cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Enforcing client authentication for the OnBehalfOf endpoint
Date Thu, 18 Sep 2014 16:46:05 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master bf51b0f8a -> 2a5b457ea


Enforcing client authentication for the OnBehalfOf endpoint


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2a5b457e
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2a5b457e
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2a5b457e

Branch: refs/heads/master
Commit: 2a5b457ea1ff6bcc9d822f89bf429473308d8b73
Parents: bf51b0f
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Sep 18 17:45:46 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Sep 18 17:45:46 2014 +0100

----------------------------------------------------------------------
 services/idp/src/main/resources/idp-ssl-key.jks     | Bin 0 -> 1123 bytes
 .../src/main/webapp/WEB-INF/applicationContext.xml  |   3 +++
 services/sts/pom.xml                                |   2 ++
 .../webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl   |  12 +++++++-----
 .../org/apache/cxf/fediz/sts/AbstractSTSTest.java   |   2 +-
 .../cxf/fediz/sts/realms/ITCrossRealmTest.java      |   6 ++++++
 .../sts/src/test/resources/stsclient.properties     |   6 +++---
 systests/jetty8/src/test/resources/idp-server.xml   |   3 +++
 systests/spring/src/test/resources/idp-server.xml   |   3 +++
 9 files changed, 28 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/idp/src/main/resources/idp-ssl-key.jks
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/idp-ssl-key.jks b/services/idp/src/main/resources/idp-ssl-key.jks
new file mode 100644
index 0000000..ae16a55
Binary files /dev/null and b/services/idp/src/main/resources/idp-ssl-key.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
index c3b8ecd..afe5003 100644
--- a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -78,6 +78,9 @@
             <sec:trustManagers>
                 <sec:keyStore type="jks" password="ispass" resource="idp-ssl-trust.jks"
/>
             </sec:trustManagers>
+            <sec:keyManagers keyPassword="tompass">
+                <sec:keyStore type="jks" password="tompass" resource="idp-ssl-key.jks"/>
+            </sec:keyManagers>
         </http:tlsClientParameters>
     </http:conduit>
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/pom.xml b/services/sts/pom.xml
index 98d012f..7bb03b7 100644
--- a/services/sts/pom.xml
+++ b/services/sts/pom.xml
@@ -201,6 +201,8 @@
                             <keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore>
                             <password>jettypw</password>
                             <keyPassword>jettypw</keyPassword>
+                            <truststore>${project.build.directory}/test-classes/jetty-ssl.keystore</truststore>
+                            <trustPassword>jettypw</trustPassword>
                             <wantClientAuth>true</wantClientAuth>
                         </connector>
                     </connectors>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
----------------------------------------------------------------------
diff --git a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
index c8187d4..9840239 100644
--- a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
+++ b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
@@ -754,8 +754,10 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken RequireClientCertificate="false">
-                            <wsp:Policy/>
+                        <sp:HttpsToken>
+                            <wsp:Policy>
+                                <sp:RequireClientCertificate />
+                            </wsp:Policy>
                         </sp:HttpsToken>
                      </wsp:Policy>
                   </sp:TransportToken>
@@ -802,7 +804,7 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken RequireClientCertificate="false">
+                        <sp:HttpsToken>
                             <wsp:Policy/>
                         </sp:HttpsToken>
                      </wsp:Policy>
@@ -861,7 +863,7 @@
                <wsp:Policy>
                   <sp:TransportToken>
                      <wsp:Policy>
-                        <sp:HttpsToken RequireClientCertificate="false">
+                        <sp:HttpsToken>
                             <wsp:Policy/>
                         </sp:HttpsToken>
                      </wsp:Policy>
@@ -921,7 +923,7 @@
 					<wsp:Policy>
 						<sp:TransportToken>
 							<wsp:Policy>
-								<sp:HttpsToken RequireClientCertificate="false">
+								<sp:HttpsToken>
 									<wsp:Policy/>
 								</sp:HttpsToken>
 							</wsp:Policy>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
index 3b2e6f7..328fab0 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
@@ -216,7 +216,7 @@ public abstract class AbstractSTSTest {
         return writer.getDocument().getDocumentElement();
     }
 
-    protected Properties readTestProperties(Class clazz, String method) {
+    protected Properties readTestProperties(Class<?> clazz, String method) {
         Properties testProps = new Properties();
         String resourceName = "stsclient.properties";
         InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream(resourceName);

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
----------------------------------------------------------------------
diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
index 3e99672..fab0d4d 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
@@ -108,6 +108,9 @@ public class ITCrossRealmTest extends AbstractSTSTest {
             }
         }
         
+        // Need client auth for the second call
+        tlsClientParameters = initTLSClientParameters(testProps, true);
+        
         SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
                                                                SAML2_TOKEN_TYPE,
                                                                BEARER_KEYTYPE,
@@ -191,6 +194,9 @@ public class ITCrossRealmTest extends AbstractSTSTest {
             }
         }
         
+        // Need client auth for the second call
+        tlsClientParameters = initTLSClientParameters(testProps, true);
+        
         SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
                                                                SAML2_TOKEN_TYPE,
                                                                BEARER_KEYTYPE,

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/test/resources/stsclient.properties
----------------------------------------------------------------------
diff --git a/services/sts/src/test/resources/stsclient.properties b/services/sts/src/test/resources/stsclient.properties
index b75d4d7..db45129 100644
--- a/services/sts/src/test/resources/stsclient.properties
+++ b/services/sts/src/test/resources/stsclient.properties
@@ -1,6 +1,6 @@
 sts-url=
 truststore=jetty-ssl.keystore
 truststore-pw=jettypw
-keystore=${sts-client-keystore}
-keystore-pw=${sts-client-keystore-pw}
-keystore-key-pw=${sts-client-keystore-key-pw}
+keystore=jetty-ssl.keystore
+keystore-pw=jettypw
+keystore-key-pw=jettypw

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/systests/jetty8/src/test/resources/idp-server.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/idp-server.xml b/systests/jetty8/src/test/resources/idp-server.xml
index ea7701c..1f89e96 100644
--- a/systests/jetty8/src/test/resources/idp-server.xml
+++ b/systests/jetty8/src/test/resources/idp-server.xml
@@ -24,6 +24,9 @@
              <Set name="keyStore">./target/test-classes/server.jks</Set>
              <Set name="keyStorePassword">tompass</Set>
              <Set name="keyManagerPassword">tompass</Set>
+             <Set name="trustStore">./target/test-classes/server.jks</Set>
+             <Set name="trustStorePassword">tompass</Set>
+             <Set name="wantClientAuth">true</Set>
            </New>
          </Arg>
          <Set name="port">${idp.https.port}</Set>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/systests/spring/src/test/resources/idp-server.xml
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/idp-server.xml b/systests/spring/src/test/resources/idp-server.xml
index 75ac996..9c31fd7 100644
--- a/systests/spring/src/test/resources/idp-server.xml
+++ b/systests/spring/src/test/resources/idp-server.xml
@@ -23,6 +23,9 @@
                         </Set>
                         <Set name="keyStorePassword">tompass</Set>
                         <Set name="keyManagerPassword">tompass</Set>
+                        <Set name="trustStore">./target/test-classes/server.jks</Set>
+                        <Set name="trustStorePassword">tompass</Set>
+                        <Set name="wantClientAuth">true</Set>
                     </New>
                 </Arg>
                 <Set name="port">${idp.https.port}</Set>


Mime
View raw message