Example 61 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class TestUsernameTokenValidator method testNoParser.
@Test(expected = IllegalStateException.class)
public void testNoParser() {
UsernameTokenValidator usernameTokenValidator = getUsernameTokenValidator(null, meanValidator);
usernameTokenValidator.addRealm(null);
TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(mock(Crypto.class));
when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(receivedToken.isUsernameToken()).thenReturn(true);
when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
Set<Class<?>> classes = new HashSet<>();
classes.add(ObjectFactory.class);
classes.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class);
JAXBContextCache.CachedContextAndSchemas cache = null;
try {
cache = JAXBContextCache.getCachedContextAndSchemas(classes, null, null, null, false);
} catch (JAXBException e) {
fail(e.getMessage());
}
JAXBContext jaxbContext = cache.getContext();
Unmarshaller unmarshaller = null;
try {
if (jaxbContext != null) {
unmarshaller = jaxbContext.createUnmarshaller();
}
} catch (JAXBException e) {
fail(e.getMessage());
}
JAXBElement<?> token = null;
if (unmarshaller != null) {
try {
token = (JAXBElement<?>) unmarshaller.unmarshal(this.getClass().getResourceAsStream("/user-no-password.xml"));
} catch (JAXBException e) {
fail(e.getMessage());
}
}
when(receivedToken.getToken()).thenReturn(token.getValue());
usernameTokenValidator.validateToken(tokenValidatorParameters);
}
Also used :
JAXBContextCache(org.apache.cxf.common.jaxb.JAXBContextCache)
JAXBException(javax.xml.bind.JAXBException)
JAXBContext(javax.xml.bind.JAXBContext)
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
Crypto(org.apache.wss4j.common.crypto.Crypto)
JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Unmarshaller(javax.xml.bind.Unmarshaller)
HashSet(java.util.HashSet)
Test(org.junit.Test)
Example 62 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class X509PathTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*
* @param tokenParameters
* @return TokenValidatorResponse
*/
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.trace("Validating X.509 Token");
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
requestData.setWssConfig(WSSConfig.getNewInstance());
requestData.setCallbackHandler(callbackHandler);
requestData.setMsgContext(tokenParameters.getMessageContext());
requestData.setSubjectCertConstraints(certConstraints.getCompiledSubjectContraints());
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
BinarySecurity binarySecurity = null;
BinarySecurityTokenType binarySecurityType = null;
if (validateTarget.isBinarySecurityToken()) {
binarySecurityType = (BinarySecurityTokenType) validateTarget.getToken();
// Test the encoding type
String encodingType = binarySecurityType.getEncodingType();
if (!BASE64_ENCODING.equals(encodingType)) {
LOGGER.trace("Bad encoding type attribute specified: {}", encodingType);
return response;
}
//
// Turn the received JAXB object into a DOM element
//
Document doc = DOMUtils.createDocument();
binarySecurity = new X509Security(doc);
binarySecurity.setEncodingType(encodingType);
binarySecurity.setValueType(binarySecurityType.getValueType());
String data = binarySecurityType.getValue();
Node textNode = doc.createTextNode(data);
binarySecurity.getElement().appendChild(textNode);
} else if (validateTarget.isDOMElement()) {
try {
Document doc = DOMUtils.createDocument();
binarySecurity = new X509Security(doc);
binarySecurity.setEncodingType(BASE64_ENCODING);
X509Data x509Data = new X509Data((Element) validateTarget.getToken(), "");
if (x509Data.containsCertificate()) {
XMLX509Certificate xmlx509Certificate = x509Data.itemCertificate(0);
if (xmlx509Certificate == null) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
}
X509Certificate cert = xmlx509Certificate.getX509Certificate();
((X509Security) binarySecurity).setX509Certificate(cert);
}
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to set certificate", ex);
return response;
} catch (XMLSecurityException ex) {
LOGGER.debug("Unable to get certificates", ex);
return response;
}
} else {
return response;
}
//
try {
Credential credential = new Credential();
credential.setBinarySecurityToken(binarySecurity);
if (merlin != null) {
byte[] token = binarySecurity.getToken();
if (token != null) {
if (binarySecurityType != null) {
if (binarySecurityType.getValueType().equals(X509_PKI_PATH)) {
X509Certificate[] certificates = merlin.getCertificatesFromBytes(token);
if (certificates != null) {
credential.setCertificates(certificates);
}
} else {
X509Certificate singleCert = merlin.loadCertificate(new ByteArrayInputStream(token));
credential.setCertificates(new X509Certificate[] { singleCert });
}
}
} else {
LOGGER.debug("Binary Security Token bytes were null.");
}
}
Credential returnedCredential = validator.validate(credential, requestData);
X500Principal subjectX500Principal = returnedCredential.getCertificates()[0].getSubjectX500Principal();
response.setPrincipal(subjectX500Principal);
if (response.getAdditionalProperties() == null) {
response.setAdditionalProperties(new HashMap<>());
}
try {
String emailAddress = SubjectUtils.getEmailAddress(subjectX500Principal);
if (emailAddress != null) {
response.getAdditionalProperties().put(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI, emailAddress);
}
String country = SubjectUtils.getCountry(subjectX500Principal);
if (country != null) {
response.getAdditionalProperties().put(SubjectUtils.COUNTRY_CLAIM_URI, country);
}
} catch (Exception e) {
LOGGER.debug("Unable to set email address or country from certificate.", e);
}
validateTarget.setState(STATE.VALID);
validateTarget.setPrincipal(subjectX500Principal);
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate credentials.", ex);
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
Node(org.w3c.dom.Node)
Element(org.w3c.dom.Element)
Document(org.w3c.dom.Document)
X509Data(org.apache.xml.security.keys.content.X509Data)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
RequestData(org.apache.wss4j.dom.handler.RequestData)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
X509Security(org.apache.wss4j.common.token.X509Security)
Credential(org.apache.wss4j.dom.validate.Credential)
BinarySecurity(org.apache.wss4j.common.token.BinarySecurity)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
X509Certificate(java.security.cert.X509Certificate)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
XMLX509Certificate(org.apache.xml.security.keys.content.x509.XMLX509Certificate)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
ByteArrayInputStream(java.io.ByteArrayInputStream)
X500Principal(javax.security.auth.x500.X500Principal)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Example 63 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class UPBSTValidatorTest method testValidateGoodTokenCache.
@Test
public void testValidateGoodTokenCache() {
UPBSTValidator upbstValidator = getUpbstValidator(new XmlParser(), meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(584149325);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
TokenValidatorResponse response = upbstValidator.validateToken(tokenParameters);
Assert.assertEquals(ReceivedToken.STATE.VALID, response.getToken().getState());
verify(failedLoginDelayer, never()).delay(anyString());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Collection(java.util.Collection)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Test(org.junit.Test)
Example 64 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class UPBSTValidatorTest method testNoFailedDelayer.
@Test(expected = IllegalStateException.class)
public void testNoFailedDelayer() {
UPBSTValidator upbstValidator = new UPBSTValidator(new XmlParser(), null) {
public void addRealm(ServiceReference<JaasRealm> serviceReference) {
validators.put("realm", meanValidator);
}
};
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(584149325);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
upbstValidator.validateToken(tokenParameters);
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Collection(java.util.Collection)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
ServiceReference(org.osgi.framework.ServiceReference)
Test(org.junit.Test)
Example 65 with ReceivedToken
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class UPBSTValidatorTest method testValidateBadTokenNoCache.
@Test
public void testValidateBadTokenNoCache() {
UPBSTValidator upbstValidator = getUpbstValidator(new XmlParser(), meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
TokenValidatorResponse response = upbstValidator.validateToken(tokenParameters);
Assert.assertEquals(ReceivedToken.STATE.INVALID, response.getToken().getState());
verify(failedLoginDelayer, times(1)).delay(anyString());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Aggregations
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)115
Crypto (org.apache.wss4j.common.crypto.Crypto)59
TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)55
Element (org.w3c.dom.Element)44
CallbackHandler (javax.security.auth.callback.CallbackHandler)42
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)42
PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)38
Document (org.w3c.dom.Document)37
CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)35
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)32
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)26
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25
Test (org.junit.Test)25
Principal (java.security.Principal)24
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)22
STSException (org.apache.cxf.ws.security.sts.provider.STSException)19
TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)13
TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)13
TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)13
RequestData (org.apache.wss4j.dom.handler.RequestData)13
