Repository: cxf Updated Branches: refs/heads/3.0.x-fixes a4bd82361 -> ec9805a47
Adding hostname verification tests for http-hc Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/ec9805a4 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/ec9805a4 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/ec9805a4 Branch: refs/heads/3.0.x-fixes Commit: ec9805a4792c1bdbf486e4ba18acb91046514e4b Parents: a4bd823 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Feb 11 13:36:08 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Feb 11 13:48:35 2015 +0000 ---------------------------------------------------------------------- .../http/asyncclient/AsyncHTTPConduit.java | 8 ++++- .../hostname/HostnameVerificationTest.java | 32 ++++++++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/ec9805a4/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java ---------------------------------------------------------------------- diff --git a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java index 47bf717..6d9ff3d 100644 --- a/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java +++ b/rt/transports/http-hc/src/main/java/org/apache/cxf/transport/http/asyncclient/AsyncHTTPConduit.java @@ -519,6 +519,8 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit { tlsClientParameters = new TLSClientParameters(); } final SSLContext sslcontext = getSSLContext(tlsClientParameters); + final HostnameVerifier verifier = org.apache.cxf.transport.https.SSLUtils + .getHostnameVerifier(tlsClientParameters); regBuilder .register("https", new SSLIOSessionStrategy(sslcontext) { @@ -530,6 +532,10 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit { protected void verifySession(final HttpHost host, final IOSession iosession, final SSLSession sslsession) throws SSLException { + if (!verifier.verify(host.getHostName(), sslsession)) { + throw new SSLException("Could not verify host " + host.getHostName()); + } + iosession.setAttribute("cxf.handshake.done", Boolean.TRUE); setSSLSession(sslsession); } @@ -873,7 +879,7 @@ public class AsyncHTTPConduit extends URLConnectionHTTPConduit { } ctx.init(keyManagers, tlsClientParameters.getTrustManagers(), tlsClientParameters.getSecureRandom()); - + sslContext = ctx; lastTlsHash = hash; sslState = null; http://git-wip-us.apache.org/repos/asf/cxf/blob/ec9805a4/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java index 3769ecb..9ab2752 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java @@ -21,6 +21,8 @@ package org.apache.cxf.systest.https.hostname; import java.net.URL; +import javax.xml.ws.BindingProvider; + import org.apache.cxf.Bus; import org.apache.cxf.bus.spring.SpringBusFactory; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; @@ -78,6 +80,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase { assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + ((java.io.Closeable)port).close(); bus.shutdown(true); } @@ -107,6 +114,16 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase { // expected } + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + try { + port.greetMe("Kitty"); + fail("Failure expected on a non-matching subject alternative name"); + } catch (Exception ex) { + // expected + } + ((java.io.Closeable)port).close(); bus.shutdown(true); } @@ -130,6 +147,11 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase { updateAddressPort(port, PORT3); assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); ((java.io.Closeable)port).close(); bus.shutdown(true); @@ -159,6 +181,16 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase { } catch (Exception ex) { // expected } + + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + try { + port.greetMe("Kitty"); + fail("Failure expected with no matching Subject Alt Name or CN"); + } catch (Exception ex) { + // expected + } ((java.io.Closeable)port).close(); bus.shutdown(true);