Added unittest for new SSL-config (good trust, no trust, wrong trust)
Project: http://git-wip-us.apache.org/repos/asf/camel/repo Commit: http://git-wip-us.apache.org/repos/asf/camel/commit/37c4c0df Tree: http://git-wip-us.apache.org/repos/asf/camel/tree/37c4c0df Diff: http://git-wip-us.apache.org/repos/asf/camel/diff/37c4c0df Branch: refs/heads/master Commit: 37c4c0df05f3b6ed1a8cdbdbcd0c6ca86ded9bd5 Parents: 36be62e Author: Arno Noordover <anoordo...@users.noreply.github.com> Authored: Sat May 28 10:37:57 2016 +0200 Committer: Claus Ibsen <davscl...@apache.org> Committed: Sat May 28 15:55:54 2016 +0200 ---------------------------------------------------------------------- .../camel/component/cxf/CXFTestSupport.java | 2 + .../apache/camel/component/cxf/GreeterImpl.java | 26 +++++ .../apache/camel/component/cxf/ssl/SslTest.java | 102 +++++++++++++++++++ .../camel/component/cxf/CxfSslContext.xml | 96 +++++++++++++++++ .../src/test/resources/ssl/keystore-server.jks | Bin 0 -> 2033 bytes .../src/test/resources/ssl/keystore-wrong.jks | Bin 0 -> 2057 bytes .../src/test/resources/ssl/keystores.txt | 7 ++ .../test/resources/ssl/truststore-client.jks | Bin 0 -> 743 bytes .../src/test/resources/ssl/truststore-wrong.jks | Bin 0 -> 767 bytes 9 files changed, 233 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java index de475a6..a40c2d8 100644 --- a/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java +++ b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/CXFTestSupport.java @@ -32,6 +32,7 @@ public final class CXFTestSupport { static final int PORT4 = AvailablePortFinder.getNextAvailable(); static final int PORT5 = AvailablePortFinder.getNextAvailable(); static final int PORT6 = AvailablePortFinder.getNextAvailable(); + static final int SSL_PORT = AvailablePortFinder.getNextAvailable(); static { //set them as system properties so Spring can use the property placeholder @@ -42,6 +43,7 @@ public final class CXFTestSupport { System.setProperty("CXFTestSupport.port4", Integer.toString(PORT4)); System.setProperty("CXFTestSupport.port5", Integer.toString(PORT5)); System.setProperty("CXFTestSupport.port6", Integer.toString(PORT6)); + System.setProperty("CXFTestSupport.sslPort", Integer.toString(SSL_PORT)); System.setProperty("org.apache.cxf.transports.http_jetty.DontClosePort", "true"); } http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/GreeterImpl.java ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/GreeterImpl.java b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/GreeterImpl.java new file mode 100644 index 0000000..c2f05d7 --- /dev/null +++ b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/GreeterImpl.java @@ -0,0 +1,26 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.apache.camel.component.cxf; + +public class GreeterImpl extends org.apache.hello_world_soap_http.GreeterImpl { + + @Override + public String greetMe(String hi) { + return "Greet " + hi; + } +} http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/ssl/SslTest.java ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/ssl/SslTest.java b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/ssl/SslTest.java new file mode 100644 index 0000000..856858d --- /dev/null +++ b/components/camel-cxf/src/test/java/org/apache/camel/component/cxf/ssl/SslTest.java @@ -0,0 +1,102 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.apache.camel.component.cxf.ssl; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.ws.Endpoint; + +import org.apache.camel.Exchange; +import org.apache.camel.Processor; +import org.apache.camel.component.cxf.CXFTestSupport; +import org.apache.camel.component.cxf.GreeterImpl; +import org.apache.camel.component.cxf.common.message.CxfConstants; +import org.apache.camel.test.spring.CamelSpringTestSupport; +import org.apache.hello_world_soap_http.Greeter; +import org.junit.AfterClass; +import org.junit.BeforeClass; +import org.junit.Test; +import org.springframework.context.support.AbstractXmlApplicationContext; +import org.springframework.context.support.ClassPathXmlApplicationContext; + +import static org.hamcrest.core.Is.is; + +public class SslTest extends CamelSpringTestSupport { + + protected static final String GREET_ME_OPERATION = "greetMe"; + protected static final String TEST_MESSAGE = "Hello World!"; + protected static final String JAXWS_SERVER_ADDRESS + = "https://localhost:"; + CXFTestSupport.getPort1() + "/CxfSslTest/SoapContext/SoapPort"; + + @Override + public boolean isCreateCamelContextPerClass() { + return true; + } + + @AfterClass + public static void cleanUp() { + //System.getProperties().remove("cxf.config.file"); + } + + @BeforeClass + public static void startService() { + //System.getProperties().put("cxf.config.file", "/org/apache/camel/component/cxf/CxfSslContext.xml"); + //Greeter implementor = new GreeterImpl(); + //Endpoint.publish(JAXWS_SERVER_ADDRESS, implementor); + } + + @Test + public void testInvokingTrustRoute() throws Exception { + Exchange reply = sendJaxWsMessage("direct:trust"); + assertFalse("We expect no exception here", reply.isFailed()); + } + + @Test + public void testInvokingNoTrustRoute() throws Exception { + Exchange reply = sendJaxWsMessage("direct:noTrust"); + assertTrue("We expect the exception here", reply.isFailed()); + Throwable e = reply.getException().getCause(); + assertThat(e.getClass().getCanonicalName(), is("javax.net.ssl.SSLHandshakeException")); + } + + @Test + public void testInvokingWrongTrustRoute() throws Exception { + Exchange reply = sendJaxWsMessage("direct:wrongTrust"); + assertTrue("We expect the exception here", reply.isFailed()); + Throwable e = reply.getException().getCause(); + assertThat(e.getClass().getCanonicalName(), is("javax.net.ssl.SSLHandshakeException")); + } + + protected Exchange sendJaxWsMessage(String endpointUri) throws InterruptedException { + Exchange exchange = template.send(endpointUri, new Processor() { + public void process(final Exchange exchange) { + final List<String> params = new ArrayList<String>(); + params.add(TEST_MESSAGE); + exchange.getIn().setBody(params); + exchange.getIn().setHeader(CxfConstants.OPERATION_NAME, GREET_ME_OPERATION); + } + }); + return exchange; + } + + @Override + protected AbstractXmlApplicationContext createApplicationContext() { + // we can put the http conduit configuration here + return new ClassPathXmlApplicationContext("org/apache/camel/component/cxf/CxfSslContext.xml"); + } + +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/resources/org/apache/camel/component/cxf/CxfSslContext.xml ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/resources/org/apache/camel/component/cxf/CxfSslContext.xml b/components/camel-cxf/src/test/resources/org/apache/camel/component/cxf/CxfSslContext.xml new file mode 100644 index 0000000..4e9c339 --- /dev/null +++ b/components/camel-cxf/src/test/resources/org/apache/camel/component/cxf/CxfSslContext.xml @@ -0,0 +1,96 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<beans xmlns="http://www.springframework.org/schema/beans"; + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xmlns:cxf="http://camel.apache.org/schema/cxf"; + xmlns:sec="http://cxf.apache.org/configuration/security"; + xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration"; + xsi:schemaLocation=" + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://camel.apache.org/schema/cxf http://camel.apache.org/schema/cxf/camel-cxf.xsd + http://camel.apache.org/schema/spring http://camel.apache.org/schema/spring/camel-spring.xsd + http://cxf.apache.org/configuration/security http://cxf.apache.org/schemas/configuration/security.xsd + http://cxf.apache.org/transports/http-jetty/configuration http://cxf.apache.org/schemas/configuration/http-jetty.xsd +"> + + <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> + + <httpj:engine-factory bus="cxf"> + <!-- you just need to specify the TLS Server configuration for the certain port --> + <httpj:engine port="${CXFTestSupport.sslPort}"> + <httpj:tlsServerParameters> + <sec:keyManagers keyPassword="changeit"> + <sec:keyStore type="JKS" password="changeit" + resource="/ssl/keystore-server.jks"/> + </sec:keyManagers> + <sec:clientAuthentication want="false" required="false"/> + </httpj:tlsServerParameters> + </httpj:engine> + </httpj:engine-factory> + + <import resource="classpath:META-INF/cxf/cxf.xml"/> + + <sslContextParameters xmlns="http://camel.apache.org/schema/spring"; + id="wrongSslContext"> + <trustManagers> + <keyStore type="JKS" resource="/ssl/truststore-wrong.jks" + password="changeit"/> + </trustManagers> + </sslContextParameters> + <sslContextParameters xmlns="http://camel.apache.org/schema/spring"; + id="mySslContext"> + <trustManagers> + <keyStore type="JKS" resource="/ssl/truststore-client.jks" + password="changeit"/> + </trustManagers> + </sslContextParameters> + + <bean id="defaultHostnameVerifier" + class="org.apache.cxf.transport.https.httpclient.DefaultHostnameVerifier"/> + + <cxf:cxfEndpoint id="springEndpoint" + address="https://localhost:${CXFTestSupport.sslPort}/CxfSslTest/SoapContext/SoapPort"; + serviceClass="org.apache.hello_world_soap_http.Greeter"/> + + <bean id="greeter" class="org.apache.camel.component.cxf.GreeterImpl"/> + <camelContext id="camel" xmlns="http://camel.apache.org/schema/spring"; errorHandlerRef="noErrorHandler"> + <route errorHandlerRef="noErrorHandler"> + <from uri="cxf:bean:springEndpoint"/> + <to uri="bean:greeter?method=greetMe"/> + </route> + + <route errorHandlerRef="noErrorHandler"> + <from uri="direct:trust"/> + <to uri="cxf:bean:springEndpoint?sslContextParameters=#mySslContext&hostnameVerifier=#defaultHostnameVerifier"/> + </route> + + <route errorHandlerRef="noErrorHandler"> + <from uri="direct:wrongTrust"/> + <to uri="cxf:bean:springEndpoint?sslContextParameters=#wrongSslContext&hostnameVerifier=#defaultHostnameVerifier"/> + </route> + + <route errorHandlerRef="noErrorHandler"> + <from uri="direct:noTrust"/> + <to uri="cxf:bean:springEndpoint"/> + </route> + + </camelContext> + + <bean id="noErrorHandler" class="org.apache.camel.builder.NoErrorHandlerBuilder"/> + +</beans> \ No newline at end of file http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/resources/ssl/keystore-server.jks ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/resources/ssl/keystore-server.jks b/components/camel-cxf/src/test/resources/ssl/keystore-server.jks new file mode 100644 index 0000000..41e39c7 Binary files /dev/null and b/components/camel-cxf/src/test/resources/ssl/keystore-server.jks differ http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/resources/ssl/keystore-wrong.jks ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/resources/ssl/keystore-wrong.jks b/components/camel-cxf/src/test/resources/ssl/keystore-wrong.jks new file mode 100644 index 0000000..9b6dd28 Binary files /dev/null and b/components/camel-cxf/src/test/resources/ssl/keystore-wrong.jks differ http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/resources/ssl/keystores.txt ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/resources/ssl/keystores.txt b/components/camel-cxf/src/test/resources/ssl/keystores.txt new file mode 100644 index 0000000..1317d5d --- /dev/null +++ b/components/camel-cxf/src/test/resources/ssl/keystores.txt @@ -0,0 +1,7 @@ +passwords: changeit +Keystore for server: +keystore-server.jks + +Keystore on client side matching keystore-server.jks: +truststore-client.jks + http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/resources/ssl/truststore-client.jks ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/resources/ssl/truststore-client.jks b/components/camel-cxf/src/test/resources/ssl/truststore-client.jks new file mode 100644 index 0000000..0d6d55a Binary files /dev/null and b/components/camel-cxf/src/test/resources/ssl/truststore-client.jks differ http://git-wip-us.apache.org/repos/asf/camel/blob/37c4c0df/components/camel-cxf/src/test/resources/ssl/truststore-wrong.jks ---------------------------------------------------------------------- diff --git a/components/camel-cxf/src/test/resources/ssl/truststore-wrong.jks b/components/camel-cxf/src/test/resources/ssl/truststore-wrong.jks new file mode 100644 index 0000000..8e5723d Binary files /dev/null and b/components/camel-cxf/src/test/resources/ssl/truststore-wrong.jks differ
