Example 1 with TokenValidatorParameters
use of org.apache.cxf.sts.token.validator.TokenValidatorParameters in project ddf by codice.
the class TestPKITokenValidator method testValidateAnyRealmToken.
@Test
public void testValidateAnyRealmToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "*");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(merlin);
when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
TokenValidatorResponse tokenValidatorResponse = pkiTokenValidator.validateToken(tokenValidatorParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
assertEquals("localhost@example.org", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 2 with TokenValidatorParameters
use of org.apache.cxf.sts.token.validator.TokenValidatorParameters in project ddf by codice.
the class TestPKITokenValidator method testNoValidateToken.
@Test
public void testNoValidateToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/badSignature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(badCertificates, "karaf");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(merlin);
when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
TokenValidatorResponse tokenValidatorResponse = pkiTokenValidator.validateToken(tokenValidatorParameters);
assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 3 with TokenValidatorParameters
use of org.apache.cxf.sts.token.validator.TokenValidatorParameters in project ddf by codice.
the class UPBSTValidatorTest method testValidateBadTokenCache.
@Test
public void testValidateBadTokenCache() {
UPBSTValidator upbstValidator = getUpbstValidator(new XmlParser(), meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(-1432225336);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
TokenValidatorResponse response = upbstValidator.validateToken(tokenParameters);
Assert.assertEquals(ReceivedToken.STATE.INVALID, response.getToken().getState());
verify(failedLoginDelayer, times(1)).delay(anyString());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Collection(java.util.Collection)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Test(org.junit.Test)
Example 4 with TokenValidatorParameters
use of org.apache.cxf.sts.token.validator.TokenValidatorParameters in project ddf by codice.
the class GuestValidatorTest method setup.
@Before
public void setup() {
validator = new GuestValidator();
validator.setSupportedRealm(Arrays.asList("DDF"));
GuestAuthenticationToken guestAuthenticationToken = new GuestAuthenticationToken("DDF", "127.0.0.1");
GuestAuthenticationToken guestAuthenticationTokenAnyRealm = new GuestAuthenticationToken("*", "127.0.0.1");
GuestAuthenticationToken guestAuthenticationTokenIpv6 = new GuestAuthenticationToken("*", "0:0:0:0:0:0:0:1");
GuestAuthenticationToken guestAuthenticationTokenIpv6Reachability = new GuestAuthenticationToken("*", "0:0:0:0:0:0:0:1%4");
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenType.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenType.setValue(guestAuthenticationToken.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenType);
BinarySecurityTokenType binarySecurityTokenTypeBadToken = new BinarySecurityTokenType();
binarySecurityTokenTypeBadToken.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeBadToken.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeBadToken.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeBadToken.setValue(Base64.getEncoder().encodeToString("NotGuest".getBytes()));
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementBadToken = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeBadToken);
BinarySecurityTokenType binarySecurityTokenTypeAnyRealm = new BinarySecurityTokenType();
binarySecurityTokenTypeAnyRealm.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeAnyRealm.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeAnyRealm.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeAnyRealm.setValue(guestAuthenticationTokenAnyRealm.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementAnyRealm = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeAnyRealm);
BinarySecurityTokenType binarySecurityTokenTypeIpv6 = new BinarySecurityTokenType();
binarySecurityTokenTypeIpv6.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeIpv6.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeIpv6.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeIpv6.setValue(guestAuthenticationTokenIpv6.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6 = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6);
BinarySecurityTokenType binarySecurityTokenTypeIpv6Reachability = new BinarySecurityTokenType();
binarySecurityTokenTypeIpv6Reachability.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeIpv6Reachability.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeIpv6Reachability.setId(GuestAuthenticationToken.BST_GUEST_LN);
binarySecurityTokenTypeIpv6Reachability.setValue(guestAuthenticationTokenIpv6Reachability.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6Reachability = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6Reachability);
receivedToken = new ReceivedToken(binarySecurityTokenElement);
receivedAnyRealmToken = new ReceivedToken(binarySecurityTokenElementAnyRealm);
receivedBadToken = new ReceivedToken(binarySecurityTokenElementBadToken);
receivedTokenIpv6 = new ReceivedToken(binarySecurityTokenElementIpv6);
receivedTokenIpv6Reachability = new ReceivedToken(binarySecurityTokenElementIpv6Reachability);
parameters = new TokenValidatorParameters();
parameters.setToken(receivedToken);
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
QName(javax.xml.namespace.QName)
JAXBElement(javax.xml.bind.JAXBElement)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Before(org.junit.Before)
Example 5 with TokenValidatorParameters
use of org.apache.cxf.sts.token.validator.TokenValidatorParameters in project ddf by codice.
the class GuestValidatorTest method testCanValidateIpv6Token.
@Test
public void testCanValidateIpv6Token() {
TokenValidatorParameters params = new TokenValidatorParameters();
params.setToken(receivedTokenIpv6);
TokenValidatorResponse response = validator.validateToken(params);
assertEquals(ReceivedToken.STATE.VALID, response.getToken().getState());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Test(org.junit.Test)
Aggregations
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)23
Test (org.junit.Test)21
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)20
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)18
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)13
Crypto (org.apache.wss4j.common.crypto.Crypto)10
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)9
XmlParser (org.codice.ddf.parser.xml.XmlParser)9
X509Certificate (java.security.cert.X509Certificate)5
HashSet (java.util.HashSet)5
X500Principal (javax.security.auth.x500.X500Principal)5
JAXBContext (javax.xml.bind.JAXBContext)5
JAXBException (javax.xml.bind.JAXBException)5
Unmarshaller (javax.xml.bind.Unmarshaller)5
JAXBContextCache (org.apache.cxf.common.jaxb.JAXBContextCache)5
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)5
RequestData (org.apache.wss4j.dom.handler.RequestData)5
Credential (org.apache.wss4j.dom.validate.Credential)5
JAASUsernameTokenValidator (org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)5
Collection (java.util.Collection)4
