This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.1.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit e138a4fb3234490e21e237495d3a9538ee6eaa5f Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Wed Jun 6 11:56:57 2018 +0100 Adding wildcard test for hostname verification (cherry picked from commit c92ecbc590cad16315e0fb0c636b681d0abab9f5) --- .../HostnameVerificationDeprecatedTest.java | 30 +++++++++++++++++++++ .../https/hostname/HostnameVerificationTest.java | 28 +++++++++++++++++++ .../https/hostname/hostname-server-deprecated.xml | 20 ++++++++++++++ .../cxf/systest/https/hostname/hostname-server.xml | 30 +++++++++++++++++---- testutils/src/test/resources/keys/subjalt.jks | Bin 8891 -> 11103 bytes 5 files changed, 103 insertions(+), 5 deletions(-) diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java index 124a6dc..e5a322b 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java @@ -41,6 +41,7 @@ import org.junit.BeforeClass; public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(HostnameVerificationDeprecatedServer.class); static final String PORT2 = allocatePort(HostnameVerificationDeprecatedServer.class, 2); + static final String PORT3 = allocatePort(HostnameVerificationDeprecatedServer.class, 3); @BeforeClass public static void startServers() throws Exception { @@ -142,4 +143,33 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT ((java.io.Closeable)port).close(); bus.shutdown(true); } + + // No Subject Alternative Name, but the CN wildcard matches + @org.junit.Test + public void testNoSubjectAlternativeNameCNWildcardMatch() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = HostnameVerificationTest.class.getResource("hostname-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + BusFactory.setDefaultBus(bus); + BusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT3); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } } diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java index 05a62e7..6aa8577 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java @@ -221,4 +221,32 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + // No Subject Alternative Name, but the CN wildcard matches + @org.junit.Test + public void testNoSubjectAlternativeNameCNWildcardMatch() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = HostnameVerificationTest.class.getResource("hostname-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + BusFactory.setDefaultBus(bus); + BusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT5); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } } diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server-deprecated.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server-deprecated.xml index fc3a627..a776d09 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server-deprecated.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server-deprecated.xml @@ -64,4 +64,24 @@ address="https://localhost:${testutil.ports.HostnameVerificationDeprecatedServer.2}/SoapContext/HttpsPort"; serviceName="s:SOAPService" endpointName="e:HttpsPort" depends-on="no-subject-alt-cn-match-settings"/> + + <httpj:engine-factory id="no-subject-alt-cn-wildcard-match-settings"> + <httpj:engine port="${testutil.ports.HostnameVerificationDeprecatedServer.3}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="security"> + <sec:keyStore type="jks" password="security" resource="keys/subjalt.jks"/> + </sec:keyManagers> + <sec:clientAuthentication want="false" required="false"/> + <sec:certAlias>nosubjaltcnmatchwildcard</sec:certAlias> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; + xmlns:s="http://apache.org/hello_world/services"; + id="NoSubjectAltCNWildcardMatch" + implementor="org.apache.cxf.systest.http.GreeterImpl" + address="https://localhost:${testutil.ports.HostnameVerificationDeprecatedServer.3}/SoapContext/HttpsPort"; + serviceName="s:SOAPService" + endpointName="e:HttpsPort" depends-on="no-subject-alt-cn-wildcard-match-settings"/> </beans> diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server.xml index b3137f0..3592ba8 100644 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server.xml +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-server.xml @@ -98,12 +98,32 @@ </httpj:tlsServerParameters> </httpj:engine> </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; - xmlns:s="http://apache.org/hello_world/services"; - id="NoSubjectAltNoCNMatch" - implementor="org.apache.cxf.systest.http.GreeterImpl" + + <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; + xmlns:s="http://apache.org/hello_world/services"; + id="NoSubjectAltNoCNMatch" + implementor="org.apache.cxf.systest.http.GreeterImpl" address="https://localhost:${testutil.ports.HostnameVerificationServer.4}/SoapContext/HttpsPort"; serviceName="s:SOAPService" endpointName="e:HttpsPort" depends-on="no-subject-alt-no-cn-match-settings"/> + + <httpj:engine-factory id="no-subject-alt-cn-wildcard-match-settings"> + <httpj:engine port="${testutil.ports.HostnameVerificationServer.5}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="security"> + <sec:keyStore type="jks" password="security" resource="keys/subjalt.jks"/> + </sec:keyManagers> + <sec:clientAuthentication want="false" required="false"/> + <sec:certAlias>nosubjaltcnmatchwildcard</sec:certAlias> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services"; + xmlns:s="http://apache.org/hello_world/services"; + id="NoSubjectAltCNWildcardMatch" + implementor="org.apache.cxf.systest.http.GreeterImpl" + address="https://localhost:${testutil.ports.HostnameVerificationServer.5}/SoapContext/HttpsPort"; + serviceName="s:SOAPService" + endpointName="e:HttpsPort" depends-on="no-subject-alt-cn-wildcard-match-settings"/> </beans> diff --git a/testutils/src/test/resources/keys/subjalt.jks b/testutils/src/test/resources/keys/subjalt.jks index fefac18..bd33b38 100644 Binary files a/testutils/src/test/resources/keys/subjalt.jks and b/testutils/src/test/resources/keys/subjalt.jks differ -- To stop receiving notification emails like this one, please contact [email protected].
