Return-Path: <commits-return-47129-archive-asf-public=cust-asf.ponee.io@cxf.apache.org>
X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io
Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io
Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183])
	by cust-asf2.ponee.io (Postfix) with ESMTP id 8DDAB20049D
	for <archive-asf-public-internal@cust-asf2.ponee.io>; Wed,  9 Aug 2017 16:29:21 +0200 (CEST)
Received: by cust-asf.ponee.io (Postfix)
	id 8C5BF1693CB; Wed,  9 Aug 2017 14:29:21 +0000 (UTC)
Delivered-To: archive-asf-public@cust-asf.ponee.io
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by cust-asf.ponee.io (Postfix) with SMTP id DAF5E1693C3
	for <archive-asf-public@cust-asf.ponee.io>; Wed,  9 Aug 2017 16:29:20 +0200 (CEST)
Received: (qmail 97512 invoked by uid 500); 9 Aug 2017 14:29:20 -0000
Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@cxf.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@cxf.apache.org>
List-Post: <mailto:commits@cxf.apache.org>
List-Id: <commits.cxf.apache.org>
Reply-To: dev@cxf.apache.org
Delivered-To: mailing list commits@cxf.apache.org
Received: (qmail 97502 invoked by uid 99); 9 Aug 2017 14:29:20 -0000
Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 09 Aug 2017 14:29:20 +0000
Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33)
	id F0A7FE95C7; Wed,  9 Aug 2017 14:29:19 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: coheigea@apache.org
To: commits@cxf.apache.org
Date: Wed, 09 Aug 2017 14:29:19 -0000
Message-Id: <c4a24442c33f4f27af8a07bc80ea6113@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [1/5] cxf-fediz git commit: Return the IdP metadata if no realm is
 specified.
archived-at: Wed, 09 Aug 2017 14:29:21 -0000

Repository: cxf-fediz
Updated Branches:
  refs/heads/1.4.x-fixes 8ea7f5e73 -> f71e62006


Return the IdP metadata if no realm is specified.


Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f50c1f69
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f50c1f69
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f50c1f69

Branch: refs/heads/1.4.x-fixes
Commit: f50c1f69304e3d79749caf2cc8a27565da791b58
Parents: 8ea7f5e
Author: Colm O hEigeartaigh <coheigea@apache.org>
Authored: Wed Aug 9 10:26:38 2017 +0100
Committer: Colm O hEigeartaigh <coheigea@apache.org>
Committed: Wed Aug 9 15:28:38 2017 +0100

----------------------------------------------------------------------
 .../cxf/fediz/service/idp/MetadataServlet.java  | 20 +++++++++---
 .../apache/cxf/fediz/systests/idp/IdpTest.java  | 33 ++++++++++++++++++++
 2 files changed, 48 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f50c1f69/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
----------------------------------------------------------------------
diff --git a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
index dca1b46..1077f8b 100644
--- a/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
+++ b/services/idp-core/src/main/java/org/apache/cxf/fediz/service/idp/MetadataServlet.java
@@ -63,15 +63,25 @@ public class MetadataServlet extends HttpServlet {
         Idp idpConfig = cs.getIDP(realm);
         try {
             if (request.getServletPath() != null && request.getServletPath().startsWith("/metadata")) {
-                String serviceRealm =
+                String parsedRealm =
                     request.getRequestURI().substring(request.getRequestURI().indexOf("/metadata")
                                                       + "/metadata".length());
-                if (serviceRealm != null && serviceRealm.charAt(0) == '/') {
-                    serviceRealm = serviceRealm.substring(1);
+                if (parsedRealm != null && !parsedRealm.isEmpty() && parsedRealm.charAt(0) == '/') {
+                    parsedRealm = parsedRealm.substring(1);
                 }
-                TrustedIdp trustedIdp = idpConfig.findTrustedIdp(serviceRealm);
+
+                // Default to writing out the metadata for the IdP
+                if (idpConfig.getRealm().equals(parsedRealm) || parsedRealm == null || parsedRealm.isEmpty()) {
+                    IdpMetadataWriter mw = new IdpMetadataWriter();
+                    Document metadata = mw.getMetaData(idpConfig);
+                    out.write(DOM2Writer.nodeToString(metadata));
+                    return;
+                }
+
+                // Otherwise try to find the metadata for the trusted third party IdP
+                TrustedIdp trustedIdp = idpConfig.findTrustedIdp(parsedRealm);
                 if (trustedIdp == null) {
-                    LOG.error("No TrustedIdp found for desired realm: " + serviceRealm);
+                    LOG.error("No TrustedIdp found for desired realm: " + parsedRealm);
                     response.sendError(HttpServletResponse.SC_BAD_REQUEST);
                     return;
                 }

http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f50c1f69/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 47434f4..a133c9b 100644
--- a/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/idp/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -298,6 +298,39 @@ public class IdpTest {
     }
 
     @Test
+    public void testIdPMetadataDefault() throws Exception {
+        String url = "https://localhost:" + getIdpHttpsPort()
+            + "/fediz-idp/metadata";
+
+        final WebClient webClient = new WebClient();
+        webClient.getOptions().setUseInsecureSSL(true);
+        webClient.getOptions().setSSLClientCertificate(
+            this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
+
+        final XmlPage rpPage = webClient.getPage(url);
+        final String xmlContent = rpPage.asXml();
+        Assert.assertTrue(xmlContent.startsWith("<md:EntityDescriptor"));
+
+        // Now validate the Signature
+        Document doc = rpPage.getXmlDocument();
+
+        doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
+        Node signatureNode =
+            DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+        Assert.assertNotNull(signatureNode);
+
+        XMLSignature signature = new XMLSignature((Element)signatureNode, "");
+        KeyInfo ki = signature.getKeyInfo();
+        Assert.assertNotNull(ki);
+        Assert.assertNotNull(ki.getX509Certificate());
+
+        Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+
+        webClient.close();
+    }
+
+    @Test
     public void testIdPServiceMetadata() throws Exception {
         String url = "https://localhost:" + getIdpHttpsPort()
             + "/fediz-idp/metadata/urn:org:apache:cxf:fediz:idp:realm-B";