Return-Path: X-Original-To: apmail-cxf-commits-archive@www.apache.org Delivered-To: apmail-cxf-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 339B618F7B for ; Thu, 16 Jul 2015 19:20:16 +0000 (UTC) Received: (qmail 89511 invoked by uid 500); 16 Jul 2015 19:20:16 -0000 Delivered-To: apmail-cxf-commits-archive@cxf.apache.org Received: (qmail 89444 invoked by uid 500); 16 Jul 2015 19:20:16 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 89435 invoked by uid 99); 16 Jul 2015 19:20:16 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 16 Jul 2015 19:20:16 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D449AE3CA8; Thu, 16 Jul 2015 19:20:15 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: ashakirin@apache.org To: commits@cxf.apache.org Message-Id: <541f576bc8c84e81b6da68aacdbbfa8e@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: cxf git commit: [CXF-6267]: Introduced interceptor used to retrieve SAML from STS Date: Thu, 16 Jul 2015 19:20:15 +0000 (UTC) Repository: cxf Updated Branches: refs/heads/master 3948f2f0b -> c933c0be9 [CXF-6267]: Introduced interceptor used to retrieve SAML from STS Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c933c0be Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c933c0be Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c933c0be Branch: refs/heads/master Commit: c933c0be9254f5858102aea69d306908ce8a1f0c Parents: 3948f2f Author: Andrei Shakirin Authored: Thu Jul 16 21:20:00 2015 +0200 Committer: Andrei Shakirin Committed: Thu Jul 16 21:20:00 2015 +0200 ---------------------------------------------------------------------- .../interceptors/STSTokenOutInterceptor.java | 177 ++++++++++ .../stsclient/STSTokenOutInterceptorTest.java | 329 +++++++++++++++++++ .../sts/stsclient/STSTokenRetrieverTest.java | 6 - 3 files changed, 506 insertions(+), 6 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java ---------------------------------------------------------------------- diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java new file mode 100644 index 0000000..a735fd1 --- /dev/null +++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java @@ -0,0 +1,177 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.ws.security.policy.interceptors; + +import java.util.HashMap; +import java.util.Map; +import java.util.logging.Logger; + +import javax.xml.namespace.QName; + +import org.apache.cxf.Bus; +import org.apache.cxf.common.logging.LogUtils; +import org.apache.cxf.interceptor.Fault; +import org.apache.cxf.message.Message; +import org.apache.cxf.phase.AbstractPhaseInterceptor; +import org.apache.cxf.phase.Phase; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.trust.STSClient; +import org.apache.cxf.ws.security.trust.STSTokenRetriever; +import org.apache.cxf.ws.security.trust.STSTokenRetriever.TokenRequestParams; + +public class STSTokenOutInterceptor extends AbstractPhaseInterceptor { + private static final Logger LOG = LogUtils.getL7dLogger(STSTokenOutInterceptor.class); + private static final String TOKEN_TYPE_SAML_2_0 = + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; + private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"; + private static final String WS_TRUST_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + private static final QName STS_SERVICE_NAME = new QName(WS_TRUST_NS, "SecurityTokenService"); + private static final QName X509_ENDPOINT = new QName(WS_TRUST_NS, "X509_Port"); + private static final QName TRANSPORT_ENDPOINT = new QName(WS_TRUST_NS, "Transport_Port"); + + private STSClient stsClient; + private TokenRequestParams tokenParams; + + public STSTokenOutInterceptor(AuthParams authParams, String stsWsdlLocation, Bus bus) { + super(Phase.PREPARE_SEND); + this.stsClient = configureBasicSTSClient(authParams, stsWsdlLocation, bus); + this.tokenParams = new TokenRequestParams(); + } + + public STSTokenOutInterceptor(STSClient stsClient) { + this(Phase.PREPARE_SEND, stsClient, new TokenRequestParams()); + } + + public STSTokenOutInterceptor(STSClient stsClient, TokenRequestParams tokenParams) { + this(Phase.PREPARE_SEND, stsClient, tokenParams); + } + + public STSTokenOutInterceptor(String phase, STSClient stsClient, TokenRequestParams tokenParams) { + super(phase); + this.stsClient = stsClient; + this.tokenParams = tokenParams; + } + + @Override + public void handleMessage(Message message) throws Fault { + if (stsClient != null) { + message.put(SecurityConstants.STS_CLIENT, stsClient); + } + SecurityToken tok = STSTokenRetriever.getToken(message, tokenParams); + if (tok == null) { + LOG.warning("Security token was not retrieved from STS"); + } + } + + public STSClient getSTSClient() { + return stsClient; + } + + public static enum AuthMode { + X509(X509_ENDPOINT, KEY_TYPE_X509), + TRANSPORT(TRANSPORT_ENDPOINT, null); + + private final QName endpointName; + private final String keyType; + + private AuthMode(QName endpointName, String keyType) { + this.endpointName = endpointName; + this.keyType = keyType; + } + + public QName getEndpointName() { + return endpointName; + } + + public String getKeyType() { + return keyType; + } + } + + public static class AuthParams { + private final AuthMode authMode; + private final String userName; + private final String callbackHandler; + private final String alias; + private final String keystoreProperties; + + public AuthParams(AuthMode authMode, String userName, String callbackHandler) { + this(authMode, userName, callbackHandler, null, null); + } + + public AuthParams(AuthMode authMode, String userName, String callbackHandler, String alias, + String keystoreProperties) { + this.authMode = authMode; + this.userName = userName; + this.callbackHandler = callbackHandler; + this.alias = alias; + this.keystoreProperties = keystoreProperties; + } + + public AuthMode getAuthMode() { + return authMode; + } + public String getUserName() { + return userName; + } + public String getCallbackHandler() { + return callbackHandler; + } + public String getAlias() { + return alias; + } + public String getKeystoreProperties() { + return keystoreProperties; + } + } + + private STSClient configureBasicSTSClient(AuthParams authParams, String stsWsdlLocation, Bus bus) { + STSClient basicStsClient = new STSClient(bus); + basicStsClient.setWsdlLocation(stsWsdlLocation); + basicStsClient.setServiceName(STS_SERVICE_NAME.toString()); + basicStsClient.setEndpointName(authParams.getAuthMode().endpointName.toString()); + if (authParams.getAuthMode().getKeyType() != null) { + basicStsClient.setKeyType(authParams.getAuthMode().getKeyType()); + } else { + basicStsClient.setSendKeyType(false); + } + basicStsClient.setTokenType(TOKEN_TYPE_SAML_2_0); + basicStsClient.setAllowRenewingAfterExpiry(true); + basicStsClient.setEnableLifetime(true); + + Map props = new HashMap(); + if (authParams.getUserName() != null) { + props.put(SecurityConstants.USERNAME, authParams.getUserName()); + } + props.put(SecurityConstants.CALLBACK_HANDLER, authParams.getCallbackHandler()); + if ((authParams.getKeystoreProperties() != null) && (authParams.getKeystoreProperties() != null)) { + props.put(SecurityConstants.ENCRYPT_USERNAME, authParams.getAlias()); + props.put(SecurityConstants.ENCRYPT_PROPERTIES, authParams.getKeystoreProperties()); + props.put(SecurityConstants.SIGNATURE_PROPERTIES, authParams.getKeystoreProperties()); + props.put(SecurityConstants.STS_TOKEN_USERNAME, authParams.getAlias()); + props.put(SecurityConstants.STS_TOKEN_PROPERTIES, authParams.getKeystoreProperties()); + props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); + } + basicStsClient.setProperties(props); + + return basicStsClient; + } +} http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java new file mode 100644 index 0000000..bdafbc8 --- /dev/null +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java @@ -0,0 +1,329 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.cxf.systest.sts.stsclient; + +import java.io.IOException; +import java.io.InputStream; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; + +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; + +import org.apache.cxf.Bus; +import org.apache.cxf.BusFactory; +import org.apache.cxf.configuration.jsse.TLSClientParameters; +import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.endpoint.EndpointException; +import org.apache.cxf.endpoint.EndpointImpl; +import org.apache.cxf.interceptor.LoggingInInterceptor; +import org.apache.cxf.interceptor.LoggingOutInterceptor; +import org.apache.cxf.message.Exchange; +import org.apache.cxf.message.ExchangeImpl; +import org.apache.cxf.message.Message; +import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.service.Service; +import org.apache.cxf.service.ServiceImpl; +import org.apache.cxf.service.model.BindingInfo; +import org.apache.cxf.service.model.EndpointInfo; +import org.apache.cxf.service.model.ServiceInfo; +import org.apache.cxf.systest.sts.common.SecurityTestUtil; +import org.apache.cxf.systest.sts.deployment.STSServer; +import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.transport.http.HTTPConduit; +import org.apache.cxf.ws.security.SecurityConstants; +import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor; +import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthMode; +import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthParams; +import org.apache.cxf.ws.security.tokenstore.SecurityToken; +import org.apache.cxf.ws.security.trust.STSClient; + +import org.junit.AfterClass; +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; + +/** + * Some tests for STSClient configuration. + */ +public class STSTokenOutInterceptorTest extends AbstractBusClientServerTestBase { + static final String STSPORT = allocatePort(STSServer.class); + static final String STSPORT2 = allocatePort(STSServer.class, 2); + + private static final String STS_SERVICE_NAME = + "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"; + private static final String TOKEN_TYPE_SAML_2_0 = + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; + + private static final String SERVICE_ENDPOINT_ASSYMETRIC = + "http://localhost:8081/doubleit/services/doubleitasymmetric"; + private static final String STS_X509_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/X509?wsdl"; + private static final String STS_X509_ENDPOINT_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port"; + private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"; + + private static final String SERVICE_ENDPOINT_TRANSPORT = + "https://localhost:8081/doubleit/services/doubleittransportsaml1"; + private static final String STS_TRANSPORT_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/Transport?wsdl"; + private static final String STS_TRANSPORT_ENDPOINT_NAME = + "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"; + + private static final String CLIENTSTORE = "/clientstore.jks"; + private static final String KEYSTORE_PASS = "cspass"; + private static final String KEY_PASS = "ckpass"; + + @BeforeClass + public static void startServers() throws Exception { + assertTrue( + "Server failed to launch", + // run the server in the same process + // set this to false to fork + launchServer(STSServer.class, true) + ); + } + + @AfterClass + public static void cleanup() throws Exception { + SecurityTestUtil.cleanup(); + stopAllServers(); + } + + @Test + public void testBasicAsymmetricBinding() throws Exception { + Bus bus = BusFactory.getThreadDefaultBus(); + + AuthParams authParams = new AuthParams( + AuthMode.X509, + null, + "org.apache.cxf.systest.sts.common.CommonCallbackHandler", + "mystskey", + "clientKeystore.properties"); + + STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor( + authParams, + "http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE, + bus); + + MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC); + + interceptor.handleMessage(message); + + SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN); + validateSecurityToken(token); + } + + @Test + public void testBasicTransportBinding() throws Exception { + // Setup HttpsURLConnection to get STS WSDL + configureDefaultHttpsConnection(); + + Bus bus = BusFactory.getThreadDefaultBus(); + AuthParams authParams = new AuthParams( + AuthMode.TRANSPORT, + "alice", + "org.apache.cxf.systest.sts.common.CommonCallbackHandler", + null, + null); + + STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor( + authParams, + "https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE, + bus); + + TLSClientParameters tlsParams = prepareTLSParams(); + STSClient stsClient = interceptor.getSTSClient(); + ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams); + + MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_TRANSPORT); + + interceptor.handleMessage(message); + + SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN); + validateSecurityToken(token); + } + + @Test + public void testSTSClientAsymmetricBinding() throws Exception { + Bus bus = BusFactory.getThreadDefaultBus(); + + STSClient stsClient = initStsClientAsymmeticBinding(bus); + STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(stsClient); + + MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC); + + interceptor.handleMessage(message); + + SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN); + validateSecurityToken(token); + } + + @Test + public void testSTSClientTransportBinding() throws Exception { + // Setup HttpsURLConnection to get STS WSDL + configureDefaultHttpsConnection(); + + Bus bus = BusFactory.getThreadDefaultBus(); + STSClient stsClient = initStsClientTransportBinding(bus); + + STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(stsClient); + + TLSClientParameters tlsParams = prepareTLSParams(); + ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams); + + MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_TRANSPORT); + + interceptor.handleMessage(message); + + SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN); + validateSecurityToken(token); + } + + private STSClient initStsClientAsymmeticBinding(Bus bus) { + bus.getInInterceptors().add(new LoggingOutInterceptor()); + bus.getOutInterceptors().add(new LoggingInInterceptor()); + bus.getOutFaultInterceptors().add(new LoggingInInterceptor()); + + STSClient stsClient = new STSClient(bus); + stsClient.setWsdlLocation("http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE); + stsClient.setServiceName(STS_SERVICE_NAME); + stsClient.setEndpointName(STS_X509_ENDPOINT_NAME); + stsClient.setTokenType(TOKEN_TYPE_SAML_2_0); + stsClient.setKeyType(KEY_TYPE_X509); + stsClient.setAllowRenewingAfterExpiry(true); + stsClient.setEnableLifetime(true); + + Map props = new HashMap(); + props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); + props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey"); + props.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties"); + props.put(SecurityConstants.SIGNATURE_PROPERTIES, "clientKeystore.properties"); + props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey"); + props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties"); + props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); + stsClient.setProperties(props); + return stsClient; + } + + private STSClient initStsClientTransportBinding(Bus bus) { + bus.getInInterceptors().add(new LoggingOutInterceptor()); + bus.getOutInterceptors().add(new LoggingInInterceptor()); + bus.getOutFaultInterceptors().add(new LoggingInInterceptor()); + + STSClient stsClient = new STSClient(bus); + stsClient.setWsdlLocation("https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE); + stsClient.setServiceName(STS_SERVICE_NAME); + stsClient.setEndpointName(STS_TRANSPORT_ENDPOINT_NAME); + stsClient.setTokenType(TOKEN_TYPE_SAML_2_0); + stsClient.setAllowRenewingAfterExpiry(true); + stsClient.setEnableLifetime(true); + + Map props = new HashMap(); + props.put(SecurityConstants.USERNAME, "alice"); + props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); + stsClient.setProperties(props); + return stsClient; + } + + private MessageImpl prepareMessage(Bus bus, STSClient stsClient, String serviceAddress) throws EndpointException { + MessageImpl message = new MessageImpl(); + message.put(SecurityConstants.STS_CLIENT, stsClient); + message.put(Message.ENDPOINT_ADDRESS, serviceAddress); + + Exchange exchange = new ExchangeImpl(); + ServiceInfo si = new ServiceInfo(); + Service s = new ServiceImpl(si); + EndpointInfo ei = new EndpointInfo(); + Endpoint ep = new EndpointImpl(bus, s, ei); + ei.setBinding(new BindingInfo(si, null)); + message.setExchange(exchange); + exchange.put(Endpoint.class, ep); + return message; + } + + private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException, + CertificateException, IOException, KeyManagementException { + // For localhost testing only + javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() { + + public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) { + return "localhost".equals(hostname); + } + }); + + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory + .getDefaultAlgorithm()); + KeyStore keyStore = loadClientKeystore(); + trustManagerFactory.init(keyStore); + TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustManagers, new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + } + + private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, + NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setDisableCNCheck(true); + KeyStore trustStore = loadClientKeystore(); + + TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory + .getDefaultAlgorithm()); + trustFactory.init(trustStore); + TrustManager[] tm = trustFactory.getTrustManagers(); + tlsParams.setTrustManagers(tm); + + KeyStore keyStore = loadClientKeystore(); + KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyFactory.init(keyStore, KEY_PASS.toCharArray()); + KeyManager[] km = keyFactory.getKeyManagers(); + tlsParams.setKeyManagers(km); + return tlsParams; + } + + private KeyStore loadClientKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException, + CertificateException { + KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); + InputStream keystoreStream = STSTokenOutInterceptorTest.class.getResourceAsStream(CLIENTSTORE); + try { + keystore.load(keystoreStream, KEYSTORE_PASS.toCharArray()); + } finally { + keystoreStream.close(); + } + return keystore; + } + + private void validateSecurityToken(SecurityToken token) { + Assert.assertNotNull(token); + Assert.assertEquals(TOKEN_TYPE_SAML_2_0, token.getTokenType()); + Assert.assertNotNull(token.getId()); + Assert.assertTrue(token.getExpires().after(new Date())); + Assert.assertEquals("Assertion", token.getToken().getLocalName()); + } + +} http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java index 0f924c1..ca14481 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java @@ -157,7 +157,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase { stsClient.setEnableLifetime(true); Map props = new HashMap(); - props.put(SecurityConstants.USERNAME, "alice"); props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey"); props.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties"); @@ -165,7 +164,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase { props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey"); props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties"); props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); - props.put(SecurityConstants.IS_BSP_COMPLIANT, "false"); stsClient.setProperties(props); return stsClient; } @@ -186,10 +184,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase { Map props = new HashMap(); props.put(SecurityConstants.USERNAME, "alice"); props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); - props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey"); - props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties"); - props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); - props.put(SecurityConstants.IS_BSP_COMPLIANT, "false"); stsClient.setProperties(props); return stsClient; }