cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] 02/07: Adding disableCN tests
Date Wed, 06 Jun 2018 17:10:38 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 61879e4e6dc65eca136ca74ec6a22c6f4024546d
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Wed Jun 6 11:25:11 2018 +0100

    Adding disableCN tests
---
 .../HostnameVerificationDeprecatedTest.java        | 24 +++++++++++++++
 .../https/hostname/HostnameVerificationTest.java   | 24 +++++++++++++++
 .../https/hostname/hostname-client-disablecn.xml   | 34 ++++++++++++++++++++++
 3 files changed, 82 insertions(+)

diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
index a9ea8a1..124a6dc 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
@@ -89,6 +89,30 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
         bus.shutdown(true);
     }
 
+    // No Subject Alternative Name, no matching CN - but we are disabling the CN check so
it should work OK
+    @org.junit.Test
+    public void testLocalhostNotMatchingDisableCN() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = HostnameVerificationTest.class.getResource("hostname-client-disablecn.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+
+        URL url = SOAPService.WSDL_LOCATION;
+        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+        assertNotNull("Service is null", service);
+        final Greeter port = service.getHttpsPort();
+        assertNotNull("Port is null", port);
+
+        updateAddressPort(port, PORT);
+
+        port.greetMe("Kitty");
+
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+
     // No Subject Alternative Name, but the CN matches ("localhost"), so the default HostnameVerifier
     // should work fine
     @org.junit.Test
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
index 28a0a46..7d3bd4e 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
@@ -198,4 +198,28 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase
{
         bus.shutdown(true);
     }
 
+    // No Subject Alternative Name, no matching CN - but we are disabling the CN check so
it should work OK
+    @org.junit.Test
+    public void testNoSubjectAlternativeNameNoCNMatchDisableCN() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = HostnameVerificationTest.class.getResource("hostname-client-disablecn.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        BusFactory.setDefaultBus(bus);
+        BusFactory.setThreadDefaultBus(bus);
+
+        URL url = SOAPService.WSDL_LOCATION;
+        SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+        assertNotNull("Service is null", service);
+        final Greeter port = service.getHttpsPort();
+        assertNotNull("Port is null", port);
+
+        updateAddressPort(port, PORT4);
+
+        port.greetMe("Kitty");
+
+        ((java.io.Closeable)port).close();
+        bus.shutdown(true);
+    }
+
 }
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-disablecn.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-disablecn.xml
new file mode 100644
index 0000000..19c9471
--- /dev/null
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-disablecn.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security"
xsi:schemaLocation="           http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-b
[...]
+    
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters disableCNCheck="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="security" resource="keys/subjalt.jks"/>
+            </sec:trustManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

Mime
View raw message