Return-Path: 
 <commits-return-33913-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 9C00F11174
	for <apmail-cxf-commits-archive@www.apache.org>;
 Fri, 19 Sep 2014 16:22:04 +0000 (UTC)
Received: (qmail 93549 invoked by uid 500); 19 Sep 2014 16:22:04 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 93490 invoked by uid 500); 19 Sep 2014 16:22:04 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 93481 invoked by uid 99); 19 Sep 2014 16:22:04 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Sep 2014 16:22:04 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 06F2DA1EC77; Fri, 19 Sep 2014 16:22:04 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <39d09d79ee3f4777a36bc55bc6519e1d@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: git commit: Fixing a bug with Metadata Signature Creation + adding
 system tests for the RP
Date: Fri, 19 Sep 2014 16:22:04 +0000 (UTC)

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.1.x-fixes f74913cc6 -> f2aa4d6d9


Fixing a bug with Metadata Signature Creation + adding system tests for the RP

Conflicts:
	systests/cxf/src/test/resources/fediz_config.xml
	systests/jetty8/src/test/resources/fediz_config.xml
	systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
	systests/tomcat7/src/test/resources/fediz_config.xml


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f2aa4d6d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f2aa4d6d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f2aa4d6d

Branch: refs/heads/1.1.x-fixes
Commit: f2aa4d6d9e9f99e35334c4d6b347e4766fb4bcc6
Parents: f74913c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Sep 19 16:51:09 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Sep 19 17:21:53 2014 +0100

----------------------------------------------------------------------
 .../cxf/fediz/core/util/SignatureUtils.java     |   4 +
 .../cxf/fediz/integrationtests/TomcatTest.java  | 166 ++++++++++++++++++-
 .../tomcat7/src/test/resources/fediz_config.xml |   3 +
 3 files changed, 172 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f2aa4d6d/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index 12452f4..88def44 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -56,6 +56,10 @@ public final class SignatureUtils {
     private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
     private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
     
+    static {
+        DOC_BUILDER_FACTORY.setNamespaceAware(true);
+    }
+    
     private SignatureUtils() {
     }
     

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f2aa4d6d/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
index 8fa3a77..4db1b56 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
@@ -20,19 +20,41 @@
 package org.apache.cxf.fediz.integrationtests;
 
 
+import java.io.ByteArrayInputStream;
 import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.SSLContext;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
 
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
+import org.apache.http.util.EntityUtils;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
 
-
 public class TomcatTest extends AbstractTests {
 
     static String idpHttpsPort;
@@ -205,4 +227,146 @@ public class TomcatTest extends AbstractTests {
 
     }
     
+    @org.junit.Test
+    public void testMetadataRP() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() 
+            + "/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
+
+        CloseableHttpClient httpClient = null;
+        try {
+            KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
+            FileInputStream instream = new FileInputStream(new File("./target/test-classes/client.jks"));
+            try {
+                trustStore.load(instream, "clientpass".toCharArray());
+            } finally {
+                try {
+                    instream.close();
+                } catch (Exception ex) {
+                    ex.printStackTrace();
+                }
+            }
+
+            SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+            sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
+            sslContextBuilder.loadKeyMaterial(trustStore, "clientpass".toCharArray());
+
+            SSLContext sslContext = sslContextBuilder.build();
+            SSLConnectionSocketFactory sslSocketFactory = 
+                new SSLConnectionSocketFactory(sslContext);
+
+            HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+            httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+            httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+
+            httpClient = httpClientBuilder.build();
+
+            HttpGet httpget = new HttpGet(url);
+
+            HttpResponse response = httpClient.execute(httpget);
+            HttpEntity entity = response.getEntity();
+
+            Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+
+            String metadata = EntityUtils.toString(entity);
+            Assert.assertTrue(metadata.startsWith("<EntityDescriptor"));
+            
+            // Now validate the Signature
+            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+            dbf.setNamespaceAware(true);
+            Document doc = 
+                dbf.newDocumentBuilder().parse(new ByteArrayInputStream(metadata.getBytes()));
+            
+            doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+            
+            Node signatureNode = 
+                DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+            Assert.assertNotNull(signatureNode);
+            
+            XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+            KeyInfo ki = signature.getKeyInfo();
+            Assert.assertNotNull(ki);
+            Assert.assertNotNull(ki.getX509Certificate());
+
+            Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+        } finally {
+            // When HttpClient instance is no longer needed,
+            // shut down the connection manager to ensure
+            // immediate deallocation of all system resources
+            if (httpClient != null) {
+                httpClient.close();
+            }
+        }
+    }
+    
+    @org.junit.Test
+    public void testMetadataIdP() throws Exception {
+        String url = "https://localhost:" + getIdpHttpsPort() 
+            + "/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml";
+
+        CloseableHttpClient httpClient = null;
+        try {
+            KeyStore trustStore  = KeyStore.getInstance(KeyStore.getDefaultType());
+            FileInputStream instream = new FileInputStream(new File("./target/test-classes/client.jks"));
+            try {
+                trustStore.load(instream, "clientpass".toCharArray());
+            } finally {
+                try {
+                    instream.close();
+                } catch (Exception ex) {
+                    ex.printStackTrace();
+                }
+            }
+
+            SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+            sslContextBuilder.loadTrustMaterial(trustStore, new TrustSelfSignedStrategy());
+            sslContextBuilder.loadKeyMaterial(trustStore, "clientpass".toCharArray());
+
+            SSLContext sslContext = sslContextBuilder.build();
+            SSLConnectionSocketFactory sslSocketFactory = 
+                new SSLConnectionSocketFactory(sslContext);
+
+            HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+            httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+            httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+
+            httpClient = httpClientBuilder.build();
+
+            HttpGet httpget = new HttpGet(url);
+
+            HttpResponse response = httpClient.execute(httpget);
+            HttpEntity entity = response.getEntity();
+
+            Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+
+            String metadata = EntityUtils.toString(entity);
+            Assert.assertTrue(metadata.startsWith("<EntityDescriptor"));
+            
+            // Now validate the Signature
+            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+            dbf.setNamespaceAware(true);
+            Document doc = 
+                dbf.newDocumentBuilder().parse(new ByteArrayInputStream(metadata.getBytes()));
+            
+            doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+            
+            Node signatureNode = 
+                DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+            Assert.assertNotNull(signatureNode);
+            
+            XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+            KeyInfo ki = signature.getKeyInfo();
+            Assert.assertNotNull(ki);
+            Assert.assertNotNull(ki.getX509Certificate());
+
+            Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+        } finally {
+            // When HttpClient instance is no longer needed,
+            // shut down the connection manager to ensure
+            // immediate deallocation of all system resources
+            if (httpClient != null) {
+                httpClient.close();
+            }
+        }
+    }
+    
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f2aa4d6d/systests/tomcat7/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/fediz_config.xml b/systests/tomcat7/src/test/resources/fediz_config.xml
index 9aa6c01..2c17f47 100644
--- a/systests/tomcat7/src/test/resources/fediz_config.xml
+++ b/systests/tomcat7/src/test/resources/fediz_config.xml
@@ -17,6 +17,9 @@
 			<issuer certificateValidation="PeerTrust" />
 		</trustedIssuers>
 		<maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="test-classes/server.jks" password="tompass" type="JKS" />
+        </signingKey>
 		<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 			xsi:type="federationProtocolType" version="1.0.0">
                         <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>