Search in sources :

Example 16 with ReceivedToken

use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.

the class TestUsernameTokenValidator method testValidateBadTokenNoTokenStore.

@Test
public void testValidateBadTokenNoTokenStore() {
    UsernameTokenValidator usernameTokenValidator = getUsernameTokenValidator(new XmlParser(), meanValidator);
    usernameTokenValidator.addRealm(null);
    TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(mock(Crypto.class));
    when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(receivedToken.isUsernameToken()).thenReturn(true);
    when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
    Set<Class<?>> classes = new HashSet<>();
    classes.add(ObjectFactory.class);
    classes.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class);
    JAXBContextCache.CachedContextAndSchemas cache = null;
    try {
        cache = JAXBContextCache.getCachedContextAndSchemas(classes, null, null, null, false);
    } catch (JAXBException e) {
        fail(e.getMessage());
    }
    JAXBContext jaxbContext = cache.getContext();
    Unmarshaller unmarshaller = null;
    try {
        if (jaxbContext != null) {
            unmarshaller = jaxbContext.createUnmarshaller();
        }
    } catch (JAXBException e) {
        fail(e.getMessage());
    }
    JAXBElement<?> token = null;
    if (unmarshaller != null) {
        try {
            token = (JAXBElement<?>) unmarshaller.unmarshal(this.getClass().getResourceAsStream("/user-no-password.xml"));
        } catch (JAXBException e) {
            fail(e.getMessage());
        }
    }
    when(receivedToken.getToken()).thenReturn(token.getValue());
    TokenValidatorResponse tokenValidatorResponse = usernameTokenValidator.validateToken(tokenValidatorParameters);
    assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
    verify(failedLoginDelayer, times(1)).delay(anyString());
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) JAXBContextCache(org.apache.cxf.common.jaxb.JAXBContextCache) JAXBException(javax.xml.bind.JAXBException) JAXBContext(javax.xml.bind.JAXBContext) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Unmarshaller(javax.xml.bind.Unmarshaller) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 17 with ReceivedToken

use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.

the class TestUsernameTokenValidator method testValidateBadToken.

@Test
public void testValidateBadToken() {
    UsernameTokenValidator usernameTokenValidator = getUsernameTokenValidator(new XmlParser(), meanValidator);
    usernameTokenValidator.addRealm(null);
    TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(mock(Crypto.class));
    when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(receivedToken.isUsernameToken()).thenReturn(true);
    when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
    Set<Class<?>> classes = new HashSet<>();
    classes.add(ObjectFactory.class);
    classes.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class);
    JAXBContextCache.CachedContextAndSchemas cache = null;
    try {
        cache = JAXBContextCache.getCachedContextAndSchemas(classes, null, null, null, false);
    } catch (JAXBException e) {
        fail(e.getMessage());
    }
    JAXBContext jaxbContext = cache.getContext();
    Unmarshaller unmarshaller = null;
    try {
        if (jaxbContext != null) {
            unmarshaller = jaxbContext.createUnmarshaller();
        }
    } catch (JAXBException e) {
        fail(e.getMessage());
    }
    JAXBElement<?> token = null;
    if (unmarshaller != null) {
        try {
            token = (JAXBElement<?>) unmarshaller.unmarshal(this.getClass().getResourceAsStream("/user.xml"));
        } catch (JAXBException e) {
            fail(e.getMessage());
        }
    }
    when(receivedToken.getToken()).thenReturn(token.getValue());
    TokenValidatorResponse tokenValidatorResponse = usernameTokenValidator.validateToken(tokenValidatorParameters);
    assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
    verify(failedLoginDelayer, times(1)).delay(anyString());
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) JAXBContextCache(org.apache.cxf.common.jaxb.JAXBContextCache) JAXBException(javax.xml.bind.JAXBException) JAXBContext(javax.xml.bind.JAXBContext) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Unmarshaller(javax.xml.bind.Unmarshaller) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 18 with ReceivedToken

use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.

the class TestUsernameTokenValidator method testNoFailedDelayer.

@Test(expected = IllegalStateException.class)
public void testNoFailedDelayer() {
    UsernameTokenValidator usernameTokenValidator = new UsernameTokenValidator(new XmlParser(), null) {

        public void addRealm(ServiceReference<JaasRealm> serviceReference) {
            validators.put("myrealm", meanValidator);
        }
    };
    usernameTokenValidator.addRealm(null);
    TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(mock(Crypto.class));
    when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(receivedToken.isUsernameToken()).thenReturn(true);
    when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
    Set<Class<?>> classes = new HashSet<>();
    classes.add(ObjectFactory.class);
    classes.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class);
    JAXBContextCache.CachedContextAndSchemas cache = null;
    try {
        cache = JAXBContextCache.getCachedContextAndSchemas(classes, null, null, null, false);
    } catch (JAXBException e) {
        fail(e.getMessage());
    }
    JAXBContext jaxbContext = cache.getContext();
    Unmarshaller unmarshaller = null;
    try {
        if (jaxbContext != null) {
            unmarshaller = jaxbContext.createUnmarshaller();
        }
    } catch (JAXBException e) {
        fail(e.getMessage());
    }
    JAXBElement<?> token = null;
    if (unmarshaller != null) {
        try {
            token = (JAXBElement<?>) unmarshaller.unmarshal(this.getClass().getResourceAsStream("/user-no-password.xml"));
        } catch (JAXBException e) {
            fail(e.getMessage());
        }
    }
    when(receivedToken.getToken()).thenReturn(token.getValue());
    usernameTokenValidator.validateToken(tokenValidatorParameters);
}
Also used : XmlParser(org.codice.ddf.parser.xml.XmlParser) JAXBContextCache(org.apache.cxf.common.jaxb.JAXBContextCache) JAXBException(javax.xml.bind.JAXBException) JAXBContext(javax.xml.bind.JAXBContext) ServiceReference(org.osgi.framework.ServiceReference) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Unmarshaller(javax.xml.bind.Unmarshaller) HashSet(java.util.HashSet) Test(org.junit.Test)

Example 19 with ReceivedToken

use of org.apache.cxf.sts.request.ReceivedToken in project ddf by codice.

the class X509DelegationHandler method isDelegationAllowed.

public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
    TokenDelegationResponse response = new TokenDelegationResponse();
    ReceivedToken delegateTarget = tokenParameters.getToken();
    response.setToken(delegateTarget);
    Object token = delegateTarget.getToken();
    if (token instanceof BinarySecurityTokenType) {
        response.setDelegationAllowed(true);
    }
    return response;
}
Also used : BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)

Example 20 with ReceivedToken

use of org.apache.cxf.sts.request.ReceivedToken in project cas by apereo.

the class X509TokenDelegationHandler method isDelegationAllowed.

@Override
public TokenDelegationResponse isDelegationAllowed(final TokenDelegationParameters tokenParameters) {
    final TokenDelegationResponse response = new TokenDelegationResponse();
    final ReceivedToken delegateTarget = tokenParameters.getToken();
    response.setToken(delegateTarget);
    if (!delegateTarget.isDOMElement()) {
        return response;
    }
    if (delegateTarget.getState() == ReceivedToken.STATE.VALID && delegateTarget.getPrincipal() != null) {
        response.setDelegationAllowed(true);
        LOGGER.debug("Delegation is allowed for: [{}]", delegateTarget.getPrincipal());
    } else {
        LOGGER.debug("Delegation is not allowed, as the token is invalid or the principal is null");
    }
    return response;
}
Also used : ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)

Aggregations

ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)41 Test (org.junit.Test)25 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)23 BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)21 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)20 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)18 Crypto (org.apache.wss4j.common.crypto.Crypto)15 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)10 RequestData (org.apache.wss4j.dom.handler.RequestData)10 Credential (org.apache.wss4j.dom.validate.Credential)9 XmlParser (org.codice.ddf.parser.xml.XmlParser)9 X500Principal (javax.security.auth.x500.X500Principal)8 JAASUsernameTokenValidator (org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)7 PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)7 X509Certificate (java.security.cert.X509Certificate)6 PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)6 HashSet (java.util.HashSet)5 CallbackHandler (javax.security.auth.callback.CallbackHandler)5 JAXBContext (javax.xml.bind.JAXBContext)5 JAXBException (javax.xml.bind.JAXBException)5