Examples with SignatureProperties org.apache.cxf.sts.SignatureProperties used on opensource projects
Example 6 with SignatureProperties
use of org.apache.cxf.sts.SignatureProperties in project cxf by apache.
the class SAMLProviderKeyTypeTest method testDefaultSaml2SymmetricKeyAssertion.
/**
* Create a default Saml2 SymmetricKey Assertion.
*/
@org.junit.Test
public void testDefaultSaml2SymmetricKeyAssertion() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
Entropy entropy = new Entropy();
BinarySecret binarySecret = new BinarySecret();
binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
entropy.setBinarySecret(binarySecret);
providerParameters.getKeyRequirements().setEntropy(entropy);
binarySecret.setBinarySecretType("bad-type");
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a bad type");
} catch (STSException ex) {
// expected as no type is provided
}
binarySecret.setBinarySecretType(STSConstants.NONCE_TYPE);
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on no computed key algorithm");
} catch (STSException ex) {
// expected as no computed key algorithm is provided
}
providerParameters.getKeyRequirements().setComputedKeyAlgorithm(STSConstants.COMPUTED_KEY_PSHA1);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertFalse(tokenString.contains("AuthenticationStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
// Test custom keySize
SignatureProperties signatureProperties = providerParameters.getStsProperties().getSignatureProperties();
signatureProperties.setMinimumKeySize(-8);
providerParameters.getKeyRequirements().setKeySize(-8);
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a bad KeySize");
} catch (STSException ex) {
// expected on a bad KeySize
}
signatureProperties.setMinimumKeySize(128);
providerParameters.getKeyRequirements().setKeySize(192);
samlTokenProvider.createToken(providerParameters);
}
Also used :
Element(org.w3c.dom.Element)
SignatureProperties(org.apache.cxf.sts.SignatureProperties)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
Entropy(org.apache.cxf.sts.request.Entropy)
BinarySecret(org.apache.cxf.sts.request.BinarySecret)
Example 7 with SignatureProperties
use of org.apache.cxf.sts.SignatureProperties in project cxf by apache.
the class SAMLProviderKeyTypeTest method testDefaultSaml2BearerDifferentC14nAssertion.
/**
* Create a default Saml2 Bearer Assertion using a specified C14n Algorithm
*/
@org.junit.Test
public void testDefaultSaml2BearerDifferentC14nAssertion() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
keyRequirements.setC14nAlgorithm(WSS4JConstants.C14N_EXCL_WITH_COMMENTS);
// This will fail as the requested c14n algorithm is rejected
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertFalse(tokenString.contains(WSS4JConstants.C14N_EXCL_WITH_COMMENTS));
assertTrue(tokenString.contains(WSS4JConstants.C14N_EXCL_OMIT_COMMENTS));
STSPropertiesMBean stsProperties = providerParameters.getStsProperties();
SignatureProperties sigProperties = new SignatureProperties();
sigProperties.setAcceptedC14nAlgorithms(Arrays.asList(WSS4JConstants.C14N_EXCL_OMIT_COMMENTS, WSS4JConstants.C14N_EXCL_WITH_COMMENTS));
stsProperties.setSignatureProperties(sigProperties);
// This will succeed as the requested c14n algorithm is accepted
providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
token = (Element) providerResponse.getToken();
tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(WSS4JConstants.C14N_EXCL_WITH_COMMENTS));
}
Also used :
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
Element(org.w3c.dom.Element)
SignatureProperties(org.apache.cxf.sts.SignatureProperties)
KeyRequirements(org.apache.cxf.sts.request.KeyRequirements)
Example 8 with SignatureProperties
use of org.apache.cxf.sts.SignatureProperties in project cxf by apache.
the class IssueSamlUnitTest method testIssueSaml2DifferentC14nToken.
/**
* Test to successfully issue a Saml 2 token using a specified C14n Algorithm.
*/
@org.junit.Test
public void testIssueSaml2DifferentC14nToken() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
// Add Token Provider
issueOperation.setTokenProviders(Collections.singletonList(new SAMLTokenProvider()));
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
SignatureProperties sigProperties = new SignatureProperties();
sigProperties.setAcceptedC14nAlgorithms(Arrays.asList(WSS4JConstants.C14N_EXCL_OMIT_COMMENTS, WSS4JConstants.C14N_EXCL_WITH_COMMENTS));
stsProperties.setSignatureProperties(sigProperties);
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
JAXBElement<String> c14nAlg = new JAXBElement<String>(QNameConstants.C14N_ALGORITHM, String.class, WSS4JConstants.C14N_EXCL_WITH_COMMENTS);
request.getAny().add(c14nAlg);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Issue a token
RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
assertFalse(securityTokenResponse.isEmpty());
// Test the generated token.
Element assertion = null;
for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
String tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
assertTrue(tokenString.contains(WSS4JConstants.C14N_EXCL_WITH_COMMENTS));
}
Also used :
ServiceMBean(org.apache.cxf.sts.service.ServiceMBean)
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)
StaticService(org.apache.cxf.sts.service.StaticService)
RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
JAXBElement(javax.xml.bind.JAXBElement)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
SignatureProperties(org.apache.cxf.sts.SignatureProperties)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
MessageImpl(org.apache.cxf.message.MessageImpl)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 9 with SignatureProperties
use of org.apache.cxf.sts.SignatureProperties in project cxf by apache.
the class IssueSamlUnitTest method testIssueSaml2DifferentSignatureToken.
/**
* Test to successfully issue a Saml 2 token using a specified Signature Algorithm.
*/
@org.junit.Test
public void testIssueSaml2DifferentSignatureToken() throws Exception {
if (!TestUtilities.checkUnrestrictedPoliciesInstalled()) {
return;
}
TokenIssueOperation issueOperation = new TokenIssueOperation();
// Add Token Provider
issueOperation.setTokenProviders(Collections.singletonList(new SAMLTokenProvider()));
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
SignatureProperties sigProperties = new SignatureProperties();
final String signatureAlgorithm = WSS4JConstants.RSA_SHA256;
sigProperties.setAcceptedSignatureAlgorithms(Arrays.asList(signatureAlgorithm, WSS4JConstants.RSA_SHA1));
stsProperties.setSignatureProperties(sigProperties);
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
JAXBElement<String> signatureAlg = new JAXBElement<String>(QNameConstants.SIGNATURE_ALGORITHM, String.class, signatureAlgorithm);
request.getAny().add(signatureAlg);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Issue a token
RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
assertFalse(securityTokenResponse.isEmpty());
// Test the generated token.
Element assertion = null;
for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
String tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
assertTrue(tokenString.contains(signatureAlgorithm));
}
Also used :
ServiceMBean(org.apache.cxf.sts.service.ServiceMBean)
RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)
StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties)
RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)
StaticService(org.apache.cxf.sts.service.StaticService)
RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler)
JAXBElement(javax.xml.bind.JAXBElement)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
SignatureProperties(org.apache.cxf.sts.SignatureProperties)
WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext)
SecurityContext(org.apache.cxf.security.SecurityContext)
MessageImpl(org.apache.cxf.message.MessageImpl)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Aggregations
SignatureProperties (org.apache.cxf.sts.SignatureProperties)9
Element (org.w3c.dom.Element)6
Crypto (org.apache.wss4j.common.crypto.Crypto)5
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3
STSException (org.apache.cxf.ws.security.sts.provider.STSException)3
Principal (java.security.Principal)2
CallbackHandler (javax.security.auth.callback.CallbackHandler)2
JAXBElement (javax.xml.bind.JAXBElement)2
WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)2
MessageImpl (org.apache.cxf.message.MessageImpl)2
SecurityContext (org.apache.cxf.security.SecurityContext)2
StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)2
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)2
BinarySecret (org.apache.cxf.sts.request.BinarySecret)2
Entropy (org.apache.cxf.sts.request.Entropy)2
ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)2
StaticService (org.apache.cxf.sts.service.StaticService)2
SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)2
RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)2
RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)2
