Examples with RequestedSecurityTokenType org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType used on opensource projects

Example 36 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class TokenIssueOperation method createResponse.

protected RequestSecurityTokenResponseType createResponse(EncryptionProperties encryptionProperties, TokenProviderResponse tokenResponse, TokenRequirements tokenRequirements, KeyRequirements keyRequirements) throws WSSecurityException {
    RequestSecurityTokenResponseType response = QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
    String context = tokenRequirements.getContext();
    if (context != null) {
        response.setContext(context);
    }
    // TokenType
    JAXBElement<String> jaxbTokenType = QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenRequirements.getTokenType());
    response.getAny().add(jaxbTokenType);
    // RequestedSecurityToken
    RequestedSecurityTokenType requestedTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
    JAXBElement<RequestedSecurityTokenType> requestedToken = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(requestedTokenType);
    tokenWrapper.wrapToken(tokenResponse.getToken(), requestedTokenType);
    response.getAny().add(requestedToken);
    if (returnReferences) {
        // RequestedAttachedReference
        TokenReference attachedReference = tokenResponse.getAttachedReference();
        RequestedReferenceType requestedAttachedReferenceType = null;
        if (attachedReference != null) {
            requestedAttachedReferenceType = createRequestedReference(attachedReference, true);
        } else {
            requestedAttachedReferenceType = createRequestedReference(tokenResponse.getTokenId(), tokenRequirements.getTokenType(), true);
        }
        JAXBElement<RequestedReferenceType> requestedAttachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(requestedAttachedReferenceType);
        response.getAny().add(requestedAttachedReference);
        // RequestedUnattachedReference
        TokenReference unAttachedReference = tokenResponse.getUnAttachedReference();
        RequestedReferenceType requestedUnattachedReferenceType = null;
        if (unAttachedReference != null) {
            requestedUnattachedReferenceType = createRequestedReference(unAttachedReference, false);
        } else {
            requestedUnattachedReferenceType = createRequestedReference(tokenResponse.getTokenId(), tokenRequirements.getTokenType(), false);
        }
        JAXBElement<RequestedReferenceType> requestedUnattachedReference = QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(requestedUnattachedReferenceType);
        response.getAny().add(requestedUnattachedReference);
    }
    // AppliesTo
    response.getAny().add(tokenRequirements.getAppliesTo());
    // RequestedProofToken
    if (tokenResponse.isComputedKey() && keyRequirements.getComputedKeyAlgorithm() != null) {
        JAXBElement<String> computedKey = QNameConstants.WS_TRUST_FACTORY.createComputedKey(keyRequirements.getComputedKeyAlgorithm());
        RequestedProofTokenType requestedProofTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedProofTokenType();
        requestedProofTokenType.setAny(computedKey);
        JAXBElement<RequestedProofTokenType> requestedProofToken = QNameConstants.WS_TRUST_FACTORY.createRequestedProofToken(requestedProofTokenType);
        response.getAny().add(requestedProofToken);
    } else if (tokenResponse.getEntropy() != null) {
        Object token = constructSecretToken(tokenResponse.getEntropy(), encryptionProperties, keyRequirements);
        RequestedProofTokenType requestedProofTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedProofTokenType();
        requestedProofTokenType.setAny(token);
        JAXBElement<RequestedProofTokenType> requestedProofToken = QNameConstants.WS_TRUST_FACTORY.createRequestedProofToken(requestedProofTokenType);
        response.getAny().add(requestedProofToken);
    }
    // Entropy
    if (tokenResponse.isComputedKey() && tokenResponse.getEntropy() != null) {
        Object token = constructSecretToken(tokenResponse.getEntropy(), encryptionProperties, keyRequirements);
        EntropyType entropyType = QNameConstants.WS_TRUST_FACTORY.createEntropyType();
        entropyType.getAny().add(token);
        JAXBElement<EntropyType> entropyElement = QNameConstants.WS_TRUST_FACTORY.createEntropy(entropyType);
        response.getAny().add(entropyElement);
    }
    // Lifetime
    if (includeLifetimeElement) {
        LifetimeType lifetime = createLifetime(tokenResponse.getCreated(), tokenResponse.getExpires());
        JAXBElement<LifetimeType> lifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetime(lifetime);
        response.getAny().add(lifetimeType);
    }
    // KeySize
    long keySize = tokenResponse.getKeySize();
    if (keySize <= 0) {
        keySize = keyRequirements.getKeySize();
    }
    if (keyRequirements.getKeySize() > 0) {
        JAXBElement<Long> keySizeType = QNameConstants.WS_TRUST_FACTORY.createKeySize(keySize);
        response.getAny().add(keySizeType);
    }
    return response;
}

Example 37 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class RESTSecurityTokenServiceImpl method getPlainToken.

@Override
public Response getPlainToken(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
    RequestSecurityTokenResponseType response = issueToken(tokenType, keyType, requestedClaims, appliesTo);
    RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
    if ("jwt".equals(tokenType)) {
        // Discard the wrapper here
        return Response.ok(((Element) requestedToken.getAny()).getTextContent()).build();
    }
    // Base-64 encode the token + return it
    try {
        String encodedToken = encodeToken(DOM2Writer.nodeToString((Element) requestedToken.getAny()));
        return Response.ok(encodedToken).build();
    } catch (Exception ex) {
        LOG.warning(ex.getMessage());
        return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
    }
}

Example 38 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class RESTSecurityTokenServiceImpl method getJSONToken.

@Override
public Response getJSONToken(String tokenType, String keyType, List<String> requestedClaims, String appliesTo) {
    if (!"jwt".equals(tokenType)) {
        return Response.status(Response.Status.BAD_REQUEST).build();
    }
    RequestSecurityTokenResponseType response = issueToken(tokenType, keyType, requestedClaims, appliesTo);
    RequestedSecurityTokenType requestedToken = getRequestedSecurityToken(response);
    // Discard the XML Wrapper + create a new JSON Wrapper
    String token = ((Element) requestedToken.getAny()).getTextContent();
    return Response.ok(new JSONWrapper(token)).build();
}

Example 39 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueJWTClaimsUnitTest method testIssueJWTTokenOnBehalfOfSaml2DifferentRealmFederateClaims.

/**
 * Test to successfully issue a JWT token (realm "B") on-behalf-of a SAML 2 token
 * which was issued by realm "A".
 * The relationship type between realm A and B is: FederateClaims
 */
@org.junit.Test
public void testIssueJWTTokenOnBehalfOfSaml2DifferentRealmFederateClaims() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    Map<String, RealmProperties> realms = createSamlRealms();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    JWTTokenProvider tokenProvider = new JWTTokenProvider();
    tokenProvider.setRealmMap(realms);
    providerList.add(tokenProvider);
    issueOperation.setTokenProviders(providerList);
    TokenDelegationHandler delegationHandler = new SAMLDelegationHandler();
    issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    SAMLTokenValidator samlTokenValidator = new SAMLTokenValidator();
    samlTokenValidator.setSamlRealmCodec(new IssuerSAMLRealmCodec());
    validatorList.add(samlTokenValidator);
    issueOperation.setTokenValidators(validatorList);
    addService(issueOperation);
    // Add Relationship list
    List<Relationship> relationshipList = new ArrayList<>();
    Relationship rs = createRelationship();
    relationshipList.add(rs);
    // Add STSProperties object
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    STSPropertiesMBean stsProperties = createSTSPropertiesMBean(crypto);
    stsProperties.setRealmParser(new CustomRealmParser());
    stsProperties.setIdentityMapper(new CustomIdentityMapper());
    stsProperties.setRelationships(relationshipList);
    issueOperation.setStsProperties(stsProperties);
    // Set the ClaimsManager
    ClaimsManager claimsManager = new ClaimsManager();
    ClaimsHandler claimsHandler = new CustomClaimsHandler();
    claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
    issueOperation.setClaimsManager(claimsManager);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE);
    request.getAny().add(tokenType);
    // Add a ClaimsType
    ClaimsType claimsType = new ClaimsType();
    claimsType.setDialect(STSConstants.IDT_NS_05_05);
    Document doc = DOMUtils.getEmptyDocument();
    Element claimType = createClaimsType(doc);
    claimsType.getAny().add(claimType);
    JAXBElement<ClaimsType> claimsTypeJaxb = new JAXBElement<ClaimsType>(QNameConstants.CLAIMS, ClaimsType.class, claimsType);
    request.getAny().add(claimsTypeJaxb);
    // request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    // create a SAML Token via the SAMLTokenProvider which contains claims
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, realms);
    DocumentFragment f = samlToken.getOwnerDocument().createDocumentFragment();
    f.appendChild(samlToken);
    Document docToken = samlToken.getOwnerDocument();
    samlToken = (Element) docToken.appendChild(samlToken);
    String samlString = DOM2Writer.nodeToString(samlToken);
    assertTrue(samlString.contains("AttributeStatement"));
    assertTrue(samlString.contains("alice"));
    assertTrue(samlString.contains("doe"));
    assertTrue(samlString.contains(SAML2Constants.CONF_BEARER));
    // add SAML token as On-Behalf-Of element
    OnBehalfOfType onbehalfof = new OnBehalfOfType();
    onbehalfof.setAny(samlToken);
    JAXBElement<OnBehalfOfType> onbehalfofType = new JAXBElement<OnBehalfOfType>(QNameConstants.ON_BEHALF_OF, OnBehalfOfType.class, onbehalfof);
    request.getAny().add(onbehalfofType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put("url", "https");
    List<RequestSecurityTokenResponseType> securityTokenResponseList = issueToken(issueOperation, request, new CustomTokenPrincipal("alice"), msgCtx);
    // Test the generated token.
    Element token = null;
    for (Object tokenObject : securityTokenResponseList.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            token = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(token);
    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token.getTextContent());
    JwtToken jwt = jwtConsumer.getJwtToken();
    // subject unchanged
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
    // transformed claim (to uppercase)
    assertEquals(jwt.getClaim(ClaimTypes.LASTNAME.toString()), "DOE");
}

Example 40 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueJWTOnbehalfofUnitTest method testIssueJWTTokenOnBehalfOfUsernameToken.

/**
 * Test to successfully issue a JWT token on-behalf-of a UsernameToken
 */
@org.junit.Test
public void testIssueJWTTokenOnBehalfOfUsernameToken() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    providerList.add(new JWTTokenProvider());
    issueOperation.setTokenProviders(providerList);
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    validatorList.add(new UsernameTokenValidator());
    issueOperation.setTokenValidators(validatorList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE);
    request.getAny().add(tokenType);
    // Create a UsernameToken
    JAXBElement<UsernameTokenType> usernameTokenType = createUsernameToken("alice", "clarinet");
    OnBehalfOfType onbehalfof = new OnBehalfOfType();
    onbehalfof.setAny(usernameTokenType);
    JAXBElement<OnBehalfOfType> onbehalfofType = new JAXBElement<OnBehalfOfType>(QNameConstants.ON_BEHALF_OF, OnBehalfOfType.class, onbehalfof);
    request.getAny().add(onbehalfofType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    // This should fail as the default DelegationHandler does not allow UsernameTokens
    try {
        issueOperation.issue(request, null, msgCtx);
        fail("Failure expected as UsernameTokens are not accepted for OnBehalfOf by default");
    } catch (STSException ex) {
    // expected
    }
    TokenDelegationHandler delegationHandler = new UsernameTokenDelegationHandler();
    issueOperation.setDelegationHandlers(Collections.singletonList(delegationHandler));
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
    // Test the generated token.
    Element token = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            token = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(token);
    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(token.getTextContent());
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
}