cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject cxf-fediz git commit: Adding a negative HOK system test
Date Thu, 23 Apr 2015 14:25:31 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master fd614ac31 -> bd0fc123e


Adding a negative HOK system test


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/bd0fc123
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/bd0fc123
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/bd0fc123

Branch: refs/heads/master
Commit: bd0fc123eeb4104929d02c851cb271a8d7ae2988
Parents: fd614ac
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Apr 23 15:25:19 2015 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Apr 23 15:25:19 2015 +0100

----------------------------------------------------------------------
 .../integrationtests/ClientCertificateTest.java | 75 +++++++++++++++++++-
 .../src/test/resources/fediz_config.xml         |  2 +-
 2 files changed, 74 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bd0fc123/systests/clientcert/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
----------------------------------------------------------------------
diff --git a/systests/clientcert/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
b/systests/clientcert/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
index 3e60d99..208153a 100644
--- a/systests/clientcert/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
+++ b/systests/clientcert/src/test/java/org/apache/cxf/fediz/integrationtests/ClientCertificateTest.java
@@ -20,13 +20,20 @@
 package org.apache.cxf.fediz.integrationtests;
 
 import java.io.File;
+import java.net.URL;
+import java.util.ArrayList;
 
+import com.gargoylesoftware.htmlunit.CookieManager;
+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.HttpMethod;
 import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.WebRequest;
 import com.gargoylesoftware.htmlunit.html.DomElement;
 import com.gargoylesoftware.htmlunit.html.DomNodeList;
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+import com.gargoylesoftware.htmlunit.util.NameValuePair;
 
 import org.apache.catalina.Context;
 import org.apache.catalina.LifecycleState;
@@ -90,7 +97,7 @@ public class ClientCertificateTest {
             httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
             httpsConnector.setAttribute("truststorePass", "tompass");
             httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("clientAuth", "want");
+            httpsConnector.setAttribute("clientAuth", "true");
             httpsConnector.setAttribute("sslProtocol", "TLS");
             httpsConnector.setAttribute("SSLEnabled", true);
 
@@ -125,7 +132,7 @@ public class ClientCertificateTest {
             httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
             httpsConnector.setAttribute("truststorePass", "tompass");
             httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
-            httpsConnector.setAttribute("clientAuth", "want");
+            httpsConnector.setAttribute("clientAuth", "true");
             httpsConnector.setAttribute("sslProtocol", "TLS");
             httpsConnector.setAttribute("SSLEnabled", true);
 
@@ -239,4 +246,68 @@ public class ClientCertificateTest {
                           bodyTextContent.contains(claim + "=alice@realma.org"));
     }
     
+    @org.junit.Test
+    public void testDifferentClientCertificate() throws Exception {
+        // Get the initial wresult from the IdP
+        String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+        
+        CookieManager cookieManager = new CookieManager();
+        final WebClient webClient = new WebClient();
+        webClient.setCookieManager(cookieManager);
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setSSLClientCertificate(
+            this.getClass().getClassLoader().getResource("alice_client.jks"), "storepass",
"jks");
+
+        webClient.getOptions().setJavaScriptEnabled(false);
+        final HtmlPage idpPage = webClient.getPage(url);
+        webClient.getOptions().setJavaScriptEnabled(true);
+        Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+        // Test the Subject Confirmation method here
+        DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
+
+        String wresult = null;
+        String wa = "wsignin1.0";
+        String wctx = null;
+        String wtrealm = null;
+        for (DomElement result : results) {
+            if ("wresult".equals(result.getAttributeNS(null, "name"))) {
+                wresult = result.getAttributeNS(null, "value");
+            } else if ("wctx".equals(result.getAttributeNS(null, "name"))) {
+                wctx = result.getAttributeNS(null, "value");
+            } else if ("wtrealm".equals(result.getAttributeNS(null, "name"))) {
+                wtrealm = result.getAttributeNS(null, "value");
+            }
+        }
+        Assert.assertTrue(wctx != null && wtrealm != null);
+        Assert.assertTrue(wresult != null 
+            && wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"));
+        
+        // Now invoke on the RP using the saved parameters above, but a different client
cert!
+        final WebClient webClient2 = new WebClient();
+        webClient2.setCookieManager(cookieManager);
+        webClient2.getOptions().setUseInsecureSSL(true);
+        webClient2.getOptions().setSSLClientCertificate(
+            this.getClass().getClassLoader().getResource("server.jks"), "tompass", "jks");
+        
+        WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
+
+        request.setRequestParameters(new ArrayList<NameValuePair>());
+        request.getRequestParameters().add(new NameValuePair("wctx", wctx));
+        request.getRequestParameters().add(new NameValuePair("wa", wa));
+        request.getRequestParameters().add(new NameValuePair("wtrealm", wtrealm));
+        request.getRequestParameters().add(new NameValuePair("wresult", wresult));
+
+        try {
+            webClient2.getPage(request);
+            Assert.fail("Exception expected");
+        } catch (FailingHttpStatusCodeException ex) {
+            // expected
+            Assert.assertTrue(ex.getMessage().contains("401 Unauthorized")
+                              || ex.getMessage().contains("401 Authentication Failed")
+                              || ex.getMessage().contains("403 Forbidden"));
+        }
+
+    }
+
 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/bd0fc123/systests/clientcert/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/clientcert/src/test/resources/fediz_config.xml b/systests/clientcert/src/test/resources/fediz_config.xml
index 5add553..8399dfc 100644
--- a/systests/clientcert/src/test/resources/fediz_config.xml
+++ b/systests/clientcert/src/test/resources/fediz_config.xml
@@ -36,7 +36,7 @@
 				<claimType type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"
optional="true" />
             </claimTypesRequested>
             <authenticationType>http://docs.oasis-open.org/wsfed/authorization/200706/authntypes/Ssl</authenticationType>
-             <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
+            <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
         </protocol>
         <logoutURL>/secure/logout</logoutURL>
         <logoutRedirectTo>/index.html</logoutRedirectTo>


Mime
View raw message