cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf git commit: [CXF-6300] - cipherSuite configuration does not work with HTTPJ servers
Date Fri, 13 Mar 2015 17:17:31 GMT
Repository: cxf
Updated Branches:
  refs/heads/master dfecaa60e -> 99b13f1da


[CXF-6300] - cipherSuite configuration does not work with HTTPJ servers


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99b13f1d
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99b13f1d
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99b13f1d

Branch: refs/heads/master
Commit: 99b13f1da6998678d2af2e928e04ebad8e121fa3
Parents: dfecaa6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Mar 13 17:16:56 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Mar 13 17:16:56 2015 +0000

----------------------------------------------------------------------
 .../apache/cxf/configuration/jsse/SSLUtils.java | 27 ++++++++------
 .../https/ciphersuites/CipherSuitesTest.java    | 27 +++++++++++++-
 .../ciphersuites-explicit-client.xml            | 37 ++++++++++++++++++++
 .../https/ciphersuites/ciphersuites-server.xml  | 21 +++++++++++
 4 files changed, 100 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
index b656820..1023f31 100644
--- a/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
+++ b/core/src/main/java/org/apache/cxf/configuration/jsse/SSLUtils.java
@@ -430,17 +430,23 @@ public final class SSLUtils {
                                            String[] supportedCipherSuites,
                                            FiltersType filters,
                                            Logger log, boolean exclude) {
-        String[] cipherSuites = null;
-        if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
-            cipherSuites = getCiphersFromList(cipherSuitesList, log, exclude);
-            return cipherSuites;
-        }
+        
+        // First check the "include" case only. If we have defined explicit "cipherSuite"
+        // configuration, then just return these. Otherwise see if we have defined ciphersuites
+        // via a system property.
         if (!exclude) {
-            cipherSuites = getSystemCiphersuites(log);
-            if (cipherSuites != null) {
-                return cipherSuites;
+            if (!(cipherSuitesList == null || cipherSuitesList.isEmpty())) {
+                return getCiphersFromList(cipherSuitesList, log, exclude);
+            } else {
+                String[] cipherSuites = getSystemCiphersuites(log);
+                if (cipherSuites != null) {
+                    return cipherSuites;
+                }
             }
         }
+    
+        // Otherwise check the "include/exclude" cipherSuiteFilter configuration
+        
         LogUtils.log(log, Level.FINE, "CIPHERSUITES_NOT_SET");
         if (filters == null) {
             LogUtils.log(log, Level.FINE, "CIPHERSUITE_FILTERS_NOT_SET");
@@ -480,11 +486,10 @@ public final class SSLUtils {
                      "CIPHERSUITES_EXCLUDED",
                      excludedCipherSuites);
         if (exclude) {
-            cipherSuites = getCiphersFromList(excludedCipherSuites, log, exclude);
+            return getCiphersFromList(excludedCipherSuites, log, exclude);
         } else {
-            cipherSuites = getCiphersFromList(filteredCipherSuites, log, exclude);
+            return getCiphersFromList(filteredCipherSuites, log, exclude);
         }
-        return cipherSuites;
     }
 
     private static String[] getSystemCiphersuites(Logger log) {

http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
index f37b1f9..3a93002 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java
@@ -38,6 +38,7 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase {
     static final String PORT = allocatePort(CipherSuitesServer.class);
     static final String PORT2 = allocatePort(CipherSuitesServer.class, 2);
     static final String PORT3 = allocatePort(CipherSuitesServer.class, 3);
+    static final String PORT4 = allocatePort(CipherSuitesServer.class, 4);
     
     @BeforeClass
     public static void startServers() throws Exception {
@@ -105,6 +106,30 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase
{
         bus.shutdown(true);
     }
     
+    // Both client + server include a specific AES CipherSuite (not via a filter)
+    @org.junit.Test
+    public void testAESIncludedExplicitly() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = CipherSuitesTest.class.getResource("ciphersuites-explicit-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        URL url = SOAPService.WSDL_LOCATION;
+        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+        assertNotNull("Service is null", service);   
+        final Greeter port = service.getHttpsPort();
+        assertNotNull("Port is null", port);
+        
+        updateAddressPort(port, PORT4);
+        
+        assertEquals(port.greetMe("Kitty"), "Hello Kitty");
+        
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+    
     // Client only includes RC4, server only includes AES
     @org.junit.Test
     public void testClientRC4ServerAESIncluded() throws Exception {
@@ -389,5 +414,5 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase
{
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
-    
+  
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml
new file mode 100644
index 0000000..fcd9424
--- /dev/null
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-explicit-client.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security"
xsi:schemaLocation="           http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-beans.xsd
          http://cxf.apache.org/jaxws                           http://cxf.apache.org/schemas/jaxws.xsd
          http://cxf.apache.org/transports/http/configuration   http://cxf.apache.org/schemas/configuration/http-conf.xsd
          http://cxf.apache.org/configuration/security          http://cxf.apache.org/schemas/configuration/security.xsd
          http://cxf.apache.org/core http://cxf.apache.org/schemas/core.xsd           http://cxf.apache.org/policy
http://cxf.apache.org/schemas/poli
 cy.xsd">
+    
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="password" resource="keys/Truststore.jks"/>
+            </sec:trustManagers>
+            <sec:cipherSuites>
+                <sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA</sec:cipherSuite>
+            </sec:cipherSuites>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/99b13f1d/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
----------------------------------------------------------------------
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
index d65371e..6ce8b0a 100644
--- a/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/ciphersuites/ciphersuites-server.xml
@@ -93,4 +93,25 @@
                      serviceName="s:SOAPService" 
                      endpointName="e:HttpsPort" depends-on="null-tls-settings"/>
     
+     <httpj:engine-factory id="aes-explicit-tls-settings">
+        <httpj:engine port="${testutil.ports.CipherSuitesServer.4}">
+            <httpj:tlsServerParameters>
+                <sec:keyManagers keyPassword="password">
+                    <sec:keyStore type="jks" password="password" resource="keys/Bethal.jks"/>
+                </sec:keyManagers>
+                <sec:clientAuthentication want="false" required="false"/>
+                <sec:cipherSuites>
+                    <sec:cipherSuite>TLS_RSA_WITH_AES_256_CBC_SHA</sec:cipherSuite>
+                </sec:cipherSuites>
+            </httpj:tlsServerParameters>
+        </httpj:engine>
+    </httpj:engine-factory>
+    
+    <jaxws:endpoint xmlns:e="http://apache.org/hello_world/services" 
+                     xmlns:s="http://apache.org/hello_world/services" 
+                     id="AESExplicitTLSServer" 
+                     implementor="org.apache.cxf.systest.http.GreeterImpl" 
+                     address="https://localhost:${testutil.ports.CipherSuitesServer.4}/SoapContext/HttpsPort"

+                     serviceName="s:SOAPService" 
+                     endpointName="e:HttpsPort" depends-on="aes-explicit-tls-settings"/>
 </beans>


Mime
View raw message