Enable protocol support for async http clients
Conflicts:
systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/49b9c830
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/49b9c830
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/49b9c830
Branch: refs/heads/2.7.x-fixes
Commit: 49b9c830e9dcfd288d3956dbc6f7f9b36cc59501
Parents: 07222f5
Author: Colm O hEigeartaigh <[email protected]>
Authored: Fri Dec 19 11:28:58 2014 +0000
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Fri Dec 19 12:27:44 2014 +0000
----------------------------------------------------------------------
.../http/asyncclient/AsyncHTTPConduit.java | 23 ++
.../cxf/systest/https/ssl3/SSLv3Test.java | 255 +++++++++++++++++++
2 files changed, 278 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/49b9c830/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
----------------------------------------------------------------------
diff --git
a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
index e4d8b22..b05eb10 100644
---
a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
+++
b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java
@@ -846,6 +846,29 @@ public class AsyncHTTPConduit extends
URLConnectionHTTPConduit {
SSLUtils.getSupportedCipherSuites(sslcontext),
tlsClientParameters.getCipherSuitesFilter(), LOG, false);
sslengine.setEnabledCipherSuites(cipherSuites);
+
+ String protocol = tlsClientParameters.getSecureSocketProtocol() !=
null ? tlsClientParameters
+ .getSecureSocketProtocol() : "TLS";
+
+ String p[] = findProtocols(protocol,
sslengine.getSupportedProtocols());
+ if (p != null) {
+ sslengine.setEnabledProtocols(p);
+ }
+ }
+
+ private String[] findProtocols(String p, String[] options) {
+ List<String> list = new ArrayList<String>();
+ for (String s : options) {
+ if (s.equals(p)) {
+ return new String[] {p};
+ } else if (s.startsWith(p)) {
+ list.add(s);
+ }
+ }
+ if (list.isEmpty()) {
+ return null;
+ }
+ return list.toArray(new String[list.size()]);
}
protected static KeyManager[]
getKeyManagersWithCertAlias(TLSClientParameters tlsClientParameters,
http://git-wip-us.apache.org/repos/asf/cxf/blob/49b9c830/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java
----------------------------------------------------------------------
diff --git
a/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java
new file mode 100644
index 0000000..169a13d
--- /dev/null
+++
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java
@@ -0,0 +1,255 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.https.ssl3;
+
+import java.io.IOException;
+import java.net.URL;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import javax.net.ssl.TrustManager;
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.configuration.jsse.SSLUtils;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+
+/**
+ * A set of tests SSL v3 protocol support. It should be disallowed by default
on both the
+ * (Jetty) server and CXF client side.
+ */
+public class SSLv3Test extends AbstractBusClientServerTestBase {
+ static final String PORT = allocatePort(SSLv3Server.class);
+ static final String PORT2 = allocatePort(SSLv3Server.class, 2);
+ static final String PORT3 = allocatePort(SSLv3Server.class, 3);
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(SSLv3Server.class, true)
+ );
+ }
+
+ @AfterClass
+ public static void cleanup() throws Exception {
+ stopAllServers();
+ }
+
+ @org.junit.Test
+ public void testSSLv3ServerNotAllowedByDefault() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ System.setProperty("https.protocols", "SSLv3");
+
+ URL service = new URL("https://localhost:"; + PORT);
+ HttpsURLConnection connection = (HttpsURLConnection)
service.openConnection();
+
+ connection.setHostnameVerifier(new DisableCNCheckVerifier());
+
+ SSLContext sslContext = SSLContext.getInstance("SSL");
+ URL keystore =
SSLv3Test.class.getResource("../../../../../../keys/Truststore.jks");
+ TrustManager[] trustManagers =
+ SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(),
+ "PKIX",
LogUtils.getL7dLogger(SSLv3Test.class));
+ sslContext.init(null, trustManagers, new java.security.SecureRandom());
+
+ connection.setSSLSocketFactory(sslContext.getSocketFactory());
+
+ try {
+ connection.connect();
+ fail("Failure expected on an SSLv3 connection attempt");
+ } catch (IOException ex) {
+ // expected
+ }
+
+ System.clearProperty("https.protocols");
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testSSLv3ServerAllowed() throws Exception {
+
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ System.setProperty("https.protocols", "SSLv3");
+
+ URL service = new URL("https://localhost:"; + PORT2);
+ HttpsURLConnection connection = (HttpsURLConnection)
service.openConnection();
+
+ connection.setHostnameVerifier(new DisableCNCheckVerifier());
+
+ SSLContext sslContext = SSLContext.getInstance("SSL");
+ URL keystore =
SSLv3Test.class.getResource("../../../../../../keys/Truststore.jks");
+ TrustManager[] trustManagers =
+ SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(),
+ "PKIX",
LogUtils.getL7dLogger(SSLv3Test.class));
+ sslContext.init(null, trustManagers, new java.security.SecureRandom());
+
+ connection.setSSLSocketFactory(sslContext.getSocketFactory());
+
+ connection.connect();
+
+ connection.disconnect();
+
+ System.clearProperty("https.protocols");
+
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testClientSSL3NotAllowed() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT3);
+
+ try {
+ port.greetMe("Kitty");
+ fail("Failure expected on the client not supporting SSLv3 by
default");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testAsyncClientSSL3NotAllowed() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ // Enable Async
+
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+
+ updateAddressPort(port, PORT3);
+
+ try {
+ port.greetMe("Kitty");
+ fail("Failure expected on the client not supporting SSLv3 by
default");
+ } catch (Exception ex) {
+ // expected
+ }
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testClientSSL3Allowed() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ updateAddressPort(port, PORT3);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ @org.junit.Test
+ public void testAsyncClientSSL3Allowed() throws Exception {
+ SpringBusFactory bf = new SpringBusFactory();
+ URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml");
+
+ Bus bus = bf.createBus(busFile.toString());
+ SpringBusFactory.setDefaultBus(bus);
+ SpringBusFactory.setThreadDefaultBus(bus);
+
+ URL url = SOAPService.WSDL_LOCATION;
+ SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+ assertNotNull("Service is null", service);
+ final Greeter port = service.getHttpsPort();
+ assertNotNull("Port is null", port);
+
+ // Enable Async
+
((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true);
+
+ updateAddressPort(port, PORT3);
+
+ assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+
+ ((java.io.Closeable)port).close();
+ bus.shutdown(true);
+ }
+
+ private static final class DisableCNCheckVerifier implements
HostnameVerifier {
+
+ @Override
+ public boolean verify(String arg0, SSLSession arg1) {
+ return true;
+ }
+
+ };
+}
