Repository: cxf-fediz Updated Branches: refs/heads/master d272e844a -> c55caad9d
Fixing a bug with Metadata Signature Creation + adding system tests for the RP Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/c55caad9 Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/c55caad9 Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/c55caad9 Branch: refs/heads/master Commit: c55caad9d492081872a62681bcb21ef6e17e7340 Parents: d272e84 Author: Colm O hEigeartaigh <[email protected]> Authored: Fri Sep 19 16:51:09 2014 +0100 Committer: Colm O hEigeartaigh <[email protected]> Committed: Fri Sep 19 16:51:09 2014 +0100 ---------------------------------------------------------------------- .../cxf/fediz/core/util/SignatureUtils.java | 4 ++ .../cxf/src/test/resources/fediz_config.xml | 3 + .../jetty8/src/test/resources/fediz_config.xml | 3 + .../spring/src/test/resources/fediz_config.xml | 3 + .../fediz/integrationtests/AbstractTests.java | 62 +++++++++++++++++++- .../tomcat7/src/test/resources/fediz_config.xml | 3 + 6 files changed, 77 insertions(+), 1 deletion(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java index ab4d211..9107e6b 100644 --- a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java +++ b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java @@ -55,6 +55,10 @@ public final class SignatureUtils { private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM"); private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance(); + static { + DOC_BUILDER_FACTORY.setNamespaceAware(true); + } + private SignatureUtils() { } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/cxf/src/test/resources/fediz_config.xml ---------------------------------------------------------------------- diff --git a/systests/cxf/src/test/resources/fediz_config.xml b/systests/cxf/src/test/resources/fediz_config.xml index 32fc21d..9f0209b 100644 --- a/systests/cxf/src/test/resources/fediz_config.xml +++ b/systests/cxf/src/test/resources/fediz_config.xml @@ -18,6 +18,9 @@ <issuer certificateValidation="PeerTrust" /> </trustedIssuers> <maximumClockSkew>1000</maximumClockSkew> + <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> + <keyStore file="test-classes/server.jks" password="tompass" type="JKS" /> + </signingKey> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="federationProtocolType" version="1.0.0"> <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/jetty8/src/test/resources/fediz_config.xml ---------------------------------------------------------------------- diff --git a/systests/jetty8/src/test/resources/fediz_config.xml b/systests/jetty8/src/test/resources/fediz_config.xml index 4fe5022..49460dd 100644 --- a/systests/jetty8/src/test/resources/fediz_config.xml +++ b/systests/jetty8/src/test/resources/fediz_config.xml @@ -18,6 +18,9 @@ <issuer certificateValidation="PeerTrust" /> </trustedIssuers> <maximumClockSkew>1000</maximumClockSkew> + <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> + <keyStore file="server.jks" password="tompass" type="JKS" /> + </signingKey> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="federationProtocolType" version="1.0.0"> <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/spring/src/test/resources/fediz_config.xml ---------------------------------------------------------------------- diff --git a/systests/spring/src/test/resources/fediz_config.xml b/systests/spring/src/test/resources/fediz_config.xml index 2fb2af5..53b0392 100644 --- a/systests/spring/src/test/resources/fediz_config.xml +++ b/systests/spring/src/test/resources/fediz_config.xml @@ -17,6 +17,9 @@ <issuer certificateValidation="PeerTrust" /> </trustedIssuers> <maximumClockSkew>1000</maximumClockSkew> + <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> + <keyStore file="server.jks" password="tompass" type="JKS" /> + </signingKey> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="federationProtocolType" version="1.0.0"> <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm> http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java ---------------------------------------------------------------------- diff --git a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java index 4d68e36..3ba99b9 100644 --- a/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java +++ b/systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java @@ -19,6 +19,10 @@ package org.apache.cxf.fediz.integrationtests; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + import com.gargoylesoftware.htmlunit.CookieManager; import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException; import com.gargoylesoftware.htmlunit.WebClient; @@ -27,9 +31,17 @@ import com.gargoylesoftware.htmlunit.xml.XmlPage; import org.apache.cxf.fediz.core.ClaimTypes; import org.apache.cxf.fediz.core.FederationConstants; +import org.apache.cxf.fediz.core.util.DOMUtils; +import org.apache.wss4j.dom.WSSConfig; +import org.apache.xml.security.keys.KeyInfo; +import org.apache.xml.security.signature.XMLSignature; import org.junit.Assert; public abstract class AbstractTests { + + static { + WSSConfig.init(); + } public AbstractTests() { super(); @@ -290,7 +302,7 @@ public abstract class AbstractTests { } @org.junit.Test - public void testMetadata() throws Exception { + public void testRPMetadata() throws Exception { String url = "https://localhost:"; + getRpHttpsPort() + "/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml"; @@ -302,6 +314,54 @@ public abstract class AbstractTests { final XmlPage rpPage = webClient.getPage(url); final String xmlContent = rpPage.asXml(); Assert.assertTrue(xmlContent.startsWith("<EntityDescriptor")); + + // Now validate the Signature + Document doc = rpPage.getXmlDocument(); + + doc.getDocumentElement().setIdAttributeNS(null, "ID", true); + + Node signatureNode = + DOMUtils.getChild(doc.getDocumentElement(), "Signature"); + Assert.assertNotNull(signatureNode); + + XMLSignature signature = new XMLSignature((Element)signatureNode, ""); + KeyInfo ki = signature.getKeyInfo(); + Assert.assertNotNull(ki); + Assert.assertNotNull(ki.getX509Certificate()); + + Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate())); + } + + @org.junit.Test + @org.junit.Ignore + public void testIdPMetadata() throws Exception { + String url = "https://localhost:"; + getIdpHttpsPort() + + "/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml"; + + final WebClient webClient = new WebClient(); + webClient.getOptions().setUseInsecureSSL(true); + webClient.getOptions().setSSLClientCertificate( + this.getClass().getClassLoader().getResource("client.jks"), "clientpass", "jks"); + + final XmlPage rpPage = webClient.getPage(url); + final String xmlContent = rpPage.asXml(); + Assert.assertTrue(xmlContent.startsWith("<EntityDescriptor")); + + // Now validate the Signature + Document doc = rpPage.getXmlDocument(); + + doc.getDocumentElement().setIdAttributeNS(null, "ID", true); + + Node signatureNode = + DOMUtils.getChild(doc.getDocumentElement(), "Signature"); + Assert.assertNotNull(signatureNode); + + XMLSignature signature = new XMLSignature((Element)signatureNode, ""); + KeyInfo ki = signature.getKeyInfo(); + Assert.assertNotNull(ki); + Assert.assertNotNull(ki.getX509Certificate()); + + Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate())); } @org.junit.Test http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/c55caad9/systests/tomcat7/src/test/resources/fediz_config.xml ---------------------------------------------------------------------- diff --git a/systests/tomcat7/src/test/resources/fediz_config.xml b/systests/tomcat7/src/test/resources/fediz_config.xml index 32fc21d..9f0209b 100644 --- a/systests/tomcat7/src/test/resources/fediz_config.xml +++ b/systests/tomcat7/src/test/resources/fediz_config.xml @@ -18,6 +18,9 @@ <issuer certificateValidation="PeerTrust" /> </trustedIssuers> <maximumClockSkew>1000</maximumClockSkew> + <signingKey keyAlias="mytomidpkey" keyPassword="tompass"> + <keyStore file="test-classes/server.jks" password="tompass" type="JKS" /> + </signingKey> <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:type="federationProtocolType" version="1.0.0"> <realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
