Repository: cxf Updated Branches: refs/heads/master 1d1b318e5 -> 16163d804
Adding Jetty programmatic tests Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/16163d80 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/16163d80 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/16163d80 Branch: refs/heads/master Commit: 16163d8044be801683d1fb2d2d44507f43be2d6a Parents: 1d1b318 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Thu Mar 30 10:03:17 2017 +0100 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Thu Mar 30 10:03:17 2017 +0100 ---------------------------------------------------------------------- .../systest/https/trust/TrustManagerTest.java | 64 ++++++++++++--- .../https/trust/TrustServerNoSpring.java | 84 ++++++++++++++++++++ 2 files changed, 139 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/16163d80/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java index a2b9fa6..cc5ba7d 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustManagerTest.java @@ -52,6 +52,7 @@ import org.junit.BeforeClass; public class TrustManagerTest extends AbstractBusClientServerTestBase { static final String PORT = allocatePort(TrustServer.class); static final String PORT2 = allocatePort(TrustServer.class, 2); + static final String PORT3 = allocatePort(TrustServer.class, 3); @BeforeClass public static void startServers() throws Exception { @@ -61,6 +62,12 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase { // set this to false to fork launchServer(TrustServer.class, true) ); + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(TrustServerNoSpring.class, true) + ); } @AfterClass @@ -141,6 +148,45 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + // Here the Trust Manager checks the server cert. this time we are invoking on the + // service that is configured in code (not by spring) + @org.junit.Test + public void testValidServerCertX509TrustManager2() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = TrustManagerTest.class.getResource("client-trust.xml"); + + Bus bus = bf.createBus(busFile.toString()); + SpringBusFactory.setDefaultBus(bus); + SpringBusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT3); + + String validPrincipalName = "CN=Bethal,OU=Bethal,O=ApacheTest,L=Syracuse,C=US"; + + TLSClientParameters tlsParams = new TLSClientParameters(); + X509TrustManager trustManager = + new ServerCertX509TrustManager(validPrincipalName); + TrustManager[] trustManagers = new TrustManager[1]; + trustManagers[0] = trustManager; + tlsParams.setTrustManagers(trustManagers); + tlsParams.setDisableCNCheck(true); + + Client client = ClientProxy.getClient(port); + HTTPConduit http = (HTTPConduit) client.getConduit(); + http.setTlsClientParameters(tlsParams); + + assertEquals(port.greetMe("Kitty"), "Hello Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + @org.junit.Test public void testInvalidServerCertX509TrustManager() throws Exception { SpringBusFactory bf = new SpringBusFactory(); @@ -182,7 +228,7 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)port).close(); bus.shutdown(true); } - + @org.junit.Test public void testOSCPOverride() throws Exception { SpringBusFactory bf = new SpringBusFactory(); @@ -206,36 +252,36 @@ public class TrustManagerTest extends AbstractBusClientServerTestBase { ClassLoaderUtils.getResourceAsStream("keys/cxfca.jks", TrustManagerTest.class)) { ts.load(trustStore, "password".toCharArray()); } - + try { Security.setProperty("ocsp.enable", "true"); - + PKIXBuilderParameters param = new PKIXBuilderParameters(ts, new X509CertSelector()); param.setRevocationEnabled(true); - + TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(new CertPathTrustManagerParameters(param)); - + TLSClientParameters tlsParams = new TLSClientParameters(); tlsParams.setTrustManagers(tmf.getTrustManagers()); tlsParams.setDisableCNCheck(true); - + Client client = ClientProxy.getClient(port); HTTPConduit http = (HTTPConduit) client.getConduit(); http.setTlsClientParameters(tlsParams); - + try { port.greetMe("Kitty"); fail("Failure expected on an invalid OCSP responder URL"); } catch (Exception ex) { // expected } - + } finally { Security.setProperty("ocsp.enable", "false"); } - + ((java.io.Closeable)port).close(); bus.shutdown(true); } http://git-wip-us.apache.org/repos/asf/cxf/blob/16163d80/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java ---------------------------------------------------------------------- diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java new file mode 100644 index 0000000..305fd1d --- /dev/null +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/trust/TrustServerNoSpring.java @@ -0,0 +1,84 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.systest.https.trust; + +import java.security.KeyStore; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.KeyManagerFactory; +import javax.xml.ws.Endpoint; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.common.classloader.ClassLoaderUtils; +import org.apache.cxf.configuration.jsse.TLSServerParameters; +import org.apache.cxf.configuration.security.ClientAuthentication; +import org.apache.cxf.systest.http.GreeterImpl; +import org.apache.cxf.testutil.common.AbstractBusTestServerBase; +import org.apache.cxf.transport.http_jetty.JettyHTTPServerEngineFactory; + +public class TrustServerNoSpring extends AbstractBusTestServerBase { + + public TrustServerNoSpring() { + + } + + protected void run() { + Bus busLocal = BusFactory.getDefaultBus(true); + setBus(busLocal); + + String address = "https://localhost:" + TrustManagerTest.PORT3 + "/SoapContext/HttpsPort"; + + try { + KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); + keyStore.load(ClassLoaderUtils.getResourceAsStream("keys/Bethal.jks", + this.getClass()), + "password".toCharArray()); + + KeyManagerFactory kmf = + KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + kmf.init(keyStore, "password".toCharArray()); + + TLSServerParameters tlsParams = new TLSServerParameters(); + tlsParams.setKeyManagers(kmf.getKeyManagers()); + + ClientAuthentication clientAuthentication = new ClientAuthentication(); + clientAuthentication.setRequired(false); + clientAuthentication.setWant(true); + tlsParams.setClientAuthentication(clientAuthentication); + + Map<String, TLSServerParameters> map = new HashMap<>(); + map.put("tlsId", tlsParams); + + JettyHTTPServerEngineFactory factory = + busLocal.getExtension(JettyHTTPServerEngineFactory.class); + factory.setTlsServerParametersMap(map); + factory.createJettyHTTPServerEngine("localhost", Integer.parseInt(TrustManagerTest.PORT3), + "https", "tlsId"); + + factory.initComplete(); + } catch (Exception ex) { + ex.printStackTrace(); + } + + Endpoint.publish(address, new GreeterImpl()); + } +}