cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject [1/5] cxf-fediz git commit: Return the IdP metadata if no realm is specified.
Date Wed, 09 Aug 2017 14:29:19 GMT
Repository: cxf-fediz
Updated Branches:
  refs/heads/1.4.x-fixes 8ea7f5e73 -> f71e62006


Return the IdP metadata if no realm is specified.


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f50c1f69
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f50c1f69
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f50c1f69

Branch: refs/heads/1.4.x-fixes
Commit: f50c1f69304e3d79749caf2cc8a27565da791b58
Parents: 8ea7f5e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Aug 9 10:26:38 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Aug 9 15:28:38 2017 +0100

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/MetadataServlet.java  | 20 +++++++++---
 .../apache/cxf/fediz/systests/idp/IdpTest.java  | 33 ++++++++++++++++++++
 2 files changed, 48 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f50c1f69/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
index dca1b46..1077f8b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
@@ -63,15 +63,25 @@ public class MetadataServlet extends HttpServlet {
         Idp idpConfig = cs.getIDP(realm);
         try {
             if (request.getServletPath() != null && request.getServletPath().startsWith("/metadata"))
{
-                String serviceRealm =
+                String parsedRealm =
                     request.getRequestURI().substring(request.getRequestURI().indexOf("/metadata")
                                                       + "/metadata".length());
-                if (serviceRealm != null && serviceRealm.charAt(0) == '/') {
-                    serviceRealm = serviceRealm.substring(1);
+                if (parsedRealm != null && !parsedRealm.isEmpty() && parsedRealm.charAt(0)
== '/') {
+                    parsedRealm = parsedRealm.substring(1);
                 }
-                TrustedIdp trustedIdp = idpConfig.findTrustedIdp(serviceRealm);
+
+                // Default to writing out the metadata for the IdP
+                if (idpConfig.getRealm().equals(parsedRealm) || parsedRealm == null || parsedRealm.isEmpty())
{
+                    IdpMetadataWriter mw = new IdpMetadataWriter();
+                    Document metadata = mw.getMetaData(idpConfig);
+                    out.write(DOM2Writer.nodeToString(metadata));
+                    return;
+                }
+
+                // Otherwise try to find the metadata for the trusted third party IdP
+                TrustedIdp trustedIdp = idpConfig.findTrustedIdp(parsedRealm);
                 if (trustedIdp == null) {
-                    LOG.error("No TrustedIdp found for desired realm: " + serviceRealm);
+                    LOG.error("No TrustedIdp found for desired realm: " + parsedRealm);
                     response.sendError(HttpServletResponse.SC_BAD_REQUEST);
                     return;
                 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f50c1f69/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 47434f4..a133c9b 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -298,6 +298,39 @@ public class IdpTest {
     }
 
     @Test
+    public void testIdPMetadataDefault() throws Exception {
+        String url = "https://localhost:" + getIdpHttpsPort()
+            + "/fediz-idp/metadata";
+
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setSSLClientCertificate(
+            this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
+
+        final XmlPage rpPage = webClient.getPage(url);
+        final String xmlContent = rpPage.asXml();
+        Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
+
+        // Now validate the Signature
+        Document doc = rpPage.getXmlDocument();
+
+        doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
+        Node signatureNode =
+            DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+        Assert.assertNotNull(signatureNode);
+
+        XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+        KeyInfo ki = signature.getKeyInfo();
+        Assert.assertNotNull(ki);
+        Assert.assertNotNull(ki.getX509Certificate());
+
+        Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+
+        webClient.close();
+    }
+
+    @Test
     public void testIdPServiceMetadata() throws Exception {
         String url = "https://localhost:" + getIdpHttpsPort()
             + "/fediz-idp/metadata/urn:org:apache:cxf:fediz:idp:realm-B";


Mime
View raw message