use of org.apache.cxf.sts.request.KeyRequirements in project cxf by apache.
the class TokenRenewOperation method renew.
public RequestSecurityTokenResponseType renew(RequestSecurityTokenType request, Principal principal, Map<String, Object> messageContext) {
long start = System.currentTimeMillis();
TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
try {
RequestRequirements requestRequirements = parseRequest(request, messageContext);
KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
renewerParameters.setStsProperties(stsProperties);
renewerParameters.setPrincipal(principal);
renewerParameters.setMessageContext(messageContext);
renewerParameters.setTokenStore(getTokenStore());
renewerParameters.setKeyRequirements(keyRequirements);
renewerParameters.setTokenRequirements(tokenRequirements);
ReceivedToken renewTarget = tokenRequirements.getRenewTarget();
if (renewTarget == null || renewTarget.getToken() == null) {
throw new STSException("No element presented for renewal", STSException.INVALID_REQUEST);
}
renewerParameters.setToken(renewTarget);
if (tokenRequirements.getTokenType() == null) {
LOG.fine("Received TokenType is null");
}
// Get the realm of the request
String realm = null;
if (stsProperties.getRealmParser() != null) {
RealmParser realmParser = stsProperties.getRealmParser();
realm = realmParser.parseRealm(messageContext);
}
renewerParameters.setRealm(realm);
// Validate the request
TokenValidatorResponse tokenResponse = validateReceivedToken(principal, messageContext, realm, tokenRequirements, renewTarget);
if (tokenResponse == null) {
LOG.fine("No Token Validator has been found that can handle this token");
renewTarget.setState(STATE.INVALID);
throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
}
// Reject an invalid token
if (tokenResponse.getToken().getState() != STATE.EXPIRED && tokenResponse.getToken().getState() != STATE.VALID) {
LOG.fine("The token is not valid or expired, and so it cannot be renewed");
throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
}
//
// Renew the token
//
TokenRenewerResponse tokenRenewerResponse = null;
renewerParameters = createTokenRenewerParameters(requestRequirements, principal, messageContext);
Map<String, Object> additionalProperties = tokenResponse.getAdditionalProperties();
if (additionalProperties != null) {
renewerParameters.setAdditionalProperties(additionalProperties);
}
renewerParameters.setRealm(tokenResponse.getTokenRealm());
renewerParameters.setToken(tokenResponse.getToken());
realm = tokenResponse.getTokenRealm();
for (TokenRenewer tokenRenewer : tokenRenewers) {
final boolean canHandle;
if (realm == null) {
canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken());
} else {
canHandle = tokenRenewer.canHandleToken(tokenResponse.getToken(), realm);
}
if (canHandle) {
try {
tokenRenewerResponse = tokenRenewer.renewToken(renewerParameters);
} catch (STSException ex) {
LOG.log(Level.WARNING, "", ex);
throw ex;
} catch (RuntimeException ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException("Error in providing a token", ex, STSException.REQUEST_FAILED);
}
break;
}
}
if (tokenRenewerResponse == null || tokenRenewerResponse.getToken() == null) {
LOG.fine("No Token Renewer has been found that can handle this token");
throw new STSException("No token renewer found for requested token type", STSException.REQUEST_FAILED);
}
// prepare response
try {
EncryptionProperties encryptionProperties = renewerParameters.getEncryptionProperties();
RequestSecurityTokenResponseType response = createResponse(encryptionProperties, tokenRenewerResponse, tokenRequirements, keyRequirements);
STSRenewSuccessEvent event = new STSRenewSuccessEvent(renewerParameters, System.currentTimeMillis() - start);
publishEvent(event);
cleanRequest(requestRequirements);
return response;
} catch (Throwable ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
}
} catch (RuntimeException ex) {
STSRenewFailureEvent event = new STSRenewFailureEvent(renewerParameters, System.currentTimeMillis() - start, ex);
publishEvent(event);
throw ex;
}
}
use of org.apache.cxf.sts.request.KeyRequirements in project cxf by apache.
the class AbstractOperation method createTokenProviderParameters.
/**
* Create a TokenProviderParameters object
*/
protected TokenProviderParameters createTokenProviderParameters(RequestRequirements requestRequirements, Principal principal, Map<String, Object> messageContext) {
TokenProviderParameters providerParameters = new TokenProviderParameters();
providerParameters.setStsProperties(stsProperties);
providerParameters.setPrincipal(principal);
providerParameters.setMessageContext(messageContext);
providerParameters.setTokenStore(getTokenStore());
providerParameters.setEncryptToken(encryptIssuedToken);
KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
providerParameters.setKeyRequirements(keyRequirements);
providerParameters.setTokenRequirements(tokenRequirements);
// Extract AppliesTo
String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
if (LOG.isLoggable(Level.FINE)) {
LOG.fine("The AppliesTo address that has been received is: " + address);
}
providerParameters.setAppliesToAddress(address);
// Get the realm of the request
if (stsProperties.getRealmParser() != null) {
RealmParser realmParser = stsProperties.getRealmParser();
String realm = realmParser.parseRealm(messageContext);
providerParameters.setRealm(realm);
}
// Set the requested Claims
ClaimCollection claims = tokenRequirements.getPrimaryClaims();
providerParameters.setRequestedPrimaryClaims(claims);
claims = tokenRequirements.getSecondaryClaims();
providerParameters.setRequestedSecondaryClaims(claims);
EncryptionProperties encryptionProperties = stsProperties.getEncryptionProperties();
if (address != null) {
boolean foundService = false;
// Get the stored Service object corresponding to the Service endpoint
if (services != null) {
for (ServiceMBean service : services) {
if (service.isAddressInEndpoints(address)) {
EncryptionProperties svcEncryptionProperties = service.getEncryptionProperties();
if (svcEncryptionProperties != null) {
encryptionProperties = svcEncryptionProperties;
}
if (tokenRequirements.getTokenType() == null) {
String tokenType = service.getTokenType();
tokenRequirements.setTokenType(tokenType);
LOG.fine("Using default token type of: " + tokenType);
}
if (keyRequirements.getKeyType() == null) {
String keyType = service.getKeyType();
keyRequirements.setKeyType(keyType);
LOG.fine("Using default key type of: " + keyType);
}
foundService = true;
break;
}
}
}
if (!foundService) {
String msg = "No service corresponding to " + address + " is known. Check 'services' property configuration in SecurityTokenServiceProvider";
LOG.log(Level.SEVERE, msg);
throw new STSException(msg, STSException.REQUEST_FAILED);
}
}
providerParameters.setEncryptionProperties(encryptionProperties);
return providerParameters;
}
use of org.apache.cxf.sts.request.KeyRequirements in project cxf by apache.
the class AbstractOperation method performDelegationHandling.
protected void performDelegationHandling(RequestRequirements requestRequirements, Principal principal, Map<String, Object> messageContext, ReceivedToken token, Principal tokenPrincipal, Set<Principal> tokenRoles) {
TokenDelegationParameters delegationParameters = new TokenDelegationParameters();
delegationParameters.setStsProperties(stsProperties);
delegationParameters.setPrincipal(principal);
delegationParameters.setMessageContext(messageContext);
delegationParameters.setTokenStore(getTokenStore());
delegationParameters.setTokenPrincipal(tokenPrincipal);
delegationParameters.setTokenRoles(tokenRoles);
KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
delegationParameters.setKeyRequirements(keyRequirements);
delegationParameters.setTokenRequirements(tokenRequirements);
// Extract AppliesTo
String address = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
delegationParameters.setAppliesToAddress(address);
delegationParameters.setToken(token);
TokenDelegationResponse tokenResponse = null;
for (TokenDelegationHandler delegationHandler : delegationHandlers) {
if (delegationHandler.canHandleToken(token)) {
try {
tokenResponse = delegationHandler.isDelegationAllowed(delegationParameters);
} catch (RuntimeException ex) {
LOG.log(Level.WARNING, "", ex);
throw new STSException("Error in delegation handling", ex, STSException.REQUEST_FAILED);
}
break;
}
}
if (tokenResponse == null || !tokenResponse.isDelegationAllowed()) {
LOG.log(Level.WARNING, "No matching token delegation handler found");
throw new STSException("No matching token delegation handler found", STSException.REQUEST_FAILED);
}
}
use of org.apache.cxf.sts.request.KeyRequirements in project cxf by apache.
the class IssueUnitTest method createProviderParameters.
private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, String username, String issuer) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal(username));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress("https://localhost:" + STSPORT + "/SecurityTokenService/b-issuer/Transport");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer(issuer);
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
use of org.apache.cxf.sts.request.KeyRequirements in project cxf by apache.
the class IssueJWTOnbehalfofUnitTest method createProviderParameters.
private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("myclientkey");
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
ReceivedCredential receivedCredential = new ReceivedCredential();
receivedCredential.setX509Cert(certs[0]);
keyRequirements.setReceivedCredential(receivedCredential);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer("STS");
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setEncryptionCrypto(crypto);
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
Aggregations