Search in sources :

Example 91 with RequestSecurityTokenResponseType

use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType in project cxf by apache.

the class ValidateUnitTest method testValidateToken.

/**
 * Test to successfully validate a (dummy) token.
 */
@org.junit.Test
public void testValidateToken() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new DummyTokenValidator()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    ValidateTargetType validateTarget = new ValidateTargetType();
    JAXBElement<BinarySecurityTokenType> token = createToken();
    validateTarget.setAny(token);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, null, msgCtx);
    assertTrue(validateResponse(response));
}
Also used : RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 92 with RequestSecurityTokenResponseType

use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType in project cxf by apache.

the class ValidateX509TokenUnitTest method testValidateInvalidX509Token.

/**
 * Test to validate an invalid X.509 token
 */
@org.junit.Test
public void testValidateInvalidX509Token() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();
    // Add Token Validator
    validateOperation.setTokenValidators(Collections.singletonList(new X509TokenValidator()));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);
    // Create a BinarySecurityToken
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("eve");
    Crypto eveCrypto = CryptoFactory.getInstance(getEveCryptoProperties());
    X509Certificate[] certs = eveCrypto.getX509Certificates(cryptoType);
    assertTrue(certs != null && certs.length > 0);
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenType = createBinarySecurityToken(certs[0]);
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(binarySecurityTokenType);
    JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Validate a token
    RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
    assertFalse(validateResponse(response));
}
Also used : RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate) X509TokenValidator(org.apache.cxf.sts.token.validator.X509TokenValidator) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) ValidateTargetType(org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 93 with RequestSecurityTokenResponseType

use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType in project cxf by apache.

the class IssueEncryptedUnitTest method testEncryptionName.

/**
 * Test for various options relating to specifying a name for encryption
 */
@org.junit.Test
public void testEncryptionName() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);
    // Add Token Provider
    issueOperation.setTokenProviders(Collections.singletonList(new DummyTokenProvider()));
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    if (!unrestrictedPoliciesInstalled) {
        encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    // Issue a token - as no encryption name has been specified the token will not be encrypted
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertFalse(securityTokenResponse.isEmpty());
    encryptionProperties.setEncryptionName("myservicekey");
    service.setEncryptionProperties(encryptionProperties);
    // Issue a (encrypted) token
    response = issueOperation.issue(request, null, msgCtx);
    securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertFalse(securityTokenResponse.isEmpty());
}
Also used : ServiceMBean(org.apache.cxf.sts.service.ServiceMBean) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) StaticService(org.apache.cxf.sts.service.StaticService) RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType) Crypto(org.apache.wss4j.common.crypto.Crypto) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 94 with RequestSecurityTokenResponseType

use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType in project cxf by apache.

the class IssueEncryptedUnitTest method testConfiguredEncryptionAlgorithm.

/**
 * Test for various options relating to configuring an algorithm for encryption
 */
@org.junit.Test
public void testConfiguredEncryptionAlgorithm() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);
    // Add Token Provider
    issueOperation.setTokenProviders(Collections.singletonList(new DummyTokenProvider()));
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128);
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    // Issue a token - this should use a (new) default encryption algorithm as configured
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertFalse(securityTokenResponse.isEmpty());
    encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.KEYTRANSPORT_RSA15);
    try {
        issueOperation.issue(request, null, msgCtx);
        fail("Failure expected on a bad encryption algorithm");
    } catch (STSException ex) {
    // expected
    }
}
Also used : ServiceMBean(org.apache.cxf.sts.service.ServiceMBean) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) StaticService(org.apache.cxf.sts.service.StaticService) RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType) Crypto(org.apache.wss4j.common.crypto.Crypto) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) MessageImpl(org.apache.cxf.message.MessageImpl)

Example 95 with RequestSecurityTokenResponseType

use of org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType in project cxf by apache.

the class IssueEncryptedUnitTest method testConfiguredKeyIdentifiers.

/**
 * Test for various options relating to configuring a KeyIdentifier
 */
@org.junit.Test
public void testConfiguredKeyIdentifiers() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);
    // Add Token Provider
    issueOperation.setTokenProviders(Collections.singletonList(new DummyTokenProvider()));
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    if (!unrestrictedPoliciesInstalled) {
        encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128);
    }
    encryptionProperties.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    // Issue a token - use various KeyIdentifiers
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertFalse(securityTokenResponse.isEmpty());
    encryptionProperties.setKeyIdentifierType(WSConstants.SKI_KEY_IDENTIFIER);
    issueOperation.issue(request, null, msgCtx);
    encryptionProperties.setKeyIdentifierType(WSConstants.THUMBPRINT_IDENTIFIER);
    issueOperation.issue(request, null, msgCtx);
    encryptionProperties.setKeyIdentifierType(WSConstants.ENCRYPTED_KEY_SHA1_IDENTIFIER);
    issueOperation.issue(request, null, msgCtx);
    try {
        encryptionProperties.setKeyIdentifierType(WSConstants.BST);
        issueOperation.issue(request, null, msgCtx);
        fail("Failure expected on a bad key identifier");
    } catch (STSException ex) {
    // expected
    }
}
Also used : ServiceMBean(org.apache.cxf.sts.service.ServiceMBean) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) JAXBElement(javax.xml.bind.JAXBElement) StaticService(org.apache.cxf.sts.service.StaticService) RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType) Crypto(org.apache.wss4j.common.crypto.Crypto) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) MessageImpl(org.apache.cxf.message.MessageImpl)

Aggregations

RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)121 JAXBElement (javax.xml.bind.JAXBElement)101 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)95 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)86 MessageImpl (org.apache.cxf.message.MessageImpl)86 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)79 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)79 Crypto (org.apache.wss4j.common.crypto.Crypto)74 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)73 Element (org.w3c.dom.Element)72 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)63 RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)63 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)58 StaticService (org.apache.cxf.sts.service.StaticService)58 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)57 Principal (java.security.Principal)49 SecurityContext (org.apache.cxf.security.SecurityContext)49 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)40 Document (org.w3c.dom.Document)32 STSException (org.apache.cxf.ws.security.sts.provider.STSException)26