Example 6 with Lifetime
use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.
the class JWTProviderLifetimeTest method testJWTValidLifetime.
/**
* Issue JWT token with a valid requested lifetime
*/
@org.junit.Test
public void testJWTValidLifetime() throws Exception {
int requestedLifetime = 60;
JWTTokenProvider tokenProvider = new JWTTokenProvider();
DefaultJWTClaimsProvider claimsProvider = new DefaultJWTClaimsProvider();
claimsProvider.setAcceptClientLifetime(true);
tokenProvider.setJwtClaimsProvider(claimsProvider);
TokenProviderParameters providerParameters = createProviderParameters(JWTTokenProvider.JWT_TOKEN_TYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
TokenProviderResponse providerResponse = tokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
assertEquals(requestedLifetime, duration);
String token = (String) providerResponse.getToken();
assertNotNull(token);
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token);
JwtToken jwt = jwtConsumer.getJwtToken();
assertEquals(jwt.getClaim(JwtConstants.CLAIM_ISSUED_AT), providerResponse.getCreated().getEpochSecond());
}
Also used :
JwtToken(org.apache.cxf.rs.security.jose.jwt.JwtToken)
Lifetime(org.apache.cxf.sts.request.Lifetime)
Instant(java.time.Instant)
DefaultJWTClaimsProvider(org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)
JwsJwtCompactConsumer(org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)
JWTTokenProvider(org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)
Example 7 with Lifetime
use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.
the class SAMLProviderLifetimeTest method testSaml2ExceededConfiguredMaxLifetime.
/**
* Issue SAML 2 token with a with a lifetime
* which exceeds configured maximum lifetime
*/
@org.junit.Test
public void testSaml2ExceededConfiguredMaxLifetime() throws Exception {
// 30 minutes
long maxLifetime = 30 * 60L;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setMaxLifetime(maxLifetime);
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to 35 minutes
Instant creationTime = Instant.now();
long requestedLifetime = 35 * 60L;
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected due to exceeded lifetime");
} catch (STSException ex) {
// expected
}
}
Also used :
Lifetime(org.apache.cxf.sts.request.Lifetime)
Instant(java.time.Instant)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
Example 8 with Lifetime
use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.
the class SAMLProviderLifetimeTest method testSaml2NoExpires.
/**
* Issue SAML 2 token with no Expires element. This will be rejected, but will default to the
* configured TTL and so the request will pass.
*/
@org.junit.Test
public void testSaml2NoExpires() throws Exception {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now().plusSeconds(120L);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
long duration = Duration.between(providerResponse.getCreated(), providerResponse.getExpires()).getSeconds();
assertEquals(conditionsProvider.getLifetime(), duration);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}Example 9 with Lifetime
use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.
the class SAMLProviderLifetimeTest method testSaml2ExceededDefaultMaxLifetime.
/**
* Issue SAML 2 token with a with a lifetime
* which exceeds default maximum lifetime
*/
@org.junit.Test
public void testSaml2ExceededDefaultMaxLifetime() throws Exception {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to Default max lifetime plus 1
Instant creationTime = Instant.now();
long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected due to exceeded lifetime");
} catch (STSException ex) {
// expected
}
}
Also used :
Lifetime(org.apache.cxf.sts.request.Lifetime)
Instant(java.time.Instant)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
Example 10 with Lifetime
use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.
the class SAMLProviderLifetimeTest method testSaml2FarFutureCreatedLifetime.
/**
* Issue SAML 2 token with a future Created Lifetime. This should fail as we only allow a future
* dated Lifetime up to 60 seconds to avoid clock skew problems.
*/
@org.junit.Test
public void testSaml2FarFutureCreatedLifetime() throws Exception {
int requestedLifetime = 60;
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now().plusSeconds(120L);
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.WSS_SAML2_TOKEN_TYPE));
try {
samlTokenProvider.createToken(providerParameters);
fail("Failure expected on a Created Element too far in the future");
} catch (STSException ex) {
// expected
}
// Now allow this sort of Created Element
conditionsProvider.setFutureTimeToLive(60L * 60L);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
Element token = (Element) providerResponse.getToken();
String tokenString = DOM2Writer.nodeToString(token);
assertTrue(tokenString.contains(providerResponse.getTokenId()));
}
Also used :
Lifetime(org.apache.cxf.sts.request.Lifetime)
Instant(java.time.Instant)
Element(org.w3c.dom.Element)
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
Aggregations
Instant (java.time.Instant)26
Lifetime (org.apache.cxf.sts.request.Lifetime)26
Element (org.w3c.dom.Element)15
DefaultConditionsProvider (org.apache.cxf.sts.token.provider.DefaultConditionsProvider)10
STSException (org.apache.cxf.ws.security.sts.provider.STSException)10
DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)7
JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)7
SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)6
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)6
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)6
JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)5
JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)5
Renewing (org.apache.cxf.sts.request.Renewing)5
CallbackHandler (javax.security.auth.callback.CallbackHandler)4
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)4
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4
Crypto (org.apache.wss4j.common.crypto.Crypto)4
DateTimeParseException (java.time.format.DateTimeParseException)2
JAXBElement (javax.xml.bind.JAXBElement)1
TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)1
