Example 1 with Entropy
use of org.apache.cxf.sts.request.Entropy in project cxf by apache.
the class SAMLProviderKeyTypeTest method testDefaultSaml1SymmetricKeyAssertion.
/**
* Create a default Saml1 SymmetricKey Assertion.
*/
@org.junit.Test
public void testDefaultSaml1SymmetricKeyAssertion() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML_TOKEN_TYPE));
Entropy entropy = new Entropy();
BinarySecret binarySecret = new BinarySecret();
binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
entropy.setBinarySecret(binarySecret);
providerParameters.getKeyRequirements().setEntropy(entropy);
binarySecret.setBinarySecretType("bad-type");
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a bad type");
} catch (STSException ex) {
// expected as no type is provided
}
binarySecret.setBinarySecretType(STSConstants.NONCE_TYPE);
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on no computed key algorithm");
} catch (STSException ex) {
// expected as no computed key algorithm is provided
}
providerParameters.getKeyRequirements().setComputedKeyAlgorithm(STSConstants.COMPUTED_KEY_PSHA1);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertFalse(tokenString.contains("AuthenticationStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
// Test custom keySize
SignatureProperties signatureProperties = providerParameters.getStsProperties().getSignatureProperties();
signatureProperties.setMinimumKeySize(-8);
providerParameters.getKeyRequirements().setKeySize(-8);
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a bad KeySize");
} catch (STSException ex) {
// expected on a bad KeySize
}
signatureProperties.setMinimumKeySize(128);
providerParameters.getKeyRequirements().setKeySize(192);
samlTokenProvider.createToken(providerParameters);
}
Also used :
Element(org.w3c.dom.Element)
SignatureProperties(org.apache.cxf.sts.SignatureProperties)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
Entropy(org.apache.cxf.sts.request.Entropy)
BinarySecret(org.apache.cxf.sts.request.BinarySecret)
Example 2 with Entropy
use of org.apache.cxf.sts.request.Entropy in project cxf by apache.
the class SAMLProviderKeyTypeTest method testDefaultSaml1SymmetricKeyAssertionSecretKey.
/**
* Create a default Saml1 SymmetricKey Assertion. Rather than using a Nonce as the Entropy,
* a secret key is supplied by the client instead.
*/
@org.junit.Test
public void testDefaultSaml1SymmetricKeyAssertionSecretKey() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML_TOKEN_TYPE));
Entropy entropy = new Entropy();
BinarySecret binarySecret = new BinarySecret();
binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
entropy.setBinarySecret(binarySecret);
providerParameters.getKeyRequirements().setEntropy(entropy);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertFalse(tokenString.contains("AuthenticationStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
assertFalse(providerResponse.isComputedKey());
assertNull(providerResponse.getEntropy());
}
Also used :
Element(org.w3c.dom.Element)
Entropy(org.apache.cxf.sts.request.Entropy)
BinarySecret(org.apache.cxf.sts.request.BinarySecret)
Example 3 with Entropy
use of org.apache.cxf.sts.request.Entropy in project cxf by apache.
the class SAMLProviderKeyTypeTest method testDefaultSaml2SymmetricKeyAssertion.
/**
* Create a default Saml2 SymmetricKey Assertion.
*/
@org.junit.Test
public void testDefaultSaml2SymmetricKeyAssertion() throws Exception {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
Entropy entropy = new Entropy();
BinarySecret binarySecret = new BinarySecret();
binarySecret.setBinarySecretValue(WSSecurityUtil.generateNonce(256 / 8));
entropy.setBinarySecret(binarySecret);
providerParameters.getKeyRequirements().setEntropy(entropy);
binarySecret.setBinarySecretType("bad-type");
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a bad type");
} catch (STSException ex) {
// expected as no type is provided
}
binarySecret.setBinarySecretType(STSConstants.NONCE_TYPE);
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on no computed key algorithm");
} catch (STSException ex) {
// expected as no computed key algorithm is provided
}
providerParameters.getKeyRequirements().setComputedKeyAlgorithm(STSConstants.COMPUTED_KEY_PSHA1);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
assertTrue(tokenString.contains("AttributeStatement"));
assertFalse(tokenString.contains("AuthenticationStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
// Test custom keySize
SignatureProperties signatureProperties = providerParameters.getStsProperties().getSignatureProperties();
signatureProperties.setMinimumKeySize(-8);
providerParameters.getKeyRequirements().setKeySize(-8);
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a bad KeySize");
} catch (STSException ex) {
// expected on a bad KeySize
}
signatureProperties.setMinimumKeySize(128);
providerParameters.getKeyRequirements().setKeySize(192);
samlTokenProvider.createToken(providerParameters);
}
Also used :
Element(org.w3c.dom.Element)
SignatureProperties(org.apache.cxf.sts.SignatureProperties)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
Entropy(org.apache.cxf.sts.request.Entropy)
BinarySecret(org.apache.cxf.sts.request.BinarySecret)
Aggregations
BinarySecret (org.apache.cxf.sts.request.BinarySecret)3
Entropy (org.apache.cxf.sts.request.Entropy)3
Element (org.w3c.dom.Element)3
SignatureProperties (org.apache.cxf.sts.SignatureProperties)2
STSException (org.apache.cxf.ws.security.sts.provider.STSException)2
