cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1173182 [9/9] - in /cxf/trunk: ./ services/ services/sts/ services/sts/sts-core/ services/sts/sts-core/src/ services/sts/sts-core/src/main/ services/sts/sts-core/src/main/java/ services/sts/sts-core/src/main/java/org/ services/sts/sts-core...
Date Tue, 20 Sep 2011 15:12:11 GMT
Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/provider/SCTProviderTest.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,217 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.provider;
+
+import java.util.Properties;
+
+import org.w3c.dom.Element;
+
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.cache.DefaultInMemoryCache;
+import org.apache.cxf.sts.cache.STSCache;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.ws.security.trust.STSUtils;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.conversation.ConversationConstants;
+import org.apache.ws.security.message.token.SecurityContextToken;
+import org.apache.ws.security.util.DOM2Writer;
+
+/**
+ * Some unit tests for creating SecurityContextTokens.
+ */
+public class SCTProviderTest extends org.junit.Assert {
+    
+    private static STSCache cache = new DefaultInMemoryCache();
+    
+    /**
+     * Create a SecurityContextToken
+     */
+    @org.junit.Test
+    public void testCreateSCT() throws Exception {
+        TokenProvider sctTokenProvider = new SCTProvider();
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_12);
+        
+        assertTrue(sctTokenProvider.canHandleToken(STSUtils.TOKEN_TYPE_SCT_05_12));
+        TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+        Element token = providerResponse.getToken();
+        String tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(ConversationConstants.WSC_NS_05_12));
+        assertFalse(tokenString.contains(ConversationConstants.WSC_NS_05_02));
+    }
+    
+    /**
+     * Create a SecurityContextToken with a different namespace
+     */
+    @org.junit.Test
+    public void testCreateSCTDifferentNamespace() throws Exception {
+        TokenProvider sctTokenProvider = new SCTProvider();
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_02);
+        
+        assertTrue(sctTokenProvider.canHandleToken(STSUtils.TOKEN_TYPE_SCT_05_02));
+        TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+        Element token = providerResponse.getToken();
+        String tokenString = DOM2Writer.nodeToString(token);
+        assertTrue(tokenString.contains(ConversationConstants.WSC_NS_05_02));
+        assertFalse(tokenString.contains(ConversationConstants.WSC_NS_05_12));
+    }
+    
+    /**
+     * Create a SecurityContextToken that returns (and doesn't return) Entropy
+     */
+    @org.junit.Test
+    public void testCreateSCTReturnEntropy() throws Exception {
+        TokenProvider sctTokenProvider = new SCTProvider();
+        assertTrue(((SCTProvider)sctTokenProvider).isReturnEntropy());
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_12);
+        
+        assertTrue(sctTokenProvider.canHandleToken(STSUtils.TOKEN_TYPE_SCT_05_12));
+        TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+        assertTrue(providerResponse.getEntropy() != null && providerResponse.getEntropy().length > 0);
+        
+        ((SCTProvider)sctTokenProvider).setReturnEntropy(false);
+        providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+        assertTrue(providerResponse.getEntropy() == null);
+    }
+    
+    /**
+     * Create a SecurityContextToken and test that it's stored in the cache
+     */
+    @org.junit.Test
+    public void testCreateSCTCache() throws Exception {
+        TokenProvider sctTokenProvider = new SCTProvider();
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_12);
+        
+        assertTrue(sctTokenProvider.canHandleToken(STSUtils.TOKEN_TYPE_SCT_05_12));
+        TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+
+        Element token = providerResponse.getToken();
+        SecurityContextToken sctToken = new SecurityContextToken(token);
+        String identifier = sctToken.getIdentifier();
+        assertNotNull(cache.get(identifier));
+        assertNull(cache.get(identifier + "1234"));
+    }
+    
+    /**
+     * Create a SecurityContextToken and test the KeySize
+     */
+    @org.junit.Test
+    public void testCreateSCTKeySize() throws Exception {
+        TokenProvider sctTokenProvider = new SCTProvider();
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_12);
+        
+        assertTrue(sctTokenProvider.canHandleToken(STSUtils.TOKEN_TYPE_SCT_05_12));
+        TokenProviderResponse providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+        assertTrue(256L == providerResponse.getKeySize());
+        
+        // Test a custom KeySize
+        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
+        keyRequirements.setKeySize(192);
+        providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(192L == providerResponse.getKeySize());
+        
+        // Test a bad KeySize - it will just use the default keysize
+        keyRequirements.setKeySize(64);
+        providerResponse = sctTokenProvider.createToken(providerParameters);
+        assertTrue(256L == providerResponse.getKeySize());
+    }
+    
+    
+    private TokenProviderParameters createProviderParameters(String tokenType) throws WSSecurityException {
+        TokenProviderParameters parameters = new TokenProviderParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(tokenType);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+
+        parameters.setCache(cache);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        parameters.setEncryptionProperties(new EncryptionProperties());
+        
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+  
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SAMLTokenValidatorTest.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,360 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.io.IOException;
+import java.security.Principal;
+import java.util.Properties;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSPasswordCallback;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+
+
+/**
+ * Some unit tests for validating a SAML token via the SAMLTokenValidator.
+ */
+public class SAMLTokenValidatorTest extends org.junit.Assert {
+    
+    /**
+     * Test a valid SAML 1.1 Assertion
+     */
+    @org.junit.Test
+    public void testValidSAML1Assertion() throws Exception {
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        CallbackHandler callbackHandler = new PasswordCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        ReceivedToken validateTarget = new ReceivedToken(samlToken);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.isValid());
+        
+        Principal principal = validatorResponse.getPrincipal();
+        assertTrue(principal != null && principal.getName() != null);
+    }
+    
+    /**
+     * Test a valid SAML 2 Assertion
+     */
+    @org.junit.Test
+    public void testValidSAML2Assertion() throws Exception {
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        CallbackHandler callbackHandler = new PasswordCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        ReceivedToken validateTarget = new ReceivedToken(samlToken);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.isValid());
+        
+        Principal principal = validatorResponse.getPrincipal();
+        assertTrue(principal != null && principal.getName() != null);
+    }
+    
+    /**
+     * Test a SAML 1.1 Assertion with an invalid issuer
+     */
+    @org.junit.Test
+    public void testInvalidIssuerSAML1Assertion() throws Exception {
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        CallbackHandler callbackHandler = new PasswordCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        ReceivedToken validateTarget = new ReceivedToken(samlToken);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
+        
+        // Change the issuer and so validation should fail
+        validatorParameters.getStsProperties().setIssuer("NewSTS");
+        
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    /**
+     * Test a SAML 2 Assertion with an invalid issuer
+     */
+    @org.junit.Test
+    public void testInvalidIssuerSAML2Assertion() throws Exception {
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        CallbackHandler callbackHandler = new PasswordCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        ReceivedToken validateTarget = new ReceivedToken(samlToken);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
+        
+        // Change the issuer and so validation should fail
+        validatorParameters.getStsProperties().setIssuer("NewSTS");
+        
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    /**
+     * Test a SAML 1.1 Assertion with an invalid signature
+     */
+    @org.junit.Test
+    public void testInvalidSignatureSAML1Assertion() throws Exception {
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
+        CallbackHandler callbackHandler = new EveCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "eve", callbackHandler);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        ReceivedToken validateTarget = new ReceivedToken(samlToken);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    /**
+     * Test a SAML 2 Assertion with an invalid signature
+     */
+    @org.junit.Test
+    public void testInvalidSignatureSAML2Assertion() throws Exception {
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
+        CallbackHandler callbackHandler = new EveCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(WSConstants.WSS_SAML2_TOKEN_TYPE, crypto, "eve", callbackHandler);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        ReceivedToken validateTarget = new ReceivedToken(samlToken);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(samlTokenValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
+        TokenValidatorParameters parameters = new TokenValidatorParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(STSConstants.STATUS);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        return parameters;
+    }
+    
+    private Element createSAMLAssertion(
+        String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler
+    ) throws WSSecurityException {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(
+                tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
+            );
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
+        
+        return providerResponse.getToken();
+    }
+    
+    private TokenProviderParameters createProviderParameters(
+        String tokenType, String keyType, Crypto crypto, 
+        String signatureUsername, CallbackHandler callbackHandler
+    ) throws WSSecurityException {
+        TokenProviderParameters parameters = new TokenProviderParameters();
+
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(tokenType);
+        parameters.setTokenRequirements(tokenRequirements);
+
+        KeyRequirements keyRequirements = new KeyRequirements();
+        keyRequirements.setKeyType(keyType);
+        parameters.setKeyRequirements(keyRequirements);
+
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+
+        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setSignatureUsername(signatureUsername);
+        stsProperties.setCallbackHandler(callbackHandler);
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+
+        parameters.setEncryptionProperties(new EncryptionProperties());
+
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+    private Properties getEveCryptoProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "evespass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "eve.jks");
+        
+        return properties;
+    }
+    
+    public class EveCallbackHandler implements CallbackHandler {
+
+        public void handle(Callback[] callbacks) throws IOException,
+                UnsupportedCallbackException {
+            for (int i = 0; i < callbacks.length; i++) {
+                if (callbacks[i] instanceof WSPasswordCallback) { // CXF
+                    WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
+                    if ("eve".equals(pc.getIdentifier())) {
+                        pc.setPassword("evekpass");
+                        break;
+                    }
+                }
+            }
+        }
+    }
+    
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/SCTValidatorTest.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,199 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.util.Properties;
+
+import org.w3c.dom.Document;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.cache.DefaultInMemoryCache;
+import org.apache.cxf.sts.cache.STSCache;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.provider.SCTProvider;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.ws.security.trust.STSUtils;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.token.SecurityContextToken;
+
+
+/**
+ * Some unit tests for validating a SecurityContextToken via the SCTValidator.
+ */
+public class SCTValidatorTest extends org.junit.Assert {
+    
+    private static STSCache cache = new DefaultInMemoryCache();
+    
+    /**
+     * Test a valid SecurityContextToken
+     */
+    @org.junit.Test
+    public void testValidSecurityContextToken() throws Exception {
+        TokenValidator sctValidator = new SCTValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SecurityContextToken
+        TokenProviderResponse providerResponse = getSecurityContextToken();
+        ReceivedToken validateTarget = new ReceivedToken(providerResponse.getToken());
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(sctValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = 
+            sctValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.isValid());
+        assertTrue(
+            validatorResponse.getAdditionalProperties().get(SCTValidator.SCT_VALIDATOR_SECRET) != null
+        );
+        
+        // Now remove the SCT from the cache
+        assertTrue(cache.remove(providerResponse.getTokenId()));
+        validatorResponse = sctValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    /**
+     * Test an invalid SecurityContextToken
+     */
+    @org.junit.Test
+    public void testInvalidSecurityContextToken() throws Exception {
+        TokenValidator sctValidator = new SCTValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a SecurityContextToken
+        Document doc = DOMUtils.createDocument();
+        SecurityContextToken sct = new SecurityContextToken(doc);
+        ReceivedToken validateTarget = new ReceivedToken(sct.getElement());
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(sctValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = 
+            sctValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    private TokenProviderResponse getSecurityContextToken() throws Exception {
+        TokenProvider sctTokenProvider = new SCTProvider();
+        
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(STSUtils.TOKEN_TYPE_SCT_05_12);
+        
+        return sctTokenProvider.createToken(providerParameters);
+    }
+    
+    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
+        TokenValidatorParameters parameters = new TokenValidatorParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(STSConstants.STATUS);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+        parameters.setCache(cache);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        return parameters;
+    }
+    
+    private TokenProviderParameters createProviderParameters(String tokenType) throws WSSecurityException {
+        TokenProviderParameters parameters = new TokenProviderParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(tokenType);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+
+        parameters.setCache(cache);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        parameters.setEncryptionProperties(new EncryptionProperties());
+        
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/UsernameTokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/UsernameTokenValidatorTest.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/UsernameTokenValidatorTest.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/UsernameTokenValidatorTest.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,270 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.security.Principal;
+import java.util.Properties;
+
+import javax.xml.bind.JAXBElement;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.helpers.DOMUtils;
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString;
+import org.apache.cxf.ws.security.sts.provider.model.secext.EncodedString;
+import org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString;
+import org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.message.token.UsernameToken;
+
+
+/**
+ * Some unit tests for validating a UsernameToken via the UsernameTokenValidator.
+ */
+public class UsernameTokenValidatorTest extends org.junit.Assert {
+    
+    /**
+     * Test a valid UsernameToken with password text
+     */
+    @org.junit.Test
+    public void testValidUsernameTokenText() throws Exception {
+        TokenValidator usernameTokenValidator = new UsernameTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a UsernameToken
+        UsernameTokenType usernameToken = new UsernameTokenType();
+        AttributedString username = new AttributedString();
+        username.setValue("alice");
+        usernameToken.setUsername(username);
+        JAXBElement<UsernameTokenType> tokenType = 
+            new JAXBElement<UsernameTokenType>(
+                QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken
+            );
+        
+        ReceivedToken validateTarget = new ReceivedToken(tokenType);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(usernameTokenValidator.canHandleToken(validateTarget));
+        
+        // This will fail as there is no password
+        TokenValidatorResponse validatorResponse = 
+                usernameTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+
+        // Add a password
+        PasswordString password = new PasswordString();
+        password.setValue("clarinet");
+        password.setType(WSConstants.PASSWORD_TEXT);
+        JAXBElement<PasswordString> passwordType = 
+            new JAXBElement<PasswordString>(
+                QNameConstants.PASSWORD, PasswordString.class, password
+            );
+        usernameToken.getAny().add(passwordType);
+        
+        validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.isValid());
+        
+        Principal principal = validatorResponse.getPrincipal();
+        assertTrue(principal != null && principal.getName() != null);
+    }
+    
+    /**
+     * Test an invalid UsernameToken with password text
+     */
+    @org.junit.Test
+    public void testInvalidUsernameTokenText() throws Exception {
+        TokenValidator usernameTokenValidator = new UsernameTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a UsernameToken
+        UsernameTokenType usernameToken = new UsernameTokenType();
+        AttributedString username = new AttributedString();
+        username.setValue("eve");
+        usernameToken.setUsername(username);
+        JAXBElement<UsernameTokenType> tokenType = 
+            new JAXBElement<UsernameTokenType>(
+                QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken
+            );
+        
+        // Add a password
+        PasswordString password = new PasswordString();
+        password.setValue("clarinet");
+        password.setType(WSConstants.PASSWORD_TEXT);
+        JAXBElement<PasswordString> passwordType = 
+            new JAXBElement<PasswordString>(
+                QNameConstants.PASSWORD, PasswordString.class, password
+            );
+        usernameToken.getAny().add(passwordType);
+        
+        ReceivedToken validateTarget = new ReceivedToken(tokenType);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(usernameTokenValidator.canHandleToken(validateTarget));
+        
+        // This will fail as the username is bad
+        TokenValidatorResponse validatorResponse = 
+            usernameTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+        
+        // This will fail as the password is bad
+        username.setValue("alice");
+        password.setValue("badpassword");
+        validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    /**
+     * Test a valid UsernameToken with password digest
+     */
+    @org.junit.Test
+    public void testValidUsernameTokenDigest() throws Exception {
+        TokenValidator usernameTokenValidator = new UsernameTokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of a UsernameToken
+        UsernameTokenType usernameToken = new UsernameTokenType();
+        AttributedString username = new AttributedString();
+        username.setValue("alice");
+        usernameToken.setUsername(username);
+        JAXBElement<UsernameTokenType> tokenType = 
+            new JAXBElement<UsernameTokenType>(
+                QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameToken
+            );
+        
+        // Create a WSS4J UsernameToken
+        Document doc = DOMUtils.createDocument();
+        UsernameToken ut = new UsernameToken(true, doc, WSConstants.PASSWORD_DIGEST);
+        ut.setName("alice");
+        ut.setPassword("clarinet");
+        ut.addNonce(doc);
+        ut.addCreated(true, doc);
+
+        // Add a password
+        PasswordString password = new PasswordString();
+        password.setValue(ut.getPassword());
+        password.setType(WSConstants.PASSWORD_DIGEST);
+        JAXBElement<PasswordString> passwordType = 
+            new JAXBElement<PasswordString>(
+                QNameConstants.PASSWORD, PasswordString.class, password
+            );
+        usernameToken.getAny().add(passwordType);
+        
+        // Add a nonce
+        EncodedString nonce = new EncodedString();
+        nonce.setValue(ut.getNonce());
+        nonce.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
+        JAXBElement<EncodedString> nonceType = 
+            new JAXBElement<EncodedString>(
+                QNameConstants.NONCE, EncodedString.class, nonce
+            );
+        usernameToken.getAny().add(nonceType);
+        
+        // Add Created value
+        String created = ut.getCreated();
+        Element createdElement = doc.createElementNS(WSConstants.WSU_NS, "Created");
+        createdElement.setAttributeNS(WSConstants.XMLNS_NS, "xmlns", WSConstants.WSU_NS);
+        createdElement.setTextContent(created);
+        usernameToken.getAny().add(createdElement);
+        
+        ReceivedToken validateTarget = new ReceivedToken(tokenType);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(usernameTokenValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = 
+                usernameTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.isValid());
+        
+        Principal principal = validatorResponse.getPrincipal();
+        assertTrue(principal != null && principal.getName() != null);
+        
+        // Expected failure on a bad password
+        password.setValue("badpassword");
+        validatorResponse = usernameTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
+        TokenValidatorParameters parameters = new TokenValidatorParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(STSConstants.STATUS);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java (added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/validator/X509TokenValidatorTest.java Tue Sep 20 15:12:07 2011
@@ -0,0 +1,194 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.validator;
+
+import java.security.Principal;
+import java.security.cert.X509Certificate;
+import java.util.Properties;
+
+import javax.xml.bind.JAXBElement;
+
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.QNameConstants;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.components.crypto.CryptoType;
+import org.apache.ws.security.util.Base64;
+
+
+/**
+ * Some unit tests for validating an X.509 Token via the X509TokenValidator.
+ */
+public class X509TokenValidatorTest extends org.junit.Assert {
+    
+    /**
+     * Test a valid certificate
+     */
+    @org.junit.Test
+    public void testValidCertificate() throws Exception {
+        TokenValidator x509TokenValidator = new X509TokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of an X509Certificate
+        BinarySecurityTokenType binarySecurityToken = new BinarySecurityTokenType();
+        JAXBElement<BinarySecurityTokenType> tokenType = 
+            new JAXBElement<BinarySecurityTokenType>(
+                QNameConstants.BINARY_SECURITY_TOKEN, BinarySecurityTokenType.class, binarySecurityToken
+            );
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("myclientkey");
+        Crypto crypto = validatorParameters.getStsProperties().getSignatureCrypto();
+        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+        assertTrue(certs != null && certs.length > 0);
+        binarySecurityToken.setValue(Base64.encode(certs[0].getEncoded()));
+        
+        ReceivedToken validateTarget = new ReceivedToken(tokenType);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        // It can't handle the token as the value type is not set
+        assertFalse(x509TokenValidator.canHandleToken(validateTarget));
+        
+        binarySecurityToken.setValueType(X509TokenValidator.X509_V3_TYPE);
+        assertTrue(x509TokenValidator.canHandleToken(validateTarget));
+        
+        // This will fail as the encoding type is not set
+        TokenValidatorResponse validatorResponse = null;
+        try {
+            validatorResponse = x509TokenValidator.validateToken(validatorParameters);
+            assertTrue(validatorResponse != null);
+            assertFalse(validatorResponse.isValid());
+        } catch (RuntimeException ex) {
+            // needed due to a bug in WSS4J 1.6.2
+        }
+        
+        binarySecurityToken.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
+        
+        validatorResponse = x509TokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.isValid());
+        
+        Principal principal = validatorResponse.getPrincipal();
+        assertTrue(principal != null && principal.getName() != null);
+    }
+    
+    /**
+     * Test an invalid certificate
+     */
+    @org.junit.Test
+    public void testInvalidCertificate() throws Exception {
+        TokenValidator x509TokenValidator = new X509TokenValidator();
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        
+        // Create a ValidateTarget consisting of an X509Certificate
+        BinarySecurityTokenType binarySecurityToken = new BinarySecurityTokenType();
+        JAXBElement<BinarySecurityTokenType> tokenType = 
+            new JAXBElement<BinarySecurityTokenType>(
+                QNameConstants.BINARY_SECURITY_TOKEN, BinarySecurityTokenType.class, binarySecurityToken
+            );
+        
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias("eve");
+        Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
+        X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+        assertTrue(certs != null && certs.length > 0);
+        
+        binarySecurityToken.setValue(Base64.encode(certs[0].getEncoded()));
+        binarySecurityToken.setValueType(X509TokenValidator.X509_V3_TYPE);
+        binarySecurityToken.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
+        
+        ReceivedToken validateTarget = new ReceivedToken(tokenType);
+        tokenRequirements.setValidateTarget(validateTarget);
+        
+        assertTrue(x509TokenValidator.canHandleToken(validateTarget));
+        
+        TokenValidatorResponse validatorResponse = x509TokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertFalse(validatorResponse.isValid());
+    }
+    
+    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
+        TokenValidatorParameters parameters = new TokenValidatorParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(STSConstants.STATUS);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+        
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+    private Properties getEveCryptoProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "evespass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "eve.jks");
+        
+        return properties;
+    }
+    
+  
+    
+}

Added: cxf/trunk/services/sts/sts-core/src/test/resources/eve.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/resources/eve.jks?rev=1173182&view=auto
==============================================================================
Files cxf/trunk/services/sts/sts-core/src/test/resources/eve.jks (added) and cxf/trunk/services/sts/sts-core/src/test/resources/eve.jks Tue Sep 20 15:12:07 2011 differ

Added: cxf/trunk/services/sts/sts-core/src/test/resources/ldap.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/resources/ldap.properties?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/resources/ldap.properties (added)
+++ cxf/trunk/services/sts/sts-core/src/test/resources/ldap.properties Tue Sep 20 15:12:07 2011
@@ -0,0 +1,20 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+claimUser=alice
\ No newline at end of file

Added: cxf/trunk/services/sts/sts-core/src/test/resources/ldap.xml
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/resources/ldap.xml?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/resources/ldap.xml (added)
+++ cxf/trunk/services/sts/sts-core/src/test/resources/ldap.xml Tue Sep 20 15:12:07 2011
@@ -0,0 +1,56 @@
+<!--
+
+    Licensed to the Apache Software Foundation (ASF) under one
+    or more contributor license agreements. See the NOTICE file
+    distributed with this work for additional information
+    regarding copyright ownership. The ASF licenses this file
+    to you under the Apache License, Version 2.0 (the
+    "License"); you may not use this file except in compliance
+    with the License. You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing,
+    software distributed under the License is distributed on an
+    "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+    KIND, either express or implied. See the License for the
+    specific language governing permissions and limitations
+    under the License.
+
+-->
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:util="http://www.springframework.org/schema/util"
+
+	xsi:schemaLocation="
+        http://www.springframework.org/schema/util
+        http://www.springframework.org/schema/util/spring-util-2.0.xsd	
+        http://www.springframework.org/schema/beans
+        http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+	<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
+		<property name="url" value="ldap://mycompany.com:389" />
+		<property name="userDn"	value="CN=test,OU=svcUID,OU=users,DC=emea,DC=mycompany,DC=com" />
+		<property name="password" value="changeit" />
+	</bean>
+	
+	<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
+		<constructor-arg ref="contextSource" />
+	</bean>
+
+	<util:map id="claimsToLdapAttributeMapping">
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname" value="givenName" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" value="sn" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" value="mail" />
+		<entry key="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/country" value="c" />
+	</util:map>
+	
+	
+	<bean id="testClaimsHandler" class="org.apache.cxf.sts.claims.LdapClaimsHandler">
+		<property name="ldapTemplate" ref="ldapTemplate" />
+		<property name="claimsLdapAttributeMapping" ref="claimsToLdapAttributeMapping" />
+		<property name="userBaseDN" value="OU=users,DC=emea,DC=mycompany,DC=com" />
+	</bean>
+	
+</beans>
+ 	
\ No newline at end of file

Added: cxf/trunk/services/sts/sts-core/src/test/resources/logging.properties
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/resources/logging.properties?rev=1173182&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/resources/logging.properties (added)
+++ cxf/trunk/services/sts/sts-core/src/test/resources/logging.properties Tue Sep 20 15:12:07 2011
@@ -0,0 +1,71 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+############################################################
+#  	Default Logging Configuration File
+#
+# You can use a different file by specifying a filename
+# with the java.util.logging.config.file system property.  
+# For example java -Djava.util.logging.config.file=myfile
+############################################################
+
+############################################################
+#  	Global properties
+############################################################
+
+# "handlers" specifies a comma separated list of log Handler 
+# classes.  These handlers will be installed during VM startup.
+# Note that these classes must be on the system classpath.
+# By default we only configure a ConsoleHandler, which will only
+# show messages at the WARNING and above levels.
+#handlers= java.util.logging.ConsoleHandler
+#handlers= java.util.logging.FileHandler, java.util.logging.ConsoleHandler
+
+# Default global logging level.
+# This specifies which kinds of events are logged across
+# all loggers.  For any given facility this global level
+# can be overridden by a facility specific level
+# Note that the ConsoleHandler also has a separate level
+# setting to limit messages printed to the console.
+.level= INFO
+
+############################################################
+# Handler specific properties.
+# Describes specific configuration info for Handlers.
+############################################################
+
+# default file output is in user's home directory.
+java.util.logging.FileHandler.pattern = %h/java%u.log
+java.util.logging.FileHandler.limit = 50000
+java.util.logging.FileHandler.count = 1
+java.util.logging.FileHandler.formatter = java.util.logging.XMLFormatter
+
+# Limit the message that are printed on the console to WARNING and above.
+java.util.logging.ConsoleHandler.level = INFO
+java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
+
+
+############################################################
+# Facility specific properties.
+# Provides extra control for each logger.
+############################################################
+
+# For example, set the com.xyz.foo logger to only log SEVERE
+# messages:
+#com.xyz.foo.level = SEVERE

Added: cxf/trunk/services/sts/sts-core/src/test/resources/stsstore.jks
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/resources/stsstore.jks?rev=1173182&view=auto
==============================================================================
Files cxf/trunk/services/sts/sts-core/src/test/resources/stsstore.jks (added) and cxf/trunk/services/sts/sts-core/src/test/resources/stsstore.jks Tue Sep 20 15:12:07 2011 differ

Added: cxf/trunk/services/sts/sts-core/src/test/resources/x509.p12
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/resources/x509.p12?rev=1173182&view=auto
==============================================================================
Files cxf/trunk/services/sts/sts-core/src/test/resources/x509.p12 (added) and cxf/trunk/services/sts/sts-core/src/test/resources/x509.p12 Tue Sep 20 15:12:07 2011 differ



Mime
View raw message