Added: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java?rev=1345768&view=auto ============================================================================== --- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java (added) +++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML1CallbackHandler.java Sun Jun 3 20:25:34 2012 @@ -0,0 +1,92 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.core; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.ws.security.saml.ext.SAMLCallback; +import org.apache.ws.security.saml.ext.bean.KeyInfoBean; +import org.apache.ws.security.saml.ext.bean.SubjectBean; +import org.apache.ws.security.saml.ext.builder.SAML1Constants; +import org.apache.ws.security.saml.ext.builder.SAML2Constants; +import org.opensaml.common.SAMLVersion; + + + +/** + * A Callback Handler implementation for a SAML 1.1 assertion. By default it creates an + * authentication assertion using Sender Vouches. + */ +public class SAML1CallbackHandler extends AbstractSAMLCallbackHandler { + + public SAML1CallbackHandler() throws Exception { + // Required for Holder-Of-Key. Commented out. + /* + if (certs == null) { + Crypto crypto = CryptoFactory.getInstance("wss40.properties"); + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias("wss40"); + certs = crypto.getX509Certificates(cryptoType); + } + */ + + subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com"; + subjectQualifier = "www.example.com"; + confirmationMethod = SAML2Constants.CONF_BEARER; + } + + public void handle(Callback[] callbacks) + throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof SAMLCallback) { + SAMLCallback callback = (SAMLCallback) callbacks[i]; + callback.setSamlVersion(SAMLVersion.VERSION_11); + callback.setIssuer(issuer); + if (conditions != null) { + callback.setConditions(conditions); + } + + SubjectBean subjectBean = + new SubjectBean( + subjectName, subjectQualifier, confirmationMethod + ); + if (subjectNameIDFormat != null) { + subjectBean.setSubjectNameIDFormat(subjectNameIDFormat); + } + if (SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) { + try { + KeyInfoBean keyInfo = createKeyInfo(); + subjectBean.setKeyInfo(keyInfo); + } catch (Exception ex) { + throw new IOException("Problem creating KeyInfo: " + ex.getMessage()); + } + } + createAndSetStatement(subjectBean, callback); + } else { + throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); + } + } + } + +} +
Added: cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java?rev=1345768&view=auto ============================================================================== --- cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java (added) +++ cxf/fediz/trunk/plugins/core/src/test/java/org/apache/cxf/fediz/core/SAML2CallbackHandler.java Sun Jun 3 20:25:34 2012 @@ -0,0 +1,92 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.cxf.fediz.core; + +import java.io.IOException; + +import javax.security.auth.callback.Callback; +import javax.security.auth.callback.UnsupportedCallbackException; + +import org.apache.ws.security.saml.ext.SAMLCallback; +import org.apache.ws.security.saml.ext.bean.KeyInfoBean; +import org.apache.ws.security.saml.ext.bean.SubjectBean; +import org.apache.ws.security.saml.ext.builder.SAML2Constants; +import org.opensaml.common.SAMLVersion; + + + +/** + * A Callback Handler implementation for a SAML 2 assertion. By default it creates an + * authentication assertion using Bearer. + */ +public class SAML2CallbackHandler extends AbstractSAMLCallbackHandler { + + public SAML2CallbackHandler() throws Exception { + // Required for Holder-Of-Key. Commented out. + /* + if (certs == null) { + Crypto crypto = CryptoFactory.getInstance("wss40.properties"); + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias("wss40"); + certs = crypto.getX509Certificates(cryptoType); + } + */ + + subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com"; + subjectQualifier = "www.example.com"; + confirmationMethod = SAML2Constants.CONF_BEARER; + } + + public void handle(Callback[] callbacks) + throws IOException, UnsupportedCallbackException { + for (int i = 0; i < callbacks.length; i++) { + if (callbacks[i] instanceof SAMLCallback) { + SAMLCallback callback = (SAMLCallback) callbacks[i]; + callback.setSamlVersion(SAMLVersion.VERSION_20); + callback.setIssuer(issuer); + if (conditions != null) { + callback.setConditions(conditions); + } + + SubjectBean subjectBean = + new SubjectBean( + subjectName, subjectQualifier, confirmationMethod + ); + if (subjectNameIDFormat != null) { + subjectBean.setSubjectNameIDFormat(subjectNameIDFormat); + } + subjectBean.setSubjectConfirmationData(subjectConfirmationData); + if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) { + try { + KeyInfoBean keyInfo = createKeyInfo(); + subjectBean.setKeyInfo(keyInfo); + } catch (Exception ex) { + throw new IOException("Problem creating KeyInfo: " + ex.getMessage()); + } + } + callback.setSubject(subjectBean); + createAndSetStatement(null, callback); + } else { + throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); + } + } + } + +} Modified: cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml?rev=1345768&r1=1345767&r2=1345768&view=diff ============================================================================== --- cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml (original) +++ cxf/fediz/trunk/plugins/core/src/test/resources/fediz_test_config.xml Sun Jun 3 20:25:34 2012 @@ -8,11 +8,11 @@ <trustManager> <keyStore file="stsstore.jks" password="stsspass" type="JKS" /> - </trustManager> + </trustManager> </certificateStores> <trustedIssuers> <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust" - name="DoubleItSTSIssuer" /> + name="FedizSTSIssuer" /> </trustedIssuers> <maximumClockSkew>1000</maximumClockSkew> @@ -32,4 +32,80 @@ </claimTypesRequested> </protocol> </contextConfig> -</FedizConfig> \ No newline at end of file + + <contextConfig name="ROOT2"> + <audienceUris> + <audienceItem>http://host_one:port/url</audienceItem> + </audienceUris> + <certificateStores> + <trustManager> + <keyStore file="stsrealm_a.jks" password="storepass" + type="JKS" /> + </trustManager> + <trustManager> + <keyStore file="stsstore.jks" password="stsspass" + type="JKS" /> + </trustManager> + </certificateStores> + <trustedIssuers> + <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust" + name="FedizSTSIssuer" /> + </trustedIssuers> + + <maximumClockSkew>1000</maximumClockSkew> + <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:type="federationProtocolType" version="1.2"> + <realm>target realm</realm> + <issuer>http://url_to_the_issuer</issuer> + <roleDelimiter>;</roleDelimiter> + <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> + <authenticationType value="some auth type" type="String" /> + <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm> + <freshness>10000</freshness> + <reply>reply value</reply> + <request>REQUEST</request> + <claimTypesRequested> + <claimType type="a particular claim type" optional="true" /> + </claimTypesRequested> + </protocol> + </contextConfig> + + <contextConfig name="ROOT3"> + <audienceUris> + <audienceItem>http://host_one:port/url</audienceItem> + </audienceUris> + <certificateStores> + <trustManager> + <keyStore file="stsrealm_a.jks" password="storepass" + type="JKS" /> + </trustManager> + <trustManager> + <keyStore file="stsstore.jks" password="stsspass" + type="JKS" /> + </trustManager> + </certificateStores> + <trustedIssuers> + <issuer subject=".*CN=REALMA.*" certificateValidation="ChainTrust" + name="FedizSTSIssuer2" /> + <issuer subject=".*CN=www.sts.com.*" certificateValidation="ChainTrust" + name="FedizSTSIssuer" /> + </trustedIssuers> + + <maximumClockSkew>1000</maximumClockSkew> + <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; + xsi:type="federationProtocolType" version="1.2"> + <realm>target realm</realm> + <issuer>http://url_to_the_issuer</issuer> + <roleDelimiter>;</roleDelimiter> + <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> + <authenticationType value="some auth type" type="String" /> + <homeRealm type="Class">org.apache.fediz.realm.MyHomeRealm.class</homeRealm> + <freshness>10000</freshness> + <reply>reply value</reply> + <request>REQUEST</request> + <claimTypesRequested> + <claimType type="a particular claim type" optional="true" /> + </claimTypesRequested> + </protocol> + </contextConfig> +</FedizConfig> Modified: cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties?rev=1345768&r1=1345767&r2=1345768&view=diff ============================================================================== --- cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties (original) +++ cxf/fediz/trunk/plugins/core/src/test/resources/signature.properties Sun Jun 3 20:25:34 2012 @@ -1,6 +1,5 @@ org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin org.apache.ws.security.crypto.merlin.keystore.type=jks -org.apache.ws.security.crypto.merlin.keystore.password=changeit -#org.apache.ws.security.crypto.merlin.keystore.alias=notneeded -org.apache.ws.security.crypto.merlin.keystore.file=sdcinternal.jks +org.apache.ws.security.crypto.merlin.keystore.password=stsspass +org.apache.ws.security.crypto.merlin.keystore.file=stsstore.jks Added: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks?rev=1345768&view=auto ============================================================================== Binary file - no diff available. Propchange: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_a.jks ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Added: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks?rev=1345768&view=auto ============================================================================== Binary file - no diff available. Propchange: cxf/fediz/trunk/plugins/core/src/test/resources/stsrealm_b.jks ------------------------------------------------------------------------------ svn:mime-type = application/octet-stream Modified: cxf/fediz/trunk/pom.xml URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/pom.xml?rev=1345768&r1=1345767&r2=1345768&view=diff ============================================================================== --- cxf/fediz/trunk/pom.xml (original) +++ cxf/fediz/trunk/pom.xml Sun Jun 3 20:25:34 2012 @@ -42,7 +42,7 @@ <junit.version>4.8.2</junit.version> <tomcat.url>http://localhost:8080/manager/text</tomcat.url> <cxf.version>2.6.1-SNAPSHOT</cxf.version> - <wss4j.version>1.6.5</wss4j.version> + <wss4j.version>1.6.6</wss4j.version> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <jdk.version>1.6</jdk.version> <compiler.fork>false</compiler.fork>
