You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2015/04/07 17:05:42 UTC
[1/2] cxf-fediz git commit: Removing unused variable
Repository: cxf-fediz
Updated Branches:
refs/heads/master 84e4a020f -> c1bbb7cd6
Removing unused variable
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f5c4b563
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f5c4b563
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f5c4b563
Branch: refs/heads/master
Commit: f5c4b563b9063f6e3c7d33f11615e5f1b00574f2
Parents: 84e4a02
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 7 15:48:51 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 7 15:48:51 2015 +0100
----------------------------------------------------------------------
.../apache/cxf/fediz/core/config/CertificateValidationMethod.java | 1 -
1 file changed, 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f5c4b563/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
index b132846..cee16e1 100644
--- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
+++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/config/CertificateValidationMethod.java
@@ -27,7 +27,6 @@ public enum CertificateValidationMethod {
CHAIN_TRUST("ChainTrust");
private final String value;
- private ValidationType validationType;
CertificateValidationMethod(String v) {
value = v;
[2/2] cxf-fediz git commit: Adding some chain trust tests
Posted by co...@apache.org.
Adding some chain trust tests
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c1bbb7cd
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c1bbb7cd
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c1bbb7cd
Branch: refs/heads/master
Commit: c1bbb7cd6c01612a0992e3263e4668a40863a7d8
Parents: f5c4b56
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Apr 7 16:05:30 2015 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Apr 7 16:05:30 2015 +0100
----------------------------------------------------------------------
.../core/federation/FederationResponseTest.java | 47 +++++++++++++++
.../src/test/resources/fediz_test_config.xml | 62 ++++++++++++++++++++
2 files changed, 109 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c1bbb7cd/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
index 853ce56..02b8370 100644
--- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
+++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/federation/FederationResponseTest.java
@@ -260,6 +260,53 @@ public class FederationResponseTest {
}
+ @org.junit.Test
+ public void testChainTrust() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+ callbackHandler.setIssuer(TEST_RSTR_ISSUER);
+ callbackHandler.setSubjectName(TEST_USER);
+ ConditionsBean cp = new ConditionsBean();
+ AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
+ audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
+ cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
+ callbackHandler.setConditions(cp);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
+ String rstr = createSamlToken(assertion, "mystskey", true);
+
+ FedizRequest wfReq = new FedizRequest();
+ wfReq.setAction(FederationConstants.ACTION_SIGNIN);
+ wfReq.setResponseToken(rstr);
+
+ // Test successful trust validation (subject cert constraint)
+ configurator = null;
+ FedizContext config = getFederationConfigurator().getFedizContext("CHAIN_TRUST");
+
+ FedizProcessor wfProc = new FederationProcessorImpl();
+ FedizResponse wfRes = wfProc.processRequest(wfReq, config);
+
+ Assert.assertEquals("Principal name wrong", TEST_USER,
+ wfRes.getUsername());
+ Assert.assertEquals("Issuer wrong", TEST_RSTR_ISSUER, wfRes.getIssuer());
+ Assert.assertEquals("Audience wrong", TEST_AUDIENCE, wfRes.getAudience());
+
+ // Test unsuccessful trust validation (bad subject cert constraint)
+ configurator = null;
+ config = getFederationConfigurator().getFedizContext("CHAIN_TRUST2");
+
+ wfProc = new FederationProcessorImpl();
+ try {
+ wfRes = wfProc.processRequest(wfReq, config);
+ Assert.fail("Processing must fail because of invalid subject cert constraint");
+ } catch (ProcessingException ex) {
+ // expected
+ }
+ }
+
/**
* Validate SAML 2 token which includes the role attribute with 2 values
* Roles are encoded as a multi-value saml attribute
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c1bbb7cd/plugins/core/src/test/resources/fediz_test_config.xml
----------------------------------------------------------------------
diff --git a/plugins/core/src/test/resources/fediz_test_config.xml b/plugins/core/src/test/resources/fediz_test_config.xml
index 920a723..7ac334b 100644
--- a/plugins/core/src/test/resources/fediz_test_config.xml
+++ b/plugins/core/src/test/resources/fediz_test_config.xml
@@ -265,4 +265,66 @@
</protocol>
</contextConfig>
+ <contextConfig name="CHAIN_TRUST">
+ <audienceUris>
+ <audienceItem>http://host_one:port/url</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="ChainTrust" subject=".*CN=www.sts.com.*" />
+ </trustedIssuers>
+
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>target realm</realm>
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type" type="String" />
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+
+ <contextConfig name="CHAIN_TRUST2">
+ <audienceUris>
+ <audienceItem>http://host_one:port/url</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="ststrust.jks" password="storepass"
+ type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="ChainTrust" subject=".*CN=www.sts2.com.*" />
+ </trustedIssuers>
+
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.2">
+ <realm>target realm</realm>
+ <issuer>http://url_to_the_issuer</issuer>
+ <roleDelimiter>;</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <authenticationType value="some auth type" type="String" />
+ <freshness>10000</freshness>
+ <reply>reply value</reply>
+ <request>REQUEST</request>
+ <claimTypesRequested>
+ <claimType type="a particular claim type" optional="true" />
+ </claimTypesRequested>
+ </protocol>
+ </contextConfig>
+
</FedizConfig>