use of org.apache.cxf.sts.request.ReceivedToken in project cxf by apache.
the class SAMLProviderActAsTest method createProviderParameters.
private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Object actAs) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
if (actAs != null) {
ReceivedToken actAsToken = new ReceivedToken(actAs);
actAsToken.setState(STATE.VALID);
tokenRequirements.setActAs(actAsToken);
}
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("technical-user"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
use of org.apache.cxf.sts.request.ReceivedToken in project cxf by apache.
the class SAMLTokenRenewerLifetimeTest method testSaml2ExceededDefaultMaxLifetime.
/**
* Renew SAML 2 token with a with a lifetime
* which exceeds default maximum lifetime
*/
@org.junit.Test
public void testSaml2ExceededDefaultMaxLifetime() throws Exception {
SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
samlTokenRenewer.setVerifyProofOfPossession(false);
samlTokenRenewer.setAllowRenewalAfterExpiry(true);
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenRenewer.setConditionsProvider(conditionsProvider);
TokenRenewerParameters renewerParameters = createRenewerParameters();
// Set expected lifetime to Default max lifetime plus 1
Instant creationTime = Instant.now();
long requestedLifetime = DefaultConditionsProvider.DEFAULT_MAX_LIFETIME + 1;
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
renewerParameters.getTokenRequirements().setLifetime(lifetime);
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
// Create token.
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
// Sleep to expire the token
Thread.sleep(100);
ReceivedToken renewTarget = new ReceivedToken(samlToken);
renewTarget.setState(STATE.VALID);
renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
renewerParameters.setToken(renewTarget);
assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
try {
samlTokenRenewer.renewToken(renewerParameters);
fail("Failure expected due to exceeded lifetime");
} catch (STSException ex) {
// expected
}
}
use of org.apache.cxf.sts.request.ReceivedToken in project cxf by apache.
the class SAMLTokenRenewerLifetimeTest method testSaml2ExceededConfiguredMaxLifetime.
/**
* Renew SAML 2 token with a with a lifetime
* which exceeds configured maximum lifetime
*/
@org.junit.Test
public void testSaml2ExceededConfiguredMaxLifetime() throws Exception {
// 30 minutes
long maxLifetime = 30 * 60L;
SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
samlTokenRenewer.setVerifyProofOfPossession(false);
samlTokenRenewer.setAllowRenewalAfterExpiry(true);
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setMaxLifetime(maxLifetime);
conditionsProvider.setAcceptClientLifetime(true);
samlTokenRenewer.setConditionsProvider(conditionsProvider);
TokenRenewerParameters renewerParameters = createRenewerParameters();
// Set expected lifetime to 35 minutes
Instant creationTime = Instant.now();
long requestedLifetime = 35 * 60L;
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
renewerParameters.getTokenRequirements().setLifetime(lifetime);
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
// Create token.
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
// Sleep to expire the token
Thread.sleep(100);
ReceivedToken renewTarget = new ReceivedToken(samlToken);
renewTarget.setState(STATE.VALID);
renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
renewerParameters.setToken(renewTarget);
assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
try {
samlTokenRenewer.renewToken(renewerParameters);
fail("Failure expected due to exceeded lifetime");
} catch (STSException ex) {
// expected
}
}
use of org.apache.cxf.sts.request.ReceivedToken in project cxf by apache.
the class SAMLTokenRenewerLifetimeTest method testSaml2ValidLifetime.
/**
* Renew SAML 2 token with a valid requested lifetime
*/
@org.junit.Test
public void testSaml2ValidLifetime() throws Exception {
int requestedLifetime = 60;
SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
samlTokenRenewer.setVerifyProofOfPossession(false);
samlTokenRenewer.setAllowRenewalAfterExpiry(true);
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenRenewer.setConditionsProvider(conditionsProvider);
TokenRenewerParameters renewerParameters = createRenewerParameters();
// Set expected lifetime to 1 minute
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusSeconds(requestedLifetime);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
renewerParameters.getTokenRequirements().setLifetime(lifetime);
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
// Create token.
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
// Sleep to expire the token
Thread.sleep(100);
ReceivedToken renewTarget = new ReceivedToken(samlToken);
renewTarget.setState(STATE.VALID);
renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
renewerParameters.setToken(renewTarget);
assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
assertTrue(renewerResponse != null);
assertTrue(renewerResponse.getToken() != null);
long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
assertEquals(requestedLifetime, duration);
}
use of org.apache.cxf.sts.request.ReceivedToken in project cxf by apache.
the class SAMLTokenRenewerLifetimeTest method testSaml2ProviderLifetime.
/**
* Renew SAML 2 token with a lifetime configured in SAMLTokenProvider
* No specific lifetime requested
*/
@org.junit.Test
public void testSaml2ProviderLifetime() throws Exception {
SAMLTokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
samlTokenRenewer.setVerifyProofOfPossession(false);
samlTokenRenewer.setAllowRenewalAfterExpiry(true);
long providerLifetime = 10 * 600L;
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setLifetime(providerLifetime);
samlTokenRenewer.setConditionsProvider(conditionsProvider);
TokenRenewerParameters renewerParameters = createRenewerParameters();
CallbackHandler callbackHandler = new PasswordCallbackHandler();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
// Create token.
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
// Sleep to expire the token
Thread.sleep(100);
ReceivedToken renewTarget = new ReceivedToken(samlToken);
renewTarget.setState(STATE.VALID);
renewerParameters.getTokenRequirements().setRenewTarget(renewTarget);
renewerParameters.setToken(renewTarget);
assertTrue(samlTokenRenewer.canHandleToken(renewTarget));
TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
assertTrue(renewerResponse != null);
assertTrue(renewerResponse.getToken() != null);
long duration = Duration.between(renewerResponse.getCreated(), renewerResponse.getExpires()).getSeconds();
assertEquals(providerLifetime, duration);
}
Aggregations