Examples with STSException - org.apache.cxf.ws.security.sts.provider.STSException

Example 41 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SAMLProviderKeyTypeTest method testDefaultSaml1PublicKeyAssertion.

/**
 * Create a default Saml1 PublicKey Assertion.
 */
@org.junit.Test
public void testDefaultSaml1PublicKeyAssertion() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.SAML_NS, STSConstants.PUBLIC_KEY_KEYTYPE);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.SAML_NS));
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on no certificate");
    } catch (STSException ex) {
    // expected as no certificate is provided
    }
    // Now get a certificate and set it on the key requirements of the provider parameter
    Crypto crypto = providerParameters.getStsProperties().getEncryptionCrypto();
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("myclientkey");
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    ReceivedCredential receivedCredential = new ReceivedCredential();
    receivedCredential.setX509Cert(certs[0]);
    providerParameters.getKeyRequirements().setReceivedCredential(receivedCredential);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertFalse(tokenString.contains("AuthenticationStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
    assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
}

Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) Element(org.w3c.dom.Element) STSException(org.apache.cxf.ws.security.sts.provider.STSException) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate) ReceivedCredential(org.apache.cxf.sts.request.ReceivedCredential)

Example 42 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SAMLProviderKeyTypeTest method testDefaultSaml2PublicKeyAssertion.

/**
 * Create a default Saml2 PublicKey Assertion.
 */
@org.junit.Test
public void testDefaultSaml2PublicKeyAssertion() throws Exception {
    TokenProvider samlTokenProvider = new SAMLTokenProvider();
    TokenProviderParameters providerParameters = createProviderParameters(WSS4JConstants.SAML2_NS, STSConstants.PUBLIC_KEY_KEYTYPE);
    assertTrue(samlTokenProvider.canHandleToken(WSS4JConstants.SAML2_NS));
    try {
        samlTokenProvider.createToken(providerParameters);
        fail("Failure expected on no certificate");
    } catch (STSException ex) {
    // expected as no certificate is provided
    }
    // Now get a certificate and set it on the key requirements of the provider parameter
    Crypto crypto = providerParameters.getStsProperties().getEncryptionCrypto();
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("myclientkey");
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    ReceivedCredential receivedCredential = new ReceivedCredential();
    receivedCredential.setX509Cert(certs[0]);
    providerParameters.getKeyRequirements().setReceivedCredential(receivedCredential);
    TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
    assertNotNull(providerResponse);
    assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    Element token = (Element) providerResponse.getToken();
    String tokenString = DOM2Writer.nodeToString(token);
    assertTrue(tokenString.contains(providerResponse.getTokenId()));
    assertTrue(tokenString.contains("AttributeStatement"));
    assertFalse(tokenString.contains("AuthenticationStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
    assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
}

Example 43 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project cxf by apache.

the class SAMLTokenRenewerTest method renewTooFarExpiredSAML2Assertion.

/**
 * Renew an expired SAML2 Assertion that has expired greater than the maximum allowable time
 * for renewal.
 */
@org.junit.Test
public void renewTooFarExpiredSAML2Assertion() throws Exception {
    // Create the Assertion
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    // Sleep to expire the token
    Thread.sleep(1500);
    // Validate the Assertion
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(samlTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertNotNull(validatorResponse);
    assertNotNull(validatorResponse.getToken());
    assertTrue(validatorResponse.getToken().getState() == STATE.EXPIRED);
    // Renew the Assertion
    TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
    renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
    renewerParameters.setStsProperties(validatorParameters.getStsProperties());
    renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
    renewerParameters.setMessageContext(validatorParameters.getMessageContext());
    renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
    renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
    renewerParameters.setTokenStore(validatorParameters.getTokenStore());
    renewerParameters.setToken(validatorResponse.getToken());
    TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    samlTokenRenewer.setVerifyProofOfPossession(false);
    samlTokenRenewer.setAllowRenewalAfterExpiry(true);
    ((SAMLTokenRenewer) samlTokenRenewer).setMaxExpiry(1L);
    assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Failure expected as the token expired too long ago");
    } catch (STSException ex) {
    // Expected
    }
}

Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) Element(org.w3c.dom.Element) STSException(org.apache.cxf.ws.security.sts.provider.STSException) Document(org.w3c.dom.Document) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) TokenRequirements(org.apache.cxf.sts.request.TokenRequirements) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 44 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project OpenAM by OpenRock.

the class TokenCancellerBase method cancelToken.

@Override
public TokenCancellerResponse cancelToken(TokenCancellerParameters tokenParameters) {
    TokenCancellerResponse response = new TokenCancellerResponse();
    ReceivedToken cancelTarget = tokenParameters.getToken();
    cancelTarget.setState(ReceivedToken.STATE.VALID);
    response.setToken(cancelTarget);
    String tokenServiceConsumptionToken = null;
    try {
        final String tokenId = generateIdFromValidateTarget(cancelTarget);
        tokenServiceConsumptionToken = getTokenServiceConsumptionToken();
        tokenServiceConsumer.cancelToken(tokenId, tokenServiceConsumptionToken);
        cancelTarget.setState(ReceivedToken.STATE.CANCELLED);
        return response;
    } catch (TokenCancellationException e) {
        throw new STSException("Exception caught validating issued token: " + e.getMessage(), e);
    } finally {
        if (tokenServiceConsumptionToken != null) {
            invalidateTokenGenerationServiceConsumptionToken(tokenServiceConsumptionToken);
        }
    }
}

Also used : STSException(org.apache.cxf.ws.security.sts.provider.STSException) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenCancellationException(org.forgerock.openam.sts.TokenCancellationException) TokenCancellerResponse(org.apache.cxf.sts.token.canceller.TokenCancellerResponse)

Example 45 with STSException

use of org.apache.cxf.ws.security.sts.provider.STSException in project OpenAM by OpenRock.

the class SimpleTokenValidatorBase method validateToken.

@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
    TokenValidatorResponse response = new TokenValidatorResponse();
    ReceivedToken validateTarget = tokenParameters.getToken();
    response.setToken(validateTarget);
    String tokenServiceConsumptionToken = null;
    try {
        final String tokenId = generateIdFromValidateTarget(validateTarget);
        tokenServiceConsumptionToken = getTokenServiceConsumptionToken();
        final boolean isTokenValid = tokenServiceConsumer.validateToken(tokenId, tokenServiceConsumptionToken);
        validateTarget.setState(isTokenValid ? ReceivedToken.STATE.VALID : ReceivedToken.STATE.INVALID);
        return response;
    } catch (TokenValidationException e) {
        throw new STSException("Exception caught validating issued token: " + e.getMessage(), e);
    } finally {
        if (tokenServiceConsumptionToken != null) {
            invalidateTokenGenerationServiceConsumptionToken(tokenServiceConsumptionToken);
        }
    }
}

Also used : STSException(org.apache.cxf.ws.security.sts.provider.STSException) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenValidationException(org.forgerock.openam.sts.TokenValidationException)

Aggregations

STSException (org.apache.cxf.ws.security.sts.provider.STSException)87 Element (org.w3c.dom.Element)33 Crypto (org.apache.wss4j.common.crypto.Crypto)31 JAXBElement (javax.xml.bind.JAXBElement)30 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)26 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)26 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)26 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)25 MessageImpl (org.apache.cxf.message.MessageImpl)25 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)24 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)24 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)21 StaticService (org.apache.cxf.sts.service.StaticService)20 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)18 Document (org.w3c.dom.Document)18 Principal (java.security.Principal)14 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)14 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)14 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)13 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)13