CXF-SOAP: Cover possible regression prior CXF fix causing hang of the…

… client

integration-test-groups/cxf-soap/cxf-soap-ws-security-client/pom.xml

@@ -81,6 +81,11 @@
             <artifactId>quarkus-junit4-mock</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.awaitility</groupId>
+            <artifactId>awaitility</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -178,6 +183,47 @@
                 <skipTests>true</skipTests>
             </properties>
         </profile>
+        <profile>
+            <id>full</id>
+            <activation>
+                <property>
+                    <name>!quickly</name>
+                </property>
+            </activation>
+            <build>
+                <plugins>
+                    <plugin>
+                        <groupId>org.codehaus.mojo</groupId>
+                        <artifactId>keytool-maven-plugin</artifactId>
+                        <configuration>
+                            <keypass>password</keypass>
+                            <validity>365</validity>
+                            <keyalg>RSA</keyalg>
+                            <storepass>password</storepass>
+                        </configuration>
+                        <executions>
+                            <execution>
+                                <id>generate-alice-wrong-keypair</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>clean</goal>
+                                    <goal>generateKeyPair</goal>
+                                </goals>
+                                <configuration>
+                                    <alias>alice_wrong</alias>
+                                    <dname>CN=alice_wrong, OU=eng, O=apache.org</dname>
+                                    <exts>
+                                        <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
+                                        <ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext>
+                                    </exts>
+                                    <keystore>${project.build.outputDirectory}/alice_wrong.jks</keystore>
+                                </configuration>
+                            </execution>
+                        </executions>
+                    </plugin>
+                </plugins>
+            </build>
+        </profile>
     </profiles>
 
 </project>

integration-test-groups/cxf-soap/cxf-soap-ws-security-client/src/main/resources/application.properties

@@ -19,7 +19,7 @@ quarkus.cxf.path=/soapservice
 quarkus.native.resources.includes = wsdl/*.wsdl
 
 # do everything with named parameter sets so that it works in the grouped module
-quarkus.cxf.codegen.wsdl2java.security-client.includes = wsdl/WssCalculatorService.wsdl
+quarkus.cxf.codegen.wsdl2java.security-client.includes = wsdl/WssCalculatorService.wsdl,wsdl/HelloWorld.wsdl
 quarkus.cxf.codegen.wsdl2java.security-client.additional-params = -wsdlLocation,classpath:wsdl/WssCalculatorService.wsdl
 
 # Workaround heap OOMs on GitHub actions

integration-test-groups/cxf-soap/cxf-soap-ws-security-client/src/main/resources/wsdl/HelloWorld.wsdl

@@ -0,0 +1,109 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one or more
+    contributor license agreements.  See the NOTICE file distributed with
+    this work for additional information regarding copyright ownership.
+    The ASF licenses this file to You under the Apache License, Version 2.0
+    (the "License"); you may not use this file except in compliance with
+    the License.  You may obtain a copy of the License at
+
+         http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<wsdl:definitions xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+	xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
+	xmlns:tns="http://www.apache.org/camel/quarkus/components/cxf/soap/wss/client/helloWorld"
+	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+	name="ContactService"
+	targetNamespace="http://www.apache.org/camel/quarkus/components/cxf/soap/wss/client/helloWorld"
+	xmlns:wsp="http://www.w3.org/ns/ws-policy"
+	xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
+    xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
+	<wsp:UsingPolicy wsdl:required="true" />
+	<wsp:Policy wsu:Id="custom_policy">
+		<wsp:ExactlyOne>
+			<wsp:All>
+				<wsp:All xmlns:wsp="http://www.w3.org/ns/ws-policy">
+					<sp:AsymmetricBinding>
+						<wsp:Policy>
+							<sp:InitiatorToken>
+								<wsp:Policy>
+									<sp:X509Token
+										sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
+										<wsp:Policy>
+											<sp:WssX509V3Token10 />
+										</wsp:Policy>
+									</sp:X509Token>
+								</wsp:Policy>
+							</sp:InitiatorToken>
+							<sp:RecipientToken>
+								<wsp:Policy>
+									<sp:X509Token
+										sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never">
+										<wsp:Policy>
+											<sp:WssX509V3Token10 />
+										</wsp:Policy>
+									</sp:X509Token>
+								</wsp:Policy>
+							</sp:RecipientToken>
+							<sp:AlgorithmSuite>
+								<wsp:Policy>
+									<sp:Basic256 />
+								</wsp:Policy>
+							</sp:AlgorithmSuite>
+							<sp:Layout>
+								<wsp:Policy>
+									<sp:Lax />
+								</wsp:Policy>
+							</sp:Layout>
+							<sp:IncludeTimestamp />
+							<sp:OnlySignEntireHeadersAndBody />
+						</wsp:Policy>
+					</sp:AsymmetricBinding>
+					<sp:SignedParts>
+						<sp:Body />
+					</sp:SignedParts>
+				</wsp:All>
+			</wsp:All>
+		</wsp:ExactlyOne>
+	</wsp:Policy>
+	<wsdl:message name="SayHelloRequest">
+		<wsdl:part name = "firstName" type = "xsd:string"/>
+	</wsdl:message>
+	<wsdl:message name="SayHelloResponse">
+		<wsdl:part name = "greeting" type = "xsd:string"/>
+	</wsdl:message>
+	<wsdl:portType name="SayHelloWrongWS">
+		<wsdl:operation name="sayHelloWrong">
+			<wsdl:input message = "tns:SayHelloRequest"/>
+			<wsdl:output message = "tns:SayHelloResponse"/>
+		</wsdl:operation>
+	</wsdl:portType>
+	<wsdl:binding name="ContactServiceSoapBinding" type="tns:SayHelloWrongWS">
+		<wsp:Policy>
+			<wsp:PolicyReference URI="#custom_policy" />
+		</wsp:Policy>
+		<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http" />
+		<wsdl:operation name="sayHelloWrong">
+			<soap:operation soapAction=""/>
+			<wsdl:input>
+				<soap:body/>
+			</wsdl:input>
+			<wsdl:output>
+				<soap:body/>
+			</wsdl:output>
+		</wsdl:operation>
+	</wsdl:binding>
+	<wsdl:service name="SayHelloService">
+		<wsdl:port binding="tns:ContactServiceSoapBinding" name="ContactServicePort">
+			<soap:address location="to_be_overridden_in_code" />
+		</wsdl:port>
+	</wsdl:service>
+</wsdl:definitions>

integration-test-groups/cxf-soap/cxf-soap-ws-security-client/src/test/java/org/apache/camel/quarkus/component/cxf/soap/wss/client/it/CxfSoapWssClientTest.java

@@ -17,18 +17,30 @@
 package org.apache.camel.quarkus.component.cxf.soap.wss.client.it;
 
 import java.io.IOException;
+import java.net.URL;
 import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.Map;
+import java.util.Properties;
+import java.util.concurrent.TimeUnit;
 
 import io.quarkus.test.common.QuarkusTestResource;
+import io.quarkus.test.junit.DisabledOnIntegrationTest;
 import io.quarkus.test.junit.QuarkusTest;
 import io.restassured.RestAssured;
+import jakarta.xml.ws.BindingProvider;
+import jakarta.xml.ws.Service;
+import jakarta.xml.ws.soap.SOAPFaultException;
+import org.apache.camel.quarkus.components.cxf.soap.wss.client.helloworld.SayHelloService;
+import org.apache.camel.quarkus.components.cxf.soap.wss.client.helloworld.SayHelloWrongWS;
+import org.apache.cxf.ws.security.SecurityConstants;
 import org.eclipse.microprofile.config.ConfigProvider;
 import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.Assumptions;
 import org.junit.jupiter.api.Test;
+import org.testcontainers.shaded.org.awaitility.Awaitility;
 
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
@@ -86,6 +98,56 @@ void wsdlUpToDate() throws IOException {
             Assertions.fail("The static WSDL copy in " + staticCopyPath
                     + " went out of sync with the WSDL served by the container. The content was updated by the test, you just need to review and commit the changes.");
         }
+    }
+
+    /**
+     * In case of the wrong security configuration and before this
+     * <a href="https://github.com/jboss-fuse/cxf/pull/496">fix<a/>
+     * in CXF (can be simulated on camel-quarkus tag 3.0.0-RC2), the client would hang indefinitely.
+     * This tests covers such wrong configuration and verifies that no regression causing indefinite hang is present in
+     * the current code.
+     */
+    @Test
+    @DisabledOnIntegrationTest("Test doesn't have native part, no server for SayHello.wsdl exists")
+    public void testWrongClientNotHanging() {
 
+        Awaitility.await().atMost(30, TimeUnit.SECONDS).pollInterval(10, TimeUnit.SECONDS).until(() -> {
+            try {
+                //always fails because there is no server implementation
+                createSayHelloWrongClient().sayHelloWrong("Sheldon");
+            } catch (SOAPFaultException e) {
+                return "Connection refused".equals(e.getMessage());
+            }
+            //can not happen (client does not work)
+            return false;
+        });
     }
+
+    SayHelloWrongWS createSayHelloWrongClient() {
+
+        final URL serviceUrl = Thread.currentThread().getContextClassLoader().getResource("wsdl/HelloWorld.wsdl");
+        final Service service = Service.create(serviceUrl, SayHelloService.SERVICE);
+
+        SayHelloWrongWS port = service.getPort(SayHelloWrongWS.class);
+        BindingProvider bp = (BindingProvider) port;
+
+        Map<String, Object> requestContext = bp.getRequestContext();
+
+        //non-existing server url is used and
+        requestContext.put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:45698/soapservice/sayHelloWrong");
+
+        Properties securityProps = new Properties();
+        securityProps.put("org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
+        securityProps.put("org.apache.wss4j.crypto.merlin.keystore.type", "pkcs12");
+        securityProps.put("org.apache.wss4j.crypto.merlin.keystore.file", "alice_wrong.jks");
+        securityProps.put("org.apache.wss4j.crypto.merlin.keystore.password", "password");
+        securityProps.put("org.apache.wss4j.crypto.merlin.keystore.alias", "alice_wrong");
+        securityProps.put("org.apache.wss4j.crypto.merlin.keystore.private.password", "password");
+        securityProps.put("org.apache.wss4j.crypto.merlin.keystore.private.caching", "true");
+
+        requestContext.put(SecurityConstants.SIGNATURE_PROPERTIES, securityProps);
+
+        return port;
+    }
+
 }

integration-tests/cxf-soap-grouped/pom.xml

@@ -130,6 +130,11 @@
             <artifactId>assertj-core</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.camel</groupId>
+            <artifactId>camel-test-junit5</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
 
     <build>
@@ -585,6 +590,23 @@
                                     <keystore>${project.build.outputDirectory}/truststore-wrong.jks</keystore>
                                 </configuration>
                             </execution>
+                            <execution>
+                                <id>generate-alice-wrong-keypair</id>
+                                <phase>generate-sources</phase>
+                                <goals>
+                                    <goal>clean</goal>
+                                    <goal>generateKeyPair</goal>
+                                </goals>
+                                <configuration>
+                                    <alias>alice_wrong</alias>
+                                    <dname>CN=alice_wrong, OU=eng, O=apache.org</dname>
+                                    <exts>
+                                        <ext>IssuerAlternativeName=DNS:NOT-FOR-PRODUCTION-USE</ext>
+                                        <ext>SubjectAlternativeName=DNS:localhost,IP:127.0.0.1</ext>
+                                    </exts>
+                                    <keystore>${project.build.outputDirectory}/alice_wrong.jks</keystore>
+                                </configuration>
+                            </execution>
                         </executions>
                     </plugin>
                 </plugins>