Search in sources :

Example 1 with SecurityAssertionPrincipal

use of ddf.security.assertion.SecurityAssertionPrincipal in project ddf by codice.

the class SecurityAssertionStore method getSecurityAssertion.

/**
 * Return the SecurityAssertion wrapper associated with the provided message
 *
 * @param message Message
 * @return SecurityAssertion
 */
public static SecurityAssertion getSecurityAssertion(Message message) {
    if (message != null) {
        TokenStore tokenStore = getTokenStore(message);
        Principal principal = null;
        SecurityContext context = message.get(SecurityContext.class);
        if (context != null) {
            principal = context.getUserPrincipal();
        }
        if (!(principal instanceof SAMLTokenPrincipal)) {
            // Try to find the SAMLTokenPrincipal if it exists
            List<?> wsResults = List.class.cast(message.get(WSHandlerConstants.RECV_RESULTS));
            if (wsResults != null) {
                for (Object wsResult : wsResults) {
                    if (wsResult instanceof WSHandlerResult) {
                        List<WSSecurityEngineResult> wsseResults = ((WSHandlerResult) wsResult).getResults();
                        for (WSSecurityEngineResult wsseResult : wsseResults) {
                            Object principalResult = wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                            if (principalResult instanceof SAMLTokenPrincipal) {
                                principal = (SAMLTokenPrincipal) principalResult;
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (tokenStore != null && principal instanceof SAMLTokenPrincipal) {
            String id = ((SAMLTokenPrincipal) principal).getId();
            SamlAssertionWrapper samlAssertionWrapper = ((SAMLTokenPrincipal) principal).getToken();
            SecurityToken token = tokenStore.getToken(id);
            if (token == null) {
                if (samlAssertionWrapper.getSaml2().getIssueInstant() != null && samlAssertionWrapper.getSaml2().getConditions() != null && samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter() != null) {
                    token = new SecurityToken(id, samlAssertionWrapper.getElement(), Instant.ofEpochMilli(samlAssertionWrapper.getSaml2().getIssueInstant().getMillis()), Instant.ofEpochMilli(samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter().getMillis()));
                } else {
                    // we don't know how long this should last or when it was created, so just
                    // set it to 1 minute
                    // This shouldn't happen unless someone sets up a third party STS with weird
                    // settings.
                    Instant now = Instant.now();
                    token = new SecurityToken(id, samlAssertionWrapper.getElement(), now, now.plus(Duration.ofMinutes(1L)));
                }
                tokenStore.add(token);
            }
            return new SecurityAssertionSaml(samlAssertionWrapper.getElement());
        } else if (principal instanceof SecurityAssertionPrincipal) {
            return ((SecurityAssertionPrincipal) principal).getAssertion();
        }
    }
    return new SecurityAssertionSaml();
}
Also used : SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) SecurityAssertionPrincipal(ddf.security.assertion.SecurityAssertionPrincipal) Instant(java.time.Instant) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityContext(org.apache.cxf.security.SecurityContext) TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore) SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal) Principal(java.security.Principal) SecurityAssertionPrincipal(ddf.security.assertion.SecurityAssertionPrincipal) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml)

Aggregations

SecurityAssertionPrincipal (ddf.security.assertion.SecurityAssertionPrincipal)1 SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)1 Principal (java.security.Principal)1 Instant (java.time.Instant)1 SecurityContext (org.apache.cxf.security.SecurityContext)1 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)1 TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)1 SAMLTokenPrincipal (org.apache.wss4j.common.principal.SAMLTokenPrincipal)1 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)1 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)1 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)1