use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class GuestValidatorTest method setup.
@Before
public void setup() {
validator = new GuestValidator();
validator.setSupportedRealm(Arrays.asList("DDF"));
GuestAuthenticationToken guestAuthenticationToken = new GuestAuthenticationToken("DDF", "127.0.0.1");
GuestAuthenticationToken guestAuthenticationTokenAnyRealm = new GuestAuthenticationToken("*", "127.0.0.1");
GuestAuthenticationToken guestAuthenticationTokenIpv6 = new GuestAuthenticationToken("*", "0:0:0:0:0:0:0:1");
GuestAuthenticationToken guestAuthenticationTokenIpv6Reachability = new GuestAuthenticationToken("*", "0:0:0:0:0:0:0:1%4");
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenType.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenType.setValue(guestAuthenticationToken.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenType);
BinarySecurityTokenType binarySecurityTokenTypeBadToken = new BinarySecurityTokenType();
binarySecurityTokenTypeBadToken.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeBadToken.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeBadToken.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeBadToken.setValue(Base64.getEncoder().encodeToString("NotGuest".getBytes()));
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementBadToken = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeBadToken);
BinarySecurityTokenType binarySecurityTokenTypeAnyRealm = new BinarySecurityTokenType();
binarySecurityTokenTypeAnyRealm.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeAnyRealm.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeAnyRealm.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeAnyRealm.setValue(guestAuthenticationTokenAnyRealm.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementAnyRealm = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeAnyRealm);
BinarySecurityTokenType binarySecurityTokenTypeIpv6 = new BinarySecurityTokenType();
binarySecurityTokenTypeIpv6.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeIpv6.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeIpv6.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeIpv6.setValue(guestAuthenticationTokenIpv6.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6 = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6);
BinarySecurityTokenType binarySecurityTokenTypeIpv6Reachability = new BinarySecurityTokenType();
binarySecurityTokenTypeIpv6Reachability.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeIpv6Reachability.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeIpv6Reachability.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeIpv6Reachability.setValue(guestAuthenticationTokenIpv6Reachability.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6Reachability = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6Reachability);
receivedToken = new ReceivedToken(binarySecurityTokenElement);
receivedAnyRealmToken = new ReceivedToken(binarySecurityTokenElementAnyRealm);
receivedBadToken = new ReceivedToken(binarySecurityTokenElementBadToken);
receivedTokenIpv6 = new ReceivedToken(binarySecurityTokenElementIpv6);
receivedTokenIpv6Reachability = new ReceivedToken(binarySecurityTokenElementIpv6Reachability);
parameters = new TokenValidatorParameters();
parameters.setToken(receivedToken);
}
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class BSTDelegationHandler method isDelegationAllowed.
public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
TokenDelegationResponse response = new TokenDelegationResponse();
ReceivedToken delegateTarget = tokenParameters.getToken();
response.setToken(delegateTarget);
Object token = delegateTarget.getToken();
if (token instanceof BinarySecurityTokenType) {
response.setDelegationAllowed(true);
}
return response;
}
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class TestBSTDelegationHandler method testDelegationNotAllowed.
@Test
public void testDelegationNotAllowed() {
UsernameTokenType binarySecurityTokenType = new UsernameTokenType();
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenDelegationParameters tokenDelegationParameters = mock(TokenDelegationParameters.class);
when(tokenDelegationParameters.getToken()).thenReturn(receivedToken);
BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
TokenDelegationResponse response = bstDelegationHandler.isDelegationAllowed(tokenDelegationParameters);
assertEquals(false, response.isDelegationAllowed());
}
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class UPBSTValidatorTest method testNoParser.
@Test(expected = IllegalStateException.class)
public void testNoParser() {
UPBSTValidator upbstValidator = getUpbstValidator(null, meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(584149325);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
upbstValidator.validateToken(tokenParameters);
}
use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.
the class UsernameTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.debug("Validating UsernameToken");
if (parser == null) {
throw new IllegalStateException("XMLParser must be configured.");
}
if (failedLoginDelayer == null) {
throw new IllegalStateException("Failed Login Delayer must be configured");
}
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(ReceivedToken.STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isUsernameToken()) {
return response;
}
//
// Turn the JAXB UsernameTokenType into a DOM Element for validation
//
UsernameTokenType usernameTokenType = (UsernameTokenType) validateTarget.getToken();
JAXBElement<UsernameTokenType> tokenType = new JAXBElement<>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType);
Document doc = DOMUtils.createDocument();
Element rootElement = doc.createElement("root-element");
List<String> ctxPath = new ArrayList<>(1);
ctxPath.add(UsernameTokenType.class.getPackage().getName());
Element usernameTokenElement = null;
ParserConfigurator configurator = parser.configureParser(ctxPath, UsernameTokenValidator.class.getClassLoader());
try {
parser.marshal(configurator, tokenType, rootElement);
usernameTokenElement = (Element) rootElement.getFirstChild();
} catch (ParserException ex) {
LOGGER.info("Unable to parse username token", ex);
return response;
}
//
try {
boolean allowNamespaceQualifiedPasswordTypes = requestData.isAllowNamespaceQualifiedPasswordTypes();
UsernameToken ut = new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, new BSPEnforcer());
// The parsed principal is set independent whether validation is successful or not
response.setPrincipal(new CustomTokenPrincipal(ut.getName()));
if (ut.getPassword() == null) {
failedLoginDelayer.delay(ut.getName());
return response;
}
Credential credential = new Credential();
credential.setUsernametoken(ut);
//Only this section is new, the rest is copied from the apache class
Set<Map.Entry<String, Validator>> entries = validators.entrySet();
for (Map.Entry<String, Validator> entry : entries) {
try {
entry.getValue().validate(credential, requestData);
validateTarget.setState(ReceivedToken.STATE.VALID);
break;
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate user against {}" + entry.getKey(), ex);
}
}
if (ReceivedToken.STATE.INVALID.equals(validateTarget.getState())) {
failedLoginDelayer.delay(ut.getName());
return response;
}
//end new section
Principal principal = createPrincipal(ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated());
response.setPrincipal(principal);
response.setTokenRealm(null);
validateTarget.setState(ReceivedToken.STATE.VALID);
validateTarget.setPrincipal(principal);
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate token.", ex);
}
return response;
}
Aggregations