cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Fixing a bug with Metadata Signature Creation + adding system tests for the RP
Date Fri, 19 Sep 2014 15:51:30 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master d272e844a -> c55caad9d


Fixing a bug with Metadata Signature Creation + adding system tests for the RP


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c55caad9
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c55caad9
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c55caad9

Branch: refs/heads/master
Commit: c55caad9d492081872a62681bcb21ef6e17e7340
Parents: d272e84
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Sep 19 16:51:09 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Sep 19 16:51:09 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/util/SignatureUtils.java     |  4 ++
 .../cxf/src/test/resources/fediz_config.xml     |  3 +
 .../jetty8/src/test/resources/fediz_config.xml  |  3 +
 .../spring/src/test/resources/fediz_config.xml  |  3 +
 .../fediz/integrationtests/AbstractTests.java   | 62 +++++++++++++++++++-
 .../tomcat7/src/test/resources/fediz_config.xml |  3 +
 6 files changed, 77 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index ab4d211..9107e6b 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -55,6 +55,10 @@ public final class SignatureUtils {
     private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
     private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
     
+    static {
+        DOC_BUILDER_FACTORY.setNamespaceAware(true);
+    }
+    
     private SignatureUtils() {
     }
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/cxf/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/fediz_config.xml b/systests/cxf/src/test/resources/fediz_config.xml
index 32fc21d..9f0209b 100644
--- a/systests/cxf/src/test/resources/fediz_config.xml
+++ b/systests/cxf/src/test/resources/fediz_config.xml
@@ -18,6 +18,9 @@
             <issuer certificateValidation="PeerTrust" />
         </trustedIssuers>
         <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="test-classes/server.jks" password="tompass" type="JKS" />
+        </signingKey>
         <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:type="federationProtocolType" version="1.0.0">
             <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/jetty8/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/fediz_config.xml b/systests/jetty8/src/test/resources/fediz_config.xml
index 4fe5022..49460dd 100644
--- a/systests/jetty8/src/test/resources/fediz_config.xml
+++ b/systests/jetty8/src/test/resources/fediz_config.xml
@@ -18,6 +18,9 @@
             <issuer certificateValidation="PeerTrust" />
         </trustedIssuers>
         <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="server.jks" password="tompass" type="JKS" />
+        </signingKey>
         <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:type="federationProtocolType" version="1.0.0">
             <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/spring/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/fediz_config.xml b/systests/spring/src/test/resources/fediz_config.xml
index 2fb2af5..53b0392 100644
--- a/systests/spring/src/test/resources/fediz_config.xml
+++ b/systests/spring/src/test/resources/fediz_config.xml
@@ -17,6 +17,9 @@
 			<issuer certificateValidation="PeerTrust" />
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
+		<signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="server.jks" password="tompass" type="JKS" />
+        </signingKey>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 			xsi:type="federationProtocolType" version="1.0.0">
 			<realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index 4d68e36..3ba99b9 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -19,6 +19,10 @@
 
 package org.apache.cxf.fediz.integrationtests;
 
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
 import com.gargoylesoftware.htmlunit.CookieManager;
 import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
 import com.gargoylesoftware.htmlunit.WebClient;
@@ -27,9 +31,17 @@ import com.gargoylesoftware.htmlunit.xml.XmlPage;
 
 import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.core.FederationConstants;
+import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
 import org.junit.Assert;
 
 public abstract class AbstractTests {
+    
+    static {
+        WSSConfig.init();
+    }
 
     public AbstractTests() {
         super();
@@ -290,7 +302,7 @@ public abstract class AbstractTests {
     }
 
     @org.junit.Test
-    public void testMetadata() throws Exception {
+    public void testRPMetadata() throws Exception {
         String url = "https://localhost:" + getRpHttpsPort() 
             + "/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
 
@@ -302,6 +314,54 @@ public abstract class AbstractTests {
         final XmlPage rpPage = webClient.getPage(url);
         final String xmlContent = rpPage.asXml();
         Assert.assertTrue(xmlContent.startsWith("<EntityDescriptor"));
+        
+        // Now validate the Signature
+        Document doc = rpPage.getXmlDocument();
+        
+        doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+        
+        Node signatureNode = 
+            DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+        Assert.assertNotNull(signatureNode);
+        
+        XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+        KeyInfo ki = signature.getKeyInfo();
+        Assert.assertNotNull(ki);
+        Assert.assertNotNull(ki.getX509Certificate());
+
+        Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+    }
+    
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testIdPMetadata() throws Exception {
+        String url = "https://localhost:" + getIdpHttpsPort() 
+            + "/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml";
+
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setSSLClientCertificate(
+            this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
+
+        final XmlPage rpPage = webClient.getPage(url);
+        final String xmlContent = rpPage.asXml();
+        Assert.assertTrue(xmlContent.startsWith("<EntityDescriptor"));
+        
+        // Now validate the Signature
+        Document doc = rpPage.getXmlDocument();
+        
+        doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+        
+        Node signatureNode = 
+            DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+        Assert.assertNotNull(signatureNode);
+        
+        XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+        KeyInfo ki = signature.getKeyInfo();
+        Assert.assertNotNull(ki);
+        Assert.assertNotNull(ki.getX509Certificate());
+
+        Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
     }
     
     @org.junit.Test

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/tomcat7/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/fediz_config.xml b/systests/tomcat7/src/test/resources/fediz_config.xml
index 32fc21d..9f0209b 100644
--- a/systests/tomcat7/src/test/resources/fediz_config.xml
+++ b/systests/tomcat7/src/test/resources/fediz_config.xml
@@ -18,6 +18,9 @@
             <issuer certificateValidation="PeerTrust" />
         </trustedIssuers>
         <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="test-classes/server.jks" password="tompass" type="JKS" />
+        </signingKey>
         <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:type="federationProtocolType" version="1.0.0">
             <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>


Mime
View raw message