Repository: cxf-fediz
Updated Branches:
refs/heads/1.1.x-fixes 73306269b -> 17e8c07f3
Enforcing client authentication for the OnBehalfOf endpoint
Conflicts:
services/sts/pom.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/17e8c07f
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/17e8c07f
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/17e8c07f
Branch: refs/heads/1.1.x-fixes
Commit: 17e8c07f37de0529b94b63199a92f4044f4aa3ff
Parents: 7330626
Author: Colm O hEigeartaigh <[email protected]>
Authored: Thu Sep 18 17:45:46 2014 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Thu Sep 18 17:51:36 2014 +0100
----------------------------------------------------------------------
services/idp/src/main/resources/idp-ssl-key.jks | Bin 0 -> 1123 bytes
.../src/main/webapp/WEB-INF/applicationContext.xml | 3 +++
services/sts/pom.xml | 2 ++
.../webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl | 12 +++++++-----
.../org/apache/cxf/fediz/sts/AbstractSTSTest.java | 2 +-
.../cxf/fediz/sts/realms/ITCrossRealmTest.java | 6 ++++++
.../sts/src/test/resources/stsclient.properties | 6 +++---
systests/jetty8/src/test/resources/idp-server.xml | 3 +++
systests/spring/src/test/resources/idp-server.xml | 3 +++
9 files changed, 28 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/idp/src/main/resources/idp-ssl-key.jks
----------------------------------------------------------------------
diff --git a/services/idp/src/main/resources/idp-ssl-key.jks
b/services/idp/src/main/resources/idp-ssl-key.jks
new file mode 100644
index 0000000..ae16a55
Binary files /dev/null and b/services/idp/src/main/resources/idp-ssl-key.jks
differ
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
----------------------------------------------------------------------
diff --git a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
index e74fd28..a90c106 100644
--- a/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/services/idp/src/main/webapp/WEB-INF/applicationContext.xml
@@ -60,6 +60,9 @@
<sec:trustManagers>
<sec:keyStore type="jks" password="ispass"
resource="idp-ssl-trust.jks"/>
</sec:trustManagers>
+ <sec:keyManagers keyPassword="tompass">
+ <sec:keyStore type="jks" password="tompass"
resource="idp-ssl-key.jks"/>
+ </sec:keyManagers>
</http:tlsClientParameters>
</http:conduit>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/pom.xml
----------------------------------------------------------------------
diff --git a/services/sts/pom.xml b/services/sts/pom.xml
index 9a4f045..366a6dd 100644
--- a/services/sts/pom.xml
+++ b/services/sts/pom.xml
@@ -198,6 +198,8 @@
<keystore>${project.build.directory}/test-classes/jetty-ssl.keystore</keystore>
<password>jettypw</password>
<keyPassword>jettypw</keyPassword>
+
<truststore>${project.build.directory}/test-classes/jetty-ssl.keystore</truststore>
+
<trustPassword>jettypw</trustPassword>
<wantClientAuth>true</wantClientAuth>
</connector>
</connectors>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
----------------------------------------------------------------------
diff --git
a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
index da62897..f6b318a 100644
--- a/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
+++ b/services/sts/src/main/webapp/WEB-INF/wsdl/ws-trust-1.4-service.wsdl
@@ -754,8 +754,10 @@
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
- <sp:HttpsToken RequireClientCertificate="false">
- <wsp:Policy/>
+ <sp:HttpsToken>
+ <wsp:Policy>
+ <sp:RequireClientCertificate />
+ </wsp:Policy>
</sp:HttpsToken>
</wsp:Policy>
</sp:TransportToken>
@@ -802,7 +804,7 @@
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
- <sp:HttpsToken RequireClientCertificate="false">
+ <sp:HttpsToken>
<wsp:Policy/>
</sp:HttpsToken>
</wsp:Policy>
@@ -861,7 +863,7 @@
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
- <sp:HttpsToken RequireClientCertificate="false">
+ <sp:HttpsToken>
<wsp:Policy/>
</sp:HttpsToken>
</wsp:Policy>
@@ -921,7 +923,7 @@
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
- <sp:HttpsToken
RequireClientCertificate="false">
+ <sp:HttpsToken>
<wsp:Policy/>
</sp:HttpsToken>
</wsp:Policy>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
----------------------------------------------------------------------
diff --git
a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
index 21afb6c..f0eb6f6 100644
--- a/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
+++ b/services/sts/src/test/java/org/apache/cxf/fediz/sts/AbstractSTSTest.java
@@ -215,7 +215,7 @@ public abstract class AbstractSTSTest {
return writer.getDocument().getDocumentElement();
}
- protected Properties readTestProperties(Class clazz, String method) {
+ protected Properties readTestProperties(Class<?> clazz, String method) {
Properties testProps = new Properties();
String resourceName = "stsclient.properties";
InputStream in =
Thread.currentThread().getContextClassLoader().getResourceAsStream(resourceName);
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
----------------------------------------------------------------------
diff --git
a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
index 0c373a7..621e0f8 100644
---
a/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
+++
b/services/sts/src/test/java/org/apache/cxf/fediz/sts/realms/ITCrossRealmTest.java
@@ -108,6 +108,9 @@ public class ITCrossRealmTest extends AbstractSTSTest {
}
}
+ // Need client auth for the second call
+ tlsClientParameters = initTLSClientParameters(testProps, true);
+
SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
SAML2_TOKEN_TYPE,
BEARER_KEYTYPE,
@@ -191,6 +194,9 @@ public class ITCrossRealmTest extends AbstractSTSTest {
}
}
+ // Need client auth for the second call
+ tlsClientParameters = initTLSClientParameters(testProps, true);
+
SecurityToken rpToken = requestSecurityTokenOnbehalfOf(
SAML2_TOKEN_TYPE,
BEARER_KEYTYPE,
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/services/sts/src/test/resources/stsclient.properties
----------------------------------------------------------------------
diff --git a/services/sts/src/test/resources/stsclient.properties
b/services/sts/src/test/resources/stsclient.properties
index b75d4d7..db45129 100644
--- a/services/sts/src/test/resources/stsclient.properties
+++ b/services/sts/src/test/resources/stsclient.properties
@@ -1,6 +1,6 @@
sts-url=
truststore=jetty-ssl.keystore
truststore-pw=jettypw
-keystore=${sts-client-keystore}
-keystore-pw=${sts-client-keystore-pw}
-keystore-key-pw=${sts-client-keystore-key-pw}
+keystore=jetty-ssl.keystore
+keystore-pw=jettypw
+keystore-key-pw=jettypw
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/systests/jetty8/src/test/resources/idp-server.xml
----------------------------------------------------------------------
diff --git a/systests/jetty8/src/test/resources/idp-server.xml
b/systests/jetty8/src/test/resources/idp-server.xml
index ea7701c..1f89e96 100644
--- a/systests/jetty8/src/test/resources/idp-server.xml
+++ b/systests/jetty8/src/test/resources/idp-server.xml
@@ -24,6 +24,9 @@
<Set name="keyStore">./target/test-classes/server.jks</Set>
<Set name="keyStorePassword">tompass</Set>
<Set name="keyManagerPassword">tompass</Set>
+ <Set name="trustStore">./target/test-classes/server.jks</Set>
+ <Set name="trustStorePassword">tompass</Set>
+ <Set name="wantClientAuth">true</Set>
</New>
</Arg>
<Set name="port">${idp.https.port}</Set>
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/17e8c07f/systests/spring/src/test/resources/idp-server.xml
----------------------------------------------------------------------
diff --git a/systests/spring/src/test/resources/idp-server.xml
b/systests/spring/src/test/resources/idp-server.xml
index 75ac996..9c31fd7 100644
--- a/systests/spring/src/test/resources/idp-server.xml
+++ b/systests/spring/src/test/resources/idp-server.xml
@@ -23,6 +23,9 @@
</Set>
<Set name="keyStorePassword">tompass</Set>
<Set name="keyManagerPassword">tompass</Set>
+ <Set
name="trustStore">./target/test-classes/server.jks</Set>
+ <Set name="trustStorePassword">tompass</Set>
+ <Set name="wantClientAuth">true</Set>
</New>
</Arg>
<Set name="port">${idp.https.port}</Set>
