Minor test change
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/44abe9a0 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/44abe9a0 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/44abe9a0 Branch: refs/heads/3.1.x-fixes Commit: 44abe9a07a81f83685a626de20c27b3c4b98a871 Parents: b38e451 Author: Colm O hEigeartaigh <cohei...@apache.org> Authored: Wed Feb 10 15:00:37 2016 +0000 Committer: Colm O hEigeartaigh <cohei...@apache.org> Committed: Wed Feb 10 17:24:31 2016 +0000 ---------------------------------------------------------------------- .../sts/operation/IssueJWTRealmUnitTest.java | 34 ++++++++++++-------- .../cxf/sts/operation/IssueJWTUnitTest.java | 10 ++++++ 2 files changed, 31 insertions(+), 13 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/cxf/blob/44abe9a0/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTRealmUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTRealmUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTRealmUnitTest.java index 5c009a1..34ee3b3 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTRealmUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTRealmUnitTest.java @@ -19,6 +19,7 @@ package org.apache.cxf.sts.operation; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -35,6 +36,7 @@ import org.w3c.dom.Element; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtConstants; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -56,6 +58,7 @@ import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType; import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.crypto.CryptoType; import org.apache.wss4j.common.principal.CustomTokenPrincipal; import org.apache.wss4j.dom.WSConstants; import org.junit.Assert; @@ -142,9 +145,7 @@ public class IssueJWTRealmUnitTest extends org.junit.Assert { } assertNotNull(token); - JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token.getTextContent()); - JwtToken jwt = jwtConsumer.getJwtToken(); - Assert.assertEquals("A-Issuer", jwt.getClaim(JwtConstants.CLAIM_ISSUER)); + validateToken(token.getTextContent(), "A-Issuer", stsProperties.getSignatureUsername(), crypto); } /** @@ -217,9 +218,7 @@ public class IssueJWTRealmUnitTest extends org.junit.Assert { } assertNotNull(token); - JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token.getTextContent()); - JwtToken jwt = jwtConsumer.getJwtToken(); - Assert.assertEquals("B-Issuer", jwt.getClaim(JwtConstants.CLAIM_ISSUER)); + validateToken(token.getTextContent(), "B-Issuer", stsProperties.getSignatureUsername(), crypto); } /** @@ -292,9 +291,7 @@ public class IssueJWTRealmUnitTest extends org.junit.Assert { } assertNotNull(token); - JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token.getTextContent()); - JwtToken jwt = jwtConsumer.getJwtToken(); - Assert.assertEquals("STS", jwt.getClaim(JwtConstants.CLAIM_ISSUER)); + validateToken(token.getTextContent(), "STS", stsProperties.getSignatureUsername(), crypto); } @@ -374,7 +371,7 @@ public class IssueJWTRealmUnitTest extends org.junit.Assert { response.getRequestSecurityTokenResponse(); assertTrue(!securityTokenResponse.isEmpty()); - // Test the generated token. + // Test the generated token. Element token = null; for (Object tokenObject : securityTokenResponse.get(0).getAny()) { if (tokenObject instanceof JAXBElement<?> @@ -387,9 +384,7 @@ public class IssueJWTRealmUnitTest extends org.junit.Assert { } assertNotNull(token); - JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token.getTextContent()); - JwtToken jwt = jwtConsumer.getJwtToken(); - Assert.assertEquals("B-Issuer", jwt.getClaim(JwtConstants.CLAIM_ISSUER)); + validateToken(token.getTextContent(), "B-Issuer", stsProperties.getSignatureUsername(), crypto); } /** @@ -407,6 +402,19 @@ public class IssueJWTRealmUnitTest extends org.junit.Assert { return realms; } + private void validateToken(String token, String issuer, String sigUsername, Crypto sigCrypto) throws Exception { + JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token); + JwtToken jwt = jwtConsumer.getJwtToken(); + Assert.assertEquals(issuer, jwt.getClaim(JwtConstants.CLAIM_ISSUER)); + + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias(sigUsername); + X509Certificate[] certs = sigCrypto.getX509Certificates(cryptoType); + assertNotNull(certs); + + assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256)); + } + /* * Create a security context object */ http://git-wip-us.apache.org/repos/asf/cxf/blob/44abe9a0/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java ---------------------------------------------------------------------- diff --git a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java index 2f29d3f..eacf6bd 100644 --- a/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java +++ b/services/sts/sts-core/src/test/java/org/apache/cxf/sts/operation/IssueJWTUnitTest.java @@ -19,6 +19,7 @@ package org.apache.cxf.sts.operation; import java.security.Principal; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -33,6 +34,7 @@ import org.w3c.dom.Element; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.jaxws.context.WrappedMessageContext; import org.apache.cxf.message.MessageImpl; +import org.apache.cxf.rs.security.jose.jwa.SignatureAlgorithm; import org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer; import org.apache.cxf.rs.security.jose.jwt.JwtConstants; import org.apache.cxf.rs.security.jose.jwt.JwtToken; @@ -54,6 +56,7 @@ import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType; import org.apache.cxf.ws.security.tokenstore.TokenStore; import org.apache.wss4j.common.crypto.Crypto; import org.apache.wss4j.common.crypto.CryptoFactory; +import org.apache.wss4j.common.crypto.CryptoType; import org.apache.wss4j.common.principal.CustomTokenPrincipal; import org.apache.wss4j.dom.WSConstants; import org.junit.Assert; @@ -144,6 +147,13 @@ public class IssueJWTUnitTest extends org.junit.Assert { JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token.getTextContent()); JwtToken jwt = jwtConsumer.getJwtToken(); Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT)); + + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); + cryptoType.setAlias(stsProperties.getSignatureUsername()); + X509Certificate[] certs = crypto.getX509Certificates(cryptoType); + assertNotNull(certs); + + assertTrue(jwtConsumer.verifySignatureWith(certs[0], SignatureAlgorithm.RS256)); } /*