Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
Reply-To: dev@cxf.apache.org
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Wed, 10 Feb 2016 17:24:15 -0000
Message-Id: <379ff870b9244280b31d1bd968ef7a26@git.apache.org>
In-Reply-To: <800a1799fbe34990bc139d4eec312464@git.apache.org>
References: <800a1799fbe34990bc139d4eec312464@git.apache.org>
Subject: [5/6] cxf git commit: Added token transformation tests

Added token transformation tests


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c857aa32
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c857aa32
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c857aa32

Branch: refs/heads/master
Commit: c857aa32e0cc9da359778d6fb80c2289cff34f5c
Parents: dae3e1c
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Feb 10 17:21:48 2016 +0000
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Feb 10 17:22:03 2016 +0000

----------------------------------------------------------------------
 .../cxf/systest/sts/rest/STSRESTTest.java       | 224 ++++++++++++++++++-
 .../cxf/systest/sts/rest/cxf-rest-sts.xml       |   1 +
 2 files changed, 219 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/c857aa32/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
index 86655c3..baddaae 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
@@ -79,6 +79,7 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
         "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
     private static final String SAML2_TOKEN_TYPE = 
         "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+    private static final String JWT_TOKEN_TYPE = "urn:ietf:params:oauth:token-type:jwt";
     private static final String SYMMETRIC_KEY_KEYTYPE = 
         "http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey";
     private static final String PUBLIC_KEY_KEYTYPE = 
@@ -790,19 +791,218 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
         bus.shutdown(true);
     }
     
-    private Element validateSAMLSecurityTokenResponse(
-        RequestSecurityTokenResponseType securityResponse, boolean saml2
-    ) throws Exception {
-        RequestedSecurityTokenType requestedSecurityToken = null;
+    @org.junit.Test
+    public void testIssueJWTTokenViaPOST() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        
+        // Create RequestSecurityToken
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        String namespace = STSUtils.WST_NS_05_12;
+        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+        writer.writeNamespace("wst", namespace);
+        
+        writer.writeStartElement("wst", "RequestType", namespace);
+        writer.writeCharacters(namespace + "/Issue");
+        writer.writeEndElement();
+        
+        writer.writeStartElement("wst", "TokenType", namespace);
+        writer.writeCharacters(JWT_TOKEN_TYPE);
+        writer.writeEndElement();
+        
+        writer.writeEndElement();
+        
+        Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));
+        
+        RequestSecurityTokenResponseType securityResponse = 
+            response.readEntity(RequestSecurityTokenResponseType.class);
+        
+        RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
+        assertNotNull(requestedSecurityToken);
+        
+        String token = ((Element)requestedSecurityToken.getAny()).getTextContent();
+        assertNotNull(token);
+        
+        validateJWTToken(token, null);
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    public void testValidateSAMLAndIssueJWT() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.path("saml2.0");
+        
+        // 1. Get a token via GET
+        Response response = client.get();
+        Document assertionDoc = response.readEntity(Document.class);
+        assertNotNull(assertionDoc);
+        
+        // 2. Now validate it in the STS using POST
+        client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.query("action", "validate");
+        
+        // Create RequestSecurityToken
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        String namespace = STSUtils.WST_NS_05_12;
+        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+        writer.writeNamespace("wst", namespace);
+        
+        writer.writeStartElement("wst", "RequestType", namespace);
+        writer.writeCharacters(namespace + "/Validate");
+        writer.writeEndElement();
+        
+        writer.writeStartElement("wst", "TokenType", namespace);
+        writer.writeCharacters(JWT_TOKEN_TYPE);
+        writer.writeEndElement();
+        
+        writer.writeStartElement("wst", "ValidateTarget", namespace);
+        StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
+        writer.writeEndElement();
+        
+        writer.writeEndElement();
+        
+        response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));
+        
+        RequestSecurityTokenResponseType securityResponse = 
+            response.readEntity(RequestSecurityTokenResponseType.class);
+        
+        StatusType status = null;
         for (Object obj : securityResponse.getAny()) {
             if (obj instanceof JAXBElement<?>) {
                 JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
-                if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
-                    requestedSecurityToken = (RequestedSecurityTokenType)jaxbElement.getValue();
+                if ("Status".equals(jaxbElement.getName().getLocalPart())) {
+                    status = (StatusType)jaxbElement.getValue();
                     break;
                 }
             }
         }
+        assertNotNull(status);
+        
+        // Check the token was valid
+        String validCode = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid";
+        assertEquals(validCode, status.getCode());
+        
+        // Check the token
+        RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
+        assertNotNull(requestedSecurityToken);
+        
+        String token = ((Element)requestedSecurityToken.getAny()).getTextContent();
+        assertNotNull(token);
+        
+        validateJWTToken(token, null);
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testValidateJWTAndIssueSAML() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.path("jwt");
+        
+        // 1. Get a token via GET
+        Response response = client.get();
+        String token = response.readEntity(String.class);
+        assertNotNull(token);
+        
+        // 2. Now validate it in the STS using POST
+        client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+        client.query("action", "validate");
+        
+        // Create RequestSecurityToken
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        String namespace = STSUtils.WST_NS_05_12;
+        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+        writer.writeNamespace("wst", namespace);
+        
+        writer.writeStartElement("wst", "RequestType", namespace);
+        writer.writeCharacters(namespace + "/Validate");
+        writer.writeEndElement();
+        
+        writer.writeStartElement("wst", "TokenType", namespace);
+        writer.writeCharacters(SAML2_TOKEN_TYPE);
+        writer.writeEndElement();
+        
+        writer.writeStartElement("wst", "ValidateTarget", namespace);
+        writer.writeStartElement(null, "TokenWrapper", null);
+        writer.writeCharacters(token);
+        writer.writeEndElement();
+        writer.writeEndElement();
+        
+        writer.writeEndElement();
+        
+        response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));
+        
+        RequestSecurityTokenResponseType securityResponse = 
+            response.readEntity(RequestSecurityTokenResponseType.class);
+        
+        StatusType status = null;
+        for (Object obj : securityResponse.getAny()) {
+            if (obj instanceof JAXBElement<?>) {
+                JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+                if ("Status".equals(jaxbElement.getName().getLocalPart())) {
+                    status = (StatusType)jaxbElement.getValue();
+                    break;
+                }
+            }
+        }
+        assertNotNull(status);
+        /*
+        // Check the token was valid
+        String validCode = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/status/valid";
+        assertEquals(validCode, status.getCode());
+        
+        // Check the token
+        RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
+        assertNotNull(requestedSecurityToken);
+        
+        String token = ((Element)requestedSecurityToken.getAny()).getTextContent();
+        assertNotNull(token);
+        
+        validateJWTToken(token, null);
+        */
+
+        bus.shutdown(true);
+    }
+    
+    private Element validateSAMLSecurityTokenResponse(
+        RequestSecurityTokenResponseType securityResponse, boolean saml2
+    ) throws Exception {
+        RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
         assertNotNull(requestedSecurityToken);
         
         // Process the token
@@ -823,6 +1023,18 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
         return (Element)results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
     }
     
+    private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType securityResponse) {
+        for (Object obj : securityResponse.getAny()) {
+            if (obj instanceof JAXBElement<?>) {
+                JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+                if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+                    return (RequestedSecurityTokenType)jaxbElement.getValue();
+                }
+            }
+        }
+        return null;
+    }
+    
     private List<WSSecurityEngineResult> processToken(Element assertionElement)
         throws Exception {
         RequestData requestData = new RequestData();

http://git-wip-us.apache.org/repos/asf/cxf/blob/c857aa32/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
index 501b8af..87d4855 100644
--- a/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
+++ b/services/sts/systests/basic/src/test/resources/org/apache/cxf/systest/sts/rest/cxf-rest-sts.xml
@@ -46,6 +46,7 @@
         <property name="tokenStore" ref="defaultTokenStore"/>
     </bean>
     <bean id="transportValidateDelegate" class="org.apache.cxf.sts.operation.TokenValidateOperation">
+        <property name="tokenProviders" ref="transportTokenProviders"/>
         <property name="tokenValidators" ref="transportTokenValidators"/>
         <property name="stsProperties" ref="transportSTSProperties"/>
         <property name="tokenStore" ref="defaultTokenStore"/>