Java tutorial
/** * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ package org.apache.cxf.fediz.integrationtests; import java.io.File; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.IOException; import javax.servlet.ServletException; import com.gargoylesoftware.htmlunit.WebClient; import com.gargoylesoftware.htmlunit.html.DomElement; import com.gargoylesoftware.htmlunit.html.DomNodeList; import com.gargoylesoftware.htmlunit.html.HtmlForm; import com.gargoylesoftware.htmlunit.html.HtmlPage; import com.gargoylesoftware.htmlunit.html.HtmlSubmitInput; import org.apache.catalina.Context; import org.apache.catalina.LifecycleException; import org.apache.catalina.LifecycleState; import org.apache.catalina.connector.Connector; import org.apache.catalina.startup.Tomcat; import org.apache.commons.io.IOUtils; import org.apache.cxf.fediz.core.ClaimTypes; import org.apache.cxf.fediz.tomcat8.FederationAuthenticator; import org.apache.http.auth.AuthScope; import org.apache.http.auth.UsernamePasswordCredentials; import org.junit.AfterClass; import org.junit.Assert; import org.junit.BeforeClass; /** * A test for sending a "PublicKey" KeyType request to the IdP via the "wreq" parameter. This * will cause the IdP/STS to issue a "HolderOfKey" SAML Assertion. */ public class HolderOfKeyTest { static String idpHttpsPort; static String rpHttpsPort; private static Tomcat idpServer; private static Tomcat rpServer; @BeforeClass public static void init() throws Exception { System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); System.setProperty("org.apache.commons.logging.simplelog.showdatetime", "true"); System.setProperty("org.apache.commons.logging.simplelog.log.httpclient.wire", "info"); System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient", "info"); System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info"); System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info"); System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info"); System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); idpHttpsPort = System.getProperty("idp.https.port"); Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort); rpHttpsPort = System.getProperty("rp.https.port"); Assert.assertNotNull("Property 'rp.https.port' null", rpHttpsPort); idpServer = startServer(true, idpHttpsPort); rpServer = startServer(false, rpHttpsPort); } private static Tomcat startServer(boolean idp, String port) throws ServletException, LifecycleException, IOException { Tomcat server = new Tomcat(); server.setPort(0); String currentDir = new File(".").getCanonicalPath(); String baseDir = currentDir + File.separator + "target"; server.setBaseDir(baseDir); if (idp) { server.getHost().setAppBase("tomcat/idp/webapps"); } else { server.getHost().setAppBase("tomcat/rp/webapps"); } server.getHost().setAutoDeploy(true); server.getHost().setDeployOnStartup(true); Connector httpsConnector = new Connector(); httpsConnector.setPort(Integer.parseInt(port)); httpsConnector.setSecure(true); httpsConnector.setScheme("https"); //httpsConnector.setAttribute("keyAlias", keyAlias); httpsConnector.setAttribute("keystorePass", "tompass"); httpsConnector.setAttribute("keystoreFile", "test-classes/server.jks"); httpsConnector.setAttribute("truststorePass", "tompass"); httpsConnector.setAttribute("truststoreFile", "test-classes/server.jks"); httpsConnector.setAttribute("clientAuth", "want"); // httpsConnector.setAttribute("clientAuth", "false"); httpsConnector.setAttribute("sslProtocol", "TLS"); httpsConnector.setAttribute("SSLEnabled", true); server.getService().addConnector(httpsConnector); if (idp) { File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts"); server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath()); File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp"); server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath()); } else { File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "simpleWebapp"); Context cxt = server.addWebapp("/fedizhelloworld", rpWebapp.getAbsolutePath()); // Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem // to work File f = new File(currentDir + "/src/test/resources/fediz_config_hok.xml"); FileInputStream inputStream = new FileInputStream(f); String content = IOUtils.toString(inputStream, "UTF-8"); inputStream.close(); if (content.contains("idp.https.port")) { content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort); File f2 = new File(baseDir + "/test-classes/fediz_config_hok.xml"); try (FileOutputStream outputStream = new FileOutputStream(f2)) { IOUtils.write(content, outputStream, "UTF-8"); } } FederationAuthenticator fa = new FederationAuthenticator(); fa.setConfigFile(currentDir + File.separator + "target" + File.separator + "test-classes" + File.separator + "fediz_config_hok.xml"); cxt.getPipeline().addValve(fa); } server.start(); return server; } @AfterClass public static void cleanup() { shutdownServer(idpServer); shutdownServer(rpServer); } private static void shutdownServer(Tomcat server) { try { if (server != null && server.getServer() != null && server.getServer().getState() != LifecycleState.DESTROYED) { if (server.getServer().getState() != LifecycleState.STOPPED) { server.stop(); } server.destroy(); } } catch (Exception e) { e.printStackTrace(); } } public String getIdpHttpsPort() { return idpHttpsPort; } public String getRpHttpsPort() { return rpHttpsPort; } public String getServletContextName() { return "fedizhelloworld"; } @org.junit.Test public void testHolderOfKey() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet"; String user = "alice"; String password = "ecila"; final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.getOptions().setSSLClientCertificate(this.getClass().getClassLoader().getResource("client.jks"), "storepass", "jks"); webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); final HtmlForm form = idpPage.getFormByName("signinresponseform"); final HtmlSubmitInput button = form.getInputByName("_eventId_submit"); // Test the Subject Confirmation method here DomNodeList<DomElement> results = idpPage.getElementsByTagName("input"); String wresult = null; for (DomElement result : results) { if ("wresult".equals(result.getAttributeNS(null, "name"))) { wresult = result.getAttributeNS(null, "value"); break; } } Assert.assertTrue(wresult != null && wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key")); final HtmlPage rpPage = button.click(); Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText()); final String bodyTextContent = rpPage.getBody().getTextContent(); Assert.assertTrue("Principal not " + user, bodyTextContent.contains("userPrincipal=" + user)); Assert.assertTrue("User " + user + " does not have role Admin", bodyTextContent.contains("role:Admin=false")); Assert.assertTrue("User " + user + " does not have role Manager", bodyTextContent.contains("role:Manager=false")); Assert.assertTrue("User " + user + " must have role User", bodyTextContent.contains("role:User=true")); String claim = ClaimTypes.FIRSTNAME.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'", bodyTextContent.contains(claim + "=Alice")); claim = ClaimTypes.LASTNAME.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'", bodyTextContent.contains(claim + "=Smith")); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue("User " + user + " claim " + claim + " is not 'alice@realma.org'", bodyTextContent.contains(claim + "=alice@realma.org")); webClient.close(); } }