cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Enforcing client authentication for the OnBehalfOf endpoint
Date Thu, 18 Sep 2014 16:51:50 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.1.x-fixes 73306269b -> 17e8c07f3


Enforcing client authentication for the OnBehalfOf endpoint

Conflicts:
	services/sts/pom.xml


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/17e8c07f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/17e8c07f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/17e8c07f

Branch: refs/heads/1.1.x-fixes
Commit: 17e8c07f37de0529b94b63199a92f4044f4aa3ff
Parents: 7330626
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 18 17:45:46 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 18 17:51:36 2014 +0100

----------------------------------------------------------------------
 services/idp/src/main/resources/idp-ssl-key.jks     | Bin 0 -> 1123 bytes
 .../src/main/webapp/WEB-INF/applicationContext.xml  |   3 +++
 services/sts/pom.xml                                |   2 ++
 .../webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl   |  12 +++++++-----
 .../org/apache/cxf/fediz/sts/AbstractSTSTest.java   |   2 +-
 .../cxf/fediz/sts/realms/ITCrossRealmTest.java      |   6 ++++++
 .../sts/src/test/resources/stsclient.properties     |   6 +++---
 systests/jetty8/src/test/resources/idp-server.xml   |   3 +++
 systests/spring/src/test/resources/idp-server.xml   |   3 +++
 9 files changed, 28 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/idp/src/main/resources/idp-ssl-key.jks
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/idp-ssl-key.jks b/services/idp/src/main/resources/idp-ssl-key.jks
new file mode 100644
index 0000000..ae16a55
Binary files /dev/null and b/services/idp/src/main/resources/idp-ssl-key.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
index e74fd28..a90c106 100644
--- a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -60,6 +60,9 @@
             <sec:trustManagers>
                 <sec:keyStore type="jks" password="ispass" resource="idp-ssl-trust.jks"/>
             </sec:trustManagers>
+            <sec:keyManagers keyPassword="tompass">
+                <sec:keyStore type="jks" password="tompass" resource="idp-ssl-key.jks"/>
+            </sec:keyManagers>
         </http:tlsClientParameters>
     </http:conduit>
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/pom.xml b/services/sts/pom.xml
index 9a4f045..366a6dd 100644
--- a/services/sts/pom.xml
+++ b/services/sts/pom.xml
@@ -198,6 +198,8 @@
 									<keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore>
 									<password>jettypw</password>
 									<keyPassword>jettypw</keyPassword>
+                                                                        <truststore>${project.build.directory}/test-classes/jetty-ssl.keystore</truststore>
+                                                                        <trustPassword>jettypw</trustPassword>
 									<wantClientAuth>true</wantClientAuth>
 								</connector>
 							</connectors>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
index da62897..f6b318a 100644
--- a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
+++ b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
@@ -754,8 +754,10 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken RequireClientCertificate="false">
-                            <wsp:Policy/>
+                        <sp:HttpsToken>
+                            <wsp:Policy>
+                                <sp:RequireClientCertificate />
+                            </wsp:Policy>
                         </sp:HttpsToken>
                      </wsp:Policy>
                   </sp:TransportToken>
@@ -802,7 +804,7 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken RequireClientCertificate="false">
+                        <sp:HttpsToken>
                             <wsp:Policy/>
                         </sp:HttpsToken>
                      </wsp:Policy>
@@ -861,7 +863,7 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken RequireClientCertificate="false">
+                        <sp:HttpsToken>
                             <wsp:Policy/>
                         </sp:HttpsToken>
                      </wsp:Policy>
@@ -921,7 +923,7 @@
 					<wsp:Policy>
 						<sp:TransportToken>
 							<wsp:Policy>
-								<sp:HttpsToken RequireClientCertificate="false">
+								<sp:HttpsToken>
 									<wsp:Policy/>
 								</sp:HttpsToken>
 							</wsp:Policy>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
index 21afb6c..f0eb6f6 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
@@ -215,7 +215,7 @@ public abstract class AbstractSTSTest {
         return writer.getDocument().getDocumentElement();
     }
 
-    protected Properties readTestProperties(Class clazz, String method) {
+    protected Properties readTestProperties(Class<?> clazz, String method) {
         Properties testProps = new Properties();
         String resourceName = "stsclient.properties";
         InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream(resourceName);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
index 0c373a7..621e0f8 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
@@ -108,6 +108,9 @@ public class ITCrossRealmTest extends AbstractSTSTest {
             }
         }
         
+        // Need client auth for the second call
+        tlsClientParameters = initTLSClientParameters(testProps, true);
+        
         SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
                                                                SAML2_TOKEN_TYPE,
                                                                BEARER_KEYTYPE,
@@ -191,6 +194,9 @@ public class ITCrossRealmTest extends AbstractSTSTest {
             }
         }
         
+        // Need client auth for the second call
+        tlsClientParameters = initTLSClientParameters(testProps, true);
+        
         SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
                                                                SAML2_TOKEN_TYPE,
                                                                BEARER_KEYTYPE,

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/test/resources/stsclient.properties
----------------------------------------------------------------------
diff --git a/services/sts/src/test/resources/stsclient.properties b/services/sts/src/test/resources/stsclient.properties
index b75d4d7..db45129 100644
--- a/services/sts/src/test/resources/stsclient.properties
+++ b/services/sts/src/test/resources/stsclient.properties
@@ -1,6 +1,6 @@
 sts-url=
 truststore=jetty-ssl.keystore
 truststore-pw=jettypw
-keystore=${sts-client-keystore}
-keystore-pw=${sts-client-keystore-pw}
-keystore-key-pw=${sts-client-keystore-key-pw}
+keystore=jetty-ssl.keystore
+keystore-pw=jettypw
+keystore-key-pw=jettypw

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/systests/jetty8/src/test/resources/idp-server.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/idp-server.xml b/systests/jetty8/src/test/resources/idp-server.xml
index ea7701c..1f89e96 100644
--- a/systests/jetty8/src/test/resources/idp-server.xml
+++ b/systests/jetty8/src/test/resources/idp-server.xml
@@ -24,6 +24,9 @@
              <Set name="keyStore">./target/test-classes/server.jks</Set>
              <Set name="keyStorePassword">tompass</Set>
              <Set name="keyManagerPassword">tompass</Set>
+             <Set name="trustStore">./target/test-classes/server.jks</Set>
+             <Set name="trustStorePassword">tompass</Set>
+             <Set name="wantClientAuth">true</Set>
            </New>
          </Arg>
          <Set name="port">${idp.https.port}</Set>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/systests/spring/src/test/resources/idp-server.xml
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/idp-server.xml b/systests/spring/src/test/resources/idp-server.xml
index 75ac996..9c31fd7 100644
--- a/systests/spring/src/test/resources/idp-server.xml
+++ b/systests/spring/src/test/resources/idp-server.xml
@@ -23,6 +23,9 @@
                         </Set>
                         <Set name="keyStorePassword">tompass</Set>
                         <Set name="keyManagerPassword">tompass</Set>
+                        <Set name="trustStore">./target/test-classes/server.jks</Set>
+                        <Set name="trustStorePassword">tompass</Set>
+                        <Set name="wantClientAuth">true</Set>
                     </New>
                 </Arg>
                 <Set name="port">${idp.https.port}</Set>


Mime
View raw message