cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject git commit: Some reshuffling of keys + adding a test for the PublicKey KeyType
Date Tue, 14 Oct 2014 11:23:09 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 9c84e0aab -> 120c1cd7b


Some reshuffling of keys + adding a test for the PublicKey KeyType


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/120c1cd7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/120c1cd7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/120c1cd7

Branch: refs/heads/master
Commit: 120c1cd7bca77f55e313ccbcf2387ad846e201ac
Parents: 9c84e0a
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Oct 14 12:22:43 2014 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Oct 14 12:22:43 2014 +0100

----------------------------------------------------------------------
 .../federation/FederationTest.java              |  55 -----
 systests/cxf/src/test/resources/client.jks      | Bin 1359 -> 2060 bytes
 .../cxf/src/test/resources/clientUntrusted.jks  | Bin 2074 -> 0 bytes
 systests/cxf/src/test/resources/server.jks      | Bin 1123 -> 1863 bytes
 systests/jetty8/src/test/resources/client.jks   | Bin 1359 -> 2060 bytes
 systests/jetty8/src/test/resources/server.jks   | Bin 1123 -> 1863 bytes
 systests/spring/src/test/resources/client.jks   | Bin 1359 -> 2060 bytes
 systests/spring/src/test/resources/server.jks   | Bin 1123 -> 1863 bytes
 .../fediz/integrationtests/AbstractTests.java   |   4 +-
 .../integrationtests/HOKCallbackHandler.java    |  48 ++++
 .../fediz/integrationtests/HolderOfKeyTest.java | 233 +++++++++++++++++++
 .../cxf/fediz/integrationtests/TomcatTest.java  |  54 -----
 systests/tomcat7/src/test/resources/client.jks  | Bin 1359 -> 2060 bytes
 .../src/test/resources/clientUntrusted.jks      | Bin 2074 -> 0 bytes
 .../src/test/resources/fediz_config_hok.xml     |  39 ++++
 systests/tomcat7/src/test/resources/server.jks  | Bin 1123 -> 1863 bytes
 16 files changed, 322 insertions(+), 111 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
index 8dbbcb5..123c107 100644
--- a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
+++ b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
@@ -21,18 +21,10 @@ package org.apache.cxf.fediz.integrationtests.federation;
 
 import java.io.File;
 
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.integrationtests.AbstractTests;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -176,53 +168,6 @@ public class FederationTest extends AbstractTests {
         return rpHttpsPort;
     }
     
-    @org.junit.Test
-    public void testUserAliceClientAuth() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
-        String user = "alice";
-        String password = "ecila";
-
-        final WebClient webClient = new WebClient();
-        webClient.getOptions().setUseInsecureSSL(true);
-        webClient.getOptions().setSSLClientCertificate(
-            this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
-        webClient.getCredentialsProvider().setCredentials(
-            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
-            new UsernamePasswordCredentials(user, password));
-
-        webClient.getOptions().setJavaScriptEnabled(false);
-        final HtmlPage idpPage = webClient.getPage(url);
-        webClient.getOptions().setJavaScriptEnabled(true);
-        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
-        final HtmlForm form = idpPage.getFormByName("signinresponseform");
-        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
-        final HtmlPage rpPage = button.click();
-        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
-
-        final String bodyTextContent = rpPage.getBody().getTextContent();
-        Assert.assertTrue("Principal not " + user,
-                          bodyTextContent.contains("userPrincipal=" + user));
-        Assert.assertTrue("User " + user + " does not have role Admin",
-                          bodyTextContent.contains("role:Admin=false"));
-        Assert.assertTrue("User " + user + " does not have role Manager",
-                          bodyTextContent.contains("role:Manager=false"));
-        Assert.assertTrue("User " + user + " must have role User",
-                          bodyTextContent.contains("role:User=true"));
-        
-        String claim = ClaimTypes.FIRSTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
-                          bodyTextContent.contains(claim + "=Alice"));
-        claim = ClaimTypes.LASTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
-                          bodyTextContent.contains(claim + "=Smith"));
-        claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
-                          bodyTextContent.contains(claim + "=alice@realma.org"));
-
-    }
-
     public String getServletContextName() {
         return "fedizhelloworld";
     }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/client.jks b/systests/cxf/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/cxf/src/test/resources/client.jks and b/systests/cxf/src/test/resources/client.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/resources/clientUntrusted.jks
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/clientUntrusted.jks b/systests/cxf/src/test/resources/clientUntrusted.jks
deleted file mode 100644
index ea0bfd1..0000000
Binary files a/systests/cxf/src/test/resources/clientUntrusted.jks and /dev/null differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/server.jks b/systests/cxf/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/cxf/src/test/resources/server.jks and b/systests/cxf/src/test/resources/server.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/jetty8/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/client.jks b/systests/jetty8/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/jetty8/src/test/resources/client.jks and b/systests/jetty8/src/test/resources/client.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/jetty8/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/server.jks b/systests/jetty8/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/jetty8/src/test/resources/server.jks and b/systests/jetty8/src/test/resources/server.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/spring/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/client.jks b/systests/spring/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/spring/src/test/resources/client.jks and b/systests/spring/src/test/resources/client.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/spring/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/server.jks b/systests/spring/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/spring/src/test/resources/server.jks and b/systests/spring/src/test/resources/server.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index af799f5..53e2e79 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -309,7 +309,7 @@ public abstract class AbstractTests {
         final WebClient webClient = new WebClient();
         webClient.getOptions().setUseInsecureSSL(true);
         webClient.getOptions().setSSLClientCertificate(
-            this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
+            this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
 
         final XmlPage rpPage = webClient.getPage(url);
         final String xmlContent = rpPage.asXml();
@@ -340,7 +340,7 @@ public abstract class AbstractTests {
         final WebClient webClient = new WebClient();
         webClient.getOptions().setUseInsecureSSL(true);
         webClient.getOptions().setSSLClientCertificate(
-            this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
+            this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
 
         final XmlPage rpPage = webClient.getPage(url);
         final String xmlContent = rpPage.asXml();

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
new file mode 100644
index 0000000..e2f402c
--- /dev/null
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.WReqCallback;
+
+public class HOKCallbackHandler implements CallbackHandler {
+
+    static final String HOK_WREQ = 
+        "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+        + "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+        + "</RequestSecurityToken>";
+    
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WReqCallback) {
+                WReqCallback callback = (WReqCallback) callbacks[i];
+                callback.setWreq(HOK_WREQ);
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
new file mode 100644
index 0000000..32fbf35
--- /dev/null
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
@@ -0,0 +1,233 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.File;
+
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * A test for sending a "PublicKey" KeyType request to the IdP via the "wreq" parameter.
This
+ * will cause the IdP/STS to issue a "HolderOfKey" SAML Assertion.
+ */
+public class HolderOfKeyTest {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+    
+    private static Tomcat idpServer;
+    private static Tomcat rpServer;
+    
+    @BeforeClass
+    public static void init() {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
 
+        
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        initIdp();
+        initRp();
+    }
+    
+    private static void initIdp() {
+        try {
+            idpServer = new Tomcat();
+            idpServer.setPort(0);
+            String currentDir = new File(".").getCanonicalPath();
+            idpServer.setBaseDir(currentDir + File.separator + "target");
+            
+            idpServer.getHost().setAppBase("tomcat/idp/webapps");
+            idpServer.getHost().setAutoDeploy(true);
+            idpServer.getHost().setDeployOnStartup(true);
+            
+            Connector httpsConnector = new Connector();
+            httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+            httpsConnector.setSecure(true);
+            httpsConnector.setScheme("https");
+            //httpsConnector.setAttribute("keyAlias", keyAlias);
+            httpsConnector.setAttribute("keystorePass", "tompass");
+            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("clientAuth", "want");
+            httpsConnector.setAttribute("sslProtocol", "TLS");
+            httpsConnector.setAttribute("SSLEnabled", true);
+
+            idpServer.getService().addConnector(httpsConnector);
+            
+            idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts");
+            idpServer.addWebapp("/fediz-idp", "fediz-idp");
+            
+            idpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    private static void initRp() {
+        try {
+            rpServer = new Tomcat();
+            rpServer.setPort(0);
+            String currentDir = new File(".").getCanonicalPath();
+            rpServer.setBaseDir(currentDir + File.separator + "target");
+            
+            rpServer.getHost().setAppBase("tomcat/rp/webapps");
+            rpServer.getHost().setAutoDeploy(true);
+            rpServer.getHost().setDeployOnStartup(true);
+            
+            Connector httpsConnector = new Connector();
+            httpsConnector.setPort(Integer.parseInt(rpHttpsPort));
+            httpsConnector.setSecure(true);
+            httpsConnector.setScheme("https");
+            //httpsConnector.setAttribute("keyAlias", keyAlias);
+            httpsConnector.setAttribute("keystorePass", "tompass");
+            httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("truststorePass", "tompass");
+            httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+            httpsConnector.setAttribute("clientAuth", "want");
+            httpsConnector.setAttribute("sslProtocol", "TLS");
+            httpsConnector.setAttribute("SSLEnabled", true);
+
+            rpServer.getService().addConnector(httpsConnector);
+            
+            //Context ctx =
+            Context cxt = rpServer.addWebapp("/fedizhelloworld", "simpleWebapp");
+            FederationAuthenticator fa = new FederationAuthenticator();
+            fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+                             + "test-classes" + File.separator + "fediz_config_hok.xml");
+            cxt.getPipeline().addValve(fa);
+            
+            
+            rpServer.start();
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+    
+    @AfterClass
+    public static void cleanup() {
+        try {
+            if (idpServer.getServer() != null
+                && idpServer.getServer().getState() != LifecycleState.DESTROYED)
{
+                if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+                    idpServer.stop();
+                }
+                idpServer.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+
+        try {
+            if (rpServer.getServer() != null
+                && rpServer.getServer().getState() != LifecycleState.DESTROYED) {
+                if (rpServer.getServer().getState() != LifecycleState.STOPPED) {
+                    rpServer.stop();
+                }
+                rpServer.destroy();
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+    }
+
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+    
+    public String getServletContextName() {
+        return "fedizhelloworld";
+    }
+    
+    @org.junit.Test
+    public void testHolderOfKey() throws Exception {
+        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+        String user = "alice";
+        String password = "ecila";
+        
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setSSLClientCertificate(
+            this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
+        webClient.getCredentialsProvider().setCredentials(
+            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+            new UsernamePasswordCredentials(user, password));
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        final HtmlPage idpPage = webClient.getPage(url);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        final HtmlForm form = idpPage.getFormByName("signinresponseform");
+        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+        final HtmlPage rpPage = button.click();
+        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+        final String bodyTextContent = rpPage.getBody().getTextContent();
+        Assert.assertTrue("Principal not " + user,
+                          bodyTextContent.contains("userPrincipal=" + user));
+        Assert.assertTrue("User " + user + " does not have role Admin",
+                          bodyTextContent.contains("role:Admin=false"));
+        Assert.assertTrue("User " + user + " does not have role Manager",
+                          bodyTextContent.contains("role:Manager=false"));
+        Assert.assertTrue("User " + user + " must have role User",
+                          bodyTextContent.contains("role:User=true"));
+        
+        String claim = ClaimTypes.FIRSTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+                          bodyTextContent.contains(claim + "=Alice"));
+        claim = ClaimTypes.LASTNAME.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+                          bodyTextContent.contains(claim + "=Smith"));
+        claim = ClaimTypes.EMAILADDRESS.toString();
+        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+                          bodyTextContent.contains(claim + "=alice@realma.org"));
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
index e250877..18939f5 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
@@ -22,19 +22,11 @@ package org.apache.cxf.fediz.integrationtests;
 
 import java.io.File;
 
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.core.ClaimTypes;
 import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -186,50 +178,4 @@ public class TomcatTest extends AbstractTests {
         return "fedizhelloworld";
     }
     
-    @org.junit.Test
-    public void testUserAliceClientAuth() throws Exception {
-        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
-        String user = "alice";
-        String password = "ecila";
-
-        final WebClient webClient = new WebClient();
-        webClient.getOptions().setUseInsecureSSL(true);
-        webClient.getOptions().setSSLClientCertificate(
-            this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
-        webClient.getCredentialsProvider().setCredentials(
-            new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
-            new UsernamePasswordCredentials(user, password));
-
-        webClient.getOptions().setJavaScriptEnabled(false);
-        final HtmlPage idpPage = webClient.getPage(url);
-        webClient.getOptions().setJavaScriptEnabled(true);
-        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
-        final HtmlForm form = idpPage.getFormByName("signinresponseform");
-        final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
-        final HtmlPage rpPage = button.click();
-        Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
-
-        final String bodyTextContent = rpPage.getBody().getTextContent();
-        Assert.assertTrue("Principal not " + user,
-                          bodyTextContent.contains("userPrincipal=" + user));
-        Assert.assertTrue("User " + user + " does not have role Admin",
-                          bodyTextContent.contains("role:Admin=false"));
-        Assert.assertTrue("User " + user + " does not have role Manager",
-                          bodyTextContent.contains("role:Manager=false"));
-        Assert.assertTrue("User " + user + " must have role User",
-                          bodyTextContent.contains("role:User=true"));
-        
-        String claim = ClaimTypes.FIRSTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
-                          bodyTextContent.contains(claim + "=Alice"));
-        claim = ClaimTypes.LASTNAME.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
-                          bodyTextContent.contains(claim + "=Smith"));
-        claim = ClaimTypes.EMAILADDRESS.toString();
-        Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
-                          bodyTextContent.contains(claim + "=alice@realma.org"));
-    }
-    
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/client.jks b/systests/tomcat7/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/tomcat7/src/test/resources/client.jks and b/systests/tomcat7/src/test/resources/client.jks
differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/clientUntrusted.jks
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/clientUntrusted.jks b/systests/tomcat7/src/test/resources/clientUntrusted.jks
deleted file mode 100644
index ea0bfd1..0000000
Binary files a/systests/tomcat7/src/test/resources/clientUntrusted.jks and /dev/null differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/fediz_config_hok.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/fediz_config_hok.xml b/systests/tomcat7/src/test/resources/fediz_config_hok.xml
new file mode 100644
index 0000000..21bd594
--- /dev/null
+++ b/systests/tomcat7/src/test/resources/fediz_config_hok.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml
file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example
re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific
keystore instead. 
+-->
+<FedizConfig>
+    <contextConfig name="/fedizhelloworld">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="test-classes/ststrust.jks"
+                          password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+            <claimTypesRequested>
+                <claimType type="a particular claim type"
+                           optional="true" />
+            </claimTypesRequested>
+            <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+</FedizConfig>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/server.jks b/systests/tomcat7/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/tomcat7/src/test/resources/server.jks and b/systests/tomcat7/src/test/resources/server.jks
differ


Mime
View raw message