Return-Path: 
 <commits-return-40312-apmail-cxf-commits-archive=cxf.apache.org@cxf.apache.org>
X-Original-To: apmail-cxf-commits-archive@www.apache.org
Delivered-To: apmail-cxf-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 67A4117493
	for <apmail-cxf-commits-archive@www.apache.org>;
 Thu, 28 Jan 2016 15:58:21 +0000 (UTC)
Received: (qmail 88905 invoked by uid 500); 28 Jan 2016 15:58:18 -0000
Delivered-To: apmail-cxf-commits-archive@cxf.apache.org
Received: (qmail 88836 invoked by uid 500); 28 Jan 2016 15:58:18 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 88824 invoked by uid 99); 28 Jan 2016 15:58:18 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org)
 (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Jan 2016 15:58:18 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at
 git1-us-west.apache.org, from userid 33)
	id 13CF9E0B3A; Thu, 28 Jan 2016 15:58:18 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Thu, 28 Jan 2016 15:58:17 -0000
Message-Id: <c5933c8722a24632bff5db79d84e44d3@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/2] cxf-fediz git commit: Adding tests for the issued IdTokens

Repository: cxf-fediz
Updated Branches:
  refs/heads/master 1e1f48b48 -> a549755b1


Adding tests for the issued IdTokens


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/08189ca1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/08189ca1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/08189ca1

Branch: refs/heads/master
Commit: 08189ca1e19eafc64d928f8db112b4d81b0ecae0
Parents: 1e1f48b
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Thu Jan 28 15:24:04 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Thu Jan 28 15:24:46 2016 +0000

----------------------------------------------------------------------
 systests/oidc/pom.xml                           |  6 +++
 .../cxf/fediz/systests/oidc/OIDCTest.java       | 51 +++++++++++++++++++-
 2 files changed, 55 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08189ca1/systests/oidc/pom.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/pom.xml b/systests/oidc/pom.xml
index 42bf107..d460292 100644
--- a/systests/oidc/pom.xml
+++ b/systests/oidc/pom.xml
@@ -93,6 +93,12 @@
             <version>${hsqldb.version}</version>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.apache.cxf</groupId>
+            <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
+            <version>${cxf.version}</version>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <testResources>

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08189ca1/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index fe21b64..deba746 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -23,6 +23,12 @@ package org.apache.cxf.fediz.systests.oidc;
 import java.io.File;
 import java.io.IOException;
 import java.net.URL;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Date;
@@ -52,8 +58,13 @@ import org.apache.catalina.LifecycleState;
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
 import org.apache.http.auth.AuthScope;
 import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.common.util.Loader;
 import org.junit.AfterClass;
 import org.junit.Assert;
 import org.junit.BeforeClass;
@@ -403,7 +414,9 @@ public class OIDCTest {
         String response = responsePage.getWebResponse().getContentAsString();
 
         // Check the IdToken
-        Assert.assertTrue(response.contains("id_token"));
+        String idToken = getIdToken(response);
+        Assert.assertNotNull(idToken);
+        validateIdToken(idToken, storedClientId);
         
         webClient.close();
     }
@@ -438,7 +451,9 @@ public class OIDCTest {
         String response = responsePage.getWebResponse().getContentAsString();
 
         // Check the IdToken
-        Assert.assertTrue(response.contains("id_token"));
+        String idToken = getIdToken(response);
+        Assert.assertNotNull(idToken);
+        validateIdToken(idToken, storedClient2Id);
         
         webClient.close();
     }
@@ -685,6 +700,38 @@ public class OIDCTest {
         return wrapper.getCode();
     }
     
+    private String getIdToken(String parentString) {
+        String foundString =
+            parentString.substring(parentString.indexOf("id_token") 
+                                   + ("id_token" + "\":\"").length());
+        int ampersandIndex = foundString.indexOf('\"');
+        if (ampersandIndex < 1) {
+            ampersandIndex = foundString.length();
+        }
+        return foundString.substring(0, ampersandIndex);
+    }
+    
+    private void validateIdToken(String idToken, String audience)
+        throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
+        JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+        JwtToken jwt = jwtConsumer.getJwtToken();
+
+        // Validate claims
+        Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+        Assert.assertEquals("accounts.fediz.com", jwt.getClaim(JwtConstants.CLAIM_ISSUER));
+        Assert.assertEquals(audience, jwt.getClaim(JwtConstants.CLAIM_AUDIENCE));
+        Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+        Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+
+        KeyStore keystore = KeyStore.getInstance("JKS");
+        keystore.load(Loader.getResource("oidc.jks").openStream(), "password".toCharArray());
+        Certificate cert = keystore.getCertificate("alice");
+        Assert.assertNotNull(cert);
+
+        Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert, 
+                                                          SignatureAlgorithm.RS256));
+    }
+    
     private static class CodeWebConnectionWrapper extends WebConnectionWrapper {
 
         private String code;