Repository: cxf-fediz
Updated Branches:
refs/heads/1.1.x-fixes f74913cc6 -> f2aa4d6d9
Fixing a bug with Metadata Signature Creation + adding system tests for the RP
Conflicts:
systests/cxf/src/test/resources/fediz_config.xml
systests/jetty8/src/test/resources/fediz_config.xml
systests/tests/src/test/java/org/apache/cxf/fediz/integrationtests/AbstractTests.java
systests/tomcat7/src/test/resources/fediz_config.xml
Project: http://git-wip-us.apache.org/repos/asf/cxf-fediz/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf-fediz/commit/f2aa4d6d
Tree: http://git-wip-us.apache.org/repos/asf/cxf-fediz/tree/f2aa4d6d
Diff: http://git-wip-us.apache.org/repos/asf/cxf-fediz/diff/f2aa4d6d
Branch: refs/heads/1.1.x-fixes
Commit: f2aa4d6d9e9f99e35334c4d6b347e4766fb4bcc6
Parents: f74913c
Author: Colm O hEigeartaigh <[email protected]>
Authored: Fri Sep 19 16:51:09 2014 +0100
Committer: Colm O hEigeartaigh <[email protected]>
Committed: Fri Sep 19 17:21:53 2014 +0100
----------------------------------------------------------------------
.../cxf/fediz/core/util/SignatureUtils.java | 4 +
.../cxf/fediz/integrationtests/TomcatTest.java | 166 ++++++++++++++++++-
.../tomcat7/src/test/resources/fediz_config.xml | 3 +
3 files changed, 172 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f2aa4d6d/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
----------------------------------------------------------------------
diff --git
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
index 12452f4..88def44 100644
---
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
+++
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
@@ -56,6 +56,10 @@ public final class SignatureUtils {
private static final XMLSignatureFactory XML_SIGNATURE_FACTORY =
XMLSignatureFactory.getInstance("DOM");
private static final DocumentBuilderFactory DOC_BUILDER_FACTORY =
DocumentBuilderFactory.newInstance();
+ static {
+ DOC_BUILDER_FACTORY.setNamespaceAware(true);
+ }
+
private SignatureUtils() {
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f2aa4d6d/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
----------------------------------------------------------------------
diff --git
a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
index 8fa3a77..4db1b56 100644
---
a/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
+++
b/systests/tomcat7/src/test/java/org/apache/cxf/fediz/integrationtests/TomcatTest.java
@@ -20,19 +20,41 @@
package org.apache.cxf.fediz.integrationtests;
+import java.io.ByteArrayInputStream;
import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+
+import javax.net.ssl.SSLContext;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.connector.Connector;
import org.apache.catalina.startup.Tomcat;
import org.apache.cxf.fediz.core.ClaimTypes;
+import org.apache.cxf.fediz.core.util.DOMUtils;
import org.apache.cxf.fediz.tomcat.FederationAuthenticator;
+import org.apache.http.HttpEntity;
+import org.apache.http.HttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.SSLContextBuilder;
+import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClientBuilder;
+import org.apache.http.impl.client.LaxRedirectStrategy;
+import org.apache.http.util.EntityUtils;
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
-
public class TomcatTest extends AbstractTests {
static String idpHttpsPort;
@@ -205,4 +227,146 @@ public class TomcatTest extends AbstractTests {
}
+ @org.junit.Test
+ public void testMetadataRP() throws Exception {
+ String url = "https://localhost:"; + getRpHttpsPort()
+ +
"/fedizhelloworld/FederationMetadata/2007-06/FederationMetadata.xml";
+
+ CloseableHttpClient httpClient = null;
+ try {
+ KeyStore trustStore =
KeyStore.getInstance(KeyStore.getDefaultType());
+ FileInputStream instream = new FileInputStream(new
File("./target/test-classes/client.jks"));
+ try {
+ trustStore.load(instream, "clientpass".toCharArray());
+ } finally {
+ try {
+ instream.close();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+ SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+ sslContextBuilder.loadTrustMaterial(trustStore, new
TrustSelfSignedStrategy());
+ sslContextBuilder.loadKeyMaterial(trustStore,
"clientpass".toCharArray());
+
+ SSLContext sslContext = sslContextBuilder.build();
+ SSLConnectionSocketFactory sslSocketFactory =
+ new SSLConnectionSocketFactory(sslContext);
+
+ HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+ httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+ httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+
+ httpClient = httpClientBuilder.build();
+
+ HttpGet httpget = new HttpGet(url);
+
+ HttpResponse response = httpClient.execute(httpget);
+ HttpEntity entity = response.getEntity();
+
+ Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+
+ String metadata = EntityUtils.toString(entity);
+ Assert.assertTrue(metadata.startsWith("<EntityDescriptor"));
+
+ // Now validate the Signature
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ Document doc =
+ dbf.newDocumentBuilder().parse(new
ByteArrayInputStream(metadata.getBytes()));
+
+ doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
+ Node signatureNode =
+ DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+ Assert.assertNotNull(signatureNode);
+
+ XMLSignature signature = new XMLSignature((Element)signatureNode,
"");
+ KeyInfo ki = signature.getKeyInfo();
+ Assert.assertNotNull(ki);
+ Assert.assertNotNull(ki.getX509Certificate());
+
+
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+ } finally {
+ // When HttpClient instance is no longer needed,
+ // shut down the connection manager to ensure
+ // immediate deallocation of all system resources
+ if (httpClient != null) {
+ httpClient.close();
+ }
+ }
+ }
+
+ @org.junit.Test
+ public void testMetadataIdP() throws Exception {
+ String url = "https://localhost:"; + getIdpHttpsPort()
+ + "/fediz-idp/FederationMetadata/2007-06/FederationMetadata.xml";
+
+ CloseableHttpClient httpClient = null;
+ try {
+ KeyStore trustStore =
KeyStore.getInstance(KeyStore.getDefaultType());
+ FileInputStream instream = new FileInputStream(new
File("./target/test-classes/client.jks"));
+ try {
+ trustStore.load(instream, "clientpass".toCharArray());
+ } finally {
+ try {
+ instream.close();
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+ SSLContextBuilder sslContextBuilder = new SSLContextBuilder();
+ sslContextBuilder.loadTrustMaterial(trustStore, new
TrustSelfSignedStrategy());
+ sslContextBuilder.loadKeyMaterial(trustStore,
"clientpass".toCharArray());
+
+ SSLContext sslContext = sslContextBuilder.build();
+ SSLConnectionSocketFactory sslSocketFactory =
+ new SSLConnectionSocketFactory(sslContext);
+
+ HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
+ httpClientBuilder.setSSLSocketFactory(sslSocketFactory);
+ httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+
+ httpClient = httpClientBuilder.build();
+
+ HttpGet httpget = new HttpGet(url);
+
+ HttpResponse response = httpClient.execute(httpget);
+ HttpEntity entity = response.getEntity();
+
+ Assert.assertEquals(200, response.getStatusLine().getStatusCode());
+
+ String metadata = EntityUtils.toString(entity);
+ Assert.assertTrue(metadata.startsWith("<EntityDescriptor"));
+
+ // Now validate the Signature
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ Document doc =
+ dbf.newDocumentBuilder().parse(new
ByteArrayInputStream(metadata.getBytes()));
+
+ doc.getDocumentElement().setIdAttributeNS(null, "ID", true);
+
+ Node signatureNode =
+ DOMUtils.getChild(doc.getDocumentElement(), "Signature");
+ Assert.assertNotNull(signatureNode);
+
+ XMLSignature signature = new XMLSignature((Element)signatureNode,
"");
+ KeyInfo ki = signature.getKeyInfo();
+ Assert.assertNotNull(ki);
+ Assert.assertNotNull(ki.getX509Certificate());
+
+
Assert.assertTrue(signature.checkSignatureValue(ki.getX509Certificate()));
+ } finally {
+ // When HttpClient instance is no longer needed,
+ // shut down the connection manager to ensure
+ // immediate deallocation of all system resources
+ if (httpClient != null) {
+ httpClient.close();
+ }
+ }
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/f2aa4d6d/systests/tomcat7/src/test/resources/fediz_config.xml
----------------------------------------------------------------------
diff --git a/systests/tomcat7/src/test/resources/fediz_config.xml
b/systests/tomcat7/src/test/resources/fediz_config.xml
index 9aa6c01..2c17f47 100644
--- a/systests/tomcat7/src/test/resources/fediz_config.xml
+++ b/systests/tomcat7/src/test/resources/fediz_config.xml
@@ -17,6 +17,9 @@
<issuer certificateValidation="PeerTrust" />
</trustedIssuers>
<maximumClockSkew>1000</maximumClockSkew>
+ <signingKey keyAlias="mytomidpkey" keyPassword="tompass">
+ <keyStore file="test-classes/server.jks" password="tompass"
type="JKS" />
+ </signingKey>
<protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:type="federationProtocolType" version="1.0.0">
<realm>urn:org:apache:cxf:fediz:fedizhelloworld</realm>
