Examples with STSException org.apache.cxf.ws.security.sts.provider.STSException used on opensource projects

Search in sources :

Example 66 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class CustomUsernameTokenProvider method createToken.

public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
    try {
        Document doc = DOMUtils.getEmptyDocument();
        // Mock up a UsernameToken
        UsernameToken usernameToken = new UsernameToken(true, doc, WSS4JConstants.PASSWORD_TEXT);
        usernameToken.setName("alice");
        usernameToken.setPassword("password");
        String id = "UT-1234";
        usernameToken.addWSSENamespace();
        usernameToken.addWSUNamespace();
        usernameToken.setID(id);
        TokenProviderResponse response = new TokenProviderResponse();
        response.setToken(usernameToken.getElement());
        response.setTokenId(id);
        // Store the token in the cache
        if (tokenParameters.getTokenStore() != null) {
            SecurityToken securityToken = new SecurityToken(usernameToken.getID());
            securityToken.setToken(usernameToken.getElement());
            int hashCode = usernameToken.hashCode();
            String identifier = Integer.toString(hashCode);
            securityToken.setTokenHash(hashCode);
            tokenParameters.getTokenStore().add(identifier, securityToken);
        }
        return response;
    } catch (Exception e) {
        e.printStackTrace();
        throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
    }
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken) STSException(org.apache.cxf.ws.security.sts.provider.STSException) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) Document(org.w3c.dom.Document) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 67 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SCTSAMLTokenProvider method createToken.

/**
 * Create a token given a TokenProviderParameters
 */
public TokenProviderResponse createToken(TokenProviderParameters tokenParameters) {
    testKeyType(tokenParameters);
    byte[] entropyBytes = null;
    long keySize = 0;
    boolean computedKey = false;
    KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
    TokenRequirements tokenRequirements = tokenParameters.getTokenRequirements();
    LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
    keyRequirements.setKeyType(STSConstants.SYMMETRIC_KEY_KEYTYPE);
    byte[] secret = (byte[]) tokenParameters.getAdditionalProperties().get(SCTValidator.SCT_VALIDATOR_SECRET);
    try {
        Document doc = DOMUtils.createDocument();
        SamlAssertionWrapper assertion = createSamlToken(tokenParameters, secret, doc);
        Element token = assertion.toDOM(doc);
        TokenProviderResponse response = new TokenProviderResponse();
        response.setToken(token);
        String tokenType = tokenRequirements.getTokenType();
        if (WSS4JConstants.WSS_SAML2_TOKEN_TYPE.equals(tokenType) || WSS4JConstants.SAML2_NS.equals(tokenType)) {
            response.setTokenId(token.getAttributeNS(null, "ID"));
        } else {
            response.setTokenId(token.getAttributeNS(null, "AssertionID"));
        }
        response.setCreated(assertion.getNotBefore());
        response.setExpires(assertion.getNotOnOrAfter());
        response.setEntropy(entropyBytes);
        if (keySize > 0) {
            response.setKeySize(keySize);
        }
        response.setComputedKey(computedKey);
        return response;
    } catch (Exception e) {
        LOG.log(Level.WARNING, "", e);
        throw new STSException("Can't serialize SAML assertion", e, STSException.REQUEST_FAILED);
    }
}
Also used : TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) STSException(org.apache.cxf.ws.security.sts.provider.STSException) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) TokenProviderResponse(org.apache.cxf.sts.token.provider.TokenProviderResponse) Document(org.w3c.dom.Document) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 68 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class AbstractOperation method parseRequest.

/**
 * Check the arguments from the STSProvider and parse the request.
 */
protected RequestRequirements parseRequest(RequestSecurityTokenType request, Map<String, Object> messageContext) {
    if (messageContext == null) {
        throw new STSException("No message context found");
    }
    if (stsProperties == null) {
        throw new STSException("No STSProperties object found");
    }
    stsProperties.configureProperties();
    RequestParser requestParser = new RequestParser();
    requestParser.setAllowCustomContent(allowCustomContent);
    return requestParser.parseRequest(request, messageContext, stsProperties, claimsManager.getClaimParsers());
}
Also used : RequestParser(org.apache.cxf.sts.request.RequestParser) STSException(org.apache.cxf.ws.security.sts.provider.STSException)

Example 69 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class AbstractOperation method encryptSecret.

/**
 * Encrypt a secret using the given arguments producing a DOM EncryptedKey element
 */
protected Element encryptSecret(byte[] secret, EncryptionProperties encryptionProperties, KeyRequirements keyRequirements) throws WSSecurityException {
    String name = encryptionProperties.getEncryptionName();
    if (name == null) {
        name = stsProperties.getEncryptionUsername();
    }
    if (name == null) {
        throw new STSException("No encryption alias is configured", STSException.REQUEST_FAILED);
    }
    // Get the key-wrap algorithm to use
    String keyWrapAlgorithm = keyRequirements.getKeywrapAlgorithm();
    if (keyWrapAlgorithm == null) {
        // If none then default to what is configured
        keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
    } else {
        List<String> supportedAlgorithms = encryptionProperties.getAcceptedKeyWrapAlgorithms();
        if (!supportedAlgorithms.contains(keyWrapAlgorithm)) {
            keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("KeyWrapAlgorithm not supported, defaulting to: " + keyWrapAlgorithm);
            }
        }
    }
    Document doc = DOMUtils.getEmptyDocument();
    WSSecEncryptedKey builder = new WSSecEncryptedKey(doc);
    builder.setUserInfo(name);
    builder.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
    builder.setKeyEncAlgo(keyWrapAlgorithm);
    final SecretKey symmetricKey;
    if (secret != null) {
        symmetricKey = KeyUtils.prepareSecretKey(encryptionProperties.getEncryptionAlgorithm(), secret);
    } else {
        KeyGenerator keyGen = KeyUtils.getKeyGenerator(encryptionProperties.getEncryptionAlgorithm());
        symmetricKey = keyGen.generateKey();
    }
    builder.prepare(stsProperties.getEncryptionCrypto(), symmetricKey);
    return builder.getEncryptedKeyElement();
}
Also used : SecretKey(javax.crypto.SecretKey) WSSecEncryptedKey(org.apache.wss4j.dom.message.WSSecEncryptedKey) STSException(org.apache.cxf.ws.security.sts.provider.STSException) Document(org.w3c.dom.Document) KeyGenerator(javax.crypto.KeyGenerator)

Example 70 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class TokenCancelOperation method cancel.

public RequestSecurityTokenResponseType cancel(RequestSecurityTokenType request, Principal principal, Map<String, Object> messageContext) {
    long start = System.currentTimeMillis();
    TokenCancellerParameters cancellerParameters = new TokenCancellerParameters();
    try {
        RequestRequirements requestRequirements = parseRequest(request, messageContext);
        KeyRequirements keyRequirements = requestRequirements.getKeyRequirements();
        TokenRequirements tokenRequirements = requestRequirements.getTokenRequirements();
        cancellerParameters.setStsProperties(stsProperties);
        cancellerParameters.setPrincipal(principal);
        cancellerParameters.setMessageContext(messageContext);
        cancellerParameters.setTokenStore(getTokenStore());
        cancellerParameters.setKeyRequirements(keyRequirements);
        cancellerParameters.setTokenRequirements(tokenRequirements);
        ReceivedToken cancelTarget = tokenRequirements.getCancelTarget();
        if (cancelTarget == null || cancelTarget.getToken() == null) {
            throw new STSException("No element presented for cancellation", STSException.INVALID_REQUEST);
        }
        cancellerParameters.setToken(cancelTarget);
        if (tokenRequirements.getTokenType() == null) {
            tokenRequirements.setTokenType(STSConstants.STATUS);
            LOG.fine("Received TokenType is null, falling back to default token type: " + STSConstants.STATUS);
        }
        // 
        // Cancel token
        // 
        TokenCancellerResponse tokenResponse = null;
        for (TokenCanceller tokenCanceller : tokencancellers) {
            if (tokenCanceller.canHandleToken(cancelTarget)) {
                try {
                    tokenResponse = tokenCanceller.cancelToken(cancellerParameters);
                } catch (RuntimeException ex) {
                    LOG.log(Level.WARNING, "", ex);
                    throw new STSException("Error while cancelling a token", ex, STSException.REQUEST_FAILED);
                }
                break;
            }
        }
        if (tokenResponse == null || tokenResponse.getToken() == null) {
            LOG.fine("No Token Canceller has been found that can handle this token");
            throw new STSException("No token canceller found for requested token type: " + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
        }
        if (tokenResponse.getToken().getState() != STATE.CANCELLED) {
            LOG.log(Level.WARNING, "Token cancellation failed.");
            throw new STSException("Token cancellation failed.");
        }
        // prepare response
        try {
            RequestSecurityTokenResponseType response = createResponse(tokenRequirements);
            STSCancelSuccessEvent event = new STSCancelSuccessEvent(cancellerParameters, System.currentTimeMillis() - start);
            publishEvent(event);
            cleanRequest(requestRequirements);
            return response;
        } catch (Throwable ex) {
            LOG.log(Level.WARNING, "", ex);
            throw new STSException("Error in creating the response", ex, STSException.REQUEST_FAILED);
        }
    } catch (RuntimeException ex) {
        STSCancelFailureEvent event = new STSCancelFailureEvent(cancellerParameters, System.currentTimeMillis() - start, ex);
        publishEvent(event);
        throw ex;
    }
}
Also used : TokenCancellerParameters(org.apache.cxf.sts.token.canceller.TokenCancellerParameters) RequestRequirements(org.apache.cxf.sts.request.RequestRequirements) STSException(org.apache.cxf.ws.security.sts.provider.STSException) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) STSCancelSuccessEvent(org.apache.cxf.sts.event.STSCancelSuccessEvent) TokenCancellerResponse(org.apache.cxf.sts.token.canceller.TokenCancellerResponse) STSCancelFailureEvent(org.apache.cxf.sts.event.STSCancelFailureEvent) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) KeyRequirements(org.apache.cxf.sts.request.KeyRequirements) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenCanceller(org.apache.cxf.sts.token.canceller.TokenCanceller)

Aggregations

STSException (org.apache.cxf.ws.security.sts.provider.STSException)87 Element (org.w3c.dom.Element)33 Crypto (org.apache.wss4j.common.crypto.Crypto)31 JAXBElement (javax.xml.bind.JAXBElement)30 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)26 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)26 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)26 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)25 MessageImpl (org.apache.cxf.message.MessageImpl)25 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)24 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)24 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)21 StaticService (org.apache.cxf.sts.service.StaticService)20 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)18 Document (org.w3c.dom.Document)18 Principal (java.security.Principal)14 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)14 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)14 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)13 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial