Examples with BinarySecret org.apache.cxf.sts.request.BinarySecret used on opensource projects

Search in sources :

Example 1 with BinarySecret

use of org.apache.cxf.sts.request.BinarySecret in project cxf by apache.

the class SAMLProviderKeyTypeTest method testDefaultSaml1SymmetricKeyAssertion.

/**
 * Create a default Saml1 SymmetricKey Assertion.
 */
@org.junit.Test
public void testDefaultSaml1SymmetricKeyAssertion() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML_TOKEN_TYPE));
    Entropy entropy = new Entropy();
    BinarySecret binarySecret = new BinarySecret();
    binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
    entropy.setBinarySecret(binarySecret);
    providerParameters.getKeyRequirements().setEntropy(entropy);
    binarySecret.setBinarySecretType("bad-type");
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on a bad type");
    } catch (STSException ex) {
    // expected as no type is provided
    }
    binarySecret.setBinarySecretType(STSConstants.NONCE_TYPE);
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on no computed key algorithm");
    } catch (STSException ex) {
    // expected as no computed key algorithm is provided
    }
    providerParameters.getKeyRequirements().setComputedKeyAlgorithm(STSConstants.COMPUTED_KEY_PSHA1);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertFalse(tokenString.contains("AuthenticationStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
    assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
    // Test custom keySize
    SignatureProperties signatureProperties = providerParameters.getStsProperties().getSignatureProperties();
    signatureProperties.setMinimumKeySize(-8);
    providerParameters.getKeyRequirements().setKeySize(-8);
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on a bad KeySize");
    } catch (STSException ex) {
    // expected on a bad KeySize
    }
    signatureProperties.setMinimumKeySize(128);
    providerParameters.getKeyRequirements().setKeySize(192);
    samlTokenProvider.createToken(providerParameters);
}
Also used : Element(org.w3c.dom.Element) SignatureProperties(org.apache.cxf.sts.SignatureProperties) STSException(org.apache.cxf.ws.security.sts.provider.STSException) Entropy(org.apache.cxf.sts.request.Entropy) BinarySecret(org.apache.cxf.sts.request.BinarySecret)

Example 2 with BinarySecret

use of org.apache.cxf.sts.request.BinarySecret in project cxf by apache.

the class SAMLProviderKeyTypeTest method testDefaultSaml1SymmetricKeyAssertionSecretKey.

/**
 * Create a default Saml1 SymmetricKey Assertion. Rather than using a Nonce as the Entropy,
 * a secret key is supplied by the client instead.
 */
@org.junit.Test
public void testDefaultSaml1SymmetricKeyAssertionSecretKey() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML_TOKEN_TYPE));
    Entropy entropy = new Entropy();
    BinarySecret binarySecret = new BinarySecret();
    binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
    entropy.setBinarySecret(binarySecret);
    providerParameters.getKeyRequirements().setEntropy(entropy);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertFalse(tokenString.contains("AuthenticationStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
    assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
    assertFalse(providerResponse.isComputedKey());
    assertNull(providerResponse.getEntropy());
}
Also used : Element(org.w3c.dom.Element) Entropy(org.apache.cxf.sts.request.Entropy) BinarySecret(org.apache.cxf.sts.request.BinarySecret)

Example 3 with BinarySecret

use of org.apache.cxf.sts.request.BinarySecret in project cxf by apache.

the class SymmetricKeyHandler method createSymmetricKey.

/**
 * Create the Symmetric Key
 */
public void createSymmetricKey() {
    computedKey = false;
    boolean generateEntropy = true;
    if (clientEntropy != null) {
        BinarySecret binarySecret = clientEntropy.getBinarySecret();
        if (binarySecret != null && (STSConstants.SYMMETRIC_KEY_TYPE.equals(binarySecret.getBinarySecretType()) || binarySecret.getBinarySecretType() == null)) {
            secret = binarySecret.getBinarySecretValue();
            generateEntropy = false;
        } else if (clientEntropy.getDecryptedKey() != null) {
            secret = clientEntropy.getDecryptedKey();
            generateEntropy = false;
        }
    }
    if (generateEntropy) {
        try {
            entropyBytes = WSSecurityUtil.generateNonce(keySize / 8);
            secret = entropyBytes;
        } catch (WSSecurityException ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in creating symmetric key", ex, STSException.INVALID_REQUEST);
        }
        if (clientEntropy != null && clientEntropy.getBinarySecret() != null) {
            byte[] nonce = clientEntropy.getBinarySecret().getBinarySecretValue();
            try {
                P_SHA1 psha1 = new P_SHA1();
                secret = psha1.createKey(nonce, entropyBytes, 0, keySize / 8);
                computedKey = true;
            } catch (WSSecurityException ex) {
                LOG.log(Level.WARNING, "", ex);
                throw new STSException("Error in creating symmetric key", STSException.INVALID_REQUEST);
            }
        }
    }
}
Also used : P_SHA1(org.apache.wss4j.common.derivedKey.P_SHA1) STSException(org.apache.cxf.ws.security.sts.provider.STSException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) BinarySecret(org.apache.cxf.sts.request.BinarySecret)

Example 4 with BinarySecret

use of org.apache.cxf.sts.request.BinarySecret in project cxf by apache.

the class SAMLProviderKeyTypeTest method testDefaultSaml2SymmetricKeyAssertion.

/**
 * Create a default Saml2 SymmetricKey Assertion.
 */
@org.junit.Test
public void testDefaultSaml2SymmetricKeyAssertion() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
    Entropy entropy = new Entropy();
    BinarySecret binarySecret = new BinarySecret();
    binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
    entropy.setBinarySecret(binarySecret);
    providerParameters.getKeyRequirements().setEntropy(entropy);
    binarySecret.setBinarySecretType("bad-type");
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on a bad type");
    } catch (STSException ex) {
    // expected as no type is provided
    }
    binarySecret.setBinarySecretType(STSConstants.NONCE_TYPE);
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on no computed key algorithm");
    } catch (STSException ex) {
    // expected as no computed key algorithm is provided
    }
    providerParameters.getKeyRequirements().setComputedKeyAlgorithm(STSConstants.COMPUTED_KEY_PSHA1);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertFalse(tokenString.contains("AuthenticationStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
    assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
    // Test custom keySize
    SignatureProperties signatureProperties = providerParameters.getStsProperties().getSignatureProperties();
    signatureProperties.setMinimumKeySize(-8);
    providerParameters.getKeyRequirements().setKeySize(-8);
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on a bad KeySize");
    } catch (STSException ex) {
    // expected on a bad KeySize
    }
    signatureProperties.setMinimumKeySize(128);
    providerParameters.getKeyRequirements().setKeySize(192);
    samlTokenProvider.createToken(providerParameters);
}
Also used : Element(org.w3c.dom.Element) SignatureProperties(org.apache.cxf.sts.SignatureProperties) STSException(org.apache.cxf.ws.security.sts.provider.STSException) Entropy(org.apache.cxf.sts.request.Entropy) BinarySecret(org.apache.cxf.sts.request.BinarySecret)

Aggregations

BinarySecret (org.apache.cxf.sts.request.BinarySecret)4 Entropy (org.apache.cxf.sts.request.Entropy)3 STSException (org.apache.cxf.ws.security.sts.provider.STSException)3 Element (org.w3c.dom.Element)3 SignatureProperties (org.apache.cxf.sts.SignatureProperties)2 P_SHA1 (org.apache.wss4j.common.derivedKey.P_SHA1)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial