Return-Path: <commits-return-45877-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 6E6E5200C4C
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Tue,  4 Apr 2017 14:16:04 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 6CF13160B90; Tue,  4 Apr 2017 12:16:04 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id 7BA59160B81
	for <archive-asf-public@cust-asf.ponee.io>; Tue,  4 Apr 2017 14:16:03 +0200 (CEST)
Received: (qmail 23435 invoked by uid 500); 4 Apr 2017 12:16:02 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 23425 invoked by uid 99); 4 Apr 2017 12:16:02 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Apr 2017 12:16:02 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id 65B41DFBA9; Tue,  4 Apr 2017 12:16:02 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Message-Id: <041d5641bb364b4a8f0846c7e000107a@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: cxf git commit: Adding custom parameter REST test for the STS
Date: Tue,  4 Apr 2017 12:16:02 +0000 (UTC)
archived-at: Tue, 04 Apr 2017 12:16:04 -0000

Repository: cxf
Updated Branches:
  refs/heads/master d1b8ff637 -> dd421381b


Adding custom parameter REST test for the STS


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/dd421381
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/dd421381
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/dd421381

Branch: refs/heads/master
Commit: dd421381bcf61ead2a66311f1caf9ebdfcbf06c4
Parents: d1b8ff6
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Tue Apr 4 13:15:51 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Tue Apr 4 13:15:51 2017 +0100

----------------------------------------------------------------------
 services/sts/systests/advanced/pom.xml          |   5 +
 .../systest/sts/custom/CustomParameterTest.java | 129 +++++++++++++++++++
 .../cxf/systest/sts/custom/cxf-sts-common.xml   |   4 +
 .../apache/cxf/systest/sts/custom/cxf-sts.xml   |  20 ++-
 4 files changed, 157 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/pom.xml b/services/sts/systests/advanced/pom.xml
index e2bb566..419f44c 100644
--- a/services/sts/systests/advanced/pom.xml
+++ b/services/sts/systests/advanced/pom.xml
@@ -138,6 +138,11 @@
             <artifactId>hazelcast-spring</artifactId>
             <version>${cxf.hazelcast.version}</version>
         </dependency>
+        <dependency>
+            <groupId>com.fasterxml.jackson.jaxrs</groupId>
+            <artifactId>jackson-jaxrs-json-provider</artifactId>
+            <scope>test</scope>
+        </dependency>
     </dependencies>
     <build>
         <testSourceDirectory>${basedir}/src/test/java</testSourceDirectory>

http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
index f6ff291..96122ba 100644
--- a/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
+++ b/services/sts/systests/advanced/src/test/java/org/apache/cxf/systest/sts/custom/CustomParameterTest.java
@@ -20,19 +20,40 @@ package org.apache.cxf.systest.sts.custom;
 
 import java.net.URL;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
+import javax.security.auth.callback.CallbackHandler;
+import javax.ws.rs.core.Response;
+import javax.xml.bind.JAXBElement;
 import javax.xml.namespace.QName;
+import javax.xml.transform.dom.DOMSource;
 import javax.xml.ws.BindingProvider;
 import javax.xml.ws.Service;
 
+import org.w3c.dom.Element;
+
 import org.apache.cxf.Bus;
 import org.apache.cxf.bus.spring.SpringBusFactory;
+import org.apache.cxf.jaxrs.client.WebClient;
 import org.apache.cxf.rt.security.SecurityConstants;
+import org.apache.cxf.staxutils.W3CDOMStreamWriter;
 import org.apache.cxf.systest.sts.common.SecurityTestUtil;
 import org.apache.cxf.systest.sts.common.TokenTestUtils;
 import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
+import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
 import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSUtils;
+import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.crypto.CryptoFactory;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.wss4j.dom.WSDocInfo;
+import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
+import org.apache.wss4j.dom.handler.RequestData;
+import org.apache.wss4j.dom.processor.Processor;
+import org.apache.wss4j.dom.processor.SAMLTokenProcessor;
 import org.example.contract.doubleit.DoubleItPortType;
 import org.junit.BeforeClass;
 
@@ -49,6 +70,9 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase {
 
     private static final String PORT = allocatePort(Server.class);
 
+    private static final String SAML2_TOKEN_TYPE =
+        "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+
     @BeforeClass
     public static void startServers() throws Exception {
 
@@ -262,6 +286,111 @@ public class CustomParameterTest extends AbstractBusClientServerTestBase {
         bus.shutdown(true);
     }
 
+    @org.junit.Test
+    public void testCustomParameterToRESTInterface() throws Exception {
+
+        SpringBusFactory bf = new SpringBusFactory();
+        URL busFile = CustomParameterTest.class.getResource("cxf-client.xml");
+
+        Bus bus = bf.createBus(busFile.toString());
+        SpringBusFactory.setDefaultBus(bus);
+        SpringBusFactory.setThreadDefaultBus(bus);
+
+        String address = "https://localhost:" + STSPORT + "/SecurityTokenServiceREST/token";
+        WebClient client = WebClient.create(address, busFile.toString());
+
+        client.type("application/xml").accept("application/xml");
+
+        // Create RequestSecurityToken
+        W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
+        String namespace = STSUtils.WST_NS_05_12;
+        writer.writeStartElement("wst", "RequestSecurityToken", namespace);
+        writer.writeNamespace("wst", namespace);
+
+        writer.writeStartElement("wst", "RequestType", namespace);
+        writer.writeCharacters(namespace + "/Issue");
+        writer.writeEndElement();
+
+        writer.writeStartElement("wst", "TokenType", namespace);
+        writer.writeCharacters(SAML2_TOKEN_TYPE);
+        writer.writeEndElement();
+
+        writer.writeStartElement("wst", "Claims", namespace);
+        writer.writeAttribute("Dialect", "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        writer.writeStartElement("ic", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
+        writer.writeAttribute("Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
+        writer.writeEndElement();
+        writer.writeEndElement();
+
+        // Add custom content to the RST
+        writer.writeStartElement("", "realm", "http://cxf.apache.org/custom");
+        writer.writeCharacters("custom-realm");
+        writer.writeEndElement();
+
+        writer.writeEndElement();
+
+        Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));
+
+        RequestSecurityTokenResponseType securityResponse =
+            response.readEntity(RequestSecurityTokenResponseType.class);
+
+        Element assertion = validateSAMLSecurityTokenResponse(securityResponse, true);
+        assertTrue(DOM2Writer.nodeToString(assertion).contains("admin-user"));
+
+        bus.shutdown(true);
+    }
+
+    private Element validateSAMLSecurityTokenResponse(
+         RequestSecurityTokenResponseType securityResponse, boolean saml2
+    ) throws Exception {
+        RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
+        assertNotNull(requestedSecurityToken);
+
+        // Process the token
+        List<WSSecurityEngineResult> results =
+            processToken((Element)requestedSecurityToken.getAny());
+
+        assertTrue(results != null && results.size() == 1);
+        SamlAssertionWrapper assertion =
+            (SamlAssertionWrapper)results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(assertion != null);
+        if (saml2) {
+            assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
+        } else {
+            assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
+        }
+        assertTrue(assertion.isSigned());
+
+        return (Element)results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
+    }
+
+    private RequestedSecurityTokenType getRequestedSecurityToken(RequestSecurityTokenResponseType securityResponse) {
+        for (Object obj : securityResponse.getAny()) {
+            if (obj instanceof JAXBElement<?>) {
+                JAXBElement<?> jaxbElement = (JAXBElement<?>)obj;
+                if ("RequestedSecurityToken".equals(jaxbElement.getName().getLocalPart())) {
+                    return (RequestedSecurityTokenType)jaxbElement.getValue();
+                }
+            }
+        }
+        return null;
+    }
+
+    private List<WSSecurityEngineResult> processToken(Element assertionElement)
+        throws Exception {
+        RequestData requestData = new RequestData();
+        requestData.setDisableBSPEnforcement(true);
+        CallbackHandler callbackHandler = new org.apache.cxf.systest.sts.common.CommonCallbackHandler();
+        requestData.setCallbackHandler(callbackHandler);
+        Crypto crypto = CryptoFactory.getInstance("serviceKeystore.properties");
+        requestData.setDecCrypto(crypto);
+        requestData.setSigVerCrypto(crypto);
+        requestData.setWsDocInfo(new WSDocInfo(assertionElement.getOwnerDocument()));
+
+        Processor processor = new SAMLTokenProcessor();
+        return processor.handleToken(assertionElement, requestData);
+    }
+
     private static void doubleIt(DoubleItPortType port, int numToDouble) {
         int resp = port.doubleIt(numToDouble);
         assertEquals(numToDouble * 2, resp);

http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml
index 84bd04b..26984d8 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts-common.xml
@@ -126,4 +126,8 @@
         <property name="issuer" value="${issuer}"/>
         <property name="encryptionUsername" value="${encryption.username}"/>
     </bean>
+    
+    <bean id="restSTS" class="org.apache.cxf.sts.rest.RESTSecurityTokenServiceImpl">
+        <property name="issueSingleOperation" ref="transportIssueDelegate" />
+    </bean>
 </beans>

http://git-wip-us.apache.org/repos/asf/cxf/blob/dd421381/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml
----------------------------------------------------------------------
diff --git a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml
index 521716c..a951e4d 100644
--- a/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml
+++ b/services/sts/systests/advanced/src/test/resources/org/apache/cxf/systest/sts/custom/cxf-sts.xml
@@ -17,7 +17,7 @@
  specific language governing permissions and limitations
  under the License.
 -->
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/http-jetty/configuration             http://c
 xf.apache.org/schemas/configuration/http-jetty.xsd             http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans-4.2.xsd             http://www.springframework.org/schema/util             http://www.springframework.org/schema/util/spring-util-4.2.xsd">
+<beans xmlns="http://www.springframework.org/schema/beans" xmlns:cxf="http://cxf.apache.org/core" xmlns:jaxrs="http://cxf.apache.org/jaxrs" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://cxf.apache.org/configuration/security" xmlns:http="http://cxf.apache.org/transports/http/configuration" xmlns:httpj="http://cxf.apache.org/transports/http-jetty/configuration" xmlns:jaxws="http://cxf.apache.org/jaxws" xmlns:util="http://www.springframework.org/schema/util" xsi:schemaLocation="             http://cxf.apache.org/core             http://cxf.apache.org/schemas/core.xsd             http://cxf.apache.org/configuration/security             http://cxf.apache.org/schemas/configuration/security.xsd             http://cxf.apache.org/jaxws             http://cxf.apache.org/schemas/jaxws.xsd             http://cxf.apache.org/transports/http/configuration             http://cxf.apache.org/schemas/configuration/http-conf.xsd             http://cxf.apache.org/transports/htt
 p-jetty/configuration             http://cxf.apache.org/schemas/configuration/http-jetty.xsd             http://www.springframework.org/schema/beans             http://www.springframework.org/schema/beans/spring-beans-4.2.xsd             http://www.springframework.org/schema/util             http://www.springframework.org/schema/util/spring-util-4.2.xsd http://cxf.apache.org/jaxrs http://cxf.apache.org/schemas/jaxrs.xsd">
    
     <import resource="./cxf-sts-common.xml" />
    
@@ -32,6 +32,24 @@
             <entry key="security.callback-handler" value="org.apache.cxf.systest.sts.common.CommonCallbackHandler"/>
         </jaxws:properties>
     </jaxws:endpoint>
+    
+    <bean id="jsonProvider" class="com.fasterxml.jackson.jaxrs.json.JacksonJsonProvider" />
+    
+    <jaxrs:server id="stsRESTService"
+       depends-on="ClientAuthHttpsSettings" 
+       address="https://localhost:${testutil.ports.custom.STSServer}/SecurityTokenServiceREST">
+        <jaxrs:serviceBeans>
+            <ref bean="restSTS" />
+        </jaxrs:serviceBeans>
+        <jaxrs:providers>
+            <ref bean="jsonProvider" />
+        </jaxrs:providers>
+        <jaxrs:extensionMappings>
+            <entry key="json" value="application/json;charset=UTF-8" />
+            <entry key="xml" value="application/xml;charset=UTF-8" />
+        </jaxrs:extensionMappings>
+    </jaxrs:server>
+    
     <httpj:engine-factory id="ClientAuthHttpsSettings" bus="cxf">
         <httpj:engine port="${testutil.ports.custom.STSServer}">
             <httpj:tlsServerParameters>