Search in sources :

Example 46 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class SCTValidatorTest method testValidSecurityContextToken.

/**
 * Test a valid SecurityContextToken
 */
@org.junit.Test
public void testValidSecurityContextToken() throws Exception {
    TokenValidator sctValidator = new SCTValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    // Create a ValidateTarget consisting of a SecurityContextToken
    TokenProviderResponse providerResponse = getSecurityContextToken();
    ReceivedToken validateTarget = new ReceivedToken(providerResponse.getToken());
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(sctValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = sctValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    assertTrue(validatorResponse.getAdditionalProperties().get(SCTValidator.SCT_VALIDATOR_SECRET) != null);
    assertTrue(validatorResponse.getPrincipal().getName().equals("alice"));
    // Now remove the SCT from the cache
    tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
    assertNull(tokenStore.getToken(providerResponse.getTokenId()));
    validatorResponse = sctValidator.validateToken(validatorParameters);
    assertTrue(validatorResponse != null);
    assertTrue(validatorResponse.getToken() != null);
    assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Also used : TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 47 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class CustomUsernameTokenProvider method createToken.

public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
    try {
        Document doc = DOMUtils.getEmptyDocument();
        // Mock up a UsernameToken
        UsernameToken usernameToken = new UsernameToken(true, doc, WSS4JConstants.PASSWORD_TEXT);
        usernameToken.setName("alice");
        usernameToken.setPassword("password");
        String id = "UT-1234";
        usernameToken.addWSSENamespace();
        usernameToken.addWSUNamespace();
        usernameToken.setID(id);
        TokenProviderResponse response = new TokenProviderResponse();
        response.setToken(usernameToken.getElement());
        response.setTokenId(id);
        // Store the token in the cache
        if (tokenParameters.getTokenStore() != null) {
            SecurityToken securityToken = new SecurityToken(usernameToken.getID());
            securityToken.setToken(usernameToken.getElement());
            int hashCode = usernameToken.hashCode();
            String identifier = Integer.toString(hashCode);
            securityToken.setTokenHash(hashCode);
            tokenParameters.getTokenStore().add(identifier, securityToken);
        }
        return response;
    } catch (Exception e) {
        e.printStackTrace();
        throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
    }
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) STSException(org.apache.cxf.ws.security.sts.provider.STSException) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) Document(org.w3c.dom.Document) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 48 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class SCTSAMLTokenProvider method createToken.

/**
 * Create a token given a TokenProviderParameters
 */
public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
    testKeyType(tokenParameters);
    byte[] secret = null;
    byte[] entropyBytes = null;
    long keySize = 0;
    boolean computedKey = false;
    KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
    TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
    LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
    keyRequirements.setKeyType(STSConstants.SYMMETRIC_KEY_KEYTYPE);
    secret = (byte[]) tokenParameters.getAdditionalProperties().get(SCTValidator.SCT_VALIDATOR_SECRET);
    try {
        Document doc = DOMUtils.createDocument();
        SamlAssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
        Element token = assertion.toDOM(doc);
        TokenProviderResponse response = new TokenProviderResponse();
        response.setToken(token);
        String tokenType = tokenRequirements.getTokenType();
        if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
            response.setTokenId(token.getAttributeNS(null, "ID"));
        } else {
            response.setTokenId(token.getAttributeNS(null, "AssertionID"));
        }
        response.setCreated(assertion.getNotBefore());
        response.setExpires(assertion.getNotOnOrAfter());
        response.setEntropy(entropyBytes);
        if (keySize > 0) {
            response.setKeySize(keySize);
        }
        response.setComputedKey(computedKey);
        return response;
    } catch (Exception e) {
        LOG.log(Level.WARNING, "", e);
        throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
    }
}
Also used : TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) STSException(org.apache.cxf.ws.security.sts.provider.STSException) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) Document(org.w3c.dom.Document) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 49 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class SAMLDelegationTest method createSAMLAssertion.

/*
     * Mock up an SAML assertion element
     */
private Element createSAMLAssertion(String tokenType, String keyType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, String user, String issuer) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, keyType, crypto, signatureUsername, callbackHandler, user, issuer);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) Element(org.w3c.dom.Element) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Example 50 with TokenProviderResponse

use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.

the class SAMLDelegationTest method createUnsignedSAMLAssertion.

private Element createUnsignedSAMLAssertion(String tokenType, String keyType, String user, String issuer) throws WSSecurityException {
    SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
    samlTokenProvider.setSignToken(false);
    TokenProviderParameters providerParameters = createProviderParameters(tokenType, keyType, null, null, null, user, issuer);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertTrue(providerResponse != null);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    return (Element) providerResponse.getToken();
}
Also used : SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) Element(org.w3c.dom.Element) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) TokenProviderParameters(org.apache.cxf.sts.token.provider.TokenProviderParameters)

Aggregations

TokenProviderResponse (org.apache.cxf.sts.token.provider.TokenProviderResponse)51 TokenProviderParameters (org.apache.cxf.sts.token.provider.TokenProviderParameters)35 Element (org.w3c.dom.Element)31 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)25 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)22 JAXBElement (javax.xml.bind.JAXBElement)14 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)14 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)13 JWTTokenProvider (org.apache.cxf.sts.token.provider.jwt.JWTTokenProvider)12 JWTTokenValidator (org.apache.cxf.sts.token.validator.jwt.JWTTokenValidator)11 Principal (java.security.Principal)10 ArrayList (java.util.ArrayList)10 STSException (org.apache.cxf.ws.security.sts.provider.STSException)10 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)9 Instant (java.time.Instant)7 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)7 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)7 Document (org.w3c.dom.Document)7 Claim (org.apache.cxf.rt.security.claims.Claim)6 ClaimCollection (org.apache.cxf.rt.security.claims.ClaimCollection)6