Google Git
Sign in
apache / cxf-fediz / 06fdda5c2905fafe2662cebb3de937206769542e / . / plugins / core / src / test / java / org / apache / cxf / fediz / core / config / FedizConfigurationTest.java
blob: d8c3ac108c8c9bb332b103fb082ea758d5551193 [file] [log] [blame]
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package org.apache.cxf.fediz.core.config;
import java.io.File;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.math.BigInteger;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
import org.apache.cxf.fediz.common.SecurityTestUtil;
import org.apache.cxf.fediz.core.ClaimTypes;
import org.apache.cxf.fediz.core.config.jaxb.ArgumentType;
import org.apache.cxf.fediz.core.config.jaxb.AudienceUris;
import org.apache.cxf.fediz.core.config.jaxb.CallbackType;
import org.apache.cxf.fediz.core.config.jaxb.CertificateStores;
import org.apache.cxf.fediz.core.config.jaxb.ClaimType;
import org.apache.cxf.fediz.core.config.jaxb.ClaimTypesRequested;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.FedizConfig;
import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.SamlProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuers;
import org.apache.cxf.fediz.core.config.jaxb.ValidationType;
import org.apache.cxf.fediz.core.exception.ProcessingException;
import org.apache.cxf.fediz.core.processor.ClaimsProcessor;
import org.apache.wss4j.common.cache.EHCacheReplayCache;
import org.apache.wss4j.common.cache.MemoryReplayCache;
import org.apache.wss4j.common.cache.ReplayCache;
import org.junit.AfterClass;
import org.junit.Assert;
public class FedizConfigurationTest {
private static final String ISSUER = "http://url_to_the_issuer";
private static final String PROTOCOL_VERSION = "1.0.0";
//private static final String REQUEST = "request value";
private static final String REPLY = "reply value";
private static final String TARGET_REALM = "target realm";
private static final String HOME_REALM_CLASS = "org.apache.fediz.realm.MyHomeRealm";
private static final String FRESHNESS_VALUE = "10000";
private static final String CONFIG_NAME = "ROOT";
private static final String CLOCK_SKEW = "1000";
private static final String KEYSTORE_PASSWORD_1 = "passw0rd1";
private static final String KEYSTORE_RESOURCE_PATH_1 = "org.apache.fediz.kestore1";
private static final String KEYSTORE_PASSWORD_2 = "passw0rd2";
private static final String KEYSTORE_RESOURCE_PATH_2 = "org.apache.fediz.kestore2";
private static final String KEYSTORE_PASSWORD_3 = "passw0rd3";
private static final String KEYSTORE_RESOURCE_PATH_3 = "org.apache.fediz.kestore3";
private static final String AUTH_TYPE_VALUE = "some auth type";
private static final String AUDIENCE_URI_1 = "http://host_one:port/url";
private static final String AUDIENCE_URI_2 = "http://host_two:port/url";
private static final String AUDIENCE_URI_3 = "http://host_three:port/url";
private static final String ROLE_DELIMITER = ";";
private static final String ROLE_URI = "http://someserver:8080/path/roles.uri";
private static final String CLAIM_TYPE_1 = ClaimTypes.FIRSTNAME.toString();
private static final String CLAIM_TYPE_2 = ClaimTypes.LASTNAME.toString();
private static final String SUBJECT_VALUE_1 = ".*CN=www.sts1.com.*";
private static final String SUBJECT_VALUE_2 = ".*CN=www.sts2.com.*";
private static final String SUBJECT_VALUE_3 = ".*CN=www.sts3.com.*";
private static final String CLAIMS_PROCESSOR_CLASS = "org.apache.cxf.fediz.common.ClaimCopyProcessor";
private static final String CONFIG_FILE = "./target/fedizconfig.xml";
@AfterClass
public static void cleanup() {
SecurityTestUtil.cleanup();
}
//CHECKSTYLE:OFF
private FedizConfig createConfiguration(boolean federation) throws JAXBException {
FedizConfig rootConfig = new FedizConfig();
ContextConfig config = new ContextConfig();
rootConfig.getContextConfig().add(config);
config.setName(CONFIG_NAME);
config.setMaximumClockSkew(new BigInteger(CLOCK_SKEW));
CertificateStores certStores = new CertificateStores();
TrustManagersType tm0 = new TrustManagersType();
KeyStoreType ks0 = new KeyStoreType();
ks0.setType("JKS");
ks0.setPassword(KEYSTORE_PASSWORD_1);
ks0.setResource(KEYSTORE_RESOURCE_PATH_1);
tm0.setKeyStore(ks0);
certStores.getTrustManager().add(tm0);
TrustManagersType tm1 = new TrustManagersType();
KeyStoreType ks1 = new KeyStoreType();
ks1.setType("JKS");
ks1.setPassword(KEYSTORE_PASSWORD_2);
ks1.setResource(KEYSTORE_RESOURCE_PATH_2);
tm1.setKeyStore(ks1);
certStores.getTrustManager().add(tm1);
TrustManagersType tm2 = new TrustManagersType();
KeyStoreType ks2 = new KeyStoreType();
ks2.setType("JKS");
ks2.setPassword(KEYSTORE_PASSWORD_3);
ks2.setResource(KEYSTORE_RESOURCE_PATH_3);
tm2.setKeyStore(ks2);
certStores.getTrustManager().add(tm2);
config.setCertificateStores(certStores);
TrustedIssuers trustedIssuers = new TrustedIssuers();
TrustedIssuerType ti0 = new TrustedIssuerType();
ti0.setCertificateValidation(ValidationType.CHAIN_TRUST);
ti0.setName("issuer1");
ti0.setSubject(SUBJECT_VALUE_1);
trustedIssuers.getIssuer().add(ti0);
TrustedIssuerType ti1 = new TrustedIssuerType();
ti1.setCertificateValidation(ValidationType.CHAIN_TRUST);
ti1.setName("issuer1");
ti1.setSubject(SUBJECT_VALUE_2);
trustedIssuers.getIssuer().add(ti1);
TrustedIssuerType ti2 = new TrustedIssuerType();
ti2.setCertificateValidation(ValidationType.CHAIN_TRUST);
ti2.setName("issuer1");
ti2.setSubject(SUBJECT_VALUE_3);
trustedIssuers.getIssuer().add(ti2);
config.setTrustedIssuers(trustedIssuers);
final ProtocolType protocol;
if (federation) {
protocol = new FederationProtocolType();
CallbackType authType = new CallbackType();
authType.setType(ArgumentType.STRING);
authType.setValue(AUTH_TYPE_VALUE);
((FederationProtocolType)protocol).setAuthenticationType(authType);
CallbackType freshness = new CallbackType();
freshness.setValue(FRESHNESS_VALUE);
((FederationProtocolType)protocol).setFreshness(freshness);
CallbackType homeRealm = new CallbackType();
homeRealm.setType(ArgumentType.CLASS);
homeRealm.setValue(HOME_REALM_CLASS);
((FederationProtocolType)protocol).setHomeRealm(homeRealm);
CallbackType reply = new CallbackType();
reply.setValue(REPLY);
((FederationProtocolType)protocol).setReply(reply);
((FederationProtocolType)protocol).setVersion(PROTOCOL_VERSION);
} else {
protocol = new SamlProtocolType();
}
config.setProtocol(protocol);
AudienceUris audienceUris = new AudienceUris();
audienceUris.getAudienceItem().add(AUDIENCE_URI_1);
audienceUris.getAudienceItem().add(AUDIENCE_URI_2);
audienceUris.getAudienceItem().add(AUDIENCE_URI_3);
config.setAudienceUris(audienceUris);
protocol.setRoleDelimiter(ROLE_DELIMITER);
protocol.setRoleURI(ROLE_URI);
ClaimTypesRequested claimTypeReq = new ClaimTypesRequested();
ClaimType claimType = new ClaimType();
claimType.setOptional(true);
claimType.setType(CLAIM_TYPE_1);
claimTypeReq.getClaimType().add(claimType);
ClaimType claimType2 = new ClaimType();
claimType2.setOptional(true);
claimType2.setType(CLAIM_TYPE_2);
claimTypeReq.getClaimType().add(claimType2);
protocol.setClaimTypesRequested(claimTypeReq);
CallbackType realm = new CallbackType();
realm.setValue(TARGET_REALM);
protocol.setRealm(realm);
CallbackType issuer = new CallbackType();
issuer.setValue(ISSUER);
protocol.setIssuer(issuer);
CallbackType claimsProcessor = new CallbackType();
claimsProcessor.setType(ArgumentType.CLASS);
claimsProcessor.setValue(CLAIMS_PROCESSOR_CLASS);
config.setClaimsProcessor(claimsProcessor);
return rootConfig;
}
@org.junit.Test
public void readWriteConfigFederation() throws JAXBException {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
FedizConfig configOut = createConfiguration(true);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
jaxbContext.createUnmarshaller().unmarshal(reader);
}
@org.junit.Test
public void readWriteConfigSAML() throws JAXBException {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
FedizConfig configOut = createConfiguration(false);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
jaxbContext.createUnmarshaller().unmarshal(reader);
}
@org.junit.Test
public void testSaveAndLoadConfigFederation() throws JAXBException, IOException {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
FedizConfig configOut = createConfiguration(true);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
File f = new File(CONFIG_FILE);
f.createNewFile();
configurator.saveConfiguration(f);
configurator = new FedizConfigurator();
f = new File(CONFIG_FILE);
configurator.loadConfig(f);
}
@org.junit.Test
public void testSaveAndLoadConfigSAML() throws JAXBException, IOException {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
FedizConfig configOut = createConfiguration(false);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
File f = new File(CONFIG_FILE);
f.createNewFile();
configurator.saveConfiguration(f);
configurator = new FedizConfigurator();
f = new File(CONFIG_FILE);
configurator.loadConfig(f);
}
@org.junit.Test
public void verifyConfigFederation() throws JAXBException {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
FedizConfigurator configurator = new FedizConfigurator();
FedizConfig configOut = createConfiguration(true);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
configurator.loadConfig(reader);
ContextConfig config = configurator.getContextConfig(CONFIG_NAME);
Assert.assertNotNull(config);
AudienceUris audience = config.getAudienceUris();
Assert.assertEquals(3, audience.getAudienceItem().size());
Assert.assertTrue(config.getProtocol() instanceof FederationProtocolType);
FederationProtocolType fp = (FederationProtocolType) config
.getProtocol();
Assert.assertEquals(HOME_REALM_CLASS, fp.getHomeRealm().getValue());
}
@org.junit.Test
public void verifyConfigSAML() throws JAXBException {
final JAXBContext jaxbContext = JAXBContext
.newInstance(FedizConfig.class);
FedizConfigurator configurator = new FedizConfigurator();
FedizConfig configOut = createConfiguration(false);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
configurator.loadConfig(reader);
ContextConfig config = configurator.getContextConfig(CONFIG_NAME);
Assert.assertNotNull(config);
AudienceUris audience = config.getAudienceUris();
Assert.assertEquals(3, audience.getAudienceItem().size());
Assert.assertTrue(config.getProtocol() instanceof SamlProtocolType);
}
@org.junit.Test
public void testTokenReplayCacheFederation() throws Exception {
FedizConfig config = createConfiguration(true);
// Test the default TokenReplayCache
ReplayCache defaultReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(defaultReplayCache);
Assert.assertTrue(defaultReplayCache instanceof EHCacheReplayCache);
// Now test setting another TokenReplayCache
ContextConfig contextConfig = config.getContextConfig().get(0);
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.MemoryReplayCache");
ReplayCache newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof MemoryReplayCache);
// Now test setting another TokenReplayCache
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.EHCacheReplayCache");
newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof EHCacheReplayCache);
}
@org.junit.Test
public void testTokenReplayCacheSAML() throws Exception {
FedizConfig config = createConfiguration(false);
// Test the default TokenReplayCache
ReplayCache defaultReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(defaultReplayCache);
Assert.assertTrue(defaultReplayCache instanceof EHCacheReplayCache);
// Now test setting another TokenReplayCache
ContextConfig contextConfig = config.getContextConfig().get(0);
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.MemoryReplayCache");
ReplayCache newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof MemoryReplayCache);
// Now test setting another TokenReplayCache
contextConfig.setTokenReplayCache("org.apache.wss4j.common.cache.EHCacheReplayCache");
newReplayCache = parseConfigAndReturnTokenReplayCache(config);
Assert.assertNotNull(newReplayCache);
Assert.assertTrue(newReplayCache instanceof EHCacheReplayCache);
}
private ReplayCache parseConfigAndReturnTokenReplayCache(FedizConfig config)
throws JAXBException, ProcessingException {
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(config, writer);
StringReader reader = new StringReader(writer.toString());
FedizConfigurator configurator = new FedizConfigurator();
configurator.loadConfig(reader);
FedizContext fedContext = configurator.getFedizContext(CONFIG_NAME);
Assert.assertNotNull(fedContext);
return fedContext.getTokenReplayCache();
}
@org.junit.Test
public void testDefaultValues() throws JAXBException, IOException {
ContextConfig config = new ContextConfig();
Assert.assertTrue(config.getMaximumClockSkew().intValue() == 5);
Assert.assertFalse(config.isTokenExpirationValidation());
Assert.assertTrue(config.isRequestStateValidation());
}
@org.junit.Test
public void testClaimProcessor() throws JAXBException, IOException {
final JAXBContext jaxbContext = JAXBContext.newInstance(FedizConfig.class);
FedizConfigurator configurator = new FedizConfigurator();
FedizConfig configOut = createConfiguration(true);
StringWriter writer = new StringWriter();
jaxbContext.createMarshaller().marshal(configOut, writer);
StringReader reader = new StringReader(writer.toString());
configurator.loadConfig(reader);
FedizContext fedContext = configurator.getFedizContext(CONFIG_NAME);
List<ClaimsProcessor> claimsProcessor = fedContext.getClaimsProcessor();
Assert.assertNotNull(claimsProcessor);
Assert.assertEquals(1, claimsProcessor.size());
List<org.apache.cxf.fediz.core.Claim> inputClaims = new ArrayList<>();
org.apache.cxf.fediz.core.Claim claim = new org.apache.cxf.fediz.core.Claim();
claim.setClaimType(URI.create(CLAIM_TYPE_1));
claim.setValue("Alice");
inputClaims.add(claim);
List<org.apache.cxf.fediz.core.Claim> processedClaims = claimsProcessor.get(0).processClaims(inputClaims);
Assert.assertEquals(inputClaims, processedClaims);
}
}