cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [3/3] cxf git commit: Moved https specific tests into a new directory
Date Thu, 11 Dec 2014 11:57:46 GMT
Moved https specific tests into a new directory


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/94585ae0
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/94585ae0
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/94585ae0

Branch: refs/heads/master
Commit: 94585ae070e62d08f0e064df8176fbdbdf1bb37b
Parents: d222f3e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Dec 11 11:57:11 2014 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Dec 11 11:57:31 2014 +0000

----------------------------------------------------------------------
 .../cxf/systest/http/CertConstraintsTest.java   | 163 -----
 .../cxf/systest/http/HTTPConduitTest.java       | 651 +------------------
 .../cxf/systest/http/HTTPSClientTest.java       | 250 -------
 .../http/KeyPasswordCallbackHandler.java        |  39 --
 .../apache/cxf/systest/http/PushBack401.java    | 223 -------
 .../apache/cxf/systest/http/TrustHandler.java   |  58 --
 .../cxf/systest/https/CertConstraintsTest.java  | 162 +++++
 .../cxf/systest/https/HTTPSClientTest.java      | 249 +++++++
 .../https/KeyPasswordCallbackHandler.java       |  39 ++
 .../apache/cxf/systest/https/PushBack401.java   | 223 +++++++
 .../org/apache/cxf/systest/http/Abost.cxf       |   2 +-
 .../org/apache/cxf/systest/http/Bethal.cxf      |  84 ---
 .../cxf/systest/http/BethalClientBeans.xml      |  24 -
 .../cxf/systest/http/BethalClientConfig.cxf     |  69 --
 .../org/apache/cxf/systest/http/Gordy.cxf       |  77 ---
 .../org/apache/cxf/systest/http/Hurlon.cxf      |   2 +-
 .../org/apache/cxf/systest/http/Morpit.cxf      |  75 ---
 .../org/apache/cxf/systest/http/Poltim.cxf      |  77 ---
 .../org/apache/cxf/systest/http/Tarpin.cxf      |  77 ---
 .../cxf/systest/http/jaxws-publish-callback.xml |  64 --
 .../apache/cxf/systest/http/jaxws-publish.xml   |  64 --
 .../systest/http/jaxws-server-constraints.xml   | 255 --------
 .../apache/cxf/systest/http/jaxws-server.xml    |  77 ---
 .../cxf/systest/http/jaxws-tlsrefs-publish.xml  |  60 --
 .../org/apache/cxf/systest/http/pkcs12.xml      |  70 --
 .../cxf/systest/http/resource-key-spec-url.xml  |  72 --
 .../cxf/systest/http/resource-key-spec.xml      |  68 --
 .../org/apache/cxf/systest/https/Bethal.cxf     |  72 ++
 .../cxf/systest/https/BethalClientBeans.xml     |  24 +
 .../cxf/systest/https/BethalClientConfig.cxf    |  57 ++
 .../org/apache/cxf/systest/https/Gordy.cxf      |  65 ++
 .../org/apache/cxf/systest/https/Morpit.cxf     |  63 ++
 .../org/apache/cxf/systest/https/Poltim.cxf     |  65 ++
 .../org/apache/cxf/systest/https/Tarpin.cxf     |  65 ++
 .../systest/https/jaxws-publish-callback.xml    |  64 ++
 .../apache/cxf/systest/https/jaxws-publish.xml  |  64 ++
 .../systest/https/jaxws-server-constraints.xml  | 255 ++++++++
 .../apache/cxf/systest/https/jaxws-server.xml   |  77 +++
 .../cxf/systest/https/jaxws-tlsrefs-publish.xml |  60 ++
 .../org/apache/cxf/systest/https/pkcs12.xml     |  70 ++
 .../cxf/systest/https/resource-key-spec-url.xml |  72 ++
 .../cxf/systest/https/resource-key-spec.xml     |  68 ++
 42 files changed, 1825 insertions(+), 2590 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
deleted file mode 100644
index 5beb2c0..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/CertConstraintsTest.java
+++ /dev/null
@@ -1,163 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import java.net.URL;
-
-import javax.xml.ws.BindingProvider;
-
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.configuration.Configurer;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.hello_world.Greeter;
-import org.apache.hello_world.services.SOAPService;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * This test is meant to run against a spring-loaded HTTP/S service. It tests the certificate
- * constraints logic.
- */
-public class CertConstraintsTest extends AbstractBusClientServerTestBase {
-    //
-    // data
-    //
-    
-    @BeforeClass
-    public static void allocatePorts() {
-        BusServer.resetPortMap();
-    }
-    
-    /**
-     * the package path used to locate resources specific to this test
-     */
-    private void setTheConfiguration(String config) {
-        //System.setProperty("javax.net.debug", "all");
-        try {
-            System.setProperty(
-                Configurer.USER_CFG_FILE_PROPERTY_URL,
-                CertConstraintsTest.class.getResource(config).toString()
-            );
-        } catch (final Exception e) {
-            e.printStackTrace();
-        }
-    }
-          
-    public void startServers() throws Exception {
-        assertTrue(
-            "Server failed to launch",
-            // run the server in the same process
-            // set this to false to fork a new process
-            launchServer(BusServer.class, true)
-        );
-    }
-    
-    
-    public void stopServers() throws Exception {
-        stopAllServers();
-        System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
-        BusFactory.setDefaultBus(null);
-        BusFactory.setThreadDefaultBus(null);
-    }    
-    
-    
-    //
-    // tests
-    //
-    public final void testSuccessfulCall(String address) throws Exception {
-        URL url = SOAPService.WSDL_LOCATION;
-        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
-        assertNotNull("Service is null", service);   
-        final Greeter port = service.getHttpsPort();
-        assertNotNull("Port is null", port);
-        
-        BindingProvider provider = (BindingProvider)port;
-        provider.getRequestContext().put(
-              BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
-              address);
-        
-        assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-    }
-    
-    public final void testFailedCall(String address) throws Exception {
-        URL url = SOAPService.WSDL_LOCATION;
-        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
-        assertNotNull("Service is null", service);   
-        final Greeter port = service.getHttpsPort();
-        assertNotNull("Port is null", port);
-
-        BindingProvider provider = (BindingProvider)port;
-        provider.getRequestContext().put(
-                BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
-                address);
-
-        try {
-            assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-            fail("Failure expected");
-        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
-            // expected
-        } catch (javax.xml.ws.WebServiceException ex) {
-            // expected
-        }
-    }
-    
-    @Test
-    public final void testCertConstraints() throws Exception {
-        setTheConfiguration("jaxws-server-constraints.xml");
-        startServers();
-        
-        //
-        // Good Subject DN
-        //
-        testSuccessfulCall("https://localhost:" + BusServer.getPort(0) + "/SoapContext/HttpsPort");
-        //
-        // Bad Subject DN
-        //
-        testFailedCall("https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
-        //
-        // Mixed Subject DN (ALL)
-        //
-        testFailedCall("https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");
-        //
-        // Mixed Subject DN (ANY)
-        //
-        testSuccessfulCall("https://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpsPort");
-        //
-        // Mixed Issuer DN (ALL)
-        //
-        testFailedCall("https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
-        //
-        // Mixed Issuer DN (ANY)
-        //
-        testSuccessfulCall("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort");
-        //
-        // Bad server Subject DN
-        //
-        testFailedCall("https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
-        //
-        // Bad server Issuer DN
-        //
-        testFailedCall("https://localhost:" + BusServer.getPort(7) + "/SoapContext/HttpsPort");
-        
-        stopServers();
-    }
-    
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
index a193aae..bd35ade 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPConduitTest.java
@@ -20,14 +20,8 @@
 package org.apache.cxf.systest.http;
 
 
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.IOException;
 import java.net.MalformedURLException;
-import java.net.URI;
 import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Map;
@@ -36,46 +30,20 @@ import java.util.logging.Level;
 import java.util.logging.LogManager;
 import java.util.logging.Logger;
 
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.KeyManagerFactory;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.TrustManagerFactory;
 import javax.xml.namespace.QName;
 
-
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
-import org.apache.cxf.bus.spring.BusApplicationContext;
 import org.apache.cxf.bus.spring.SpringBusFactory;
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.configuration.jsse.TLSClientParameters;
-import org.apache.cxf.configuration.security.AuthorizationPolicy;
-import org.apache.cxf.configuration.security.FiltersType;
 import org.apache.cxf.endpoint.Client;
 import org.apache.cxf.frontend.ClientProxy;
-import org.apache.cxf.message.Message;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-
-import org.apache.cxf.transport.http.HTTPConduit;
-import org.apache.cxf.transport.http.MessageTrustDecider;
-import org.apache.cxf.transport.http.URLConnectionInfo;
-import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
-import org.apache.cxf.transport.http.auth.HttpAuthHeader;
-import org.apache.cxf.transport.http.auth.HttpAuthSupplier;
-
-import org.apache.cxf.transport.https.HttpsURLConnectionInfo;
-
-import org.apache.cxf.transports.http.configuration.HTTPClientPolicy;
-
 import org.apache.hello_world.Greeter;
 import org.apache.hello_world.services.SOAPService;
-
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
 
-import org.springframework.context.ApplicationContext;
-
 /**
  * This class tests several issues and Conduit policies based 
  * on a set up of redirecting servers.
@@ -83,88 +51,30 @@ import org.springframework.context.ApplicationContext;
  * 
  * Http Redirection:
  * 
- * Rethwel(http:9004) ------\
- *                           ----> Mortimer (http:9000)
- * Poltim(https:9005) ------/
- * 
- * HttpS redirection/Trust:
- * 
- * Tarpin(https:9003) ----> Gordy(https:9001) ----> Bethal(https:9002)
+ * Rethwel(http:9004) ----> Mortimer (http:9000)
  * 
  * Redirect Loop:
  * 
  * Hurlon (http:9006) ----> Abost(http:9007) ----\
  *   ^                                            |
  *   |-------------------------------------------/
- * 
- * Hostname Verifier Test
- * 
- * Morpit (https:9008)
- * 
- * </pre>
- * The Bethal server issues 401 with differing realms depending on the
- * User name given in the authorization header.
- * <p>
- * The Morpit has a CN that is not equal to "localhost" to kick in
- * the Hostname Verifier.
  */
 public class HTTPConduitTest extends AbstractBusClientServerTestBase {
     private static final boolean IN_PROCESS = true;
     
-    private static TLSClientParameters tlsClientParameters = new TLSClientParameters();
     private static List<String> servers = new ArrayList<String>();
 
     private static Map<String, String> addrMap = new TreeMap<String, String>();
     
-    static {
-        try {
-            //System.setProperty("javax.net.debug", "all");
-            URL key = Server.class.getResource("../../../../../keys/Morpit.jks");
-            String keystore = new File(key.toURI()).getAbsolutePath();
-            //System.out.println("Keystore: " + keystore);
-            KeyManager[] kmgrs = getKeyManagers(getKeyStore("JKS", keystore, "password"), "password");
-            
-            key = Server.class.getResource("../../../../../keys/Truststore.jks");
-            
-            String truststore = new File(key.toURI()).getAbsolutePath();
-            //System.out.println("Truststore: " + truststore);
-            TrustManager[] tmgrs = getTrustManagers(getKeyStore("JKS", truststore, "password"));
-            
-            tlsClientParameters.setKeyManagers(kmgrs);
-            tlsClientParameters.setTrustManagers(tmgrs);
-            FiltersType filters = new FiltersType();
-            filters.getInclude().add(".*_EXPORT_.*");
-            filters.getInclude().add(".*_EXPORT1024_.*");
-            filters.getInclude().add(".*_WITH_DES_.*");
-            filters.getInclude().add(".*_WITH_AES_.*");
-            filters.getInclude().add(".*_WITH_NULL_.*");
-            filters.getInclude().add(".*_DH_anon_.*");
-            tlsClientParameters.setCipherSuitesFilter(filters);
-        } catch (Exception e) {
-            throw new RuntimeException("Static initialization failed", e);
-        }
-    }
-
     private final QName serviceName = 
         new QName("http://apache.org/hello_world", "SOAPService");
-    private final QName bethalQ = 
-        new QName("http://apache.org/hello_world", "Bethal");
-    private final QName gordyQ = 
-        new QName("http://apache.org/hello_world", "Gordy");
-    private final QName tarpinQ = 
-        new QName("http://apache.org/hello_world", "Tarpin");
     private final QName rethwelQ = 
         new QName("http://apache.org/hello_world", "Rethwel");
     private final QName mortimerQ = 
         new QName("http://apache.org/hello_world", "Mortimer");
-    private final QName poltimQ = 
-        new QName("http://apache.org/hello_world", "Poltim");
     private final QName hurlonQ = 
         new QName("http://apache.org/hello_world", "Hurlon");
-    // PMD Violation because it is not used, but 
-    // it is here for completeness.
-    //private final QName abostQ = 
-        //new QName("http://apache.org/hello_world", "Abost");
+
     public HTTPConduitTest() {
     }
     
@@ -178,15 +88,9 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
         BusServer.resetPortMap();
         addrMap.clear();
         addrMap.put("Mortimer", "http://localhost:" + getPort("PORT0") + "/");
-        addrMap.put("Tarpin",   "https://localhost:" + getPort("PORT3") + "/");
-        addrMap.put("Rethwel",  "http://localhost:" + getPort("PORT4") + "/");
-        addrMap.put("Poltim",   "https://localhost:" + getPort("PORT5") + "/");
-        addrMap.put("Gordy",    "https://localhost:" + getPort("PORT1") + "/");
-        addrMap.put("Bethal",   "https://localhost:" + getPort("PORT2") + "/");
-        addrMap.put("Abost",    "http://localhost:" + getPort("PORT7") + "/");
-        addrMap.put("Hurlon",   "http://localhost:" + getPort("PORT6") + "/");
-        addrMap.put("Morpit",   "https://localhost:" + getPort("PORT8") + "/");
-        tlsClientParameters.setDisableCNCheck(true);
+        addrMap.put("Rethwel",  "http://localhost:" + getPort("PORT1") + "/");
+        addrMap.put("Abost",    "http://localhost:" + getPort("PORT2") + "/");
+        addrMap.put("Hurlon",   "http://localhost:" + getPort("PORT3") + "/");
         servers.clear();
     }
 
@@ -235,58 +139,6 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
         }
     }
 
-    public static KeyStore getKeyStore(String ksType, String file, String ksPassword)
-        throws GeneralSecurityException,
-               IOException {
-        
-        String type = ksType != null
-                    ? ksType
-                    : KeyStore.getDefaultType();
-                    
-        char[] password = ksPassword != null
-                    ? ksPassword.toCharArray()
-                    : null;
-
-        // We just use the default Keystore provider
-        KeyStore keyStore = KeyStore.getInstance(type);
-        
-        keyStore.load(new FileInputStream(file), password);
-        
-        return keyStore;
-    }
-
-    public static KeyManager[] getKeyManagers(KeyStore keyStore, String keyPassword) 
-        throws GeneralSecurityException,
-               IOException {
-        // For tests, we just use the default algorithm
-        String alg = KeyManagerFactory.getDefaultAlgorithm();
-        
-        char[] keyPass = keyPassword != null
-                     ? keyPassword.toCharArray()
-                     : null;
-        
-        // For tests, we just use the default provider.
-        KeyManagerFactory fac = KeyManagerFactory.getInstance(alg);
-                     
-        fac.init(keyStore, keyPass);
-        
-        return fac.getKeyManagers();
-    }
-
-    public static TrustManager[] getTrustManagers(KeyStore keyStore) 
-        throws GeneralSecurityException,
-               IOException {
-        // For tests, we just use the default algorithm
-        String alg = TrustManagerFactory.getDefaultAlgorithm();
-        
-        // For tests, we just use the default provider.
-        TrustManagerFactory fac = TrustManagerFactory.getInstance(alg);
-                     
-        fac.init(keyStore);
-        
-        return fac.getTrustManagers();
-    }
-
     //methods that a subclass can override to inject a Proxy into the flow
     //and assert the proxy was appropriately called
     public void configureProxy(Client c) {
@@ -349,7 +201,6 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
      * 
      * Note: Unfortunately, the invocation will 
      * "fail" for any number of other reasons.
-     * 
      */
     @Test
     public void testHttp2HttpRedirectFail() throws Exception {
@@ -364,7 +215,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
 
         Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
         assertNotNull("Port is null", rethwel);
-        updateAddressPort(rethwel, getPort("PORT4"));
+        updateAddressPort(rethwel, getPort("PORT1"));
         configureProxy(ClientProxy.getClient(rethwel));
 
         String answer = null;
@@ -414,7 +265,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
         assertNotNull("Service is null", service);
 
         Greeter rethwel = service.getPort(rethwelQ, Greeter.class);
-        updateAddressPort(rethwel, getPort("PORT4"));
+        updateAddressPort(rethwel, getPort("PORT1"));
         assertNotNull("Port is null", rethwel);
         configureProxy(ClientProxy.getClient(rethwel));
         
@@ -436,8 +287,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
         startServer("Abost");
         startServer("Hurlon");
 
-        URL config = getClass().getResource(
-                    "Http2HttpLoopRedirectFail.cxf");
+        URL config = getClass().getResource("Http2HttpLoopRedirectFail.cxf");
         
         // We go through the back door, setting the default bus.
         new DefaultBusFactory().createBus(config);
@@ -450,7 +300,7 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
 
         Greeter hurlon = service.getPort(hurlonQ, Greeter.class);
         assertNotNull("Port is null", hurlon);
-        updateAddressPort(hurlon, getPort("PORT6"));
+        updateAddressPort(hurlon, getPort("PORT3"));
         configureProxy(ClientProxy.getClient(hurlon));
         
         String answer = null;
@@ -464,489 +314,6 @@ public class HTTPConduitTest extends AbstractBusClientServerTestBase {
         }
         assertProxyRequestCount(2);        
     }
-    /**
-     * This methods tests a basic https connection to Bethal.
-     * It supplies an authorization policy with premetive user/pass
-     * to avoid the 401.
-     */
-    @Test
-    public void testHttpsBasicConnectionWithConfig() throws Exception {
-        startServer("Bethal");
-
-        URL config = getClass().getResource(
-                    "BethalClientConfig.cxf");
-        
-        // We go through the back door, setting the default bus.
-        new DefaultBusFactory().createBus(config);
-        URL wsdl = getClass().getResource("greeting.wsdl");
-        assertNotNull("WSDL is null", wsdl);
-
-        SOAPService service = new SOAPService(wsdl, serviceName);
-        assertNotNull("Service is null", service);
-
-        Greeter bethal = service.getPort(bethalQ, Greeter.class);
-
-        assertNotNull("Port is null", bethal);
-        updateAddressPort(bethal, getPort("PORT2"));
-        verifyBethalClient(bethal);        
-    }
-    
-    @Test
-    public void testGetClientFromSpringContext() throws Exception {
-        startServer("Bethal");        
-        
-        BusFactory.setDefaultBus(null);
-        // The client bean configuration file
-        URL beans = getClass().getResource("BethalClientBeans.xml");
-        // We go through the back door, setting the default bus.
-        Bus bus = new DefaultBusFactory().createBus(beans);
-        
-        ApplicationContext context = bus.getExtension(BusApplicationContext.class);
-        Greeter bethal = (Greeter)context.getBean("Bethal");        
-        updateAddressPort(bethal, getPort("PORT2"));
-        // verify the client side's setting
-        verifyBethalClient(bethal);         
-    }
-    
-    
-    
-    // we just verify the configurations are loaded successfully
-    private void verifyBethalClient(Greeter bethal) {
-        Client client = ClientProxy.getClient(bethal);
-
-        HTTPConduit http = 
-            (HTTPConduit) client.getConduit();
-        
-        HTTPClientPolicy httpClientPolicy = http.getClient();
-        assertEquals("the httpClientPolicy's autoRedirect should be true",
-                     true, httpClientPolicy.isAutoRedirect());
-        TLSClientParameters tlsParameters = http.getTlsClientParameters();
-        assertNotNull("the http conduit's tlsParameters should not be null", tlsParameters);
-        
-        
-        // If we set any name, but Edward, Mary, or George,
-        // and a password of "password" we will get through
-        // Bethal.
-        AuthorizationPolicy authPolicy = http.getAuthorization();
-        assertEquals("Set the wrong user name from the configuration",
-                     "Betty", authPolicy.getUserName());
-        assertEquals("Set the wrong pass word form the configuration",
-                     "password", authPolicy.getPassword());
-
-        configureProxy(ClientProxy.getClient(bethal));
-        
-        String answer = bethal.sayHi();
-        answer = bethal.sayHi();
-        answer = bethal.sayHi();
-        answer = bethal.sayHi();
-        answer = bethal.sayHi();
-        assertTrue("Unexpected answer: " + answer, 
-                "Bonjour from Bethal".equals(answer));
-        
-        //With HTTPS, it will just be a CONNECT to the proxy and all the 
-        //data is encrypted.  Thus, the proxy cannot distinquish the requests
-        assertProxyRequestCount(0);
-    }
-    
-    /**
-     * This methods tests a basic https connection to Bethal.
-     * It supplies an authorization policy with premetive user/pass
-     * to avoid the 401.
-     */
-    @Test
-    public void testHttpsBasicConnection() throws Exception {
-        startServer("Bethal");
-
-        URL wsdl = getClass().getResource("greeting.wsdl");
-        assertNotNull("WSDL is null", wsdl);
-
-        SOAPService service = new SOAPService(wsdl, serviceName);
-        assertNotNull("Service is null", service);
-
-        Greeter bethal = service.getPort(bethalQ, Greeter.class);
-        assertNotNull("Port is null", bethal);
-        updateAddressPort(bethal, getPort("PORT2"));
-        
-        // Okay, I'm sick of configuration files.
-        // This also tests dynamic configuration of the conduit.
-        Client client = ClientProxy.getClient(bethal);
-        HTTPConduit http = 
-            (HTTPConduit) client.getConduit();
-        
-        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-        
-        httpClientPolicy.setAutoRedirect(false);
-        // If we set any name, but Edward, Mary, or George,
-        // and a password of "password" we will get through
-        // Bethal.
-        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
-        authPolicy.setUserName("Betty");
-        authPolicy.setPassword("password");
-        
-        http.setClient(httpClientPolicy);
-        http.setTlsClientParameters(tlsClientParameters);
-        http.setAuthorization(authPolicy);
-        
-        configureProxy(client);
-        String answer = bethal.sayHi();
-        assertTrue("Unexpected answer: " + answer, 
-                "Bonjour from Bethal".equals(answer));
-        assertProxyRequestCount(0);
-    }
-    
-
-    @Test
-    public void testHttpsRedirectToHttpFail() throws Exception {
-        startServer("Mortimer");
-        startServer("Poltim");
-
-        URL wsdl = getClass().getResource("greeting.wsdl");
-        assertNotNull("WSDL is null", wsdl);
-
-        SOAPService service = new SOAPService(wsdl, serviceName);
-        assertNotNull("Service is null", service);
-
-        Greeter poltim = service.getPort(poltimQ, Greeter.class);
-        assertNotNull("Port is null", poltim);
-        updateAddressPort(poltim, getPort("PORT5"));
-
-        // Okay, I'm sick of configuration files.
-        // This also tests dynamic configuration of the conduit.
-        Client client = ClientProxy.getClient(poltim);
-        HTTPConduit http = 
-            (HTTPConduit) client.getConduit();
-        
-        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-        
-        httpClientPolicy.setAutoRedirect(true);
-        
-        http.setClient(httpClientPolicy);
-        http.setTlsClientParameters(tlsClientParameters);
-        configureProxy(client);
-        poltim.sayHi();
-        //client -> poltim is https and thus not recorded but then redirected to mortimer
-        //client -> mortimer is http and recoreded
-        assertProxyRequestCount(1);
-    }
-    
-    class MyHttpsTrustDecider extends MessageTrustDecider {
-        
-        private String[] trustName;
-        private int      called;
-        
-        MyHttpsTrustDecider(String name) {
-            trustName = new String[] {name};
-        }
-        
-        MyHttpsTrustDecider(String[] name) {
-            trustName = name;
-        }
-        
-        public int wasCalled() {
-            return called;
-        }
-        
-        public void establishTrust(
-            String            conduitName,
-            URLConnectionInfo cinfo,
-            Message           message
-        ) throws UntrustedURLConnectionIOException {
-        
-            called++;
-
-            HttpsURLConnectionInfo ci = (HttpsURLConnectionInfo) cinfo;
-            boolean trusted = false;
-            for (int i = 0; i < trustName.length; i++) {
-                trusted = trusted 
-                         || ci.getPeerPrincipal()
-                                 .toString().contains("OU=" + trustName[i]);
-            }
-            if (!trusted) {
-                throw new UntrustedURLConnectionIOException(
-                        "Peer Principal \"" 
-                        + ci.getPeerPrincipal() 
-                        + "\" does not contain " 
-                        + getTrustNames());
-            }
-        }
-        
-        private String getTrustNames() {
-            StringBuffer sb = new StringBuffer();
-            for (int i = 0; i < trustName.length; i++) {
-                sb.append("\"OU=");
-                sb.append(trustName[i]);
-                sb.append("\"");
-                if (i < trustName.length - 1) {
-                    sb.append(", ");
-                }
-            }
-            return sb.toString();
-        }
-    }
-    
-
-    @Test
-    public void testHttpsTrust() throws Exception {
-        startServer("Bethal");
-
-        URL wsdl = getClass().getResource("greeting.wsdl");
-        assertNotNull("WSDL is null", wsdl);
-
-        SOAPService service = new SOAPService(wsdl, serviceName);
-        assertNotNull("Service is null", service);
-
-        Greeter bethal = service.getPort(bethalQ, Greeter.class);
-        assertNotNull("Port is null", bethal);
-        updateAddressPort(bethal, getPort("PORT2"));
-        
-        // Okay, I'm sick of configuration files.
-        // This also tests dynamic configuration of the conduit.
-        Client client = ClientProxy.getClient(bethal);
-        HTTPConduit http = 
-            (HTTPConduit) client.getConduit();
-        
-        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-        
-        httpClientPolicy.setAutoRedirect(false);
-        // If we set any name, but Edward, Mary, or George,
-        // and a password of "password" we will get through
-        // Bethal.
-        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
-        authPolicy.setUserName("Betty");
-        authPolicy.setPassword("password");
-        
-        http.setClient(httpClientPolicy);
-        http.setTlsClientParameters(tlsClientParameters);
-        http.setAuthorization(authPolicy);
-        
-        // Our expected server should be OU=Bethal
-        http.setTrustDecider(new MyHttpsTrustDecider("Bethal"));
-        
-        configureProxy(client);
-        String answer = bethal.sayHi();
-        assertTrue("Unexpected answer: " + answer, 
-                "Bonjour from Bethal".equals(answer));
-        assertProxyRequestCount(0);
-        
-        
-        // Nobody will not equal OU=Bethal
-        MyHttpsTrustDecider trustDecider =
-                                 new MyHttpsTrustDecider("Nobody");
-        http.setTrustDecider(trustDecider);
-        try {
-            answer = bethal.sayHi();
-            fail("Unexpected answer from Bethal: " + answer);
-        } catch (Exception e) {
-            //e.printStackTrace();
-            //assertTrue("Trust Decider was not called", 
-            //              0 > trustDecider.wasCalled());
-        }
-        assertProxyRequestCount(0);
-    }
-
-    @Test
-    public void testHttpsTrustRedirect() throws Exception {
-        startServer("Tarpin");
-        startServer("Gordy");
-        startServer("Bethal");
-
-        URL wsdl = getClass().getResource("greeting.wsdl");
-        assertNotNull("WSDL is null", wsdl);
-
-        SOAPService service = new SOAPService(wsdl, serviceName);
-        assertNotNull("Service is null", service);
-
-        Greeter tarpin = service.getPort(tarpinQ, Greeter.class);
-        assertNotNull("Port is null", tarpin);
-        updateAddressPort(tarpin, getPort("PORT3"));
-        
-        // Okay, I'm sick of configuration files.
-        // This also tests dynamic configuration of the conduit.
-        Client client = ClientProxy.getClient(tarpin);
-        HTTPConduit http = 
-            (HTTPConduit) client.getConduit();
-        
-        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-        
-        httpClientPolicy.setAutoRedirect(true);
-        // If we set any name, but Edward, Mary, or George,
-        // and a password of "password" we will get through
-        // Bethal.
-        AuthorizationPolicy authPolicy = new AuthorizationPolicy();
-        authPolicy.setUserName("Betty");
-        authPolicy.setPassword("password");
-        
-        http.setClient(httpClientPolicy);
-        http.setTlsClientParameters(tlsClientParameters);
-        http.setAuthorization(authPolicy);
-        
-        // We get redirected from Tarpin, to Gordy, to Bethal.
-        MyHttpsTrustDecider trustDecider =
-            new MyHttpsTrustDecider(
-                    new String[] {"Tarpin", "Gordy", "Bethal"});
-        http.setTrustDecider(trustDecider);
-        
-        // We actually get our answer from Bethal at the end of the
-        // redirects.
-        configureProxy(ClientProxy.getClient(tarpin));
-        String answer = tarpin.sayHi();
-        assertProxyRequestCount(0);
-        
-        assertTrue("Trust Decider wasn't called correctly", 
-                       3 == trustDecider.wasCalled());
-        assertTrue("Unexpected answer: " + answer, 
-                "Bonjour from Bethal".equals(answer));
-        
-        // Limit the redirects to 1, since there are two, this should fail.
-        http.getClient().setMaxRetransmits(1);
-
-        try {
-            answer = tarpin.sayHi();
-            fail("Unexpected answer from Tarpin: " + answer);
-        } catch (Exception e) {
-            //e.printStackTrace();
-        }
-        assertProxyRequestCount(0);
-        
-        // Set back to unlimited.
-        http.getClient().setMaxRetransmits(-1);
-        
-        // Effectively we will not trust Gordy in the middle.
-        trustDecider = 
-                new MyHttpsTrustDecider(
-                    new String[] {"Tarpin", "Bethal"});
-        http.setTrustDecider(trustDecider);
-        
-        try {
-            answer = tarpin.sayHi();
-            fail("Unexpected answer from Tarpin: " + answer);
-        } catch (Exception e) {
-            //e.printStackTrace();
-            assertTrue("Trust Decider wasn't called correctly",
-                     2 == trustDecider.wasCalled());
-        }
-        assertProxyRequestCount(0);
-    }
-
-    public class MyBasicAuthSupplier implements HttpAuthSupplier {
-
-        String realm;
-        String user;
-        String pass;
-        
-        /**
-         * This will loop from Cronus, to Andromeda, to Zorantius
-         */
-        MyBasicAuthSupplier() {
-        }
-        
-        MyBasicAuthSupplier(String r, String u, String p) {
-            realm = r;
-            user  = u;
-            pass  = p;
-        }
-
-        /**
-         * If we don't have the realm set, then we loop
-         * through the realms.
-         */
-        public String getAuthorization(
-                AuthorizationPolicy authPolicy,
-                URI     currentURI,
-                Message message,
-                String fullHeader
-        ) {
-            String reqestedRealm = new HttpAuthHeader(fullHeader).getRealm();
-            if (realm != null && realm.equals(reqestedRealm)) {
-                return createUserPass(user, pass);
-            }
-            if ("Andromeda".equals(reqestedRealm)) {
-                // This will get us another 401 to Zorantius
-                return createUserPass("Edward", "password");
-            }
-            if ("Zorantius".equals(reqestedRealm)) {
-                // George will get us another 401 to Cronus
-                return createUserPass("George", "password");
-            }
-            if ("Cronus".equals(reqestedRealm)) {
-                // Mary will get us another 401 to Andromeda
-                return createUserPass("Mary", "password");
-            }
-            return null;
-        }
-
-        private String createUserPass(String usr, String pwd) {
-            String userpass = usr + ":" + pwd;
-            String token = Base64Utility.encode(userpass.getBytes());
-            return "Basic " + token;
-        }
-
-        public boolean requiresRequestCaching() {
-            return false;
-        }
-
-    }
-
-    /**
-     * This tests redirects through Gordy to Bethal. Bethal will
-     * supply a series of 401s. See PushBack401.
-     */
-    @Test    
-    public void testHttpsRedirect401Response() throws Exception {
-        startServer("Gordy");
-        startServer("Bethal");
-
-        URL wsdl = getClass().getResource("greeting.wsdl");
-        assertNotNull("WSDL is null", wsdl);
-
-        SOAPService service = new SOAPService(wsdl, serviceName);
-        assertNotNull("Service is null", service);
-
-        Greeter gordy = service.getPort(gordyQ, Greeter.class);
-        assertNotNull("Port is null", gordy);
-        updateAddressPort(gordy, getPort("PORT1"));
-        
-        // Okay, I'm sick of configuration files.
-        // This also tests dynamic configuration of the conduit.
-        Client client = ClientProxy.getClient(gordy);
-        HTTPConduit http = 
-            (HTTPConduit) client.getConduit();
-        
-        HTTPClientPolicy httpClientPolicy = new HTTPClientPolicy();
-        
-        httpClientPolicy.setAutoRedirect(true);
-        http.setClient(httpClientPolicy);
-        http.setTlsClientParameters(tlsClientParameters);
-        
-        // We get redirected from Gordy, to Bethal.
-        http.setTrustDecider(
-                new MyHttpsTrustDecider(
-                        new String[] {"Gordy", "Bethal"}));
-        
-        // Without preemptive user/pass Bethal returns a
-        // 401 for realm Cronus. If we supply any name other
-        // than Edward, George, or Mary, with the pass of "password"
-        // we should succeed.
-        http.setAuthSupplier(
-                new MyBasicAuthSupplier("Cronus", "Betty", "password"));
-        
-        // We actually get our answer from Bethal at the end of the
-        // redirects.
-        String answer = gordy.sayHi();
-        assertTrue("Unexpected answer: " + answer, 
-                "Bonjour from Bethal".equals(answer));
-        
-        // The loop auth supplier, 
-        // We should die with looping realms.
-        http.setAuthSupplier(new MyBasicAuthSupplier());
-        
-        try {
-            answer = gordy.sayHi();
-            fail("Unexpected answer from Gordy: " + answer);
-        } catch (Exception e) {
-            //e.printStackTrace();
-        }
-    }
     
 }
 

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
deleted file mode 100644
index 69b4dd0..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/HTTPSClientTest.java
+++ /dev/null
@@ -1,250 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import java.net.URL;
-
-import javax.net.ssl.KeyManager;
-import javax.net.ssl.TrustManager;
-import javax.xml.ws.BindingProvider;
-
-import org.apache.cxf.BusFactory;
-import org.apache.cxf.configuration.Configurer;
-import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
-import org.apache.cxf.configuration.security.KeyManagersType;
-import org.apache.cxf.configuration.security.KeyStoreType;
-import org.apache.cxf.configuration.security.TrustManagersType;
-import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
-import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
-import org.apache.hello_world.Greeter;
-import org.apache.hello_world.services.SOAPService;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * This test is meant to run against a spring-loaded
- * HTTP/S service.
- */
-public class HTTPSClientTest extends AbstractBusClientServerTestBase {
-    //
-    // data
-    //
-    
-    /**
-     * the package path used to locate resources specific to this test
-     */
-    private void setTheConfiguration(String config) {
-        //System.setProperty("javax.net.debug", "all");
-        try {
-            System.setProperty(
-                Configurer.USER_CFG_FILE_PROPERTY_URL,
-                HTTPSClientTest.class.getResource(config).toString()
-            );
-        } catch (final Exception e) {
-            e.printStackTrace();
-        }
-    }
-    
-    @BeforeClass
-    public static void setupPorts() {
-        BusServer.resetPortMap();
-    }
-          
-    public void startServers() throws Exception {
-        assertTrue(
-            "Server failed to launch",
-            // run the server in the same process
-            // set this to false to fork a new process
-            launchServer(BusServer.class, true)
-        );
-    }
-    
-    
-    public void stopServers() throws Exception {
-        stopAllServers();
-        System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
-        BusFactory.setDefaultBus(null);
-        BusFactory.setThreadDefaultBus(null);
-    }    
-    
-    
-    //
-    // tests
-    //
-    public final void testSuccessfulCall(String configuration,
-                                         String address) throws Exception {
-        testSuccessfulCall(configuration, address, null);
-    }
-    public final void testSuccessfulCall(String configuration,
-                                         String address,
-                                         URL url) throws Exception {
-        testSuccessfulCall(configuration, address, url, false);
-    }
-    public final void testSuccessfulCall(String configuration,
-                                         String address,
-                                         URL url, 
-                                         boolean dynamicClient) throws Exception {
-        setTheConfiguration(configuration);
-        startServers();
-        if (url == null) {
-            url = SOAPService.WSDL_LOCATION;
-        }
-        
-        //CXF-4037 - dynamic client isn't using the conduit settings to resolve schemas
-        if (dynamicClient) {
-            ClassLoader loader = Thread.currentThread().getContextClassLoader();
-            JaxWsDynamicClientFactory.newInstance(BusFactory.getDefaultBus())
-                .createClient(url.toExternalForm());
-            Thread.currentThread().setContextClassLoader(loader);
-        }
-
-        
-        
-        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
-        assertNotNull("Service is null", service);   
-        final Greeter port = service.getHttpsPort();
-        assertNotNull("Port is null", port);
-        
-        BindingProvider provider = (BindingProvider)port;
-        provider.getRequestContext().put(
-              BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
-              address);
-        
-        //provider.getRequestContext().put("use.async.http.conduit", Boolean.TRUE);
-        //for (int x = 0; x < 100000; x++) {
-        assertEquals(port.greetMe("Kitty"), "Hello Kitty");
-        //}
-        
-        
-        stopServers();
-    }
-    
-    @Test
-    public final void testJaxwsServer() throws Exception {
-        testSuccessfulCall("jaxws-server.xml", 
-                           "https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");        
-    }
-    @Test
-    public final void testJaxwsServerChangeHttpsToHttp() throws Exception {
-        testSuccessfulCall("jaxws-server.xml", 
-                            "http://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpPort");    
-    }    
-    @Test
-    public final void testJaxwsEndpoint() throws Exception {
-        testSuccessfulCall("jaxws-publish.xml",
-                           "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
-    }
-    @Test
-    public final void testJaxwsEndpointCallback() throws Exception {
-        testSuccessfulCall("jaxws-publish-callback.xml",
-                           "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
-    }
-    @Test
-    public final void testJaxwsTLSRefsEndpoint() throws Exception {
-        testSuccessfulCall("jaxws-tlsrefs-publish.xml",
-                           "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
-    }
-    @Test
-    public final void testPKCS12Endpoint() throws Exception {
-        testSuccessfulCall("pkcs12.xml",
-                           "https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
-    }
-    
-    @Test
-    public final void testResourceKeySpecEndpoint() throws Exception {
-        testSuccessfulCall("resource-key-spec.xml",
-                           "https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
-    }
-    @Test
-    public final void testResourceKeySpecEndpointURL() throws Exception {
-        testSuccessfulCall("resource-key-spec-url.xml",
-                           "https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort",
-                           new URL("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort?wsdl"),
-                           true);
-        
-    }
-    
-    public static class ServerManagersFactory {
-        public static KeyManager[] getKeyManagers() {
-            KeyManagersType kmt = new KeyManagersType();
-            KeyStoreType kst = new KeyStoreType();
-            kst.setFile("src/test/resources/keys/Bethal.jks");
-            kst.setPassword("password");
-            kst.setType("JKS");
-        
-            kmt.setKeyStore(kst);
-            kmt.setKeyPassword("password");
-            try {
-                return TLSParameterJaxBUtils.getKeyManagers(kmt);
-            } catch (Exception e) {
-                throw new RuntimeException("failed to retrieve key managers", e);
-            }
-        }
-    
-        public static TrustManager[] getTrustManagers() {
-            TrustManagersType tmt = new TrustManagersType();
-            KeyStoreType kst = new KeyStoreType();
-            kst.setFile("src/test/resources/keys/Truststore.jks");
-            kst.setPassword("password");
-            kst.setType("JKS");
-        
-            tmt.setKeyStore(kst);
-            try {
-                return TLSParameterJaxBUtils.getTrustManagers(tmt);
-            } catch (Exception e) {
-                throw new RuntimeException("failed to retrieve trust managers", e);
-            }
-        }
-    }
-
-    public static class ClientManagersFactory {
-        public static KeyManager[] getKeyManagers() {
-            KeyManagersType kmt = new KeyManagersType();
-            KeyStoreType kst = new KeyStoreType();
-            kst.setFile("src/test/resources/keys/Morpit.jks");
-            kst.setPassword("password");
-            kst.setType("JKS");
-        
-            kmt.setKeyStore(kst);
-            kmt.setKeyPassword("password");
-            try {
-                return TLSParameterJaxBUtils.getKeyManagers(kmt);
-            } catch (Exception e) {
-                throw new RuntimeException("failed to retrieve key managers", e);
-            }
-        }
-    
-        public static TrustManager[] getTrustManagers() {
-            TrustManagersType tmt = new TrustManagersType();
-            KeyStoreType kst = new KeyStoreType();
-            kst.setFile("src/test/resources/keys/Truststore.jks");
-            kst.setPassword("password");
-            kst.setType("JKS");
-        
-            tmt.setKeyStore(kst);
-            try {
-                return TLSParameterJaxBUtils.getTrustManagers(tmt);
-            } catch (Exception e) {
-                throw new RuntimeException("failed to retrieve trust managers", e);
-            }
-        }
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/http/KeyPasswordCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/KeyPasswordCallbackHandler.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/KeyPasswordCallbackHandler.java
deleted file mode 100644
index 118d766..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/KeyPasswordCallbackHandler.java
+++ /dev/null
@@ -1,39 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-package org.apache.cxf.systest.http;
-
-import java.io.IOException;
-
-import javax.security.auth.callback.Callback;
-import javax.security.auth.callback.CallbackHandler;
-import javax.security.auth.callback.PasswordCallback;
-import javax.security.auth.callback.UnsupportedCallbackException;
-
-public class KeyPasswordCallbackHandler implements CallbackHandler {
-
-    @Override
-    public void handle(Callback[] callbacks) throws IOException,
-        UnsupportedCallbackException {
-        for (int i = 0; i < callbacks.length; i++) {
-            PasswordCallback pc = (PasswordCallback)callbacks[i];
-            pc.setPassword("password".toCharArray());
-        }
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java
deleted file mode 100644
index f812a3d..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/PushBack401.java
+++ /dev/null
@@ -1,223 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import java.io.IOException;
-import java.io.OutputStream;
-import java.net.HttpURLConnection;
-import java.util.Arrays;
-import java.util.List;
-import java.util.Map;
-
-import org.apache.cxf.common.util.Base64Utility;
-import org.apache.cxf.endpoint.Endpoint;
-import org.apache.cxf.helpers.IOUtils;
-import org.apache.cxf.interceptor.Fault;
-import org.apache.cxf.message.Exchange;
-import org.apache.cxf.message.Message;
-import org.apache.cxf.message.MessageImpl;
-import org.apache.cxf.phase.AbstractPhaseInterceptor;
-import org.apache.cxf.phase.Phase;
-import org.apache.cxf.transport.Conduit;
-import org.apache.cxf.transport.http.Headers;
-
-/*
- * This interceptor will issue 401s
- *    No Authorization Header  --> 401 Realm=Cronus
- *    Username Mary            --> 401 Realm=Andromeda
- *    Username Edward          --> 401 Realm=Zorantius
- *    Username George          --> 401 Realm=Cronus
- *    If the password is not "password" a 401 is issued without 
- *    realm.
- */
-public class PushBack401 extends AbstractPhaseInterceptor<Message> {
-    
-    PushBack401() {
-        super(Phase.RECEIVE);
-    }
-    
-    /**
-     * This function extracts the user:pass token from 
-     * the Authorization:Basic header. It returns a two element
-     * String array, the first being the userid, the second
-     * being the password. It returns null, if it cannot parse.
-     */
-    private String[] extractUserPass(String token) {
-        try {
-            byte[] userpass = Base64Utility.decode(token);
-            String up = IOUtils.newStringFromBytes(userpass);
-            String user = up.substring(0, up.indexOf(':'));
-            String pass = up.substring(up.indexOf(':') + 1);
-            return new String[] {user, pass};
-        } catch (Exception e) {
-            return null;
-        }
-        
-    }
-    
-    /**
-     * This function returns the realm which depends on 
-     * the user name, as follows:
-     * <pre>
-     *    Username Mary            --> Andromeda
-     *    Username Edward          --> Zorantius
-     *    Username George          --> Cronus
-     * </pre>
-     * However, if the password is not "password" this function 
-     * throws an exception, regardless.
-     */
-    private String checkUserPass(
-        String user,
-        String pass
-    ) throws Exception {
-        //System.out.println("Got user: " + user + " pass: " + pass);
-        if (!"password".equals(pass)) {
-            throw new Exception("bad password");
-        }
-        if ("Mary".equals(user)) {
-            return "Andromeda";
-        }
-        if ("Edward".equals(user)) {
-            return "Zorantius";
-        }
-        if ("George".equals(user)) {
-            return "Cronus";
-        }
-        return null;
-    }
-    
-    @SuppressWarnings("unchecked")
-    public void handleMessage(Message message) throws Fault {
-        
-        Map<String, List<String>> headers =
-            (Map<String, List<String>>) 
-                message.get(Message.PROTOCOL_HEADERS);
-        
-        List<String> auth = headers.get("Authorization");
-        if (auth == null) {
-            // No Auth Header, respond with 401 Realm=Cronus
-            replyUnauthorized(message, "Cronus");
-            return;
-        } else {
-            for (String a : auth) {
-                if (a.startsWith("Basic ")) {
-                    String[] userpass = 
-                        extractUserPass(a.substring("Basic ".length()));
-                    if (userpass != null) {
-                        try {
-                            String realm = 
-                                checkUserPass(userpass[0], userpass[1]);
-                            if (realm != null) {
-                                replyUnauthorized(message, realm);
-                                return;
-                            } else {
-                                // Password is good and no realm
-                                // We just return for successful fall thru.
-                                return;
-                            }
-                        } catch (Exception e) {
-                            // Bad Password
-                            replyUnauthorized(message, null);
-                            return;
-                        }
-                    }
-                }
-            }
-            // No Authorization: Basic
-            replyUnauthorized(message, null);
-            return;
-        }
-    }
-    
-    /**
-     * This function issues a 401 response back down the conduit.
-     * If the realm is not null, a WWW-Authenticate: Basic realm=
-     * header is sent. The interceptor chain is aborted stopping
-     * the Message from going to the servant.
-     */
-    private void replyUnauthorized(Message message, String realm) {
-        Message outMessage = getOutMessage(message);
-        outMessage.put(Message.RESPONSE_CODE, 
-                HttpURLConnection.HTTP_UNAUTHORIZED);
-        
-        if (realm != null) {
-            setHeader(outMessage, 
-                      "WWW-Authenticate", "Basic realm=" + realm);
-        }
-        message.getInterceptorChain().abort();
-        try {
-            getConduit(message).prepare(outMessage);
-            close(outMessage);
-        } catch (IOException e) {
-            //System.out.println("Prepare of message not working." + e);
-            e.printStackTrace();
-        }
-    }
-    
-    /**
-     * Retrieves/creates the corresponding Outbound Message.
-     */
-    private Message getOutMessage(Message message) {
-        Exchange exchange = message.getExchange();
-        Message outMessage = exchange.getOutMessage();
-        if (outMessage == null) {
-            Endpoint endpoint = exchange.get(Endpoint.class);
-            outMessage = new MessageImpl();
-            outMessage.putAll(message);
-            outMessage.remove(Message.PROTOCOL_HEADERS);
-            outMessage.setExchange(exchange);
-            outMessage = endpoint.getBinding().createMessage(outMessage);
-            exchange.setOutMessage(outMessage);
-        }
-        return outMessage;
-    }
-    
-    /**
-     * This function sets the header in the PROTOCO_HEADERS of
-     * the message.
-     */
-    private void setHeader(Message message, String key, String value) {
-        Map<String, List<String>> responseHeaders = Headers.getSetProtocolHeaders(message);
-        responseHeaders.put(key, Arrays.asList(new String[] {value}));
-    }
-    
-    /**
-     * This method retrieves/creates the conduit for the response
-     * message.
-     */
-    private Conduit getConduit(Message message) throws IOException {
-        Exchange exchange = message.getExchange();
-        Conduit conduit =
-            exchange.getDestination().getBackChannel(message);
-        exchange.setConduit(conduit);
-        return conduit;
-    }
-    
-    /**
-     * This method closes the output stream associated with the
-     * message.
-     */
-    private void close(Message message) throws IOException {
-        OutputStream os = message.getContent(OutputStream.class);
-        os.flush();
-        os.close();
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java b/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
deleted file mode 100644
index 01b60af..0000000
--- a/systests/transports/src/test/java/org/apache/cxf/systest/http/TrustHandler.java
+++ /dev/null
@@ -1,58 +0,0 @@
-/**
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-package org.apache.cxf.systest.http;
-
-import org.apache.cxf.message.Message;
-import org.apache.cxf.transport.http.MessageTrustDecider;
-import org.apache.cxf.transport.http.URLConnectionInfo;
-import org.apache.cxf.transport.http.UntrustedURLConnectionIOException;
-
-public class TrustHandler
-    extends MessageTrustDecider {
-    
-    public TrustHandler() {
-        // Set the logical name.
-        super("The System Test Trust Decider");
-    }
-    
-    public void establishTrust(
-        String                  conduitName,
-        URLConnectionInfo       connectionInfo,
-        Message                 message
-    ) throws UntrustedURLConnectionIOException {
-        System.out.println("Trust decision for conduit: "
-                + conduitName + " and " 
-                + connectionInfo.getURI());
-        /*if (connectionInfo instanceof HttpURLConnectionInfo) {
-            HttpURLConnectionInfo c = (HttpURLConnectionInfo) connectionInfo;
-            System.out.println("Http method: " 
-                   + c.getHttpRequestMethod() + " on " + c.getURI());
-        }
-        if (connectionInfo instanceof HttpsURLConnectionInfo) {
-            HttpsURLConnectionInfo c = (HttpsURLConnectionInfo) connectionInfo;
-            System.out.println("TLS Connection to: " + c.getURI());
-            System.out.println("Enabled Cipher: " + c.getEnabledCipherSuite());
-            System.out.println("Local Principal: " + c.getLocalPrincipal());
-            System.out.println("Peer Principal: " + c.getPeerPrincipal());
-        }
-        */
-        //throw new UntrustedURLConnectionIOException("No Way Jose"); 
-    }
-}

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java
new file mode 100644
index 0000000..5b0856d
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/CertConstraintsTest.java
@@ -0,0 +1,162 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.https;
+
+import java.net.URL;
+
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * This test is meant to run against a spring-loaded HTTP/S service. It tests the certificate
+ * constraints logic.
+ */
+public class CertConstraintsTest extends AbstractBusClientServerTestBase {
+    //
+    // data
+    //
+    
+    @BeforeClass
+    public static void allocatePorts() {
+        BusServer.resetPortMap();
+    }
+    
+    /**
+     * the package path used to locate resources specific to this test
+     */
+    private void setTheConfiguration(String config) {
+        //System.setProperty("javax.net.debug", "all");
+        try {
+            System.setProperty(
+                Configurer.USER_CFG_FILE_PROPERTY_URL,
+                CertConstraintsTest.class.getResource(config).toString()
+            );
+        } catch (final Exception e) {
+            e.printStackTrace();
+        }
+    }
+          
+    public void startServers() throws Exception {
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork a new process
+            launchServer(BusServer.class, true)
+        );
+    }
+    
+    
+    public void stopServers() throws Exception {
+        stopAllServers();
+        System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
+        BusFactory.setDefaultBus(null);
+        BusFactory.setThreadDefaultBus(null);
+    }    
+    
+    
+    //
+    // tests
+    //
+    public final void testSuccessfulCall(String address) throws Exception {
+        URL url = SOAPService.WSDL_LOCATION;
+        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+        assertNotNull("Service is null", service);   
+        final Greeter port = service.getHttpsPort();
+        assertNotNull("Port is null", port);
+        
+        BindingProvider provider = (BindingProvider)port;
+        provider.getRequestContext().put(
+              BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+              address);
+        
+        assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+    }
+    
+    public final void testFailedCall(String address) throws Exception {
+        URL url = SOAPService.WSDL_LOCATION;
+        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+        assertNotNull("Service is null", service);   
+        final Greeter port = service.getHttpsPort();
+        assertNotNull("Port is null", port);
+
+        BindingProvider provider = (BindingProvider)port;
+        provider.getRequestContext().put(
+                BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+                address);
+
+        try {
+            assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+            fail("Failure expected");
+        } catch (javax.xml.ws.soap.SOAPFaultException ex) {
+            // expected
+        } catch (javax.xml.ws.WebServiceException ex) {
+            // expected
+        }
+    }
+    
+    @Test
+    public final void testCertConstraints() throws Exception {
+        setTheConfiguration("jaxws-server-constraints.xml");
+        startServers();
+        
+        //
+        // Good Subject DN
+        //
+        testSuccessfulCall("https://localhost:" + BusServer.getPort(0) + "/SoapContext/HttpsPort");
+        //
+        // Bad Subject DN
+        //
+        testFailedCall("https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
+        //
+        // Mixed Subject DN (ALL)
+        //
+        testFailedCall("https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");
+        //
+        // Mixed Subject DN (ANY)
+        //
+        testSuccessfulCall("https://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpsPort");
+        //
+        // Mixed Issuer DN (ALL)
+        //
+        testFailedCall("https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
+        //
+        // Mixed Issuer DN (ANY)
+        //
+        testSuccessfulCall("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort");
+        //
+        // Bad server Subject DN
+        //
+        testFailedCall("https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
+        //
+        // Bad server Issuer DN
+        //
+        testFailedCall("https://localhost:" + BusServer.getPort(7) + "/SoapContext/HttpsPort");
+        
+        stopServers();
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java
new file mode 100644
index 0000000..8bc2fe0
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/HTTPSClientTest.java
@@ -0,0 +1,249 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.systest.https;
+
+import java.net.URL;
+
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.TrustManager;
+import javax.xml.ws.BindingProvider;
+
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.Configurer;
+import org.apache.cxf.configuration.jsse.TLSParameterJaxBUtils;
+import org.apache.cxf.configuration.security.KeyManagersType;
+import org.apache.cxf.configuration.security.KeyStoreType;
+import org.apache.cxf.configuration.security.TrustManagersType;
+import org.apache.cxf.jaxws.endpoint.dynamic.JaxWsDynamicClientFactory;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.hello_world.Greeter;
+import org.apache.hello_world.services.SOAPService;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * This test is meant to run against a spring-loaded
+ * HTTP/S service.
+ */
+public class HTTPSClientTest extends AbstractBusClientServerTestBase {
+    //
+    // data
+    //
+    
+    /**
+     * the package path used to locate resources specific to this test
+     */
+    private void setTheConfiguration(String config) {
+        //System.setProperty("javax.net.debug", "all");
+        try {
+            System.setProperty(
+                Configurer.USER_CFG_FILE_PROPERTY_URL,
+                HTTPSClientTest.class.getResource(config).toString()
+            );
+        } catch (final Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    @BeforeClass
+    public static void setupPorts() {
+        BusServer.resetPortMap();
+    }
+          
+    public void startServers() throws Exception {
+        assertTrue(
+            "Server failed to launch",
+            // run the server in the same process
+            // set this to false to fork a new process
+            launchServer(BusServer.class, true)
+        );
+    }
+    
+    
+    public void stopServers() throws Exception {
+        stopAllServers();
+        System.clearProperty(Configurer.USER_CFG_FILE_PROPERTY_URL);
+        BusFactory.setDefaultBus(null);
+        BusFactory.setThreadDefaultBus(null);
+    }    
+    
+    
+    //
+    // tests
+    //
+    public final void testSuccessfulCall(String configuration,
+                                         String address) throws Exception {
+        testSuccessfulCall(configuration, address, null);
+    }
+    public final void testSuccessfulCall(String configuration,
+                                         String address,
+                                         URL url) throws Exception {
+        testSuccessfulCall(configuration, address, url, false);
+    }
+    public final void testSuccessfulCall(String configuration,
+                                         String address,
+                                         URL url, 
+                                         boolean dynamicClient) throws Exception {
+        setTheConfiguration(configuration);
+        startServers();
+        if (url == null) {
+            url = SOAPService.WSDL_LOCATION;
+        }
+        
+        //CXF-4037 - dynamic client isn't using the conduit settings to resolve schemas
+        if (dynamicClient) {
+            ClassLoader loader = Thread.currentThread().getContextClassLoader();
+            JaxWsDynamicClientFactory.newInstance(BusFactory.getDefaultBus())
+                .createClient(url.toExternalForm());
+            Thread.currentThread().setContextClassLoader(loader);
+        }
+
+        
+        
+        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+        assertNotNull("Service is null", service);   
+        final Greeter port = service.getHttpsPort();
+        assertNotNull("Port is null", port);
+        
+        BindingProvider provider = (BindingProvider)port;
+        provider.getRequestContext().put(
+              BindingProvider.ENDPOINT_ADDRESS_PROPERTY,
+              address);
+        
+        //provider.getRequestContext().put("use.async.http.conduit", Boolean.TRUE);
+        //for (int x = 0; x < 100000; x++) {
+        assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+        //}
+        
+        
+        stopServers();
+    }
+    
+    @Test
+    public final void testJaxwsServer() throws Exception {
+        testSuccessfulCall("jaxws-server.xml", 
+                           "https://localhost:" + BusServer.getPort(2) + "/SoapContext/HttpsPort");        
+    }
+    @Test
+    public final void testJaxwsServerChangeHttpsToHttp() throws Exception {
+        testSuccessfulCall("jaxws-server.xml", 
+                            "http://localhost:" + BusServer.getPort(3) + "/SoapContext/HttpPort");    
+    }    
+    @Test
+    public final void testJaxwsEndpoint() throws Exception {
+        testSuccessfulCall("jaxws-publish.xml",
+                           "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
+    }
+    @Test
+    public final void testJaxwsEndpointCallback() throws Exception {
+        testSuccessfulCall("jaxws-publish-callback.xml",
+                           "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
+    }
+    @Test
+    public final void testJaxwsTLSRefsEndpoint() throws Exception {
+        testSuccessfulCall("jaxws-tlsrefs-publish.xml",
+                           "https://localhost:" + BusServer.getPort(1) + "/SoapContext/HttpsPort");
+    }
+    @Test
+    public final void testPKCS12Endpoint() throws Exception {
+        testSuccessfulCall("pkcs12.xml",
+                           "https://localhost:" + BusServer.getPort(6) + "/SoapContext/HttpsPort");
+    }
+    
+    @Test
+    public final void testResourceKeySpecEndpoint() throws Exception {
+        testSuccessfulCall("resource-key-spec.xml",
+                           "https://localhost:" + BusServer.getPort(4) + "/SoapContext/HttpsPort");
+    }
+    @Test
+    public final void testResourceKeySpecEndpointURL() throws Exception {
+        testSuccessfulCall("resource-key-spec-url.xml",
+                           "https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort",
+                           new URL("https://localhost:" + BusServer.getPort(5) + "/SoapContext/HttpsPort?wsdl"),
+                           true);
+        
+    }
+    
+    public static class ServerManagersFactory {
+        public static KeyManager[] getKeyManagers() {
+            KeyManagersType kmt = new KeyManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/resources/keys/Bethal.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            kmt.setKeyStore(kst);
+            kmt.setKeyPassword("password");
+            try {
+                return TLSParameterJaxBUtils.getKeyManagers(kmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve key managers", e);
+            }
+        }
+    
+        public static TrustManager[] getTrustManagers() {
+            TrustManagersType tmt = new TrustManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/resources/keys/Truststore.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            tmt.setKeyStore(kst);
+            try {
+                return TLSParameterJaxBUtils.getTrustManagers(tmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve trust managers", e);
+            }
+        }
+    }
+
+    public static class ClientManagersFactory {
+        public static KeyManager[] getKeyManagers() {
+            KeyManagersType kmt = new KeyManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/resources/keys/Morpit.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            kmt.setKeyStore(kst);
+            kmt.setKeyPassword("password");
+            try {
+                return TLSParameterJaxBUtils.getKeyManagers(kmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve key managers", e);
+            }
+        }
+    
+        public static TrustManager[] getTrustManagers() {
+            TrustManagersType tmt = new TrustManagersType();
+            KeyStoreType kst = new KeyStoreType();
+            kst.setFile("src/test/resources/keys/Truststore.jks");
+            kst.setPassword("password");
+            kst.setType("JKS");
+        
+            tmt.setKeyStore(kst);
+            try {
+                return TLSParameterJaxBUtils.getTrustManagers(tmt);
+            } catch (Exception e) {
+                throw new RuntimeException("failed to retrieve trust managers", e);
+            }
+        }
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/94585ae0/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java
new file mode 100644
index 0000000..6af2961
--- /dev/null
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/KeyPasswordCallbackHandler.java
@@ -0,0 +1,39 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.https;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.PasswordCallback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+public class KeyPasswordCallbackHandler implements CallbackHandler {
+
+    @Override
+    public void handle(Callback[] callbacks) throws IOException,
+        UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            PasswordCallback pc = (PasswordCallback)callbacks[i];
+            pc.setPassword("password".toCharArray());
+        }
+    }
+
+}


Mime
View raw message