Example 56 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project OpenAM by OpenRock.
the class SimpleTokenValidatorBase method validateToken.
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
response.setToken(validateTarget);
String tokenServiceConsumptionToken = null;
try {
final String tokenId = generateIdFromValidateTarget(validateTarget);
tokenServiceConsumptionToken = getTokenServiceConsumptionToken();
final boolean isTokenValid = tokenServiceConsumer.validateToken(tokenId, tokenServiceConsumptionToken);
validateTarget.setState(isTokenValid ? ReceivedToken.STATE.VALID : ReceivedToken.STATE.INVALID);
return response;
} catch (TokenValidationException e) {
throw new STSException("Exception caught validating issued token: " + e.getMessage(), e);
} finally {
if (tokenServiceConsumptionToken != null) {
invalidateTokenGenerationServiceConsumptionToken(tokenServiceConsumptionToken);
}
}
}
Also used :
STSException(org.apache.cxf.ws.security.sts.provider.STSException)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenValidationException(org.forgerock.openam.sts.TokenValidationException)
Example 57 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project OpenAM by OpenRock.
the class SoapAMTokenValidator method validateToken.
/**
*
* @param tokenParameters the state necessary for token validation
* @return an instance of the TokenValidatorResponse class which indicates whether the token was successfully
* validated.
*/
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(ReceivedToken.STATE.INVALID);
response.setToken(validateTarget);
try {
String sessionId = parseSessionIdFromRequest(tokenParameters.getToken());
Principal principal = principalFromSession.getPrincipalFromSession(sessionId);
threadLocalAMTokenCache.cacheSessionIdForContext(validationInvocationContext, sessionId, invalidateAMSession);
response.setPrincipal(principal);
validateTarget.setState(ReceivedToken.STATE.VALID);
} catch (Exception e) {
logger.info("Exception caught obtaining principal from session id: " + e, e);
}
return response;
}
Also used :
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Principal(java.security.Principal)
ResourceException(org.forgerock.json.resource.ResourceException)
TokenCreationException(org.forgerock.openam.sts.TokenCreationException)
Example 58 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class TestPKITokenValidator method testValidateToken.
@Test
public void testValidateToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "karaf");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(merlin);
when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
TokenValidatorResponse tokenValidatorResponse = pkiTokenValidator.validateToken(tokenValidatorParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
assertEquals("localhost@example.org", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 59 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class TestPKITokenValidator method testCanHandleToken.
@Test
public void testCanHandleToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "karaf");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
boolean result = pkiTokenValidator.canHandleToken(receivedToken);
assertEquals(true, result);
}
Also used :
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 60 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class TestUsernameTokenValidator method testValidateGoodToken.
@Test
public void testValidateGoodToken() {
UsernameTokenValidator usernameTokenValidator = getUsernameTokenValidator(new XmlParser(), niceValidator);
usernameTokenValidator.addRealm(null);
TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(mock(Crypto.class));
when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(receivedToken.isUsernameToken()).thenReturn(true);
when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
Set<Class<?>> classes = new HashSet<>();
classes.add(ObjectFactory.class);
classes.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class);
JAXBContextCache.CachedContextAndSchemas cache = null;
try {
cache = JAXBContextCache.getCachedContextAndSchemas(classes, null, null, null, false);
} catch (JAXBException e) {
fail(e.getMessage());
}
JAXBContext jaxbContext = cache.getContext();
Unmarshaller unmarshaller = null;
try {
if (jaxbContext != null) {
unmarshaller = jaxbContext.createUnmarshaller();
}
} catch (JAXBException e) {
fail(e.getMessage());
}
JAXBElement<?> token = null;
if (unmarshaller != null) {
try {
token = (JAXBElement<?>) unmarshaller.unmarshal(this.getClass().getResourceAsStream("/user.xml"));
} catch (JAXBException e) {
fail(e.getMessage());
}
}
when(receivedToken.getToken()).thenReturn(token.getValue());
TokenValidatorResponse tokenValidatorResponse = usernameTokenValidator.validateToken(tokenValidatorParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
verify(failedLoginDelayer, never()).delay(anyString());
}
Also used :
XmlParser(org.codice.ddf.parser.xml.XmlParser)
JAXBContextCache(org.apache.cxf.common.jaxb.JAXBContextCache)
JAXBException(javax.xml.bind.JAXBException)
JAXBContext(javax.xml.bind.JAXBContext)
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
Crypto(org.apache.wss4j.common.crypto.Crypto)
JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Unmarshaller(javax.xml.bind.Unmarshaller)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Aggregations
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)115
Crypto (org.apache.wss4j.common.crypto.Crypto)59
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)55
Element (org.w3c.dom.Element)44
CallbackHandler (javax.security.auth.callback.CallbackHandler)42
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)42
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)38
Document (org.w3c.dom.Document)37
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)35
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)32
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)26
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25
Test (org.junit.Test)25
Principal (java.security.Principal)24
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)22
STSException (org.apache.cxf.ws.security.sts.provider.STSException)19
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)13
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)13
TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)13
RequestData (org.apache.wss4j.dom.handler.RequestData)13
