Repository: cxf Updated Branches: refs/heads/master dd12d69e3 -> f4aafc6f8
[CXF-6267]: added JUnit test for transport binding Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/f4aafc6f Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/f4aafc6f Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/f4aafc6f Branch: refs/heads/master Commit: f4aafc6f8fe4e4964f6a48a50c43ceee3a171a64 Parents: dd12d69 Author: Andrei Shakirin <andrei.shaki...@gmail.com> Authored: Fri May 29 18:04:57 2015 +0200 Committer: Andrei Shakirin <andrei.shaki...@gmail.com> Committed: Fri May 29 18:04:57 2015 +0200 ---------------------------------------------------------------------- .../sts/stsclient/STSTokenHelperTest.java | 191 ++++++++++++++++--- 1 file changed, 166 insertions(+), 25 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/f4aafc6f/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java ---------------------------------------------------------------------- diff --git a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java index 456dc51..d349f07 100644 --- a/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java +++ b/services/sts/systests/basic/src/test/java/org/apache/cxf/systest/sts/stsclient/STSTokenHelperTest.java @@ -18,12 +18,30 @@ */ package org.apache.cxf.systest.sts.stsclient; +import java.io.IOException; +import java.io.InputStream; +import java.security.KeyManagementException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.UnrecoverableKeyException; +import java.security.cert.CertificateException; +import java.util.Date; import java.util.HashMap; import java.util.Map; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.KeyManager; +import javax.net.ssl.KeyManagerFactory; +import javax.net.ssl.SSLContext; +import javax.net.ssl.TrustManager; +import javax.net.ssl.TrustManagerFactory; + import org.apache.cxf.Bus; import org.apache.cxf.BusFactory; +import org.apache.cxf.configuration.jsse.TLSClientParameters; import org.apache.cxf.endpoint.Endpoint; +import org.apache.cxf.endpoint.EndpointException; import org.apache.cxf.endpoint.EndpointImpl; import org.apache.cxf.interceptor.LoggingInInterceptor; import org.apache.cxf.interceptor.LoggingOutInterceptor; @@ -39,12 +57,16 @@ import org.apache.cxf.service.model.ServiceInfo; import org.apache.cxf.systest.sts.common.SecurityTestUtil; import org.apache.cxf.systest.sts.deployment.STSServer; import org.apache.cxf.testutil.common.AbstractBusClientServerTestBase; +import org.apache.cxf.transport.http.HTTPConduit; import org.apache.cxf.ws.security.SecurityConstants; import org.apache.cxf.ws.security.policy.interceptors.STSTokenHelper; import org.apache.cxf.ws.security.tokenstore.SecurityToken; import org.apache.cxf.ws.security.trust.STSClient; + +import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; +import org.junit.Test; /** * Some tests for STSClient configuration. @@ -52,17 +74,28 @@ import org.junit.BeforeClass; public class STSTokenHelperTest extends AbstractBusClientServerTestBase { static final String STSPORT = allocatePort(STSServer.class); static final String STSPORT2 = allocatePort(STSServer.class, 2); - - private static final String STS_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/X509?wsdl"; + private static final String STS_SERVICE_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}SecurityTokenService"; - private static final String STS_X509_ENDPOINT_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port"; private static final String TOKEN_TYPE_SAML_2_0 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; + + private static final String SERVICE_ENDPOINT_ASSYMETRIC = + "http://localhost:8081/doubleit/services/doubleitasymmetric"; + private static final String STS_X509_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/X509?wsdl"; + private static final String STS_X509_ENDPOINT_NAME = "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}X509_Port"; private static final String KEY_TYPE_X509 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey"; - private static final String SERVICE_ENDPOINT_ASSYMETRIC = - "http://localhost:1111/doubleit/services/doubleitasymmetric"; - + + private static final String SERVICE_ENDPOINT_TRANSPORT = + "https://localhost:8081/doubleit/services/doubleittransportsaml1"; + private static final String STS_TRANSPORT_WSDL_LOCATION_RELATIVE = "/SecurityTokenService/Transport?wsdl"; + private static final String STS_TRANSPORT_ENDPOINT_NAME = + "{http://docs.oasis-open.org/ws-sx/ws-trust/200512/}Transport_Port"; + + private static final String CLIENTSTORE = "/clientstore.jks"; + private static final String KEYSTORE_PASS = "cspass"; + private static final String KEY_PASS = "ckpass"; + @BeforeClass public static void startServers() throws Exception { assertTrue( @@ -73,42 +106,49 @@ public class STSTokenHelperTest extends AbstractBusClientServerTestBase { ); } - @org.junit.AfterClass + @AfterClass public static void cleanup() throws Exception { SecurityTestUtil.cleanup(); stopAllServers(); } - @org.junit.Test - public void testSTSAssymetric() throws Exception { - Bus bus = BusFactory.newInstance().createBus(); - STSClient stsClient = initStsClient(bus); + @Test + public void testSTSAsymmetricBinding() throws Exception { + Bus bus = BusFactory.getThreadDefaultBus(); + STSClient stsClient = initStsClientAsymmeticBinding(bus); - MessageImpl message = new MessageImpl(); - message.put(SecurityConstants.STS_CLIENT, stsClient); - message.put(Message.ENDPOINT_ADDRESS, SERVICE_ENDPOINT_ASSYMETRIC); + MessageImpl message = prepareMessage(bus, stsClient, SERVICE_ENDPOINT_ASSYMETRIC); + STSTokenHelper.TokenRequestParams params = new STSTokenHelper.TokenRequestParams(); - Exchange exchange = new ExchangeImpl(); - ServiceInfo si = new ServiceInfo(); - Service s = new ServiceImpl(si); - EndpointInfo ei = new EndpointInfo(); - Endpoint ep = new EndpointImpl(bus, s, ei); - ei.setBinding(new BindingInfo(si, null)); - message.setExchange(exchange); - exchange.put(Endpoint.class, ep); + SecurityToken token = STSTokenHelper.getToken(message, params); + validateSecurityToken(token); + } + + @Test + public void testSTSTransportBinding() throws Exception { + // Setup HttpsURLConnection to get STS WSDL + configureDefaultHttpsConnection(); + Bus bus = BusFactory.getThreadDefaultBus(); + STSClient stsClient = initStsClientTransportBinding(bus); + + TLSClientParameters tlsParams = prepareTLSParams(); + ((HTTPConduit)stsClient.getClient().getConduit()).setTlsClientParameters(tlsParams); + + MessageImpl message = prepareMessage(bus, stsClient, SERVICE_ENDPOINT_TRANSPORT); STSTokenHelper.TokenRequestParams params = new STSTokenHelper.TokenRequestParams(); + SecurityToken token = STSTokenHelper.getToken(message, params); - Assert.assertNotNull(token); + validateSecurityToken(token); } - private STSClient initStsClient(Bus bus) { + private STSClient initStsClientAsymmeticBinding(Bus bus) { bus.getInInterceptors().add(new LoggingOutInterceptor()); bus.getOutInterceptors().add(new LoggingInInterceptor()); bus.getOutFaultInterceptors().add(new LoggingInInterceptor()); STSClient stsClient = new STSClient(bus); - stsClient.setWsdlLocation("http://localhost:" + STSPORT2 + STS_WSDL_LOCATION_RELATIVE); + stsClient.setWsdlLocation("http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE); stsClient.setServiceName(STS_SERVICE_NAME); stsClient.setEndpointName(STS_X509_ENDPOINT_NAME); stsClient.setTokenType(TOKEN_TYPE_SAML_2_0); @@ -129,4 +169,105 @@ public class STSTokenHelperTest extends AbstractBusClientServerTestBase { stsClient.setProperties(props); return stsClient; } + + private STSClient initStsClientTransportBinding(Bus bus) { + bus.getInInterceptors().add(new LoggingOutInterceptor()); + bus.getOutInterceptors().add(new LoggingInInterceptor()); + bus.getOutFaultInterceptors().add(new LoggingInInterceptor()); + + STSClient stsClient = new STSClient(bus); + stsClient.setWsdlLocation("https://localhost:" + STSPORT + STS_TRANSPORT_WSDL_LOCATION_RELATIVE); + stsClient.setServiceName(STS_SERVICE_NAME); + stsClient.setEndpointName(STS_TRANSPORT_ENDPOINT_NAME); + stsClient.setTokenType(TOKEN_TYPE_SAML_2_0); + stsClient.setAllowRenewingAfterExpiry(true); + stsClient.setEnableLifetime(true); + + Map<String, Object> props = new HashMap<String, Object>(); + props.put(SecurityConstants.USERNAME, "alice"); + props.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.sts.common.CommonCallbackHandler"); + props.put(SecurityConstants.STS_TOKEN_USERNAME, "mystskey"); + props.put(SecurityConstants.STS_TOKEN_PROPERTIES, "clientKeystore.properties"); + props.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true"); + props.put(SecurityConstants.IS_BSP_COMPLIANT, "false"); + stsClient.setProperties(props); + return stsClient; + } + + private MessageImpl prepareMessage(Bus bus, STSClient stsClient, String serviceAddress) throws EndpointException { + MessageImpl message = new MessageImpl(); + message.put(SecurityConstants.STS_CLIENT, stsClient); + message.put(Message.ENDPOINT_ADDRESS, serviceAddress); + + Exchange exchange = new ExchangeImpl(); + ServiceInfo si = new ServiceInfo(); + Service s = new ServiceImpl(si); + EndpointInfo ei = new EndpointInfo(); + Endpoint ep = new EndpointImpl(bus, s, ei); + ei.setBinding(new BindingInfo(si, null)); + message.setExchange(exchange); + exchange.put(Endpoint.class, ep); + return message; + } + + private void configureDefaultHttpsConnection() throws NoSuchAlgorithmException, KeyStoreException, + CertificateException, IOException, KeyManagementException { + // For localhost testing only + javax.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(new javax.net.ssl.HostnameVerifier() { + + public boolean verify(String hostname, javax.net.ssl.SSLSession sslSession) { + return "localhost".equals(hostname); + } + }); + + TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory + .getDefaultAlgorithm()); + KeyStore keyStore = loadClientKeystore(); + trustManagerFactory.init(keyStore); + TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); + SSLContext sc = SSLContext.getInstance("SSL"); + sc.init(null, trustManagers, new java.security.SecureRandom()); + HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); + } + + private TLSClientParameters prepareTLSParams() throws KeyStoreException, IOException, + NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException { + TLSClientParameters tlsParams = new TLSClientParameters(); + tlsParams.setDisableCNCheck(true); + KeyStore trustStore = loadClientKeystore(); + + TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory + .getDefaultAlgorithm()); + trustFactory.init(trustStore); + TrustManager[] tm = trustFactory.getTrustManagers(); + tlsParams.setTrustManagers(tm); + + KeyStore keyStore = loadClientKeystore(); + KeyManagerFactory keyFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); + keyFactory.init(keyStore, KEY_PASS.toCharArray()); + KeyManager[] km = keyFactory.getKeyManagers(); + tlsParams.setKeyManagers(km); + return tlsParams; + } + + private KeyStore loadClientKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException, + CertificateException { + KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType()); + InputStream keystoreStream = STSTokenHelperTest.class.getResourceAsStream(CLIENTSTORE); + try { + keystore.load(keystoreStream, KEYSTORE_PASS.toCharArray()); + } finally { + keystoreStream.close(); + } + return keystore; + } + + private void validateSecurityToken(SecurityToken token) { + Assert.assertNotNull(token); + Assert.assertEquals(TOKEN_TYPE_SAML_2_0, token.getTokenType()); + Assert.assertNotNull(token.getId()); + Assert.assertTrue(token.getExpires().after(new Date())); + Assert.assertEquals("Assertion", token.getToken().getLocalName()); + } + }