use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.
the class SAMLTokenRenewerLifetimeTest method createSAMLAssertion.
private Element createSAMLAssertion(String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler, long ttlMs, boolean allowRenewing, boolean allowRenewingAfterExpiry) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters = createProviderParameters(tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler);
Renewing renewing = new Renewing();
renewing.setAllowRenewing(allowRenewing);
renewing.setAllowRenewingAfterExpiry(allowRenewingAfterExpiry);
providerParameters.getTokenRequirements().setRenewing(renewing);
if (ttlMs != 0) {
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
}
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element) providerResponse.getToken();
}
use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.
the class JWTTokenValidatorRealmTest method testRealmB.
@org.junit.Test
public void testRealmB() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
((JWTTokenProvider) jwtTokenProvider).setRealmMap(getRealms());
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setRealm("B");
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
// Validate the token - no realm is returned
TokenValidator jwtTokenValidator = new JWTTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
assertNull(validatorResponse.getTokenRealm());
// Now set the JWTRealmCodec implementation on the Validator
((JWTTokenValidator) jwtTokenValidator).setRealmCodec(new IssuerJWTRealmCodec());
validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
assertTrue(validatorResponse.getTokenRealm().equals("B"));
Principal principal = validatorResponse.getPrincipal();
assertTrue(principal != null && principal.getName() != null);
}
use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.
the class JWTTokenValidatorRealmTest method testRealmA.
@org.junit.Test
public void testRealmA() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
((JWTTokenProvider) jwtTokenProvider).setRealmMap(getRealms());
TokenProviderParameters providerParameters = createProviderParameters();
providerParameters.setRealm("A");
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
// Validate the token - no realm is returned
TokenValidator jwtTokenValidator = new JWTTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
assertNull(validatorResponse.getTokenRealm());
// Now set the JWTRealmCodec implementation on the Validator
((JWTTokenValidator) jwtTokenValidator).setRealmCodec(new IssuerJWTRealmCodec());
validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
assertTrue(validatorResponse.getTokenRealm().equals("A"));
Principal principal = validatorResponse.getPrincipal();
assertTrue(principal != null && principal.getName() != null);
}
use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.
the class JWTTokenValidatorTest method testInvalidSignature.
@org.junit.Test
public void testInvalidSignature() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
TokenProviderParameters providerParameters = createProviderParameters();
Crypto crypto = CryptoFactory.getInstance(getEveCryptoProperties());
CallbackHandler callbackHandler = new EveCallbackHandler();
providerParameters.getStsProperties().setSignatureCrypto(crypto);
providerParameters.getStsProperties().setCallbackHandler(callbackHandler);
providerParameters.getStsProperties().setSignatureUsername("eve");
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
// Validate the token
TokenValidator jwtTokenValidator = new JWTTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
use of org.apache.cxf.sts.token.provider.TokenProviderResponse in project cxf by apache.
the class JWTTokenValidatorTest method testChangedSignature.
@org.junit.Test
public void testChangedSignature() throws Exception {
// Create
TokenProvider jwtTokenProvider = new JWTTokenProvider();
((JWTTokenProvider) jwtTokenProvider).setSignToken(true);
DefaultJWTClaimsProvider jwtClaimsProvider = new DefaultJWTClaimsProvider();
jwtClaimsProvider.setLifetime(1L);
((JWTTokenProvider) jwtTokenProvider).setJwtClaimsProvider(jwtClaimsProvider);
TokenProviderParameters providerParameters = createProviderParameters();
assertTrue(jwtTokenProvider.canHandleToken(JWTTokenProvider.JWT_TOKEN_TYPE));
TokenProviderResponse providerResponse = jwtTokenProvider.createToken(providerParameters);
assertTrue(providerResponse != null);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
String token = (String) providerResponse.getToken();
// Change the signature
token += "blah";
assertNotNull(token);
assertTrue(token.split("\\.").length == 3);
Thread.sleep(1500L);
// Validate the token
TokenValidator jwtTokenValidator = new JWTTokenValidator();
TokenValidatorParameters validatorParameters = createValidatorParameters();
TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
// Create a ValidateTarget consisting of a JWT Token
ReceivedToken validateTarget = new ReceivedToken(createTokenWrapper(token));
tokenRequirements.setValidateTarget(validateTarget);
validatorParameters.setToken(validateTarget);
assertTrue(jwtTokenValidator.canHandleToken(validateTarget));
TokenValidatorResponse validatorResponse = jwtTokenValidator.validateToken(validatorParameters);
assertTrue(validatorResponse != null);
assertTrue(validatorResponse.getToken() != null);
assertTrue(validatorResponse.getToken().getState() == STATE.INVALID);
}
Aggregations