cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1345768 [2/2] - in /cxf/fediz/trunk: ./ examples/simpleWebapp/src/main/webapp/META-INF/ examples/wsclientWebapp/webapp/ examples/wsclientWebapp/webapp/src/main/webapp/META-INF/ plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/ plu...
Date Sun, 03 Jun 2012 20:25:35 GMT
Added: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java?rev=1345768&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java
Sun Jun  3 20:25:34 2012
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML1Constants;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.opensaml.common.SAMLVersion;
+
+
+
+/**
+ * A Callback Handler implementation for a SAML 1.1 assertion. By default it creates an
+ * authentication assertion using Sender Vouches.
+ */
+public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler {
+    
+    public SAML1CallbackHandler() throws Exception {
+        // Required for Holder-Of-Key. Commented out.
+        /*
+        if (certs == null) {
+            Crypto crypto = CryptoFactory.getInstance("wss40.properties");
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("wss40");
+            certs = crypto.getX509Certificates(cryptoType);
+        }
+        */
+        
+        subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
+        subjectQualifier = "www.example.com";
+        confirmationMethod = SAML2Constants.CONF_BEARER;
+    }
+    
+    public void handle(Callback[] callbacks)
+        throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof SAMLCallback) {
+                SAMLCallback callback = (SAMLCallback) callbacks[i];
+                callback.setSamlVersion(SAMLVersion.VERSION_11);
+                callback.setIssuer(issuer);
+                if (conditions != null) {
+                    callback.setConditions(conditions);
+                }
+                
+                SubjectBean subjectBean = 
+                    new SubjectBean(
+                        subjectName, subjectQualifier, confirmationMethod
+                    );
+                if (subjectNameIDFormat != null) {
+                    subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
+                }
+                if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
+                    try {
+                        KeyInfoBean keyInfo = createKeyInfo();
+                        subjectBean.setKeyInfo(keyInfo);
+                    } catch (Exception ex) {
+                        throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
+                    }
+                }
+                createAndSetStatement(subjectBean, callback);
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+    
+}
+

Added: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java?rev=1345768&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java
Sun Jun  3 20:25:34 2012
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.ws.security.saml.ext.SAMLCallback;
+import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
+import org.apache.ws.security.saml.ext.bean.SubjectBean;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.opensaml.common.SAMLVersion;
+
+
+
+/**
+ * A Callback Handler implementation for a SAML 2 assertion. By default it creates an
+ * authentication assertion using Bearer.
+ */
+public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler {
+    
+    public SAML2CallbackHandler() throws Exception {
+        // Required for Holder-Of-Key. Commented out.
+        /*
+        if (certs == null) {
+            Crypto crypto = CryptoFactory.getInstance("wss40.properties");
+            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+            cryptoType.setAlias("wss40");
+            certs = crypto.getX509Certificates(cryptoType);
+        }
+        */
+        
+        subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com";
+        subjectQualifier = "www.example.com";
+        confirmationMethod = SAML2Constants.CONF_BEARER;
+    }
+    
+    public void handle(Callback[] callbacks)
+        throws IOException, UnsupportedCallbackException {
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof SAMLCallback) {
+                SAMLCallback callback = (SAMLCallback) callbacks[i];
+                callback.setSamlVersion(SAMLVersion.VERSION_20);
+                callback.setIssuer(issuer);
+                if (conditions != null) {
+                    callback.setConditions(conditions);
+                }
+                
+                SubjectBean subjectBean = 
+                    new SubjectBean(
+                        subjectName, subjectQualifier, confirmationMethod
+                    );
+                if (subjectNameIDFormat != null) {
+                    subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
+                }
+                subjectBean.setSubjectConfirmationData(subjectConfirmationData);
+                if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
+                    try {
+                        KeyInfoBean keyInfo = createKeyInfo();
+                        subjectBean.setKeyInfo(keyInfo);
+                    } catch (Exception ex) {
+                        throw new IOException("Problem creating KeyInfo: " +  ex.getMessage());
+                    }
+                }
+                callback.setSubject(subjectBean);
+                createAndSetStatement(null, callback);
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+    
+}

Modified: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml?rev=1345768&r1=1345767&r2=1345768&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml (original)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml Sun Jun  3 20:25:34
2012
@@ -8,11 +8,11 @@
 			<trustManager>
 				<keyStore file="stsstore.jks" password="stsspass"
 					type="JKS" />
-			</trustManager>
+			</trustManager>		
 		</certificateStores>
 		<trustedIssuers>
 			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
-				name="DoubleItSTSIssuer" />
+				name="FedizSTSIssuer" />				
 		</trustedIssuers>
 
 		<maximumClockSkew>1000</maximumClockSkew>
@@ -32,4 +32,80 @@
 			</claimTypesRequested>
 		</protocol>
 	</contextConfig>
-</FedizConfig>
\ No newline at end of file
+	
+	<contextConfig name="ROOT2">
+		<audienceUris>
+			<audienceItem>http://host_one:port/url</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsrealm_a.jks" password="storepass"
+					type="JKS" />
+			</trustManager>	
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass"
+					type="JKS" />
+			</trustManager>		
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="FedizSTSIssuer" />
+		</trustedIssuers>
+
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>target realm</realm>
+			<issuer>http://url_to_the_issuer</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+	
+	<contextConfig name="ROOT3">
+		<audienceUris>
+			<audienceItem>http://host_one:port/url</audienceItem>
+		</audienceUris>
+		<certificateStores>
+			<trustManager>
+				<keyStore file="stsrealm_a.jks" password="storepass"
+					type="JKS" />
+			</trustManager>	
+			<trustManager>
+				<keyStore file="stsstore.jks" password="stsspass"
+					type="JKS" />
+			</trustManager>		
+		</certificateStores>
+		<trustedIssuers>
+			<issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust"
+				name="FedizSTSIssuer2" />
+			<issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust"
+				name="FedizSTSIssuer" />
+		</trustedIssuers>
+
+		<maximumClockSkew>1000</maximumClockSkew>
+		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+			xsi:type="federationProtocolType" version="1.2">
+			<realm>target realm</realm>
+			<issuer>http://url_to_the_issuer</issuer>
+			<roleDelimiter>;</roleDelimiter>
+			<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+			<authenticationType value="some auth type" type="String" />
+			<homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm>
+			<freshness>10000</freshness>
+			<reply>reply value</reply>
+			<request>REQUEST</request>
+			<claimTypesRequested>
+				<claimType type="a particular claim type" optional="true" />
+			</claimTypesRequested>
+		</protocol>
+	</contextConfig>
+</FedizConfig>

Modified: cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties?rev=1345768&r1=1345767&r2=1345768&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties (original)
+++ cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties Sun Jun  3 20:25:34
2012
@@ -1,6 +1,5 @@
 org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
 org.apache.ws.security.crypto.merlin.keystore.type=jks
-org.apache.ws.security.crypto.merlin.keystore.password=changeit
-#org.apache.ws.security.crypto.merlin.keystore.alias=notneeded
-org.apache.ws.security.crypto.merlin.keystore.file=sdcinternal.jks
+org.apache.ws.security.crypto.merlin.keystore.password=stsspass
+org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks
 

Added: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks?rev=1345768&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Added: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks?rev=1345768&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/fediz/trunk/pom.xml
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1345768&r1=1345767&r2=1345768&view=diff
==============================================================================
--- cxf/fediz/trunk/pom.xml (original)
+++ cxf/fediz/trunk/pom.xml Sun Jun  3 20:25:34 2012
@@ -42,7 +42,7 @@
         <junit.version>4.8.2</junit.version>
         <tomcat.url>http://localhost:8080/manager/text</tomcat.url>
         <cxf.version>2.6.1-SNAPSHOT</cxf.version>
-        <wss4j.version>1.6.5</wss4j.version>
+        <wss4j.version>1.6.6</wss4j.version>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <jdk.version>1.6</jdk.version>
         <compiler.fork>false</compiler.fork>



Mime
View raw message