cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1310277 - in /cxf/trunk/services/sts/sts-core/src: main/java/org/apache/cxf/sts/operation/ main/java/org/apache/cxf/sts/token/renewer/ test/java/org/apache/cxf/sts/token/renewer/
Date Fri, 06 Apr 2012 10:58:24 GMT
Author: coheigea
Date: Fri Apr  6 10:58:23 2012
New Revision: 1310277

URL: http://svn.apache.org/viewvc?rev=1310277&view=rev
Log:
Added in some realm tests for renewing tokens

Added:
    cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
Modified:
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
    cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewer.java

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java?rev=1310277&r1=1310276&r2=1310277&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/operation/TokenRenewOperation.java
Fri Apr  6 10:58:23 2012
@@ -37,11 +37,11 @@ import org.apache.cxf.sts.request.Receiv
 import org.apache.cxf.sts.request.RequestParser;
 import org.apache.cxf.sts.request.TokenRequirements;
 import org.apache.cxf.sts.service.EncryptionProperties;
-import org.apache.cxf.sts.token.provider.TokenProvider;
 import org.apache.cxf.sts.token.provider.TokenProviderParameters;
-import org.apache.cxf.sts.token.provider.TokenProviderResponse;
 import org.apache.cxf.sts.token.provider.TokenReference;
 import org.apache.cxf.sts.token.renewer.TokenRenewer;
+import org.apache.cxf.sts.token.renewer.TokenRenewerParameters;
+import org.apache.cxf.sts.token.renewer.TokenRenewerResponse;
 import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
 import org.apache.cxf.ws.security.sts.provider.STSException;
 import org.apache.cxf.ws.security.sts.provider.model.BinarySecretType;
@@ -146,26 +146,26 @@ public class TokenRenewOperation extends
         //
         // Renew the token
         //
-        TokenProviderResponse tokenProviderResponse = null;
-        String tokenType = tokenRequirements.getTokenType();
-        TokenProviderParameters providerParameters = 
-                createTokenProviderParameters(requestParser, context);
-
+        TokenRenewerResponse tokenRenewerResponse = null;
+        TokenRenewerParameters renewerParameters = createTokenRenewerParameters(requestParser,
context);
         Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
         if (additionalProperties != null) {
-            providerParameters.setAdditionalProperties(additionalProperties);
+            renewerParameters.setAdditionalProperties(additionalProperties);
         }
-        realm = providerParameters.getRealm();
-        for (TokenProvider tokenProvider : tokenProviders) {
+        renewerParameters.setRealm(tokenResponse.getTokenRealm());
+        renewerParameters.setToken(tokenResponse.getToken());
+
+        realm = tokenResponse.getTokenRealm();
+        for (TokenRenewer tokenRenewer : tokenRenewers) {
             boolean canHandle = false;
             if (realm == null) {
-                canHandle = tokenProvider.canHandleToken(tokenType);
+                canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken());
             } else {
-                canHandle = tokenProvider.canHandleToken(tokenType, realm);
+                canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken(), realm);
             }
             if (canHandle) {
                 try {
-                    tokenProviderResponse = tokenProvider.createToken(providerParameters);
+                    tokenRenewerResponse = tokenRenewer.renewToken(renewerParameters);
                 } catch (STSException ex) {
                     LOG.log(Level.WARNING, "", ex);
                     throw ex;
@@ -178,20 +178,19 @@ public class TokenRenewOperation extends
                 break;
             }
         }
-        if (tokenProviderResponse == null || tokenProviderResponse.getToken() == null) {
-            LOG.fine("No Token Provider has been found that can handle this token");
+        if (tokenRenewerResponse == null || tokenRenewerResponse.getToken() == null) {
+            LOG.fine("No Token Renewer has been found that can handle this token");
             throw new STSException(
-                "No token provider found for requested token type: " + tokenType, 
-                STSException.REQUEST_FAILED
+                "No token renewer found for requested token type", STSException.REQUEST_FAILED
             );
         }
 
         // prepare response
         try {
-            EncryptionProperties encryptionProperties = providerParameters.getEncryptionProperties();
+            EncryptionProperties encryptionProperties = renewerParameters.getEncryptionProperties();
             RequestSecurityTokenResponseType response = 
                 createResponse(
-                    encryptionProperties, tokenProviderResponse, tokenRequirements, keyRequirements,
context
+                    encryptionProperties, tokenRenewerResponse, tokenRequirements, keyRequirements,
context
                 );
             return response;
         } catch (Throwable ex) {
@@ -202,7 +201,7 @@ public class TokenRenewOperation extends
    
     private RequestSecurityTokenResponseType createResponse(
             EncryptionProperties encryptionProperties,
-            TokenProviderResponse tokenResponse, 
+            TokenRenewerResponse tokenRenewerResponse, 
             TokenRequirements tokenRequirements,
             KeyRequirements keyRequirements,
             WebServiceContext webServiceContext
@@ -227,11 +226,11 @@ public class TokenRenewOperation extends
             QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
         LOG.fine("Encrypting Issued Token: " + encryptIssuedToken);
         if (!encryptIssuedToken) {
-            requestedTokenType.setAny(tokenResponse.getToken());
+            requestedTokenType.setAny(tokenRenewerResponse.getToken());
         } else {
             requestedTokenType.setAny(
                 encryptToken(
-                    tokenResponse.getToken(), tokenResponse.getTokenId(), 
+                    tokenRenewerResponse.getToken(), tokenRenewerResponse.getTokenId(), 
                     encryptionProperties, keyRequirements, webServiceContext
                 )
             );
@@ -240,14 +239,14 @@ public class TokenRenewOperation extends
 
         if (returnReferences) {
             // RequestedAttachedReference
-            TokenReference attachedReference = tokenResponse.getAttachedReference();
+            TokenReference attachedReference = tokenRenewerResponse.getAttachedReference();
             RequestedReferenceType requestedAttachedReferenceType = null;
             if (attachedReference != null) {
                 requestedAttachedReferenceType = createRequestedReference(attachedReference,
true);
             } else {
                 requestedAttachedReferenceType = 
                     createRequestedReference(
-                            tokenResponse.getTokenId(), tokenRequirements.getTokenType(),
true
+                            tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(),
true
                     );
             }
 
@@ -258,14 +257,14 @@ public class TokenRenewOperation extends
             response.getAny().add(requestedAttachedReference);
 
             // RequestedUnattachedReference
-            TokenReference unAttachedReference = tokenResponse.getUnAttachedReference();
+            TokenReference unAttachedReference = tokenRenewerResponse.getUnAttachedReference();
             RequestedReferenceType requestedUnattachedReferenceType = null;
             if (unAttachedReference != null) {
                 requestedUnattachedReferenceType = createRequestedReference(unAttachedReference,
false);
             } else {
                 requestedUnattachedReferenceType = 
                     createRequestedReference(
-                            tokenResponse.getTokenId(), tokenRequirements.getTokenType(),
false
+                            tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(),
false
                     );
             }
 
@@ -280,7 +279,7 @@ public class TokenRenewOperation extends
         response.getAny().add(tokenRequirements.getAppliesTo());
 
         // RequestedProofToken
-        if (tokenResponse.isComputedKey() && keyRequirements.getComputedKeyAlgorithm()
!= null) {
+        if (tokenRenewerResponse.isComputedKey() && keyRequirements.getComputedKeyAlgorithm()
!= null) {
             JAXBElement<String> computedKey = 
                 QNameConstants.WS_TRUST_FACTORY.createComputedKey(keyRequirements.getComputedKeyAlgorithm());
             RequestedProofTokenType requestedProofTokenType = 
@@ -289,9 +288,9 @@ public class TokenRenewOperation extends
             JAXBElement<RequestedProofTokenType> requestedProofToken = 
                 QNameConstants.WS_TRUST_FACTORY.createRequestedProofToken(requestedProofTokenType);
             response.getAny().add(requestedProofToken);
-        } else if (tokenResponse.getEntropy() != null) {
+        } else if (tokenRenewerResponse.getEntropy() != null) {
             Object token = 
-                constructSecretToken(tokenResponse.getEntropy(), encryptionProperties, keyRequirements);
+                constructSecretToken(tokenRenewerResponse.getEntropy(), encryptionProperties,
keyRequirements);
             RequestedProofTokenType requestedProofTokenType = 
                 QNameConstants.WS_TRUST_FACTORY.createRequestedProofTokenType();
             requestedProofTokenType.setAny(token);
@@ -301,9 +300,9 @@ public class TokenRenewOperation extends
         }
 
         // Entropy
-        if (tokenResponse.isComputedKey() && tokenResponse.getEntropy() != null)
{
+        if (tokenRenewerResponse.isComputedKey() && tokenRenewerResponse.getEntropy()
!= null) {
             Object token = 
-                constructSecretToken(tokenResponse.getEntropy(), encryptionProperties, keyRequirements);
+                constructSecretToken(tokenRenewerResponse.getEntropy(), encryptionProperties,
keyRequirements);
             EntropyType entropyType = QNameConstants.WS_TRUST_FACTORY.createEntropyType();
             entropyType.getAny().add(token);
             JAXBElement<EntropyType> entropyElement = 
@@ -312,12 +311,12 @@ public class TokenRenewOperation extends
         }
 
         // Lifetime
-        LifetimeType lifetime = createLifetime(tokenResponse.getLifetime());
+        LifetimeType lifetime = createLifetime(tokenRenewerResponse.getLifetime());
         JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
         response.getAny().add(lifetimeType);
 
         // KeySize
-        long keySize = tokenResponse.getKeySize();
+        long keySize = tokenRenewerResponse.getKeySize();
         if (keySize <= 0) {
             keySize = keyRequirements.getKeySize();
         }
@@ -353,5 +352,23 @@ public class TokenRenewOperation extends
         }
     }
 
+    private TokenRenewerParameters createTokenRenewerParameters(
+        RequestParser requestParser, WebServiceContext context
+    ) {
+        TokenProviderParameters providerParameters = 
+            createTokenProviderParameters(requestParser, context);
+        
+        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
+        renewerParameters.setAppliesToAddress(providerParameters.getAppliesToAddress());
+        renewerParameters.setEncryptionProperties(providerParameters.getEncryptionProperties());
+        renewerParameters.setKeyRequirements(providerParameters.getKeyRequirements());
+        renewerParameters.setPrincipal(providerParameters.getPrincipal());
+        renewerParameters.setStsProperties(providerParameters.getStsProperties());
+        renewerParameters.setTokenRequirements(providerParameters.getTokenRequirements());
+        renewerParameters.setTokenStore(providerParameters.getTokenStore());
+        renewerParameters.setWebServiceContext(providerParameters.getWebServiceContext());
+        
+        return renewerParameters;
+    }
 
 }

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java?rev=1310277&r1=1310276&r2=1310277&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewer.java
Fri Apr  6 10:58:23 2012
@@ -71,6 +71,16 @@ public class SAMLTokenRenewer implements
      * Return true if this TokenRenewer implementation is able to renew a token.
      */
     public boolean canHandleToken(ReceivedToken renewTarget) {
+        return canHandleToken(renewTarget, null);
+    }
+    
+    /**
+     * Return true if this TokenRenewer implementation is able to renew a token in the given
realm.
+     */
+    public boolean canHandleToken(ReceivedToken renewTarget, String realm) {
+        if (realm != null && !realmMap.containsKey(realm)) {
+            return false;
+        }
         Object token = renewTarget.getToken();
         if (token instanceof Element) {
             Element tokenElement = (Element)token;

Modified: cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewer.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewer.java?rev=1310277&r1=1310276&r2=1310277&view=diff
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewer.java
(original)
+++ cxf/trunk/services/sts/sts-core/src/main/java/org/apache/cxf/sts/token/renewer/TokenRenewer.java
Fri Apr  6 10:58:23 2012
@@ -36,6 +36,11 @@ public interface TokenRenewer {
      * Return true if this TokenRenewer implementation is able to renew a token.
      */
     boolean canHandleToken(ReceivedToken renewTarget);
+    
+    /**
+     * Return true if this TokenRenewer implementation is able to renew a token in the given
realm.
+     */
+    boolean canHandleToken(ReceivedToken renewTarget, String realm);
 
     /**
      * Renew a token given a TokenRenewerParameters

Added: cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
URL: http://svn.apache.org/viewvc/cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java?rev=1310277&view=auto
==============================================================================
--- cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
(added)
+++ cxf/trunk/services/sts/sts-core/src/test/java/org/apache/cxf/sts/token/renewer/SAMLTokenRenewerRealmTest.java
Fri Apr  6 10:58:23 2012
@@ -0,0 +1,333 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.sts.token.renewer;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Properties;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import org.apache.cxf.jaxws.context.WebServiceContextImpl;
+import org.apache.cxf.jaxws.context.WrappedMessageContext;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.sts.STSConstants;
+import org.apache.cxf.sts.StaticSTSProperties;
+import org.apache.cxf.sts.common.PasswordCallbackHandler;
+import org.apache.cxf.sts.request.KeyRequirements;
+import org.apache.cxf.sts.request.Lifetime;
+import org.apache.cxf.sts.request.ReceivedToken;
+import org.apache.cxf.sts.request.ReceivedToken.STATE;
+import org.apache.cxf.sts.request.TokenRequirements;
+import org.apache.cxf.sts.service.EncryptionProperties;
+import org.apache.cxf.sts.token.provider.DefaultConditionsProvider;
+import org.apache.cxf.sts.token.provider.SAMLTokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProvider;
+import org.apache.cxf.sts.token.provider.TokenProviderParameters;
+import org.apache.cxf.sts.token.provider.TokenProviderResponse;
+import org.apache.cxf.sts.token.realm.SAMLRealm;
+import org.apache.cxf.sts.token.realm.SAMLRealmCodec;
+import org.apache.cxf.sts.token.validator.IssuerSAMLRealmCodec;
+import org.apache.cxf.sts.token.validator.SAMLTokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidator;
+import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
+import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
+import org.apache.ws.security.CustomTokenPrincipal;
+import org.apache.ws.security.WSConstants;
+import org.apache.ws.security.WSSecurityException;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.CryptoFactory;
+import org.apache.ws.security.util.XmlSchemaDateFormat;
+
+/**
+ * Some unit tests for renewing a SAML token in different realms.
+ */
+public class SAMLTokenRenewerRealmTest extends org.junit.Assert {
+    
+    /**
+     * Test a SAML 1.1 Assertion created in realm "A".
+     */
+    @org.junit.Test
+    public void testRealmA() throws Exception {
+        // Create a RenewTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        CallbackHandler callbackHandler = new PasswordCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(
+                WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, "A",
50
+            );
+        // Sleep to expire the token
+        Thread.sleep(1000);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        SAMLRealmCodec samlRealmCodec = new IssuerSAMLRealmCodec();
+        ((SAMLTokenValidator)samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
+        
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        ReceivedToken renewTarget = new ReceivedToken(samlToken);
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        tokenRequirements.setValidateTarget(renewTarget);
+        validatorParameters.setToken(renewTarget);
+        
+        // Validate the token
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.getToken() != null);
+        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
+        assertTrue(validatorResponse.getTokenRealm().equals("A"));
+        
+        // Renew the Assertion
+        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
+        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
+        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
+        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
+        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
+        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
+        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
+        renewerParameters.setToken(validatorResponse.getToken());
+        
+        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
+        Map<String, SAMLRealm> samlRealms = getSamlRealms();
+        ((SAMLTokenRenewer)samlTokenRenewer).setRealmMap(samlRealms);
+        String realm = validatorResponse.getTokenRealm();
+        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm));
+        
+        TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
+        assertTrue(renewerResponse != null);
+        assertTrue(renewerResponse.getToken() != null);
+        
+        // Now validate it again
+        ReceivedToken validateTarget = new ReceivedToken(renewerResponse.getToken());
+        tokenRequirements.setValidateTarget(validateTarget);
+        validatorParameters.setToken(validateTarget);
+        
+        validatorResponse = samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.getToken() != null);
+        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
+    }
+    
+    /**
+     * Test a SAML 1.1 Assertion created in realm "B".
+     */
+    @org.junit.Test
+    public void testRealmB() throws Exception {
+        // Create a RenewTarget consisting of a SAML Assertion
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        CallbackHandler callbackHandler = new PasswordCallbackHandler();
+        Element samlToken = 
+            createSAMLAssertion(
+                WSConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, "B",
50
+            );
+        // Sleep to expire the token
+        Thread.sleep(1000);
+        Document doc = samlToken.getOwnerDocument();
+        samlToken = (Element)doc.appendChild(samlToken);
+        
+        TokenValidator samlTokenValidator = new SAMLTokenValidator();
+        SAMLRealmCodec samlRealmCodec = new IssuerSAMLRealmCodec();
+        ((SAMLTokenValidator)samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
+        
+        TokenValidatorParameters validatorParameters = createValidatorParameters();
+        ReceivedToken renewTarget = new ReceivedToken(samlToken);
+        TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
+        tokenRequirements.setValidateTarget(renewTarget);
+        validatorParameters.setToken(renewTarget);
+        
+        // Validate the token
+        TokenValidatorResponse validatorResponse = 
+            samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.getToken() != null);
+        assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
+        assertTrue(validatorResponse.getTokenRealm().equals("B"));
+        
+        // Renew the Assertion
+        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
+        renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
+        renewerParameters.setStsProperties(validatorParameters.getStsProperties());
+        renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        renewerParameters.setWebServiceContext(validatorParameters.getWebServiceContext());
+        renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
+        renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
+        renewerParameters.setTokenStore(validatorParameters.getTokenStore());
+        renewerParameters.setToken(validatorResponse.getToken());
+        
+        TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
+        Map<String, SAMLRealm> samlRealms = getSamlRealms();
+        ((SAMLTokenRenewer)samlTokenRenewer).setRealmMap(samlRealms);
+        String realm = validatorResponse.getTokenRealm();
+        assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm));
+        
+        TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
+        assertTrue(renewerResponse != null);
+        assertTrue(renewerResponse.getToken() != null);
+        
+        // Now validate it again
+        ReceivedToken validateTarget = new ReceivedToken(renewerResponse.getToken());
+        tokenRequirements.setValidateTarget(validateTarget);
+        validatorParameters.setToken(validateTarget);
+        
+        validatorResponse = samlTokenValidator.validateToken(validatorParameters);
+        assertTrue(validatorResponse != null);
+        assertTrue(validatorResponse.getToken() != null);
+        assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
+    }
+    
+    private TokenValidatorParameters createValidatorParameters() throws WSSecurityException
{
+        TokenValidatorParameters parameters = new TokenValidatorParameters();
+        
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(STSConstants.STATUS);
+        parameters.setTokenRequirements(tokenRequirements);
+        
+        KeyRequirements keyRequirements = new KeyRequirements();
+        parameters.setKeyRequirements(keyRequirements);
+        
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+        
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
+        stsProperties.setEncryptionCrypto(crypto);
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setEncryptionUsername("myservicekey");
+        stsProperties.setSignatureUsername("mystskey");
+        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
+        stsProperties.setIssuer("STS-2");
+        parameters.setStsProperties(stsProperties);
+        
+        return parameters;
+    }
+    
+    private Element createSAMLAssertion(
+        String tokenType, 
+        Crypto crypto, 
+        String signatureUsername, 
+        CallbackHandler callbackHandler,
+        String realm,
+        long ttlMs
+    ) throws WSSecurityException {
+        TokenProvider samlTokenProvider = new SAMLTokenProvider();
+        DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
+        conditionsProvider.setAcceptClientLifetime(true);
+        ((SAMLTokenProvider)samlTokenProvider).setConditionsProvider(conditionsProvider);
+        TokenProviderParameters providerParameters = 
+            createProviderParameters(
+                tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
+            );
+        providerParameters.setRealm(realm);
+        if (ttlMs != 0) {
+            Lifetime lifetime = new Lifetime();
+            Date creationTime = new Date();
+            Date expirationTime = new Date();
+            expirationTime.setTime(creationTime.getTime() + ttlMs);
+
+            XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
+            lifetime.setCreated(fmt.format(creationTime));
+            lifetime.setExpires(fmt.format(expirationTime));
+
+            providerParameters.getTokenRequirements().setLifetime(lifetime);
+        }
+        
+        // Create Realms
+        Map<String, SAMLRealm> samlRealms = getSamlRealms();
+        ((SAMLTokenProvider)samlTokenProvider).setRealmMap(samlRealms);
+        
+        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
+        assertTrue(providerResponse != null);
+        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId()
!= null);
+        
+        return providerResponse.getToken();
+    }
+    
+    private Map<String, SAMLRealm> getSamlRealms() {
+        // Create Realms
+        Map<String, SAMLRealm> samlRealms = new HashMap<String, SAMLRealm>();
+        SAMLRealm samlRealm = new SAMLRealm();
+        samlRealm.setIssuer("A-Issuer");
+        samlRealms.put("A", samlRealm);
+        samlRealm = new SAMLRealm();
+        samlRealm.setIssuer("B-Issuer");
+        samlRealms.put("B", samlRealm);
+        return samlRealms;
+    }
+    
+    private TokenProviderParameters createProviderParameters(
+        String tokenType, String keyType, Crypto crypto, 
+        String signatureUsername, CallbackHandler callbackHandler
+    ) throws WSSecurityException {
+        TokenProviderParameters parameters = new TokenProviderParameters();
+
+        TokenRequirements tokenRequirements = new TokenRequirements();
+        tokenRequirements.setTokenType(tokenType);
+        parameters.setTokenRequirements(tokenRequirements);
+
+        KeyRequirements keyRequirements = new KeyRequirements();
+        keyRequirements.setKeyType(keyType);
+        parameters.setKeyRequirements(keyRequirements);
+
+        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
+        // Mock up message context
+        MessageImpl msg = new MessageImpl();
+        WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
+        WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
+        parameters.setWebServiceContext(webServiceContext);
+
+        parameters.setAppliesToAddress("http://dummy-service.com/dummy");
+
+        // Add STSProperties object
+        StaticSTSProperties stsProperties = new StaticSTSProperties();
+        stsProperties.setSignatureCrypto(crypto);
+        stsProperties.setSignatureUsername(signatureUsername);
+        stsProperties.setCallbackHandler(callbackHandler);
+        stsProperties.setIssuer("STS");
+        parameters.setStsProperties(stsProperties);
+
+        parameters.setEncryptionProperties(new EncryptionProperties());
+
+        return parameters;
+    }
+    
+    private Properties getEncryptionProperties() {
+        Properties properties = new Properties();
+        properties.put(
+            "org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin"
+        );
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", "stsspass");
+        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", "stsstore.jks");
+        
+        return properties;
+    }
+    
+    
+}



Mime
View raw message