This is an automated email from the ASF dual-hosted git repository. dkulp pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push: new db80012a67 Remove SSLv3Test as it's testing stuff that has been removed from recent JDK's and is testing insecure operation db80012a67 is described below commit db80012a672d2049318a11e4443ab8ed4cf7c885 Author: Daniel Kulp <d...@kulp.com> AuthorDate: Tue Apr 25 13:07:28 2023 -0400 Remove SSLv3Test as it's testing stuff that has been removed from recent JDK's and is testing insecure operation --- .../apache/cxf/systests/forked/ssl3/SSLv3Test.java | 372 --------------------- 1 file changed, 372 deletions(-) diff --git a/systests/forked/src/test/java/org/apache/cxf/systests/forked/ssl3/SSLv3Test.java b/systests/forked/src/test/java/org/apache/cxf/systests/forked/ssl3/SSLv3Test.java deleted file mode 100644 index 02a1c0d154..0000000000 --- a/systests/forked/src/test/java/org/apache/cxf/systests/forked/ssl3/SSLv3Test.java +++ /dev/null @@ -1,372 +0,0 @@ -/** - * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file - * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file - * to you under the Apache License, Version 2.0 (the - * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, - * software distributed under the License is distributed on an - * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the - * specific language governing permissions and limitations - * under the License. - */ - -package org.apache.cxf.systests.forked.ssl3; - -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.security.KeyStore; -import java.security.Security; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLSession; -import javax.net.ssl.TrustManager; -import javax.net.ssl.TrustManagerFactory; - -import jakarta.xml.ws.BindingProvider; -import org.apache.cxf.Bus; -import org.apache.cxf.BusFactory; -import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.common.classloader.ClassLoaderUtils; -import org.apache.cxf.helpers.JavaUtils; -import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; -import org.apache.hello_world.Greeter; -import org.apache.hello_world.services.SOAPService; - -import org.junit.AfterClass; -import org.junit.BeforeClass; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - -/** - * A set of tests SSL v3 protocol support. It should be disallowed by default on both the - * (Jetty) server and CXF client side. - */ -public class SSLv3Test extends AbstractBusClientServerTestBase { - static final String PORT = allocatePort(SSLv3Server.class); - static final String PORT2 = allocatePort(SSLv3Server.class, 2); - static final String PORT3 = allocatePort(SSLv3Server.class, 3); - static final String PORT4 = allocatePort(SSLv3Server.class, 4); - - private static String previousDisabledAlgorithms; - private static String previousTlsClientProtocols; - - @BeforeClass - public static void startServers() throws Exception { - // Remove "SSLv3" from the default disabled algorithm list for the purposes of this test - previousDisabledAlgorithms = Security.getProperty("jdk.tls.disabledAlgorithms"); - Security.setProperty("jdk.tls.disabledAlgorithms", "MD5"); - - if (JavaUtils.getJavaMajorVersion() >= 14) { - // Since Java 14, the SSLv3 aliased to TLSv1 (so SSLv3 effectively is not - // supported). To make it work, the custom SSL context has to be created and - // SSLv3 and TLSv1 has to be explicitly enabled: - // -Djdk.tls.client.protocols=SSLv3 - previousTlsClientProtocols = System.setProperty("jdk.tls.client.protocols", "SSLv3,TLSv1"); - } - assertTrue( - "Server failed to launch", - // run the server in the same process - // set this to false to fork - launchServer(SSLv3Server.class, true) - ); - } - - @AfterClass - public static void cleanup() throws Exception { - stopAllServers(); - - if (previousDisabledAlgorithms != null) { - Security.setProperty("jdk.tls.disabledAlgorithms", previousDisabledAlgorithms); - } - if (previousTlsClientProtocols != null) { - System.setProperty("jdk.tls.client.protocols", previousTlsClientProtocols); - } else { - System.clearProperty("jdk.tls.client.protocols"); - } - } - - @org.junit.Test - public void testSSLv3ServerNotAllowedByDefault() throws Exception { - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - System.setProperty("https.protocols", "SSLv3"); - - URL service = new URL("https://localhost:" + PORT); - HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); - - connection.setHostnameVerifier(new DisableCNCheckVerifier()); - - SSLContext sslContext = SSLContext.getInstance("SSL"); - - KeyStore trustedCertStore = KeyStore.getInstance("jks"); - try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", SSLv3Test.class)) { - trustedCertStore.load(keystore, null); - } - - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(trustedCertStore); - TrustManager[] trustManagers = tmf.getTrustManagers(); - - sslContext.init(null, trustManagers, new java.security.SecureRandom()); - connection.setSSLSocketFactory(sslContext.getSocketFactory()); - - try { - connection.connect(); - fail("Failure expected on an SSLv3 connection attempt"); - } catch (IOException ex) { - // expected - } - - System.clearProperty("https.protocols"); - - bus.shutdown(true); - } - - @org.junit.Test - public void testSSLv3ServerAllowed() throws Exception { - - // Doesn't work with IBM JDK - if ("IBM Corporation".equals(System.getProperty("java.vendor"))) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - System.setProperty("https.protocols", "SSLv3"); - - URL service = new URL("https://localhost:" + PORT2); - HttpsURLConnection connection = (HttpsURLConnection) service.openConnection(); - - connection.setHostnameVerifier(new DisableCNCheckVerifier()); - - SSLContext sslContext = SSLContext.getInstance("SSL"); - KeyStore trustedCertStore = KeyStore.getInstance("jks"); - try (InputStream keystore = ClassLoaderUtils.getResourceAsStream("keys/Truststore.jks", SSLv3Test.class)) { - trustedCertStore.load(keystore, null); - } - - TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); - tmf.init(trustedCertStore); - TrustManager[] trustManagers = tmf.getTrustManagers(); - - sslContext.init(null, trustManagers, new java.security.SecureRandom()); - - connection.setSSLSocketFactory(sslContext.getSocketFactory()); - - connection.connect(); - - connection.disconnect(); - - System.clearProperty("https.protocols"); - - bus.shutdown(true); - } - - @org.junit.Test - public void testClientSSL3NotAllowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT3); - - try { - port.greetMe("Kitty"); - fail("Failure expected on the client not supporting SSLv3 by default"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable) port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testAsyncClientSSL3NotAllowed() throws Exception { - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider) port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT3); - - try { - port.greetMe("Kitty"); - fail("Failure expected on the client not supporting SSLv3 by default"); - } catch (Exception ex) { - // expected - } - - ((java.io.Closeable) port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testClientSSL3Allowed() throws Exception { - // Doesn't work with IBM JDK - if ("IBM Corporation".equals(System.getProperty("java.vendor"))) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT3); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable) port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testAsyncClientSSL3Allowed() throws Exception { - // Doesn't work with IBM JDK - if ("IBM Corporation".equals(System.getProperty("java.vendor"))) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - // Enable Async - ((BindingProvider) port).getRequestContext().put("use.async.http.conduit", true); - - updateAddressPort(port, PORT3); - - assertEquals(port.greetMe("Kitty"), "Hello Kitty"); - - ((java.io.Closeable) port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testTLSClientToEndpointWithSSL3Allowed() throws Exception { - // Doesn't work with IBM JDK - if ("IBM Corporation".equals(System.getProperty("java.vendor"))) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT4); - - port.greetMe("Kitty"); - - ((java.io.Closeable) port).close(); - bus.shutdown(true); - } - - @org.junit.Test - public void testSSL3ClientToEndpointWithSSL3Allowed() throws Exception { - // Doesn't work with IBM JDK - if ("IBM Corporation".equals(System.getProperty("java.vendor"))) { - return; - } - - SpringBusFactory bf = new SpringBusFactory(); - URL busFile = SSLv3Test.class.getResource("sslv3-client-allow.xml"); - - Bus bus = bf.createBus(busFile.toString()); - BusFactory.setDefaultBus(bus); - BusFactory.setThreadDefaultBus(bus); - - URL url = SOAPService.WSDL_LOCATION; - SOAPService service = new SOAPService(url, SOAPService.SERVICE); - assertNotNull("Service is null", service); - final Greeter port = service.getHttpsPort(); - assertNotNull("Port is null", port); - - updateAddressPort(port, PORT4); - - port.greetMe("Kitty"); - - ((java.io.Closeable) port).close(); - bus.shutdown(true); - } - - private static final class DisableCNCheckVerifier implements HostnameVerifier { - - @Override - public boolean verify(String arg0, SSLSession arg1) { - return true; - } - - } - -}