cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ashaki...@apache.org
Subject cxf git commit: [CXF-6267]: Introduced interceptor used to retrieve SAML from STS
Date Thu, 16 Jul 2015 19:20:15 GMT
Repository: cxf
Updated Branches:
  refs/heads/master 3948f2f0b -> c933c0be9


[CXF-6267]: Introduced interceptor used to retrieve SAML from STS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c933c0be
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c933c0be
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c933c0be

Branch: refs/heads/master
Commit: c933c0be9254f5858102aea69d306908ce8a1f0c
Parents: 3948f2f
Author: Andrei Shakirin <andrei.shakirin@gmail.com>
Authored: Thu Jul 16 21:20:00 2015 +0200
Committer: Andrei Shakirin <andrei.shakirin@gmail.com>
Committed: Thu Jul 16 21:20:00 2015 +0200

----------------------------------------------------------------------
 .../interceptors/STSTokenOutInterceptor.java    | 177 ++++++++++
 .../stsclient/STSTokenOutInterceptorTest.java   | 329 +++++++++++++++++++
 .../sts/stsclient/STSTokenRetrieverTest.java    |   6 -
 3 files changed, 506 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
new file mode 100644
index 0000000..a735fd1
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
@@ -0,0 +1,177 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSTokenRetriever;
+import org.apache.cxf.ws.security.trust.STSTokenRetriever.TokenRequestParams;
+
+public class STSTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
+    private static final Logger LOG = LogUtils.getL7dLogger(STSTokenOutInterceptor.class);
+    private static final String TOKEN_TYPE_SAML_2_0 = 
+        "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+    private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
+    private static final String WS_TRUST_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+    private static final QName STS_SERVICE_NAME = new QName(WS_TRUST_NS, "SecurityTokenService");
+    private static final QName X509_ENDPOINT = new QName(WS_TRUST_NS, "X509_Port");
+    private static final QName TRANSPORT_ENDPOINT = new QName(WS_TRUST_NS, "Transport_Port");
+    
+    private STSClient stsClient;
+    private TokenRequestParams tokenParams;
+
+    public STSTokenOutInterceptor(AuthParams authParams, String stsWsdlLocation, Bus bus)
{
+        super(Phase.PREPARE_SEND);
+        this.stsClient = configureBasicSTSClient(authParams, stsWsdlLocation, bus);
+        this.tokenParams = new TokenRequestParams();
+    }
+
+    public STSTokenOutInterceptor(STSClient stsClient) {
+        this(Phase.PREPARE_SEND, stsClient, new TokenRequestParams());
+    }
+
+    public STSTokenOutInterceptor(STSClient stsClient, TokenRequestParams tokenParams) {
+        this(Phase.PREPARE_SEND, stsClient, tokenParams);
+    }
+
+    public STSTokenOutInterceptor(String phase, STSClient stsClient, TokenRequestParams tokenParams)
{
+        super(phase);
+        this.stsClient = stsClient;
+        this.tokenParams = tokenParams;
+    }
+
+    @Override
+    public void handleMessage(Message message) throws Fault {
+        if (stsClient != null) {
+            message.put(SecurityConstants.STS_CLIENT, stsClient);
+        }
+        SecurityToken tok = STSTokenRetriever.getToken(message, tokenParams);
+        if (tok == null) {
+            LOG.warning("Security token was not retrieved from STS");
+        }
+    }
+    
+    public STSClient getSTSClient() {
+        return stsClient;
+    }
+    
+    public static enum AuthMode {
+        X509(X509_ENDPOINT, KEY_TYPE_X509), 
+        TRANSPORT(TRANSPORT_ENDPOINT, null);
+        
+        private final QName endpointName;
+        private final String keyType;
+        
+        private AuthMode(QName endpointName, String keyType) {
+            this.endpointName = endpointName;
+            this.keyType = keyType;
+        }
+        
+        public QName getEndpointName() {
+            return endpointName;
+        }
+
+        public String getKeyType() {
+            return keyType;
+        }
+    }
+    
+    public static class AuthParams {
+        private final AuthMode authMode;
+        private final String userName;
+        private final String callbackHandler;
+        private final String alias;
+        private final String keystoreProperties;
+        
+        public AuthParams(AuthMode authMode, String userName, String callbackHandler) {
+            this(authMode, userName, callbackHandler, null, null);
+        }
+
+        public AuthParams(AuthMode authMode, String userName, String callbackHandler, String
alias,
+                          String keystoreProperties) {
+            this.authMode = authMode;
+            this.userName = userName;
+            this.callbackHandler = callbackHandler;
+            this.alias = alias;
+            this.keystoreProperties = keystoreProperties;
+        }
+        
+        public AuthMode getAuthMode() {
+            return authMode;
+        }
+        public String getUserName() {
+            return userName;
+        }
+        public String getCallbackHandler() {
+            return callbackHandler;
+        }
+        public String getAlias() {
+            return alias;
+        }
+        public String getKeystoreProperties() {
+            return keystoreProperties;
+        }
+    }
+    
+    private STSClient configureBasicSTSClient(AuthParams authParams, String stsWsdlLocation,
Bus bus) {
+        STSClient basicStsClient = new STSClient(bus);
+        basicStsClient.setWsdlLocation(stsWsdlLocation);
+        basicStsClient.setServiceName(STS_SERVICE_NAME.toString());
+        basicStsClient.setEndpointName(authParams.getAuthMode().endpointName.toString());
+        if (authParams.getAuthMode().getKeyType() != null) {
+            basicStsClient.setKeyType(authParams.getAuthMode().getKeyType());
+        } else {
+            basicStsClient.setSendKeyType(false);
+        }
+        basicStsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+        basicStsClient.setAllowRenewingAfterExpiry(true);
+        basicStsClient.setEnableLifetime(true);
+
+        Map<String, Object> props = new HashMap<String, Object>();
+        if (authParams.getUserName() != null) {
+            props.put(SecurityConstants.USERNAME, authParams.getUserName());
+        }
+        props.put(SecurityConstants.CALLBACK_HANDLER, authParams.getCallbackHandler());
+        if ((authParams.getKeystoreProperties() != null) && (authParams.getKeystoreProperties()
!= null)) {
+            props.put(SecurityConstants.ENCRYPT_USERNAME, authParams.getAlias());
+            props.put(SecurityConstants.ENCRYPT_PROPERTIES, authParams.getKeystoreProperties());
+            props.put(SecurityConstants.SIGNATURE_PROPERTIES, authParams.getKeystoreProperties());
+            props.put(SecurityConstants.STS_TOKEN_USERNAME, authParams.getAlias());
+            props.put(SecurityConstants.STS_TOKEN_PROPERTIES, authParams.getKeystoreProperties());
+            props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+        }
+        basicStsClient.setProperties(props);
+        
+        return basicStsClient;
+    }
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
new file mode 100644
index 0000000..bdafbc8
--- /dev/null
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
@@ -0,0 +1,329 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.stsclient;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.endpoint.EndpointException;
+import org.apache.cxf.endpoint.EndpointImpl;
+import org.apache.cxf.interceptor.LoggingInInterceptor;
+import org.apache.cxf.interceptor.LoggingOutInterceptor;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.ServiceImpl;
+import org.apache.cxf.service.model.BindingInfo;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.service.model.ServiceInfo;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor;
+import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthMode;
+import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthParams;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * Some tests for STSClient configuration.
+ */
+public class STSTokenOutInterceptorTest extends AbstractBusClientServerTestBase {    
+    static final String STSPORT = allocatePort(STSServer.class);
+    static final String STSPORT2 = allocatePort(STSServer.class, 2);
+   
+    private static final String STS_SERVICE_NAME = 
+        "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService";
+    private static final String TOKEN_TYPE_SAML_2_0 = 
+        "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+
+    private static final String SERVICE_ENDPOINT_ASSYMETRIC =
+        "http://localhost:8081/doubleit/services/doubleitasymmetric";
+    private static final String STS_X509_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/X509?wsdl";
+    private static final String STS_X509_ENDPOINT_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port";
+    private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
+
+    private static final String SERVICE_ENDPOINT_TRANSPORT =
+        "https://localhost:8081/doubleit/services/doubleittransportsaml1";
+    private static final String STS_TRANSPORT_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/Transport?wsdl";
+    private static final String STS_TRANSPORT_ENDPOINT_NAME = 
+        "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port";
+
+    private static final String CLIENTSTORE = "/clientstore.jks";
+    private static final String KEYSTORE_PASS = "cspass";
+    private static final String KEY_PASS = "ckpass";
+
+    @BeforeClass
+    public static void startServers() throws Exception {
+        assertTrue(
+                   "Server failed to launch",
+                   // run the server in the same process
+                   // set this to false to fork
+                   launchServer(STSServer.class, true)
+        );
+    }
+    
+    @AfterClass
+    public static void cleanup() throws Exception {
+        SecurityTestUtil.cleanup();
+        stopAllServers();
+    }
+
+    @Test
+    public void testBasicAsymmetricBinding() throws Exception {
+        Bus bus = BusFactory.getThreadDefaultBus();        
+        
+        AuthParams authParams = new AuthParams(
+                 AuthMode.X509, 
+                 null,
+                 "org.apache.cxf.systest.sts.common.CommonCallbackHandler",
+                 "mystskey",
+                 "clientKeystore.properties");
+        
+        STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(
+                 authParams,
+                 "http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE,
+                 bus);
+        
+        MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC);
+        
+        interceptor.handleMessage(message);
+        
+        SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+        validateSecurityToken(token);
+    }
+
+    @Test
+    public void testBasicTransportBinding() throws Exception {
+        // Setup HttpsURLConnection to get STS WSDL
+        configureDefaultHttpsConnection();
+        
+        Bus bus = BusFactory.getThreadDefaultBus();  
+        AuthParams authParams = new AuthParams(
+                   AuthMode.TRANSPORT, 
+                   "alice",
+                   "org.apache.cxf.systest.sts.common.CommonCallbackHandler",
+                   null,
+                   null);
+                                      
+        STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(
+                    authParams,
+                    "https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE,
+                    bus);
+        
+        TLSClientParameters tlsParams = prepareTLSParams();
+        STSClient stsClient = interceptor.getSTSClient();
+        ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams);
+        
+        MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_TRANSPORT); 
+        
+        interceptor.handleMessage(message);
+        
+        SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+        validateSecurityToken(token);
+    }
+
+    @Test
+    public void testSTSClientAsymmetricBinding() throws Exception {
+        Bus bus = BusFactory.getThreadDefaultBus();        
+        
+        STSClient stsClient = initStsClientAsymmeticBinding(bus);
+        STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(stsClient);
+        
+        MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC);
+        
+        interceptor.handleMessage(message);
+        
+        SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+        validateSecurityToken(token);
+    }
+
+    @Test
+    public void testSTSClientTransportBinding() throws Exception {
+        // Setup HttpsURLConnection to get STS WSDL
+        configureDefaultHttpsConnection();
+        
+        Bus bus = BusFactory.getThreadDefaultBus();  
+        STSClient stsClient = initStsClientTransportBinding(bus);
+                                      
+        STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(stsClient);
+        
+        TLSClientParameters tlsParams = prepareTLSParams();
+        ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams);
+        
+        MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_TRANSPORT); 
+        
+        interceptor.handleMessage(message);
+        
+        SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+        validateSecurityToken(token);
+    }
+
+    private STSClient initStsClientAsymmeticBinding(Bus bus) {
+        bus.getInInterceptors().add(new LoggingOutInterceptor());
+        bus.getOutInterceptors().add(new LoggingInInterceptor());
+        bus.getOutFaultInterceptors().add(new LoggingInInterceptor());
+
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setWsdlLocation("http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE);
+        stsClient.setServiceName(STS_SERVICE_NAME);
+        stsClient.setEndpointName(STS_X509_ENDPOINT_NAME);
+        stsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+        stsClient.setKeyType(KEY_TYPE_X509);
+        stsClient.setAllowRenewingAfterExpiry(true);
+        stsClient.setEnableLifetime(true);
+
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
+        props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+        props.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
+        props.put(SecurityConstants.SIGNATURE_PROPERTIES, "clientKeystore.properties");
+        props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey");
+        props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
+        props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+        stsClient.setProperties(props);
+        return stsClient;
+    }
+
+    private STSClient initStsClientTransportBinding(Bus bus) {
+        bus.getInInterceptors().add(new LoggingOutInterceptor());
+        bus.getOutInterceptors().add(new LoggingInInterceptor());
+        bus.getOutFaultInterceptors().add(new LoggingInInterceptor());
+
+        STSClient stsClient = new STSClient(bus);
+        stsClient.setWsdlLocation("https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE);
+        stsClient.setServiceName(STS_SERVICE_NAME);
+        stsClient.setEndpointName(STS_TRANSPORT_ENDPOINT_NAME);
+        stsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+        stsClient.setAllowRenewingAfterExpiry(true);
+        stsClient.setEnableLifetime(true);
+
+        Map<String, Object> props = new HashMap<String, Object>();
+        props.put(SecurityConstants.USERNAME, "alice");
+        props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
+        stsClient.setProperties(props);
+        return stsClient;
+    }
+
+    private MessageImpl prepareMessage(Bus bus, STSClient stsClient, String serviceAddress)
throws EndpointException {
+        MessageImpl message = new MessageImpl();
+        message.put(SecurityConstants.STS_CLIENT, stsClient);
+        message.put(Message.ENDPOINT_ADDRESS, serviceAddress);
+        
+        Exchange exchange = new ExchangeImpl();
+        ServiceInfo si = new ServiceInfo();
+        Service s = new ServiceImpl(si);
+        EndpointInfo ei = new EndpointInfo();
+        Endpoint ep = new EndpointImpl(bus, s, ei);
+        ei.setBinding(new BindingInfo(si, null));
+        message.setExchange(exchange);
+        exchange.put(Endpoint.class, ep);
+        return message;
+    }
+
+    private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException,
+        CertificateException, IOException, KeyManagementException {
+        // For localhost testing only
+        javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier()
{
+
+            public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
+                return "localhost".equals(hostname);
+            }
+        });
+
+        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory
+            .getDefaultAlgorithm());
+        KeyStore keyStore = loadClientKeystore();
+        trustManagerFactory.init(keyStore);
+        TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+        SSLContext sc = SSLContext.getInstance("SSL");
+        sc.init(null, trustManagers, new java.security.SecureRandom());
+        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+    }
+
+    private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException,
+        NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+        TLSClientParameters tlsParams = new TLSClientParameters();
+        tlsParams.setDisableCNCheck(true);
+        KeyStore trustStore = loadClientKeystore();
+
+        TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory
+            .getDefaultAlgorithm());
+        trustFactory.init(trustStore);
+        TrustManager[] tm = trustFactory.getTrustManagers();
+        tlsParams.setTrustManagers(tm);
+
+        KeyStore keyStore = loadClientKeystore();
+        KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+        keyFactory.init(keyStore, KEY_PASS.toCharArray());
+        KeyManager[] km = keyFactory.getKeyManagers();
+        tlsParams.setKeyManagers(km);
+        return tlsParams;
+    }
+
+    private KeyStore loadClientKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException,
+        CertificateException {
+        KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+        InputStream keystoreStream = STSTokenOutInterceptorTest.class.getResourceAsStream(CLIENTSTORE);
+        try {
+            keystore.load(keystoreStream, KEYSTORE_PASS.toCharArray());
+        } finally {
+            keystoreStream.close();
+        }
+        return keystore;
+    }
+
+    private void validateSecurityToken(SecurityToken token) {
+        Assert.assertNotNull(token);
+        Assert.assertEquals(TOKEN_TYPE_SAML_2_0, token.getTokenType());
+        Assert.assertNotNull(token.getId());
+        Assert.assertTrue(token.getExpires().after(new Date()));
+        Assert.assertEquals("Assertion", token.getToken().getLocalName());
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
index 0f924c1..ca14481 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
@@ -157,7 +157,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase
{
         stsClient.setEnableLifetime(true);
 
         Map<String, Object> props = new HashMap<String, Object>();
-        props.put(SecurityConstants.USERNAME, "alice");
         props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
         props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
         props.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
@@ -165,7 +164,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase
{
         props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey");
         props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
         props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-        props.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
         stsClient.setProperties(props);
         return stsClient;
     }
@@ -186,10 +184,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase
{
         Map<String, Object> props = new HashMap<String, Object>();
         props.put(SecurityConstants.USERNAME, "alice");
         props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
-        props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey");
-        props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
-        props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
-        props.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
         stsClient.setProperties(props);
         return stsClient;
     }


Mime
View raw message