cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [cxf] 05/07: Adding default HostnameVerifier tests
Date Wed, 06 Jun 2018 17:10:41 GMT
This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 6fe6f4396502aae5feecd3ef7e6537ef522bdd5e
Author: Colm O hEigeartaigh <coheigea@apache.org>
AuthorDate: Wed Jun 6 15:16:35 2018 +0100

    Adding default HostnameVerifier tests
---
 .../HostnameVerificationDeprecatedTest.java        | 49 ++++++++++++++++++++++
 .../https/hostname/HostnameVerificationTest.java   | 41 ++++++++++++++++++
 .../https/hostname/hostname-client-usedefault.xml  | 34 +++++++++++++++
 3 files changed, 124 insertions(+)

diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
index e5a322b..361b240 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java
@@ -21,6 +21,8 @@ package org.apache.cxf.systest.https.hostname;
 
 import java.net.URL;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
 import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.Bus;
@@ -114,6 +116,52 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
         bus.shutdown(true);
     }
 
+    // No Subject Alternative Name, no matching CN - but we are setting the JVM default hostname
verifier to
+    // allow it
+    @org.junit.Test
+    public void testNoSubjectAlternativeNameNoCNMatchDefaultVerifier() throws Exception {
+        HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            HttpsURLConnection.setDefaultHostnameVerifier(
+                new javax.net.ssl.HostnameVerifier() {
+                    public boolean verify(String hostName, javax.net.ssl.SSLSession session)
{
+                        return true;
+                    }
+
+                    // Note we need this method as well or else it won't work the with the
+                    // deprecated HostnameVerifier interface
+                    @SuppressWarnings("unused")
+                    public boolean verify(final String host, final String certHostname) {
+                        return true;
+                    }
+                });
+
+            SpringBusFactory bf = new SpringBusFactory();
+            URL busFile = HostnameVerificationTest.class.getResource("hostname-client-usedefault.xml");
+
+            Bus bus = bf.createBus(busFile.toString());
+            BusFactory.setDefaultBus(bus);
+            BusFactory.setThreadDefaultBus(bus);
+
+            URL url = SOAPService.WSDL_LOCATION;
+            SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+            assertNotNull("Service is null", service);
+            final Greeter port = service.getHttpsPort();
+            assertNotNull("Port is null", port);
+
+            updateAddressPort(port, PORT);
+
+            port.greetMe("Kitty");
+
+            ((java.io.Closeable)port).close();
+            bus.shutdown(true);
+        } finally {
+            if (hostnameVerifier != null) {
+                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
+            }
+        }
+    }
+
     // No Subject Alternative Name, but the CN matches ("localhost"), so the default HostnameVerifier
     // should work fine
     @org.junit.Test
@@ -172,4 +220,5 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT
         ((java.io.Closeable)port).close();
         bus.shutdown(true);
     }
+
 }
diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
index e525b0d..2e2734b 100644
--- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
+++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java
@@ -21,6 +21,8 @@ package org.apache.cxf.systest.https.hostname;
 
 import java.net.URL;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.HttpsURLConnection;
 import javax.xml.ws.BindingProvider;
 
 import org.apache.cxf.Bus;
@@ -222,6 +224,45 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase
{
         bus.shutdown(true);
     }
 
+    // No Subject Alternative Name, no matching CN - but we are setting the JVM default hostname
verifier to
+    // allow it
+    @org.junit.Test
+    public void testNoSubjectAlternativeNameNoCNMatchDefaultVerifier() throws Exception {
+        HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier();
+        try {
+            HttpsURLConnection.setDefaultHostnameVerifier(
+                new javax.net.ssl.HostnameVerifier() {
+                    public boolean verify(String hostName, javax.net.ssl.SSLSession session)
{
+                        return true;
+                    }
+                });
+
+            SpringBusFactory bf = new SpringBusFactory();
+            URL busFile = HostnameVerificationTest.class.getResource("hostname-client-usedefault.xml");
+
+            Bus bus = bf.createBus(busFile.toString());
+            BusFactory.setDefaultBus(bus);
+            BusFactory.setThreadDefaultBus(bus);
+
+            URL url = SOAPService.WSDL_LOCATION;
+            SOAPService service = new SOAPService(url, SOAPService.SERVICE);
+            assertNotNull("Service is null", service);
+            final Greeter port = service.getHttpsPort();
+            assertNotNull("Port is null", port);
+
+            updateAddressPort(port, PORT4);
+
+            port.greetMe("Kitty");
+
+            ((java.io.Closeable)port).close();
+            bus.shutdown(true);
+        } finally {
+            if (hostnameVerifier != null) {
+                HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier);
+            }
+        }
+    }
+
     // No Subject Alternative Name, but the CN wildcard matches
     @org.junit.Test
     public void testNoSubjectAlternativeNameCNWildcardMatch() throws Exception {
diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-usedefault.xml
b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-usedefault.xml
new file mode 100644
index 0000000..8480dd7
--- /dev/null
+++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-usedefault.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one
+ or more contributor license agreements. See the NOTICE file
+ distributed with this work for additional information
+ regarding copyright ownership. The ASF licenses this file
+ to you under the Apache License, Version 2.0 (the
+ "License"); you may not use this file except in compliance
+ with the License. You may obtain a copy of the License at
+ 
+ http://www.apache.org/licenses/LICENSE-2.0
+ 
+ Unless required by applicable law or agreed to in writing,
+ software distributed under the License is distributed on an
+ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ KIND, either express or implied. See the License for the
+ specific language governing permissions and limitations
+ under the License.
+-->
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws"
xmlns:cxf="http://cxf.apache.org/core" xmlns:p="http://cxf.apache.org/policy" xmlns:sec="http://cxf.apache.org/configuration/security"
xsi:schemaLocation="           http://www.springframework.org/schema/beans           http://www.springframework.org/schema/beans/spring-b
[...]
+    
+    <cxf:bus>
+        <cxf:features>
+            <cxf:logging/>
+        </cxf:features>
+    </cxf:bus>
+    <http:conduit name="https://localhost:.*">
+        <http:tlsClientParameters useHttpsURLConnectionDefaultHostnameVerifier="true">
+            <sec:trustManagers>
+                <sec:keyStore type="jks" password="security" resource="keys/subjalt.jks"/>
+            </sec:trustManagers>
+        </http:tlsClientParameters>
+    </http:conduit>
+</beans>

-- 
To stop receiving notification emails like this one, please contact
coheigea@apache.org.

Mime
View raw message