Search in sources :

Example 1 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class TokenRenewOperation method createResponse.

protected RequestSecurityTokenResponseType createResponse(EncryptionProperties encryptionProperties, TokenRenewerResponse tokenRenewerResponse, TokenRequirements tokenRequirements, KeyRequirements keyRequirements) throws WSSecurityException {
    RequestSecurityTokenResponseType response = QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
    String context = tokenRequirements.getContext();
    if (context != null) {
        response.setContext(context);
    }
    // TokenType
    JAXBElement<String> jaxbTokenType = QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenRequirements.getTokenType());
    response.getAny().add(jaxbTokenType);
    // RequestedSecurityToken
    RequestedSecurityTokenType requestedTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
    JAXBElement<RequestedSecurityTokenType> requestedToken = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
    LOG.fine("Encrypting Issued Token: " + encryptIssuedToken);
    requestedTokenType.setAny(tokenRenewerResponse.getToken());
    response.getAny().add(requestedToken);
    if (returnReferences) {
        // RequestedAttachedReference
        TokenReference attachedReference = tokenRenewerResponse.getAttachedReference();
        final RequestedReferenceType requestedAttachedReferenceType;
        if (attachedReference != null) {
            requestedAttachedReferenceType = createRequestedReference(attachedReference, true);
        } else {
            requestedAttachedReferenceType = createRequestedReference(tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(), true);
        }
        JAXBElement<RequestedReferenceType> requestedAttachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(requestedAttachedReferenceType);
        response.getAny().add(requestedAttachedReference);
        // RequestedUnattachedReference
        TokenReference unAttachedReference = tokenRenewerResponse.getUnAttachedReference();
        final RequestedReferenceType requestedUnattachedReferenceType;
        if (unAttachedReference != null) {
            requestedUnattachedReferenceType = createRequestedReference(unAttachedReference, false);
        } else {
            requestedUnattachedReferenceType = createRequestedReference(tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(), false);
        }
        JAXBElement<RequestedReferenceType> requestedUnattachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(requestedUnattachedReferenceType);
        response.getAny().add(requestedUnattachedReference);
    }
    // AppliesTo
    response.getAny().add(tokenRequirements.getAppliesTo());
    // Lifetime
    if (includeLifetimeElement) {
        LifetimeType lifetime = createLifetime(tokenRenewerResponse.getCreated(), tokenRenewerResponse.getExpires());
        JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
        response.getAny().add(lifetimeType);
    }
    return response;
}
Also used : RequestedReferenceType(org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType) LifetimeType(org.apache.cxf.ws.security.sts.provider.model.LifetimeType) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) TokenReference(org.apache.cxf.sts.token.provider.TokenReference)

Example 2 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class TokenValidateOperation method createResponse.

protected RequestSecurityTokenResponseType createResponse(TokenValidatorResponse tokenResponse, TokenProviderResponse tokenProviderResponse, TokenRequirements tokenRequirements) throws WSSecurityException {
    RequestSecurityTokenResponseType response = QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
    String context = tokenRequirements.getContext();
    if (context != null) {
        response.setContext(context);
    }
    // TokenType
    boolean valid = tokenResponse.getToken().getState() == STATE.VALID;
    String tokenType = tokenRequirements.getTokenType();
    if (valid || STSConstants.STATUS.equals(tokenType)) {
        JAXBElement<String> jaxbTokenType = QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenType);
        response.getAny().add(jaxbTokenType);
    }
    // Status
    StatusType statusType = QNameConstants.WS_TRUST_FACTORY.createStatusType();
    if (valid) {
        statusType.setCode(STSConstants.VALID_CODE);
        statusType.setReason(STSConstants.VALID_REASON);
    } else {
        statusType.setCode(STSConstants.INVALID_CODE);
        statusType.setReason(STSConstants.INVALID_REASON);
    }
    JAXBElement<StatusType> status = QNameConstants.WS_TRUST_FACTORY.createStatus(statusType);
    response.getAny().add(status);
    // RequestedSecurityToken
    if (valid && !STSConstants.STATUS.equals(tokenType) && tokenProviderResponse != null && tokenProviderResponse.getToken() != null) {
        RequestedSecurityTokenType requestedTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
        JAXBElement<RequestedSecurityTokenType> requestedToken = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
        tokenWrapper.wrapToken(tokenProviderResponse.getToken(), requestedTokenType);
        response.getAny().add(requestedToken);
        // Lifetime
        if (includeLifetimeElement) {
            LifetimeType lifetime = createLifetime(tokenProviderResponse.getCreated(), tokenProviderResponse.getExpires());
            JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
            response.getAny().add(lifetimeType);
        }
        if (returnReferences) {
            // RequestedAttachedReference
            TokenReference attachedReference = tokenProviderResponse.getAttachedReference();
            final RequestedReferenceType requestedAttachedReferenceType;
            if (attachedReference != null) {
                requestedAttachedReferenceType = createRequestedReference(attachedReference, true);
            } else {
                requestedAttachedReferenceType = createRequestedReference(tokenProviderResponse.getTokenId(), tokenRequirements.getTokenType(), true);
            }
            JAXBElement<RequestedReferenceType> requestedAttachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(requestedAttachedReferenceType);
            response.getAny().add(requestedAttachedReference);
            // RequestedUnattachedReference
            TokenReference unAttachedReference = tokenProviderResponse.getUnAttachedReference();
            final RequestedReferenceType requestedUnattachedReferenceType;
            if (unAttachedReference != null) {
                requestedUnattachedReferenceType = createRequestedReference(unAttachedReference, false);
            } else {
                requestedUnattachedReferenceType = createRequestedReference(tokenProviderResponse.getTokenId(), tokenRequirements.getTokenType(), false);
            }
            JAXBElement<RequestedReferenceType> requestedUnattachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(requestedUnattachedReferenceType);
            response.getAny().add(requestedUnattachedReference);
        }
    }
    return response;
}
Also used : RequestedReferenceType(org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) StatusType(org.apache.cxf.ws.security.sts.provider.model.StatusType) LifetimeType(org.apache.cxf.ws.security.sts.provider.model.LifetimeType) TokenReference(org.apache.cxf.sts.token.provider.TokenReference)

Example 3 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class STSRESTTest method validateSAMLSecurityTokenResponse.

private static Element validateSAMLSecurityTokenResponse(RequestSecurityTokenResponseType securityResponse, boolean saml2) throws Exception {
    RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
    // Process the token
    List<WSSecurityEngineResult> results = processToken((Element) requestedSecurityToken.getAny());
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertNotNull(assertion);
    if (saml2) {
        assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
    } else {
        assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
    }
    assertTrue(assertion.isSigned());
    return (Element) results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 4 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class STSRESTTest method testIssueJWTTokenViaPOST.

@org.junit.Test
public void testIssueJWTTokenViaPOST() throws Exception {
    WebClient client = webClient().type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Issue");
    writer.writeEndElement();
    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    writer.writeCharacters(JWT_TOKEN_TYPE);
    writer.writeEndElement();
    writer.writeEndElement();
    RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
    String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
    validateJWTToken(token);
}
Also used : W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) DOMSource(javax.xml.transform.dom.DOMSource) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Example 5 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class STSRESTTest method testValidateSAMLAndIssueJWT.

@org.junit.Test
public void testValidateSAMLAndIssueJWT() throws Exception {
    WebClient client = webClient().path("saml2.0").accept(MediaType.APPLICATION_XML);
    // 1. Get a token via GET
    Document assertionDoc = client.get(Document.class);
    assertNotNull(assertionDoc);
    // 2. Now validate it in the STS using POST
    client = webClient().query("action", "validate").type(MediaType.APPLICATION_XML).accept(MediaType.APPLICATION_XML);
    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);
    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Validate");
    writer.writeEndElement();
    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    writer.writeCharacters(JWT_TOKEN_TYPE);
    writer.writeEndElement();
    writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
    StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
    writer.writeEndElement();
    writer.writeEndElement();
    RequestSecurityTokenResponseType securityResponse = client.post(new DOMSource(writer.getDocument().getDocumentElement()), RequestSecurityTokenResponseType.class);
    assertTrue(getValidationStatus(securityResponse));
    // Check the token
    RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
    String token = ((Element) requestedSecurityToken.getAny()).getTextContent();
    validateJWTToken(token);
}
Also used : W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter) DOMSource(javax.xml.transform.dom.DOMSource) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) Document(org.w3c.dom.Document) WebClient(org.apache.cxf.jaxrs.client.WebClient)

Aggregations

RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)65 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)63 JAXBElement (javax.xml.bind.JAXBElement)62 Element (org.w3c.dom.Element)61 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)55 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)49 MessageImpl (org.apache.cxf.message.MessageImpl)49 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)49 Crypto (org.apache.wss4j.common.crypto.Crypto)49 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)48 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)46 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)42 Principal (java.security.Principal)38 SecurityContext (org.apache.cxf.security.SecurityContext)38 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)34 StaticService (org.apache.cxf.sts.service.StaticService)34 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)32 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)32 Document (org.w3c.dom.Document)23 SAMLTokenValidator (org.apache.cxf.sts.token.validator.SAMLTokenValidator)17