/** Test for various options relating to configuring a KeyIdentifier */ @org.junit.Test public void testConfiguredKeyIdentifiers() throws Exception { TokenIssueOperation issueOperation = new TokenIssueOperation(); issueOperation.setEncryptIssuedToken(true); // Add Token Provider List<TokenProvider> providerList = new ArrayList<TokenProvider>(); providerList.add(new DummyTokenProvider()); issueOperation.setTokenProviders(providerList); // Add Service ServiceMBean service = new StaticService(); service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); if (!unrestrictedPoliciesInstalled) { encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128); } encryptionProperties.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER); service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties()); stsProperties.setEncryptionCrypto(encryptionCrypto); stsProperties.setCallbackHandler(new PasswordCallbackHandler()); issueOperation.setStsProperties(stsProperties); // Mock up a request RequestSecurityTokenType request = new RequestSecurityTokenType(); JAXBElement<String> tokenType = new JAXBElement<String>( QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE); request.getAny().add(tokenType); request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy")); // Mock up message context MessageImpl msg = new MessageImpl(); WrappedMessageContext msgCtx = new WrappedMessageContext(msg); // Issue a token - use various KeyIdentifiers RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx); List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse(); assertTrue(!securityTokenResponse.isEmpty()); encryptionProperties.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER); issueOperation.issue(request, null, msgCtx); encryptionProperties.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER); issueOperation.issue(request, null, msgCtx); encryptionProperties.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER); issueOperation.issue(request, null, msgCtx); try { encryptionProperties.setKeyIdentifierType(WSConstants.BST); issueOperation.issue(request, null, msgCtx); fail("Failure expected on a bad key identifier"); } catch (STSException ex) { // expected } }