TouchInstinct
/
java-cas-client
303
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

CASC-135 

added encryption mechanism to distributed proxy granting ticket storage mechanisms
This commit is contained in:
Scott Battaglia 2010-11-27 23:23:24 +00:00
parent 4a36b023a6
commit cbb51b0506
14 changed files with 227 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

92
cas-client-core/src/main/java/org/jasig/cas/client/proxy/AbstractEncryptedProxyGrantingTicketStorageImpl.java Normal file
View File

@ -0,0 +1,92 @@
package org.jasig.cas.client.proxy;
import javax.crypto.Cipher;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
/**
* Provides encryption capabilities. Not entirely safe to configure since we have no way of controlling the
* key and cipher being set.
*
* @author Scott Battaglia
* @version $Revision$ $Date$
* @since 3.2.0
*/
public abstract class AbstractEncryptedProxyGrantingTicketStorageImpl implements ProxyGrantingTicketStorage {
public static final String DEFAULT_ENCRYPTION_ALGORITHM = "DESede";
private Key key;
private String cipherAlgorithm = DEFAULT_ENCRYPTION_ALGORITHM;
public final void setSecretKey(final String key) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
this.key = SecretKeyFactory.getInstance(this.cipherAlgorithm).generateSecret(new DESedeKeySpec(key.getBytes()));
}
public final void setSecretKey(final Key key) {
this.key = key;
}
/**
* Note: you MUST call this method before calling setSecretKey if you're not using the default algorithm. You've been warned.
*
* @param cipherAlgorithm the cipher algorithm.
*/
public final void setCipherAlgorithm(final String cipherAlgorithm) {
this.cipherAlgorithm = cipherAlgorithm;
}
public final void save(final String proxyGrantingTicketIou, final String proxyGrantingTicket) {
saveInternal(proxyGrantingTicketIou, encrypt(proxyGrantingTicket));
}
public final String retrieve(final String proxyGrantingTicketIou) {
return decrypt(retrieveInternal(proxyGrantingTicketIou));
}
protected abstract void saveInternal(String proxyGrantingTicketIou, String proxyGrantingTicket);
protected abstract String retrieveInternal(String proxyGrantingTicketIou);
private String encrypt(final String value) {
if (this.key == null) {
return value;
}
if (value == null) {
return null;
}
try {
final Cipher cipher = Cipher.getInstance(this.cipherAlgorithm);
cipher.init(Cipher.ENCRYPT_MODE, this.key);
return new String(cipher.doFinal(value.getBytes()));
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
private String decrypt(final String value) {
if (this.key == null) {
return value;
}
if (value == null) {
return null;
}
try {
final Cipher cipher = Cipher.getInstance(this.cipherAlgorithm);
cipher.init(Cipher.DECRYPT_MODE, this.key);
return new String(cipher.doFinal(value.getBytes()));
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
}

16
cas-client-core/src/main/java/org/jasig/cas/client/validation/Cas20ProxyReceivingTicketValidationFilter.java
View File

@ -76,6 +76,22 @@ public class Cas20ProxyReceivingTicketValidationFilter extends AbstractTicketVal
if (proxyGrantingTicketStorageClass != null) {
this.proxyGrantingTicketStorage = ReflectUtils.newInstance(proxyGrantingTicketStorageClass);
if (this.proxyGrantingTicketStorage instanceof AbstractEncryptedProxyGrantingTicketStorageImpl) {
final AbstractEncryptedProxyGrantingTicketStorageImpl p = (AbstractEncryptedProxyGrantingTicketStorageImpl) this.proxyGrantingTicketStorage;
final String cipherAlgorithm = getPropertyFromInitParams(filterConfig, "cipherAlgorithm", AbstractEncryptedProxyGrantingTicketStorageImpl.DEFAULT_ENCRYPTION_ALGORITHM);
final String secretKey = getPropertyFromInitParams(filterConfig, "secretKey", null);
p.setCipherAlgorithm(cipherAlgorithm);
try {
if (secretKey != null) {
p.setSecretKey(secretKey);
}
} catch (final Exception e) {
throw new RuntimeException(e);
}
}
}
log.trace("Setting proxyReceptorUrl parameter: " + this.proxyReceptorUrl);

17
cas-client-core/src/test/java/org/jasig/cas/client/PublicTestHttpServer.java
View File

@ -54,18 +54,15 @@ public final class PublicTestHttpServer extends Thread {
this.header = header.getBytes("ASCII");
}
public static synchronized PublicTestHttpServer instance() {
if (httpServer == null) {
try {
httpServer = new PublicTestHttpServer("test", "ASCII", "text/plain", 8085);
} catch (Exception e) {
throw new RuntimeException(e);
}
httpServer.start();
public static synchronized PublicTestHttpServer instance(final int port) {
try {
final PublicTestHttpServer server = new PublicTestHttpServer("test", "ASCII", "text/plain", port);
server.start();
Thread.yield();
return server;
} catch (Exception e) {
throw new RuntimeException(e);
}
return httpServer;
}
public void shutdown() {

37
cas-client-core/src/test/java/org/jasig/cas/client/jaas/CasLoginModuleTests.java
View File

@ -28,9 +28,12 @@ import java.util.Set;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import junit.framework.TestCase;
import static org.junit.Assert.*;
import org.jasig.cas.client.PublicTestHttpServer;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.Test;
/**
* Unit test for {@link CasLoginModule} class.
@ -39,8 +42,11 @@ import org.jasig.cas.client.PublicTestHttpServer;
* @version $Revision$
*
*/
public class CasLoginModuleTests extends TestCase {
private static final String CONST_CAS_SERVER_URL = "http://localhost:8085/";
public class CasLoginModuleTests {
private static final PublicTestHttpServer server = PublicTestHttpServer.instance(8091);
private static final String CONST_CAS_SERVER_URL = "http://localhost:8091/";
private CasLoginModule module;
@ -48,10 +54,13 @@ public class CasLoginModuleTests extends TestCase {
private Map<String,String> options;
/** {@inheritDoc} */
protected void setUp() throws Exception {
super.setUp();
@AfterClass
public static void classCleanUp() {
server.shutdown();
}
@Before
public void setUp() throws Exception {
module = new CasLoginModule();
subject = new Subject();
options = new HashMap<String,String>();
@ -69,6 +78,7 @@ public class CasLoginModuleTests extends TestCase {
* Test JAAS login success.
* @throws Exception On errors.
*/
@Test
public void testLoginSuccess() throws Exception {
final String USERNAME = "username";
final String SERVICE = "https://example.com/service";
@ -77,7 +87,7 @@ public class CasLoginModuleTests extends TestCase {
+ "<cas:authenticationSuccess><cas:user>"
+ USERNAME
+ "</cas:user></cas:authenticationSuccess></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
module.initialize(
subject,
@ -97,11 +107,12 @@ public class CasLoginModuleTests extends TestCase {
* Test JAAS login failure.
* @throws Exception On errors.
*/
@Test
public void testLoginFailure() throws Exception {
final String SERVICE = "https://example.com/service";
final String TICKET = "ST-200000-aA5Yuvrxzpv8Tau1cYQ7-srv1";
final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationFailure code=\"INVALID_TICKET\">Ticket ST-200000-aA5Yuvrxzpv8Tau1cYQ7-srv1 not recognized</cas:authenticationFailure></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
module.initialize(
subject,
new ServiceAndTicketCallbackHandler(SERVICE, TICKET),
@ -122,6 +133,7 @@ public class CasLoginModuleTests extends TestCase {
* Test JAAS logout after successful login to ensure subject cleanup.
* @throws Exception On errors.
*/
@Test
public void testLogout() throws Exception {
testLoginSuccess();
module.logout();
@ -132,7 +144,8 @@ public class CasLoginModuleTests extends TestCase {
/**
* Test assertion cache allows successive logins with same ticket to succeed.
* @throws Exception On errors.
*/
*/
@Test
public void testAssertionCaching() throws Exception {
final String USERNAME = "username";
final String SERVICE = "https://example.com/service";
@ -142,7 +155,7 @@ public class CasLoginModuleTests extends TestCase {
+ USERNAME
+ "</cas:user></cas:authenticationSuccess></cas:serviceResponse>";
final String RESPONSE2 = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationFailure code=\"INVALID_TICKET\">Ticket ST-300000-aA5Yuvrxzpv8Tau1cYQ7-srv1 not recognized</cas:authenticationFailure></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE1.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE1.getBytes(server.encoding);
options.put("cacheAssertions", "true");
options.put("cacheTimeout", "1");
@ -160,7 +173,7 @@ public class CasLoginModuleTests extends TestCase {
module.logout();
assertEquals(0, subject.getPrincipals().size());
assertEquals(0, subject.getPrivateCredentials().size());
PublicTestHttpServer.instance().content = RESPONSE2.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE2.getBytes(server.encoding);
module.initialize(
subject,
new ServiceAndTicketCallbackHandler(SERVICE, TICKET),

2
cas-client-core/src/test/java/org/jasig/cas/client/validation/AbstractTicketValidatorTests.java
View File

@ -28,7 +28,7 @@ package org.jasig.cas.client.validation;
*/
public abstract class AbstractTicketValidatorTests {
protected static final String CONST_CAS_SERVER_URL = "http://localhost:8085/";
protected static final String CONST_CAS_SERVER_URL_PREFIX = "http://localhost:";
protected static final String CONST_USERNAME = "username";
}

16
cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas10TicketValidatorTests.java
View File

@ -38,6 +38,8 @@ import static org.junit.Assert.*;
*/
public final class Cas10TicketValidatorTests extends AbstractTicketValidatorTests {
private static final PublicTestHttpServer server = PublicTestHttpServer.instance(8090);
private Cas10TicketValidator ticketValidator;
public Cas10TicketValidatorTests() {
@ -46,18 +48,17 @@ public final class Cas10TicketValidatorTests extends AbstractTicketValidatorTest
@AfterClass
public static void classCleanUp() {
PublicTestHttpServer.instance().shutdown();
server.shutdown();
}
@Before
public void setUp() throws Exception {
this.ticketValidator = new Cas10TicketValidator(CONST_CAS_SERVER_URL);
this.ticketValidator = new Cas10TicketValidator(CONST_CAS_SERVER_URL_PREFIX + "8090");
}
@Test
public void testNoResponse() throws Exception {
PublicTestHttpServer.instance().content = "no\n\n"
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = "no\n\n".getBytes(server.encoding);
try {
this.ticketValidator.validate("testTicket",
"myService");
@ -70,8 +71,7 @@ public final class Cas10TicketValidatorTests extends AbstractTicketValidatorTest
@Test
public void testYesResponse() throws TicketValidationException,
UnsupportedEncodingException {
PublicTestHttpServer.instance().content = "yes\nusername\n\n"
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = "yes\nusername\n\n".getBytes(server.encoding);
final Assertion assertion = this.ticketValidator.validate("testTicket",
"myService");
assertEquals(CONST_USERNAME, assertion.getPrincipal().getName());
@ -79,8 +79,8 @@ public final class Cas10TicketValidatorTests extends AbstractTicketValidatorTest
@Test
public void testBadResponse() throws UnsupportedEncodingException {
PublicTestHttpServer.instance().content = "falalala\n\n"
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = "falalala\n\n"
.getBytes(server.encoding);
try {
this.ticketValidator.validate("testTicket",
"myService");

24
cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ProxyTicketValidatorTests.java
View File

@ -41,8 +41,9 @@ import static org.junit.Assert.*;
* @version $Revision: 11737 $ $Date: 2007-10-03 09:14:02 -0400 (Tue, 03 Oct 2007) $
* @since 3.0
*/
public final class Cas20ProxyTicketValidatorTests extends
AbstractTicketValidatorTests {
public final class Cas20ProxyTicketValidatorTests extends AbstractTicketValidatorTests {
private static final PublicTestHttpServer server = PublicTestHttpServer.instance(8089);
private Cas20ProxyTicketValidator ticketValidator;
@ -52,7 +53,7 @@ public final class Cas20ProxyTicketValidatorTests extends
@AfterClass
public static void classCleanUp() {
PublicTestHttpServer.instance().shutdown();
server.shutdown();
}
@Before
@ -60,7 +61,7 @@ public final class Cas20ProxyTicketValidatorTests extends
final List<String[]> list = new ArrayList<String[]>();
list.add(new String[] {"proxy1", "proxy2", "proxy3"});
this.ticketValidator = new Cas20ProxyTicketValidator(CONST_CAS_SERVER_URL);
this.ticketValidator = new Cas20ProxyTicketValidator(CONST_CAS_SERVER_URL_PREFIX + "8089");
this.ticketValidator.setRenew(true);
this.ticketValidator.setProxyCallbackUrl("test");
this.ticketValidator.setProxyGrantingTicketStorage(getProxyGrantingTicketStorage());
@ -89,8 +90,7 @@ public final class Cas20ProxyTicketValidatorTests extends
UnsupportedEncodingException {
final String USERNAME = "username";
final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy1</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
final Assertion assertion = this.ticketValidator.validate("test",
"test");
@ -101,8 +101,7 @@ public final class Cas20ProxyTicketValidatorTests extends
public void testProxyChainWithInvalidProxy() throws TicketValidationException,
UnsupportedEncodingException {
final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy7</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
try {
this.ticketValidator.validate("test", "test");
@ -113,18 +112,15 @@ public final class Cas20ProxyTicketValidatorTests extends
}
@Test
public void testConstructionFromSpringBean() throws TicketValidationException,
UnsupportedEncodingException {
public void testConstructionFromSpringBean() throws TicketValidationException, UnsupportedEncodingException {
final ClassPathXmlApplicationContext context = new ClassPathXmlApplicationContext("classpath:cas20ProxyTicketValidator.xml");
final Cas20ProxyTicketValidator v = (Cas20ProxyTicketValidator) context.getBean("proxyTicketValidator");
final String USERNAME = "username";
final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>username</cas:user><cas:proxyGrantingTicket>PGTIOU-84678-8a9d...</cas:proxyGrantingTicket><cas:proxies><cas:proxy>proxy1</cas:proxy><cas:proxy>proxy2</cas:proxy><cas:proxy>proxy3</cas:proxy></cas:proxies></cas:authenticationSuccess></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
final Assertion assertion = v.validate("test",
"test");
final Assertion assertion = v.validate("test","test");
assertEquals(USERNAME, assertion.getPrincipal().getName());
}

23
cas-client-core/src/test/java/org/jasig/cas/client/validation/Cas20ServiceTicketValidatorTests.java
View File

@ -41,6 +41,8 @@ import java.io.UnsupportedEncodingException;
*/
public final class Cas20ServiceTicketValidatorTests extends AbstractTicketValidatorTests {
private static final PublicTestHttpServer server = PublicTestHttpServer.instance(8088);
private Cas20ServiceTicketValidator ticketValidator;
private ProxyGrantingTicketStorage proxyGrantingTicketStorage;
@ -51,13 +53,13 @@ public final class Cas20ServiceTicketValidatorTests extends AbstractTicketValida
@AfterClass
public static void classCleanUp() {
PublicTestHttpServer.instance().shutdown();
server.shutdown();
}
@Before
public void setUp() throws Exception {
this.proxyGrantingTicketStorage = getProxyGrantingTicketStorage();
this.ticketValidator = new Cas20ServiceTicketValidator(CONST_CAS_SERVER_URL);
this.ticketValidator = new Cas20ServiceTicketValidator(CONST_CAS_SERVER_URL_PREFIX + "8088");
this.ticketValidator.setProxyCallbackUrl("test");
this.ticketValidator.setProxyGrantingTicketStorage(getProxyGrantingTicketStorage());
this.ticketValidator.setProxyRetriever(getProxyRetriever());
@ -83,8 +85,7 @@ public final class Cas20ServiceTicketValidatorTests extends AbstractTicketValida
@Test
public void testNoResponse() throws UnsupportedEncodingException {
final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationFailure code=\"INVALID_TICKET\">Ticket ST-1856339-aA5Yuvrxzpv8Tau1cYQ7 not recognized</cas:authenticationFailure></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
try {
this.ticketValidator.validate("test", "test");
fail("ValidationException expected due to 'no' response");
@ -100,8 +101,7 @@ public final class Cas20ServiceTicketValidatorTests extends AbstractTicketValida
final String RESPONSE = "<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'><cas:authenticationSuccess><cas:user>"
+ USERNAME
+ "</cas:user></cas:authenticationSuccess></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
final Assertion assertion = this.ticketValidator.validate("test",
"test");
@ -121,9 +121,7 @@ public final class Cas20ServiceTicketValidatorTests extends AbstractTicketValida
+ PGTIOU
+ "</cas:proxyGrantingTicket></cas:authenticationSuccess></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
this.proxyGrantingTicketStorage.save(PGTIOU, PGT);
final Assertion assertion = this.ticketValidator.validate("test",
@ -143,9 +141,7 @@ public final class Cas20ServiceTicketValidatorTests extends AbstractTicketValida
+ PGTIOU
+ "</cas:proxyGrantingTicket><cas:attributes>\n<cas:password>test</cas:password>\n<cas:eduPersonId>id</cas:eduPersonId>\n</cas:attributes></cas:authenticationSuccess></cas:serviceResponse>";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
final Assertion assertion = this.ticketValidator.validate("test", "test");
assertEquals(USERNAME, assertion.getPrincipal().getName());
assertEquals("test", assertion.getPrincipal().getAttributes().get("password"));
@ -156,8 +152,7 @@ public final class Cas20ServiceTicketValidatorTests extends AbstractTicketValida
@Test
public void testInvalidResponse() throws Exception {
final String RESPONSE = "<root />";
PublicTestHttpServer.instance().content = RESPONSE
.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
try {
this.ticketValidator.validate("test", "test");
fail("ValidationException expected due to invalid response.");

13
cas-client-core/src/test/java/org/jasig/cas/client/validation/Saml11TicketValidatorTests.java
View File

@ -21,6 +21,7 @@ package org.jasig.cas.client.validation;
import org.jasig.cas.client.PublicTestHttpServer;
import org.jasig.cas.client.util.CommonUtils;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.Test;
@ -39,15 +40,17 @@ public final class Saml11TicketValidatorTests extends AbstractTicketValidatorTes
private Saml11TicketValidator validator;
private static final PublicTestHttpServer server = PublicTestHttpServer.instance(8087);
@Before
public void setUp() throws Exception {
this.validator = new Saml11TicketValidator(CONST_CAS_SERVER_URL);
this.validator = new Saml11TicketValidator(CONST_CAS_SERVER_URL_PREFIX + "8087");
this.validator.setTolerance(1000L);
}
@AfterClass
public static void classCleanUp() {
PublicTestHttpServer.instance().shutdown();
public static void cleanUp() throws Exception {
server.shutdown();
}
@Test
@ -64,7 +67,7 @@ public final class Saml11TicketValidatorTests extends AbstractTicketValidatorTes
" ResponseID=\"_3b62bece2e8da1c10279db04882012ac\"><Status><StatusCode\n" +
" Value=\"samlp:Responder\"></StatusCode><StatusMessage>Success</StatusMessage></Status></Response></SOAP-ENV:Body></SOAP-ENV:Envelope>";
PublicTestHttpServer.instance().content = RESPONSE.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
try {
this.validator.validate("test", "test");
fail("ValidationException expected due to 'no' response");
@ -79,7 +82,7 @@ public final class Saml11TicketValidatorTests extends AbstractTicketValidatorTes
final Date before = new Date(now.getTime() - 5000);
final Date after = new Date(now.getTime() + 200000000);
final String RESPONSE = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><SOAP-ENV:Envelope xmlns:SOAP-ENV=\"http://schemas.xmlsoap.org/soap/envelope/\"><SOAP-ENV:Header/><SOAP-ENV:Body><Response xmlns=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" IssueInstant=\"" + CommonUtils.formatForUtcTime(now) + "\" MajorVersion=\"1\" MinorVersion=\"1\" Recipient=\"test\" ResponseID=\"_e1e2124c08ab456eab0bbab3e1c0c433\"><Status><StatusCode Value=\"samlp:Success\"></StatusCode></Status><Assertion xmlns=\"urn:oasis:names:tc:SAML:1.0:assertion\" AssertionID=\"_d2fd0d6e4da6a6d7d2ba5274ab570d5c\" IssueInstant=\"" + CommonUtils.formatForUtcTime(now) + "\" Issuer=\"testIssuer\" MajorVersion=\"1\" MinorVersion=\"1\"><Conditions NotBefore=\"" + CommonUtils.formatForUtcTime(before) + "\" NotOnOrAfter=\"" + CommonUtils.formatForUtcTime(after) + "\"><AudienceRestrictionCondition><Audience>test</Audience></AudienceRestrictionCondition></Conditions><AuthenticationStatement AuthenticationInstant=\"2008-06-19T14:34:44.426Z\" AuthenticationMethod=\"urn:ietf:rfc:2246\"><Subject><NameIdentifier>testPrincipal</NameIdentifier><SubjectConfirmation><ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod></SubjectConfirmation></Subject></AuthenticationStatement></Assertion></Response></SOAP-ENV:Body></SOAP-ENV:Envelope>";
PublicTestHttpServer.instance().content = RESPONSE.getBytes(PublicTestHttpServer.instance().encoding);
server.content = RESPONSE.getBytes(server.encoding);
try {
final Assertion a = this.validator.validate("test", "test");
assertEquals("testPrincipal", a.getPrincipal().getName());

4
cas-client-core/src/test/resources/cas20ProxyTicketValidator.xml
View File

@ -26,7 +26,7 @@
<bean id="proxyTicketValidator"
class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator">
<constructor-arg index="0" value="http://localhost:8085/" />
<constructor-arg index="0" value="http://localhost:8089/" />
<property name="allowedProxyChains">
<value>
test test2 test3 test4 test5
@ -41,6 +41,6 @@
<bean id="proxyTicketValidatorWithAllowAnyProxy"
class="org.jasig.cas.client.validation.Cas20ProxyTicketValidator"
p:acceptAnyProxy="true">
<constructor-arg index="0" value="http://localhost:8085/" />
<constructor-arg index="0" value="http://localhost:8089/" />
</bean>
</beans>

7
cas-client-support-distributed-ehcache/pom.xml
View File

@ -29,6 +29,13 @@
<type>jar</type>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
<version>1.6.1</version>
<scope>test</scope>
</dependency>
</dependencies>
</project>

16
cas-client-support-distributed-ehcache/src/main/java/org/jasig/cas/client/proxy/EhcacheBackedProxyGrantingTicketStorageImpl.java
View File

@ -26,12 +26,16 @@ import net.sf.ehcache.distribution.RemoteCacheException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
/**
* @author Scott Battaglia
* @version $Revision$ $Date$
* @since 3.1.9
*/
public final class EhcacheBackedProxyGrantingTicketStorageImpl implements ProxyGrantingTicketStorage {
public final class EhcacheBackedProxyGrantingTicketStorageImpl extends AbstractEncryptedProxyGrantingTicketStorageImpl {
public static final String EHCACHE_CACHE_NAME = "org.jasig.cas.client.proxy.EhcacheBackedProxyGrantingTicketStorageImpl.cache";
@ -45,11 +49,15 @@ public final class EhcacheBackedProxyGrantingTicketStorageImpl implements ProxyG
}
public EhcacheBackedProxyGrantingTicketStorageImpl(final Cache cache) {
super();
this.cache = cache;
}
public void save(final String proxyGrantingTicketIou, final String proxyGrantingTicket) {
public EhcacheBackedProxyGrantingTicketStorageImpl(final String secret) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
this.cache = CacheManager.getInstance().getCache(EHCACHE_CACHE_NAME);
}
public void saveInternal(final String proxyGrantingTicketIou, final String proxyGrantingTicket) {
final Element element = new Element(proxyGrantingTicketIou, proxyGrantingTicket);
try {
this.cache.put(element);
@ -58,7 +66,7 @@ public final class EhcacheBackedProxyGrantingTicketStorageImpl implements ProxyG
}
}
public String retrieve(final String proxyGrantingTicketIou) {
public String retrieveInternal(final String proxyGrantingTicketIou) {
final Element element = this.cache.get(proxyGrantingTicketIou);
if (element == null) {

27
cas-client-support-distributed-ehcache/src/test/java/EhCacheBackedProxyGrantingTicketStorageImplTests.java Normal file
View File

@ -0,0 +1,27 @@
import junit.framework.TestCase;
import net.sf.ehcache.Cache;
import net.sf.ehcache.CacheManager;
import net.sf.ehcache.Ehcache;
import org.jasig.cas.client.proxy.EhcacheBackedProxyGrantingTicketStorageImpl;
/**
* @author Scott Battaglia
* @version $Revision$ $Date$
* @since 3.2.0
*/
public class EhCacheBackedProxyGrantingTicketStorageImplTests extends TestCase {
public void testEncryptionMechanisms() throws Exception {
final Cache ehcache = new Cache("name", 100,false, false, 500, 500);
CacheManager.getInstance().addCache(ehcache);
final EhcacheBackedProxyGrantingTicketStorageImpl cache = new EhcacheBackedProxyGrantingTicketStorageImpl(ehcache);
cache.setSecretKey("thismustbeatleast24charactersandcannotbelessthanthat");
assertNull(cache.retrieve(null));
assertNull(cache.retrieve("foobar"));
cache.save("proxyGrantingTicketIou", "proxyGrantingTicket");
assertEquals("proxyGrantingTicket", cache.retrieve("proxyGrantingTicketIou"));
assertFalse("proxyGrantingTicket".equals(ehcache.get("proxyGrantingTicketIou").getValue()));
}
}

6
cas-client-support-distributed-memcached/src/main/java/org/jasig/cas/client/proxy/MemcachedBackedProxyGrantingTicketStorageImpl.java
View File

@ -35,7 +35,7 @@ import java.util.concurrent.Future;
* @version $Revision$ $Date$
* @since 3.1.9
*/
public final class MemcachedBackedProxyGrantingTicketStorageImpl implements ProxyGrantingTicketStorage {
public final class MemcachedBackedProxyGrantingTicketStorageImpl extends AbstractEncryptedProxyGrantingTicketStorageImpl {
private final MemcachedClient client;
@ -92,11 +92,11 @@ public final class MemcachedBackedProxyGrantingTicketStorageImpl implements Prox
}
public void save(final String proxyGrantingTicketIou, final String proxyGrantingTicket) {
public void saveInternal(final String proxyGrantingTicketIou, final String proxyGrantingTicket) {
handleSynchronousRequest(this.client.add(proxyGrantingTicketIou, 120, proxyGrantingTicket));
}
public String retrieve(final String proxyGrantingTicketIou) {
public String retrieveInternal(final String proxyGrantingTicketIou) {
return (String) this.client.get(proxyGrantingTicketIou);
}