cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/2] cxf-fediz git commit: Adding tests for the issued IdTokens
Date Thu, 28 Jan 2016 15:58:17 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/master 1e1f48b48 -> a549755b1


Adding tests for the issued IdTokens


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/08189ca1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/08189ca1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/08189ca1

Branch: refs/heads/master
Commit: 08189ca1e19eafc64d928f8db112b4d81b0ecae0
Parents: 1e1f48b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jan 28 15:24:04 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jan 28 15:24:46 2016 +0000

----------------------------------------------------------------------
 systests/oidc/pom.xml                           |  6 +++
 .../cxf/fediz/systests/oidc/OIDCTest.java       | 51 +++++++++++++++++++-
 2 files changed, 55 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08189ca1/systests/oidc/pom.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/pom.xml b/systests/oidc/pom.xml
index 42bf107..d460292 100644
--- a/systests/oidc/pom.xml
+++ b/systests/oidc/pom.xml
@@ -93,6 +93,12 @@
             <version>${hsqldb.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
+            <version>${cxf.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <testResources>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08189ca1/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index fe21b64..deba746 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -23,6 +23,12 @@ package org.apache.cxf.fediz.systests.oidc;
 import java.io.File;
 import java.io.IOException;
 import java.net.URL;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Date;
@@ -52,8 +58,13 @@ import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.common.util.Loader;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -403,7 +414,9 @@ public class OIDCTest {
         String response = responsePage.getWebResponse().getContentAsString();
 
         // Check the IdToken
-        Assert.assertTrue(response.contains("id_token"));
+        String idToken = getIdToken(response);
+        Assert.assertNotNull(idToken);
+        validateIdToken(idToken, storedClientId);
         
         webClient.close();
     }
@@ -438,7 +451,9 @@ public class OIDCTest {
         String response = responsePage.getWebResponse().getContentAsString();
 
         // Check the IdToken
-        Assert.assertTrue(response.contains("id_token"));
+        String idToken = getIdToken(response);
+        Assert.assertNotNull(idToken);
+        validateIdToken(idToken, storedClient2Id);
         
         webClient.close();
     }
@@ -685,6 +700,38 @@ public class OIDCTest {
         return wrapper.getCode();
     }
     
+    private String getIdToken(String parentString) {
+        String foundString =
+            parentString.substring(parentString.indexOf("id_token") 
+                                   + ("id_token" + "\":\"").length());
+        int ampersandIndex = foundString.indexOf('\"');
+        if (ampersandIndex < 1) {
+            ampersandIndex = foundString.length();
+        }
+        return foundString.substring(0, ampersandIndex);
+    }
+    
+    private void validateIdToken(String idToken, String audience)
+        throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException
{
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+
+        // Validate claims
+        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals("accounts.fediz.com", jwt.getClaim(JwtConstants.CLAIM_ISSUER));
+        Assert.assertEquals(audience, jwt.getClaim(JwtConstants.CLAIM_AUDIENCE));
+        Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+        Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+
+        KeyStore keystore = KeyStore.getInstance("JKS");
+        keystore.load(Loader.getResource("oidc.jks").openStream(), "password".toCharArray());
+        Certificate cert = keystore.getCertificate("alice");
+        Assert.assertNotNull(cert);
+
+        Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert, 
+                                                          SignatureAlgorithm.RS256));
+    }
+    
     private static class CodeWebConnectionWrapper extends WebConnectionWrapper {
 
         private String code;


Mime
View raw message