Search in sources :

Example 26 with Lifetime

use of org.apache.cxf.sts.request.Lifetime in project cxf by apache.

the class SAMLTokenRenewerLifetimeTest method testSaml2ValidLifetime.

/**
 * Renew SAML 2 token with a valid requested lifetime
 */
@org.junit.Test
public void testSaml2ValidLifetime() throws Exception {
    int requestedLifetime = 60;
    SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    samlTokenRenewer.setAllowRenewalAfterExpiry(true);
    DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
    conditionsProvider.setAcceptClientLifetime(true);
    samlTokenRenewer.setConditionsProvider(conditionsProvider);
    TokenRenewerParameters renewerParameters = createRenewerParameters();
    // Set expected lifetime to 1 minute
    Instant creationTime = Instant.now();
    Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
    Lifetime lifetime = new Lifetime();
    lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    renewerParameters.getTokenRequirements().setLifetime(lifetime);
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    // Create token.
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    ReceivedToken renewTarget = new ReceivedToken(samlToken);
    renewTarget.setState(STATE.VALID);
    renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
    renewerParameters.setToken(renewTarget);
    assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
    TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
    assertTrue(renewerResponse != null);
    assertTrue(renewerResponse.getToken() != null);
    long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
    assertEquals(requestedLifetime, duration);
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Instant(java.time.Instant) Element(org.w3c.dom.Element) DefaultConditionsProvider(org.apache.cxf.sts.token.provider.DefaultConditionsProvider) Lifetime(org.apache.cxf.sts.request.Lifetime) Crypto(org.apache.wss4j.common.crypto.Crypto) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Aggregations

Instant (java.time.Instant)26 Lifetime (org.apache.cxf.sts.request.Lifetime)26 Element (org.w3c.dom.Element)15 DefaultConditionsProvider (org.apache.cxf.sts.token.provider.DefaultConditionsProvider)10 STSException (org.apache.cxf.ws.security.sts.provider.STSException)10 DefaultJWTClaimsProvider (org.apache.cxf.sts.token.provider.jwt.DefaultJWTClaimsProvider)7 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)7 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)6 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)6 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)6 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)5 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)5 Renewing (org.apache.cxf.sts.request.Renewing)5 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)4 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)4 Crypto (org.apache.wss4j.common.crypto.Crypto)4 DateTimeParseException (java.time.format.DateTimeParseException)2 JAXBElement (javax.xml.bind.JAXBElement)1 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)1