Examples with RequestedSecurityTokenType org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType used on opensource projects

Example 56 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueSamlUnitTest method testIssueSaml1PublicKeyToken.

/**
 * Test to successfully issue a Saml 1.1 PublicKey token.
 */
@org.junit.Test
public void testIssueSaml1PublicKeyToken() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    providerList.add(new SAMLTokenProvider());
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML_TOKEN_TYPE);
    request.getAny().add(tokenType);
    JAXBElement<String> keyType = new JAXBElement<String>(QNameConstants.KEY_TYPE, String.class, STSConstants.PUBLIC_KEY_KEYTYPE);
    request.getAny().add(keyType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Issue a token
    try {
        issueOperation.issue(request, principal, msgCtx);
        fail("Failure expected on no certificate");
    } catch (STSException ex) {
    // expected failure on no certificate
    }
    // Now add UseKey
    UseKeyType useKey = createUseKey(crypto, "myclientkey");
    JAXBElement<UseKeyType> useKeyType = new JAXBElement<UseKeyType>(QNameConstants.USE_KEY, UseKeyType.class, useKey);
    request.getAny().add(useKeyType);
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
    assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
}

Example 57 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueSamlUnitTest method testIssueSaml2SymmetricKeyToken.

/**
 * Test to successfully issue a Saml2 SymmetricKey token.
 */
@org.junit.Test
public void testIssueSaml2SymmetricKeyToken() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    providerList.add(new SAMLTokenProvider());
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    JAXBElement<String> keyType = new JAXBElement<String>(QNameConstants.KEY_TYPE, String.class, STSConstants.SYMMETRIC_KEY_KEYTYPE);
    request.getAny().add(keyType);
    JAXBElement<String> computedKey = new JAXBElement<String>(QNameConstants.COMPUTED_KEY_ALGORITHM, String.class, STSConstants.COMPUTED_KEY_PSHA1);
    request.getAny().add(computedKey);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Now add Entropy
    BinarySecretType binarySecretType = new BinarySecretType();
    binarySecretType.setType(STSConstants.NONCE_TYPE);
    binarySecretType.setValue(WSSecurityUtil.generateNonce(256 / 8));
    JAXBElement<BinarySecretType> binarySecretTypeJaxb = new JAXBElement<BinarySecretType>(QNameConstants.BINARY_SECRET, BinarySecretType.class, binarySecretType);
    EntropyType entropyType = new EntropyType();
    entropyType.getAny().add(binarySecretTypeJaxb);
    JAXBElement<EntropyType> entropyJaxbType = new JAXBElement<EntropyType>(QNameConstants.ENTROPY, EntropyType.class, entropyType);
    request.getAny().add(entropyJaxbType);
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
    assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
}

Example 58 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueSamlUnitTest method testIssueSaml2SymmetricKeyTokenEncryptedKey.

/**
 * Test to successfully issue a Saml2 SymmetricKey token. Rather than using a Nonce as the Entropy,
 * a secret key is supplied by the client instead in an EncryptedKey structure.
 */
@org.junit.Test
public void testIssueSaml2SymmetricKeyTokenEncryptedKey() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    providerList.add(new SAMLTokenProvider());
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    JAXBElement<String> keyType = new JAXBElement<String>(QNameConstants.KEY_TYPE, String.class, STSConstants.SYMMETRIC_KEY_KEYTYPE);
    request.getAny().add(keyType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Now add Entropy
    Document doc = DOMUtils.createDocument();
    WSSecEncryptedKey builder = new WSSecEncryptedKey(doc);
    builder.setUserInfo("mystskey");
    builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
    builder.setKeyEncAlgo(WSS4JConstants.KEYTRANSPORT_RSAOAEP);
    builder.prepare(stsProperties.getSignatureCrypto());
    Element encryptedKeyElement = builder.getEncryptedKeyElement();
    byte[] secret = builder.getEphemeralKey();
    EntropyType entropyType = new EntropyType();
    entropyType.getAny().add(encryptedKeyElement);
    JAXBElement<EntropyType> entropyJaxbType = new JAXBElement<EntropyType>(QNameConstants.ENTROPY, EntropyType.class, entropyType);
    request.getAny().add(entropyJaxbType);
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
    assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
    // Test that the (encrypted) secret sent in Entropy was used in the SAML Subject KeyInfo
    SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(assertion);
    RequestData data = new RequestData();
    Properties properties = new Properties();
    properties.put("org.apache.wss4j.crypto.provider", "org.apache.wss4j.common.crypto.Merlin");
    properties.put("org.apache.wss4j.crypto.merlin.keystore.password", "sspass");
    properties.put("org.apache.wss4j.crypto.merlin.keystore.file", "keys/servicestore.jks");
    data.setDecCrypto(CryptoFactory.getInstance(properties));
    data.setCallbackHandler(new PasswordCallbackHandler());
    data.setWssConfig(WSSConfig.getNewInstance());
    data.setWsDocInfo(new WSDocInfo(assertion.getOwnerDocument()));
    assertionWrapper.parseSubject(new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto(), data.getCallbackHandler());
    SAMLKeyInfo samlKeyInfo = assertionWrapper.getSubjectKeyInfo();
    assertTrue(Arrays.equals(secret, samlKeyInfo.getSecret()));
}

Example 59 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueSamlUnitTest method testIssueEncryptedSaml2Token.

/**
 * Test to successfully issue an encrypted Saml 2 token.
 */
@org.junit.Test
public void testIssueEncryptedSaml2Token() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    providerList.add(new SAMLTokenProvider());
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    if (!unrestrictedPoliciesInstalled) {
        encryptionProperties.setEncryptionAlgorithm(WSS4JConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Issue a token
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertFalse(tokenString.contains("AttributeStatement"));
    assertFalse(tokenString.contains("alice"));
    assertTrue(tokenString.contains("EncryptedData"));
}

Example 60 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueSamlUnitTest method testIssueSaml2AppliesToURIToken.

/**
 * Test to successfully issue a Saml 2 token, submitting an AppliesTo URI Element, instead
 * of the usual EPR one.
 */
@org.junit.Test
public void testIssueSaml2AppliesToURIToken() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    providerList.add(new SAMLTokenProvider());
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToURIElement("http://dummy-service.com/dummy"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Issue a token
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}