use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.
the class AuthorizationGrantNegativeTest method testSAMLHolderOfKey.
@org.junit.Test
public void testSAMLHolderOfKey() throws Exception {
URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
// Create the SAML Assertion
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
samlCallbackHandler.setAudience(address + "token");
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
String assertion = samlAssertion.assertionToString();
// Get Access Token
client.type("application/x-www-form-urlencoded").accept("application/json");
client.path("token");
Form form = new Form();
form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
form.param("assertion", Base64UrlUtility.encode(assertion));
form.param("client_id", "consumer-id");
try {
Response response = client.post(form);
response.readEntity(ClientAccessToken.class);
fail("Failure expected on an incorrect subject confirmation method");
} catch (Exception ex) {
// expected
}
}
use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.
the class AuthorizationGrantNegativeTest method testSAMLUnauthenticatedSignature.
@org.junit.Test
public void testSAMLUnauthenticatedSignature() throws Exception {
URL busFile = AuthorizationGrantNegativeTest.class.getResource("client.xml");
String address = "https://localhost:" + port + "/services/";
WebClient client = WebClient.create(address, OAuth2TestUtils.setupProviders(), "alice", "security", busFile.toString());
// Create the SAML Assertion
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
samlCallbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
samlCallbackHandler.setAudience(address + "token");
samlCallbackHandler.setIssuerKeyName("smallkey");
samlCallbackHandler.setIssuerKeyPassword("security");
samlCallbackHandler.setCryptoPropertiesFile("org/apache/cxf/systest/jaxrs/security/smallkey.properties");
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
String assertion = samlAssertion.assertionToString();
// Get Access Token
client.type("application/x-www-form-urlencoded").accept("application/json");
client.path("token");
Form form = new Form();
form.param("grant_type", "urn:ietf:params:oauth:grant-type:saml2-bearer");
form.param("assertion", Base64UrlUtility.encode(assertion));
form.param("client_id", "consumer-id");
try {
Response response = client.post(form);
response.readEntity(ClientAccessToken.class);
fail("Failure expected on an incorrect subject confirmation method");
} catch (Exception ex) {
// expected
}
}
use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.
the class JAXRSOAuth2Test method testSAMLBadSubjectName.
@Test
public void testSAMLBadSubjectName() throws Exception {
String address = "https://localhost:" + port + "/oauth2-auth/token";
WebClient wc = createWebClient(address);
String audienceURI = "https://localhost:" + port + "/oauth2-auth/token";
// Create the SAML Assertion
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
samlCallbackHandler.setSubjectName("bob");
samlCallbackHandler.setAudience(audienceURI);
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
if (samlCallback.isSignAssertion()) {
samlAssertion.signAssertion(samlCallback.getIssuerKeyName(), samlCallback.getIssuerKeyPassword(), samlCallback.getIssuerCrypto(), samlCallback.isSendKeyValue(), samlCallback.getCanonicalizationAlgorithm(), samlCallback.getSignatureAlgorithm());
}
String assertion = samlAssertion.assertionToString();
String encodedAssertion = Base64UrlUtility.encode(assertion);
Map<String, String> extraParams = new HashMap<>();
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);
try {
OAuthClientUtils.getAccessToken(wc, new CustomGrant(), extraParams);
fail("Failure expected on a bad subject name");
} catch (OAuthServiceException ex) {
// expected
}
}
use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.
the class JAXRSOAuth2Test method testSAML2BearerGrant.
@Test
public void testSAML2BearerGrant() throws Exception {
String address = "https://localhost:" + port + "/oauth2/token";
WebClient wc = createWebClient(address);
Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(false);
String audienceURI = "https://localhost:" + port + "/oauth2/token";
samlCallbackHandler.setAudience(audienceURI);
SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(samlCallbackHandler, signInfo);
Document doc = DOMUtils.newDocument();
Element assertionElement = assertionWrapper.toDOM(doc);
String assertion = DOM2Writer.nodeToString(assertionElement);
Saml2BearerGrant grant = new Saml2BearerGrant(assertion);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc, new Consumer("alice", "alice"), grant, false);
assertNotNull(at.getTokenKey());
}
use of org.apache.cxf.systest.jaxrs.security.oauth2.common.SamlCallbackHandler in project cxf by apache.
the class JAXRSOAuth2Test method createWebClientWithProps.
private WebClient createWebClientWithProps(String address) {
JAXRSClientFactoryBean bean = new JAXRSClientFactoryBean();
bean.setAddress(address);
SpringBusFactory bf = new SpringBusFactory();
URL busFile = JAXRSOAuth2Test.class.getResource("client.xml");
Bus springBus = bf.createBus(busFile.toString());
bean.setBus(springBus);
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.CALLBACK_HANDLER, "org.apache.cxf.systest.jaxrs.security.saml.KeystorePasswordCallback");
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
samlCallbackHandler.setIssuer("alice");
String audienceURI = "https://localhost:" + port + "/oauth2-auth/token";
samlCallbackHandler.setAudience(audienceURI);
properties.put(SecurityConstants.SAML_CALLBACK_HANDLER, samlCallbackHandler);
properties.put(SecurityConstants.SIGNATURE_USERNAME, "alice");
properties.put(SecurityConstants.SIGNATURE_PROPERTIES, CRYPTO_RESOURCE_PROPERTIES);
bean.setProperties(properties);
bean.getOutInterceptors().add(new Saml2BearerAuthOutInterceptor());
WebClient wc = bean.createWebClient();
wc.type(MediaType.APPLICATION_FORM_URLENCODED).accept(MediaType.APPLICATION_JSON);
return wc;
}
Aggregations