Fixing merge
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/1798afb8 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/1798afb8 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/1798afb8 Branch: refs/heads/2.7.x-fixes Commit: 1798afb80ccc53fd6c76b5352372c5d80f55754d Parents: baeea67 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Mar 13 17:26:10 2015 +0000 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Mar 13 17:26:10 2015 +0000 ---------------------------------------------------------------------- .../apache/cxf/configuration/jsse/SSLUtils.java | 25 +- .../apache/cxf/configuration/jsse/SSLUtils.java | 742 ------------------- .../https/ciphersuites/CipherSuitesTest.java | 418 ----------- .../ciphersuites-explicit-client.xml | 37 - .../https/ciphersuites/ciphersuites-server.xml | 117 --- 5 files changed, 14 insertions(+), 1325 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java ---------------------------------------------------------------------- diff --git a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java index 81994f8..4b0bee1 100644 --- a/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ b/api/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java @@ -452,17 +452,21 @@ public final class SSLUtils { String[] supportedCipherSuites, FiltersType filters, Logger log, boolean exclude) { - String[] cipherSuites = null; - if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { - cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude); - return cipherSuites; - } + // First check the "include" case only. If we have defined explicit "cipherSuite" + // configuration, then just return these. Otherwise see if we have defined ciphersuites + // via a system property. if (!exclude) { - cipherSuites = getSystemCiphersuites(log); - if (cipherSuites != null) { - return cipherSuites; + if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { + return getCiphersFromList(cipherSuitesList, log, exclude); + } else { + String[] cipherSuites = getSystemCiphersuites(log); + if (cipherSuites != null) { + return cipherSuites; + } } } + + // Otherwise check the "include/exclude" cipherSuiteFilter configuration LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET"); if (filters == null) { LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET"); @@ -502,11 +506,10 @@ public final class SSLUtils { "CIPHERSUITES_EXCLUDED", excludedCipherSuites); if (exclude) { - cipherSuites = getCiphersFromList(excludedCipherSuites, log, exclude); + return getCiphersFromList(excludedCipherSuites, log, exclude); } else { - cipherSuites = getCiphersFromList(filteredCipherSuites, log, exclude); + return getCiphersFromList(filteredCipherSuites, log, exclude); } - return cipherSuites; } private static String[] getSystemCiphersuites(Logger log) { http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java deleted file mode 100644 index ebae85d..0000000 --- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java +++ /dev/null @@ -1,742 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.configuration.jsse; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.DataInputStream; -import java.io.File; -import java.io.FileInputStream; -import java.io.IOException; -import java.lang.reflect.Method; -import java.security.KeyManagementException; -import java.security.KeyStore; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.logging.Level; -import java.util.logging.Logger; -import java.util.regex.Matcher; -import java.util.regex.Pattern; - -import javax.net.ssl.KeyManager; -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.common.util.SystemPropertyAction; -import org.apache.cxf.configuration.security.FiltersType; - - -/** - * Holder for utility methods related to manipulating SSL settings, common - * to the connection and listener factories (previously duplicated). - */ -public final class SSLUtils { - - static final String PKCS12_TYPE = "PKCS12"; - - private static final String DEFAULT_KEYSTORE_TYPE = "PKCS12"; - private static final String DEFAULT_TRUST_STORE_TYPE = "JKS"; - private static final String DEFAULT_SECURE_SOCKET_PROTOCOL = "TLSv1"; - private static final String CERTIFICATE_FACTORY_TYPE = "X.509"; - - private static final String HTTPS_CIPHER_SUITES = "https.cipherSuites"; - - private static final boolean DEFAULT_REQUIRE_CLIENT_AUTHENTICATION = false; - private static final boolean DEFAULT_WANT_CLIENT_AUTHENTICATION = true; - - private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_INCLUDE = - Arrays.asList(new String[] {".*"}); - /** - * By default, exclude NULL, anon, EXPORT, DES ciphersuites - */ - private static final List<String> DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE = - Arrays.asList(new String[] {".*_NULL_.*", - ".*_anon_.*", - ".*_EXPORT_.*", - ".*_DES_.*"}); - - private static volatile KeyManager[] defaultManagers; - - private SSLUtils() { - } - - public static KeyManager[] getKeyStoreManagers( - String keyStoreLocation, - String keyStoreType, - String keyStorePassword, - String keyPassword, - String keyStoreMgrFactoryAlgorithm, - String secureSocketProtocol, - Logger log) - throws Exception { - //TODO for performance reasons we should cache - // the KeymanagerFactory and TrustManagerFactory - if ((keyStorePassword != null) - && (keyPassword != null) - && (!keyStorePassword.equals(keyPassword))) { - LogUtils.log(log, - Level.WARNING, - "KEY_PASSWORD_NOT_SAME_KEYSTORE_PASSWORD"); - } - KeyManager[] keystoreManagers = null; - KeyManagerFactory kmf = - KeyManagerFactory.getInstance(keyStoreMgrFactoryAlgorithm); - KeyStore ks = KeyStore.getInstance(keyStoreType); - - if (keyStoreType.equalsIgnoreCase(PKCS12_TYPE)) { - DataInputStream dis = null; - byte[] bytes = null; - try { - FileInputStream fis = new FileInputStream(keyStoreLocation); - dis = new DataInputStream(fis); - bytes = new byte[dis.available()]; - dis.readFully(bytes); - } finally { - if (dis != null) { - dis.close(); - } - } - ByteArrayInputStream bin = new ByteArrayInputStream(bytes); - - if (keyStorePassword != null) { - keystoreManagers = loadKeyStore(kmf, - ks, - bin, - keyStoreLocation, - keyStorePassword, - log); - } - } else { - byte[] sslCert = loadClientCredential(keyStoreLocation); - - if (sslCert != null && sslCert.length > 0 && keyStorePassword != null) { - ByteArrayInputStream bin = new ByteArrayInputStream(sslCert); - keystoreManagers = loadKeyStore(kmf, - ks, - bin, - keyStoreLocation, - keyStorePassword, - log); - } - } - if ((keyStorePassword == null) && (keyStoreLocation != null)) { - LogUtils.log(log, Level.WARNING, - "FAILED_TO_LOAD_KEYSTORE_NULL_PASSWORD", - keyStoreLocation); - } - return keystoreManagers; - } - - public static KeyManager[] getDefaultKeyStoreManagers(Logger log) { - if (defaultManagers == null) { - loadDefaultKeyManagers(log); - } - if (defaultManagers.length == 0) { - return null; - } - return defaultManagers; - } - private static synchronized void loadDefaultKeyManagers(Logger log) { - if (defaultManagers != null) { - return; - } - - String location = getKeystore(null, log); - String keyStorePassword = getKeystorePassword(null, log); - String keyPassword = getKeyPassword(null, log); - FileInputStream fis = null; - - try { - File file = new File(location); - if (file.exists()) { - KeyManagerFactory kmf = - KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); - KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); - - fis = new FileInputStream(file); - ks.load(fis, (keyStorePassword != null) ? keyStorePassword.toCharArray() : null); - kmf.init(ks, (keyPassword != null) ? keyPassword.toCharArray() : null); - defaultManagers = kmf.getKeyManagers(); - } else { - log.log(Level.FINER, "No default keystore {0}", location); - defaultManagers = new KeyManager[0]; - } - } catch (Exception e) { - log.log(Level.WARNING, "Default key managers cannot be initialized: " + e.getMessage(), e); - defaultManagers = new KeyManager[0]; - } finally { - if (fis != null) { - try { - fis.close(); - } catch (IOException e) { - log.warning("Keystore stream cannot be closed: " + e.getMessage()); - } - } - } - } - - public static KeyManager[] loadKeyStore(KeyManagerFactory kmf, - KeyStore ks, - ByteArrayInputStream bin, - String keyStoreLocation, - String keyStorePassword, - Logger log) { - KeyManager[] keystoreManagers = null; - try { - ks.load(bin, keyStorePassword.toCharArray()); - kmf.init(ks, keyStorePassword.toCharArray()); - keystoreManagers = kmf.getKeyManagers(); - LogUtils.log(log, - Level.FINE, - "LOADED_KEYSTORE", - keyStoreLocation); - } catch (Exception e) { - LogUtils.log(log, - Level.WARNING, - "FAILED_TO_LOAD_KEYSTORE", - new Object[]{keyStoreLocation, e.getMessage()}); - } - return keystoreManagers; - } - - public static TrustManager[] getTrustStoreManagers( - boolean pkcs12, - String trustStoreType, - String trustStoreLocation, - String trustStoreMgrFactoryAlgorithm, - Logger log) - throws Exception { - // ********************** Load Trusted CA file ********************** - - KeyStore trustedCertStore = KeyStore.getInstance(trustStoreType); - - if (pkcs12) { - //TODO could support multiple trust cas - - trustedCertStore.load(null, "".toCharArray()); - CertificateFactory cf = CertificateFactory.getInstance(CERTIFICATE_FACTORY_TYPE); - byte[] caCert = loadCACert(trustStoreLocation); - try { - if (caCert != null) { - ByteArrayInputStream cabin = new ByteArrayInputStream(caCert); - X509Certificate cert = (X509Certificate)cf.generateCertificate(cabin); - trustedCertStore.setCertificateEntry(cert.getIssuerDN().toString(), cert); - cabin.close(); - } - } catch (Exception e) { - LogUtils.log(log, Level.WARNING, "FAILED_TO_LOAD_TRUST_STORE", - new Object[]{trustStoreLocation, e.getMessage()}); - } - } else { - FileInputStream trustStoreInputStream = null; - try { - trustStoreInputStream = new FileInputStream(trustStoreLocation); - trustedCertStore.load(trustStoreInputStream, null); - } finally { - if (trustStoreInputStream != null) { - trustStoreInputStream.close(); - } - } - } - - TrustManagerFactory tmf = - TrustManagerFactory.getInstance(trustStoreMgrFactoryAlgorithm); - tmf.init(trustedCertStore); - LogUtils.log(log, Level.FINE, "LOADED_TRUST_STORE", trustStoreLocation); - return tmf.getTrustManagers(); - } - - protected static byte[] loadClientCredential(String fileName) throws IOException { - if (fileName == null) { - return null; - } - FileInputStream in = null; - try { - in = new FileInputStream(fileName); - ByteArrayOutputStream out = new ByteArrayOutputStream(); - byte[] buf = new byte[512]; - int i = in.read(buf); - while (i > 0) { - out.write(buf, 0, i); - i = in.read(buf); - } - return out.toByteArray(); - } finally { - if (in != null) { - in.close(); - } - } - } - - protected static byte[] loadCACert(String fileName) throws IOException { - if (fileName == null) { - return null; - } - FileInputStream in = null; - try { - in = new FileInputStream(fileName); - ByteArrayOutputStream out = new ByteArrayOutputStream(); - byte[] buf = new byte[512]; - int i = in.read(buf); - - while (i > 0) { - out.write(buf, 0, i); - i = in.read(buf); - } - return out.toByteArray(); - } finally { - if (in != null) { - in.close(); - } - } - } - - public static String getKeystore(String keyStoreLocation, Logger log) { - String logMsg = null; - if (keyStoreLocation != null) { - logMsg = "KEY_STORE_SET"; - } else { - keyStoreLocation = SystemPropertyAction.getProperty("javax.net.ssl.keyStore"); - if (keyStoreLocation != null) { - logMsg = "KEY_STORE_SYSTEM_PROPERTY_SET"; - } else { - keyStoreLocation = - SystemPropertyAction.getProperty("user.home") + "/.keystore"; - logMsg = "KEY_STORE_NOT_SET"; - } - } - LogUtils.log(log, Level.FINE, logMsg, keyStoreLocation); - return keyStoreLocation; - } - - public static String getKeystoreType(String keyStoreType, Logger log) { - return getKeystoreType(keyStoreType, log, DEFAULT_KEYSTORE_TYPE); - } - public static String getKeystoreType(String keyStoreType, Logger log, String def) { - String logMsg = null; - if (keyStoreType != null) { - logMsg = "KEY_STORE_TYPE_SET"; - } else { - keyStoreType = SystemPropertyAction.getProperty("javax.net.ssl.keyStoreType", null); - if (keyStoreType == null) { - keyStoreType = def; - logMsg = "KEY_STORE_TYPE_NOT_SET"; - } else { - logMsg = "KEY_STORE_TYPE_SYSTEM_SET"; - } - } - LogUtils.log(log, Level.FINE, logMsg, keyStoreType); - return keyStoreType; - } - public static String getKeystoreProvider(String keyStoreProvider, Logger log) { - String logMsg = null; - if (keyStoreProvider != null) { - logMsg = "KEY_STORE_PROVIDER_SET"; - } else { - keyStoreProvider = SystemPropertyAction.getProperty("javax.net.ssl.keyStoreProvider", null); - if (keyStoreProvider == null) { - logMsg = "KEY_STORE_PROVIDER_NOT_SET"; - } else { - logMsg = "KEY_STORE_PROVIDER_SYSTEM_SET"; - } - } - LogUtils.log(log, Level.FINE, logMsg, keyStoreProvider); - return keyStoreProvider; - } - - public static String getKeystorePassword(String keyStorePassword, - Logger log) { - String logMsg = null; - if (keyStorePassword != null) { - logMsg = "KEY_STORE_PASSWORD_SET"; - } else { - keyStorePassword = - SystemPropertyAction.getProperty("javax.net.ssl.keyStorePassword"); - logMsg = keyStorePassword != null - ? "KEY_STORE_PASSWORD_SYSTEM_PROPERTY_SET" - : "KEY_STORE_PASSWORD_NOT_SET"; - } - LogUtils.log(log, Level.FINE, logMsg); - return keyStorePassword; - } - - public static String getKeyPassword(String keyPassword, Logger log) { - String logMsg = null; - if (keyPassword != null) { - logMsg = "KEY_PASSWORD_SET"; - } else { - keyPassword = - SystemPropertyAction.getProperty("javax.net.ssl.keyPassword"); - if (keyPassword == null) { - keyPassword = - SystemPropertyAction.getProperty("javax.net.ssl.keyStorePassword"); - } - logMsg = keyPassword != null - ? "KEY_PASSWORD_SYSTEM_PROPERTY_SET" - : "KEY_PASSWORD_NOT_SET"; - } - LogUtils.log(log, Level.FINE, logMsg); - return keyPassword; - } - - public static String getKeystoreAlgorithm( - String keyStoreMgrFactoryAlgorithm, - Logger log) { - String logMsg = null; - if (keyStoreMgrFactoryAlgorithm != null) { - logMsg = "KEY_STORE_ALGORITHM_SET"; - } else { - keyStoreMgrFactoryAlgorithm = - KeyManagerFactory.getDefaultAlgorithm(); - logMsg = "KEY_STORE_ALGORITHM_NOT_SET"; - } - LogUtils.log(log, Level.FINE, logMsg, keyStoreMgrFactoryAlgorithm); - return keyStoreMgrFactoryAlgorithm; - } - - public static String getTrustStoreAlgorithm( - String trustStoreMgrFactoryAlgorithm, - Logger log) { - String logMsg = null; - if (trustStoreMgrFactoryAlgorithm != null) { - logMsg = "TRUST_STORE_ALGORITHM_SET"; - } else { - trustStoreMgrFactoryAlgorithm = - TrustManagerFactory.getDefaultAlgorithm(); - logMsg = "TRUST_STORE_ALGORITHM_NOT_SET"; - } - LogUtils.log(log, Level.FINE, logMsg, trustStoreMgrFactoryAlgorithm); - return trustStoreMgrFactoryAlgorithm; - } - - public static SSLContext getSSLContext(String protocol, - KeyManager[] keyStoreManagers, - TrustManager[] trustStoreManagers) - throws NoSuchAlgorithmException, KeyManagementException { - SSLContext ctx = SSLContext.getInstance(protocol); - ctx.init(keyStoreManagers, trustStoreManagers, null); - return ctx; - } - - public static String[] getSupportedCipherSuites(SSLContext context) { - return context.getSocketFactory().getSupportedCipherSuites(); - } - - public static String[] getServerSupportedCipherSuites(SSLContext context) { - return context.getServerSocketFactory().getSupportedCipherSuites(); - } - - public static String[] getCiphersuites(List<String> cipherSuitesList, - String[] supportedCipherSuites, - FiltersType filters, - Logger log, boolean exclude) { - - // First check the "include" case only. If we have defined explicit "cipherSuite" - // configuration, then just return these. Otherwise see if we have defined ciphersuites - // via a system property. - if (!exclude) { - if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) { - return getCiphersFromList(cipherSuitesList, log, exclude); - } else { - String[] cipherSuites = getSystemCiphersuites(log); - if (cipherSuites != null) { - return cipherSuites; - } - } - } - - // Otherwise check the "include/exclude" cipherSuiteFilter configuration - - LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET"); - if (filters == null) { - LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET"); - } - List<String> filteredCipherSuites = new ArrayList<String>(); - List<String> excludedCipherSuites = new ArrayList<String>(); - List<Pattern> includes = - filters != null - ? compileRegexPatterns(filters.getInclude(), true, log) - : compileRegexPatterns(DEFAULT_CIPHERSUITE_FILTERS_INCLUDE, true, log); - List<Pattern> excludes = - filters != null - ? compileRegexPatterns(filters.getExclude(), false, log) - : compileRegexPatterns(DEFAULT_CIPHERSUITE_FILTERS_EXCLUDE, true, log); - for (int i = 0; i < supportedCipherSuites.length; i++) { - if (matchesOneOf(supportedCipherSuites[i], includes) - && !matchesOneOf(supportedCipherSuites[i], excludes)) { - LogUtils.log(log, - Level.FINE, - "CIPHERSUITE_INCLUDED", - supportedCipherSuites[i]); - filteredCipherSuites.add(supportedCipherSuites[i]); - } else { - LogUtils.log(log, - Level.FINE, - "CIPHERSUITE_EXCLUDED", - supportedCipherSuites[i]); - excludedCipherSuites.add(supportedCipherSuites[i]); - } - } - LogUtils.log(log, - Level.FINE, - "CIPHERSUITES_FILTERED", - filteredCipherSuites); - LogUtils.log(log, - Level.FINE, - "CIPHERSUITES_EXCLUDED", - excludedCipherSuites); - if (exclude) { - return getCiphersFromList(excludedCipherSuites, log, exclude); - } else { - return getCiphersFromList(filteredCipherSuites, log, exclude); - } - } - - private static String[] getSystemCiphersuites(Logger log) { - String jvmCipherSuites = System.getProperty(HTTPS_CIPHER_SUITES); - if ((jvmCipherSuites != null) && (!jvmCipherSuites.isEmpty())) { - LogUtils.log(log, Level.FINE, "CIPHERSUITES_SYSTEM_PROPERTY_SET", jvmCipherSuites); - return jvmCipherSuites.split(","); - } else { - return null; - } - - } - - private static List<Pattern> compileRegexPatterns(List<String> regexes, - boolean include, - Logger log) { - List<Pattern> patterns = new ArrayList<Pattern>(); - if (regexes != null) { - String msg = include - ? "CIPHERSUITE_INCLUDE_FILTER" - : "CIPHERSUITE_EXCLUDE_FILTER"; - for (String s : regexes) { - LogUtils.log(log, Level.FINE, msg, s); - patterns.add(Pattern.compile(s)); - } - } - return patterns; - } - - private static boolean matchesOneOf(String s, List<Pattern> patterns) { - boolean matches = false; - if (patterns != null) { - for (Pattern pattern : patterns) { - Matcher matcher = pattern.matcher(s); - if (matcher.matches()) { - matches = true; - break; - } - } - } - return matches; - } - - private static String[] getCiphersFromList(List<String> cipherSuitesList, - Logger log, - boolean exclude) { - int numCipherSuites = cipherSuitesList.size(); - String[] cipherSuites = cipherSuitesList.toArray(new String[numCipherSuites]); - if (log.isLoggable(Level.FINE)) { - StringBuilder ciphsStr = new StringBuilder(); - for (String s : cipherSuites) { - if (ciphsStr.length() != 0) { - ciphsStr.append(", "); - } - ciphsStr.append(s); - } - LogUtils.log(log, Level.FINE, - exclude ? "CIPHERSUITES_EXCLUDED" : "CIPHERSUITES_SET", ciphsStr.toString()); - } - return cipherSuites; - } - - public static String getTrustStore(String trustStoreLocation, Logger log) { - String logMsg = null; - if (trustStoreLocation != null) { - logMsg = "TRUST_STORE_SET"; - } else { - trustStoreLocation = SystemPropertyAction.getProperty("javax.net.ssl.trustStore"); - if (trustStoreLocation != null) { - logMsg = "TRUST_STORE_SYSTEM_PROPERTY_SET"; - } else { - trustStoreLocation = - SystemPropertyAction.getProperty("java.home") + "/lib/security/cacerts"; - logMsg = "TRUST_STORE_NOT_SET"; - } - } - LogUtils.log(log, Level.FINE, logMsg, trustStoreLocation); - return trustStoreLocation; - } - - public static String getTrustStoreType(String trustStoreType, Logger log) { - String logMsg = null; - if (trustStoreType != null) { - logMsg = "TRUST_STORE_TYPE_SET"; - } else { - //Can default to JKS - trustStoreType = SystemPropertyAction.getProperty("javax.net.ssl.trustStoreType"); - if (trustStoreType == null) { - trustStoreType = DEFAULT_TRUST_STORE_TYPE; - logMsg = "TRUST_STORE_TYPE_NOT_SET"; - } else { - logMsg = "TRUST_STORE_TYPE_SYSTEM_SET"; - } - } - LogUtils.log(log, Level.FINE, logMsg, trustStoreType); - return trustStoreType; - } - - public static String getSecureSocketProtocol(String secureSocketProtocol, - Logger log) { - if (secureSocketProtocol != null) { - LogUtils.log(log, - Level.FINE, - "SECURE_SOCKET_PROTOCOL_SET", - secureSocketProtocol); - } else { - LogUtils.log(log, Level.FINE, "SECURE_SOCKET_PROTOCOL_NOT_SET"); - secureSocketProtocol = DEFAULT_SECURE_SOCKET_PROTOCOL; - } - return secureSocketProtocol; - } - - public static boolean getRequireClientAuthentication( - boolean isSetRequireClientAuthentication, - Boolean isRequireClientAuthentication, - Logger log) { - boolean requireClientAuthentication = - DEFAULT_REQUIRE_CLIENT_AUTHENTICATION; - if (isSetRequireClientAuthentication) { - requireClientAuthentication = - isRequireClientAuthentication.booleanValue(); - LogUtils.log(log, - Level.FINE, - "REQUIRE_CLIENT_AUTHENTICATION_SET", - requireClientAuthentication); - } else { - LogUtils.log(log, - Level.WARNING, - "REQUIRE_CLIENT_AUTHENTICATION_NOT_SET"); - } - return requireClientAuthentication; - } - - public static boolean getWantClientAuthentication( - boolean isSetWantClientAuthentication, - Boolean isWantClientAuthentication, - Logger log) { - boolean wantClientAuthentication = - DEFAULT_WANT_CLIENT_AUTHENTICATION; - if (isSetWantClientAuthentication) { - wantClientAuthentication = - isWantClientAuthentication.booleanValue(); - LogUtils.log(log, - Level.FINE, - "WANT_CLIENT_AUTHENTICATION_SET", - wantClientAuthentication); - } else { - LogUtils.log(log, - Level.WARNING, - "WANT_CLIENT_AUTHENTICATION_NOT_SET"); - } - return wantClientAuthentication; - } - - - - public static void logUnSupportedPolicies(Object policy, - boolean client, - String[] unsupported, - Logger log) { - for (int i = 0; i < unsupported.length; i++) { - try { - Method method = policy.getClass().getMethod("isSet" + unsupported[i]); - boolean isSet = - ((Boolean)method.invoke(policy, (Object[])null)).booleanValue(); - logUnSupportedPolicy(isSet, client, unsupported[i], log); - } catch (Exception e) { - // ignore - } - } - } - - private static void logUnSupportedPolicy(boolean isSet, - boolean client, - String policy, - Logger log) { - if (isSet) { - LogUtils.log(log, - Level.WARNING, - client - ? "UNSUPPORTED_SSL_CLIENT_POLICY_DATA" - : "UNSUPPORTED_SSL_SERVER_POLICY_DATA", - policy); - } - } - - public static boolean testAllDataHasSetupMethod(Object policy, - String[] unsupported, - String[] derivative) { - Method[] sslPolicyMethods = policy.getClass().getDeclaredMethods(); - Method[] methods = SSLUtils.class.getMethods(); - boolean ok = true; - - for (int i = 0; i < sslPolicyMethods.length && ok; i++) { - String sslPolicyMethodName = sslPolicyMethods[i].getName(); - if (sslPolicyMethodName.startsWith("isSet")) { - String dataName = - sslPolicyMethodName.substring("isSet".length(), - sslPolicyMethodName.length()); - String thisMethodName = "get" + dataName; - ok = hasMethod(methods, thisMethodName) - || isExcluded(unsupported, dataName) - || isExcluded(derivative, dataName); - } - } - return ok; - } - - private static boolean hasMethod(Method[] methods, String methodName) { - boolean found = false; - for (int i = 0; i < methods.length && !found; i++) { - found = methods[i].getName().equals(methodName); - } - return found; - } - - private static boolean isExcluded(String[] excluded, - String dataName) { - boolean found = false; - for (int i = 0; i < excluded.length && !found; i++) { - found = excluded[i].equals(dataName); - } - return found; - - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java deleted file mode 100644 index 3a93002..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java +++ /dev/null @@ -1,418 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https.ciphersuites; - -import java.net.URL; - -import javax.xml.ws.BindingProvider; - -import org.apache.cxf.Bus; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; -import org.junit.AfterClass; -import org.junit.BeforeClass; - -/** - * A set of tests for TLS ciphersuites - */ -public class CipherSuitesTest extends AbstractBusClientServerTestBase { - static final String PORT = allocatePort(CipherSuitesServer.class); - static final String PORT2 = allocatePort(CipherSuitesServer.class, 2); - static final String PORT3 = allocatePort(CipherSuitesServer.class, 3); - static final String PORT4 = allocatePort(CipherSuitesServer.class, 4); - - @BeforeClass - public static void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(CipherSuitesServer.class, true) - ); - } - - @AfterClass - public static void cleanup() throws Exception { - stopAllServers(); - } - - // Both client + server include AES - @org.junit.Test - public void testAESIncluded() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Both client + server include AES - @org.junit.Test - public void testAESIncludedAsync() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Both client + server include a specific AES CipherSuite (not via a filter) - @org.junit.Test - public void testAESIncludedExplicitly() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-explicit-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT4); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client only includes RC4, server only includes AES - @org.junit.Test - public void testClientRC4ServerAESIncluded() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT); - - try { - port.greetMe("Kitty"); - fail("Failure expected on not being able to negotiate a cipher suite"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client only includes RC4, server only includes AES - @org.junit.Test - public void testClientRC4ServerAESIncludedAsync() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT); - - try { - port.greetMe("Kitty"); - fail("Failure expected on not being able to negotiate a cipher suite"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Both client + server include RC4 - @org.junit.Test - public void testRC4Included() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT2); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Both client + server include RC4 - @org.junit.Test - public void testRC4IncludedAsync() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-rc4-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT2); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client only includes AES, server only includes RC4 - @org.junit.Test - public void testClientAESServerRC4Included() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT2); - - try { - port.greetMe("Kitty"); - fail("Failure expected on not being able to negotiate a cipher suite"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client only includes AES, server only includes RC4 - @org.junit.Test - public void testClientAESServerRC4IncludedAsync() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT2); - - try { - port.greetMe("Kitty"); - fail("Failure expected on not being able to negotiate a cipher suite"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Both client + server include NULL - @org.junit.Test - public void testNULLIncluded() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-null-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT3); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Both client + server include NULL - @org.junit.Test - public void testNULLIncludedAsync() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-null-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT3); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client does not allow NULL - @org.junit.Test - public void testClientAESServerNULL() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT3); - - try { - port.greetMe("Kitty"); - fail("Failure expected on not being able to negotiate a cipher suite"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - // Client does not allow NULL - @org.junit.Test - public void testClientAESServerNULLAsync() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = CipherSuitesTest.class.getResource("ciphersuites-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT3); - - try { - port.greetMe("Kitty"); - fail("Failure expected on not being able to negotiate a cipher suite"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - -} http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml deleted file mode 100644 index fcd9424..0000000 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml +++ /dev/null @@ -1,37 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> - - <cxf:bus> - <cxf:features> - <cxf:logging/> - </cxf:features> - </cxf:bus> - <http:conduit name="https://localhost:.*";> - <http:tlsClientParameters disableCNCheck="true"> - <sec:trustManagers> - <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> - </sec:trustManagers> - <sec:cipherSuites> - <sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA</sec:cipherSuite> - </sec:cipherSuites> - </http:tlsClientParameters> - </http:conduit> -</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/1798afb8/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml deleted file mode 100644 index 6ce8b0a..0000000 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml +++ /dev/null @@ -1,117 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; xmlns:sec="http://cxf.apache.org/configuration/security"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa che.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> - <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> - <cxf:bus> - <cxf:features> - <cxf:logging/> - </cxf:features> - </cxf:bus> - - <httpj:engine-factory id="aes-tls-settings"> - <httpj:engine port="${testutil.ports.CipherSuitesServer}"> - <httpj:tlsServerParameters> - <sec:keyManagers keyPassword="password"> - <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> - </sec:keyManagers> - <sec:clientAuthentication want="false" required="false"/> - <sec:cipherSuitesFilter> - <sec:include>.*_WITH_AES_.*</sec:include> - </sec:cipherSuitesFilter> - </httpj:tlsServerParameters> - </httpj:engine> - </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; - xmlns:s="http://apache.org/hello_world/services"; - id="AESTLSServer" - implementor="org.apache.cxf.systest.http.GreeterImpl" - address="https://localhost:${testutil.ports.CipherSuitesServer}/SoapContext/HttpsPort"; - serviceName="s:SOAPService" - endpointName="e:HttpsPort" depends-on="aes-tls-settings"/> - - - <httpj:engine-factory id="rc4-tls-settings"> - <httpj:engine port="${testutil.ports.CipherSuitesServer.2}"> - <httpj:tlsServerParameters> - <sec:keyManagers keyPassword="password"> - <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> - </sec:keyManagers> - <sec:clientAuthentication want="false" required="false"/> - <sec:cipherSuitesFilter> - <sec:include>.*_WITH_RC4_.*</sec:include> - <sec:exclude>.*_WITH_AES_.*</sec:exclude> - </sec:cipherSuitesFilter> - </httpj:tlsServerParameters> - </httpj:engine> - </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; - xmlns:s="http://apache.org/hello_world/services"; - id="RC4TLSServer" - implementor="org.apache.cxf.systest.http.GreeterImpl" - address="https://localhost:${testutil.ports.CipherSuitesServer.2}/SoapContext/HttpsPort"; - serviceName="s:SOAPService" - endpointName="e:HttpsPort" depends-on="rc4-tls-settings"/> - - <httpj:engine-factory id="null-tls-settings"> - <httpj:engine port="${testutil.ports.CipherSuitesServer.3}"> - <httpj:tlsServerParameters> - <sec:keyManagers keyPassword="password"> - <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> - </sec:keyManagers> - <sec:clientAuthentication want="false" required="false"/> - <sec:cipherSuitesFilter> - <sec:include>.*_WITH_NULL_.*</sec:include> - </sec:cipherSuitesFilter> - </httpj:tlsServerParameters> - </httpj:engine> - </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; - xmlns:s="http://apache.org/hello_world/services"; - id="NULLTLSServer" - implementor="org.apache.cxf.systest.http.GreeterImpl" - address="https://localhost:${testutil.ports.CipherSuitesServer.3}/SoapContext/HttpsPort"; - serviceName="s:SOAPService" - endpointName="e:HttpsPort" depends-on="null-tls-settings"/> - - <httpj:engine-factory id="aes-explicit-tls-settings"> - <httpj:engine port="${testutil.ports.CipherSuitesServer.4}"> - <httpj:tlsServerParameters> - <sec:keyManagers keyPassword="password"> - <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> - </sec:keyManagers> - <sec:clientAuthentication want="false" required="false"/> - <sec:cipherSuites> - <sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA</sec:cipherSuite> - </sec:cipherSuites> - </httpj:tlsServerParameters> - </httpj:engine> - </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; - xmlns:s="http://apache.org/hello_world/services"; - id="AESExplicitTLSServer" - implementor="org.apache.cxf.systest.http.GreeterImpl" - address="https://localhost:${testutil.ports.CipherSuitesServer.4}/SoapContext/HttpsPort"; - serviceName="s:SOAPService" - endpointName="e:HttpsPort" depends-on="aes-explicit-tls-settings"/> -</beans>
