Moving SSL3 tests into a new module to avoid a failure with the latest JDK 7
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/19d7e727 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/19d7e727 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/19d7e727 Branch: refs/heads/3.0.x-fixes Commit: 19d7e7275c680451273669004afa2a3f2f615ef3 Parents: c2eb440 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Fri Feb 20 16:12:22 2015 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Fri Feb 20 16:15:30 2015 +0000 ---------------------------------------------------------------------- systests/pom.xml | 1 + systests/transports-ssl3/pom.xml | 172 +++++++++++++ .../org/apache/cxf/https/ssl3/GreeterImpl.java | 65 +++++ .../org/apache/cxf/https/ssl3/SSLv3Server.java | 49 ++++ .../org/apache/cxf/https/ssl3/SSLv3Test.java | 255 +++++++++++++++++++ .../src/test/resources/keys/Bethal.cer | Bin 0 -> 548 bytes .../src/test/resources/keys/Bethal.jks | Bin 0 -> 1317 bytes .../src/test/resources/keys/Bethal.p12 | Bin 0 -> 1705 bytes .../src/test/resources/keys/Gordy.cer | Bin 0 -> 544 bytes .../src/test/resources/keys/Gordy.jks | Bin 0 -> 1313 bytes .../src/test/resources/keys/Morpit.jks | Bin 0 -> 1337 bytes .../src/test/resources/keys/Morpit.p12 | Bin 0 -> 1721 bytes .../src/test/resources/keys/Poltim.cer | Bin 0 -> 548 bytes .../src/test/resources/keys/Poltim.jks | Bin 0 -> 1318 bytes .../src/test/resources/keys/Tarpin.cer | Bin 0 -> 548 bytes .../src/test/resources/keys/Tarpin.jks | Bin 0 -> 1319 bytes .../src/test/resources/keys/Truststore.jks | Bin 0 -> 2942 bytes .../src/test/resources/keys/Truststore.pem | 60 +++++ .../src/test/resources/keys/alice.jks | Bin 0 -> 2428 bytes .../src/test/resources/keys/bob.jks | Bin 0 -> 2422 bytes .../src/test/resources/keys/cxfca.jks | Bin 0 -> 1306 bytes .../src/test/resources/keys/genkeys.sh | 53 ++++ .../src/test/resources/keys/subjalt.jks | Bin 0 -> 8891 bytes .../cxf/https/ssl3/sslv3-client-allow.xml | 34 +++ .../org/apache/cxf/https/ssl3/sslv3-client.xml | 33 +++ .../org/apache/cxf/https/ssl3/sslv3-server.xml | 100 ++++++++ .../https/clientauth/ClientAuthTest.java | 2 +- .../cxf/systest/https/ssl3/SSLv3Server.java | 47 ---- .../cxf/systest/https/ssl3/SSLv3Test.java | 255 ------------------- .../systest/https/clientauth/client-no-auth.xml | 33 +++ .../systest/https/ssl3/sslv3-client-allow.xml | 34 --- .../cxf/systest/https/ssl3/sslv3-client.xml | 33 --- .../cxf/systest/https/ssl3/sslv3-server.xml | 100 -------- 33 files changed, 856 insertions(+), 470 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/pom.xml ---------------------------------------------------------------------- diff --git a/systests/pom.xml b/systests/pom.xml index 28b46e1..e4ea2bc 100644 --- a/systests/pom.xml +++ b/systests/pom.xml @@ -34,6 +34,7 @@ <module>container-integration</module> <module>uncategorized</module> <module>transports</module> + <module>transports-ssl3</module> <module>transport-jms</module> <module>jaxws</module> <module>databinding</module> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/pom.xml ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/pom.xml b/systests/transports-ssl3/pom.xml new file mode 100644 index 0000000..64c05ab --- /dev/null +++ b/systests/transports-ssl3/pom.xml @@ -0,0 +1,172 @@ +<?xml version="1.0"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <artifactId>cxf-parent</artifactId> + <groupId>org.apache.cxf</groupId> + <version>3.1.0-SNAPSHOT</version> + <relativePath>../../parent/pom.xml</relativePath> + </parent> + <modelVersion>4.0.0</modelVersion> + <groupId>org.apache.cxf.systests</groupId> + <artifactId>cxf-systests-transports-ssl3</artifactId> + <name>Apache CXF Transport SSL3 System Tests</name> + <description>Apache CXF Transport SSL3 System Tests</description> + <url>http://cxf.apache.org</url> + <build> + <testSourceDirectory>${basedir}/src/test/java</testSourceDirectory> + <testResources> + <testResource> + <directory>src/test/java</directory> + <excludes> + <exclude>**/*.java</exclude> + </excludes> + </testResource> + <testResource> + <directory>src/test/resources</directory> + <includes> + <include>**/*</include> + </includes> + </testResource> + </testResources> + <plugins> + <plugin> + <artifactId>maven-jar-plugin</artifactId> + <executions> + <execution> + <id>attach-sources</id> + <goals> + <goal>test-jar</goal> + </goals> + </execution> + </executions> + </plugin> + </plugins> + </build> + <dependencies> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-core</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-databinding-jaxb</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-frontend-jaxws</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-bindings-soap</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http-hc</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-udp</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-servlet</artifactId> + </dependency> + <dependency> + <groupId>org.eclipse.jetty</groupId> + <artifactId>jetty-webapp</artifactId> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-rt-transports-http-jetty</artifactId> + <version>${project.version}</version> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>slf4j-jdk14</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.slf4j</groupId> + <artifactId>jcl-over-slf4j</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.apache.cxf</groupId> + <artifactId>cxf-testutils</artifactId> + <version>${project.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-aop</artifactId> + <version>${cxf.spring.version}</version> + <scope>test</scope> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-web</artifactId> + <scope>test</scope> + <version>${cxf.spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-beans</artifactId> + <scope>test</scope> + <version>${cxf.spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-context</artifactId> + <scope>test</scope> + <version>${cxf.spring.version}</version> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-core</artifactId> + </dependency> + <dependency> + <groupId>org.springframework</groupId> + <artifactId>${cxf.spring.mock}</artifactId> + <version>${cxf.spring.version}</version> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>commons-httpclient</groupId> + <artifactId>commons-httpclient</artifactId> + <scope>test</scope> + </dependency> + </dependencies> +</project> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/GreeterImpl.java ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/GreeterImpl.java b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/GreeterImpl.java new file mode 100644 index 0000000..d6da31f --- /dev/null +++ b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/GreeterImpl.java @@ -0,0 +1,65 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.https.ssl3; + +import java.util.logging.Logger; + +import javax.jws.WebService; + +import org.apache.cxf.common.logging.LogUtils; +import org.apache.hello_world.Greeter; + + +@WebService(serviceName = "SOAPService", + endpointInterface = "org.apache.hello_world.Greeter", + targetNamespace = "http://apache.org/hello_world") +public class GreeterImpl implements Greeter { + + private static final Logger LOG = + LogUtils.getLogger(GreeterImpl.class, + null, + GreeterImpl.class.getPackage().getName()); + private String myName; + + public GreeterImpl() { + this("defaultGreeter"); + } + + public GreeterImpl(String name) { + myName = name; + } + + public String greetMe(String me) { + LOG.info("Executing operation greetMe"); + LOG.info("Message received: " + me); + return "Hello " + me; + } + + + public String sayHi() { + LOG.info("Executing operation sayHi"); + return "Bonjour from " + myName; + } + + public void pingMe() { + } + + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Server.java ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Server.java b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Server.java new file mode 100644 index 0000000..1d5f49c --- /dev/null +++ b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Server.java @@ -0,0 +1,49 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.https.ssl3; + +import java.net.URL; +import java.security.Security; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; + +public class SSLv3Server extends AbstractBusTestServerBase { + + public SSLv3Server() { + // Remove "SSLv3" from the default disabled algorithm list for the purposes of this test + Security.setProperty("jdk.tls.disabledAlgorithms", "MD5"); + } + + protected void run() { + URL busFile = SSLv3Server.class.getResource("sslv3-server.xml"); + Bus busLocal = new SpringBusFactory().createBus(busFile); + BusFactory.setDefaultBus(busLocal); + setBus(busLocal); + + try { + new SSLv3Server(); + } catch (Exception e) { + e.printStackTrace(); + } + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java new file mode 100644 index 0000000..df5dc19 --- /dev/null +++ b/systests/transports-ssl3/src/test/java/org/apache/cxf/https/ssl3/SSLv3Test.java @@ -0,0 +1,255 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.https.ssl3; + +import java.io.IOException; +import java.net.URL; + +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import javax.net.ssl.TrustManager; +import javax.xml.ws.BindingProvider; + +import org.apache.cxf.Bus; +import org.apache.cxf.bus.spring.SpringBusFactory; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.configuration.jsse.SSLUtils; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.hello_world.Greeter; +import org.apache.hello_world.services.SOAPService; +import org.junit.AfterClass; +import org.junit.BeforeClass; + +/** + * A set of tests SSL v3 protocol support. It should be disallowed by default on both the + * (Jetty) server and CXF client side. + */ +public class SSLv3Test extends AbstractBusClientServerTestBase { + static final String PORT = allocatePort(SSLv3Server.class); + static final String PORT2 = allocatePort(SSLv3Server.class, 2); + static final String PORT3 = allocatePort(SSLv3Server.class, 3); + + @BeforeClass + public static void startServers() throws Exception { + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(SSLv3Server.class, true) + ); + } + + @AfterClass + public static void cleanup() throws Exception { + stopAllServers(); + } + + @org.junit.Test + public void testSSLv3ServerNotAllowedByDefault() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + System.setProperty("https.protocols", "SSLv3"); + + URL service = new URL("https://localhost:" + PORT); + HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); + + connection.setHostnameVerifier(new DisableCNCheckVerifier()); + + SSLContext sslContext = SSLContext.getInstance("SSL"); + URL keystore = SSLv3Test.class.getResource("../../../../../keys/Truststore.jks"); + TrustManager[] trustManagers = + SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(), + "PKIX", LogUtils.getL7dLogger(SSLv3Test.class)); + sslContext.init(null, trustManagers, new java.security.SecureRandom()); + + connection.setSSLSocketFactory(sslContext.getSocketFactory()); + + try { + connection.connect(); + fail("Failure expected on an SSLv3 connection attempt"); + } catch (IOException ex) { + // expected + } + + System.clearProperty("https.protocols"); + + bus.shutdown(true); + } + + @org.junit.Test + public void testSSLv3ServerAllowed() throws Exception { + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + System.setProperty("https.protocols", "SSLv3"); + + URL service = new URL("https://localhost:" + PORT2); + HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); + + connection.setHostnameVerifier(new DisableCNCheckVerifier()); + + SSLContext sslContext = SSLContext.getInstance("SSL"); + URL keystore = SSLv3Test.class.getResource("../../../../../keys/Truststore.jks"); + TrustManager[] trustManagers = + SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(), + "PKIX", LogUtils.getL7dLogger(SSLv3Test.class)); + sslContext.init(null, trustManagers, new java.security.SecureRandom()); + + connection.setSSLSocketFactory(sslContext.getSocketFactory()); + + connection.connect(); + + connection.disconnect(); + + System.clearProperty("https.protocols"); + + bus.shutdown(true); + } + + @org.junit.Test + public void testClientSSL3NotAllowed() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT3); + + try { + port.greetMe("Kitty"); + fail("Failure expected on the client not supporting SSLv3 by default"); + } catch (Exception ex) { + // expected + } + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + + @org.junit.Test + public void testAsyncClientSSL3NotAllowed() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + updateAddressPort(port, PORT3); + + try { + port.greetMe("Kitty"); + fail("Failure expected on the client not supporting SSLv3 by default"); + } catch (Exception ex) { + // expected + } + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + + @org.junit.Test + public void testClientSSL3Allowed() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT3); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + + @org.junit.Test + public void testAsyncClientSSL3Allowed() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + // Enable Async + ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); + + updateAddressPort(port, PORT3); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + + private static final class DisableCNCheckVerifier implements HostnameVerifier { + + @Override + public boolean verify(String arg0, SSLSession arg1) { + return true; + } + + }; +} http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Bethal.cer ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Bethal.cer b/systests/transports-ssl3/src/test/resources/keys/Bethal.cer new file mode 100644 index 0000000..5ca8252 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Bethal.cer differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Bethal.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Bethal.jks b/systests/transports-ssl3/src/test/resources/keys/Bethal.jks new file mode 100644 index 0000000..2bf1a9a Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Bethal.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Bethal.p12 ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Bethal.p12 b/systests/transports-ssl3/src/test/resources/keys/Bethal.p12 new file mode 100644 index 0000000..c47515e Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Bethal.p12 differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Gordy.cer ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Gordy.cer b/systests/transports-ssl3/src/test/resources/keys/Gordy.cer new file mode 100644 index 0000000..6cabd2a Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Gordy.cer differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Gordy.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Gordy.jks b/systests/transports-ssl3/src/test/resources/keys/Gordy.jks new file mode 100644 index 0000000..b067db0 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Gordy.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Morpit.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Morpit.jks b/systests/transports-ssl3/src/test/resources/keys/Morpit.jks new file mode 100644 index 0000000..95626a7 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Morpit.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Morpit.p12 ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Morpit.p12 b/systests/transports-ssl3/src/test/resources/keys/Morpit.p12 new file mode 100644 index 0000000..f37acff Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Morpit.p12 differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Poltim.cer ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Poltim.cer b/systests/transports-ssl3/src/test/resources/keys/Poltim.cer new file mode 100644 index 0000000..cfb2cc5 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Poltim.cer differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Poltim.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Poltim.jks b/systests/transports-ssl3/src/test/resources/keys/Poltim.jks new file mode 100644 index 0000000..570e071 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Poltim.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Tarpin.cer ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Tarpin.cer b/systests/transports-ssl3/src/test/resources/keys/Tarpin.cer new file mode 100644 index 0000000..37edcac Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Tarpin.cer differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Tarpin.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Tarpin.jks b/systests/transports-ssl3/src/test/resources/keys/Tarpin.jks new file mode 100644 index 0000000..329af6a Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Tarpin.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Truststore.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Truststore.jks b/systests/transports-ssl3/src/test/resources/keys/Truststore.jks new file mode 100644 index 0000000..e76a076 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/Truststore.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/Truststore.pem ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/Truststore.pem b/systests/transports-ssl3/src/test/resources/keys/Truststore.pem new file mode 100644 index 0000000..1b25477 --- /dev/null +++ b/systests/transports-ssl3/src/test/resources/keys/Truststore.pem @@ -0,0 +1,60 @@ +-----BEGIN CERTIFICATE----- +MIICIDCCAYkCBEYRaYcwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5 +cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZCZXRoYWwxDzANBgNVBAMTBkJl +dGhhbDAeFw0wNzA0MDIyMDM3MjdaFw0zNDA4MTgyMDM3MjdaMFcxCzAJBgNVBAYTAlVTMREwDwYD +VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGQmV0aGFsMQ8wDQYD +VQQDEwZCZXRoYWwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJHOyFu8tTt4g9tBv0bY8c4K +uidfMlHbFQAukIFXLkR4xu5IxG5OI53ZE0F6rqcPFve1sdEV9h+MxmzqQbo180Wyv1rUEq2AScK3 +6bo0ALuZsreQQmNVGBOjxBpTtrRErRfNJe1mvzNMz9VlGdSNWW17CrBz9kmz6G1EWg8aGfZHAgMB +AAEwDQYJKoZIhvcNAQEEBQADgYEAbw+VwP1tnBm3cFLFgONnGCozN8XqV2M0OklJ5lBDJL7BV2Ng +BtTZ8as9jTGYdjetKQXX75wWL7OS7vnkm/9tbr/vNBljT0OP0Yr2X7TAbDdhFfsk/D5mBpXdzXz2 +wqxVZjj6sm5zvwC32e4AxGG0edmY1DN9VMZzA/FrzBP0qoE= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICHDCCAYUCBEYRaYkwDQYJKoZIhvcNAQEEBQAwVTELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5 +cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ4wDAYDVQQLEwVHb3JkeTEOMAwGA1UEAxMFR29y +ZHkwHhcNMDcwNDAyMjAzNzI5WhcNMzQwODE4MjAzNzI5WjBVMQswCQYDVQQGEwJVUzERMA8GA1UE +BxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDjAMBgNVBAsTBUdvcmR5MQ4wDAYDVQQD +EwVHb3JkeTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqIbNth+G4Q5tkZvoUZdQsY9RnjAA +mgKVBUaOVvv//qOniOTskLqBFyKGoMpbCfNAU7/zVKP5fLTLccLdJyCagKGrs1ZmKaNiTRcOnfkE +3dHnEIp83+hNmASGsrZcyLihtro1N3pMTuXbXzu7x3F2U7fxYFg66iviTEGF6T7dY3MCAwEAATAN +BgkqhkiG9w0BAQQFAAOBgQBPjsYFdqz0JF9shNpvke/H1eHqhyXJgPdHdCu/ewRO2wV6I9WBrGNU +cmmKZmAUsv99Y0Tpz59uEXFcM3cBZU4/obw3DlwwWmaVMoIwQ2Nd2FChC6uyKIJ0Bvpx+aDxjm48 +b8c58EHCcU2FRo/nVWctJL9xJ7oBrke5GZrBlUF+rA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICNDCCAZ0CBEYRaY4wDQYJKoZIhvcNAQEEBQAwYTELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5 +cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZNb3JwaXQxGTAXBgNVBAMTEHdo +YXRldmVyaG9zdC5jb20wHhcNMDcwNDAyMjAzNzM0WhcNMzQwODE4MjAzNzM0WjBhMQswCQYDVQQG +EwJVUzERMA8GA1UEBxMIU3lyYWN1c2UxEzARBgNVBAoTCkFwYWNoZVRlc3QxDzANBgNVBAsTBk1v +cnBpdDEZMBcGA1UEAxMQd2hhdGV2ZXJob3N0LmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAk4FbJxfjllrApiECK5oRbgmTC1exx59HWck20R2AYU6kIkdZa78Ca+oc/zaPCtsVL/QZbjHE +7lnvVK55tnpGW9qzLxsAHZmYyA/4Wdmcbz/Niwsfm062z94+AKMCGum/1Ug1QZUiRKweZTRBHhmT +VsxSDEGTTi6UVim6nv47ZlcCAwEAATANBgkqhkiG9w0BAQQFAAOBgQAjWR/W+YO0I5sBlb+zNTbJ +TPs4CqM4UHQS+prOx59R134FbocgkGncm00FBrO857KJHdSCRjOUUpc3S+MP13FGqSQm2Q0lNjUV +IygvdZ+BATfgsJ92NbnuIhIVAA+i8AVZK//qPRCMz1Rdm1G994qCw3A4lQMi5eqKYYwqkRJeXw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIDCCAYkCBEYRaYwwDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5 +cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZQb2x0aW0xDzANBgNVBAMTBlBv +bHRpbTAeFw0wNzA0MDIyMDM3MzJaFw0zNDA4MTgyMDM3MzJaMFcxCzAJBgNVBAYTAlVTMREwDwYD +VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGUG9sdGltMQ8wDQYD +VQQDEwZQb2x0aW0wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAL/bdivrpaR4Njvo7WB4ipEh +422V2bAyapFvgOq/tHusGR/e3wH0v9g+9xwnNyqFjhueceuWahXAvNHvknuUaelW0346Aay0fBAu +EsyowWBTVi/pU+iZleN9FD8uBalY1s6e+xqu+yckhHuBP77TcTar1hBjCIfy2Eo2YevDL6qlAgMB +AAEwDQYJKoZIhvcNAQEEBQADgYEAuT7QoNfGG7GjfQuU/oYj5vHPH7nPhLtkQBVTEi0WyzgJUXie +rNG/u4VEZtNtK4+4J5tQyb4YtP2GPUUpWrhusKUaW4eMU79rzpUbZnGUBzTbth8kBoN9xHzXiSop +ohPdOnGo5ZjThZnLEn/o9doUEX64o4eauu15SPoDLzSfLJ0= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIICIDCCAYkCBEYRaYswDQYJKoZIhvcNAQEEBQAwVzELMAkGA1UEBhMCVVMxETAPBgNVBAcTCFN5 +cmFjdXNlMRMwEQYDVQQKEwpBcGFjaGVUZXN0MQ8wDQYDVQQLEwZUYXJwaW4xDzANBgNVBAMTBlRh +cnBpbjAeFw0wNzA0MDIyMDM3MzFaFw0zNDA4MTgyMDM3MzFaMFcxCzAJBgNVBAYTAlVTMREwDwYD +VQQHEwhTeXJhY3VzZTETMBEGA1UEChMKQXBhY2hlVGVzdDEPMA0GA1UECxMGVGFycGluMQ8wDQYD +VQQDEwZUYXJwaW4wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKGG8UtWnHyWKFVDJSuSlhT/ +vKxrPjfNBtvdaiQx5gNAlc8QVL5lPOXcJljTF3dEb0QQ1ajai3kC71NE2ABOrxk7Jvk3bEma5Yfy +U3m/OBthL9H8kE3O3+bh4K2LTsRwIa2Zd1wYbj44vUxsiHhzxer3q3FDfLxsqtahsxz7WjG1AgMB +AAEwDQYJKoZIhvcNAQEEBQADgYEAE6EWRbYxGOlwmtpv0XE4FwbXYdSDArc+ArhOJWKTzoE3U9l8 +kg1wJL49VXEmVIxpipXKs7d9lpIVLPFsbBVJRZwH8sgHE39nTjfeyHNmwZcd63Lrn+2RydkAo5P9 +FYi8HFGEM5dON4PSo3Et6ycHy1IrS8htrNu+FoW84FRTKDA= +-----END CERTIFICATE----- http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/alice.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/alice.jks b/systests/transports-ssl3/src/test/resources/keys/alice.jks new file mode 100644 index 0000000..9f47a5c Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/alice.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/bob.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/bob.jks b/systests/transports-ssl3/src/test/resources/keys/bob.jks new file mode 100644 index 0000000..26df583 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/bob.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/cxfca.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/cxfca.jks b/systests/transports-ssl3/src/test/resources/keys/cxfca.jks new file mode 100644 index 0000000..accd45b Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/cxfca.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/genkeys.sh ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/genkeys.sh b/systests/transports-ssl3/src/test/resources/keys/genkeys.sh new file mode 100755 index 0000000..a01a569 --- /dev/null +++ b/systests/transports-ssl3/src/test/resources/keys/genkeys.sh @@ -0,0 +1,53 @@ + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# +# This file generates a number of keys/certificates and keystores for +# names to be used with corresponding CXF configuration files (*.cxf). +# + +# +# Start with a clean slate. Remove all keystores. +# +rm -f *.jks +rm -f Truststore.pem + +# +# This function generates a key/self-signed certificate with the following DN. +# "CN=$1, OU=$2, O=ApacheTest, L=Syracuse, C=US" and adds it to +# the truststore. +# +function genkey { + keytool -genkey -alias $2 -keystore $2.jks -dname "CN=$1, OU=$2, O=ApacheTest, L=Syracuse, C=US" -keyalg RSA -keypass password -storepass password -storetype jks -validity 10000 + keytool -export -file $2.cer -alias $2 -keystore $2.jks -storepass password + keytool -import -file $2.cer -alias $2 -noprompt -keystore Truststore.jks -storepass password +} + +# +# We generate keys/certificates with the following CN=<name> OU=<name> +# The CN used to be "localhost" to conform to the default HostnameVerifier of +# HttpsURLConnection so it would work for tests. However, we have enhanced +# the HTTP Conduit logic to accept anything in the CN in favor of the +# MessageTrustDecider callback making the verification determination. +# +for name in Bethal Gordy Tarpin Poltim Morpit +do + genkey $name $name + keytool -export -keystore Truststore.jks -storepass password -alias $i -rfc >> Truststore.pem +done + http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/keys/subjalt.jks ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/keys/subjalt.jks b/systests/transports-ssl3/src/test/resources/keys/subjalt.jks new file mode 100644 index 0000000..fefac18 Binary files /dev/null and b/systests/transports-ssl3/src/test/resources/keys/subjalt.jks differ http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client-allow.xml ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client-allow.xml b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client-allow.xml new file mode 100644 index 0000000..aff363c --- /dev/null +++ b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client-allow.xml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> + <cxf:bus> + <cxf:features> + <p:policies/> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <http:conduit name="https://localhost:.*"> + <http:tlsClientParameters disableCNCheck="true" secureSocketProtocol="SSLv3"> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client.xml ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client.xml b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client.xml new file mode 100644 index 0000000..00400cf --- /dev/null +++ b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-client.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <http:conduit name="https://localhost:.*"> + <http:tlsClientParameters disableCNCheck="true"> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml ---------------------------------------------------------------------- diff --git a/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml new file mode 100644 index 0000000..02f9f59 --- /dev/null +++ b/systests/transports-ssl3/src/test/resources/org/apache/cxf/https/ssl3/sslv3-server.xml @@ -0,0 +1,100 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa che.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + + <httpj:engine-factory id="default-tls-settings"> + <httpj:engine port="${testutil.ports.SSLv3Server}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="false"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services" + xmlns:s="http://apache.org/hello_world/services" + id="SSLv3NotAllowedByDefaultEndpoint" + implementor="org.apache.cxf.https.ssl3.GreeterImpl" + address="https://localhost:${testutil.ports.SSLv3Server}/SoapContext/HttpsPort" + serviceName="s:SOAPService" + endpointName="e:HttpsPort" depends-on="default-tls-settings"/> + + <httpj:engine-factory id="allow-sslv3-settings"> + <httpj:engine port="${testutil.ports.SSLv3Server.2}"> + <httpj:tlsServerParameters secureSocketProtocol="SSLv3" > + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="false"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services" + xmlns:s="http://apache.org/hello_world/services" + id="SSLv3AllowedByDefaultEndpoint" + implementor="org.apache.cxf.https.ssl3.GreeterImpl" + address="https://localhost:${testutil.ports.SSLv3Server.2}/SoapContext/HttpsPort" + serviceName="s:SOAPService" + endpointName="e:HttpsPort" depends-on="allow-sslv3-settings"/> + + <httpj:engine-factory id="disallow-tls-via-configuration"> + <httpj:engine port="${testutil.ports.SSLv3Server.3}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="password"> + <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> + </sec:keyManagers> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + <sec:clientAuthentication want="true" required="false"/> + <sec:excludeProtocols> + <sec:excludeProtocol>TLS</sec:excludeProtocol> + <sec:excludeProtocol>TLSv1</sec:excludeProtocol> + <sec:excludeProtocol>TLSv1.1</sec:excludeProtocol> + <sec:excludeProtocol>TLSv1.2</sec:excludeProtocol> + </sec:excludeProtocols> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services" + xmlns:s="http://apache.org/hello_world/services" + id="TLSNotAllowedByEndpoint" + implementor="org.apache.cxf.https.ssl3.GreeterImpl" + address="https://localhost:${testutil.ports.SSLv3Server.3}/SoapContext/HttpsPort" + serviceName="s:SOAPService" + endpointName="e:HttpsPort" depends-on="disallow-tls-via-configuration"/> + +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java index 4493d53..5e306a3 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/clientauth/ClientAuthTest.java @@ -108,7 +108,7 @@ public class ClientAuthTest extends AbstractBusClientServerTestBase { @org.junit.Test public void testNoClientCert() throws Exception { SpringBusFactory bf = new SpringBusFactory(); - URL busFile = ClientAuthTest.class.getResource("../ssl3/sslv3-client.xml"); + URL busFile = ClientAuthTest.class.getResource("client-no-auth.xml"); Bus bus = bf.createBus(busFile.toString()); SpringBusFactory.setDefaultBus(bus); http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Server.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Server.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Server.java deleted file mode 100644 index d8a70d5..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Server.java +++ /dev/null @@ -1,47 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https.ssl3; - -import java.net.URL; - -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.testutil.common.AbstractBusTestServerBase; - -public class SSLv3Server extends AbstractBusTestServerBase { - - public SSLv3Server() { - - } - - protected void run() { - URL busFile = SSLv3Server.class.getResource("sslv3-server.xml"); - Bus busLocal = new SpringBusFactory().createBus(busFile); - BusFactory.setDefaultBus(busLocal); - setBus(busLocal); - - try { - new SSLv3Server(); - } catch (Exception e) { - e.printStackTrace(); - } - } -} http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java deleted file mode 100644 index 169a13d..0000000 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ssl3/SSLv3Test.java +++ /dev/null @@ -1,255 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systest.https.ssl3; - -import java.io.IOException; -import java.net.URL; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.xml.ws.BindingProvider; - -import org.apache.cxf.Bus; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.configuration.jsse.SSLUtils; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; -import org.junit.AfterClass; -import org.junit.BeforeClass; - -/** - * A set of tests SSL v3 protocol support. It should be disallowed by default on both the - * (Jetty) server and CXF client side. - */ -public class SSLv3Test extends AbstractBusClientServerTestBase { - static final String PORT = allocatePort(SSLv3Server.class); - static final String PORT2 = allocatePort(SSLv3Server.class, 2); - static final String PORT3 = allocatePort(SSLv3Server.class, 3); - - @BeforeClass - public static void startServers() throws Exception { - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(SSLv3Server.class, true) - ); - } - - @AfterClass - public static void cleanup() throws Exception { - stopAllServers(); - } - - @org.junit.Test - public void testSSLv3ServerNotAllowedByDefault() throws Exception { - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - System.setProperty("https.protocols", "SSLv3"); - - URL service = new URL("https://localhost:" + PORT); - HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); - - connection.setHostnameVerifier(new DisableCNCheckVerifier()); - - SSLContext sslContext = SSLContext.getInstance("SSL"); - URL keystore = SSLv3Test.class.getResource("../../../../../../keys/Truststore.jks"); - TrustManager[] trustManagers = - SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(), - "PKIX", LogUtils.getL7dLogger(SSLv3Test.class)); - sslContext.init(null, trustManagers, new java.security.SecureRandom()); - - connection.setSSLSocketFactory(sslContext.getSocketFactory()); - - try { - connection.connect(); - fail("Failure expected on an SSLv3 connection attempt"); - } catch (IOException ex) { - // expected - } - - System.clearProperty("https.protocols"); - - bus.shutdown(true); - } - - @org.junit.Test - public void testSSLv3ServerAllowed() throws Exception { - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - System.setProperty("https.protocols", "SSLv3"); - - URL service = new URL("https://localhost:" + PORT2); - HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); - - connection.setHostnameVerifier(new DisableCNCheckVerifier()); - - SSLContext sslContext = SSLContext.getInstance("SSL"); - URL keystore = SSLv3Test.class.getResource("../../../../../../keys/Truststore.jks"); - TrustManager[] trustManagers = - SSLUtils.getTrustStoreManagers(false, "jks", keystore.getPath(), - "PKIX", LogUtils.getL7dLogger(SSLv3Test.class)); - sslContext.init(null, trustManagers, new java.security.SecureRandom()); - - connection.setSSLSocketFactory(sslContext.getSocketFactory()); - - connection.connect(); - - connection.disconnect(); - - System.clearProperty("https.protocols"); - - bus.shutdown(true); - } - - @org.junit.Test - public void testClientSSL3NotAllowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT3); - - try { - port.greetMe("Kitty"); - fail("Failure expected on the client not supporting SSLv3 by default"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testAsyncClientSSL3NotAllowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT3); - - try { - port.greetMe("Kitty"); - fail("Failure expected on the client not supporting SSLv3 by default"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testClientSSL3Allowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT3); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testAsyncClientSSL3Allowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); - - Bus bus = bf.createBus(busFile.toString()); - SpringBusFactory.setDefaultBus(bus); - SpringBusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider)port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT3); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable)port).close(); - bus.shutdown(true); - } - - private static final class DisableCNCheckVerifier implements HostnameVerifier { - - @Override - public boolean verify(String arg0, SSLSession arg1) { - return true; - } - - }; -} http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports/src/test/resources/org/apache/cxf/systest/https/clientauth/client-no-auth.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/clientauth/client-no-auth.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/clientauth/client-no-auth.xml new file mode 100644 index 0000000..00400cf --- /dev/null +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/clientauth/client-no-auth.xml @@ -0,0 +1,33 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <http:conduit name="https://localhost:.*"> + <http:tlsClientParameters disableCNCheck="true"> + <sec:trustManagers> + <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> +</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client-allow.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client-allow.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client-allow.xml deleted file mode 100644 index aff363c..0000000 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client-allow.xml +++ /dev/null @@ -1,34 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> - <cxf:bus> - <cxf:features> - <p:policies/> - <cxf:logging/> - </cxf:features> - </cxf:bus> - <http:conduit name="https://localhost:.*"> - <http:tlsClientParameters disableCNCheck="true" secureSocketProtocol="SSLv3"> - <sec:trustManagers> - <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> - </sec:trustManagers> - </http:tlsClientParameters> - </http:conduit> -</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client.xml deleted file mode 100644 index 00400cf..0000000 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-client.xml +++ /dev/null @@ -1,33 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/poli cy.xsd"> - <cxf:bus> - <cxf:features> - <cxf:logging/> - </cxf:features> - </cxf:bus> - <http:conduit name="https://localhost:.*"> - <http:tlsClientParameters disableCNCheck="true"> - <sec:trustManagers> - <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> - </sec:trustManagers> - </http:tlsClientParameters> - </http:conduit> -</beans> http://git-wip-us.apache.org/repos/asf/cxf/blob/19d7e727/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml deleted file mode 100644 index e9f8f36..0000000 --- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ssl3/sslv3-server.xml +++ /dev/null @@ -1,100 +0,0 @@ -<?xml version="1.0" encoding="UTF-8"?> -<!-- - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. See the NOTICE file - distributed with this work for additional information - regarding copyright ownership. The ASF licenses this file - to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. ---> -<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://cxf.apache.org/jaxws http://cxf.apache.org/schemas/jaxws.xsd http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd http://cxf.apache.org/policy http://cxf.apache.org/schemas/policy.xsd http://cxf.apache.org/transports/http/configuration http://cxf.apache.org/schemas/configuration/http-conf.xsd http://cxf.apa che.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd "> - <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> - <cxf:bus> - <cxf:features> - <cxf:logging/> - </cxf:features> - </cxf:bus> - - <httpj:engine-factory id="default-tls-settings"> - <httpj:engine port="${testutil.ports.SSLv3Server}"> - <httpj:tlsServerParameters> - <sec:keyManagers keyPassword="password"> - <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> - </sec:keyManagers> - <sec:trustManagers> - <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> - </sec:trustManagers> - <sec:clientAuthentication want="true" required="false"/> - </httpj:tlsServerParameters> - </httpj:engine> - </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services" - xmlns:s="http://apache.org/hello_world/services" - id="SSLv3NotAllowedByDefaultEndpoint" - implementor="org.apache.cxf.systest.http.GreeterImpl" - address="https://localhost:${testutil.ports.SSLv3Server}/SoapContext/HttpsPort" - serviceName="s:SOAPService" - endpointName="e:HttpsPort" depends-on="default-tls-settings"/> - - <httpj:engine-factory id="allow-sslv3-settings"> - <httpj:engine port="${testutil.ports.SSLv3Server.2}"> - <httpj:tlsServerParameters secureSocketProtocol="SSLv3" > - <sec:keyManagers keyPassword="password"> - <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> - </sec:keyManagers> - <sec:trustManagers> - <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> - </sec:trustManagers> - <sec:clientAuthentication want="true" required="false"/> - </httpj:tlsServerParameters> - </httpj:engine> - </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services" - xmlns:s="http://apache.org/hello_world/services" - id="SSLv3AllowedByDefaultEndpoint" - implementor="org.apache.cxf.systest.http.GreeterImpl" - address="https://localhost:${testutil.ports.SSLv3Server.2}/SoapContext/HttpsPort" - serviceName="s:SOAPService" - endpointName="e:HttpsPort" depends-on="allow-sslv3-settings"/> - - <httpj:engine-factory id="disallow-tls-via-configuration"> - <httpj:engine port="${testutil.ports.SSLv3Server.3}"> - <httpj:tlsServerParameters> - <sec:keyManagers keyPassword="password"> - <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/> - </sec:keyManagers> - <sec:trustManagers> - <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/> - </sec:trustManagers> - <sec:clientAuthentication want="true" required="false"/> - <sec:excludeProtocols> - <sec:excludeProtocol>TLS</sec:excludeProtocol> - <sec:excludeProtocol>TLSv1</sec:excludeProtocol> - <sec:excludeProtocol>TLSv1.1</sec:excludeProtocol> - <sec:excludeProtocol>TLSv1.2</sec:excludeProtocol> - </sec:excludeProtocols> - </httpj:tlsServerParameters> - </httpj:engine> - </httpj:engine-factory> - - <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services" - xmlns:s="http://apache.org/hello_world/services" - id="TLSNotAllowedByEndpoint" - implementor="org.apache.cxf.systest.http.GreeterImpl" - address="https://localhost:${testutil.ports.SSLv3Server.3}/SoapContext/HttpsPort" - serviceName="s:SOAPService" - endpointName="e:HttpsPort" depends-on="disallow-tls-via-configuration"/> - -</beans>