Another refactor of systests/transports to make the https tests more manageable
Conflicts: systests/transports/src/test/java/org/apache/cxf/systest/https/conduit/KeyPasswordCallbackHandler.java systests/transports/src/test/resources/org/apache/cxf/systest/https/conduit/jaxws-publish-callback.xml Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/5ad015a4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/5ad015a4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/5ad015a4 Branch: refs/heads/3.0.x-fixes Commit: 5ad015a408a9a04405f25ae45f9f08a250fd4bf4 Parents: e2dd51a Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Dec 12 15:27:24 2014 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Dec 12 15:29:20 2014 +0000 ---------------------------------------------------------------------- .../cxf/systest/https/CertConstraintsTest.java | 162 ---- .../cxf/systest/https/ClientAuthServer.java | 47 -- .../cxf/systest/https/ClientAuthTest.java | 246 ------ .../cxf/systest/https/HTTPSClientTest.java | 244 ------ .../cxf/systest/https/HTTPSConduitTest.java | 755 ------------------ .../https/HTTPSProxyAuthConduitTest.java | 111 --- .../systest/https/HTTPSProxyConduitTest.java | 100 --- .../apache/cxf/systest/https/PushBack401.java | 223 ------ .../apache/cxf/systest/https/SSLv3Server.java | 47 -- .../org/apache/cxf/systest/https/SSLv3Test.java | 204 ----- .../org/apache/cxf/systest/https/Server.java | 100 --- .../https/clientauth/ClientAuthServer.java | 47 ++ .../https/clientauth/ClientAuthTest.java | 246 ++++++ .../systest/https/conduit/HTTPSClientTest.java | 245 ++++++ .../systest/https/conduit/HTTPSConduitTest.java | 761 +++++++++++++++++++ .../conduit/HTTPSProxyAuthConduitTest.java | 111 +++ .../https/conduit/HTTPSProxyConduitTest.java | 100 +++ .../conduit/KeyPasswordCallbackHandler.java | 39 + .../cxf/systest/https/conduit/PushBack401.java | 223 ++++++ .../cxf/systest/https/conduit/Server.java | 100 +++ .../https/constraints/CertConstraintsTest.java | 163 ++++ .../cxf/systest/https/ssl3/SSLv3Server.java | 47 ++ .../cxf/systest/https/ssl3/SSLv3Test.java | 204 +++++ .../org/apache/cxf/systest/https/Bethal.cxf | 72 -- .../cxf/systest/https/BethalClientBeans.xml | 24 - .../cxf/systest/https/BethalClientConfig.cxf | 57 -- .../org/apache/cxf/systest/https/Gordy.cxf | 65 -- .../org/apache/cxf/systest/https/Morpit.cxf | 63 -- .../org/apache/cxf/systest/https/Mortimer.cxf | 47 -- .../org/apache/cxf/systest/https/Poltim.cxf | 65 -- .../org/apache/cxf/systest/https/Tarpin.cxf | 65 -- .../cxf/systest/https/client-auth-chain.xml | 37 - .../cxf/systest/https/client-auth-invalid.xml | 36 - .../cxf/systest/https/client-auth-invalid2.xml | 36 - .../cxf/systest/https/client-auth-server.xml | 72 -- .../apache/cxf/systest/https/client-auth.xml | 37 - .../https/clientauth/client-auth-chain.xml | 37 + .../https/clientauth/client-auth-invalid.xml | 36 + .../https/clientauth/client-auth-invalid2.xml | 36 + .../https/clientauth/client-auth-server.xml | 72 ++ .../systest/https/clientauth/client-auth.xml | 37 + .../apache/cxf/systest/https/conduit/Bethal.cxf | 72 ++ .../systest/https/conduit/BethalClientBeans.xml | 24 + .../https/conduit/BethalClientConfig.cxf | 57 ++ .../apache/cxf/systest/https/conduit/Gordy.cxf | 65 ++ .../apache/cxf/systest/https/conduit/Morpit.cxf | 63 ++ .../cxf/systest/https/conduit/Mortimer.cxf | 47 ++ .../apache/cxf/systest/https/conduit/Poltim.cxf | 65 ++ .../apache/cxf/systest/https/conduit/Tarpin.cxf | 65 ++ .../cxf/systest/https/conduit/greeting.wsdl | 166 ++++ .../https/conduit/jaxws-publish-callback.xml | 64 ++ .../cxf/systest/https/conduit/jaxws-publish.xml | 64 ++ .../cxf/systest/https/conduit/jaxws-server.xml | 77 ++ .../https/conduit/jaxws-tlsrefs-publish.xml | 60 ++ .../apache/cxf/systest/https/conduit/pkcs12.xml | 70 ++ .../https/conduit/resource-key-spec-url.xml | 72 ++ .../systest/https/conduit/resource-key-spec.xml | 68 ++ .../constraints/jaxws-server-constraints.xml | 255 +++++++ .../org/apache/cxf/systest/https/greeting.wsdl | 166 ---- .../apache/cxf/systest/https/jaxws-publish.xml | 64 -- .../systest/https/jaxws-server-constraints.xml | 255 ------- .../apache/cxf/systest/https/jaxws-server.xml | 77 -- .../cxf/systest/https/jaxws-tlsrefs-publish.xml | 60 -- .../org/apache/cxf/systest/https/pkcs12.xml | 70 -- .../cxf/systest/https/resource-key-spec-url.xml | 72 -- .../cxf/systest/https/resource-key-spec.xml | 68 -- .../systest/https/ssl3/sslv3-client-allow.xml | 34 + .../cxf/systest/https/ssl3/sslv3-client.xml | 33 + .../cxf/systest/https/ssl3/sslv3-server.xml | 100 +++ .../cxf/systest/https/sslv3-client-allow.xml | 34 - .../apache/cxf/systest/https/sslv3-client.xml | 33 - .../apache/cxf/systest/https/sslv3-server.xml | 100 --- 72 files changed, 4025 insertions(+), 3914 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java deleted file mode 100644 index 5b0856d..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java +++ /dev/null @@ -1,162 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.net.URL; - -import javax.xml.ws.BindingProvider; - -import org.apache.cxf.BusFactory; -import org.apache.cxf.configuration.Configurer; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; -import org.junit.BeforeClass; -import org.junit.Test; - -/** - * This test is meant to run against a spring-loaded HTTP/S service. It tests the certificate - * constraints logic. - */ -public class CertConstraintsTest extends AbstractBusClientServerTestBase { - // - // data - // - - @BeforeClass - public static void allocatePorts() { - BusServer.resetPortMap(); - } - - /** - * the package path used to locate resources specific to this test - */ - private void setTheConfiguration(String config) { - //System.setProperty("javax.net.debug", "all"); - try { - System.setProperty( - Configurer.USER_CFG_FILE_PROPERTY_URL, - CertConstraintsTest.class.getResource(config).toString() - ); - } catch (final Exception e) { - e.printStackTrace(); - } - } - - public void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork a new process - launchServer(BusServer.class, true) - ); - } - - - public void stopServers() throws Exception { - stopAllServers(); - System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL); - BusFactory.setDefaultBus(null); - BusFactory.setThreadDefaultBus(null); - } - - - // - // tests - // - public final void testSuccessfulCall(String address) throws Exception { - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - BindingProvider provider = (BindingProvider)port; - provider.getRequestContext().put( - BindingProvider.ENDPOINT_ADDRESS_PROPERTY, - address); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - } - - public final void testFailedCall(String address) throws Exception { - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - BindingProvider provider = (BindingProvider)port; - provider.getRequestContext().put( - BindingProvider.ENDPOINT_ADDRESS_PROPERTY, - address); - - try { - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - fail("Failure expected"); - } catch (javax.xml.ws.soap.SOAPFaultException ex) { - // expected - } catch (javax.xml.ws.WebServiceException ex) { - // expected - } - } - - @Test - public final void testCertConstraints() throws Exception { - setTheConfiguration("jaxws-server-constraints.xml"); - startServers(); - - // - // Good Subject DN - // - testSuccessfulCall("https://localhost:" + BusServer.getPort(0) + "/SoapContext/HttpsPort"); - // - // Bad Subject DN - // - testFailedCall("https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort"); - // - // Mixed Subject DN (ALL) - // - testFailedCall("https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort"); - // - // Mixed Subject DN (ANY) - // - testSuccessfulCall("https://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpsPort"); - // - // Mixed Issuer DN (ALL) - // - testFailedCall("https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort"); - // - // Mixed Issuer DN (ANY) - // - testSuccessfulCall("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort"); - // - // Bad server Subject DN - // - testFailedCall("https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort"); - // - // Bad server Issuer DN - // - testFailedCall("https://localhost:" + BusServer.getPort(7) + "/SoapContext/HttpsPort"); - - stopServers(); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthServer.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthServer.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthServer.java deleted file mode 100644 index 5108a22..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthServer.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusTestServerBase; - -public class ClientAuthServer extends AbstractBusTestServerBase { - - public ClientAuthServer() { - - } - - protected void run() { - URL busFile = Server.class.getResource("client-auth-server.xml"); - Bus busLocal = new SpringBusFactory().createBus(busFile); - BusFactory.setDefaultBus(busLocal); - setBus(busLocal); - - try { - new ClientAuthServer(); - } catch (Exception e) { - e.printStackTrace(); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthTest.java deleted file mode 100644 index 387a508..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ClientAuthTest.java +++ /dev/null @@ -1,246 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; -import org.junit.AfterClass; -import org.junit.BeforeClass; - -/** - * A set of tests for TLS client authentication. - */ -public class ClientAuthTest extends AbstractBusClientServerTestBase { - static final String PORT = allocatePort(ClientAuthServer.class); - static final String PORT2 = allocatePort(ClientAuthServer.class, 2); - - @BeforeClass - public static void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(ClientAuthServer.class, true) - ); - } - - @AfterClass - public static void cleanup() throws Exception { - stopAllServers(); - } - - // Server directly trusts the client cert - @org.junit.Test - public void testDirectTrust() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("client-auth.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Server does not (directly) trust the client cert - @org.junit.Test - public void testInvalidDirectTrust() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("client-auth-invalid.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT); - - try { - port.greetMe("Kitty"); - fail("Failure expected on an untrusted cert"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client does not specify a KeyStore, only a TrustStore - @org.junit.Test - public void testNoClientCert() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT); - - try { - port.greetMe("Kitty"); - fail("Failure expected on no trusted cert"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Server trusts the issuer of the client cert - @org.junit.Test - public void testChainTrust() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("client-auth-chain.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT2); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Server does not trust the issuer of the client cert - @org.junit.Test - public void testInvalidChainTrust() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("client-auth-invalid2.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT2); - - try { - port.greetMe("Kitty"); - fail("Failure expected on no trusted cert"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client does not trust the issuer of the server cert - @org.junit.Test - public void testClientInvalidCertChain() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("client-auth-invalid2.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT); - - try { - port.greetMe("Kitty"); - fail("Failure expected on no trusted cert"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client does not directly trust the server cert - @org.junit.Test - public void testClientInvalidDirectTrust() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("client-auth-invalid.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT2); - - try { - port.greetMe("Kitty"); - fail("Failure expected on no trusted cert"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java deleted file mode 100644 index 2ace9f8..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java +++ /dev/null @@ -1,244 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.net.URL; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.TrustManager; -import javax.xml.ws.BindingProvider; - -import org.apache.cxf.BusFactory; -import org.apache.cxf.configuration.Configurer; -import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils; -import org.apache.cxf.configuration.security.KeyManagersType; -import org.apache.cxf.configuration.security.KeyStoreType; -import org.apache.cxf.configuration.security.TrustManagersType; -import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; -import org.junit.BeforeClass; -import org.junit.Test; - -/** - * This test is meant to run against a spring-loaded - * HTTP/S service. - */ -public class HTTPSClientTest extends AbstractBusClientServerTestBase { - // - // data - // - - /** - * the package path used to locate resources specific to this test - */ - private void setTheConfiguration(String config) { - //System.setProperty("javax.net.debug", "all"); - try { - System.setProperty( - Configurer.USER_CFG_FILE_PROPERTY_URL, - HTTPSClientTest.class.getResource(config).toString() - ); - } catch (final Exception e) { - e.printStackTrace(); - } - } - - @BeforeClass - public static void setupPorts() { - BusServer.resetPortMap(); - } - - public void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork a new process - launchServer(BusServer.class, true) - ); - } - - - public void stopServers() throws Exception { - stopAllServers(); - System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL); - BusFactory.setDefaultBus(null); - BusFactory.setThreadDefaultBus(null); - } - - - // - // tests - // - public final void testSuccessfulCall(String configuration, - String address) throws Exception { - testSuccessfulCall(configuration, address, null); - } - public final void testSuccessfulCall(String configuration, - String address, - URL url) throws Exception { - testSuccessfulCall(configuration, address, url, false); - } - public final void testSuccessfulCall(String configuration, - String address, - URL url, - boolean dynamicClient) throws Exception { - setTheConfiguration(configuration); - startServers(); - if (url == null) { - url = SOAPService.WSDL_LOCATION; - } - - //CXF-4037 - dynamic client isn't using the conduit settings to resolve schemas - if (dynamicClient) { - ClassLoader loader = Thread.currentThread().getContextClassLoader(); - JaxWsDynamicClientFactory.newInstance(BusFactory.getDefaultBus()) - .createClient(url.toExternalForm()); - Thread.currentThread().setContextClassLoader(loader); - } - - - - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - BindingProvider provider = (BindingProvider)port; - provider.getRequestContext().put( - BindingProvider.ENDPOINT_ADDRESS_PROPERTY, - address); - - //provider.getRequestContext().put("use.async.http.conduit", Boolean.TRUE); - //for (int x = 0; x < 100000; x++) { - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - //} - - - stopServers(); - } - - @Test - public final void testJaxwsServer() throws Exception { - testSuccessfulCall("jaxws-server.xml", - "https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort"); - } - @Test - public final void testJaxwsServerChangeHttpsToHttp() throws Exception { - testSuccessfulCall("jaxws-server.xml", - "http://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpPort"); - } - @Test - public final void testJaxwsEndpoint() throws Exception { - testSuccessfulCall("jaxws-publish.xml", - "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort"); - } - @Test - public final void testJaxwsTLSRefsEndpoint() throws Exception { - testSuccessfulCall("jaxws-tlsrefs-publish.xml", - "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort"); - } - @Test - public final void testPKCS12Endpoint() throws Exception { - testSuccessfulCall("pkcs12.xml", - "https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort"); - } - - @Test - public final void testResourceKeySpecEndpoint() throws Exception { - testSuccessfulCall("resource-key-spec.xml", - "https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort"); - } - @Test - public final void testResourceKeySpecEndpointURL() throws Exception { - testSuccessfulCall("resource-key-spec-url.xml", - "https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort", - new URL("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort?wsdl"), - true); - - } - - public static class ServerManagersFactory { - public static KeyManager[] getKeyManagers() { - KeyManagersType kmt = new KeyManagersType(); - KeyStoreType kst = new KeyStoreType(); - kst.setFile("src/test/resources/keys/Bethal.jks"); - kst.setPassword("password"); - kst.setType("JKS"); - - kmt.setKeyStore(kst); - kmt.setKeyPassword("password"); - try { - return TLSParameterJaxBUtils.getKeyManagers(kmt); - } catch (Exception e) { - throw new RuntimeException("failed to retrieve key managers", e); - } - } - - public static TrustManager[] getTrustManagers() { - TrustManagersType tmt = new TrustManagersType(); - KeyStoreType kst = new KeyStoreType(); - kst.setFile("src/test/resources/keys/Truststore.jks"); - kst.setPassword("password"); - kst.setType("JKS"); - - tmt.setKeyStore(kst); - try { - return TLSParameterJaxBUtils.getTrustManagers(tmt); - } catch (Exception e) { - throw new RuntimeException("failed to retrieve trust managers", e); - } - } - } - - public static class ClientManagersFactory { - public static KeyManager[] getKeyManagers() { - KeyManagersType kmt = new KeyManagersType(); - KeyStoreType kst = new KeyStoreType(); - kst.setFile("src/test/resources/keys/Morpit.jks"); - kst.setPassword("password"); - kst.setType("JKS"); - - kmt.setKeyStore(kst); - kmt.setKeyPassword("password"); - try { - return TLSParameterJaxBUtils.getKeyManagers(kmt); - } catch (Exception e) { - throw new RuntimeException("failed to retrieve key managers", e); - } - } - - public static TrustManager[] getTrustManagers() { - TrustManagersType tmt = new TrustManagersType(); - KeyStoreType kst = new KeyStoreType(); - kst.setFile("src/test/resources/keys/Truststore.jks"); - kst.setPassword("password"); - kst.setType("JKS"); - - tmt.setKeyStore(kst); - try { - return TLSParameterJaxBUtils.getTrustManagers(tmt); - } catch (Exception e) { - throw new RuntimeException("failed to retrieve trust managers", e); - } - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSConduitTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSConduitTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSConduitTest.java deleted file mode 100644 index c375e7e..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSConduitTest.java +++ /dev/null @@ -1,755 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - - -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.net.URI; -import java.net.URL; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.util.ArrayList; -import java.util.List; -import java.util.Map; -import java.util.TreeMap; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; -import javax.xml.namespace.QName; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.BusApplicationContext; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.common.util.Base64Utility; -import org.apache.cxf.configuration.jsse.TLSClientParameters; -import org.apache.cxf.configuration.security.AuthorizationPolicy; -import org.apache.cxf.endpoint.Client; -import org.apache.cxf.frontend.ClientProxy; -import org.apache.cxf.message.Message; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.cxf.transport.http.HTTPConduit; -import org.apache.cxf.transport.http.MessageTrustDecider; -import org.apache.cxf.transport.http.URLConnectionInfo; -import org.apache.cxf.transport.http.UntrustedURLConnectionIOException; -import org.apache.cxf.transport.http.auth.HttpAuthHeader; -import org.apache.cxf.transport.http.auth.HttpAuthSupplier; -import org.apache.cxf.transport.https.HttpsURLConnectionInfo; -import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; -import org.junit.AfterClass; -import org.junit.BeforeClass; -import org.junit.Test; -import org.springframework.context.ApplicationContext; - -/** - * This class tests several issues and Conduit policies based - * on a set up of redirecting servers. - * <pre> - * - * Http Redirection: - * - * Poltim(https:9005) ----> Mortimer (http:9000) - * - * HttpS redirection/Trust: - * - * Tarpin(https:9003) ----> Gordy(https:9001) ----> Bethal(https:9002) - * - * Hostname Verifier Test - * - * Morpit (https:9008) - * - * </pre>HTTPConduitTest - * The Bethal server issues 401 with differing realms depending on the - * User name given in the authorization header. - * <p> - * The Morpit has a CN that is not equal to "localhost" to kick in - * the Hostname Verifier. - */ -public class HTTPSConduitTest extends AbstractBusClientServerTestBase { - private static final boolean IN_PROCESS = true; - - private static TLSClientParameters tlsClientParameters = new TLSClientParameters(); - private static List<String> servers = new ArrayList<String>(); - - private static Map<String, String> addrMap = new TreeMap<String, String>(); - - static { - try { - //System.setProperty("javax.net.debug", "all"); - URL key = Server.class.getResource("../../../../../keys/Morpit.jks"); - String keystore = new File(key.toURI()).getAbsolutePath(); - //System.out.println("Keystore: " + keystore); - KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, "password"), "password"); - - key = Server.class.getResource("../../../../../keys/Truststore.jks"); - - String truststore = new File(key.toURI()).getAbsolutePath(); - //System.out.println("Truststore: " + truststore); - TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, "password")); - - tlsClientParameters.setKeyManagers(kmgrs); - tlsClientParameters.setTrustManagers(tmgrs); - } catch (Exception e) { - throw new RuntimeException("Static initialization failed", e); - } - } - - private final QName serviceName = - new QName("http://apache.org/hello_world", "SOAPService"); - private final QName bethalQ = - new QName("http://apache.org/hello_world", "Bethal"); - private final QName gordyQ = - new QName("http://apache.org/hello_world", "Gordy"); - private final QName tarpinQ = - new QName("http://apache.org/hello_world", "Tarpin"); - private final QName poltimQ = - new QName("http://apache.org/hello_world", "Poltim"); - - public HTTPSConduitTest() { - } - - - public static String getPort(String s) { - return BusServer.PORTMAP.get(s); - } - - @BeforeClass - public static void allocatePorts() { - BusServer.resetPortMap(); - addrMap.clear(); - addrMap.put("Mortimer", "http://localhost:" + getPort("PORT0") + "/"); - addrMap.put("Tarpin", "https://localhost:" + getPort("PORT1") + "/"); - addrMap.put("Poltim", "https://localhost:" + getPort("PORT2") + "/"); - addrMap.put("Gordy", "https://localhost:" + getPort("PORT3") + "/"); - addrMap.put("Bethal", "https://localhost:" + getPort("PORT4") + "/"); - addrMap.put("Morpit", "https://localhost:" + getPort("PORT5") + "/"); - tlsClientParameters.setDisableCNCheck(true); - servers.clear(); - } - - - /** - * This function is used to start up a server. It only "starts" a - * server if it hasn't been started before, hence its static nature. - * <p> - * This approach is used to start the needed servers for a particular test - * instead of starting them all in "startServers". This single needed - * server approach allieviates the pain in starting them all just to run - * a particular test in the debugger. - */ - public synchronized boolean startServer(String name) { - if (servers.contains(name)) { - return true; - } - Bus bus = BusFactory.getThreadDefaultBus(false); - URL serverC = - Server.class.getResource(name + ".cxf"); - BusFactory.setDefaultBus(null); - BusFactory.setThreadDefaultBus(null); - boolean server = launchServer(Server.class, null, - new String[] { - name, - addrMap.get(name), - serverC.toString() }, - IN_PROCESS); - if (server) { - servers.add(name); - } - BusFactory.setDefaultBus(null); - BusFactory.setThreadDefaultBus(bus); - return server; - } - - @AfterClass - public static void cleanUp() { - Bus b = BusFactory.getDefaultBus(false); - if (b != null) { - b.shutdown(true); - } - b = BusFactory.getThreadDefaultBus(false); - if (b != null) { - b.shutdown(true); - } - } - - public static KeyStore getKeyStore(String ksType, String file, String ksPassword) - throws GeneralSecurityException, - IOException { - - String type = ksType != null - ? ksType - : KeyStore.getDefaultType(); - - char[] password = ksPassword != null - ? ksPassword.toCharArray() - : null; - - // We just use the default Keystore provider - KeyStore keyStore = KeyStore.getInstance(type); - - keyStore.load(new FileInputStream(file), password); - - return keyStore; - } - - public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword) - throws GeneralSecurityException, - IOException { - // For tests, we just use the default algorithm - String alg = KeyManagerFactory.getDefaultAlgorithm(); - - char[] keyPass = keyPassword != null - ? keyPassword.toCharArray() - : null; - - // For tests, we just use the default provider. - KeyManagerFactory fac = KeyManagerFactory.getInstance(alg); - - fac.init(keyStore, keyPass); - - return fac.getKeyManagers(); - } - - public static TrustManager[] getTrustManagers(KeyStore keyStore) - throws GeneralSecurityException, - IOException { - // For tests, we just use the default algorithm - String alg = TrustManagerFactory.getDefaultAlgorithm(); - - // For tests, we just use the default provider. - TrustManagerFactory fac = TrustManagerFactory.getInstance(alg); - - fac.init(keyStore); - - return fac.getTrustManagers(); - } - - //methods that a subclass can override to inject a Proxy into the flow - //and assert the proxy was appropriately called - public void configureProxy(Client c) { - } - public void resetProxyCount() { - } - public void assertProxyRequestCount(int i) { - } - - /** - * We use this class to reset the default bus. - * Note: This may not always work in the future. - * I was lucky in that "defaultBus" is actually a - * protected static. - */ - class DefaultBusFactory extends SpringBusFactory { - public Bus createBus(URL config) { - Bus bus = super.createBus(config, true); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - return bus; - } - } - - /** - * This methods tests a basic https connection to Bethal. - * It supplies an authorization policy with preemptive user/pass - * to avoid the 401. - */ - @Test - public void testHttpsBasicConnectionWithConfig() throws Exception { - startServer("Bethal"); - - URL config = getClass().getResource("BethalClientConfig.cxf"); - - // We go through the back door, setting the default bus. - new DefaultBusFactory().createBus(config); - URL wsdl = getClass().getResource("greeting.wsdl"); - assertNotNull("WSDL is null", wsdl); - - SOAPService service = new SOAPService(wsdl, serviceName); - assertNotNull("Service is null", service); - - Greeter bethal = service.getPort(bethalQ, Greeter.class); - - assertNotNull("Port is null", bethal); - updateAddressPort(bethal, getPort("PORT4")); - verifyBethalClient(bethal); - } - - @Test - public void testGetClientFromSpringContext() throws Exception { - startServer("Bethal"); - - BusFactory.setDefaultBus(null); - // The client bean configuration file - URL beans = getClass().getResource("BethalClientBeans.xml"); - // We go through the back door, setting the default bus. - Bus bus = new DefaultBusFactory().createBus(beans); - - ApplicationContext context = bus.getExtension(BusApplicationContext.class); - Greeter bethal = (Greeter)context.getBean("Bethal"); - updateAddressPort(bethal, getPort("PORT4")); - // verify the client side's setting - verifyBethalClient(bethal); - } - - // we just verify the configurations are loaded successfully - private void verifyBethalClient(Greeter bethal) { - Client client = ClientProxy.getClient(bethal); - - HTTPConduit http = - (HTTPConduit) client.getConduit(); - - HTTPClientPolicy httpClientPolicy = http.getClient(); - assertEquals("the httpClientPolicy's autoRedirect should be true", - true, httpClientPolicy.isAutoRedirect()); - TLSClientParameters tlsParameters = http.getTlsClientParameters(); - assertNotNull("the http conduit's tlsParameters should not be null", tlsParameters); - - - // If we set any name, but Edward, Mary, or George, - // and a password of "password" we will get through - // Bethal. - AuthorizationPolicy authPolicy = http.getAuthorization(); - assertEquals("Set the wrong user name from the configuration", - "Betty", authPolicy.getUserName()); - assertEquals("Set the wrong pass word form the configuration", - "password", authPolicy.getPassword()); - - configureProxy(ClientProxy.getClient(bethal)); - - String answer = bethal.sayHi(); - answer = bethal.sayHi(); - answer = bethal.sayHi(); - answer = bethal.sayHi(); - answer = bethal.sayHi(); - assertTrue("Unexpected answer: " + answer, - "Bonjour from Bethal".equals(answer)); - - //With HTTPS, it will just be a CONNECT to the proxy and all the - //data is encrypted. Thus, the proxy cannot distinquish the requests - assertProxyRequestCount(0); - } - - /** - * This methods tests a basic https connection to Bethal. - * It supplies an authorization policy with premetive user/pass - * to avoid the 401. - */ - @Test - public void testHttpsBasicConnection() throws Exception { - startServer("Bethal"); - - URL wsdl = getClass().getResource("greeting.wsdl"); - assertNotNull("WSDL is null", wsdl); - - SOAPService service = new SOAPService(wsdl, serviceName); - assertNotNull("Service is null", service); - - Greeter bethal = service.getPort(bethalQ, Greeter.class); - assertNotNull("Port is null", bethal); - updateAddressPort(bethal, getPort("PORT4")); - - // Okay, I'm sick of configuration files. - // This also tests dynamic configuration of the conduit. - Client client = ClientProxy.getClient(bethal); - HTTPConduit http = - (HTTPConduit) client.getConduit(); - - HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - - httpClientPolicy.setAutoRedirect(false); - // If we set any name, but Edward, Mary, or George, - // and a password of "password" we will get through - // Bethal. - AuthorizationPolicy authPolicy = new AuthorizationPolicy(); - authPolicy.setUserName("Betty"); - authPolicy.setPassword("password"); - - http.setClient(httpClientPolicy); - http.setTlsClientParameters(tlsClientParameters); - http.setAuthorization(authPolicy); - - configureProxy(client); - String answer = bethal.sayHi(); - assertTrue("Unexpected answer: " + answer, - "Bonjour from Bethal".equals(answer)); - assertProxyRequestCount(0); - } - - - @Test - public void testHttpsRedirectToHttpFail() throws Exception { - startServer("Mortimer"); - startServer("Poltim"); - - URL wsdl = getClass().getResource("greeting.wsdl"); - assertNotNull("WSDL is null", wsdl); - - SOAPService service = new SOAPService(wsdl, serviceName); - assertNotNull("Service is null", service); - - Greeter poltim = service.getPort(poltimQ, Greeter.class); - assertNotNull("Port is null", poltim); - updateAddressPort(poltim, getPort("PORT2")); - - // Okay, I'm sick of configuration files. - // This also tests dynamic configuration of the conduit. - Client client = ClientProxy.getClient(poltim); - HTTPConduit http = - (HTTPConduit) client.getConduit(); - - HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - - httpClientPolicy.setAutoRedirect(true); - - http.setClient(httpClientPolicy); - http.setTlsClientParameters(tlsClientParameters); - configureProxy(client); - poltim.sayHi(); - //client -> poltim is https and thus not recorded but then redirected to mortimer - //client -> mortimer is http and recoreded - assertProxyRequestCount(1); - } - - class MyHttpsTrustDecider extends MessageTrustDecider { - - private String[] trustName; - private int called; - - MyHttpsTrustDecider(String name) { - trustName = new String[] {name}; - } - - MyHttpsTrustDecider(String[] name) { - trustName = name; - } - - public int wasCalled() { - return called; - } - - public void establishTrust( - String conduitName, - URLConnectionInfo cinfo, - Message message - ) throws UntrustedURLConnectionIOException { - - called++; - - HttpsURLConnectionInfo ci = (HttpsURLConnectionInfo) cinfo; - boolean trusted = false; - for (int i = 0; i < trustName.length; i++) { - trusted = trusted - || ci.getPeerPrincipal() - .toString().contains("OU=" + trustName[i]); - } - if (!trusted) { - throw new UntrustedURLConnectionIOException( - "Peer Principal \"" - + ci.getPeerPrincipal() - + "\" does not contain " - + getTrustNames()); - } - } - - private String getTrustNames() { - StringBuffer sb = new StringBuffer(); - for (int i = 0; i < trustName.length; i++) { - sb.append("\"OU="); - sb.append(trustName[i]); - sb.append("\""); - if (i < trustName.length - 1) { - sb.append(", "); - } - } - return sb.toString(); - } - } - - @Test - public void testHttpsTrust() throws Exception { - startServer("Bethal"); - - URL wsdl = getClass().getResource("greeting.wsdl"); - assertNotNull("WSDL is null", wsdl); - - SOAPService service = new SOAPService(wsdl, serviceName); - assertNotNull("Service is null", service); - - Greeter bethal = service.getPort(bethalQ, Greeter.class); - assertNotNull("Port is null", bethal); - updateAddressPort(bethal, getPort("PORT4")); - - // Okay, I'm sick of configuration files. - // This also tests dynamic configuration of the conduit. - Client client = ClientProxy.getClient(bethal); - HTTPConduit http = - (HTTPConduit) client.getConduit(); - - HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - - httpClientPolicy.setAutoRedirect(false); - // If we set any name, but Edward, Mary, or George, - // and a password of "password" we will get through - // Bethal. - AuthorizationPolicy authPolicy = new AuthorizationPolicy(); - authPolicy.setUserName("Betty"); - authPolicy.setPassword("password"); - - http.setClient(httpClientPolicy); - http.setTlsClientParameters(tlsClientParameters); - http.setAuthorization(authPolicy); - - // Our expected server should be OU=Bethal - http.setTrustDecider(new MyHttpsTrustDecider("Bethal")); - - configureProxy(client); - String answer = bethal.sayHi(); - assertTrue("Unexpected answer: " + answer, - "Bonjour from Bethal".equals(answer)); - assertProxyRequestCount(0); - - - // Nobody will not equal OU=Bethal - MyHttpsTrustDecider trustDecider = - new MyHttpsTrustDecider("Nobody"); - http.setTrustDecider(trustDecider); - try { - answer = bethal.sayHi(); - fail("Unexpected answer from Bethal: " + answer); - } catch (Exception e) { - //e.printStackTrace(); - //assertTrue("Trust Decider was not called", - // 0 > trustDecider.wasCalled()); - } - assertProxyRequestCount(0); - } - - @Test - public void testHttpsTrustRedirect() throws Exception { - startServer("Tarpin"); - startServer("Gordy"); - startServer("Bethal"); - - URL wsdl = getClass().getResource("greeting.wsdl"); - assertNotNull("WSDL is null", wsdl); - - SOAPService service = new SOAPService(wsdl, serviceName); - assertNotNull("Service is null", service); - - Greeter tarpin = service.getPort(tarpinQ, Greeter.class); - assertNotNull("Port is null", tarpin); - updateAddressPort(tarpin, getPort("PORT1")); - - // Okay, I'm sick of configuration files. - // This also tests dynamic configuration of the conduit. - Client client = ClientProxy.getClient(tarpin); - HTTPConduit http = - (HTTPConduit) client.getConduit(); - - HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - - httpClientPolicy.setAutoRedirect(true); - // If we set any name, but Edward, Mary, or George, - // and a password of "password" we will get through - // Bethal. - AuthorizationPolicy authPolicy = new AuthorizationPolicy(); - authPolicy.setUserName("Betty"); - authPolicy.setPassword("password"); - - http.setClient(httpClientPolicy); - http.setTlsClientParameters(tlsClientParameters); - http.setAuthorization(authPolicy); - - // We get redirected from Tarpin, to Gordy, to Bethal. - MyHttpsTrustDecider trustDecider = - new MyHttpsTrustDecider( - new String[] {"Tarpin", "Gordy", "Bethal"}); - http.setTrustDecider(trustDecider); - - // We actually get our answer from Bethal at the end of the - // redirects. - configureProxy(ClientProxy.getClient(tarpin)); - String answer = tarpin.sayHi(); - assertProxyRequestCount(0); - - assertTrue("Trust Decider wasn't called correctly", - 3 == trustDecider.wasCalled()); - assertTrue("Unexpected answer: " + answer, - "Bonjour from Bethal".equals(answer)); - - // Limit the redirects to 1, since there are two, this should fail. - http.getClient().setMaxRetransmits(1); - - try { - answer = tarpin.sayHi(); - fail("Unexpected answer from Tarpin: " + answer); - } catch (Exception e) { - //e.printStackTrace(); - } - assertProxyRequestCount(0); - - // Set back to unlimited. - http.getClient().setMaxRetransmits(-1); - - // Effectively we will not trust Gordy in the middle. - trustDecider = - new MyHttpsTrustDecider( - new String[] {"Tarpin", "Bethal"}); - http.setTrustDecider(trustDecider); - - try { - answer = tarpin.sayHi(); - fail("Unexpected answer from Tarpin: " + answer); - } catch (Exception e) { - //e.printStackTrace(); - assertTrue("Trust Decider wasn't called correctly", - 2 == trustDecider.wasCalled()); - } - assertProxyRequestCount(0); - } - - public class MyBasicAuthSupplier implements HttpAuthSupplier { - - String realm; - String user; - String pass; - - /** - * This will loop from Cronus, to Andromeda, to Zorantius - */ - MyBasicAuthSupplier() { - } - - MyBasicAuthSupplier(String r, String u, String p) { - realm = r; - user = u; - pass = p; - } - - /** - * If we don't have the realm set, then we loop - * through the realms. - */ - public String getAuthorization( - AuthorizationPolicy authPolicy, - URI currentURI, - Message message, - String fullHeader - ) { - String reqestedRealm = new HttpAuthHeader(fullHeader).getRealm(); - if (realm != null && realm.equals(reqestedRealm)) { - return createUserPass(user, pass); - } - if ("Andromeda".equals(reqestedRealm)) { - // This will get us another 401 to Zorantius - return createUserPass("Edward", "password"); - } - if ("Zorantius".equals(reqestedRealm)) { - // George will get us another 401 to Cronus - return createUserPass("George", "password"); - } - if ("Cronus".equals(reqestedRealm)) { - // Mary will get us another 401 to Andromeda - return createUserPass("Mary", "password"); - } - return null; - } - - private String createUserPass(String usr, String pwd) { - String userpass = usr + ":" + pwd; - String token = Base64Utility.encode(userpass.getBytes()); - return "Basic " + token; - } - - public boolean requiresRequestCaching() { - return false; - } - - } - - /** - * This tests redirects through Gordy to Bethal. Bethal will - * supply a series of 401s. See PushBack401. - */ - @Test - public void testHttpsRedirect401Response() throws Exception { - startServer("Gordy"); - startServer("Bethal"); - - URL wsdl = getClass().getResource("greeting.wsdl"); - assertNotNull("WSDL is null", wsdl); - - SOAPService service = new SOAPService(wsdl, serviceName); - assertNotNull("Service is null", service); - - Greeter gordy = service.getPort(gordyQ, Greeter.class); - assertNotNull("Port is null", gordy); - updateAddressPort(gordy, getPort("PORT3")); - - // Okay, I'm sick of configuration files. - // This also tests dynamic configuration of the conduit. - Client client = ClientProxy.getClient(gordy); - HTTPConduit http = - (HTTPConduit) client.getConduit(); - - HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy(); - - httpClientPolicy.setAutoRedirect(true); - http.setClient(httpClientPolicy); - http.setTlsClientParameters(tlsClientParameters); - - // We get redirected from Gordy, to Bethal. - http.setTrustDecider( - new MyHttpsTrustDecider( - new String[] {"Gordy", "Bethal"})); - - // Without preemptive user/pass Bethal returns a - // 401 for realm Cronus. If we supply any name other - // than Edward, George, or Mary, with the pass of "password" - // we should succeed. - http.setAuthSupplier( - new MyBasicAuthSupplier("Cronus", "Betty", "password")); - - // We actually get our answer from Bethal at the end of the - // redirects. - String answer = gordy.sayHi(); - assertTrue("Unexpected answer: " + answer, - "Bonjour from Bethal".equals(answer)); - - // The loop auth supplier, - // We should die with looping realms. - http.setAuthSupplier(new MyBasicAuthSupplier()); - - try { - answer = gordy.sayHi(); - fail("Unexpected answer from Gordy: " + answer); - } catch (Exception e) { - //e.printStackTrace(); - } - } - -} - http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyAuthConduitTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyAuthConduitTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyAuthConduitTest.java deleted file mode 100644 index 2750f21..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyAuthConduitTest.java +++ /dev/null @@ -1,111 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.util.HashMap; -import java.util.concurrent.atomic.AtomicInteger; - -import org.apache.cxf.configuration.security.ProxyAuthorizationPolicy; -import org.apache.cxf.endpoint.Client; -import org.apache.cxf.transport.http.HTTPConduit; -import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; - -import org.jboss.netty.handler.codec.http.HttpRequest; - -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; - -import org.littleshoot.proxy.DefaultHttpProxyServer; -import org.littleshoot.proxy.HttpFilter; -import org.littleshoot.proxy.HttpRequestFilter; -import org.littleshoot.proxy.ProxyAuthorizationHandler; - - -/** - * - */ -public class HTTPSProxyAuthConduitTest extends HTTPSConduitTest { - static final int PROXY_PORT = Integer.parseInt(allocatePort(HTTPSProxyAuthConduitTest.class)); - static DefaultHttpProxyServer proxy; - static CountingFilter requestFilter = new CountingFilter(); - - static class CountingFilter implements HttpRequestFilter { - AtomicInteger count = new AtomicInteger(); - public void filter(HttpRequest httpRequest) { - count.incrementAndGet(); - } - - public void reset() { - count.set(0); - } - public int getCount() { - return count.get(); - } - } - - public HTTPSProxyAuthConduitTest() { - } - - - @AfterClass - public static void stopProxy() { - proxy.stop(); - proxy = null; - } - - @BeforeClass - public static void startProxy() { - proxy = new DefaultHttpProxyServer(PROXY_PORT, requestFilter, new HashMap<String, HttpFilter>()); - proxy.addProxyAuthenticationHandler(new ProxyAuthorizationHandler() { - public boolean authenticate(String userName, String password) { - return "password".equals(password) && "CXF".equals(userName); - } - }); - proxy.start(); - } - @Before - public void resetCount() { - requestFilter.reset(); - } - - public void configureProxy(Client client) { - HTTPConduit cond = (HTTPConduit)client.getConduit(); - HTTPClientPolicy pol = cond.getClient(); - if (pol == null) { - pol = new HTTPClientPolicy(); - cond.setClient(pol); - } - pol.setProxyServer("localhost"); - pol.setProxyServerPort(PROXY_PORT); - ProxyAuthorizationPolicy auth = new ProxyAuthorizationPolicy(); - auth.setUserName("CXF"); - auth.setPassword("password"); - cond.setProxyAuthorization(auth); - } - - public void resetProxyCount() { - requestFilter.reset(); - } - public void assertProxyRequestCount(int i) { - assertEquals("Unexpected request count", i, requestFilter.getCount()); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyConduitTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyConduitTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyConduitTest.java deleted file mode 100644 index 8171576..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSProxyConduitTest.java +++ /dev/null @@ -1,100 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.util.HashMap; -import java.util.concurrent.atomic.AtomicInteger; - -import org.apache.cxf.endpoint.Client; -import org.apache.cxf.transport.http.HTTPConduit; -import org.apache.cxf.transports.http.configuration.HTTPClientPolicy; - -import org.jboss.netty.handler.codec.http.HttpRequest; - -import org.junit.AfterClass; -import org.junit.Before; -import org.junit.BeforeClass; - -import org.littleshoot.proxy.DefaultHttpProxyServer; -import org.littleshoot.proxy.HttpFilter; -import org.littleshoot.proxy.HttpRequestFilter; - - -/** - * - */ -public class HTTPSProxyConduitTest extends HTTPSConduitTest { - static final int PROXY_PORT = Integer.parseInt(allocatePort(HTTPSProxyConduitTest.class)); - static DefaultHttpProxyServer proxy; - static CountingFilter requestFilter = new CountingFilter(); - - static class CountingFilter implements HttpRequestFilter { - AtomicInteger count = new AtomicInteger(); - public void filter(HttpRequest httpRequest) { - count.incrementAndGet(); - } - - public void reset() { - count.set(0); - } - public int getCount() { - return count.get(); - } - } - - public HTTPSProxyConduitTest() { - } - - - @AfterClass - public static void stopProxy() { - proxy.stop(); - proxy = null; - } - - @BeforeClass - public static void startProxy() { - proxy = new DefaultHttpProxyServer(PROXY_PORT, requestFilter, new HashMap<String, HttpFilter>()); - proxy.start(); - } - @Before - public void resetCount() { - requestFilter.reset(); - } - - public void configureProxy(Client client) { - HTTPConduit cond = (HTTPConduit)client.getConduit(); - HTTPClientPolicy pol = cond.getClient(); - if (pol == null) { - pol = new HTTPClientPolicy(); - cond.setClient(pol); - } - pol.setProxyServer("localhost"); - pol.setProxyServerPort(PROXY_PORT); - } - - public void resetProxyCount() { - requestFilter.reset(); - } - public void assertProxyRequestCount(int i) { - assertEquals("Unexpected request count", i, requestFilter.getCount()); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java deleted file mode 100644 index d0fcac9..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/PushBack401.java +++ /dev/null @@ -1,223 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.io.IOException; -import java.io.OutputStream; -import java.net.HttpURLConnection; -import java.util.Arrays; -import java.util.List; -import java.util.Map; - -import org.apache.cxf.common.util.Base64Utility; -import org.apache.cxf.endpoint.Endpoint; -import org.apache.cxf.helpers.IOUtils; -import org.apache.cxf.interceptor.Fault; -import org.apache.cxf.message.Exchange; -import org.apache.cxf.message.Message; -import org.apache.cxf.message.MessageImpl; -import org.apache.cxf.phase.AbstractPhaseInterceptor; -import org.apache.cxf.phase.Phase; -import org.apache.cxf.transport.Conduit; -import org.apache.cxf.transport.http.Headers; - -/* - * This interceptor will issue 401s - * No Authorization Header --> 401 Realm=Cronus - * Username Mary --> 401 Realm=Andromeda - * Username Edward --> 401 Realm=Zorantius - * Username George --> 401 Realm=Cronus - * If the password is not "password" a 401 is issued without - * realm. - */ -public class PushBack401 extends AbstractPhaseInterceptor<Message> { - - PushBack401() { - super(Phase.RECEIVE); - } - - /** - * This function extracts the user:pass token from - * the Authorization:Basic header. It returns a two element - * String array, the first being the userid, the second - * being the password. It returns null, if it cannot parse. - */ - private String[] extractUserPass(String token) { - try { - byte[] userpass = Base64Utility.decode(token); - String up = IOUtils.newStringFromBytes(userpass); - String user = up.substring(0, up.indexOf(':')); - String pass = up.substring(up.indexOf(':') + 1); - return new String[] {user, pass}; - } catch (Exception e) { - return null; - } - - } - - /** - * This function returns the realm which depends on - * the user name, as follows: - * <pre> - * Username Mary --> Andromeda - * Username Edward --> Zorantius - * Username George --> Cronus - * </pre> - * However, if the password is not "password" this function - * throws an exception, regardless. - */ - private String checkUserPass( - String user, - String pass - ) throws Exception { - //System.out.println("Got user: " + user + " pass: " + pass); - if (!"password".equals(pass)) { - throw new Exception("bad password"); - } - if ("Mary".equals(user)) { - return "Andromeda"; - } - if ("Edward".equals(user)) { - return "Zorantius"; - } - if ("George".equals(user)) { - return "Cronus"; - } - return null; - } - - @SuppressWarnings("unchecked") - public void handleMessage(Message message) throws Fault { - - Map<String, List<String>> headers = - (Map<String, List<String>>) - message.get(Message.PROTOCOL_HEADERS); - - List<String> auth = headers.get("Authorization"); - if (auth == null) { - // No Auth Header, respond with 401 Realm=Cronus - replyUnauthorized(message, "Cronus"); - return; - } else { - for (String a : auth) { - if (a.startsWith("Basic ")) { - String[] userpass = - extractUserPass(a.substring("Basic ".length())); - if (userpass != null) { - try { - String realm = - checkUserPass(userpass[0], userpass[1]); - if (realm != null) { - replyUnauthorized(message, realm); - return; - } else { - // Password is good and no realm - // We just return for successful fall thru. - return; - } - } catch (Exception e) { - // Bad Password - replyUnauthorized(message, null); - return; - } - } - } - } - // No Authorization: Basic - replyUnauthorized(message, null); - return; - } - } - - /** - * This function issues a 401 response back down the conduit. - * If the realm is not null, a WWW-Authenticate: Basic realm= - * header is sent. The interceptor chain is aborted stopping - * the Message from going to the servant. - */ - private void replyUnauthorized(Message message, String realm) { - Message outMessage = getOutMessage(message); - outMessage.put(Message.RESPONSE_CODE, - HttpURLConnection.HTTP_UNAUTHORIZED); - - if (realm != null) { - setHeader(outMessage, - "WWW-Authenticate", "Basic realm=" + realm); - } - message.getInterceptorChain().abort(); - try { - getConduit(message).prepare(outMessage); - close(outMessage); - } catch (IOException e) { - //System.out.println("Prepare of message not working." + e); - e.printStackTrace(); - } - } - - /** - * Retrieves/creates the corresponding Outbound Message. - */ - private Message getOutMessage(Message message) { - Exchange exchange = message.getExchange(); - Message outMessage = exchange.getOutMessage(); - if (outMessage == null) { - Endpoint endpoint = exchange.get(Endpoint.class); - outMessage = new MessageImpl(); - outMessage.putAll(message); - outMessage.remove(Message.PROTOCOL_HEADERS); - outMessage.setExchange(exchange); - outMessage = endpoint.getBinding().createMessage(outMessage); - exchange.setOutMessage(outMessage); - } - return outMessage; - } - - /** - * This function sets the header in the PROTOCO_HEADERS of - * the message. - */ - private void setHeader(Message message, String key, String value) { - Map<String, List<String>> responseHeaders = Headers.getSetProtocolHeaders(message); - responseHeaders.put(key, Arrays.asList(new String[] {value})); - } - - /** - * This method retrieves/creates the conduit for the response - * message. - */ - private Conduit getConduit(Message message) throws IOException { - Exchange exchange = message.getExchange(); - Conduit conduit = - exchange.getDestination().getBackChannel(message); - exchange.setConduit(conduit); - return conduit; - } - - /** - * This method closes the output stream associated with the - * message. - */ - private void close(Message message) throws IOException { - OutputStream os = message.getContent(OutputStream.class); - os.flush(); - os.close(); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Server.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Server.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Server.java deleted file mode 100644 index 7832212..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Server.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusTestServerBase; - -public class SSLv3Server extends AbstractBusTestServerBase { - - public SSLv3Server() { - - } - - protected void run() { - URL busFile = Server.class.getResource("sslv3-server.xml"); - Bus busLocal = new SpringBusFactory().createBus(busFile); - BusFactory.setDefaultBus(busLocal); - setBus(busLocal); - - try { - new SSLv3Server(); - } catch (Exception e) { - e.printStackTrace(); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/5ad015a4/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Test.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Test.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Test.java deleted file mode 100644 index 99381e7..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/SSLv3Test.java +++ /dev/null @@ -1,204 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https; - -import java.io.IOException; -import java.net.URL; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.xml.ws.BindingProvider; - -import org.apache.cxf.Bus; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.configuration.jsse.SSLUtils; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; -import org.junit.AfterClass; -import org.junit.BeforeClass; - -/** - * A set of tests SSL v3 protocol support. It should be disallowed by default on both the - * (Jetty) server and CXF client side. - */ -public class SSLv3Test extends AbstractBusClientServerTestBase { - static final String PORT = allocatePort(SSLv3Server.class); - static final String PORT2 = allocatePort(SSLv3Server.class, 2); - static final String PORT3 = allocatePort(SSLv3Server.class, 3); - - @BeforeClass - public static void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(SSLv3Server.class, true) - ); - } - - @AfterClass - public static void cleanup() throws Exception { - stopAllServers(); - } - - @org.junit.Test - public void testSSLv3ServerNotAllowedByDefault() throws Exception { - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - System.setProperty("https.protocols", "SSLv3"); - - URL service = new URL("https://localhost:" + PORT); - HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); - - connection.setHostnameVerifier(new DisableCNCheckVerifier()); - - SSLContext sslContext = SSLContext.getInstance("SSL"); - URL keystore = SSLv3Test.class.getResource("../../../../../keys/Truststore.jks"); - TrustManager[] trustManagers = - SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(), - "PKIX", LogUtils.getL7dLogger(SSLv3Test.class)); - sslContext.init(null, trustManagers, new java.security.SecureRandom()); - - connection.setSSLSocketFactory(sslContext.getSocketFactory()); - - try { - connection.connect(); - fail("Failure expected on an SSLv3 connection attempt"); - } catch (IOException ex) { - // expected - } - - System.clearProperty("https.protocols"); - - bus.shutdown(true); - } - - @org.junit.Test - public void testSSLv3ServerAllowed() throws Exception { - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - System.setProperty("https.protocols", "SSLv3"); - - URL service = new URL("https://localhost:" + PORT2); - HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); - - connection.setHostnameVerifier(new DisableCNCheckVerifier()); - - SSLContext sslContext = SSLContext.getInstance("SSL"); - URL keystore = SSLv3Test.class.getResource("../../../../../keys/Truststore.jks"); - TrustManager[] trustManagers = - SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(), - "PKIX", LogUtils.getL7dLogger(SSLv3Test.class)); - sslContext.init(null, trustManagers, new java.security.SecureRandom()); - - connection.setSSLSocketFactory(sslContext.getSocketFactory()); - - connection.connect(); - - connection.disconnect(); - - System.clearProperty("https.protocols"); - - bus.shutdown(true); - } - - @org.junit.Test - public void testClientSSL3NotAllowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - BindingProvider provider = (BindingProvider)port; - provider.getRequestContext().put("use.async.http.conduit", Boolean.FALSE); - - updateAddressPort(port, PORT3); - - try { - port.greetMe("Kitty"); - fail("Failure expected on the client not supporting SSLv3 by default"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testClientSSL3Allowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - BindingProvider provider = (BindingProvider)port; - provider.getRequestContext().put("use.async.http.conduit", Boolean.FALSE); - - updateAddressPort(port, PORT3); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - private static final class DisableCNCheckVerifier implements HostnameVerifier { - - @Override - public boolean verify(String arg0, SSLSession arg1) { - return true; - } - - }; -}