use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.
the class SAMLTokenRenewerPOPTest method createSAMLAssertion.
private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, long ttlMs, boolean allowRenewing, boolean allowRenewingAfterExpiry) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.PUBLIC_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
Renewing renewing = new Renewing();
renewing.setAllowRenewing(allowRenewing);
renewing.setAllowRenewingAfterExpiry(allowRenewingAfterExpiry);
providerParameters.getTokenRequirements().setRenewing(renewing);
if (ttlMs != 0) {
Lifetime lifetime = new Lifetime();
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
}
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element) providerResponse.getToken();
}
use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.
the class SAMLTokenRenewerPOPTest method createProviderParameters.
private TokenProviderParameters createProviderParameters(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
ReceivedKey receivedKey = new ReceivedKey();
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("myclientkey");
receivedKey.setX509Cert(crypto.getX509Certificates(cryptoType)[0]);
keyRequirements.setReceivedKey(receivedKey);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
parameters.setTokenStore(tokenStore);
return parameters;
}
use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.
the class SAMLTokenRenewerRealmTest method testRealmB.
/**
* Test a SAML 1.1 Assertion created in realm "B".
*/
@org.junit.Test
public void testRealmB() throws Exception {
// Create a RenewTarget consisting of a SAML Assertion
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new PasswordCallbackHandler();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, crypto, "mystskey", callbackHandler);
Element samlToken = createSAMLAssertion(providerParameters, "B", 50, true, true);
// Sleep to expire the token
Thread.sleep(100);
Document doc = samlToken.getOwnerDocument();
samlToken = (Element) doc.appendChild(samlToken);
TokenValidator samlTokenValidator = new SAMLTokenValidator();
SAMLRealmCodec samlRealmCodec = new IssuerSAMLRealmCodec();
((SAMLTokenValidator) samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
TokenValidatorParameters validatorParameters = createValidatorParameters();
ReceivedToken renewTarget = new ReceivedToken(samlToken);
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
tokenRequirements.setValidateTarget(renewTarget);
validatorParameters.setToken(renewTarget);
// Validate the token
TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
assertTrue(validatorResponse.getTokenRealm().equals("B"));
// Renew the Assertion
TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
renewerParameters.setStsProperties(validatorParameters.getStsProperties());
renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
renewerParameters.setMessageContext(validatorParameters.getMessageContext());
renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
renewerParameters.setTokenStore(validatorParameters.getTokenStore());
renewerParameters.setToken(validatorResponse.getToken());
TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
samlTokenRenewer.setVerifyProofOfPossession(false);
samlTokenRenewer.setAllowRenewalAfterExpiry(true);
Map<String, RealmProperties> samlRealms = getSamlRealms();
((SAMLTokenRenewer) samlTokenRenewer).setRealmMap(samlRealms);
String realm = validatorResponse.getTokenRealm();
assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm));
TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
assertTrue(renewerResponse != null);
assertTrue(renewerResponse.getToken() != null);
// Now validate it again
ReceivedToken validateTarget = new ReceivedToken(renewerResponse.getToken());
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
}
use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.
the class SAMLTokenRenewerRealmTest method testRealmA.
/**
* Test a SAML 1.1 Assertion created in realm "A".
*/
@org.junit.Test
public void testRealmA() throws Exception {
// Create a RenewTarget consisting of a SAML Assertion
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new PasswordCallbackHandler();
TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.WSS_SAML_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE, crypto, "mystskey", callbackHandler);
Element samlToken = createSAMLAssertion(providerParameters, "A", 50, true, true);
// Sleep to expire the token
Thread.sleep(100);
Document doc = samlToken.getOwnerDocument();
samlToken = (Element) doc.appendChild(samlToken);
TokenValidator samlTokenValidator = new SAMLTokenValidator();
SAMLRealmCodec samlRealmCodec = new IssuerSAMLRealmCodec();
((SAMLTokenValidator) samlTokenValidator).setSamlRealmCodec(samlRealmCodec);
TokenValidatorParameters validatorParameters = createValidatorParameters();
ReceivedToken renewTarget = new ReceivedToken(samlToken);
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
tokenRequirements.setValidateTarget(renewTarget);
validatorParameters.setToken(renewTarget);
// Validate the token
TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
assertTrue(validatorResponse.getTokenRealm().equals("A"));
// Renew the Assertion
TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
renewerParameters.setStsProperties(validatorParameters.getStsProperties());
renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
renewerParameters.setMessageContext(validatorParameters.getMessageContext());
renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
renewerParameters.setTokenStore(validatorParameters.getTokenStore());
renewerParameters.setToken(validatorResponse.getToken());
TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
samlTokenRenewer.setVerifyProofOfPossession(false);
samlTokenRenewer.setAllowRenewalAfterExpiry(true);
Map<String, RealmProperties> samlRealms = getSamlRealms();
((SAMLTokenRenewer) samlTokenRenewer).setRealmMap(samlRealms);
String realm = validatorResponse.getTokenRealm();
assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken(), realm));
TokenRenewerResponse renewerResponse = samlTokenRenewer.renewToken(renewerParameters);
assertTrue(renewerResponse != null);
assertTrue(renewerResponse.getToken() != null);
// Now validate it again
ReceivedToken validateTarget = new ReceivedToken(renewerResponse.getToken());
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
validatorResponse = samlTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
}
use of org.apache.cxf.sts.token.provider.TokenProviderParameters in project cxf by apache.
the class SAMLTokenRenewerTest method createSAMLAssertion.
private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, long ttlMs, boolean allowRenewing, boolean allowRenewingAfterExpiry) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
Renewing renewing = new Renewing();
renewing.setAllowRenewing(allowRenewing);
renewing.setAllowRenewingAfterExpiry(allowRenewingAfterExpiry);
providerParameters.getTokenRequirements().setRenewing(renewing);
if (ttlMs != 0) {
Lifetime lifetime = new Lifetime();
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
}
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element) providerResponse.getToken();
}
Aggregations