Repository: cxf Updated Branches: refs/heads/3.1.x-fixes e24153bd6 -> 398a4988b
Adding Jetty programmatic tests # Conflicts: # systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/2f219d0c Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/2f219d0c Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/2f219d0c Branch: refs/heads/3.1.x-fixes Commit: 2f219d0c7258b33cb72d49d19bfd991a2ef3264a Parents: e24153b Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Mar 30 10:03:17 2017 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Mar 30 10:04:41 2017 +0100 ---------------------------------------------------------------------- .../systest/https/trust/TrustManagerTest.java | 116 +++++++++++++++++++ .../https/trust/TrustServerNoSpring.java | 84 ++++++++++++++ 2 files changed, 200 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/2f219d0c/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java index 6264f44..89e6b89 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java @@ -43,7 +43,13 @@ import org.junit.BeforeClass; */ public class TrustManagerTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(TrustServer.class); +<<<<<<< HEAD +======= + static final String PORT2 = allocatePort(TrustServer.class, 2); + static final String PORT3 = allocatePort(TrustServer.class, 3); + +>>>>>>> 16163d8... Adding Jetty programmatic tests @BeforeClass public static void startServers() throws Exception { assertTrue( @@ -52,6 +58,12 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase { // set this to false to fork launchServer(TrustServer.class, true) ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(TrustServerNoSpring.class, true) + ); } @AfterClass @@ -131,7 +143,50 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)port).close(); bus.shutdown(true); } +<<<<<<< HEAD +======= + + // Here the Trust Manager checks the server cert. this time we are invoking on the + // service that is configured in code (not by spring) + @org.junit.Test + public void testValidServerCertX509TrustManager2() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT3); + + String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US"; + + TLSClientParameters tlsParams = new TLSClientParameters(); + X509TrustManager trustManager = + new ServerCertX509TrustManager(validPrincipalName); + TrustManager[] trustManagers = new TrustManager[1]; + trustManagers[0] = trustManager; + tlsParams.setTrustManagers(trustManagers); + tlsParams.setDisableCNCheck(true); + + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + http.setTlsClientParameters(tlsParams); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + +>>>>>>> 16163d8... Adding Jetty programmatic tests @org.junit.Test public void testInvalidServerCertX509TrustManager() throws Exception { SpringBusFactory bf = new SpringBusFactory(); @@ -169,7 +224,68 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase { } catch (Exception ex) { // expected } +<<<<<<< HEAD +======= + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + + @org.junit.Test + public void testOSCPOverride() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT2); + + // Read truststore + KeyStore ts = KeyStore.getInstance("JKS"); + try (InputStream trustStore = + ClassLoaderUtils.getResourceAsStream("keys/cxfca.jks", TrustManagerTest.class)) { + ts.load(trustStore, "password".toCharArray()); + } + + try { + Security.setProperty("ocsp.enable", "true"); + + PKIXBuilderParameters param = new PKIXBuilderParameters(ts, new X509CertSelector()); + param.setRevocationEnabled(true); + + TrustManagerFactory tmf = + TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); + tmf.init(new CertPathTrustManagerParameters(param)); + + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setTrustManagers(tmf.getTrustManagers()); + tlsParams.setDisableCNCheck(true); + + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + http.setTlsClientParameters(tlsParams); + + try { + port.greetMe("Kitty"); + fail("Failure expected on an invalid OCSP responder URL"); + } catch (Exception ex) { + // expected + } + + } finally { + Security.setProperty("ocsp.enable", "false"); + } + +>>>>>>> 16163d8... Adding Jetty programmatic tests ((java.io.Closeable)port).close(); bus.shutdown(true); } http://git-wip-us.apache.org/repos/asf/cxf/blob/2f219d0c/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java new file mode 100644 index 0000000..305fd1d --- /dev/null +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java @@ -0,0 +1,84 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.https.trust; + +import java.security.KeyStore; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.KeyManagerFactory; +import javax.xml.ws.Endpoint; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.cxf.configuration.jsse.TLSServerParameters; +import org.apache.cxf.configuration.security.ClientAuthentication; +import org.apache.cxf.systest.http.GreeterImpl; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory; + +public class TrustServerNoSpring extends AbstractBusTestServerBase { + + public TrustServerNoSpring() { + + } + + protected void run() { + Bus busLocal = BusFactory.getDefaultBus(true); + setBus(busLocal); + + String address = "https://localhost:" + TrustManagerTest.PORT3 + "/SoapContext/HttpsPort"; + + try { + KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + keyStore.load(ClassLoaderUtils.getResourceAsStream("keys/Bethal.jks", + this.getClass()), + "password".toCharArray()); + + KeyManagerFactory kmf = + KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(keyStore, "password".toCharArray()); + + TLSServerParameters tlsParams = new TLSServerParameters(); + tlsParams.setKeyManagers(kmf.getKeyManagers()); + + ClientAuthentication clientAuthentication = new ClientAuthentication(); + clientAuthentication.setRequired(false); + clientAuthentication.setWant(true); + tlsParams.setClientAuthentication(clientAuthentication); + + Map<String, TLSServerParameters> map = new HashMap<>(); + map.put("tlsId", tlsParams); + + JettyHTTPServerEngineFactory factory = + busLocal.getExtension(JettyHTTPServerEngineFactory.class); + factory.setTlsServerParametersMap(map); + factory.createJettyHTTPServerEngine("localhost", Integer.parseInt(TrustManagerTest.PORT3), + "https", "tlsId"); + + factory.initComplete(); + } catch (Exception ex) { + ex.printStackTrace(); + } + + Endpoint.publish(address, new GreeterImpl()); + } +}
