Search in sources :

Example 76 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class SCTProviderTest method createProviderParameters.

private TokenProviderParameters createProviderParameters(String tokenType) throws WSSecurityException {
    TokenProviderParameters parameters = new TokenProviderParameters();
    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(tokenType);
    parameters.setTokenRequirements(tokenRequirements);
    KeyRequirements keyRequirements = new KeyRequirements();
    parameters.setKeyRequirements(keyRequirements);
    parameters.setTokenStore(tokenStore);
    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);
    parameters.setAppliesToAddress("http://dummy-service.com/dummy");
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    parameters.setStsProperties(stsProperties);
    parameters.setEncryptionProperties(new EncryptionProperties());
    return parameters;
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 77 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class SAMLTokenRenewerLifetimeTest method createProviderParameters.

private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
    TokenProviderParameters parameters = new TokenProviderParameters();
    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(tokenType);
    parameters.setTokenRequirements(tokenRequirements);
    KeyRequirements keyRequirements = new KeyRequirements();
    keyRequirements.setKeyType(keyType);
    parameters.setKeyRequirements(keyRequirements);
    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);
    parameters.setAppliesToAddress("http://dummy-service.com/dummy");
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setSignatureUsername(signatureUsername);
    stsProperties.setCallbackHandler(callbackHandler);
    stsProperties.setIssuer("STS");
    parameters.setStsProperties(stsProperties);
    parameters.setEncryptionProperties(new EncryptionProperties());
    parameters.setTokenStore(tokenStore);
    return parameters;
}
Also used : CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) MessageImpl(org.apache.cxf.message.MessageImpl) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 78 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class SAMLTokenRenewerPOPTest method renewValidSAML1AssertionWrongPOP.

/**
 * Renew a valid SAML1 Assertion
 */
@org.junit.Test
public void renewValidSAML1AssertionWrongPOP() throws Exception {
    // Create the Assertion
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50000, true, false);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    // Validate the Assertion
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(samlTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    // Renew the Assertion
    TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
    renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
    renewerParameters.setStsProperties(validatorParameters.getStsProperties());
    renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
    renewerParameters.setMessageContext(validatorParameters.getMessageContext());
    renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
    renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
    renewerParameters.setTokenStore(validatorParameters.getTokenStore());
    renewerParameters.setToken(validatorResponse.getToken());
    TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Expected failure on lack of proof of possession");
    } catch (Exception ex) {
    // expected
    }
    List<WSSecurityEngineResult> signedResults = new ArrayList<>();
    WSSecurityEngineResult signedResult = new WSSecurityEngineResult(WSConstants.SIGN);
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("myservicekey");
    signedResult.put(WSSecurityEngineResult.TAG_X509_CERTIFICATES, crypto.getX509Certificates(cryptoType));
    signedResults.add(signedResult);
    List<WSHandlerResult> handlerResults = new ArrayList<>();
    WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults, Collections.singletonMap(WSConstants.SIGN, signedResults));
    handlerResults.add(handlerResult);
    Map<String, Object> messageContext = validatorParameters.getMessageContext();
    messageContext.put(WSHandlerConstants.RECV_RESULTS, handlerResults);
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Expected failure on wrong signature key");
    } catch (Exception ex) {
    // expected
    }
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) Document(org.w3c.dom.Document) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) CryptoType(org.apache.wss4j.common.crypto.CryptoType) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)

Example 79 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class SAMLTokenRenewerPOPTest method createValidatorParameters.

private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
    TokenValidatorParameters parameters = new TokenValidatorParameters();
    TokenRequirements tokenRequirements = new TokenRequirements();
    parameters.setTokenRequirements(tokenRequirements);
    KeyRequirements keyRequirements = new KeyRequirements();
    parameters.setKeyRequirements(keyRequirements);
    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    parameters.setStsProperties(stsProperties);
    parameters.setTokenStore(tokenStore);
    return parameters;
}
Also used : TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 80 with TokenRequirements

use of org.apache.cxf.sts.request.TokenRequirements in project cxf by apache.

the class SAMLTokenRenewerRealmTest method createValidatorParameters.

private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
    TokenValidatorParameters parameters = new TokenValidatorParameters();
    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(STSConstants.STATUS);
    parameters.setTokenRequirements(tokenRequirements);
    KeyRequirements keyRequirements = new KeyRequirements();
    parameters.setKeyRequirements(keyRequirements);
    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS-2");
    parameters.setStsProperties(stsProperties);
    parameters.setTokenStore(tokenStore);
    return parameters;
}
Also used : TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) MessageImpl(org.apache.cxf.message.MessageImpl)

Aggregations

TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)116 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)79 Crypto (org.apache.wss4j.common.crypto.Crypto)67 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)65 KeyRequirements (org.apache.cxf.sts.request.KeyRequirements)63 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)55 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)54 MessageImpl (org.apache.cxf.message.MessageImpl)54 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)54 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)45 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)39 Document (org.w3c.dom.Document)33 Element (org.w3c.dom.Element)31 CallbackHandler (javax.security.auth.callback.CallbackHandler)29 STSException (org.apache.cxf.ws.security.sts.provider.STSException)18 Principal (java.security.Principal)16 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)16 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)15 TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)14 TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)12