cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1489929 - in /cxf/fediz/trunk: services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/ systests/jetty8/src/test/resources/ systests/spring/src/test/resources/ systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/ s...
Date Wed, 05 Jun 2013 15:51:41 GMT
Author: coheigea
Date: Wed Jun  5 15:51:40 2013
New Revision: 1489929

URL: http://svn.apache.org/r1489929
Log:
[FEDIZ-4] - Added support + a testcase for holder-of-key assertions
 - Updated systest keys so that the client at least uses a different keystore

Added:
    cxf/fediz/trunk/systests/jetty8/src/test/resources/client.jks   (with props)
    cxf/fediz/trunk/systests/spring/src/test/resources/client.jks   (with props)
    cxf/fediz/trunk/systests/tomcat7/src/test/resources/client.jks   (with props)
Modified:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
    cxf/fediz/trunk/systests/jetty8/src/test/resources/server.jks
    cxf/fediz/trunk/systests/spring/src/test/resources/server.jks
    cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
    cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
    cxf/fediz/trunk/systests/tomcat7/src/test/resources/server.jks

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java?rev=1489929&r1=1489928&r2=1489929&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
(original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/beans/STSClientAction.java
Wed Jun  5 15:51:40 2013
@@ -93,7 +93,7 @@ public class STSClientAction {
     
     private boolean isPortSet;
     
-    private String keyType = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER;
+    private String keyType = HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_PUBLICKEY;
 
     public String getWsdlLocation() {
         return wsdlLocation;
@@ -176,8 +176,7 @@ public class STSClientAction {
                     (X509Certificate[])servletRequest.getAttribute("javax.servlet.request.X509Certificate");
                 if (certs != null && certs.length > 0) {
                     sts.setUseCertificateForConfirmationKeyInfo(true);
-                    // TODO uncomment once we pick up CXF 2.7.5.
-                    // sts.setUseKeyCertificate(certs[0]);
+                    sts.setUseKeyCertificate(certs[0]);
                 } else {
                     LOG.info("Can't send a PublicKey KeyType as no client certs are available");
                     sts.setKeyType(HTTP_DOCS_OASIS_OPEN_ORG_WS_SX_WS_TRUST_200512_BEARER);

Added: cxf/fediz/trunk/systests/jetty8/src/test/resources/client.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/resources/client.jks?rev=1489929&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/systests/jetty8/src/test/resources/client.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/fediz/trunk/systests/jetty8/src/test/resources/server.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/jetty8/src/test/resources/server.jks?rev=1489929&r1=1489928&r2=1489929&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/jetty8/src/test/resources/server.jks (original) and cxf/fediz/trunk/systests/jetty8/src/test/resources/server.jks
Wed Jun  5 15:51:40 2013 differ

Added: cxf/fediz/trunk/systests/spring/src/test/resources/client.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/spring/src/test/resources/client.jks?rev=1489929&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/systests/spring/src/test/resources/client.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/fediz/trunk/systests/spring/src/test/resources/server.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/spring/src/test/resources/server.jks?rev=1489929&r1=1489928&r2=1489929&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/spring/src/test/resources/server.jks (original) and cxf/fediz/trunk/systests/spring/src/test/resources/server.jks
Wed Jun  5 15:51:40 2013 differ

Modified: cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java?rev=1489929&r1=1489928&r2=1489929&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
(original)
+++ cxf/fediz/trunk/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
Wed Jun  5 15:51:40 2013
@@ -170,9 +170,9 @@ public abstract class AbstractTests {
                 new UsernamePasswordCredentials(user, password));
 
             KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
-            FileInputStream instream = new FileInputStream(new File("./target/test-classes/server.jks"));
+            FileInputStream instream = new FileInputStream(new File("./target/test-classes/client.jks"));
             try {
-                trustStore.load(instream, "tompass".toCharArray());
+                trustStore.load(instream, "clientpass".toCharArray());
             } finally {
                 try {
                     instream.close();

Modified: cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java?rev=1489929&r1=1489928&r2=1489929&view=diff
==============================================================================
--- cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
(original)
+++ cxf/fediz/trunk/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
Wed Jun  5 15:51:40 2013
@@ -21,12 +21,38 @@ package org.apache.cxf.fediz.integration
 
 
 import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.util.ArrayList;
+import java.util.List;
+
+import net.htmlparser.jericho.Element;
+import net.htmlparser.jericho.FormField;
+import net.htmlparser.jericho.FormFields;
+import net.htmlparser.jericho.HTMLElementName;
+import net.htmlparser.jericho.Source;
 
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.http.Consts;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.NameValuePair;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.conn.scheme.Scheme;
+import org.apache.http.conn.ssl.SSLSocketFactory;
+import org.apache.http.impl.client.DefaultHttpClient;
+import org.apache.http.impl.client.LaxRedirectStrategy;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -77,7 +103,10 @@ public class TomcatTest extends Abstract
             //httpsConnector.setAttribute("keyAlias", keyAlias);
             httpsConnector.setAttribute("keystorePass", "tompass");
             httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("clientAuth", "false");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("clientAuth", "want");
+            // httpsConnector.setAttribute("clientAuth", "false");
             httpsConnector.setAttribute("sslProtocol", "TLS");
             httpsConnector.setAttribute("SSLEnabled", true);
 
@@ -110,7 +139,10 @@ public class TomcatTest extends Abstract
             //httpsConnector.setAttribute("keyAlias", keyAlias);
             httpsConnector.setAttribute("keystorePass", "tompass");
             httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("clientAuth", "false");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            // httpsConnector.setAttribute("clientAuth", "false");
+            httpsConnector.setAttribute("clientAuth", "want");
             httpsConnector.setAttribute("sslProtocol", "TLS");
             httpsConnector.setAttribute("SSLEnabled", true);
 
@@ -172,4 +204,121 @@ public class TomcatTest extends Abstract
         return "fedizhelloworld";
     }
     
+    @org.junit.Test
+    public void testUserAliceClientAuth() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+        String user = "alice";
+        String password = "ecila";
+        String response = sendHttpGetClientAuth(url, user, password, 200, 200);
+
+        Assert.assertTrue("Principal not " + user, response.indexOf("userPrincipal=" + user)
> 0);
+        Assert.assertTrue("User " + user + " does not have role Admin", response.indexOf("role:Admin=false")
> 0);
+        Assert.assertTrue("User " + user + " does not have role Manager", response.indexOf("role:Manager=false")
> 0);
+        Assert.assertTrue("User " + user + " must have role User", response.indexOf("role:User=true")
> 0);
+
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          response.indexOf(claim + "=Alice") > 0);
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          response.indexOf(claim + "=Smith") > 0);
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@mycompany.org'",
+                          response.indexOf(claim + "=alice@mycompany.org") > 0);
+
+    }
+    
+    private String sendHttpGetClientAuth(String url, String user, String password, int returnCodeIDP,
int returnCodeRP)
+        throws Exception {
+        DefaultHttpClient httpclient = new DefaultHttpClient();
+        try {
+            httpclient.getCredentialsProvider().setCredentials(
+                new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+                new UsernamePasswordCredentials(user, password));
+
+            KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
+            FileInputStream instream = new FileInputStream(new File("./target/test-classes/client.jks"));
+            try {
+                trustStore.load(instream, "clientpass".toCharArray());
+            } finally {
+                try {
+                    instream.close();
+                } catch (Exception ex) {
+                    ex.printStackTrace();
+                }
+            }
+
+            SSLSocketFactory socketFactory = new SSLSocketFactory(trustStore, "clientpass",
trustStore);
+            Scheme schIdp = new Scheme("https", Integer.parseInt(getIdpHttpsPort()), socketFactory);
+            httpclient.getConnectionManager().getSchemeRegistry().register(schIdp);
+            Scheme schRp = new Scheme("https", Integer.parseInt(getRpHttpsPort()), socketFactory);
+            httpclient.getConnectionManager().getSchemeRegistry().register(schRp);
+
+            HttpGet httpget = new HttpGet(url);
+
+            HttpResponse response = httpclient.execute(httpget);
+            HttpEntity entity = response.getEntity();
+
+            System.out.println(response.getStatusLine());
+            if (entity != null) {
+                System.out.println("Response content length: " + entity.getContentLength());
+            }
+            Assert.assertTrue("IDP HTTP Response code: " + response.getStatusLine().getStatusCode()
+                              + " [Expected: " + returnCodeIDP + "]",
+                              returnCodeIDP == response.getStatusLine().getStatusCode());
+
+            if (response.getStatusLine().getStatusCode() != 200) {
+                return null;
+            }
+
+            //            Redirect to a POST is not supported without user interaction
+            //            http://www.ietf.org/rfc/rfc2616.txt
+            //            If the 301 status code is received in response to a request other
+            //            than GET or HEAD, the user agent MUST NOT automatically redirect
the
+            //            request unless it can be confirmed by the user, since this might
+            //            change the conditions under which the request was issued.
+
+            httpclient.setRedirectStrategy(new LaxRedirectStrategy());
+            
+            Source source = new Source(EntityUtils.toString(entity));
+            List <NameValuePair> nvps = new ArrayList <NameValuePair>();
+            FormFields formFields = source.getFormFields();
+            
+            List<Element> forms = source.getAllElements(HTMLElementName.FORM);
+            Assert.assertEquals("Only one form expected but got " + forms.size(), 1, forms.size());
+            String postUrl = forms.get(0).getAttributeValue("action");
+            
+            Assert.assertNotNull("Form field 'wa' not found", formFields.get("wa"));
+            Assert.assertNotNull("Form field 'wresult' not found", formFields.get("wresult"));
+            
+            for (FormField formField : formFields) {
+                if (formField.getUserValueCount() != 0) {
+                    nvps.add(new BasicNameValuePair(formField.getName(),
+                             formField.getValues().get(0)));
+                }
+            } 
+            HttpPost httppost = new HttpPost(postUrl);
+            httppost.setEntity(new UrlEncodedFormEntity(nvps, Consts.UTF_8));
+
+            response = httpclient.execute(httppost);
+
+            entity = response.getEntity();
+            System.out.println(response.getStatusLine());
+            Assert.assertTrue("RP HTTP Response code: " + response.getStatusLine().getStatusCode()
+                              + " [Expected: " + returnCodeRP + "]",
+                              returnCodeRP == response.getStatusLine().getStatusCode());
+
+            if (entity != null) {
+                System.out.println("Response content length: " + entity.getContentLength());
+            }
+
+            return EntityUtils.toString(entity);
+        } finally {
+            // When HttpClient instance is no longer needed,
+            // shut down the connection manager to ensure
+            // immediate deallocation of all system resources
+            httpclient.getConnectionManager().shutdown();
+        }
+
+    }
 }

Added: cxf/fediz/trunk/systests/tomcat7/src/test/resources/client.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/resources/client.jks?rev=1489929&view=auto
==============================================================================
Binary file - no diff available.

Propchange: cxf/fediz/trunk/systests/tomcat7/src/test/resources/client.jks
------------------------------------------------------------------------------
    svn:mime-type = application/octet-stream

Modified: cxf/fediz/trunk/systests/tomcat7/src/test/resources/server.jks
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/systests/tomcat7/src/test/resources/server.jks?rev=1489929&r1=1489928&r2=1489929&view=diff
==============================================================================
Files cxf/fediz/trunk/systests/tomcat7/src/test/resources/server.jks (original) and cxf/fediz/trunk/systests/tomcat7/src/test/resources/server.jks
Wed Jun  5 15:51:40 2013 differ



Mime
View raw message