cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From r...@apache.org
Subject [13/48] cxf git commit: Make it possible to use short KeyTypes with the REST STS rather than the full WS-Trust URIs
Date Wed, 29 Jun 2016 22:44:11 GMT
Make it possible to use short KeyTypes with the REST STS rather than the full WS-Trust URIs


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/8904a106
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/8904a106
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/8904a106

Branch: refs/heads/master-jaxrs-2.1
Commit: 8904a106141d21197a3a53d0d07d13116a9910be
Parents: 58ecf67
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Fri Jun 17 10:23:07 2016 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Fri Jun 17 10:23:07 2016 +0100

----------------------------------------------------------------------
 .../sts/rest/RESTSecurityTokenServiceImpl.java  |  23 +++-
 .../cxf/systest/sts/rest/STSRESTTest.java       | 124 +++++++++++++++++++
 2 files changed, 141 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/8904a106/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
----------------------------------------------------------------------
diff --git a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
index cdeffcb..bcc31a4 100644
--- a/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
+++ b/services/sts/sts-core/src/main/java/org/apache/cxf/sts/rest/RESTSecurityTokenServiceImpl.java
@@ -65,8 +65,9 @@ import org.apache.xml.security.keys.content.X509Data;
 public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl implements RESTSecurityTokenService
{
 
     public static final Map<String, String> DEFAULT_CLAIM_TYPE_MAP;
-
     public static final Map<String, String> DEFAULT_TOKEN_TYPE_MAP;
+    
+    private static final Map<String, String> DEFAULT_KEY_TYPE_MAP = new HashMap<String,
String>();
 
     private static final String CLAIM_TYPE = "ClaimType";
     private static final String CLAIM_TYPE_NS = "http://schemas.xmlsoap.org/ws/2005/05/identity";
@@ -88,6 +89,10 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
         DEFAULT_TOKEN_TYPE_MAP.put("saml1.1", WSConstants.WSS_SAML_TOKEN_TYPE);
         DEFAULT_TOKEN_TYPE_MAP.put("jwt", JWTTokenProvider.JWT_TOKEN_TYPE);
         DEFAULT_TOKEN_TYPE_MAP.put("sct", STSUtils.TOKEN_TYPE_SCT_05_12);
+        
+        DEFAULT_KEY_TYPE_MAP.put("SymmetricKey", STSConstants.SYMMETRIC_KEY_KEYTYPE);
+        DEFAULT_KEY_TYPE_MAP.put("PublicKey", STSConstants.PUBLIC_KEY_KEYTYPE);
+        DEFAULT_KEY_TYPE_MAP.put("Bearer", STSConstants.BEARER_KEY_KEYTYPE);
     }
 
     @Context
@@ -97,7 +102,6 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
     private javax.ws.rs.core.SecurityContext securityContext;
 
     private Map<String, String> claimTypeMap = DEFAULT_CLAIM_TYPE_MAP;
-
     private Map<String, String> tokenTypeMap = DEFAULT_TOKEN_TYPE_MAP;
 
     private String defaultKeyType = STSConstants.BEARER_KEY_KEYTYPE;
@@ -183,17 +187,24 @@ public class RESTSecurityTokenServiceImpl extends SecurityTokenServiceImpl
imple
         List<String> requestedClaims,
         String appliesTo
     ) {
-        if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenType)) {
-            tokenType = tokenTypeMap.get(tokenType);
+        String tokenTypeToUse = tokenType;
+        if (tokenTypeMap != null && tokenTypeMap.containsKey(tokenTypeToUse)) {
+            tokenTypeToUse = tokenTypeMap.get(tokenTypeToUse);
         }
+        
+        String keyTypeToUse = keyType;
+        if (DEFAULT_KEY_TYPE_MAP.containsKey(keyTypeToUse)) {
+            keyTypeToUse = DEFAULT_KEY_TYPE_MAP.get(keyTypeToUse);
+        }
+        
         ObjectFactory of = new ObjectFactory();
         RequestSecurityTokenType request = of.createRequestSecurityTokenType();
 
-        request.getAny().add(of.createTokenType(tokenType));
+        request.getAny().add(of.createTokenType(tokenTypeToUse));
 
         request.getAny().add(of.createRequestType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
 
-        String desiredKeyType = keyType != null ? keyType : defaultKeyType;
+        String desiredKeyType = keyTypeToUse != null ? keyTypeToUse : defaultKeyType;
         request.getAny().add(of.createKeyType(desiredKeyType));
         
         // Add the TLS client Certificate as the UseKey Element if the KeyType is PublicKey

http://git-wip-us.apache.org/repos/asf/cxf/blob/8904a106/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
index 2b96420..4cc6b66 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/rest/STSRESTTest.java
@@ -217,6 +217,48 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testIssueSymmetricKeySaml1ShortKeyType() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.accept("application/xml");
+        client.path("saml1.1");
+        client.query("keyType", "SymmetricKey");
+        
+        Response response = client.get();
+        Document assertionDoc = response.readEntity(Document.class);
+        assertNotNull(assertionDoc);
+        
+        // Process the token
+        List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion = 
+            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
+        assertTrue(assertion.isSigned());
+        
+        List<String> methods = assertion.getConfirmationMethods();
+        String confirmMethod = null;
+        if (methods != null && methods.size() > 0) {
+            confirmMethod = methods.get(0);
+        }
+        assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
+        SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
+        assertTrue(subjectKeyInfo.getSecret() != null);
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testIssuePublicKeySAML2Token() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
@@ -259,6 +301,48 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testIssuePublicKeySAML2TokenShortKeyType() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.accept("application/xml");
+        client.path("saml2.0");
+        client.query("keyType", "PublicKey");
+        
+        Response response = client.get();
+        Document assertionDoc = response.readEntity(Document.class);
+        assertNotNull(assertionDoc);
+        
+        // Process the token
+        List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion = 
+            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+        assertTrue(assertion.isSigned());
+        
+        List<String> methods = assertion.getConfirmationMethods();
+        String confirmMethod = null;
+        if (methods != null && methods.size() > 0) {
+            confirmMethod = methods.get(0);
+        }
+        assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
+        SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
+        assertTrue(subjectKeyInfo.getCerts() != null);
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testIssueBearerSAML1Token() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
@@ -299,6 +383,46 @@ public class STSRESTTest extends AbstractBusClientServerTestBase {
     }
     
     @org.junit.Test
+    public void testIssueBearerSAML1TokenShorKeyType() throws Exception {
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = STSRESTTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+        
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenService/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.accept("application/xml");
+        client.path("saml1.1");
+        client.query("keyType", "Bearer");
+        
+        Response response = client.get();
+        Document assertionDoc = response.readEntity(Document.class);
+        assertNotNull(assertionDoc);
+        
+        // Process the token
+        List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
+
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion = 
+            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
+        assertTrue(assertion.isSigned());
+        
+        List<String> methods = assertion.getConfirmationMethods();
+        String confirmMethod = null;
+        if (methods != null && methods.size() > 0) {
+            confirmMethod = methods.get(0);
+        }
+        assertTrue(confirmMethod.contains("bearer"));
+
+        bus.shutdown(true);
+    }
+    
+    @org.junit.Test
     public void testIssueSAML2TokenAppliesTo() throws Exception {
         SpringBusFactory bf = new SpringBusFactory();
         URL busFile = STSRESTTest.class.getResource("cxf-client.xml");


Mime
View raw message