From commits-return-50915-archive-asf-public=cust-asf.ponee.io@cxf.apache.org Tue Jan 22 12:25:51 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id C8D93180634 for ; Tue, 22 Jan 2019 12:25:50 +0100 (CET) Received: (qmail 67402 invoked by uid 500); 22 Jan 2019 11:25:49 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 67393 invoked by uid 99); 22 Jan 2019 11:25:49 -0000 Received: from ec2-52-202-80-70.compute-1.amazonaws.com (HELO gitbox.apache.org) (52.202.80.70) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jan 2019 11:25:49 +0000 Received: by gitbox.apache.org (ASF Mail Server at gitbox.apache.org, from userid 33) id 4512F876B4; Tue, 22 Jan 2019 11:25:49 +0000 (UTC) Date: Tue, 22 Jan 2019 11:25:48 +0000 To: "commits@cxf.apache.org" Subject: [cxf] branch master updated: SSLUtils: move tests and update due to JDK-8211883 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit Message-ID: <154815634865.11458.5165952538187641063@gitbox.apache.org> From: buhhunyx@apache.org X-Git-Host: gitbox.apache.org X-Git-Repo: cxf X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 177ba3183df5c9bd55b6e91eb5823bc75e8a45ef X-Git-Newrev: 8df4b33f4dad2934b05cb1c0e706276f76bc7044 X-Git-Rev: 8df4b33f4dad2934b05cb1c0e706276f76bc7044 X-Git-NotificationType: ref_changed_plus_diff X-Git-Multimail-Version: 1.5.dev Auto-Submitted: auto-generated This is an automated email from the ASF dual-hosted git repository. buhhunyx pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf.git The following commit(s) were added to refs/heads/master by this push: new 8df4b33 SSLUtils: move tests and update due to JDK-8211883 8df4b33 is described below commit 8df4b33f4dad2934b05cb1c0e706276f76bc7044 Author: amarkevich AuthorDate: Tue Jan 22 13:46:40 2019 +0300 SSLUtils: move tests and update due to JDK-8211883 --- .../cxf/configuration/jsse/SSLUtilsTest.java | 90 ++++++++++++++++++++++ .../https/ciphersuites/CipherSuitesTest.java | 55 ------------- 2 files changed, 90 insertions(+), 55 deletions(-) diff --git a/core/src/test/java/org/apache/cxf/configuration/jsse/SSLUtilsTest.java b/core/src/test/java/org/apache/cxf/configuration/jsse/SSLUtilsTest.java new file mode 100644 index 0000000..1ac700f --- /dev/null +++ b/core/src/test/java/org/apache/cxf/configuration/jsse/SSLUtilsTest.java @@ -0,0 +1,90 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.configuration.jsse; + +import java.util.Arrays; + +import javax.net.ssl.SSLContext; + +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.configuration.security.FiltersType; + +import org.junit.Test; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + + +public class SSLUtilsTest { + + @Test + public void testDefaultCipherSuitesFilterExcluded() throws Exception { + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, null, new java.security.SecureRandom()); + + FiltersType filtersType = new FiltersType(); + filtersType.getInclude().add(".*_AES_.*"); + String[] supportedCipherSuites = sslContext.getSocketFactory().getSupportedCipherSuites(); + String[] filteredCipherSuites = SSLUtils.getFilteredCiphersuites(filtersType, supportedCipherSuites, + LogUtils.getL7dLogger(SSLUtilsTest.class), false); + + assertTrue(filteredCipherSuites.length > 0); + // Check we have no anon/EXPORT/NULL/etc ciphersuites + assertFalse(Arrays.stream( + filteredCipherSuites).anyMatch(c -> c.matches(".*NULL|anon|EXPORT|DES|MD5|CBC|RC4.*"))); + } + + @Test + public void testExclusionFilter() throws Exception { + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, null, new java.security.SecureRandom()); + + FiltersType filtersType = new FiltersType(); + filtersType.getInclude().add(".*_SHA384"); + filtersType.getExclude().add(".*_SHA256"); + String[] supportedCipherSuites = sslContext.getSocketFactory().getSupportedCipherSuites(); + String[] filteredCipherSuites = SSLUtils.getFilteredCiphersuites(filtersType, supportedCipherSuites, + LogUtils.getL7dLogger(SSLUtilsTest.class), false); + + assertTrue(filteredCipherSuites.length > 0); + // Check we have no SHA-256 ciphersuites + assertFalse(Arrays.stream( + filteredCipherSuites).anyMatch(c -> c.matches(".*_SHA256"))); + } + + @Test + public void testInclusionFilter() throws Exception { + SSLContext sslContext = SSLContext.getInstance("TLS"); + sslContext.init(null, null, new java.security.SecureRandom()); + + FiltersType filtersType = new FiltersType(); + filtersType.getInclude().add(".*_SHA256"); + String[] supportedCipherSuites = sslContext.getSocketFactory().getSupportedCipherSuites(); + String[] filteredCipherSuites = SSLUtils.getFilteredCiphersuites(filtersType, supportedCipherSuites, + LogUtils.getL7dLogger(SSLUtilsTest.class), false); + + assertTrue(filteredCipherSuites.length > 0); + // Check we have SHA-256 ciphersuites + assertTrue(Arrays.stream( + filteredCipherSuites).anyMatch(c -> c.matches(".*_SHA256"))); + } + + +} \ No newline at end of file diff --git a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java index f83ec6f..5438934 100644 --- a/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java +++ b/systests/transports/src/test/java/org/apache/cxf/systest/https/ciphersuites/CipherSuitesTest.java @@ -22,13 +22,11 @@ package org.apache.cxf.systest.https.ciphersuites; import java.net.URL; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.util.Arrays; import java.util.Collections; import javax.crypto.Cipher; import javax.crypto.SecretKey; import javax.crypto.spec.SecretKeySpec; -import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import javax.xml.ws.BindingProvider; @@ -36,10 +34,7 @@ import javax.xml.ws.BindingProvider; import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; import org.apache.cxf.bus.spring.SpringBusFactory; -import org.apache.cxf.common.logging.LogUtils; -import org.apache.cxf.configuration.jsse.SSLUtils; import org.apache.cxf.configuration.jsse.TLSClientParameters; -import org.apache.cxf.configuration.security.FiltersType; import org.apache.cxf.endpoint.Client; import org.apache.cxf.frontend.ClientProxy; import org.apache.cxf.helpers.JavaUtils; @@ -53,7 +48,6 @@ import org.junit.Assume; import org.junit.BeforeClass; import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -681,55 +675,6 @@ public class CipherSuitesTest extends AbstractBusClientServerTestBase { bus.shutdown(true); } - @org.junit.Test - public void testDefaultCipherSuitesFilterExcluded() throws Exception { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, null, new java.security.SecureRandom()); - - FiltersType filtersType = new FiltersType(); - filtersType.getInclude().add(".*_AES_.*"); - String[] supportedCipherSuites = sslContext.getSocketFactory().getSupportedCipherSuites(); - String[] filteredCipherSuites = SSLUtils.getFilteredCiphersuites(filtersType, supportedCipherSuites, - LogUtils.getL7dLogger(CipherSuitesTest.class), false); - - // Check we have no anon/EXPORT/NULL/etc ciphersuites - assertFalse(Arrays.stream( - filteredCipherSuites).anyMatch(c -> c.matches(".*NULL|anon|EXPORT|DES|MD5|CBC|RC4.*"))); - } - - @org.junit.Test - public void testExclusionFilter() throws Exception { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, null, new java.security.SecureRandom()); - - FiltersType filtersType = new FiltersType(); - filtersType.getInclude().add(".*_AES_.*"); - filtersType.getExclude().add(".*anon.*"); - String[] supportedCipherSuites = sslContext.getSocketFactory().getSupportedCipherSuites(); - String[] filteredCipherSuites = SSLUtils.getFilteredCiphersuites(filtersType, supportedCipherSuites, - LogUtils.getL7dLogger(CipherSuitesTest.class), false); - - // Check we have no anon ciphersuites - assertFalse(Arrays.stream( - filteredCipherSuites).anyMatch(c -> c.matches(".*anon.*"))); - } - - @org.junit.Test - public void testInclusionFilter() throws Exception { - SSLContext sslContext = SSLContext.getInstance("TLS"); - sslContext.init(null, null, new java.security.SecureRandom()); - - FiltersType filtersType = new FiltersType(); - filtersType.getInclude().add(".*anon.*"); - String[] supportedCipherSuites = sslContext.getSocketFactory().getSupportedCipherSuites(); - String[] filteredCipherSuites = SSLUtils.getFilteredCiphersuites(filtersType, supportedCipherSuites, - LogUtils.getL7dLogger(CipherSuitesTest.class), false); - - // Check we have anon ciphersuites - assertTrue(Arrays.stream( - filteredCipherSuites).anyMatch(c -> c.matches(".*anon.*"))); - } - private static class NoOpX509TrustManager implements X509TrustManager { NoOpX509TrustManager() {