Repository: cxf-fediz Updated Branches: refs/heads/master bf51b0f8a -> 2a5b457ea
Enforcing client authentication for the OnBehalfOf endpoint Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/2a5b457e Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/2a5b457e Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/2a5b457e Branch: refs/heads/master Commit: 2a5b457ea1ff6bcc9d822f89bf429473308d8b73 Parents: bf51b0f Author: Colm O hEigeartaigh <[email protected]> Authored: Thu Sep 18 17:45:46 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Thu Sep 18 17:45:46 2014 +0100 ---------------------------------------------------------------------- services/idp/src/main/resources/idp-ssl-key.jks | Bin 0 -> 1123 bytes .../src/main/webapp/WEB-INF/applicationContext.xml | 3 +++ services/sts/pom.xml | 2 ++ .../webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl | 12 +++++++----- .../org/apache/cxf/fediz/sts/AbstractSTSTest.java | 2 +- .../cxf/fediz/sts/realms/ITCrossRealmTest.java | 6 ++++++ .../sts/src/test/resources/stsclient.properties | 6 +++--- systests/jetty8/src/test/resources/idp-server.xml | 3 +++ systests/spring/src/test/resources/idp-server.xml | 3 +++ 9 files changed, 28 insertions(+), 9 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/idp/src/main/resources/idp-ssl-key.jks ---------------------------------------------------------------------- diff --git a/services/idp/src/main/resources/idp-ssl-key.jks b/services/idp/src/main/resources/idp-ssl-key.jks new file mode 100644 index 0000000..ae16a55 Binary files /dev/null and b/services/idp/src/main/resources/idp-ssl-key.jks differ http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/idp/src/main/webapp/WEB-INF/applicationContext.xml ---------------------------------------------------------------------- diff --git a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml index c3b8ecd..afe5003 100644 --- a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml +++ b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml @@ -78,6 +78,9 @@ <sec:trustManagers> <sec:keyStore type="jks" password="ispass" resource="idp-ssl-trust.jks" /> </sec:trustManagers> + <sec:keyManagers keyPassword="tompass"> + <sec:keyStore type="jks" password="tompass" resource="idp-ssl-key.jks"/> + </sec:keyManagers> </http:tlsClientParameters> </http:conduit> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/pom.xml ---------------------------------------------------------------------- diff --git a/services/sts/pom.xml b/services/sts/pom.xml index 98d012f..7bb03b7 100644 --- a/services/sts/pom.xml +++ b/services/sts/pom.xml @@ -201,6 +201,8 @@ <keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore> <password>jettypw</password> <keyPassword>jettypw</keyPassword> + <truststore>${project.build.directory}/test-classes/jetty-ssl.keystore</truststore> + <trustPassword>jettypw</trustPassword> <wantClientAuth>true</wantClientAuth> </connector> </connectors> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl ---------------------------------------------------------------------- diff --git a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl index c8187d4..9840239 100644 --- a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl +++ b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl @@ -754,8 +754,10 @@ <wsp:Policy> <sp:TransportToken> <wsp:Policy> - <sp:HttpsToken RequireClientCertificate="false"> - <wsp:Policy/> + <sp:HttpsToken> + <wsp:Policy> + <sp:RequireClientCertificate /> + </wsp:Policy> </sp:HttpsToken> </wsp:Policy> </sp:TransportToken> @@ -802,7 +804,7 @@ <wsp:Policy> <sp:TransportToken> <wsp:Policy> - <sp:HttpsToken RequireClientCertificate="false"> + <sp:HttpsToken> <wsp:Policy/> </sp:HttpsToken> </wsp:Policy> @@ -861,7 +863,7 @@ <wsp:Policy> <sp:TransportToken> <wsp:Policy> - <sp:HttpsToken RequireClientCertificate="false"> + <sp:HttpsToken> <wsp:Policy/> </sp:HttpsToken> </wsp:Policy> @@ -921,7 +923,7 @@ <wsp:Policy> <sp:TransportToken> <wsp:Policy> - <sp:HttpsToken RequireClientCertificate="false"> + <sp:HttpsToken> <wsp:Policy/> </sp:HttpsToken> </wsp:Policy> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java ---------------------------------------------------------------------- diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java index 3b2e6f7..328fab0 100644 --- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java +++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java @@ -216,7 +216,7 @@ public abstract class AbstractSTSTest { return writer.getDocument().getDocumentElement(); } - protected Properties readTestProperties(Class clazz, String method) { + protected Properties readTestProperties(Class<?> clazz, String method) { Properties testProps = new Properties(); String resourceName = "stsclient.properties"; InputStream in = Thread.currentThread().getContextClassLoader().getResourceAsStream(resourceName); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java ---------------------------------------------------------------------- diff --git a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java index 3e99672..fab0d4d 100644 --- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java +++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java @@ -108,6 +108,9 @@ public class ITCrossRealmTest extends AbstractSTSTest { } } + // Need client auth for the second call + tlsClientParameters = initTLSClientParameters(testProps, true); + SecurityToken rpToken = requestSecurityTokenOnbehalfOf( SAML2_TOKEN_TYPE, BEARER_KEYTYPE, @@ -191,6 +194,9 @@ public class ITCrossRealmTest extends AbstractSTSTest { } } + // Need client auth for the second call + tlsClientParameters = initTLSClientParameters(testProps, true); + SecurityToken rpToken = requestSecurityTokenOnbehalfOf( SAML2_TOKEN_TYPE, BEARER_KEYTYPE, http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/services/sts/src/test/resources/stsclient.properties ---------------------------------------------------------------------- diff --git a/services/sts/src/test/resources/stsclient.properties b/services/sts/src/test/resources/stsclient.properties index b75d4d7..db45129 100644 --- a/services/sts/src/test/resources/stsclient.properties +++ b/services/sts/src/test/resources/stsclient.properties @@ -1,6 +1,6 @@ sts-url= truststore=jetty-ssl.keystore truststore-pw=jettypw -keystore=${sts-client-keystore} -keystore-pw=${sts-client-keystore-pw} -keystore-key-pw=${sts-client-keystore-key-pw} +keystore=jetty-ssl.keystore +keystore-pw=jettypw +keystore-key-pw=jettypw http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/systests/jetty8/src/test/resources/idp-server.xml ---------------------------------------------------------------------- diff --git a/systests/jetty8/src/test/resources/idp-server.xml b/systests/jetty8/src/test/resources/idp-server.xml index ea7701c..1f89e96 100644 --- a/systests/jetty8/src/test/resources/idp-server.xml +++ b/systests/jetty8/src/test/resources/idp-server.xml @@ -24,6 +24,9 @@ <Set name="keyStore">./target/test-classes/server.jks</Set> <Set name="keyStorePassword">tompass</Set> <Set name="keyManagerPassword">tompass</Set> + <Set name="trustStore">./target/test-classes/server.jks</Set> + <Set name="trustStorePassword">tompass</Set> + <Set name="wantClientAuth">true</Set> </New> </Arg> <Set name="port">${idp.https.port}</Set> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2a5b457e/systests/spring/src/test/resources/idp-server.xml ---------------------------------------------------------------------- diff --git a/systests/spring/src/test/resources/idp-server.xml b/systests/spring/src/test/resources/idp-server.xml index 75ac996..9c31fd7 100644 --- a/systests/spring/src/test/resources/idp-server.xml +++ b/systests/spring/src/test/resources/idp-server.xml @@ -23,6 +23,9 @@ </Set> <Set name="keyStorePassword">tompass</Set> <Set name="keyManagerPassword">tompass</Set> + <Set name="trustStore">./target/test-classes/server.jks</Set> + <Set name="trustStorePassword">tompass</Set> + <Set name="wantClientAuth">true</Set> </New> </Arg> <Set name="port">${idp.https.port}</Set>
