You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by as...@apache.org on 2015/07/16 21:20:15 UTC
cxf git commit: [CXF-6267]: Introduced interceptor used to retrieve
SAML from STS
Repository: cxf
Updated Branches:
refs/heads/master 3948f2f0b -> c933c0be9
[CXF-6267]: Introduced interceptor used to retrieve SAML from STS
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/c933c0be
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/c933c0be
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/c933c0be
Branch: refs/heads/master
Commit: c933c0be9254f5858102aea69d306908ce8a1f0c
Parents: 3948f2f
Author: Andrei Shakirin <an...@gmail.com>
Authored: Thu Jul 16 21:20:00 2015 +0200
Committer: Andrei Shakirin <an...@gmail.com>
Committed: Thu Jul 16 21:20:00 2015 +0200
----------------------------------------------------------------------
.../interceptors/STSTokenOutInterceptor.java | 177 ++++++++++
.../stsclient/STSTokenOutInterceptorTest.java | 329 +++++++++++++++++++
.../sts/stsclient/STSTokenRetrieverTest.java | 6 -
3 files changed, 506 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
----------------------------------------------------------------------
diff --git a/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
new file mode 100644
index 0000000..a735fd1
--- /dev/null
+++ b/rt/ws/security/src/main/java/org/apache/cxf/ws/security/policy/interceptors/STSTokenOutInterceptor.java
@@ -0,0 +1,177 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.ws.security.policy.interceptors;
+
+import java.util.HashMap;
+import java.util.Map;
+import java.util.logging.Logger;
+
+import javax.xml.namespace.QName;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.common.logging.LogUtils;
+import org.apache.cxf.interceptor.Fault;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.phase.AbstractPhaseInterceptor;
+import org.apache.cxf.phase.Phase;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+import org.apache.cxf.ws.security.trust.STSTokenRetriever;
+import org.apache.cxf.ws.security.trust.STSTokenRetriever.TokenRequestParams;
+
+public class STSTokenOutInterceptor extends AbstractPhaseInterceptor<Message> {
+ private static final Logger LOG = LogUtils.getL7dLogger(STSTokenOutInterceptor.class);
+ private static final String TOKEN_TYPE_SAML_2_0 =
+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+ private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
+ private static final String WS_TRUST_NS = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+ private static final QName STS_SERVICE_NAME = new QName(WS_TRUST_NS, "SecurityTokenService");
+ private static final QName X509_ENDPOINT = new QName(WS_TRUST_NS, "X509_Port");
+ private static final QName TRANSPORT_ENDPOINT = new QName(WS_TRUST_NS, "Transport_Port");
+
+ private STSClient stsClient;
+ private TokenRequestParams tokenParams;
+
+ public STSTokenOutInterceptor(AuthParams authParams, String stsWsdlLocation, Bus bus) {
+ super(Phase.PREPARE_SEND);
+ this.stsClient = configureBasicSTSClient(authParams, stsWsdlLocation, bus);
+ this.tokenParams = new TokenRequestParams();
+ }
+
+ public STSTokenOutInterceptor(STSClient stsClient) {
+ this(Phase.PREPARE_SEND, stsClient, new TokenRequestParams());
+ }
+
+ public STSTokenOutInterceptor(STSClient stsClient, TokenRequestParams tokenParams) {
+ this(Phase.PREPARE_SEND, stsClient, tokenParams);
+ }
+
+ public STSTokenOutInterceptor(String phase, STSClient stsClient, TokenRequestParams tokenParams) {
+ super(phase);
+ this.stsClient = stsClient;
+ this.tokenParams = tokenParams;
+ }
+
+ @Override
+ public void handleMessage(Message message) throws Fault {
+ if (stsClient != null) {
+ message.put(SecurityConstants.STS_CLIENT, stsClient);
+ }
+ SecurityToken tok = STSTokenRetriever.getToken(message, tokenParams);
+ if (tok == null) {
+ LOG.warning("Security token was not retrieved from STS");
+ }
+ }
+
+ public STSClient getSTSClient() {
+ return stsClient;
+ }
+
+ public static enum AuthMode {
+ X509(X509_ENDPOINT, KEY_TYPE_X509),
+ TRANSPORT(TRANSPORT_ENDPOINT, null);
+
+ private final QName endpointName;
+ private final String keyType;
+
+ private AuthMode(QName endpointName, String keyType) {
+ this.endpointName = endpointName;
+ this.keyType = keyType;
+ }
+
+ public QName getEndpointName() {
+ return endpointName;
+ }
+
+ public String getKeyType() {
+ return keyType;
+ }
+ }
+
+ public static class AuthParams {
+ private final AuthMode authMode;
+ private final String userName;
+ private final String callbackHandler;
+ private final String alias;
+ private final String keystoreProperties;
+
+ public AuthParams(AuthMode authMode, String userName, String callbackHandler) {
+ this(authMode, userName, callbackHandler, null, null);
+ }
+
+ public AuthParams(AuthMode authMode, String userName, String callbackHandler, String alias,
+ String keystoreProperties) {
+ this.authMode = authMode;
+ this.userName = userName;
+ this.callbackHandler = callbackHandler;
+ this.alias = alias;
+ this.keystoreProperties = keystoreProperties;
+ }
+
+ public AuthMode getAuthMode() {
+ return authMode;
+ }
+ public String getUserName() {
+ return userName;
+ }
+ public String getCallbackHandler() {
+ return callbackHandler;
+ }
+ public String getAlias() {
+ return alias;
+ }
+ public String getKeystoreProperties() {
+ return keystoreProperties;
+ }
+ }
+
+ private STSClient configureBasicSTSClient(AuthParams authParams, String stsWsdlLocation, Bus bus) {
+ STSClient basicStsClient = new STSClient(bus);
+ basicStsClient.setWsdlLocation(stsWsdlLocation);
+ basicStsClient.setServiceName(STS_SERVICE_NAME.toString());
+ basicStsClient.setEndpointName(authParams.getAuthMode().endpointName.toString());
+ if (authParams.getAuthMode().getKeyType() != null) {
+ basicStsClient.setKeyType(authParams.getAuthMode().getKeyType());
+ } else {
+ basicStsClient.setSendKeyType(false);
+ }
+ basicStsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+ basicStsClient.setAllowRenewingAfterExpiry(true);
+ basicStsClient.setEnableLifetime(true);
+
+ Map<String, Object> props = new HashMap<String, Object>();
+ if (authParams.getUserName() != null) {
+ props.put(SecurityConstants.USERNAME, authParams.getUserName());
+ }
+ props.put(SecurityConstants.CALLBACK_HANDLER, authParams.getCallbackHandler());
+ if ((authParams.getKeystoreProperties() != null) && (authParams.getKeystoreProperties() != null)) {
+ props.put(SecurityConstants.ENCRYPT_USERNAME, authParams.getAlias());
+ props.put(SecurityConstants.ENCRYPT_PROPERTIES, authParams.getKeystoreProperties());
+ props.put(SecurityConstants.SIGNATURE_PROPERTIES, authParams.getKeystoreProperties());
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, authParams.getAlias());
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES, authParams.getKeystoreProperties());
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+ }
+ basicStsClient.setProperties(props);
+
+ return basicStsClient;
+ }
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
new file mode 100644
index 0000000..bdafbc8
--- /dev/null
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenOutInterceptorTest.java
@@ -0,0 +1,329 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.cxf.systest.sts.stsclient;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.KeyManagementException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.CertificateException;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.net.ssl.HttpsURLConnection;
+import javax.net.ssl.KeyManager;
+import javax.net.ssl.KeyManagerFactory;
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.TrustManager;
+import javax.net.ssl.TrustManagerFactory;
+
+import org.apache.cxf.Bus;
+import org.apache.cxf.BusFactory;
+import org.apache.cxf.configuration.jsse.TLSClientParameters;
+import org.apache.cxf.endpoint.Endpoint;
+import org.apache.cxf.endpoint.EndpointException;
+import org.apache.cxf.endpoint.EndpointImpl;
+import org.apache.cxf.interceptor.LoggingInInterceptor;
+import org.apache.cxf.interceptor.LoggingOutInterceptor;
+import org.apache.cxf.message.Exchange;
+import org.apache.cxf.message.ExchangeImpl;
+import org.apache.cxf.message.Message;
+import org.apache.cxf.message.MessageImpl;
+import org.apache.cxf.service.Service;
+import org.apache.cxf.service.ServiceImpl;
+import org.apache.cxf.service.model.BindingInfo;
+import org.apache.cxf.service.model.EndpointInfo;
+import org.apache.cxf.service.model.ServiceInfo;
+import org.apache.cxf.systest.sts.common.SecurityTestUtil;
+import org.apache.cxf.systest.sts.deployment.STSServer;
+import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase;
+import org.apache.cxf.transport.http.HTTPConduit;
+import org.apache.cxf.ws.security.SecurityConstants;
+import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor;
+import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthMode;
+import org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor.AuthParams;
+import org.apache.cxf.ws.security.tokenstore.SecurityToken;
+import org.apache.cxf.ws.security.trust.STSClient;
+
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+
+/**
+ * Some tests for STSClient configuration.
+ */
+public class STSTokenOutInterceptorTest extends AbstractBusClientServerTestBase {
+ static final String STSPORT = allocatePort(STSServer.class);
+ static final String STSPORT2 = allocatePort(STSServer.class, 2);
+
+ private static final String STS_SERVICE_NAME =
+ "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService";
+ private static final String TOKEN_TYPE_SAML_2_0 =
+ "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+
+ private static final String SERVICE_ENDPOINT_ASSYMETRIC =
+ "http://localhost:8081/doubleit/services/doubleitasymmetric";
+ private static final String STS_X509_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/X509?wsdl";
+ private static final String STS_X509_ENDPOINT_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port";
+ private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey";
+
+ private static final String SERVICE_ENDPOINT_TRANSPORT =
+ "https://localhost:8081/doubleit/services/doubleittransportsaml1";
+ private static final String STS_TRANSPORT_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/Transport?wsdl";
+ private static final String STS_TRANSPORT_ENDPOINT_NAME =
+ "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port";
+
+ private static final String CLIENTSTORE = "/clientstore.jks";
+ private static final String KEYSTORE_PASS = "cspass";
+ private static final String KEY_PASS = "ckpass";
+
+ @BeforeClass
+ public static void startServers() throws Exception {
+ assertTrue(
+ "Server failed to launch",
+ // run the server in the same process
+ // set this to false to fork
+ launchServer(STSServer.class, true)
+ );
+ }
+
+ @AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ stopAllServers();
+ }
+
+ @Test
+ public void testBasicAsymmetricBinding() throws Exception {
+ Bus bus = BusFactory.getThreadDefaultBus();
+
+ AuthParams authParams = new AuthParams(
+ AuthMode.X509,
+ null,
+ "org.apache.cxf.systest.sts.common.CommonCallbackHandler",
+ "mystskey",
+ "clientKeystore.properties");
+
+ STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(
+ authParams,
+ "http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE,
+ bus);
+
+ MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC);
+
+ interceptor.handleMessage(message);
+
+ SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+ validateSecurityToken(token);
+ }
+
+ @Test
+ public void testBasicTransportBinding() throws Exception {
+ // Setup HttpsURLConnection to get STS WSDL
+ configureDefaultHttpsConnection();
+
+ Bus bus = BusFactory.getThreadDefaultBus();
+ AuthParams authParams = new AuthParams(
+ AuthMode.TRANSPORT,
+ "alice",
+ "org.apache.cxf.systest.sts.common.CommonCallbackHandler",
+ null,
+ null);
+
+ STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(
+ authParams,
+ "https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE,
+ bus);
+
+ TLSClientParameters tlsParams = prepareTLSParams();
+ STSClient stsClient = interceptor.getSTSClient();
+ ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams);
+
+ MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_TRANSPORT);
+
+ interceptor.handleMessage(message);
+
+ SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+ validateSecurityToken(token);
+ }
+
+ @Test
+ public void testSTSClientAsymmetricBinding() throws Exception {
+ Bus bus = BusFactory.getThreadDefaultBus();
+
+ STSClient stsClient = initStsClientAsymmeticBinding(bus);
+ STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(stsClient);
+
+ MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC);
+
+ interceptor.handleMessage(message);
+
+ SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+ validateSecurityToken(token);
+ }
+
+ @Test
+ public void testSTSClientTransportBinding() throws Exception {
+ // Setup HttpsURLConnection to get STS WSDL
+ configureDefaultHttpsConnection();
+
+ Bus bus = BusFactory.getThreadDefaultBus();
+ STSClient stsClient = initStsClientTransportBinding(bus);
+
+ STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(stsClient);
+
+ TLSClientParameters tlsParams = prepareTLSParams();
+ ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams);
+
+ MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_TRANSPORT);
+
+ interceptor.handleMessage(message);
+
+ SecurityToken token = (SecurityToken)message.getExchange().get(SecurityConstants.TOKEN);
+ validateSecurityToken(token);
+ }
+
+ private STSClient initStsClientAsymmeticBinding(Bus bus) {
+ bus.getInInterceptors().add(new LoggingOutInterceptor());
+ bus.getOutInterceptors().add(new LoggingInInterceptor());
+ bus.getOutFaultInterceptors().add(new LoggingInInterceptor());
+
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setWsdlLocation("http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE);
+ stsClient.setServiceName(STS_SERVICE_NAME);
+ stsClient.setEndpointName(STS_X509_ENDPOINT_NAME);
+ stsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+ stsClient.setKeyType(KEY_TYPE_X509);
+ stsClient.setAllowRenewingAfterExpiry(true);
+ stsClient.setEnableLifetime(true);
+
+ Map<String, Object> props = new HashMap<String, Object>();
+ props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
+ props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
+ props.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
+ props.put(SecurityConstants.SIGNATURE_PROPERTIES, "clientKeystore.properties");
+ props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey");
+ props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
+ props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
+ stsClient.setProperties(props);
+ return stsClient;
+ }
+
+ private STSClient initStsClientTransportBinding(Bus bus) {
+ bus.getInInterceptors().add(new LoggingOutInterceptor());
+ bus.getOutInterceptors().add(new LoggingInInterceptor());
+ bus.getOutFaultInterceptors().add(new LoggingInInterceptor());
+
+ STSClient stsClient = new STSClient(bus);
+ stsClient.setWsdlLocation("https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE);
+ stsClient.setServiceName(STS_SERVICE_NAME);
+ stsClient.setEndpointName(STS_TRANSPORT_ENDPOINT_NAME);
+ stsClient.setTokenType(TOKEN_TYPE_SAML_2_0);
+ stsClient.setAllowRenewingAfterExpiry(true);
+ stsClient.setEnableLifetime(true);
+
+ Map<String, Object> props = new HashMap<String, Object>();
+ props.put(SecurityConstants.USERNAME, "alice");
+ props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
+ stsClient.setProperties(props);
+ return stsClient;
+ }
+
+ private MessageImpl prepareMessage(Bus bus, STSClient stsClient, String serviceAddress) throws EndpointException {
+ MessageImpl message = new MessageImpl();
+ message.put(SecurityConstants.STS_CLIENT, stsClient);
+ message.put(Message.ENDPOINT_ADDRESS, serviceAddress);
+
+ Exchange exchange = new ExchangeImpl();
+ ServiceInfo si = new ServiceInfo();
+ Service s = new ServiceImpl(si);
+ EndpointInfo ei = new EndpointInfo();
+ Endpoint ep = new EndpointImpl(bus, s, ei);
+ ei.setBinding(new BindingInfo(si, null));
+ message.setExchange(exchange);
+ exchange.put(Endpoint.class, ep);
+ return message;
+ }
+
+ private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException,
+ CertificateException, IOException, KeyManagementException {
+ // For localhost testing only
+ javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() {
+
+ public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) {
+ return "localhost".equals(hostname);
+ }
+ });
+
+ TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory
+ .getDefaultAlgorithm());
+ KeyStore keyStore = loadClientKeystore();
+ trustManagerFactory.init(keyStore);
+ TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
+ SSLContext sc = SSLContext.getInstance("SSL");
+ sc.init(null, trustManagers, new java.security.SecureRandom());
+ HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+ }
+
+ private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException,
+ NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
+ TLSClientParameters tlsParams = new TLSClientParameters();
+ tlsParams.setDisableCNCheck(true);
+ KeyStore trustStore = loadClientKeystore();
+
+ TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory
+ .getDefaultAlgorithm());
+ trustFactory.init(trustStore);
+ TrustManager[] tm = trustFactory.getTrustManagers();
+ tlsParams.setTrustManagers(tm);
+
+ KeyStore keyStore = loadClientKeystore();
+ KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
+ keyFactory.init(keyStore, KEY_PASS.toCharArray());
+ KeyManager[] km = keyFactory.getKeyManagers();
+ tlsParams.setKeyManagers(km);
+ return tlsParams;
+ }
+
+ private KeyStore loadClientKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException,
+ CertificateException {
+ KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());
+ InputStream keystoreStream = STSTokenOutInterceptorTest.class.getResourceAsStream(CLIENTSTORE);
+ try {
+ keystore.load(keystoreStream, KEYSTORE_PASS.toCharArray());
+ } finally {
+ keystoreStream.close();
+ }
+ return keystore;
+ }
+
+ private void validateSecurityToken(SecurityToken token) {
+ Assert.assertNotNull(token);
+ Assert.assertEquals(TOKEN_TYPE_SAML_2_0, token.getTokenType());
+ Assert.assertNotNull(token.getId());
+ Assert.assertTrue(token.getExpires().after(new Date()));
+ Assert.assertEquals("Assertion", token.getToken().getLocalName());
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf/blob/c933c0be/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
----------------------------------------------------------------------
diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
index 0f924c1..ca14481 100644
--- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
+++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenRetrieverTest.java
@@ -157,7 +157,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase {
stsClient.setEnableLifetime(true);
Map<String, Object> props = new HashMap<String, Object>();
- props.put(SecurityConstants.USERNAME, "alice");
props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
props.put(SecurityConstants.ENCRYPT_USERNAME, "mystskey");
props.put(SecurityConstants.ENCRYPT_PROPERTIES, "clientKeystore.properties");
@@ -165,7 +164,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase {
props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey");
props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
- props.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
stsClient.setProperties(props);
return stsClient;
}
@@ -186,10 +184,6 @@ public class STSTokenRetrieverTest extends AbstractBusClientServerTestBase {
Map<String, Object> props = new HashMap<String, Object>();
props.put(SecurityConstants.USERNAME, "alice");
props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler");
- props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey");
- props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties");
- props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
- props.put(SecurityConstants.IS_BSP_COMPLIANT, "false");
stsClient.setProperties(props);
return stsClient;
}