cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject cxf git commit: [CXF-6267]: added JUnit test for transport binding
Date Fri, 29 May 2015 16:05:05 GMT
Repository: cxf
Updated Branches:
  refs/heads/master dd12d69e3 -> f4aafc6f8


[CXF-6267]: added JUnit test for transport binding


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f4aafc6f
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f4aafc6f
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f4aafc6f

Branch: refs/heads/master
Commit: f4aafc6f8fe4e4964f6a48a50c43ceee3a171a64
Parents: dd12d69
Author: Andrei Shakirin <andrei.shakirin@gmail.com>
Authored: Fri May 29 18:04:57 2015 +0200
Committer: Andrei Shakirin <andrei.shakirin@gmail.com>
Committed: Fri May 29 18:04:57 2015 +0200

----------------------------------------------------------------------
 .../sts/stsclient/STSTokenHelperTest.java       | 191 ++++++++++++++++---
 1 file changed, 166 insertions(+), 25 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/f4aafc6f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java
index 456dc51..d349f07 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java
@@ -18,12 +18,30 @@
  */
 package org.apache.cxf.systest.sts.stsclient;
 
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Date;
 import java.util.HashMap;
 import java.util.Map;
 
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
 import org.apache.cxf.Bus;
 import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
 import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.endpoint.EndpointException;
 import org.apache.cxf.endpoint.EndpointImpl;
 import org.apache.cxf.interceptor.LoggingInInterceptor;
 import org.apache.cxf.interceptor.LoggingOutInterceptor;
@@ -39,12 +57,16 @@ import org.apache.cxf.service.model.ServiceInfo;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
 import org.apache.cxf.systest.sts.deployment.STSServer;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.transport.http.HTTPConduit;
 import org.apache.cxf.ws.security.SecurityConstants;
 import org.apache.cxf.ws.security.policy.interceptors.STSTokenHelper;
 import org.apache.cxf.ws.security.tokenstore.SecurityToken;
 import org.apache.cxf.ws.security.trust.STSClient;
+
+import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
+import org.junit.Test;
 
 /**
  * Some tests for STSClient configuration.
@@ -52,17 +74,28 @@ import org.junit.BeforeClass;
 public class STSTokenHelperTest extends AbstractBusClientServerTestBase {    
     static final String STSPORT = allocatePort(STSServer.class);
     static final String STSPORT2 = allocatePort(STSServer.class, 2);
-
-    private static final String STS_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/X509?wsdl";
+   
     private static final String STS_SERVICE_NAME = 
         "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService";
-    private static final String STS_X509_ENDPOINT_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port";
     private static final String TOKEN_TYPE_SAML_2_0 = 
         "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+
+    private static final String SERVICE_ENDPOINT_ASSYMETRIC =
+        "http://localhost:8081/doubleit/services/doubleitasymmetric";
+    private static final String STS_X509_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/X509?wsdl";
+    private static final String STS_X509_ENDPOINT_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port";
     private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
-    private static final String SERVICE_ENDPOINT_ASSYMETRIC = 
-        "http://localhost:1111/doubleit/services/doubleitasymmetric";    
-    
+
+    private static final String SERVICE_ENDPOINT_TRANSPORT =
+        "https://localhost:8081/doubleit/services/doubleittransportsaml1";
+    private static final String STS_TRANSPORT_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/Transport?wsdl";
+    private static final String STS_TRANSPORT_ENDPOINT_NAME = 
+        "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port";
+
+    private static final String CLIENTSTORE = "/clientstore.jks";
+    private static final String KEYSTORE_PASS = "cspass";
+    private static final String KEY_PASS = "ckpass";
+
     @BeforeClass
     public static void startServers() throws Exception {
         assertTrue(
@@ -73,42 +106,49 @@ public class STSTokenHelperTest extends AbstractBusClientServerTestBase
{
         );
     }
     
-    @org.junit.AfterClass
+    @AfterClass
     public static void cleanup() throws Exception {
         SecurityTestUtil.cleanup();
         stopAllServers();
     }
 
-    @org.junit.Test
-    public void testSTSAssymetric() throws Exception {
-        Bus bus = BusFactory.newInstance().createBus();        
-        STSClient stsClient = initStsClient(bus);
+    @Test
+    public void testSTSAsymmetricBinding() throws Exception {
+        Bus bus = BusFactory.getThreadDefaultBus();        
+        STSClient stsClient = initStsClientAsymmeticBinding(bus);
         
-        MessageImpl message = new MessageImpl();
-        message.put(SecurityConstants.STS_CLIENT, stsClient);
-        message.put(Message.ENDPOINT_ADDRESS, SERVICE_ENDPOINT_ASSYMETRIC);
+        MessageImpl message = prepareMessage(bus, stsClient, SERVICE_ENDPOINT_ASSYMETRIC);
+        STSTokenHelper.TokenRequestParams params = new STSTokenHelper.TokenRequestParams();
         
-        Exchange exchange = new ExchangeImpl();
-        ServiceInfo si = new ServiceInfo();
-        Service s = new ServiceImpl(si);
-        EndpointInfo ei = new EndpointInfo();
-        Endpoint ep = new EndpointImpl(bus, s, ei);
-        ei.setBinding(new BindingInfo(si, null));
-        message.setExchange(exchange);
-        exchange.put(Endpoint.class, ep);
+        SecurityToken token = STSTokenHelper.getToken(message, params);
+        validateSecurityToken(token);
+    }
+
+    @Test
+    public void testSTSTransportBinding() throws Exception {
+        // Setup HttpsURLConnection to get STS WSDL
+        configureDefaultHttpsConnection();
         
+        Bus bus = BusFactory.getThreadDefaultBus();  
+        STSClient stsClient = initStsClientTransportBinding(bus);
+        
+        TLSClientParameters tlsParams = prepareTLSParams();
+        ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams);
+        
+        MessageImpl message = prepareMessage(bus, stsClient, SERVICE_ENDPOINT_TRANSPORT);
      
         STSTokenHelper.TokenRequestParams params = new STSTokenHelper.TokenRequestParams();
+        
         SecurityToken token = STSTokenHelper.getToken(message, params);
-        Assert.assertNotNull(token);
+        validateSecurityToken(token);
     }
 
-    private STSClient initStsClient(Bus bus) {
+    private STSClient initStsClientAsymmeticBinding(Bus bus) {
         bus.getInInterceptors().add(new LoggingOutInterceptor());
         bus.getOutInterceptors().add(new LoggingInInterceptor());
         bus.getOutFaultInterceptors().add(new LoggingInInterceptor());
 
         STSClient stsClient = new STSClient(bus);
-        stsClient.setWsdlLocation("http://localhost:" + STSPORT2 + STS_WSDL_LOCATION_RELATIVE);
+        stsClient.setWsdlLocation("http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE);
         stsClient.setServiceName(STS_SERVICE_NAME);
         stsClient.setEndpointName(STS_X509_ENDPOINT_NAME);
         stsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
@@ -129,4 +169,105 @@ public class STSTokenHelperTest extends AbstractBusClientServerTestBase
{
         stsClient.setProperties(props);
         return stsClient;
     }
+
+    private STSClient initStsClientTransportBinding(Bus bus) {
+        bus.getInInterceptors().add(new LoggingOutInterceptor());
+        bus.getOutInterceptors().add(new LoggingInInterceptor());
+        bus.getOutFaultInterceptors().add(new LoggingInInterceptor());
+
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setWsdlLocation("https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE);
+        stsClient.setServiceName(STS_SERVICE_NAME);
+        stsClient.setEndpointName(STS_TRANSPORT_ENDPOINT_NAME);
+        stsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+        stsClient.setAllowRenewingAfterExpiry(true);
+        stsClient.setEnableLifetime(true);
+
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(SecurityConstants.USERNAME, "alice");
+        props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
+        props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey");
+        props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
+        props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+        props.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
+        stsClient.setProperties(props);
+        return stsClient;
+    }
+
+    private MessageImpl prepareMessage(Bus bus, STSClient stsClient, String serviceAddress)
throws EndpointException {
+        MessageImpl message = new MessageImpl();
+        message.put(SecurityConstants.STS_CLIENT, stsClient);
+        message.put(Message.ENDPOINT_ADDRESS, serviceAddress);
+        
+        Exchange exchange = new ExchangeImpl();
+        ServiceInfo si = new ServiceInfo();
+        Service s = new ServiceImpl(si);
+        EndpointInfo ei = new EndpointInfo();
+        Endpoint ep = new EndpointImpl(bus, s, ei);
+        ei.setBinding(new BindingInfo(si, null));
+        message.setExchange(exchange);
+        exchange.put(Endpoint.class, ep);
+        return message;
+    }
+
+    private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException,
+        CertificateException, IOException, KeyManagementException {
+        // For localhost testing only
+        javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier()
{
+
+            public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
+                return "localhost".equals(hostname);
+            }
+        });
+
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory
+            .getDefaultAlgorithm());
+        KeyStore keyStore = loadClientKeystore();
+        trustManagerFactory.init(keyStore);
+        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, trustManagers, new java.security.SecureRandom());
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+    }
+
+    private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException,
+        NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+        TLSClientParameters tlsParams = new TLSClientParameters();
+        tlsParams.setDisableCNCheck(true);
+        KeyStore trustStore = loadClientKeystore();
+
+        TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory
+            .getDefaultAlgorithm());
+        trustFactory.init(trustStore);
+        TrustManager[] tm = trustFactory.getTrustManagers();
+        tlsParams.setTrustManagers(tm);
+
+        KeyStore keyStore = loadClientKeystore();
+        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        keyFactory.init(keyStore, KEY_PASS.toCharArray());
+        KeyManager[] km = keyFactory.getKeyManagers();
+        tlsParams.setKeyManagers(km);
+        return tlsParams;
+    }
+
+    private KeyStore loadClientKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException,
+        CertificateException {
+        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+        InputStream keystoreStream = STSTokenHelperTest.class.getResourceAsStream(CLIENTSTORE);
+        try {
+            keystore.load(keystoreStream, KEYSTORE_PASS.toCharArray());
+        } finally {
+            keystoreStream.close();
+        }
+        return keystore;
+    }
+
+    private void validateSecurityToken(SecurityToken token) {
+        Assert.assertNotNull(token);
+        Assert.assertEquals(TOKEN_TYPE_SAML_2_0, token.getTokenType());
+        Assert.assertNotNull(token.getId());
+        Assert.assertTrue(token.getExpires().after(new Date()));
+        Assert.assertEquals("Assertion", token.getToken().getLocalName());
+    }
+
 }


Mime
View raw message