This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch 3.1.x-fixes in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 8411de987a05820d9d98279bd60e7373f6520ac4 Author: Colm O hEigeartaigh <[email protected]> AuthorDate: Wed Jun 6 11:25:11 2018 +0100 Adding disableCN tests (cherry picked from commit 61879e4e6dc65eca136ca74ec6a22c6f4024546d) # Conflicts: # systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java --- .../HostnameVerificationDeprecatedTest.java | 24 +++++++++++++++ .../https/hostname/HostnameVerificationTest.java | 26 ++++++++++++++++- .../https/hostname/hostname-client-disablecn.xml | 34 ++++++++++++++++++++++ 3 files changed, 83 insertions(+), 1 deletion(-) diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java index a9ea8a1..124a6dc 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java @@ -89,6 +89,30 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT bus.shutdown(true); } + // No Subject Alternative Name, no matching CN - but we are disabling the CN check so it should work OK + @org.junit.Test + public void testLocalhostNotMatchingDisableCN() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = HostnameVerificationTest.class.getResource("hostname-client-disablecn.xml"); + + Bus bus = bf.createBus(busFile.toString()); + BusFactory.setDefaultBus(bus); + BusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT); + + port.greetMe("Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + // No Subject Alternative Name, but the CN matches ("localhost"), so the default HostnameVerifier // should work fine @org.junit.Test diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java index c55dccb..05a62e7 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java @@ -196,5 +196,29 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase { ((java.io.Closeable)port).close(); bus.shutdown(true); } - + + // No Subject Alternative Name, no matching CN - but we are disabling the CN check so it should work OK + @org.junit.Test + public void testNoSubjectAlternativeNameNoCNMatchDisableCN() throws Exception { + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = HostnameVerificationTest.class.getResource("hostname-client-disablecn.xml"); + + Bus bus = bf.createBus(busFile.toString()); + BusFactory.setDefaultBus(bus); + BusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT4); + + port.greetMe("Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } + } diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-disablecn.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-disablecn.xml new file mode 100644 index 0000000..19c9471 --- /dev/null +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-disablecn.xml @@ -0,0 +1,34 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one + or more contributor license agreements. See the NOTICE file + distributed with this work for additional information + regarding copyright ownership. The ASF licenses this file + to you under the Apache License, Version 2.0 (the + "License"); you may not use this file except in compliance + with the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, + software distributed under the License is distributed on an + "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + KIND, either express or implied. See the License for the + specific language governing permissions and limitations + under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:http="http://cxf.apache.org/transports/http/configuration"; xmlns:jaxws="http://cxf.apache.org/jaxws"; xmlns:cxf="http://cxf.apache.org/core"; xmlns:p="http://cxf.apache.org/policy"; xmlns:sec="http://cxf.apache.org/configuration/security"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-b [...] + + <cxf:bus> + <cxf:features> + <cxf:logging/> + </cxf:features> + </cxf:bus> + <http:conduit name="https://localhost:.*";> + <http:tlsClientParameters disableCNCheck="true"> + <sec:trustManagers> + <sec:keyStore type="jks" password="security" resource="keys/subjalt.jks"/> + </sec:trustManagers> + </http:tlsClientParameters> + </http:conduit> +</beans> -- To stop receiving notification emails like this one, please contact [email protected].
