From commits-return-49298-archive-asf-public=cust-asf.ponee.io@cxf.apache.org Wed Jun 6 19:10:50 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 4439718067B for ; Wed, 6 Jun 2018 19:10:49 +0200 (CEST) Received: (qmail 78085 invoked by uid 500); 6 Jun 2018 17:10:43 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 78067 invoked by uid 99); 6 Jun 2018 17:10:43 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 06 Jun 2018 17:10:43 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 3A3E182A71; Wed, 6 Jun 2018 17:10:42 +0000 (UTC) Date: Wed, 06 Jun 2018 17:10:41 +0000 To: "commits@cxf.apache.org" Subject: [cxf] 05/07: Adding default HostnameVerifier tests MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit From: coheigea@apache.org In-Reply-To: <152830503685.12080.911426276258182224@gitbox.apache.org> References: <152830503685.12080.911426276258182224@gitbox.apache.org> X-Git-Host: gitbox.apache.org X-Git-Repo: cxf X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Rev: 6fe6f4396502aae5feecd3ef7e6537ef522bdd5e X-Git-NotificationType: diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated Message-Id: <20180606171042.3A3E182A71@gitbox.apache.org> This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf.git commit 6fe6f4396502aae5feecd3ef7e6537ef522bdd5e Author: Colm O hEigeartaigh AuthorDate: Wed Jun 6 15:16:35 2018 +0100 Adding default HostnameVerifier tests --- .../HostnameVerificationDeprecatedTest.java | 49 ++++++++++++++++++++++ .../https/hostname/HostnameVerificationTest.java | 41 ++++++++++++++++++ .../https/hostname/hostname-client-usedefault.xml | 34 +++++++++++++++ 3 files changed, 124 insertions(+) diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java index e5a322b..361b240 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationDeprecatedTest.java @@ -21,6 +21,8 @@ package org.apache.cxf.systest.https.hostname; import java.net.URL; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; import javax.xml.ws.BindingProvider; import org.apache.cxf.Bus; @@ -114,6 +116,52 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT bus.shutdown(true); } + // No Subject Alternative Name, no matching CN - but we are setting the JVM default hostname verifier to + // allow it + @org.junit.Test + public void testNoSubjectAlternativeNameNoCNMatchDefaultVerifier() throws Exception { + HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); + try { + HttpsURLConnection.setDefaultHostnameVerifier( + new javax.net.ssl.HostnameVerifier() { + public boolean verify(String hostName, javax.net.ssl.SSLSession session) { + return true; + } + + // Note we need this method as well or else it won't work the with the + // deprecated HostnameVerifier interface + @SuppressWarnings("unused") + public boolean verify(final String host, final String certHostname) { + return true; + } + }); + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = HostnameVerificationTest.class.getResource("hostname-client-usedefault.xml"); + + Bus bus = bf.createBus(busFile.toString()); + BusFactory.setDefaultBus(bus); + BusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT); + + port.greetMe("Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } finally { + if (hostnameVerifier != null) { + HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); + } + } + } + // No Subject Alternative Name, but the CN matches ("localhost"), so the default HostnameVerifier // should work fine @org.junit.Test @@ -172,4 +220,5 @@ public class HostnameVerificationDeprecatedTest extends AbstractBusClientServerT ((java.io.Closeable)port).close(); bus.shutdown(true); } + } diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java index e525b0d..2e2734b 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/hostname/HostnameVerificationTest.java @@ -21,6 +21,8 @@ package org.apache.cxf.systest.https.hostname; import java.net.URL; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; import javax.xml.ws.BindingProvider; import org.apache.cxf.Bus; @@ -222,6 +224,45 @@ public class HostnameVerificationTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } + // No Subject Alternative Name, no matching CN - but we are setting the JVM default hostname verifier to + // allow it + @org.junit.Test + public void testNoSubjectAlternativeNameNoCNMatchDefaultVerifier() throws Exception { + HostnameVerifier hostnameVerifier = HttpsURLConnection.getDefaultHostnameVerifier(); + try { + HttpsURLConnection.setDefaultHostnameVerifier( + new javax.net.ssl.HostnameVerifier() { + public boolean verify(String hostName, javax.net.ssl.SSLSession session) { + return true; + } + }); + + SpringBusFactory bf = new SpringBusFactory(); + URL busFile = HostnameVerificationTest.class.getResource("hostname-client-usedefault.xml"); + + Bus bus = bf.createBus(busFile.toString()); + BusFactory.setDefaultBus(bus); + BusFactory.setThreadDefaultBus(bus); + + URL url = SOAPService.WSDL_LOCATION; + SOAPService service = new SOAPService(url, SOAPService.SERVICE); + assertNotNull("Service is null", service); + final Greeter port = service.getHttpsPort(); + assertNotNull("Port is null", port); + + updateAddressPort(port, PORT4); + + port.greetMe("Kitty"); + + ((java.io.Closeable)port).close(); + bus.shutdown(true); + } finally { + if (hostnameVerifier != null) { + HttpsURLConnection.setDefaultHostnameVerifier(hostnameVerifier); + } + } + } + // No Subject Alternative Name, but the CN wildcard matches @org.junit.Test public void testNoSubjectAlternativeNameCNWildcardMatch() throws Exception { diff --git a/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-usedefault.xml b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-usedefault.xml new file mode 100644 index 0000000..8480dd7 --- /dev/null +++ b/systests/transports/src/test/resources/org/apache/cxf/systest/https/hostname/hostname-client-usedefault.xml @@ -0,0 +1,34 @@ + + + + + + + + + + -- To stop receiving notification emails like this one, please contact coheigea@apache.org.