cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1346100 - in /cxf/fediz/trunk/plugins/core/src: main/java/org/apache/cxf/fediz/core/config/ main/java/org/apache/cxf/fediz/core/saml/ test/java/org/apache/cxf/fediz/core/
Date Mon, 04 Jun 2012 19:32:48 GMT
Author: owulff
Date: Mon Jun  4 19:32:48 2012
New Revision: 1346100

URL: http://svn.apache.org/viewvc?rev=1346100&view=rev
Log:
Testcase added for conditions check and maxclocksqew

Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
    cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java?rev=1346100&r1=1346099&r2=1346100&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/FederationContext.java
Mon Jun  4 19:32:48 2012
@@ -78,6 +78,10 @@ public class FederationContext implement
     public BigInteger getMaximumClockSkew() {
         return config.getMaximumClockSkew();
     }
+    
+    public void setMaximumClockSkew(BigInteger maximumClockSqew) {
+        config.setMaximumClockSkew(maximumClockSqew);
+    }
 
     //    public TrustManager getServiceCertificate() {
     //        return new TrustManager(config.getServiceCertificate());
@@ -118,18 +122,16 @@ public class FederationContext implement
         return config.getName();
     }
 
-    /**
-     * helpers to support existing testcases
-     */
 
     public boolean isDetectExpiredTokens() {
         return detectExpiredTokens;
     }
-
+    
     public void setDetectExpiredTokens(boolean detectExpiredTokens) {
         this.detectExpiredTokens = detectExpiredTokens;
     }
 
+    
     public boolean isDetectReplayedTokens() {
         return detectReplayedTokens;
     }
@@ -138,64 +140,6 @@ public class FederationContext implement
         this.detectReplayedTokens = detectReplayedTokens;
     }
 
-    /*
-    public URI getRoleURI() {
-        ProtocolType pt = config.getProtocol();
-        if (pt == null) {
-            throw new IllegalConfigurationException("Missing ProtocolType");
-        }
-        if (pt instanceof FederationProtocolType) {
-            try {
-                return new URI(((FederationProtocolType) pt).getRoleURI());
-            } catch (URISyntaxException e) {
-                throw new IllegalConfigurationException("Invalid Role URI", e);
-            }
-        } else {
-            throw new IllegalConfigurationException(
-                "Unknown Protocoltype, only FederationProtocolType is currently suported");
-        }
-
-    }
-
-    public String getRoleDelimiter() {
-        ProtocolType pt = config.getProtocol();
-        if (pt != null && (pt instanceof FederationProtocolType)) {
-            return ((FederationProtocolType) pt).getRoleDelimiter();
-        }
-        throw new IllegalConfigurationException("No FederationProtocolType found");
-    }
-    */
-
-    /*
-    public String getTrustStoreFile() {
-        KeyStore storeType = getTrustStore();
-        return storeType.getFile();
-    }
-
-    public String getTrustStorePassword() {
-        KeyStore storeType = getTrustStore();
-        return storeType.getPassword();
-    }
-
-
-    private KeyStore getTrustStore() {
-
-        List<TrustManager> managers =  getTrustedIssuers();
-
-        if (managers == null) {
-            throw new IllegalConfigurationException(
-                    "No Trusted Issuers Keystore found");
-        }
-        if (managers.size() > 1) {
-            throw new IllegalConfigurationException(
-                    "Only one Trusted Issuer Keystore supported");
-        }
-
-        TrustManager trustManager = managers.get(0);
-        return trustManager.getKeyStore();
-    }
-     */
-
     public void setRelativePath(String relativePath) {
         this.relativePath = relativePath;
     }

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java?rev=1346100&r1=1346099&r2=1346100&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/saml/SamlAssertionValidator.java
Mon Jun  4 19:32:48 2012
@@ -144,8 +144,7 @@ public class SamlAssertionValidator impl
         }
         
         // Check conditions
-        //[TODO] Commented out due to testcase issue
-        //checkConditions(assertion);
+        checkConditions(assertion);
         
         // Validate the assertion against schemas/profiles
         validateAssertion(assertion);

Modified: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java?rev=1346100&r1=1346099&r2=1346100&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/FederationProcessorTest.java
Mon Jun  4 19:32:48 2012
@@ -21,6 +21,7 @@ package org.apache.cxf.fediz.core;
 
 import java.io.File;
 import java.io.IOException;
+import java.math.BigInteger;
 import java.net.URL;
 
 import javax.security.auth.callback.CallbackHandler;
@@ -47,6 +48,7 @@ import org.apache.ws.security.saml.ext.S
 import org.apache.ws.security.saml.ext.bean.ConditionsBean;
 import org.apache.ws.security.saml.ext.builder.SAML2Constants;
 import org.apache.ws.security.util.DOM2Writer;
+import org.joda.time.DateTime;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 
@@ -377,6 +379,91 @@ public class FederationProcessorTest {
                             .size());
     }
     
+    /**
+     * Validate SAML 2 token which is expired
+     */
+    @org.junit.Test
+    public void validateSAML2TokenExpired() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+        callbackHandler.setSubjectName(TEST_USER);
+        ConditionsBean cp = new ConditionsBean();
+        DateTime currentTime = new DateTime();
+        currentTime = currentTime.minusSeconds(60);
+        cp.setNotAfter(currentTime);
+        currentTime = new DateTime();
+        currentTime = currentTime.minusSeconds(300);
+        cp.setNotBefore(currentTime);
+        cp.setAudienceURI(TEST_AUDIENCE);
+        callbackHandler.setConditions(cp);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        String rstr = createSamlToken(assertion, "mystskey");
+        
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(rstr);
+        
+        configurator = null;
+        FederationContext config = getFederationConfigurator().getFederationContext("ROOT");
+
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        try {
+            wfProc.processRequest(wfReq, config);
+            fail("Failure expected on expired SAML token");
+        } catch (Exception ex) {
+            // expected
+        }
+    }
+    
+    /**
+     * Validate SAML 2 token which is not yet valid (in 30 seconds)
+     * but within the maximum clock sqew range (60 seconds)
+     */
+    @org.junit.Test
+    public void validateSAML2TokenClockSqewRange() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+        callbackHandler.setSubjectName(TEST_USER);
+        ConditionsBean cp = new ConditionsBean();
+        DateTime currentTime = new DateTime();
+        currentTime = currentTime.plusSeconds(300);
+        cp.setNotAfter(currentTime);
+        currentTime = new DateTime();
+        currentTime = currentTime.plusSeconds(30);
+        cp.setNotBefore(currentTime);
+        cp.setAudienceURI(TEST_AUDIENCE);
+        callbackHandler.setConditions(cp);
+        
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        String rstr = createSamlToken(assertion, "mystskey");
+        
+        FederationRequest wfReq = new FederationRequest();
+        wfReq.setWa(FederationConstants.ACTION_SIGNIN);
+        wfReq.setWresult(rstr);
+        
+        configurator = null;
+        FederationContext config = getFederationConfigurator().getFederationContext("ROOT");
+        config.setMaximumClockSkew(BigInteger.valueOf(60));
+        
+        FederationProcessor wfProc = new FederationProcessorImpl();
+        FederationResponse wfRes = wfProc.processRequest(wfReq, config);
+        
+        Assert.assertEquals("Principal name wrong", TEST_USER,
+                            wfRes.getUsername());
+        Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+        Assert.assertEquals("Two roles must be found", 2, wfRes.getRoles()
+                            .size());
+    }
+    
     
     private String createSamlToken(AssertionWrapper assertion, String alias) throws IOException,
         UnsupportedCallbackException, WSSecurityException, Exception {



Mime
View raw message