Examples with SecurityManager ddf.security.service.SecurityManager used on opensource projects

Search in sources :

Example 1 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class IdpEndpointTest method setup.

@Before
public void setup() throws IOException, SecurityServiceException, ParserConfigurationException, SAXException {
    System.setProperty("org.codice.ddf.system.hostname", "localhost");
    System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
    File jksFile = temporaryFolder.newFile("serverKeystore.jks");
    FileOutputStream jksOutStream = new FileOutputStream(jksFile);
    InputStream jksStream = IdpEndpointTest.class.getResourceAsStream("/serverKeystore.jks");
    IOUtils.copy(jksStream, jksOutStream);
    IOUtils.closeQuietly(jksStream);
    IOUtils.closeQuietly(jksOutStream);
    File signatureFile = temporaryFolder.newFile("signature.properties");
    FileOutputStream signatureOutStream = new FileOutputStream(signatureFile);
    InputStream signatureStream = IdpEndpointTest.class.getResourceAsStream("/signature.properties");
    IOUtils.copy(signatureStream, signatureOutStream);
    IOUtils.closeQuietly(signatureStream);
    IOUtils.closeQuietly(signatureOutStream);
    File encryptionFile = temporaryFolder.newFile("encryption.properties");
    FileOutputStream encryptionOutStream = new FileOutputStream(encryptionFile);
    InputStream encryptionStream = IdpEndpointTest.class.getResourceAsStream("/encryption.properties");
    IOUtils.copy(encryptionStream, encryptionOutStream);
    IOUtils.closeQuietly(encryptionStream);
    IOUtils.closeQuietly(encryptionOutStream);
    EncryptionService encryptionService = mock(EncryptionService.class);
    when(encryptionService.decrypt(anyString())).thenReturn("changeit");
    when(encryptionService.encrypt(anyString())).thenReturn("changeit");
    SecurityManager securityManager = mock(SecurityManager.class);
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    when(securityToken.getToken()).thenReturn(readDocument("/saml.xml").getDocumentElement());
    when(securityManager.getSubject(anyObject())).thenReturn(subject);
    System.setProperty("javax.net.ssl.keyStore", jksFile.getAbsolutePath());
    idpEndpoint = new IdpEndpoint(signatureFile.getAbsolutePath(), encryptionFile.getAbsolutePath(), encryptionService);
    idpEndpoint.setStrictSignature(true);
    idpEndpoint.init();
    idpEndpoint.setSpMetadata(Collections.singletonList(spMetadata));
    idpEndpoint.setSecurityManager(securityManager);
    PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
    pkiAuthenticationTokenFactory.setSignaturePropertiesPath(signatureFile.getAbsolutePath());
    pkiAuthenticationTokenFactory.init();
    idpEndpoint.setTokenFactory(pkiAuthenticationTokenFactory);
    idpEndpoint.cookieCache.cacheSamlAssertion("1", readDocument("/saml.xml").getDocumentElement());
    idpEndpoint.setExpirationTime(30);
    relayState = "ef95c04b-6c05-4d12-b65f-dd32fed8811e";
    requestCertificateAttributeName = "javax.servlet.request.X509Certificate";
    requestURL = new StringBuffer("https://www.example.com");
    samlConditionDateFormat = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
    signature = authNRequestGetSignature;
    signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    ssoSAMLResponse = "https://localhost:8993/services/saml/sso?SAMLResponse=";
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SecurityManager(ddf.security.service.SecurityManager) PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) EncryptionService(ddf.security.encryption.EncryptionService) FileOutputStream(java.io.FileOutputStream) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) File(java.io.File) Subject(ddf.security.Subject) Before(org.junit.Before)

Example 2 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class IdpEndpointTest method testPassiveLoginPkiUnsupported.

@Test
public void testPassiveLoginPkiUnsupported() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
    String samlRequest = authNRequestPassivePkiGet;
    HttpServletRequest request = mock(HttpServletRequest.class);
    X509Certificate x509Certificate = mock(X509Certificate.class);
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    SecurityManager securityManager = mock(SecurityManager.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    //this mock element is what will cause the signature error
    when(securityToken.getToken()).thenReturn(mock(Element.class));
    when(securityManager.getSubject(anyObject())).thenReturn(subject);
    idpEndpoint.setSecurityManager(securityManager);
    idpEndpoint.setStrictSignature(false);
    when(request.isSecure()).thenReturn(true);
    when(request.getRequestURL()).thenReturn(requestURL);
    when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
    //dummy cert
    when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
    when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
    Response response = idpEndpoint.showGetLogin(samlRequest, relayState, signatureAlgorithm, signature, request);
    String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse=", "&RelayState");
    responseStr = URLDecoder.decode(responseStr, "UTF-8");
    responseStr = RestSecurity.inflateBase64(responseStr);
    //the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
    assertThat(responseStr, containsString("status:RequestUnsupported"));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Response(javax.ws.rs.core.Response) SecurityManager(ddf.security.service.SecurityManager) Element(org.w3c.dom.Element) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) Matchers.containsString(org.hamcrest.Matchers.containsString) Matchers.anyString(org.mockito.Matchers.anyString) SecurityAssertion(ddf.security.assertion.SecurityAssertion) X509Certificate(java.security.cert.X509Certificate) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 3 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class SecurityTest method testGetSubject.

@Test
public void testGetSubject() throws Exception {
    SecurityManager sm = mock(SecurityManager.class);
    Subject smSubject = mock(Subject.class);
    when(sm.getSubject(any())).thenReturn(smSubject);
    configureMockForSecurityManager(sm);
    Subject subject = security.getSubject("username", "password");
    assertThat(subject, not(equalTo(null)));
}
Also used : SecurityManager(ddf.security.service.SecurityManager) Subject(ddf.security.Subject) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 4 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class SecurityTest method configureMocksForBundleContext.

private void configureMocksForBundleContext(String systemHostname) throws Exception {
    System.setProperty("org.codice.ddf.system.hostname", systemHostname);
    Bundle bundle = mock(Bundle.class);
    when(FrameworkUtil.getBundle(any(Class.class))).thenReturn(bundle);
    BundleContext bundleContext = mock(BundleContext.class);
    when(bundle.getBundleContext()).thenReturn(bundleContext);
    ServiceReference adminRef = mock(ServiceReference.class);
    ConfigurationAdmin configAdmin = mock(ConfigurationAdmin.class);
    Configuration config = mock(Configuration.class);
    when(configAdmin.getConfiguration(anyString(), anyString())).thenReturn(config);
    when(bundleContext.getService(adminRef)).thenReturn(configAdmin);
    ServiceReference securityRef = mock(ServiceReference.class);
    SecurityManager securityManager = mock(SecurityManager.class);
    when(securityManager.getSubject(any())).thenReturn(systemSubject);
    when(bundleContext.getService(securityRef)).thenReturn(securityManager);
    when(bundleContext.getServiceReference(ConfigurationAdmin.class)).thenReturn(adminRef);
    when(bundleContext.getServiceReference(SecurityManager.class)).thenReturn(securityRef);
}
Also used : Configuration(org.osgi.service.cm.Configuration) SecurityManager(ddf.security.service.SecurityManager) Bundle(org.osgi.framework.Bundle) ConfigurationAdmin(org.osgi.service.cm.ConfigurationAdmin) BundleContext(org.osgi.framework.BundleContext) ServiceReference(org.osgi.framework.ServiceReference)

Example 5 with SecurityManager

use of ddf.security.service.SecurityManager in project ddf by codice.

the class LoginFilterTest method testExpiredSamlCookie.

@Test(expected = ServletException.class)
public void testExpiredSamlCookie() throws IOException, XMLStreamException, ServletException, ParserConfigurationException, SAXException, SecurityServiceException {
    FilterConfig filterConfig = mock(FilterConfig.class);
    LoginFilter loginFilter = new LoginFilter();
    loginFilter.setSessionFactory(sessionFactory);
    ddf.security.service.SecurityManager securityManager = mock(ddf.security.service.SecurityManager.class);
    loginFilter.setSecurityManager(securityManager);
    loginFilter.setSignaturePropertiesFile("signature.properties");
    try {
        loginFilter.init(filterConfig);
    } catch (ServletException e) {
        fail(e.getMessage());
    }
    HttpServletRequest servletRequest = new TestHttpServletRequest();
    HttpServletResponse servletResponse = mock(HttpServletResponse.class);
    FilterChain filterChain = mock(FilterChain.class);
    SecurityToken securityToken = new SecurityToken();
    Element thisToken = readDocument("/good_saml.xml").getDocumentElement();
    securityToken.setToken(thisToken);
    SAMLAuthenticationToken samlToken = new SAMLAuthenticationToken(null, securityToken, "karaf");
    HandlerResult result = new HandlerResult(HandlerResult.Status.COMPLETED, samlToken);
    servletRequest.setAttribute("ddf.security.token", result);
    loginFilter.doFilter(servletRequest, servletResponse, filterChain);
}
Also used : FilterChain(javax.servlet.FilterChain) Element(org.w3c.dom.Element) HttpServletResponse(javax.servlet.http.HttpServletResponse) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken) ServletException(javax.servlet.ServletException) HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) FilterConfig(javax.servlet.FilterConfig) SecurityManager(ddf.security.service.SecurityManager) Test(org.junit.Test)

Aggregations

SecurityManager (ddf.security.service.SecurityManager)26 Test (org.junit.Test)19 Subject (ddf.security.Subject)14 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)13 SecurityAssertion (ddf.security.assertion.SecurityAssertion)11 HttpServletRequest (javax.servlet.http.HttpServletRequest)10 SecurityServiceException (ddf.security.service.SecurityServiceException)9 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)9 CollectionPermission (ddf.security.permission.CollectionPermission)7 Response (javax.ws.rs.core.Response)7 Message (org.apache.cxf.message.Message)7 Matchers.containsString (org.hamcrest.Matchers.containsString)7 Matchers.anyString (org.mockito.Matchers.anyString)7 Exchange (org.apache.cxf.message.Exchange)6 BindingOperationInfo (org.apache.cxf.service.model.BindingOperationInfo)6 X509Certificate (java.security.cert.X509Certificate)5 QName (javax.xml.namespace.QName)5 InvocationOnMock (org.mockito.invocation.InvocationOnMock)4 Element (org.w3c.dom.Element)4 FilterChain (javax.servlet.FilterChain)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial