters(tlsClientParameters);
- http.setAuthorization(authPolicy);
-
- // We get redirected from Tarpin, to Gordy, to Bethal.
- MyHttpsTrustDecider trustDecider =
- new MyHttpsTrustDecider(
- new String[] {"Tarpin", "Gordy", "Bethal"});
- http.setTrustDecider(trustDecider);
-
- // We actually get our answer from Bethal at the end of the
- // redirects.
- configureProxy(ClientProxy.getClient(tarpin));
- String answer = tarpin.sayHi();
- assertProxyRequestCount(0);
-
- assertTrue("Trust Decider wasn't called correctly",
- 3 == trustDecider.wasCalled());
- assertTrue("Unexpected answer: " + answer,
- "Bonjour from Bethal".equals(answer));
-
- // Limit the redirects to 1, since there are two, this should fail.
- http.getClient().setMaxRetransmits(1);
-
- try {
- answer = tarpin.sayHi();
- fail("Unexpected answer from Tarpin: " + answer);
- } catch (Exception e) {
- //e.printStackTrace();
- }
- assertProxyRequestCount(0);
-
- // Set back to unlimited.
- http.getClient().setMaxRetransmits(-1);
-
- // Effectively we will not trust Gordy in the middle.
- trustDecider =
- new MyHttpsTrustDecider(
- new String[] {"Tarpin", "Bethal"});
- http.setTrustDecider(trustDecider);
-
- try {
- answer = tarpin.sayHi();
- fail("Unexpected answer from Tarpin: " + answer);
- } catch (Exception e) {
- //e.printStackTrace();
- assertTrue("Trust Decider wasn't called correctly",
- 2 == trustDecider.wasCalled());
- }
- assertProxyRequestCount(0);
- }
-
- public class MyBasicAuthSupplier implements HttpAuthSupplier {
-
- String realm;
- String user;
- String pass;
-
- /**
- * This will loop from Cronus, to Andromeda, to Zorantius
- */
- MyBasicAuthSupplier() {
- }
-
- MyBasicAuthSupplier(String r, String u, String p) {
- realm = r;
- user = u;
- pass = p;
- }
-
- /**
- * If we don't have the realm set, then we loop
- * through the realms.
- */
- public String getAuthorization(
- AuthorizationPolicy authPolicy,
- URI currentURI,
- Message message,
- String fullHeader
- ) {
- String reqestedRealm = new HttpAuthHeader(fullHeader).getRealm();
- if (realm != null && realm.equals(reqestedRealm)) {
- return createUserPass(user, pass);
- }
- if ("Andromeda".equals(reqestedRealm)) {
- // This will get us another 401 to Zorantius
- return createUserPass("Edward", "password");
- }
- if ("Zorantius".equals(reqestedRealm)) {
- // George will get us another 401 to Cronus
- return createUserPass("George", "password");
- }
- if ("Cronus".equals(reqestedRealm)) {
- // Mary will get us another 401 to Andromeda
- return createUserPass("Mary", "password");
- }
- return null;
- }
-
- private String createUserPass(String usr, String pwd) {
- String userpass = usr + ":" + pwd;
- String token = Base64Utility.encode(userpass.getBytes());
- return "Basic " + token;
- }
-
- public boolean requiresRequestCaching() {
- return false;
- }
-
- }
-
- /**
- * This tests redirects through Gordy to Bethal. Bethal will
- * supply a series of 401s. See PushBack401.
- */
- @Test
- public void testHttpsRedirect401Response() throws Exception {
- startServer("Gordy");
- startServer("Bethal");
-
- URL wsdl = getClass().getResource("greeting.wsdl");
- assertNotNull("WSDL is null", wsdl);
-
- SOAPService service = new SOAPService(wsdl, serviceName);
- assertNotNull("Service is null", service);
-
- Greeter gordy = service.getPort(gordyQ, Greeter.class);
- assertNotNull("Port is null", gordy);
- updateAddressPort(gordy, getPort("PORT1"));
-
- // Okay, I'm sick of configuration files.
- // This also tests dynamic configuration of the conduit.
- Client client = ClientProxy.getClient(gordy);
- HTTPConduit http =
- (HTTPConduit) client.getConduit();
-
- HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-
- httpClientPolicy.setAutoRedirect(true);
- http.setClient(httpClientPolicy);
- http.setTlsClientParameters(tlsClientParameters);
-
- // We get redirected from Gordy, to Bethal.
- http.setTrustDecider(
- new MyHttpsTrustDecider(
- new String[] {"Gordy", "Bethal"}));
-
- // Without preemptive user/pass Bethal returns a
- // 401 for realm Cronus. If we supply any name other
- // than Edward, George, or Mary, with the pass of "password"
- // we should succeed.
- http.setAuthSupplier(
- new MyBasicAuthSupplier("Cronus", "Betty", "password"));
-
- // We actually get our answer from Bethal at the end of the
- // redirects.
- String answer = gordy.sayHi();
- assertTrue("Unexpected answer: " + answer,
- "Bonjour from Bethal".equals(answer));
-
- // The loop auth supplier,
- // We should die with looping realms.
- http.setAuthSupplier(new MyBasicAuthSupplier());
-
- try {
- answer = gordy.sayHi();
- fail("Unexpected answer from Gordy: " + answer);
- } catch (Exception e) {
- //e.printStackTrace();
- }
- }
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
deleted file mode 100644
index 8e5ed3d..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
+++ /dev/null
@@ -1,245 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import java.net.URL;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.TrustManager;
-import javax.xml.ws.BindingProvider;
-
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.configuration.Configurer;
-import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
-import org.apache.cxf.configuration.security.KeyManagersType;
-import org.apache.cxf.configuration.security.KeyStoreType;
-import org.apache.cxf.configuration.security.TrustManagersType;
-import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.hello_world.Greeter;
-import org.apache.hello_world.services.SOAPService;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * This test is meant to run against a spring-loaded
- * HTTP/S service.
- */
-public class HTTPSClientTest extends AbstractBusClientServerTestBase {
- //
- // data
- //
-
- /**
- * the package path used to locate resources specific to this test
- */
- private void setTheConfiguration(String config) {
- //System.setProperty("javax.net.debug", "all");
- try {
- System.setProperty(
- Configurer.USER_CFG_FILE_PROPERTY_URL,
- HTTPSClientTest.class.getResource(config).toString()
- );
- } catch (final Exception e) {
- e.printStackTrace();
- }
- }
-
- @BeforeClass
- public static void setupPorts() {
- BusServer.resetPortMap();
- }
-
- public void startServers() throws Exception {
- assertTrue(
- "Server failed to launch",
- // run the server in the same process
- // set this to false to fork a new process
- launchServer(BusServer.class, true)
- );
- }
-
-
- public void stopServers() throws Exception {
- stopAllServers();
- System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
- BusFactory.setDefaultBus(null);
- BusFactory.setThreadDefaultBus(null);
- }
-
-
- //
- // tests
- //
- public final void testSuccessfulCall(String configuration,
- String address) throws Exception {
- testSuccessfulCall(configuration, address, null);
- }
- public final void testSuccessfulCall(String configuration,
- String address,
- URL url) throws Exception {
- testSuccessfulCall(configuration, address, url, false);
- }
- public final void testSuccessfulCall(String configuration,
- String address,
- URL url,
- boolean dynamicClient) throws Exception {
- setTheConfiguration(configuration);
- startServers();
- if (url == null) {
- url = SOAPService.WSDL_LOCATION;
- }
-
- //CXF-4037 - dynamic client isn't using the conduit settings to resolve schemas
- if (dynamicClient) {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- JaxWsDynamicClientFactory.newInstance(BusFactory.getDefaultBus())
- .createClient(url.toExternalForm());
- Thread.currentThread().setContextClassLoader(loader);
- }
-
-
-
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
- BindingProvider provider = (BindingProvider)port;
- provider.getRequestContext().put(
- BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
- address);
-
- //provider.getRequestContext().put("use.async.http.conduit", Boolean.TRUE);
- //for (int x = 0; x < 100000; x++) {
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
- //}
-
-
- stopServers();
- }
-
- @Test
- public final void testJaxwsServer() throws Exception {
- testSuccessfulCall("jaxws-server.xml",
- "https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");
- }
- @Test
- public final void testJaxwsServerChangeHttpsToHttp() throws Exception {
- testSuccessfulCall("jaxws-server.xml",
- "http://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpPort");
- }
- @Test
- public final void testJaxwsEndpoint() throws Exception {
- testSuccessfulCall("jaxws-publish.xml",
- "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
- }
- @Test
- public final void testJaxwsTLSRefsEndpoint() throws Exception {
- testSuccessfulCall("jaxws-tlsrefs-publish.xml",
- "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
- }
- @Test
- public final void testPKCS12Endpoint() throws Exception {
- testSuccessfulCall("pkcs12.xml",
- "https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
- }
-
- @Test
- public final void testResourceKeySpecEndpoint() throws Exception {
- testSuccessfulCall("resource-key-spec.xml",
- "https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
- }
- @Test
- public final void testResourceKeySpecEndpointURL() throws Exception {
- testSuccessfulCall("resource-key-spec-url.xml",
- "https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort",
- new URL("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort?wsdl"),
- true);
-
- }
-
- public static class ServerManagersFactory {
- public static KeyManager[] getKeyManagers() {
- KeyManagersType kmt = new KeyManagersType();
- KeyStoreType kst = new KeyStoreType();
- kst.setFile("src/test/resources/keys/Bethal.jks");
- kst.setPassword("password");
- kst.setType("JKS");
-
- kmt.setKeyStore(kst);
- kmt.setKeyPassword("password");
- try {
- return TLSParameterJaxBUtils.getKeyManagers(kmt);
- } catch (Exception e) {
- throw new RuntimeException("failed to retrieve key managers", e);
- }
- }
-
- public static TrustManager[] getTrustManagers() {
- TrustManagersType tmt = new TrustManagersType();
- KeyStoreType kst = new KeyStoreType();
- kst.setFile("src/test/resources/keys/Truststore.jks");
- kst.setPassword("password");
- kst.setType("JKS");
-
- tmt.setKeyStore(kst);
- try {
- return TLSParameterJaxBUtils.getTrustManagers(tmt);
- } catch (Exception e) {
- throw new RuntimeException("failed to retrieve trust managers", e);
- }
- }
- }
-
- public static class ClientManagersFactory {
- public static KeyManager[] getKeyManagers() {
- KeyManagersType kmt = new KeyManagersType();
- KeyStoreType kst = new KeyStoreType();
- kst.setFile("src/test/resources/keys/Morpit.jks");
- kst.setPassword("password");
- kst.setType("JKS");
-
- kmt.setKeyStore(kst);
- kmt.setKeyPassword("password");
- try {
- return TLSParameterJaxBUtils.getKeyManagers(kmt);
- } catch (Exception e) {
- throw new RuntimeException("failed to retrieve key managers", e);
- }
- }
-
- public static TrustManager[] getTrustManagers() {
- TrustManagersType tmt = new TrustManagersType();
- KeyStoreType kst = new KeyStoreType();
- kst.setFile("src/test/resources/keys/Truststore.jks");
- kst.setPassword("password");
- kst.setType("JKS");
-
- tmt.setKeyStore(kst);
- try {
- return TLSParameterJaxBUtils.getTrustManagers(tmt);
- } catch (Exception e) {
- throw new RuntimeException("failed to retrieve trust managers", e);
- }
- }
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java
deleted file mode 100644
index f812a3d..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.net.HttpURLConnection;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.message.Exchange;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.transport.Conduit;
-import org.apache.cxf.transport.http.Headers;
-
-/*
- * This interceptor will issue 401s
- * No Authorization Header --> 401 Realm=Cronus
- * Username Mary --> 401 Realm=Andromeda
- * Username Edward --> 401 Realm=Zorantius
- * Username George --> 401 Realm=Cronus
- * If the password is not "password" a 401 is issued without
- * realm.
- */
-public class PushBack401 extends AbstractPhaseInterceptor<Message> {
-
- PushBack401() {
- super(Phase.RECEIVE);
- }
-
- /**
- * This function extracts the user:pass token from
- * the Authorization:Basic header. It returns a two element
- * String array, the first being the userid, the second
- * being the password. It returns null, if it cannot parse.
- */
- private String[] extractUserPass(String token) {
- try {
- byte[] userpass = Base64Utility.decode(token);
- String up = IOUtils.newStringFromBytes(userpass);
- String user = up.substring(0, up.indexOf(':'));
- String pass = up.substring(up.indexOf(':') + 1);
- return new String[] {user, pass};
- } catch (Exception e) {
- return null;
- }
-
- }
-
- /**
- * This function returns the realm which depends on
- * the user name, as follows:
- * <pre>
- * Username Mary --> Andromeda
- * Username Edward --> Zorantius
- * Username George --> Cronus
- * </pre>
- * However, if the password is not "password" this function
- * throws an exception, regardless.
- */
- private String checkUserPass(
- String user,
- String pass
- ) throws Exception {
- //System.out.println("Got user: " + user + " pass: " + pass);
- if (!"password".equals(pass)) {
- throw new Exception("bad password");
- }
- if ("Mary".equals(user)) {
- return "Andromeda";
- }
- if ("Edward".equals(user)) {
- return "Zorantius";
- }
- if ("George".equals(user)) {
- return "Cronus";
- }
- return null;
- }
-
- @SuppressWarnings("unchecked")
- public void handleMessage(Message message) throws Fault {
-
- Map<String, List<String>> headers =
- (Map<String, List<String>>)
- message.get(Message.PROTOCOL_HEADERS);
-
- List<String> auth = headers.get("Authorization");
- if (auth == null) {
- // No Auth Header, respond with 401 Realm=Cronus
- replyUnauthorized(message, "Cronus");
- return;
- } else {
- for (String a : auth) {
- if (a.startsWith("Basic ")) {
- String[] userpass =
- extractUserPass(a.substring("Basic ".length()));
- if (userpass != null) {
- try {
- String realm =
- checkUserPass(userpass[0], userpass[1]);
- if (realm != null) {
- replyUnauthorized(message, realm);
- return;
- } else {
- // Password is good and no realm
- // We just return for successful fall thru.
- return;
- }
- } catch (Exception e) {
- // Bad Password
- replyUnauthorized(message, null);
- return;
- }
- }
- }
- }
- // No Authorization: Basic
- replyUnauthorized(message, null);
- return;
- }
- }
-
- /**
- * This function issues a 401 response back down the conduit.
- * If the realm is not null, a WWW-Authenticate: Basic realm=
- * header is sent. The interceptor chain is aborted stopping
- * the Message from going to the servant.
- */
- private void replyUnauthorized(Message message, String realm) {
- Message outMessage = getOutMessage(message);
- outMessage.put(Message.RESPONSE_CODE,
- HttpURLConnection.HTTP_UNAUTHORIZED);
-
- if (realm != null) {
- setHeader(outMessage,
- "WWW-Authenticate", "Basic realm=" + realm);
- }
- message.getInterceptorChain().abort();
- try {
- getConduit(message).prepare(outMessage);
- close(outMessage);
- } catch (IOException e) {
- //System.out.println("Prepare of message not working." + e);
- e.printStackTrace();
- }
- }
-
- /**
- * Retrieves/creates the corresponding Outbound Message.
- */
- private Message getOutMessage(Message message) {
- Exchange exchange = message.getExchange();
- Message outMessage = exchange.getOutMessage();
- if (outMessage == null) {
- Endpoint endpoint = exchange.get(Endpoint.class);
- outMessage = new MessageImpl();
- outMessage.putAll(message);
- outMessage.remove(Message.PROTOCOL_HEADERS);
- outMessage.setExchange(exchange);
- outMessage = endpoint.getBinding().createMessage(outMessage);
- exchange.setOutMessage(outMessage);
- }
- return outMessage;
- }
-
- /**
- * This function sets the header in the PROTOCO_HEADERS of
- * the message.
- */
- private void setHeader(Message message, String key, String value) {
- Map<String, List<String>> responseHeaders = Headers.getSetProtocolHeaders(message);
- responseHeaders.put(key, Arrays.asList(new String[] {value}));
- }
-
- /**
- * This method retrieves/creates the conduit for the response
- * message.
- */
- private Conduit getConduit(Message message) throws IOException {
- Exchange exchange = message.getExchange();
- Conduit conduit =
- exchange.getDestination().getBackChannel(message);
- exchange.setConduit(conduit);
- return conduit;
- }
-
- /**
- * This method closes the output stream associated with the
- * message.
- */
- private void close(Message message) throws IOException {
- OutputStream os = message.getContent(OutputStream.class);
- os.flush();
- os.close();
- }
-
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
deleted file mode 100644
index 01b60af..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import org.apache.cxf.message.Message;
-import org.apache.cxf.transport.http.MessageTrustDecider;
-import org.apache.cxf.transport.http.URLConnectionInfo;
-import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
-
-public class TrustHandler
- extends MessageTrustDecider {
-
- public TrustHandler() {
- // Set the logical name.
- super("The System Test Trust Decider");
- }
-
- public void establishTrust(
- String conduitName,
- URLConnectionInfo connectionInfo,
- Message message
- ) throws UntrustedURLConnectionIOException {
- System.out.println("Trust decision for conduit: "
- + conduitName + " and "
- + connectionInfo.getURI());
- /*if (connectionInfo instanceof HttpURLConnectionInfo) {
- HttpURLConnectionInfo c = (HttpURLConnectionInfo) connectionInfo;
- System.out.println("Http method: "
- + c.getHttpRequestMethod() + " on " + c.getURI());
- }
- if (connectionInfo instanceof HttpsURLConnectionInfo) {
- HttpsURLConnectionInfo c = (HttpsURLConnectionInfo) connectionInfo;
- System.out.println("TLS Connection to: " + c.getURI());
- System.out.println("Enabled Cipher: " + c.getEnabledCipherSuite());
- System.out.println("Local Principal: " + c.getLocalPrincipal());
- System.out.println("Peer Principal: " + c.getPeerPrincipal());
- }
- */
- //throw new UntrustedURLConnectionIOException("No Way Jose");
- }
-}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java
new file mode 100644
index 0000000..5b0856d
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.https;
+
+import java.net.URL;
+
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * This test is meant to run against a spring-loaded HTTP/S service. It tests the certificate
+ * constraints logic.
+ */
+public class CertConstraintsTest extends AbstractBusClientServerTestBase {
+ //
+ // data
+ //
+
+ @BeforeClass
+ public static void allocatePorts() {
+ BusServer.resetPortMap();
+ }
+
+ /**
+ * the package path used to locate resources specific to this test
+ */
+ private void setTheConfiguration(String config) {
+ //System.setProperty("javax.net.debug", "all");
+ try {
+ System.setProperty(
+ Configurer.USER_CFG_FILE_PROPERTY_URL,
+ CertConstraintsTest.class.getResource(config).toString()
+ );
+ } catch (final Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork a new process
+ launchServer(BusServer.class, true)
+ );
+ }
+
+
+ public void stopServers() throws Exception {
+ stopAllServers();
+ System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
+ BusFactory.setDefaultBus(null);
+ BusFactory.setThreadDefaultBus(null);
+ }
+
+
+ //
+ // tests
+ //
+ public final void testSuccessfulCall(String address) throws Exception {
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ BindingProvider provider = (BindingProvider)port;
+ provider.getRequestContext().put(
+ BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+ address);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+ }
+
+ public final void testFailedCall(String address) throws Exception {
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ BindingProvider provider = (BindingProvider)port;
+ provider.getRequestContext().put(
+ BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+ address);
+
+ try {
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+ fail("Failure expected");
+ } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+ // expected
+ } catch (javax.xml.ws.WebServiceException ex) {
+ // expected
+ }
+ }
+
+ @Test
+ public final void testCertConstraints() throws Exception {
+ setTheConfiguration("jaxws-server-constraints.xml");
+ startServers();
+
+ //
+ // Good Subject DN
+ //
+ testSuccessfulCall("https://localhost:" + BusServer.getPort(0) + "/SoapContext/HttpsPort");
+ //
+ // Bad Subject DN
+ //
+ testFailedCall("https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
+ //
+ // Mixed Subject DN (ALL)
+ //
+ testFailedCall("https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");
+ //
+ // Mixed Subject DN (ANY)
+ //
+ testSuccessfulCall("https://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpsPort");
+ //
+ // Mixed Issuer DN (ALL)
+ //
+ testFailedCall("https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
+ //
+ // Mixed Issuer DN (ANY)
+ //
+ testSuccessfulCall("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort");
+ //
+ // Bad server Subject DN
+ //
+ testFailedCall("https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
+ //
+ // Bad server Issuer DN
+ //
+ testFailedCall("https://localhost:" + BusServer.getPort(7) + "/SoapContext/HttpsPort");
+
+ stopServers();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java
new file mode 100644
index 0000000..2ace9f8
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java
@@ -0,0 +1,244 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.https;
+
+import java.net.URL;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
+import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * This test is meant to run against a spring-loaded
+ * HTTP/S service.
+ */
+public class HTTPSClientTest extends AbstractBusClientServerTestBase {
+ //
+ // data
+ //
+
+ /**
+ * the package path used to locate resources specific to this test
+ */
+ private void setTheConfiguration(String config) {
+ //System.setProperty("javax.net.debug", "all");
+ try {
+ System.setProperty(
+ Configurer.USER_CFG_FILE_PROPERTY_URL,
+ HTTPSClientTest.class.getResource(config).toString()
+ );
+ } catch (final Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @BeforeClass
+ public static void setupPorts() {
+ BusServer.resetPortMap();
+ }
+
+ public void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork a new process
+ launchServer(BusServer.class, true)
+ );
+ }
+
+
+ public void stopServers() throws Exception {
+ stopAllServers();
+ System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
+ BusFactory.setDefaultBus(null);
+ BusFactory.setThreadDefaultBus(null);
+ }
+
+
+ //
+ // tests
+ //
+ public final void testSuccessfulCall(String configuration,
+ String address) throws Exception {
+ testSuccessfulCall(configuration, address, null);
+ }
+ public final void testSuccessfulCall(String configuration,
+ String address,
+ URL url) throws Exception {
+ testSuccessfulCall(configuration, address, url, false);
+ }
+ public final void testSuccessfulCall(String configuration,
+ String address,
+ URL url,
+ boolean dynamicClient) throws Exception {
+ setTheConfiguration(configuration);
+ startServers();
+ if (url == null) {
+ url = SOAPService.WSDL_LOCATION;
+ }
+
+ //CXF-4037 - dynamic client isn't using the conduit settings to resolve schemas
+ if (dynamicClient) {
+ ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ JaxWsDynamicClientFactory.newInstance(BusFactory.getDefaultBus())
+ .createClient(url.toExternalForm());
+ Thread.currentThread().setContextClassLoader(loader);
+ }
+
+
+
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ BindingProvider provider = (BindingProvider)port;
+ provider.getRequestContext().put(
+ BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+ address);
+
+ //provider.getRequestContext().put("use.async.http.conduit", Boolean.TRUE);
+ //for (int x = 0; x < 100000; x++) {
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+ //}
+
+
+ stopServers();
+ }
+
+ @Test
+ public final void testJaxwsServer() throws Exception {
+ testSuccessfulCall("jaxws-server.xml",
+ "https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");
+ }
+ @Test
+ public final void testJaxwsServerChangeHttpsToHttp() throws Exception {
+ testSuccessfulCall("jaxws-server.xml",
+ "http://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpPort");
+ }
+ @Test
+ public final void testJaxwsEndpoint() throws Exception {
+ testSuccessfulCall("jaxws-publish.xml",
+ "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
+ }
+ @Test
+ public final void testJaxwsTLSRefsEndpoint() throws Exception {
+ testSuccessfulCall("jaxws-tlsrefs-publish.xml",
+ "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
+ }
+ @Test
+ public final void testPKCS12Endpoint() throws Exception {
+ testSuccessfulCall("pkcs12.xml",
+ "https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
+ }
+
+ @Test
+ public final void testResourceKeySpecEndpoint() throws Exception {
+ testSuccessfulCall("resource-key-spec.xml",
+ "https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
+ }
+ @Test
+ public final void testResourceKeySpecEndpointURL() throws Exception {
+ testSuccessfulCall("resource-key-spec-url.xml",
+ "https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort",
+ new URL("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort?wsdl"),
+ true);
+
+ }
+
+ public static class ServerManagersFactory {
+ public static KeyManager[] getKeyManagers() {
+ KeyManagersType kmt = new KeyManagersType();
+ KeyStoreType kst = new KeyStoreType();
+ kst.setFile("src/test/resources/keys/Bethal.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ kmt.setKeyStore(kst);
+ kmt.setKeyPassword("password");
+ try {
+ return TLSParameterJaxBUtils.getKeyManagers(kmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve key managers", e);
+ }
+ }
+
+ public static TrustManager[] getTrustManagers() {
+ TrustManagersType tmt = new TrustManagersType();
+ KeyStoreType kst = new KeyStoreType();
+ kst.setFile("src/test/resources/keys/Truststore.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ tmt.setKeyStore(kst);
+ try {
+ return TLSParameterJaxBUtils.getTrustManagers(tmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve trust managers", e);
+ }
+ }
+ }
+
+ public static class ClientManagersFactory {
+ public static KeyManager[] getKeyManagers() {
+ KeyManagersType kmt = new KeyManagersType();
+ KeyStoreType kst = new KeyStoreType();
+ kst.setFile("src/test/resources/keys/Morpit.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ kmt.setKeyStore(kst);
+ kmt.setKeyPassword("password");
+ try {
+ return TLSParameterJaxBUtils.getKeyManagers(kmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve key managers", e);
+ }
+ }
+
+ public static TrustManager[] getTrustManagers() {
+ TrustManagersType tmt = new TrustManagersType();
+ KeyStoreType kst = new KeyStoreType();
+ kst.setFile("src/test/resources/keys/Truststore.jks");
+ kst.setPassword("password");
+ kst.setType("JKS");
+
+ tmt.setKeyStore(kst);
+ try {
+ return TLSParameterJaxBUtils.getTrustManagers(tmt);
+ } catch (Exception e) {
+ throw new RuntimeException("failed to retrieve trust managers", e);
+ }
+ }
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java
new file mode 100644
index 0000000..6af2961
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.https;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+public class KeyPasswordCallbackHandler implements CallbackHandler {
+
+ @Override
+ public void handle(Callback[] callbacks) throws IOException,
+ UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ PasswordCallback pc = (PasswordCallback)callbacks[i];
+ pc.setPassword("password".toCharArray());
+ }
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java
new file mode 100644
index 0000000..d0fcac9
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java
@@ -0,0 +1,223 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.https;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.net.HttpURLConnection;
+import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.cxf.common.util.Base64Utility;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.helpers.IOUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.transport.Conduit;
+import org.apache.cxf.transport.http.Headers;
+
+/*
+ * This interceptor will issue 401s
+ * No Authorization Header --> 401 Realm=Cronus
+ * Username Mary --> 401 Realm=Andromeda
+ * Username Edward --> 401 Realm=Zorantius
+ * Username George --> 401 Realm=Cronus
+ * If the password is not "password" a 401 is issued without
+ * realm.
+ */
+public class PushBack401 extends AbstractPhaseInterceptor<Message> {
+
+ PushBack401() {
+ super(Phase.RECEIVE);
+ }
+
+ /**
+ * This function extracts the user:pass token from
+ * the Authorization:Basic header. It returns a two element
+ * String array, the first being the userid, the second
+ * being the password. It returns null, if it cannot parse.
+ */
+ private String[] extractUserPass(String token) {
+ try {
+ byte[] userpass = Base64Utility.decode(token);
+ String up = IOUtils.newStringFromBytes(userpass);
+ String user = up.substring(0, up.indexOf(':'));
+ String pass = up.substring(up.indexOf(':') + 1);
+ return new String[] {user, pass};
+ } catch (Exception e) {
+ return null;
+ }
+
+ }
+
+ /**
+ * This function returns the realm which depends on
+ * the user name, as follows:
+ * <pre>
+ * Username Mary --> Andromeda
+ * Username Edward --> Zorantius
+ * Username George --> Cronus
+ * </pre>
+ * However, if the password is not "password" this function
+ * throws an exception, regardless.
+ */
+ private String checkUserPass(
+ String user,
+ String pass
+ ) throws Exception {
+ //System.out.println("Got user: " + user + " pass: " + pass);
+ if (!"password".equals(pass)) {
+ throw new Exception("bad password");
+ }
+ if ("Mary".equals(user)) {
+ return "Andromeda";
+ }
+ if ("Edward".equals(user)) {
+ return "Zorantius";
+ }
+ if ("George".equals(user)) {
+ return "Cronus";
+ }
+ return null;
+ }
+
+ @SuppressWarnings("unchecked")
+ public void handleMessage(Message message) throws Fault {
+
+ Map<String, List<String>> headers =
+ (Map<String, List<String>>)
+ message.get(Message.PROTOCOL_HEADERS);
+
+ List<String> auth = headers.get("Authorization");
+ if (auth == null) {
+ // No Auth Header, respond with 401 Realm=Cronus
+ replyUnauthorized(message, "Cronus");
+ return;
+ } else {
+ for (String a : auth) {
+ if (a.startsWith("Basic ")) {
+ String[] userpass =
+ extractUserPass(a.substring("Basic ".length()));
+ if (userpass != null) {
+ try {
+ String realm =
+ checkUserPass(userpass[0], userpass[1]);
+ if (realm != null) {
+ replyUnauthorized(message, realm);
+ return;
+ } else {
+ // Password is good and no realm
+ // We just return for successful fall thru.
+ return;
+ }
+ } catch (Exception e) {
+ // Bad Password
+ replyUnauthorized(message, null);
+ return;
+ }
+ }
+ }
+ }
+ // No Authorization: Basic
+ replyUnauthorized(message, null);
+ return;
+ }
+ }
+
+ /**
+ * This function issues a 401 response back down the conduit.
+ * If the realm is not null, a WWW-Authenticate: Basic realm=
+ * header is sent. The interceptor chain is aborted stopping
+ * the Message from going to the servant.
+ */
+ private void replyUnauthorized(Message message, String realm) {
+ Message outMessage = getOutMessage(message);
+ outMessage.put(Message.RESPONSE_CODE,
+ HttpURLConnection.HTTP_UNAUTHORIZED);
+
+ if (realm != null) {
+ setHeader(outMessage,
+ "WWW-Authenticate", "Basic realm=" + realm);
+ }
+ message.getInterceptorChain().abort();
+ try {
+ getConduit(message).prepare(outMessage);
+ close(outMessage);
+ } catch (IOException e) {
+ //System.out.println("Prepare of message not working." + e);
+ e.printStackTrace();
+ }
+ }
+
+ /**
+ * Retrieves/creates the corresponding Outbound Message.
+ */
+ private Message getOutMessage(Message message) {
+ Exchange exchange = message.getExchange();
+ Message outMessage = exchange.getOutMessage();
+ if (outMessage == null) {
+ Endpoint endpoint = exchange.get(Endpoint.class);
+ outMessage = new MessageImpl();
+ outMessage.putAll(message);
+ outMessage.remove(Message.PROTOCOL_HEADERS);
+ outMessage.setExchange(exchange);
+ outMessage = endpoint.getBinding().createMessage(outMessage);
+ exchange.setOutMessage(outMessage);
+ }
+ return outMessage;
+ }
+
+ /**
+ * This function sets the header in the PROTOCO_HEADERS of
+ * the message.
+ */
+ private void setHeader(Message message, String key, String value) {
+ Map<String, List<String>> responseHeaders = Headers.getSetProtocolHeaders(message);
+ responseHeaders.put(key, Arrays.asList(new String[] {value}));
+ }
+
+ /**
+ * This method retrieves/creates the conduit for the response
+ * message.
+ */
+ private Conduit getConduit(Message message) throws IOException {
+ Exchange exchange = message.getExchange();
+ Conduit conduit =
+ exchange.getDestination().getBackChannel(message);
+ exchange.setConduit(conduit);
+ return conduit;
+ }
+
+ /**
+ * This method closes the output stream associated with the
+ * message.
+ */
+ private void close(Message message) throws IOException {
+ OutputStream os = message.getContent(OutputStream.class);
+ os.flush();
+ os.close();
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/1b7c93cc/systests/transports/src/test/resources/org/apache/cxf/systest/http/Abost.cxf
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/http/Abost.cxf b/systests/transports/src/test/resources/org/apache/cxf/systest/http/Abost.cxf
index c3cf97f..a250d5d 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/http/Abost.cxf
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/http/Abost.cxf
@@ -41,7 +41,7 @@
<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<http:destination name="{http://apache.org/hello_world}Abost.http-destination">
- <http:server RedirectURL="http://localhost:${testutil.ports.BusServer.6}/Hurlon"/>
+ <http:server RedirectURL="http://localhost:${testutil.ports.BusServer.3}/Hurlon"/>
</http:destination>
</beans>