cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [2/2] cxf-fediz git commit: Adding Jetty ClientCertificate tests
Date Thu, 23 Apr 2015 16:01:53 GMT
Adding Jetty ClientCertificate tests


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/9ca20024
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/9ca20024
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/9ca20024

Branch: refs/heads/master
Commit: 9ca20024cf317396c3a44a50dfa83d3bc05dca41
Parents: 6415da2
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Apr 23 16:55:07 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Apr 23 17:01:46 2015 +0100

----------------------------------------------------------------------
 systests/jetty8/pom.xml                         |   8 +-
 .../ClientCertificatePreAuthSpringTest.java     |  79 ++++++++++++++++++
 .../integrationtests/ClientCertificateTest.java |  79 ++++++++++++++++++
 .../integrationtests/HOKCallbackHandler.java    |  48 +++++++++++
 .../cxf/fediz/integrationtests/JettyUtils.java  |   6 +-
 .../jetty8/src/test/resources/alice_client.jks  | Bin 0 -> 1277 bytes
 .../test/resources/fediz_config_client_cert.xml |  44 ++++++++++
 .../test/resources/rp-client-cert-server.xml    |  81 +++++++++++++++++++
 systests/jetty8/src/test/resources/server.jks   | Bin 1863 -> 2701 bytes
 9 files changed, 340 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/pom.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/pom.xml b/systests/jetty8/pom.xml
index 55fa4c8..305fa70 100644
--- a/systests/jetty8/pom.xml
+++ b/systests/jetty8/pom.xml
@@ -101,8 +101,8 @@
                 <filtering>true</filtering>
                 <includes>
                     <include>**/idp-server.xml</include>
-                    <include>**/rp-server.xml</include>
-                    <include>**/fediz_config.xml</include>
+                    <include>**/rp-*server.xml</include>
+                    <include>**/fediz_config*.xml</include>
                 </includes>
             </testResource>
             <testResource>
@@ -110,8 +110,8 @@
                 <filtering>false</filtering>
                 <excludes>
                     <exclude>**/idp-server.xml</exclude>
-                    <exclude>**/rp-server.xml</exclude>
-                    <exclude>**/fediz_config.xml</exclude>
+                    <exclude>**/rp-*server.xml</exclude>
+                    <exclude>**/fediz_config*.xml</exclude>
                 </excludes>
             </testResource>
         </testResources>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
new file mode 100644
index 0000000..0542bd1
--- /dev/null
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificatePreAuthSpringTest.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * In this test-case, the IdP is set up to require client authentication, rather than authenticating
using a
+ * username + password, or via Kerberos.
+ */
+public class ClientCertificatePreAuthSpringTest extends AbstractClientCertTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+    
+    @BeforeClass
+    public static void init() {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        JettyUtils.initIdpServer();
+        JettyUtils.startIdpServer();
+        JettyUtils.initRpServer("rp-client-cert-server.xml");
+        JettyUtils.startRpServer();
+    }
+    
+    @AfterClass
+    public static void cleanup() {
+        JettyUtils.stopIdpServer();
+        JettyUtils.stopRpServer();
+    }
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+    
+    @Override
+    public String getServletContextName() {
+        return "fedizspringhelloworld";
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
new file mode 100644
index 0000000..8e7d734
--- /dev/null
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
@@ -0,0 +1,79 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * In this test-case, the IdP is set up to require client authentication, rather than authenticating
using a
+ * username + password, or via Kerberos.
+ */
+public class ClientCertificateTest extends AbstractClientCertTests {
+
+    static String idpHttpsPort;
+    static String rpHttpsPort;
+    
+    @BeforeClass
+    public static void init() {
+        System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+        System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+        System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz",
"info");
+        System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+        idpHttpsPort = System.getProperty("idp.https.port");
+        Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+        rpHttpsPort = System.getProperty("rp.https.port");
+        Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+        JettyUtils.initIdpServer();
+        JettyUtils.startIdpServer();
+        JettyUtils.initRpServer("rp-client-cert-server.xml");
+        JettyUtils.startRpServer();
+    }
+    
+    @AfterClass
+    public static void cleanup() {
+        JettyUtils.stopIdpServer();
+        JettyUtils.stopRpServer();
+    }
+
+    @Override
+    public String getIdpHttpsPort() {
+        return idpHttpsPort;
+    }
+
+    @Override
+    public String getRpHttpsPort() {
+        return rpHttpsPort;
+    }
+    
+    @Override
+    public String getServletContextName() {
+        return "fedizhelloworld";
+    }
+    
+}

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
new file mode 100644
index 0000000..e2f402c
--- /dev/null
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.WReqCallback;
+
+public class HOKCallbackHandler implements CallbackHandler {
+
+    static final String HOK_WREQ = 
+        "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+        + "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+        + "</RequestSecurityToken>";
+    
+    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException
{
+        for (int i = 0; i < callbacks.length; i++) {
+            if (callbacks[i] instanceof WReqCallback) {
+                WReqCallback callback = (WReqCallback) callbacks[i];
+                callback.setWreq(HOK_WREQ);
+            } else {
+                throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+            }
+        }
+    }
+
+}
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
index 603fedc..fb6859d 100644
--- a/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
+++ b/systests/jetty8/src/test/java/org/apache/cxf/fediz/integrationtests/JettyUtils.java
@@ -67,9 +67,13 @@ public final class JettyUtils {
     }
     
     public static void initRpServer() {
+        initRpServer("rp-server.xml");
+    }
+    
+    public static void initRpServer(String configurationFile) {
         if (rpServer == null) {
             try {
-                Resource testServerConfig = Resource.newSystemResource("rp-server.xml");
+                Resource testServerConfig = Resource.newSystemResource(configurationFile);
                 XmlConfiguration configuration = new XmlConfiguration(testServerConfig.getInputStream());
                 rpServer = (Server)configuration.configure();   
                 

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/alice_client.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/alice_client.jks b/systests/jetty8/src/test/resources/alice_client.jks
new file mode 100644
index 0000000..5e1bdd2
Binary files /dev/null and b/systests/jetty8/src/test/resources/alice_client.jks differ

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/fediz_config_client_cert.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/fediz_config_client_cert.xml b/systests/jetty8/src/test/resources/fediz_config_client_cert.xml
new file mode 100644
index 0000000..d0605b8
--- /dev/null
+++ b/systests/jetty8/src/test/resources/fediz_config_client_cert.xml
@@ -0,0 +1,44 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml
file. 
+     Keystore referenced below must have IDP STS' public cert included in it.  This example
re-uses the Tomcat SSL 
+     keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific
keystore instead. 
+-->
+<FedizConfig>
+    <contextConfig name="/fedizhelloworld">
+        <audienceUris>
+            <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+        </audienceUris>
+        <certificateStores>
+            <trustManager>
+                <keyStore file="ststrust.jks" password="storepass" type="JKS" />
+            </trustManager>
+        </certificateStores>
+        <trustedIssuers>
+            <issuer certificateValidation="PeerTrust" />
+        </trustedIssuers>
+        <maximumClockSkew>1000</maximumClockSkew>
+        <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+            <keyStore file="test-classes/server.jks" password="tompass" type="JKS" />
+        </signingKey>
+        <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+            xsi:type="federationProtocolType" version="1.0.0">
+            <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+            <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+            <roleDelimiter>,</roleDelimiter>
+            <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+            <freshness>10</freshness>
+            <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+            <claimTypesRequested>
+                <claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role"
optional="false" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"
optional="true" />
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" optional="true"
/>
+				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
+            </claimTypesRequested>
+            <authenticationType>http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl</authenticationType>
+            <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
+        </protocol>
+        <logoutURL>/secure/logout</logoutURL>
+        <logoutRedirectTo>/index.html</logoutRedirectTo>
+    </contextConfig>
+</FedizConfig>
+

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/rp-client-cert-server.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/rp-client-cert-server.xml b/systests/jetty8/src/test/resources/rp-client-cert-server.xml
new file mode 100644
index 0000000..187d4cb
--- /dev/null
+++ b/systests/jetty8/src/test/resources/rp-client-cert-server.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure.dtd">
+ 
+<Configure id="RPServer" class="org.eclipse.jetty.server.Server">
+ 
+    <Call class="org.eclipse.jetty.util.log.Log" name="getRootLogger">
+        <Call name="setDebugEnabled">
+            <Arg type="boolean">true</Arg>
+        </Call>
+    </Call>
+
+    <Call name="addConnector">
+        <Arg>
+            <New
+                class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
+                <Arg>
+                    <New class="org.eclipse.jetty.http.ssl.SslContextFactory">
+                        <Set name="keyStore">./target/test-classes/server.jks
+                        </Set>
+                        <Set name="keyStorePassword">tompass</Set>
+                        <Set name="keyManagerPassword">tompass</Set>
+                        <Set name="trustStore">./target/test-classes/server.jks</Set>
+                        <Set name="trustStorePassword">tompass</Set>
+                        <Set name="wantClientAuth">true</Set>
+                    </New>
+                </Arg>
+                <Set name="port">${rp.https.port}</Set>
+                <Set name="maxIdleTime">30000</Set>
+            </New>
+        </Arg>
+    </Call>
+
+    <Set name="handler">
+      <New class="org.eclipse.jetty.server.handler.HandlerList">
+        <Set name="handlers">
+          <Array type="org.eclipse.jetty.server.Handler">
+            <Item>
+              <New class="org.eclipse.jetty.webapp.WebAppContext">
+                <Set name="contextPath">/fedizhelloworld</Set>
+                <Set name="war">./target/rp/fediz-systests-webapps-simple.war</Set>
+                <!--Set name="war">./target/jetty/rp/webapps/simpleWebapp</Set>-->
+                <Set name="throwUnavailableOnStartupException">true</Set>
+	             
+                <Get name="securityHandler">
+                  <Set name="authenticator">
+                    <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
+                      <Set name="configFile">./target/test-classes/fediz_config_client_cert.xml</Set>
+                    </New>
+                  </Set>
+                </Get>
+              </New>
+            </Item>
+            <Item>
+              <New class="org.eclipse.jetty.webapp.WebAppContext">
+                <Set name="contextPath">/fedizspringhelloworld</Set>
+                <Set name="war">./target/rp/fediz-systests-webapps-springPreauth.war</Set>
+                <Set name="throwUnavailableOnStartupException">true</Set>
+	             
+                <Get name="securityHandler">
+                  <Set name="authenticator">
+                    <New class="org.apache.cxf.fediz.jetty.FederationAuthenticator">
+                      <Set name="configFile">./target/test-classes/fediz_config_client_cert.xml</Set>
+                    </New>
+                  </Set>
+                </Get>
+              </New>
+            </Item>		
+          </Array>
+        </Set>
+      </New>
+    </Set>
+
+    <Call name="addBean">
+        <Arg>
+            <New class="org.apache.cxf.fediz.jetty.FederationLoginService">
+                <Set name="name">WSFED</Set>
+            </New>
+        </Arg>
+    </Call>
+
+</Configure>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/9ca20024/systests/jetty8/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/server.jks b/systests/jetty8/src/test/resources/server.jks
index 2f0fdf3..a292ec9 100644
Binary files a/systests/jetty8/src/test/resources/server.jks and b/systests/jetty8/src/test/resources/server.jks
differ


Mime
View raw message