You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2014/10/14 13:23:09 UTC
git commit: Some reshuffling of keys + adding a test for the
PublicKey KeyType
Repository: cxf-fediz
Updated Branches:
refs/heads/master 9c84e0aab -> 120c1cd7b
Some reshuffling of keys + adding a test for the PublicKey KeyType
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/120c1cd7
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/120c1cd7
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/120c1cd7
Branch: refs/heads/master
Commit: 120c1cd7bca77f55e313ccbcf2387ad846e201ac
Parents: 9c84e0a
Author: Colm O hEigeartaigh <co...@apache.org>
Authored: Tue Oct 14 12:22:43 2014 +0100
Committer: Colm O hEigeartaigh <co...@apache.org>
Committed: Tue Oct 14 12:22:43 2014 +0100
----------------------------------------------------------------------
.../federation/FederationTest.java | 55 -----
systests/cxf/src/test/resources/client.jks | Bin 1359 -> 2060 bytes
.../cxf/src/test/resources/clientUntrusted.jks | Bin 2074 -> 0 bytes
systests/cxf/src/test/resources/server.jks | Bin 1123 -> 1863 bytes
systests/jetty8/src/test/resources/client.jks | Bin 1359 -> 2060 bytes
systests/jetty8/src/test/resources/server.jks | Bin 1123 -> 1863 bytes
systests/spring/src/test/resources/client.jks | Bin 1359 -> 2060 bytes
systests/spring/src/test/resources/server.jks | Bin 1123 -> 1863 bytes
.../fediz/integrationtests/AbstractTests.java | 4 +-
.../integrationtests/HOKCallbackHandler.java | 48 ++++
.../fediz/integrationtests/HolderOfKeyTest.java | 233 +++++++++++++++++++
.../cxf/fediz/integrationtests/TomcatTest.java | 54 -----
systests/tomcat7/src/test/resources/client.jks | Bin 1359 -> 2060 bytes
.../src/test/resources/clientUntrusted.jks | Bin 2074 -> 0 bytes
.../src/test/resources/fediz_config_hok.xml | 39 ++++
systests/tomcat7/src/test/resources/server.jks | Bin 1123 -> 1863 bytes
16 files changed, 322 insertions(+), 111 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
index 8dbbcb5..123c107 100644
--- a/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
+++ b/systests/cxf/src/test/java/org/apache/cxf/fediz/integrationtests/federation/FederationTest.java
@@ -21,18 +21,10 @@ package org.apache.cxf.fediz.integrationtests.federation;
import java.io.File;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.core.ClaimTypes;
import org.apache.cxf.fediz.integrationtests.AbstractTests;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -176,53 +168,6 @@ public class FederationTest extends AbstractTests {
return rpHttpsPort;
}
- @org.junit.Test
- public void testUserAliceClientAuth() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
- String user = "alice";
- String password = "ecila";
-
- final WebClient webClient = new WebClient();
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getOptions().setSSLClientCertificate(
- this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
- final HtmlPage idpPage = webClient.getPage(url);
- webClient.getOptions().setJavaScriptEnabled(true);
- Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- final HtmlForm form = idpPage.getFormByName("signinresponseform");
- final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
- final HtmlPage rpPage = button.click();
- Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
-
- final String bodyTextContent = rpPage.getBody().getTextContent();
- Assert.assertTrue("Principal not " + user,
- bodyTextContent.contains("userPrincipal=" + user));
- Assert.assertTrue("User " + user + " does not have role Admin",
- bodyTextContent.contains("role:Admin=false"));
- Assert.assertTrue("User " + user + " does not have role Manager",
- bodyTextContent.contains("role:Manager=false"));
- Assert.assertTrue("User " + user + " must have role User",
- bodyTextContent.contains("role:User=true"));
-
- String claim = ClaimTypes.FIRSTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
- bodyTextContent.contains(claim + "=Alice"));
- claim = ClaimTypes.LASTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
- bodyTextContent.contains(claim + "=Smith"));
- claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
- bodyTextContent.contains(claim + "=alice@realma.org"));
-
- }
-
public String getServletContextName() {
return "fedizhelloworld";
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/client.jks b/systests/cxf/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/cxf/src/test/resources/client.jks and b/systests/cxf/src/test/resources/client.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/resources/clientUntrusted.jks
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/clientUntrusted.jks b/systests/cxf/src/test/resources/clientUntrusted.jks
deleted file mode 100644
index ea0bfd1..0000000
Binary files a/systests/cxf/src/test/resources/clientUntrusted.jks and /dev/null differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/cxf/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/cxf/src/test/resources/server.jks b/systests/cxf/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/cxf/src/test/resources/server.jks and b/systests/cxf/src/test/resources/server.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/jetty8/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/client.jks b/systests/jetty8/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/jetty8/src/test/resources/client.jks and b/systests/jetty8/src/test/resources/client.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/jetty8/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/server.jks b/systests/jetty8/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/jetty8/src/test/resources/server.jks and b/systests/jetty8/src/test/resources/server.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/spring/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/client.jks b/systests/spring/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/spring/src/test/resources/client.jks and b/systests/spring/src/test/resources/client.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/spring/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/server.jks b/systests/spring/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/spring/src/test/resources/server.jks and b/systests/spring/src/test/resources/server.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
----------------------------------------------------------------------
diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
index af799f5..53e2e79 100644
--- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
+++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
@@ -309,7 +309,7 @@ public abstract class AbstractTests {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
- this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
+ this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
final XmlPage rpPage = webClient.getPage(url);
final String xmlContent = rpPage.asXml();
@@ -340,7 +340,7 @@ public abstract class AbstractTests {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setSSLClientCertificate(
- this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
+ this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
final XmlPage rpPage = webClient.getPage(url);
final String xmlContent = rpPage.asXml();
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
new file mode 100644
index 0000000..e2f402c
--- /dev/null
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HOKCallbackHandler.java
@@ -0,0 +1,48 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.IOException;
+
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+
+import org.apache.cxf.fediz.core.spi.WReqCallback;
+
+public class HOKCallbackHandler implements CallbackHandler {
+
+ static final String HOK_WREQ =
+ "<RequestSecurityToken xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\">"
+ + "<KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey</KeyType>"
+ + "</RequestSecurityToken>";
+
+ public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
+ for (int i = 0; i < callbacks.length; i++) {
+ if (callbacks[i] instanceof WReqCallback) {
+ WReqCallback callback = (WReqCallback) callbacks[i];
+ callback.setWreq(HOK_WREQ);
+ } else {
+ throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
+ }
+ }
+ }
+
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
new file mode 100644
index 0000000..32fbf35
--- /dev/null
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/HolderOfKeyTest.java
@@ -0,0 +1,233 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.integrationtests;
+
+import java.io.File;
+
+import com.gargoylesoftware.htmlunit.WebClient;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
+import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.LifecycleState;
+import org.apache.catalina.connector.Connector;
+import org.apache.catalina.startup.Tomcat;
+import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.http.auth.AuthScope;
+import org.apache.http.auth.UsernamePasswordCredentials;
+import org.junit.AfterClass;
+import org.junit.Assert;
+import org.junit.BeforeClass;
+
+/**
+ * A test for sending a "PublicKey" KeyType request to the IdP via the "wreq" parameter. This
+ * will cause the IdP/STS to issue a "HolderOfKey" SAML Assertion.
+ */
+public class HolderOfKeyTest {
+
+ static String idpHttpsPort;
+ static String rpHttpsPort;
+
+ private static Tomcat idpServer;
+ private static Tomcat rpServer;
+
+ @BeforeClass
+ public static void init() {
+ System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
+ System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true");
+ System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
+ idpHttpsPort = System.getProperty("idp.https.port");
+ Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
+ rpHttpsPort = System.getProperty("rp.https.port");
+ Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort);
+
+ initIdp();
+ initRp();
+ }
+
+ private static void initIdp() {
+ try {
+ idpServer = new Tomcat();
+ idpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ idpServer.setBaseDir(currentDir + File.separator + "target");
+
+ idpServer.getHost().setAppBase("tomcat/idp/webapps");
+ idpServer.getHost().setAutoDeploy(true);
+ idpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(idpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ //httpsConnector.setAttribute("keyAlias", keyAlias);
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ idpServer.getService().addConnector(httpsConnector);
+
+ idpServer.addWebapp("/fediz-idp-sts", "fediz-idp-sts");
+ idpServer.addWebapp("/fediz-idp", "fediz-idp");
+
+ idpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ private static void initRp() {
+ try {
+ rpServer = new Tomcat();
+ rpServer.setPort(0);
+ String currentDir = new File(".").getCanonicalPath();
+ rpServer.setBaseDir(currentDir + File.separator + "target");
+
+ rpServer.getHost().setAppBase("tomcat/rp/webapps");
+ rpServer.getHost().setAutoDeploy(true);
+ rpServer.getHost().setDeployOnStartup(true);
+
+ Connector httpsConnector = new Connector();
+ httpsConnector.setPort(Integer.parseInt(rpHttpsPort));
+ httpsConnector.setSecure(true);
+ httpsConnector.setScheme("https");
+ //httpsConnector.setAttribute("keyAlias", keyAlias);
+ httpsConnector.setAttribute("keystorePass", "tompass");
+ httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("truststorePass", "tompass");
+ httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks");
+ httpsConnector.setAttribute("clientAuth", "want");
+ httpsConnector.setAttribute("sslProtocol", "TLS");
+ httpsConnector.setAttribute("SSLEnabled", true);
+
+ rpServer.getService().addConnector(httpsConnector);
+
+ //Context ctx =
+ Context cxt = rpServer.addWebapp("/fedizhelloworld", "simpleWebapp");
+ FederationAuthenticator fa = new FederationAuthenticator();
+ fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ + "test-classes" + File.separator + "fediz_config_hok.xml");
+ cxt.getPipeline().addValve(fa);
+
+
+ rpServer.start();
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ @AfterClass
+ public static void cleanup() {
+ try {
+ if (idpServer.getServer() != null
+ && idpServer.getServer().getState() != LifecycleState.DESTROYED) {
+ if (idpServer.getServer().getState() != LifecycleState.STOPPED) {
+ idpServer.stop();
+ }
+ idpServer.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+
+ try {
+ if (rpServer.getServer() != null
+ && rpServer.getServer().getState() != LifecycleState.DESTROYED) {
+ if (rpServer.getServer().getState() != LifecycleState.STOPPED) {
+ rpServer.stop();
+ }
+ rpServer.destroy();
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ }
+ }
+
+ public String getIdpHttpsPort() {
+ return idpHttpsPort;
+ }
+
+ public String getRpHttpsPort() {
+ return rpHttpsPort;
+ }
+
+ public String getServletContextName() {
+ return "fedizhelloworld";
+ }
+
+ @org.junit.Test
+ public void testHolderOfKey() throws Exception {
+ String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
+ String user = "alice";
+ String password = "ecila";
+
+ final WebClient webClient = new WebClient();
+ webClient.getOptions().setUseInsecureSSL(true);
+ webClient.getOptions().setSSLClientCertificate(
+ this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks");
+ webClient.getCredentialsProvider().setCredentials(
+ new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
+ new UsernamePasswordCredentials(user, password));
+
+ webClient.getOptions().setJavaScriptEnabled(false);
+ final HtmlPage idpPage = webClient.getPage(url);
+ webClient.getOptions().setJavaScriptEnabled(true);
+ Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
+
+ final HtmlForm form = idpPage.getFormByName("signinresponseform");
+ final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
+
+ final HtmlPage rpPage = button.click();
+ Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
+
+ final String bodyTextContent = rpPage.getBody().getTextContent();
+ Assert.assertTrue("Principal not " + user,
+ bodyTextContent.contains("userPrincipal=" + user));
+ Assert.assertTrue("User " + user + " does not have role Admin",
+ bodyTextContent.contains("role:Admin=false"));
+ Assert.assertTrue("User " + user + " does not have role Manager",
+ bodyTextContent.contains("role:Manager=false"));
+ Assert.assertTrue("User " + user + " must have role User",
+ bodyTextContent.contains("role:User=true"));
+
+ String claim = ClaimTypes.FIRSTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
+ bodyTextContent.contains(claim + "=Alice"));
+ claim = ClaimTypes.LASTNAME.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
+ bodyTextContent.contains(claim + "=Smith"));
+ claim = ClaimTypes.EMAILADDRESS.toString();
+ Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
+ bodyTextContent.contains(claim + "=alice@realma.org"));
+ }
+
+}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
index e250877..18939f5 100644
--- a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
+++ b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
@@ -22,19 +22,11 @@ package org.apache.cxf.fediz.integrationtests;
import java.io.File;
-import com.gargoylesoftware.htmlunit.WebClient;
-import com.gargoylesoftware.htmlunit.html.HtmlForm;
-import com.gargoylesoftware.htmlunit.html.HtmlPage;
-import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput;
-
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
-import org.apache.cxf.fediz.core.ClaimTypes;
import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
-import org.apache.http.auth.AuthScope;
-import org.apache.http.auth.UsernamePasswordCredentials;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
@@ -186,50 +178,4 @@ public class TomcatTest extends AbstractTests {
return "fedizhelloworld";
}
- @org.junit.Test
- public void testUserAliceClientAuth() throws Exception {
- String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
- String user = "alice";
- String password = "ecila";
-
- final WebClient webClient = new WebClient();
- webClient.getOptions().setUseInsecureSSL(true);
- webClient.getOptions().setSSLClientCertificate(
- this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks");
- webClient.getCredentialsProvider().setCredentials(
- new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
- new UsernamePasswordCredentials(user, password));
-
- webClient.getOptions().setJavaScriptEnabled(false);
- final HtmlPage idpPage = webClient.getPage(url);
- webClient.getOptions().setJavaScriptEnabled(true);
- Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- final HtmlForm form = idpPage.getFormByName("signinresponseform");
- final HtmlSubmitInput button = form.getInputByName("_eventId_submit");
-
- final HtmlPage rpPage = button.click();
- Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());
-
- final String bodyTextContent = rpPage.getBody().getTextContent();
- Assert.assertTrue("Principal not " + user,
- bodyTextContent.contains("userPrincipal=" + user));
- Assert.assertTrue("User " + user + " does not have role Admin",
- bodyTextContent.contains("role:Admin=false"));
- Assert.assertTrue("User " + user + " does not have role Manager",
- bodyTextContent.contains("role:Manager=false"));
- Assert.assertTrue("User " + user + " must have role User",
- bodyTextContent.contains("role:User=true"));
-
- String claim = ClaimTypes.FIRSTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
- bodyTextContent.contains(claim + "=Alice"));
- claim = ClaimTypes.LASTNAME.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
- bodyTextContent.contains(claim + "=Smith"));
- claim = ClaimTypes.EMAILADDRESS.toString();
- Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'",
- bodyTextContent.contains(claim + "=alice@realma.org"));
- }
-
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/client.jks
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/client.jks b/systests/tomcat7/src/test/resources/client.jks
index cdea4cb..720dbda 100644
Binary files a/systests/tomcat7/src/test/resources/client.jks and b/systests/tomcat7/src/test/resources/client.jks differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/clientUntrusted.jks
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/clientUntrusted.jks b/systests/tomcat7/src/test/resources/clientUntrusted.jks
deleted file mode 100644
index ea0bfd1..0000000
Binary files a/systests/tomcat7/src/test/resources/clientUntrusted.jks and /dev/null differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/fediz_config_hok.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/fediz_config_hok.xml b/systests/tomcat7/src/test/resources/fediz_config_hok.xml
new file mode 100644
index 0000000..21bd594
--- /dev/null
+++ b/systests/tomcat7/src/test/resources/fediz_config_hok.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- Place in Tomcat conf folder or other location as designated in this sample's webapp/META-INF/context.xml file.
+ Keystore referenced below must have IDP STS' public cert included in it. This example re-uses the Tomcat SSL
+ keystore (tomcat-rp.jks) for this task; alternatively you may wish to use a Fediz-specific keystore instead.
+-->
+<FedizConfig>
+ <contextConfig name="/fedizhelloworld">
+ <audienceUris>
+ <audienceItem>urn:org:apache:cxf:fediz:fedizhelloworld</audienceItem>
+ </audienceUris>
+ <certificateStores>
+ <trustManager>
+ <keyStore file="test-classes/ststrust.jks"
+ password="storepass" type="JKS" />
+ </trustManager>
+ </certificateStores>
+ <trustedIssuers>
+ <issuer certificateValidation="PeerTrust" />
+ </trustedIssuers>
+ <maximumClockSkew>1000</maximumClockSkew>
+ <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:type="federationProtocolType" version="1.0.0">
+ <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
+ <issuer>https://localhost:${idp.https.port}/fediz-idp/federation</issuer>
+ <roleDelimiter>,</roleDelimiter>
+ <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+ <freshness>10</freshness>
+ <homeRealm type="String">urn:org:apache:cxf:fediz:idp:realm-A</homeRealm>
+ <claimTypesRequested>
+ <claimType type="a particular claim type"
+ optional="true" />
+ </claimTypesRequested>
+ <request type="Class">org.apache.cxf.fediz.integrationtests.HOKCallbackHandler</request>
+ </protocol>
+ <logoutURL>/secure/logout</logoutURL>
+ <logoutRedirectTo>/index.html</logoutRedirectTo>
+ </contextConfig>
+</FedizConfig>
+
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/120c1cd7/systests/tomcat7/src/test/resources/server.jks
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/server.jks b/systests/tomcat7/src/test/resources/server.jks
index ae16a55..2f0fdf3 100644
Binary files a/systests/tomcat7/src/test/resources/server.jks and b/systests/tomcat7/src/test/resources/server.jks differ