cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [4/7] cxf git commit: Adding SAML + JWT Bearer Grant tests
Date Tue, 08 Dec 2015 18:06:44 GMT
Adding SAML + JWT Bearer Grant tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/d34ba6da
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/d34ba6da
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/d34ba6da

Branch: refs/heads/3.0.x-fixes
Commit: d34ba6da8912ccad276d9c6432fb5f00b663ecc5
Parents: 3257af6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Dec 8 15:09:02 2015 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Dec 8 15:38:07 2015 +0000

----------------------------------------------------------------------
 .../oauth2/grants/AuthorizationGrantTest.java   | 129 +++++++++++++++++++
 .../security/oauth2/grants/grants-server.xml    |  20 +++
 2 files changed, 149 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/d34ba6da/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
index f42c709..5b757f6 100644
--- a/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
+++ b/systests/rs-security/src/test/java/org/apache/cxf/systest/jaxrs/security/oauth2/grants/AuthorizationGrantTest.java
@@ -21,18 +21,33 @@ package org.apache.cxf.systest.jaxrs.security.oauth2.grants;
 
 import java.net.URL;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.Collections;
+import java.util.Date;
 import java.util.List;
+import java.util.Properties;
 
 import javax.ws.rs.core.Form;
 import javax.ws.rs.core.Response;
 
+import org.apache.cxf.common.util.Base64UrlUtility;
 import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.jaxrs.provider.json.JSONProvider;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsHeaders;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactProducer;
+import org.apache.cxf.rs.security.jose.jws.JwsSignatureProvider;
+import org.apache.cxf.rs.security.jose.jws.JwsUtils;
+import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
 import org.apache.cxf.rs.security.oauth2.common.ClientAccessToken;
 import org.apache.cxf.rs.security.oauth2.common.OAuthAuthorizationData;
 import org.apache.cxf.rs.security.oauth2.provider.OAuthJSONProvider;
+import org.apache.cxf.systest.jaxrs.security.oauth2.SamlCallbackHandler;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
 import org.junit.BeforeClass;
 
 /**
@@ -253,7 +268,57 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase
{
         assertNotNull(accessToken.getTokenKey());
         assertNotNull(accessToken.getRefreshToken());
     }
+    
+    @org.junit.Test
+    public void testSAMLAuthorizationGrant() throws Exception {
+        URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, setupProviders(), "alice", "security",
busFile.toString());
+        
+        // Create the SAML Assertion
+        String assertion = createToken(address + "token", true);
+
+        // Get Access Token
+        client.type("application/x-www-form-urlencoded").accept("application/json");
+        client.path("token");
+        
+        Form form = new Form();
+        form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
+        form.param("assertion", Base64UrlUtility.encode(assertion));
+        form.param("client_id", "consumer-id");
+        Response response = client.post(form);
+        
+        ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
+        assertNotNull(accessToken.getTokenKey());
+        assertNotNull(accessToken.getRefreshToken());
+    }
 
+    @org.junit.Test
+    public void testJWTAuthorizationGrant() throws Exception {
+        URL busFile = AuthorizationGrantTest.class.getResource("client.xml");
+        
+        String address = "https://localhost:" + PORT + "/services/";
+        WebClient client = WebClient.create(address, setupProviders(), "alice", "security",
busFile.toString());
+        
+        // Create the JWT Token
+        String token = createToken("DoubleItSTSIssuer", "consumer-id", 
+                                   "https://localhost:" + PORT + "/services/token", true,
true);
+
+        // Get Access Token
+        client.type("application/x-www-form-urlencoded").accept("application/json");
+        client.path("token");
+        
+        Form form = new Form();
+        form.param("grant_type", "urn:ietf:params:oauth:grant-type:jwt-bearer");
+        form.param("assertion", token);
+        form.param("client_id", "consumer-id");
+        Response response = client.post(form);
+        
+        ClientAccessToken accessToken = response.readEntity(ClientAccessToken.class);
+        assertNotNull(accessToken.getTokenKey());
+        assertNotNull(accessToken.getRefreshToken());
+    }
     private String getAuthorizationCode(WebClient client) {
         return getAuthorizationCode(client, null);
     }
@@ -315,4 +380,68 @@ public class AuthorizationGrantTest extends AbstractBusClientServerTestBase
{
         return providers;
     }
 
+    private String createToken(String audRestr, boolean sign) throws WSSecurityException
{
+        SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
+        samlCallbackHandler.setAudience(audRestr);
+        
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
+
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+        if (samlCallback.isSignAssertion()) {
+            samlAssertion.signAssertion(
+                samlCallback.getIssuerKeyName(),
+                samlCallback.getIssuerKeyPassword(),
+                samlCallback.getIssuerCrypto(),
+                samlCallback.isSendKeyValue(),
+                samlCallback.getCanonicalizationAlgorithm(),
+                samlCallback.getSignatureAlgorithm()
+            );
+        }
+        
+        return samlAssertion.assertionToString();
+    }
+    
+    private String createToken(String issuer, String subject, String audience, 
+                               boolean expiry, boolean sign) {
+        // Create the JWT Token
+        JwtClaims claims = new JwtClaims();
+        claims.setSubject(subject);
+        if (issuer != null) {
+            claims.setIssuer(issuer);
+        }
+        claims.setIssuedAt(new Date().getTime() / 1000L);
+        if (expiry) {
+            Calendar cal = Calendar.getInstance();
+            cal.add(Calendar.SECOND, 60);
+            claims.setExpiryTime(cal.getTimeInMillis() / 1000L);
+        }
+        if (audience != null) {
+            claims.setAudiences(Collections.singletonList(audience));
+        }
+        
+        if (sign) {
+            // Sign the JWT Token
+            Properties signingProperties = new Properties();
+            signingProperties.put("rs.security.keystore.type", "jks");
+            signingProperties.put("rs.security.keystore.password", "password");
+            signingProperties.put("rs.security.keystore.alias", "alice");
+            signingProperties.put("rs.security.keystore.file", 
+                                  "org/apache/cxf/systest/jaxrs/security/certs/alice.jks");
+            signingProperties.put("rs.security.key.password", "password");
+            signingProperties.put("rs.security.signature.algorithm", "RS256");
+            
+            JwsHeaders jwsHeaders = new JwsHeaders(signingProperties);
+            JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+            
+            JwsSignatureProvider sigProvider = 
+                JwsUtils.loadSignatureProvider(signingProperties, jwsHeaders);
+            
+            return jws.signWith(sigProvider);
+        }
+        
+        JwsHeaders jwsHeaders = new JwsHeaders(SignatureAlgorithm.NONE);
+        JwsJwtCompactProducer jws = new JwsJwtCompactProducer(jwsHeaders, claims);
+        return jws.getSignedEncodedJws();
+    }
 }

http://git-wip-us.apache.org/repos/asf/cxf/blob/d34ba6da/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
----------------------------------------------------------------------
diff --git a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
index 74a8fcd..3ef86fb 100644
--- a/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
+++ b/systests/rs-security/src/test/resources/org/apache/cxf/systest/jaxrs/security/oauth2/grants/grants-server.xml
@@ -89,6 +89,14 @@ under the License.
       <property name="dataProvider" ref="oauthProvider"/>
    </bean>
    
+   <bean id="samlGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.saml.Saml2BearerGrantHandler">
+      <property name="dataProvider" ref="oauthProvider"/>
+   </bean>
+   
+   <bean id="jwtGrantHandler" class="org.apache.cxf.rs.security.oauth2.grants.jwt.JwtBearerGrantHandler">
+      <property name="dataProvider" ref="oauthProvider"/>
+   </bean>
+   
    <bean id="tokenService" class="org.apache.cxf.rs.security.oauth2.services.AccessTokenService">
       <property name="dataProvider" ref="oauthProvider"/>
       <property name="grantHandlers">
@@ -96,6 +104,8 @@ under the License.
              <ref bean="refreshGrantHandler"/>
              <ref bean="passwordGrantHandler"/>
              <ref bean="clientCredsGrantHandler"/>
+             <ref bean="samlGrantHandler"/>
+             <ref bean="jwtGrantHandler"/>
          </list>
       </property>
    </bean>
@@ -116,6 +126,16 @@ under the License.
        <jaxrs:providers>
            <ref bean="basicAuthFilter"/>
        </jaxrs:providers>
+       <jaxrs:properties>
+           <entry key="security.signature.properties" 
+                  value="org/apache/cxf/systest/jaxrs/security/bob.properties"/>
+           <entry key="rs.security.keystore.type" value="jks" />
+           <entry key="rs.security.keystore.alias" value="alice"/>
+           <entry key="rs.security.keystore.password" value="password"/>
+           <entry key="rs.security.keystore.file" 
+                  value="org/apache/cxf/systest/jaxrs/security/certs/alice.jks" />
+           <entry key="rs.security.signature.algorithm" value="RS256" />
+       </jaxrs:properties>
    </jaxrs:server>
    
 


Mime
View raw message