You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2019/05/10 10:19:34 UTC
[cxf] branch master updated: CXF-8037 - Apache CXF
(AsyncHTTPConduit) ignores system keyStore property
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/master by this push:
new 7808ae4 CXF-8037 - Apache CXF (AsyncHTTPConduit) ignores system keyStore property
7808ae4 is described below
commit 7808ae48865df413346f523ca6e8df7bcedb2091
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Fri May 10 11:19:17 2019 +0100
CXF-8037 - Apache CXF (AsyncHTTPConduit) ignores system keyStore property
---
.../http/asyncclient/AsyncHTTPConduit.java | 8 +-
.../https/ciphersuites/CipherSuitesTest.java | 178 ++++++++-------------
.../systest/https/clientauth/ClientAuthTest.java | 122 ++++++++++++++
.../HostnameVerificationDeprecatedTest.java | 55 +++++--
.../https/hostname/HostnameVerificationTest.java | 77 +++++----
.../cxf/systest/https/trust/TrustManagerTest.java | 53 ++++++
6 files changed, 339 insertions(+), 154 deletions(-)
diff --git a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
index 7cf2954..b3a6186 100755
--- a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
+++ b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
@@ -891,9 +891,11 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit {
ctx = provider == null ? SSLContext.getInstance(protocol) : SSLContext
.getInstance(protocol, provider);
- ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
KeyManager[] keyManagers = tlsClientParameters.getKeyManagers();
+ if (keyManagers == null) {
+ keyManagers = org.apache.cxf.configuration.jsse.SSLUtils.getDefaultKeyStoreManagers(LOG);
+ }
KeyManager[] configuredKeyManagers =
org.apache.cxf.transport.https.SSLUtils.configureKeyManagersWithCertAlias(
tlsClientParameters, keyManagers);
@@ -904,6 +906,10 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit {
}
ctx.init(configuredKeyManagers, trustManagers, tlsClientParameters.getSecureRandom());
+
+ if (ctx.getClientSessionContext() != null) {
+ ctx.getClientSessionContext().setSessionTimeout(tlsClientParameters.getSslCacheTimeout());
+ }
}
sslContext = ctx;
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index 6a05b78..3370c20 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -22,6 +22,8 @@ package org.apache.cxf.systest.https.ciphersuites;
import java.net.URL;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
import java.util.Collections;
import javax.crypto.Cipher;
@@ -46,6 +48,8 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.Assume;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -55,6 +59,7 @@ import static org.junit.Assert.fail;
/**
* A set of tests for TLS ciphersuites
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class CipherSuitesTest extends AbstractBusClientServerTestBase {
static final boolean UNRESTRICTED_POLICIES_INSTALLED;
static {
@@ -83,6 +88,12 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
static final String PORT5 = allocatePort(CipherSuitesServer.class, 5);
+ final Boolean async;
+
+ public CipherSuitesTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -93,6 +104,12 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -101,30 +118,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
// Both client + server include AES
@org.junit.Test
public void testAESIncluded() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
- updateAddressPort(port, PORT);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
- // Both client + server include AES
- @org.junit.Test
- public void testAESIncludedAsync() throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
@@ -139,7 +133,9 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
updateAddressPort(port, PORT);
@@ -174,6 +170,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
final Greeter port = service.getHttpsPort();
assertNotNull("Port is null", port);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
updateAddressPort(port, PORT4);
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -200,37 +201,10 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
- try {
- port.greetMe("Kitty");
- fail("Failure expected on not being able to negotiate a cipher suite");
- } catch (Exception ex) {
- // expected
- }
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Client only includes DHE, server excludes it
- @org.junit.Test
- public void testClientDHEServerExcludesIncludedAsync() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- updateAddressPort(port, PORT);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -261,32 +235,10 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Both client + server include DHE
- @org.junit.Test
- public void testDHEIncludedAsync() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-dhe-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- updateAddressPort(port, PORT2);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -312,37 +264,10 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
- try {
- port.greetMe("Kitty");
- fail("Failure expected on not being able to negotiate a cipher suite");
- } catch (Exception ex) {
- // expected
- }
-
- ((java.io.Closeable)port).close();
- bus.shutdown(true);
- }
-
- // Client only includes ECDHE, server only includes DHE
- @org.junit.Test
- public void testClientECDHEServerDHEIncludedAsync() throws Exception {
- SpringBusFactory bf = new SpringBusFactory();
- URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml");
-
- Bus bus = bf.createBus(busFile.toString());
- BusFactory.setDefaultBus(bus);
- BusFactory.setThreadDefaultBus(bus);
-
- URL url = SOAPService.WSDL_LOCATION;
- SOAPService service = new SOAPService(url, SOAPService.SERVICE);
- assertNotNull("Service is null", service);
- final Greeter port = service.getHttpsPort();
- assertNotNull("Port is null", port);
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- updateAddressPort(port, PORT2);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -378,6 +303,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -407,6 +337,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
@@ -452,6 +387,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -482,6 +422,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
@@ -526,6 +471,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
@@ -564,6 +514,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit conduit = (HTTPConduit) client.getConduit();
@@ -603,6 +558,11 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT5);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on not being able to negotiate a cipher suite");
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
index 9fd5eb7..695f35b 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java
@@ -25,6 +25,8 @@ import java.security.KeyStore;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
@@ -55,6 +57,8 @@ import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
import org.junit.AfterClass;
import org.junit.Assume;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -64,10 +68,17 @@ import static org.junit.Assert.fail;
/**
* A set of tests for TLS client authentication.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class ClientAuthTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(ClientAuthServer.class);
static final String PORT2 = allocatePort(ClientAuthServer.class, 2);
+ final Boolean async;
+
+ public ClientAuthTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -78,6 +89,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -101,6 +118,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -125,6 +147,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on an untrusted cert");
@@ -154,6 +181,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -165,6 +197,48 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
bus.shutdown(true);
}
+ // Ignoring this test as it fails when run as part of the test class - testNoClientCert interferes with it
+ // It succeeds when run with testNoClientCert commented out
+ @org.junit.Test
+ @org.junit.Ignore
+ public void testSystemPropertiesWithEmptyKeystoreConfig() throws Exception {
+ try {
+ System.setProperty("javax.net.ssl.keyStore", "keys/Morpit.jks");
+ System.setProperty("javax.net.ssl.keyStorePassword", "password");
+ System.setProperty("javax.net.ssl.keyPassword", "password");
+ System.setProperty("javax.net.ssl.keyStoreType", "JKS");
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = ClientAuthTest.class.getResource("client-no-auth.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ BusFactory.setDefaultBus(bus);
+ BusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ } finally {
+ System.clearProperty("javax.net.ssl.keyStore");
+ System.clearProperty("javax.net.ssl.keyStorePassword");
+ System.clearProperty("javax.net.ssl.keyPassword");
+ System.clearProperty("javax.net.ssl.keyStoreType");
+ }
+ }
+
// Server trusts the issuer of the client cert
@org.junit.Test
public void testChainTrust() throws Exception {
@@ -183,6 +257,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -207,6 +286,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -236,6 +320,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -265,6 +354,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on no trusted cert");
@@ -345,6 +439,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
@@ -363,6 +463,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
updateAddressPort(port, PORT2);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
client = ClientProxy.getClient(port);
http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
@@ -410,6 +516,12 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
assertNotNull("Port is null", port);
updateAddressPort(port, PORT);
+
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
Client client = ClientProxy.getClient(port);
HTTPConduit http = (HTTPConduit) client.getConduit();
http.setTlsClientParameters(tlsParams);
@@ -434,6 +546,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
// Set up KeyManagers/TrustManagers
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
@@ -479,6 +596,11 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
// Set up KeyManagers/TrustManagers
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
index 6f55440..fc41663 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
@@ -20,6 +20,8 @@
package org.apache.cxf.systest.https.hostname;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
@@ -38,6 +40,8 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -49,11 +53,18 @@ import static org.junit.Assert.fail;
* "com.sun.net.ssl.internal.www.protocol". This means that com.sun.net.ssl.HostnameVerifier is used
* instead of the javax version.
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(HostnameVerificationDeprecatedServer.class);
static final String PORT2 = allocatePort(HostnameVerificationDeprecatedServer.class, 2);
static final String PORT3 = allocatePort(HostnameVerificationDeprecatedServer.class, 3);
+ final Boolean async;
+
+ public HostnameVerificationDeprecatedTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
@@ -65,6 +76,12 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
System.clearProperty("java.protocol.handler.pkgs");
@@ -90,6 +107,11 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
try {
port.greetMe("Kitty");
fail("Failure expected on the hostname verification");
@@ -119,6 +141,11 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -160,10 +187,10 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -208,6 +235,11 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
TLSClientParameters clientParameters = new TLSClientParameters();
clientParameters.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
Client client = ClientProxy.getClient(port);
@@ -215,11 +247,6 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
- // Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
((java.io.Closeable)port).close();
} finally {
if (hostnameVerifier != null) {
@@ -250,10 +277,10 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT2);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -279,10 +306,10 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
updateAddressPort(port, PORT3);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
index c849c38..0a3dfb8 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
@@ -20,6 +20,8 @@
package org.apache.cxf.systest.https.hostname;
import java.net.URL;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.HostnameVerifier;
import javax.net.ssl.HttpsURLConnection;
@@ -38,6 +40,8 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -51,6 +55,7 @@ import static org.junit.Assert.fail;
* keytool -genkey -validity 3650 -alias subjalt -keyalg RSA -keystore subjalt.jks
* -dname "CN=Colm,OU=WSS4J,O=Apache,L=Dublin,ST=Leinster,C=IE" -ext SAN=DNS:localhost
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(HostnameVerificationServer.class);
static final String PORT2 = allocatePort(HostnameVerificationServer.class, 2);
@@ -58,6 +63,12 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
static final String PORT4 = allocatePort(HostnameVerificationServer.class, 4);
static final String PORT5 = allocatePort(HostnameVerificationServer.class, 5);
+ final Boolean async;
+
+ public HostnameVerificationTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -68,6 +79,12 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -91,10 +108,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -120,15 +137,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
- try {
- port.greetMe("Kitty");
- fail("Failure expected on a non-matching subject alternative name");
- } catch (Exception ex) {
- // expected
- }
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -159,10 +171,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT3);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
@@ -188,15 +200,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
- try {
- port.greetMe("Kitty");
- fail("Failure expected with no matching Subject Alt Name or CN");
- } catch (Exception ex) {
- // expected
- }
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
try {
port.greetMe("Kitty");
@@ -227,6 +234,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -261,6 +273,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -297,6 +314,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT4);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
TLSClientParameters clientParameters = new TLSClientParameters();
clientParameters.setUseHttpsURLConnectionDefaultHostnameVerifier(true);
Client client = ClientProxy.getClient(port);
@@ -304,11 +326,6 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
- // Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
-
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
((java.io.Closeable)port).close();
} finally {
if (hostnameVerifier != null) {
@@ -338,10 +355,10 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT5);
- assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-
// Enable Async
- ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java
index 55b39e4..1516342 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java
@@ -27,11 +27,14 @@ import java.security.cert.CertificateException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collection;
import javax.net.ssl.CertPathTrustManagerParameters;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
+import javax.xml.ws.BindingProvider;
import org.apache.cxf.Bus;
import org.apache.cxf.BusFactory;
@@ -47,6 +50,8 @@ import org.apache.hello_world.services.SOAPService;
import org.junit.AfterClass;
import org.junit.BeforeClass;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized.Parameters;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
@@ -56,11 +61,18 @@ import static org.junit.Assert.fail;
/**
* A set of tests for specifying a TrustManager
*/
+@RunWith(value = org.junit.runners.Parameterized.class)
public class TrustManagerTest extends AbstractBusClientServerTestBase {
static final String PORT = allocatePort(TrustServer.class);
static final String PORT2 = allocatePort(TrustServer.class, 2);
static final String PORT3 = allocatePort(TrustServer.class, 3);
+ final Boolean async;
+
+ public TrustManagerTest(Boolean async) {
+ this.async = async;
+ }
+
@BeforeClass
public static void startServers() throws Exception {
assertTrue(
@@ -77,6 +89,12 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
);
}
+ @Parameters(name = "{0}")
+ public static Collection<Boolean> data() {
+
+ return Arrays.asList(new Boolean[] {Boolean.FALSE, Boolean.TRUE});
+ }
+
@AfterClass
public static void cleanup() throws Exception {
stopAllServers();
@@ -100,6 +118,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
TLSClientParameters tlsParams = new TLSClientParameters();
X509TrustManager trustManager = new NoOpX509TrustManager();
TrustManager[] trustManagers = new TrustManager[1];
@@ -135,6 +158,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
@@ -177,6 +205,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -210,6 +243,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
assertEquals(port.greetMe("Kitty"), "Hello Kitty");
((java.io.Closeable)port).close();
@@ -240,6 +278,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT3);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
@@ -277,6 +320,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
String invalidPrincipalName = "CN=Bethal2,OU=Bethal,O=ApacheTest,L=Syracuse,C=US";
TLSClientParameters tlsParams = new TLSClientParameters();
@@ -319,6 +367,11 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase {
updateAddressPort(port, PORT2);
+ // Enable Async
+ if (async) {
+ ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+ }
+
// Read truststore
KeyStore ts = KeyStore.getInstance("JKS");
try (InputStream trustStore =