You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ni...@apache.org on 2013/07/02 10:38:21 UTC
svn commit: r1498833 - in
/cxf/trunk/rt/transports/http-netty/netty-server/src/test:
java/org/apache/cxf/transport/http/netty/server/integration/ resources/
resources/org/ resources/org/apache/ resources/org/apache/cxf/
resources/org/apache/cxf/transpo...
Author: ningjiang
Date: Tue Jul 2 08:38:20 2013
New Revision: 1498833
URL: http://svn.apache.org/r1498833
Log:
CXF-5042 Added unit test of SSL on netty-server
Added:
cxf/trunk/rt/transports/http-netty/netty-server/src/test/java/org/apache/cxf/transport/http/netty/server/integration/SSLNettyServerTest.java
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/ServerConfig.xml
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/clientKeystore.jks
cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/serviceKeystore.jks
Added: cxf/trunk/rt/transports/http-netty/netty-server/src/test/java/org/apache/cxf/transport/http/netty/server/integration/SSLNettyServerTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-server/src/test/java/org/apache/cxf/transport/http/netty/server/integration/SSLNettyServerTest.java?rev=1498833&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-server/src/test/java/org/apache/cxf/transport/http/netty/server/integration/SSLNettyServerTest.java (added)
+++ cxf/trunk/rt/transports/http-netty/netty-server/src/test/java/org/apache/cxf/transport/http/netty/server/integration/SSLNettyServerTest.java Tue Jul 2 08:38:20 2013
@@ -0,0 +1,142 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.transport.http.netty.server.integration;
+
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.IOException;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+import javax.xml.ws.Endpoint;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.frontend.ClientProxy;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.hello_world_soap_http.Greeter;
+import org.apache.hello_world_soap_http.SOAPService;
+
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+public class SSLNettyServerTest extends AbstractBusClientServerTestBase {
+
+ public static final String PORT = allocatePort(SSLNettyServerTest.class);
+
+ static {
+ System.setProperty("SSLNettyServerTest.port", PORT);
+ }
+
+ static Endpoint ep;
+
+ static Greeter g;
+
+ static String address;
+
+ @BeforeClass
+ public static void start() throws Exception {
+ Bus b = createStaticBus("/org/apache/cxf/transport/http/netty/server/integration/ServerConfig.xml");
+ BusFactory.setThreadDefaultBus(b);
+ address = "https://localhost:" + PORT + "/SoapContext/SoapPort";
+ ep = Endpoint.publish(address ,
+ new org.apache.hello_world_soap_http.GreeterImpl());
+
+ URL wsdl = NettyServerTest.class.getResource("/wsdl/hello_world.wsdl");
+ assertNotNull("WSDL is null", wsdl);
+
+ SOAPService service = new SOAPService(wsdl);
+ assertNotNull("Service is null", service);
+
+ g = service.getSoapPort();
+ assertNotNull("Port is null", g);
+ }
+
+ @AfterClass
+ public static void stop() throws Exception {
+ if (g != null) {
+ ((java.io.Closeable)g).close();
+ }
+ if (ep != null) {
+ ep.stop();
+ }
+ ep = null;
+ }
+
+ @Test
+ public void testInvocation() throws Exception {
+ setupTLS(g);
+ setAddress(g, address);
+ String response = g.greetMe("test");
+ assertEquals("Get a wrong response", "Hello test", response);
+ }
+
+ private static void setupTLS(Greeter port)
+ throws FileNotFoundException, IOException, GeneralSecurityException {
+ String keyStoreLoc =
+ "src/test/resources/org/apache/cxf/transport/http/netty/server/integration/clientKeystore.jks";
+ HTTPConduit httpConduit = (HTTPConduit) ClientProxy.getClient(port).getConduit();
+
+ TLSClientParameters tlsCP = new TLSClientParameters();
+ String keyPassword = "ckpass";
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
+ KeyManager[] myKeyManagers = getKeyManagers(keyStore, keyPassword);
+ tlsCP.setKeyManagers(myKeyManagers);
+
+
+ KeyStore trustStore = KeyStore.getInstance("JKS");
+ trustStore.load(new FileInputStream(keyStoreLoc), "cspass".toCharArray());
+ TrustManager[] myTrustStoreKeyManagers = getTrustManagers(trustStore);
+ tlsCP.setTrustManagers(myTrustStoreKeyManagers);
+
+ httpConduit.setTlsClientParameters(tlsCP);
+ }
+
+ private static TrustManager[] getTrustManagers(KeyStore trustStore)
+ throws NoSuchAlgorithmException, KeyStoreException {
+ String alg = KeyManagerFactory.getDefaultAlgorithm();
+ TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
+ fac.init(trustStore);
+ return fac.getTrustManagers();
+ }
+
+ private static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword)
+ throws GeneralSecurityException, IOException {
+ String alg = KeyManagerFactory.getDefaultAlgorithm();
+ char[] keyPass = keyPassword != null
+ ? keyPassword.toCharArray()
+ : null;
+ KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
+ fac.init(keyStore, keyPass);
+ return fac.getKeyManagers();
+ }
+
+
+}
Added: cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/ServerConfig.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/ServerConfig.xml?rev=1498833&view=auto
==============================================================================
--- cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/ServerConfig.xml (added)
+++ cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/ServerConfig.xml Tue Jul 2 08:38:20 2013
@@ -0,0 +1,69 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+
+<!--
+ ** This file configures the Server which runs the web service.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:sec="http://cxf.apache.org/configuration/security"
+ xmlns:http="http://cxf.apache.org/transports/http/configuration"
+ xmlns:httpn="http://cxf.apache.org/transports/http-netty-server/configuration"
+ xsi:schemaLocation="
+ http://cxf.apache.org/configuration/security
+ http://cxf.apache.org/schemas/configuration/security.xsd
+ http://cxf.apache.org/transports/http/configuration
+ http://cxf.apache.org/schemas/configuration/http-conf.xsd
+ http://cxf.apache.org/transports/http-netty-server/configuration
+ http://cxf.apache.org/schemas/configuration/http-netty-server.xsd
+ http://www.springframework.org/schema/beans
+ http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+ <http:destination name="{http://apache.org/hello_world_soap_http}GreeterPort.http-destination">
+ </http:destination>
+ <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
+
+ <httpn:engine-factory>
+ <httpn:engine port="${SSLNettyServerTest.port}">
+ <httpn:tlsServerParameters>
+ <sec:keyManagers keyPassword="skpass">
+ <sec:keyStore file="src/test/resources/org/apache/cxf/transport/http/netty/server/integration/serviceKeystore.jks" password="sspass" type="JKS"/>
+ </sec:keyManagers>
+ <sec:trustManagers>
+ <sec:keyStore file="src/test/resources/org/apache/cxf/transport/http/netty/server/integration/serviceKeystore.jks" password="sspass" type="JKS"/>
+ </sec:trustManagers>
+ <sec:cipherSuitesFilter>
+ <!-- these filters ensure that a ciphersuite with
+ export-suitable or null encryption is used,
+ but exclude anonymous Diffie-Hellman key change as
+ this is vulnerable to man-in-the-middle attacks -->
+ <sec:include>.*_EXPORT_.*</sec:include>
+ <sec:include>.*_EXPORT1024_.*</sec:include>
+ <sec:include>.*_WITH_DES_.*</sec:include>
+ <sec:include>.*_WITH_AES_.*</sec:include>
+ <sec:include>.*_WITH_NULL_.*</sec:include>
+ <sec:exclude>.*_DH_anon_.*</sec:exclude>
+ </sec:cipherSuitesFilter>
+ <sec:clientAuthentication want="true" required="true"/>
+ </httpn:tlsServerParameters>
+ </httpn:engine>
+ </httpn:engine-factory>
+</beans>
Added: cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/clientKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/clientKeystore.jks?rev=1498833&view=auto
==============================================================================
Files cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/clientKeystore.jks (added) and cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/clientKeystore.jks Tue Jul 2 08:38:20 2013 differ
Added: cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/serviceKeystore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/serviceKeystore.jks?rev=1498833&view=auto
==============================================================================
Files cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/serviceKeystore.jks (added) and cxf/trunk/rt/transports/http-netty/netty-server/src/test/resources/org/apache/cxf/transport/http/netty/server/integration/serviceKeystore.jks Tue Jul 2 08:38:20 2013 differ