Search in sources :

Example 1 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SecurityAssertionSaml method parseToken.

/**
 * Parses the SecurityToken by wrapping within an AssertionWrapper.
 *
 * @param samlAssertion SecurityToken
 */
private void parseToken(Element samlAssertion) {
    XMLStreamReader xmlStreamReader = StaxUtils.createXMLStreamReader(samlAssertion);
    try {
        AttributeStatement attributeStatement = null;
        AuthenticationStatement authenticationStatement = null;
        Attribute attribute = null;
        int attrs = 0;
        while (xmlStreamReader.hasNext()) {
            int event = xmlStreamReader.next();
            switch(event) {
                case XMLStreamConstants.START_ELEMENT:
                    {
                        String localName = xmlStreamReader.getLocalName();
                        switch(localName) {
                            case NameID.DEFAULT_ELEMENT_LOCAL_NAME:
                                name = xmlStreamReader.getElementText();
                                for (int i = 0; i < xmlStreamReader.getAttributeCount(); i++) {
                                    if (xmlStreamReader.getAttributeLocalName(i).equals(NameID.FORMAT_ATTRIB_NAME)) {
                                        nameIDFormat = xmlStreamReader.getAttributeValue(i);
                                        break;
                                    }
                                }
                                break;
                            case org.opensaml.saml.saml2.core.AttributeStatement.DEFAULT_ELEMENT_LOCAL_NAME:
                                attributeStatement = new AttributeStatementSaml();
                                attributeStatements.add(attributeStatement);
                                break;
                            case AuthnStatement.DEFAULT_ELEMENT_LOCAL_NAME:
                                authenticationStatement = new AuthenticationStatementSaml();
                                authenticationStatements.add(authenticationStatement);
                                attrs = xmlStreamReader.getAttributeCount();
                                for (int i = 0; i < attrs; i++) {
                                    String name = xmlStreamReader.getAttributeLocalName(i);
                                    String value = xmlStreamReader.getAttributeValue(i);
                                    if (AuthnStatement.AUTHN_INSTANT_ATTRIB_NAME.equals(name)) {
                                        authenticationStatement.setAuthnInstant(DateTime.parse(value));
                                    }
                                    if (AuthnStatement.SESSION_INDEX_ATTRIB_NAME.equals(name)) {
                                        authenticationStatement.setSessionIndex(value);
                                    }
                                }
                                break;
                            case AuthnContextClassRef.DEFAULT_ELEMENT_LOCAL_NAME:
                                if (authenticationStatement != null) {
                                    String classValue = xmlStreamReader.getText();
                                    classValue = classValue.trim();
                                    authenticationStatement.setAuthnContextClassRef(classValue);
                                }
                                break;
                            case org.opensaml.saml.saml2.core.Attribute.DEFAULT_ELEMENT_LOCAL_NAME:
                                attribute = new AttributeSaml();
                                if (attributeStatement != null) {
                                    attributeStatement.addAttribute(attribute);
                                }
                                attrs = xmlStreamReader.getAttributeCount();
                                for (int i = 0; i < attrs; i++) {
                                    String name = xmlStreamReader.getAttributeLocalName(i);
                                    String value = xmlStreamReader.getAttributeValue(i);
                                    if (org.opensaml.saml.saml2.core.Attribute.NAME_ATTTRIB_NAME.equals(name)) {
                                        attribute.setName(value);
                                    } else if (org.opensaml.saml.saml2.core.Attribute.NAME_FORMAT_ATTRIB_NAME.equals(name)) {
                                        attribute.setNameFormat(value);
                                    }
                                }
                                break;
                            case AttributeValue.DEFAULT_ELEMENT_LOCAL_NAME:
                                if (attribute != null) {
                                    attribute.addValue(xmlStreamReader.getElementText());
                                }
                                break;
                            case Issuer.DEFAULT_ELEMENT_LOCAL_NAME:
                                issuer = xmlStreamReader.getElementText();
                                break;
                            case Conditions.DEFAULT_ELEMENT_LOCAL_NAME:
                                attrs = xmlStreamReader.getAttributeCount();
                                for (int i = 0; i < attrs; i++) {
                                    String name = xmlStreamReader.getAttributeLocalName(i);
                                    String value = xmlStreamReader.getAttributeValue(i);
                                    if (Conditions.NOT_BEFORE_ATTRIB_NAME.equals(name)) {
                                        notBefore = DatatypeConverter.parseDateTime(value).getTime();
                                    } else if (Conditions.NOT_ON_OR_AFTER_ATTRIB_NAME.equals(name)) {
                                        notOnOrAfter = DatatypeConverter.parseDateTime(value).getTime();
                                    }
                                }
                                break;
                            case SubjectConfirmation.DEFAULT_ELEMENT_LOCAL_NAME:
                                attrs = xmlStreamReader.getAttributeCount();
                                for (int i = 0; i < attrs; i++) {
                                    String name = xmlStreamReader.getAttributeLocalName(i);
                                    String value = xmlStreamReader.getAttributeValue(i);
                                    if (SubjectConfirmation.METHOD_ATTRIB_NAME.equals(name)) {
                                        subjectConfirmations.add(value);
                                    }
                                }
                                break;
                            case Assertion.DEFAULT_ELEMENT_LOCAL_NAME:
                                attrs = xmlStreamReader.getAttributeCount();
                                for (int i = 0; i < attrs; i++) {
                                    String name = xmlStreamReader.getAttributeLocalName(i);
                                    String value = xmlStreamReader.getAttributeValue(i);
                                    if (Assertion.VERSION_ATTRIB_NAME.equals(name)) {
                                        if ("2.0".equals(value)) {
                                            tokenType = SAML2_TOKEN_TYPE;
                                        } else if ("1.1".equals(value)) {
                                            tokenType = SAML1_TOKEN_TYPE;
                                        }
                                    }
                                }
                        }
                        break;
                    }
                case XMLStreamConstants.END_ELEMENT:
                    {
                        String localName = xmlStreamReader.getLocalName();
                        switch(localName) {
                            case org.opensaml.saml.saml2.core.AttributeStatement.DEFAULT_ELEMENT_LOCAL_NAME:
                                attributeStatement = null;
                                break;
                            case org.opensaml.saml.saml2.core.Attribute.DEFAULT_ELEMENT_LOCAL_NAME:
                                attribute = null;
                                break;
                            default:
                                break;
                        }
                        break;
                    }
            }
        }
    } catch (XMLStreamException e) {
        LOGGER.info("Unable to parse security token.", e);
    } finally {
        try {
            xmlStreamReader.close();
        } catch (XMLStreamException ignore) {
        // ignore
        }
    }
}
Also used : XMLStreamReader(javax.xml.stream.XMLStreamReader) XMLStreamException(javax.xml.stream.XMLStreamException) Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)

Example 2 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SecurityAssertionSaml method toString.

/*
   * (non-Javadoc)
   *
   * @see java.lang.Object#toString()
   */
@Override
public String toString() {
    StringBuilder result = new StringBuilder();
    result.append("Principal: ");
    result.append(getPrincipal());
    result.append(", Attributes: ");
    for (AttributeStatement attributeStatement : getAttributeStatements()) {
        for (Attribute attr : attributeStatement.getAttributes()) {
            result.append("[ ");
            result.append(attr.getName());
            result.append(" : ");
            for (int i = 0; i < attr.getValues().size(); i++) {
                result.append(attr.getValues().get(i));
            }
            result.append("] ");
        }
    }
    // add this back in when we support parsing this information
    result.append(", AuthnStatements: ");
    for (AuthenticationStatement authStatement : getAuthnStatements()) {
        result.append("[ ");
        result.append(authStatement.getAuthnInstant());
        result.append(" : ");
        result.append(authStatement.getAuthnContextClassRef());
        result.append("] ");
    }
    return result.toString();
}
Also used : Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) AuthenticationStatement(ddf.security.assertion.AuthenticationStatement)

Example 3 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class PKIRealmTest method testDoGetAuthenticationInfo.

@Test
public void testDoGetAuthenticationInfo() {
    BaseAuthenticationToken authenticationToken = mock(BaseAuthenticationToken.class);
    X509Certificate[] certificates = new X509Certificate[1];
    certificates[0] = mock(X509Certificate.class);
    X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
    when(authenticationToken.getCredentials()).thenReturn(certificates);
    when(authenticationToken.getPrincipal()).thenReturn(x500Principal);
    when(authenticationToken.getType()).thenReturn(AuthenticationTokenType.PKI);
    AuthenticationInfo authenticationInfo = pkiRealm.doGetAuthenticationInfo(authenticationToken);
    assertThat(authenticationInfo.getCredentials(), is(certificates));
    SecurityAssertion assertion = authenticationInfo.getPrincipals().oneByType(SecurityAssertion.class);
    assertNotNull(assertion);
    assertThat(assertion.getPrincipal(), is(x500Principal));
    AttributeStatement attributeStatement = assertion.getAttributeStatements().get(0);
    assertNotNull(attributeStatement);
    assertThat(attributeStatement.getAttributes().size(), greaterThan(0));
    Attribute attribute = attributeStatement.getAttributes().get(0);
    assertThat(attribute.getName(), is("email"));
    assertThat(attribute.getValues().size(), is(2));
    assertThat(attribute.getValues(), contains("tester@example.com", "test@example.com"));
}
Also used : Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) BaseAuthenticationToken(org.codice.ddf.security.handler.BaseAuthenticationToken) X500Principal(javax.security.auth.x500.X500Principal) SecurityAssertion(ddf.security.assertion.SecurityAssertion) X509Certificate(java.security.cert.X509Certificate) AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo) Test(org.junit.Test)

Example 4 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SubjectUtilsTest method getSubjectWithAttributes.

private ddf.security.Subject getSubjectWithAttributes(Map<String, List<String>> attributes) {
    ddf.security.Subject subject = mock(ddf.security.Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    AttributeStatement attributeStatement = mock(AttributeStatement.class);
    List<Attribute> attrs = attributes.entrySet().stream().map(this::getAttribute).collect(Collectors.toList());
    doReturn(principalCollection).when(subject).getPrincipals();
    doReturn(Collections.singletonList(securityAssertion)).when(principalCollection).byType(SecurityAssertion.class);
    doReturn(ImmutableList.of(securityAssertion)).when(principalCollection).byType(SecurityAssertion.class);
    doReturn(Collections.singletonList(attributeStatement)).when(securityAssertion).getAttributeStatements();
    doReturn(attrs).when(attributeStatement).getAttributes();
    return subject;
}
Also used : Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion)

Example 5 with Attribute

use of ddf.security.assertion.Attribute in project ddf by codice.

the class SubjectIdentityTest method getSubjectWithAttributes.

private Subject getSubjectWithAttributes(Map<String, List<String>> attributes) {
    Subject subject = mock(Subject.class);
    PrincipalCollection pc = mock(PrincipalCollection.class);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    AttributeStatement as = mock(AttributeStatement.class);
    List<Attribute> attrs = attributes.entrySet().stream().map(this::getAttribute).collect(Collectors.toList());
    doReturn(pc).when(subject).getPrincipals();
    doReturn(Collections.singletonList(assertion)).when(pc).byType(SecurityAssertion.class);
    doReturn(ImmutableList.of(assertion)).when(pc).byType(SecurityAssertion.class);
    doReturn(Collections.singletonList(as)).when(assertion).getAttributeStatements();
    doReturn(attrs).when(as).getAttributes();
    return subject;
}
Also used : Attribute(ddf.security.assertion.Attribute) AttributeStatement(ddf.security.assertion.AttributeStatement) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject)

Aggregations

Attribute (ddf.security.assertion.Attribute)15 AttributeStatement (ddf.security.assertion.AttributeStatement)10 SecurityAssertion (ddf.security.assertion.SecurityAssertion)7 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)5 Principal (java.security.Principal)3 X500Principal (javax.security.auth.x500.X500Principal)3 AuthenticationInfo (org.apache.shiro.authc.AuthenticationInfo)3 BaseAuthenticationToken (org.codice.ddf.security.handler.BaseAuthenticationToken)3 Test (org.junit.Test)3 Subject (ddf.security.Subject)2 AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)2 AttributeDefault (ddf.security.assertion.impl.AttributeDefault)2 Claim (ddf.security.claims.Claim)2 GuestPrincipal (ddf.security.principal.impl.GuestPrincipal)2 Arrays (java.util.Arrays)2 HashSet (java.util.HashSet)2 KerberosPrincipal (javax.security.auth.kerberos.KerberosPrincipal)2 RolePrincipal (org.apache.karaf.jaas.boot.principal.RolePrincipal)2 AuthenticationToken (org.apache.shiro.authc.AuthenticationToken)2 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)2