use of org.apache.cxf.sts.STSPropertiesMBean in project ddf by codice.
the class TestX509PathTokenValidator method testValidateBadToken.
@Test
public void testValidateBadToken() {
X509PathTokenValidator x509PathTokenValidator = new X509PathTokenValidator();
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenThrow(new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValueType()).thenReturn("valuetype");
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
}
use of org.apache.cxf.sts.STSPropertiesMBean in project ddf by codice.
the class TestX509PathTokenValidator method testAdditionalPropertyEmail.
@Test
public void testAdditionalPropertyEmail() {
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,EMAILADDRESS=name@example.com");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
use of org.apache.cxf.sts.STSPropertiesMBean in project ddf by codice.
the class TestX509PathTokenValidator method testAdditionalPropertyBoth.
@Test
public void testAdditionalPropertyBoth() {
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,C=US,EMAILADDRESS=name@example.com");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
use of org.apache.cxf.sts.STSPropertiesMBean in project ddf by codice.
the class WebSSOTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.debug("Validating SSO Token");
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
LOGGER.debug("Setting validate state to invalid before check.");
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isBinarySecurityToken()) {
LOGGER.debug("Validate target is not a binary security token, returning invalid response.");
return response;
}
LOGGER.debug("Getting binary security token from validate target");
BinarySecurityTokenType binarySecurityToken = (BinarySecurityTokenType) validateTarget.getToken();
//
// Decode the token
//
LOGGER.debug("Decoding binary security token.");
String base64Token = binarySecurityToken.getValue();
String ticket = null;
String service = null;
try {
byte[] token = Base64.getDecoder().decode(base64Token);
if (token == null || token.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
String decodedToken = new String(token, Charset.forName("UTF-8"));
if (StringUtils.isNotBlank(decodedToken)) {
LOGGER.debug("Binary security token successfully decoded: {}", decodedToken);
// Token is in the format ticket|service
String[] parts = StringUtils.split(decodedToken, CAS_BST_SEP);
if (parts.length == 2) {
ticket = parts[0];
service = parts[1];
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Was not able to parse out BST propertly. Should be in ticket|service format.");
}
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
} catch (WSSecurityException wsse) {
String msg = "Unable to decode BST into ticket and service for validation to CAS.";
LOGGER.info(msg, wsse);
return response;
}
//
try {
LOGGER.debug("Validating ticket [{}] for service [{}].", ticket, service);
// validate either returns an assertion or throws an exception
Assertion assertion = validate(ticket, service);
AttributePrincipal principal = assertion.getPrincipal();
LOGGER.debug("User name retrieved from CAS: {}", principal.getName());
response.setPrincipal(principal);
LOGGER.debug("CAS ticket successfully validated, setting state to valid.");
validateTarget.setState(STATE.VALID);
} catch (TicketValidationException e) {
LOGGER.debug("Unable to validate CAS token.", e);
}
return response;
}
use of org.apache.cxf.sts.STSPropertiesMBean in project cxf by apache.
the class SAMLTokenProvider method createSamlToken.
private SamlAssertionWrapper createSamlToken(TokenProviderParameters tokenParameters, byte[] secret, Document doc) throws Exception {
String realm = tokenParameters.getRealm();
RealmProperties samlRealm = null;
if (realm != null && realmMap.containsKey(realm)) {
samlRealm = realmMap.get(realm);
}
SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, samlRealm, doc);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(handler, samlCallback);
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
if (samlCustomHandler != null) {
samlCustomHandler.handle(assertion, tokenParameters);
}
if (signToken) {
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
signToken(assertion, samlRealm, stsProperties, tokenParameters.getKeyRequirements());
}
return assertion;
}
Aggregations