You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2016/01/28 16:58:17 UTC
[1/2] cxf-fediz git commit: Adding tests for the issued IdTokens
Repository: cxf-fediz
Updated Branches:
refs/heads/master 1e1f48b48 -> a549755b1
Adding tests for the issued IdTokens
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/08189ca1
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/08189ca1
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/08189ca1
Branch: refs/heads/master
Commit: 08189ca1e19eafc64d928f8db112b4d81b0ecae0
Parents: 1e1f48b
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jan 28 15:24:04 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jan 28 15:24:46 2016 +0000
----------------------------------------------------------------------
systests/oidc/pom.xml | 6 +++
.../cxf/fediz/systests/oidc/OIDCTest.java | 51 +++++++++++++++++++-
2 files changed, 55 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08189ca1/systests/oidc/pom.xml
----------------------------------------------------------------------
diff --git a/systests/oidc/pom.xml b/systests/oidc/pom.xml
index 42bf107..d460292 100644
--- a/systests/oidc/pom.xml
+++ b/systests/oidc/pom.xml
@@ -93,6 +93,12 @@
<version>${hsqldb.version}</version>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.apache.cxf</groupId>
+ <artifactId>cxf-rt-rs-security-jose-jaxrs</artifactId>
+ <version>${cxf.version}</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
<build>
<testResources>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/08189ca1/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index fe21b64..deba746 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -23,6 +23,12 @@ package org.apache.cxf.fediz.systests.oidc;
import java.io.File;
import java.io.IOException;
import java.net.URL;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
@@ -52,8 +58,13 @@ import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.cxf.fediz.tomcat7.FederationAuthenticator;
+import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm;
+import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer;
+import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
+import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.UsernamePasswordCredentials;
+import org.apache.wss4j.common.util.Loader;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -403,7 +414,9 @@ public class OIDCTest {
String response = responsePage.getWebResponse().getContentAsString();
// Check the IdToken
- Assert.assertTrue(response.contains("id_token"));
+ String idToken = getIdToken(response);
+ Assert.assertNotNull(idToken);
+ validateIdToken(idToken, storedClientId);
webClient.close();
}
@@ -438,7 +451,9 @@ public class OIDCTest {
String response = responsePage.getWebResponse().getContentAsString();
// Check the IdToken
- Assert.assertTrue(response.contains("id_token"));
+ String idToken = getIdToken(response);
+ Assert.assertNotNull(idToken);
+ validateIdToken(idToken, storedClient2Id);
webClient.close();
}
@@ -685,6 +700,38 @@ public class OIDCTest {
return wrapper.getCode();
}
+ private String getIdToken(String parentString) {
+ String foundString =
+ parentString.substring(parentString.indexOf("id_token")
+ + ("id_token" + "\":\"").length());
+ int ampersandIndex = foundString.indexOf('\"');
+ if (ampersandIndex < 1) {
+ ampersandIndex = foundString.length();
+ }
+ return foundString.substring(0, ampersandIndex);
+ }
+
+ private void validateIdToken(String idToken, String audience)
+ throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
+ JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
+ JwtToken jwt = jwtConsumer.getJwtToken();
+
+ // Validate claims
+ Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
+ Assert.assertEquals("accounts.fediz.com", jwt.getClaim(JwtConstants.CLAIM_ISSUER));
+ Assert.assertEquals(audience, jwt.getClaim(JwtConstants.CLAIM_AUDIENCE));
+ Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_EXPIRY));
+ Assert.assertNotNull(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT));
+
+ KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(Loader.getResource("oidc.jks").openStream(), "password".toCharArray());
+ Certificate cert = keystore.getCertificate("alice");
+ Assert.assertNotNull(cert);
+
+ Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
+ SignatureAlgorithm.RS256));
+ }
+
private static class CodeWebConnectionWrapper extends WebConnectionWrapper {
private String code;
[2/2] cxf-fediz git commit: Missing files from last commit
Posted by co...@apache.org.
Missing files from last commit
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/a549755b
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/a549755b
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/a549755b
Branch: refs/heads/master
Commit: a549755b13c65f33883eeb6e67071adbc5839b14
Parents: 08189ca
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Thu Jan 28 15:24:19 2016 +0000
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Thu Jan 28 15:24:47 2016 +0000
----------------------------------------------------------------------
systests/oidc/src/test/resources/oidc.jks | Bin 0 -> 3984 bytes
1 file changed, 0 insertions(+), 0 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/a549755b/systests/oidc/src/test/resources/oidc.jks
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/resources/oidc.jks b/systests/oidc/src/test/resources/oidc.jks
new file mode 100644
index 0000000..9b8c450
Binary files /dev/null and b/systests/oidc/src/test/resources/oidc.jks differ