use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.
the class TokenRenewOperation method createResponse.
protected RequestSecurityTokenResponseType createResponse(EncryptionProperties encryptionProperties, TokenRenewerResponse tokenRenewerResponse, TokenRequirements tokenRequirements, KeyRequirements keyRequirements) throws WSSecurityException {
RequestSecurityTokenResponseType response = QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
String context = tokenRequirements.getContext();
if (context != null) {
response.setContext(context);
}
// TokenType
JAXBElement<String> jaxbTokenType = QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenRequirements.getTokenType());
response.getAny().add(jaxbTokenType);
// RequestedSecurityToken
RequestedSecurityTokenType requestedTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
JAXBElement<RequestedSecurityTokenType> requestedToken = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
LOG.fine("Encrypting Issued Token: " + encryptIssuedToken);
requestedTokenType.setAny(tokenRenewerResponse.getToken());
response.getAny().add(requestedToken);
if (returnReferences) {
// RequestedAttachedReference
TokenReference attachedReference = tokenRenewerResponse.getAttachedReference();
final RequestedReferenceType requestedAttachedReferenceType;
if (attachedReference != null) {
requestedAttachedReferenceType = createRequestedReference(attachedReference, true);
} else {
requestedAttachedReferenceType = createRequestedReference(tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(), true);
}
JAXBElement<RequestedReferenceType> requestedAttachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(requestedAttachedReferenceType);
response.getAny().add(requestedAttachedReference);
// RequestedUnattachedReference
TokenReference unAttachedReference = tokenRenewerResponse.getUnAttachedReference();
final RequestedReferenceType requestedUnattachedReferenceType;
if (unAttachedReference != null) {
requestedUnattachedReferenceType = createRequestedReference(unAttachedReference, false);
} else {
requestedUnattachedReferenceType = createRequestedReference(tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(), false);
}
JAXBElement<RequestedReferenceType> requestedUnattachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(requestedUnattachedReferenceType);
response.getAny().add(requestedUnattachedReference);
}
// AppliesTo
response.getAny().add(tokenRequirements.getAppliesTo());
// Lifetime
if (includeLifetimeElement) {
LifetimeType lifetime = createLifetime(tokenRenewerResponse.getCreated(), tokenRenewerResponse.getExpires());
JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
response.getAny().add(lifetimeType);
}
return response;
}
use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.
the class TokenValidateOperation method createResponse.
protected RequestSecurityTokenResponseType createResponse(TokenValidatorResponse tokenResponse, TokenProviderResponse tokenProviderResponse, TokenRequirements tokenRequirements) throws WSSecurityException {
RequestSecurityTokenResponseType response = QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
String context = tokenRequirements.getContext();
if (context != null) {
response.setContext(context);
}
// TokenType
boolean valid = tokenResponse.getToken().getState() == STATE.VALID;
String tokenType = tokenRequirements.getTokenType();
if (valid || STSConstants.STATUS.equals(tokenType)) {
JAXBElement<String> jaxbTokenType = QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenType);
response.getAny().add(jaxbTokenType);
}
// Status
StatusType statusType = QNameConstants.WS_TRUST_FACTORY.createStatusType();
if (valid) {
statusType.setCode(STSConstants.VALID_CODE);
statusType.setReason(STSConstants.VALID_REASON);
} else {
statusType.setCode(STSConstants.INVALID_CODE);
statusType.setReason(STSConstants.INVALID_REASON);
}
JAXBElement<StatusType> status = QNameConstants.WS_TRUST_FACTORY.createStatus(statusType);
response.getAny().add(status);
// RequestedSecurityToken
if (valid && !STSConstants.STATUS.equals(tokenType) && tokenProviderResponse != null && tokenProviderResponse.getToken() != null) {
RequestedSecurityTokenType requestedTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
JAXBElement<RequestedSecurityTokenType> requestedToken = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
tokenWrapper.wrapToken(tokenProviderResponse.getToken(), requestedTokenType);
response.getAny().add(requestedToken);
// Lifetime
if (includeLifetimeElement) {
LifetimeType lifetime = createLifetime(tokenProviderResponse.getCreated(), tokenProviderResponse.getExpires());
JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
response.getAny().add(lifetimeType);
}
if (returnReferences) {
// RequestedAttachedReference
TokenReference attachedReference = tokenProviderResponse.getAttachedReference();
final RequestedReferenceType requestedAttachedReferenceType;
if (attachedReference != null) {
requestedAttachedReferenceType = createRequestedReference(attachedReference, true);
} else {
requestedAttachedReferenceType = createRequestedReference(tokenProviderResponse.getTokenId(), tokenRequirements.getTokenType(), true);
}
JAXBElement<RequestedReferenceType> requestedAttachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(requestedAttachedReferenceType);
response.getAny().add(requestedAttachedReference);
// RequestedUnattachedReference
TokenReference unAttachedReference = tokenProviderResponse.getUnAttachedReference();
final RequestedReferenceType requestedUnattachedReferenceType;
if (unAttachedReference != null) {
requestedUnattachedReferenceType = createRequestedReference(unAttachedReference, false);
} else {
requestedUnattachedReferenceType = createRequestedReference(tokenProviderResponse.getTokenId(), tokenRequirements.getTokenType(), false);
}
JAXBElement<RequestedReferenceType> requestedUnattachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(requestedUnattachedReferenceType);
response.getAny().add(requestedUnattachedReference);
}
}
return response;
}
use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.
the class STSRESTTest method validateSAMLSecurityTokenResponse.
private static Element validateSAMLSecurityTokenResponse(RequestSecurityTokenResponseType securityResponse, boolean saml2) throws Exception {
RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
// Process the token
List<WSSecurityEngineResult> results = processToken((Element) requestedSecurityToken.getAny());
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
if (saml2) {
assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
} else {
assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
}
assertTrue(assertion.isSigned());
return (Element) results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
}
use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.
the class STSRESTTest method testIssueJWTTokenViaPOST.
@org.junit.Test
public void testIssueJWTTokenViaPOST() throws Exception {
WebClient client = webClient().type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// Create RequestSecurityToken
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Issue");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
writer.writeCharacters(JWT_TOKEN_TYPE);
writer.writeEndElement();
writer.writeEndElement();
RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
validateJWTToken(token);
}
use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.
the class STSRESTTest method testValidateSAMLAndIssueJWT.
@org.junit.Test
public void testValidateSAMLAndIssueJWT() throws Exception {
WebClient client = webClient().path("saml2.0").accept(MediaType.APPLICATION_XML);
// 1. Get a token via GET
Document assertionDoc = client.get(Document.class);
assertNotNull(assertionDoc);
// 2. Now validate it in the STS using POST
client = webClient().query("action", "validate").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
// Create RequestSecurityToken
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
writer.writeCharacters(WST_NS_05_12 + "/Validate");
writer.writeEndElement();
writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
writer.writeCharacters(JWT_TOKEN_TYPE);
writer.writeEndElement();
writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
writer.writeEndElement();
writer.writeEndElement();
RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
assertTrue(getValidationStatus(securityResponse));
// Check the token
RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
validateJWTToken(token);
}
Aggregations