use of org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType in project cxf by apache.
the class RequestParser method parseTokenRequirements.
/**
* Parse the Token requirements into the TokenRequirements argument.
*/
private static boolean parseTokenRequirements(JAXBElement<?> jaxbElement, TokenRequirements tokenRequirements, Map<String, Object> messageContext, List<ClaimsParser> claimsParsers) {
if (QNameConstants.TOKEN_TYPE.equals(jaxbElement.getName())) {
String tokenType = (String) jaxbElement.getValue();
tokenRequirements.setTokenType(tokenType);
} else if (QNameConstants.ON_BEHALF_OF.equals(jaxbElement.getName())) {
OnBehalfOfType onBehalfOfType = (OnBehalfOfType) jaxbElement.getValue();
ReceivedToken onBehalfOf = new ReceivedToken(onBehalfOfType.getAny());
tokenRequirements.setOnBehalfOf(onBehalfOf);
} else if (QNameConstants.ACT_AS.equals(jaxbElement.getName())) {
ActAsType actAsType = (ActAsType) jaxbElement.getValue();
ReceivedToken actAs = new ReceivedToken(actAsType.getAny());
tokenRequirements.setActAs(actAs);
} else if (QNameConstants.LIFETIME.equals(jaxbElement.getName())) {
LifetimeType lifetimeType = (LifetimeType) jaxbElement.getValue();
Lifetime lifetime = new Lifetime();
if (lifetimeType.getCreated() != null) {
lifetime.setCreated(lifetimeType.getCreated().getValue());
}
if (lifetimeType.getExpires() != null) {
lifetime.setExpires(lifetimeType.getExpires().getValue());
}
tokenRequirements.setLifetime(lifetime);
} else if (QNameConstants.VALIDATE_TARGET.equals(jaxbElement.getName())) {
ValidateTargetType validateTargetType = (ValidateTargetType) jaxbElement.getValue();
ReceivedToken validateTarget = new ReceivedToken(validateTargetType.getAny());
if (isTokenReferenced(validateTarget.getToken())) {
Element target = fetchTokenElementFromReference(validateTarget.getToken(), messageContext);
validateTarget = new ReceivedToken(target);
}
tokenRequirements.setValidateTarget(validateTarget);
} else if (QNameConstants.CANCEL_TARGET.equals(jaxbElement.getName())) {
CancelTargetType cancelTargetType = (CancelTargetType) jaxbElement.getValue();
ReceivedToken cancelTarget = new ReceivedToken(cancelTargetType.getAny());
if (isTokenReferenced(cancelTarget.getToken())) {
Element target = fetchTokenElementFromReference(cancelTarget.getToken(), messageContext);
cancelTarget = new ReceivedToken(target);
}
tokenRequirements.setCancelTarget(cancelTarget);
} else if (QNameConstants.RENEW_TARGET.equals(jaxbElement.getName())) {
RenewTargetType renewTargetType = (RenewTargetType) jaxbElement.getValue();
ReceivedToken renewTarget = new ReceivedToken(renewTargetType.getAny());
if (isTokenReferenced(renewTarget.getToken())) {
Element target = fetchTokenElementFromReference(renewTarget.getToken(), messageContext);
renewTarget = new ReceivedToken(target);
}
tokenRequirements.setRenewTarget(renewTarget);
} else if (QNameConstants.CLAIMS.equals(jaxbElement.getName())) {
ClaimsType claimsType = (ClaimsType) jaxbElement.getValue();
ClaimCollection requestedClaims = parseClaims(claimsType, claimsParsers);
tokenRequirements.setPrimaryClaims(requestedClaims);
} else if (QNameConstants.RENEWING.equals(jaxbElement.getName())) {
RenewingType renewingType = (RenewingType) jaxbElement.getValue();
Renewing renewing = new Renewing();
if (renewingType.isAllow() != null) {
renewing.setAllowRenewing(renewingType.isAllow());
}
if (renewingType.isOK() != null) {
renewing.setAllowRenewingAfterExpiry(renewingType.isOK());
}
tokenRequirements.setRenewing(renewing);
} else if (QNameConstants.PARTICIPANTS.equals(jaxbElement.getName())) {
ParticipantsType participantsType = (ParticipantsType) jaxbElement.getValue();
Participants participants = parseParticipants(participantsType);
tokenRequirements.setParticipants(participants);
} else {
return false;
}
return true;
}
use of org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType in project cxf by apache.
the class ValidateJWTTransformationTest method testJWTToSAMLTransformation.
@org.junit.Test
public void testJWTToSAMLTransformation() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new JWTTokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<>();
providerList.add(new SAMLTokenProvider());
validateOperation.setTokenProviders(providerList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType);
// Create a JWTToken
TokenProviderResponse providerResponse = createJWT();
Element wrapper = createTokenWrapper((String) providerResponse.getToken());
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(wrapper);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Validate a token
RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
// Test the generated token.
Element assertion = null;
for (Object tokenObject : response.getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
String tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("alice"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
use of org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType in project cxf by apache.
the class ValidateJWTTransformationTest method testJWTToSAMLTransformationRealm.
@org.junit.Test
public void testJWTToSAMLTransformationRealm() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
JWTTokenValidator validator = new JWTTokenValidator();
validator.setRealmCodec(new CustomJWTRealmCodec());
validatorList.add(validator);
validateOperation.setTokenValidators(validatorList);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<>();
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
providerList.add(samlTokenProvider);
validateOperation.setTokenProviders(providerList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
stsProperties.setRealmParser(new CustomRealmParser());
stsProperties.setIdentityMapper(new CustomIdentityMapper());
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
request.getAny().add(tokenType);
// Create a JWTToken
TokenProviderResponse providerResponse = createJWT();
Element wrapper = createTokenWrapper((String) providerResponse.getToken());
Document doc = wrapper.getOwnerDocument();
wrapper = (Element) doc.appendChild(wrapper);
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(wrapper);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
msgCtx.put("url", "https");
// realm "B"
try {
validateOperation.validate(request, principal, msgCtx);
} catch (STSException ex) {
// expected
}
samlTokenProvider.setRealmMap(createSamlRealms());
RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
// Test the generated token.
Element assertion = null;
for (Object tokenObject : response.getAny()) {
if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
assertion = (Element) rstType.getAny();
break;
}
}
assertNotNull(assertion);
String tokenString = DOM2Writer.nodeToString(assertion);
assertTrue(tokenString.contains("AttributeStatement"));
assertTrue(tokenString.contains("ALICE"));
assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
use of org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType in project cxf by apache.
the class ValidateJWTUnitTest method testValidateJWT.
@org.junit.Test
public void testValidateJWT() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new JWTTokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
request.getAny().add(tokenType);
// Get a JWTToken via the JWTTokenProvider
TokenProviderResponse providerResponse = createJWT();
Element wrapper = createTokenWrapper((String) providerResponse.getToken());
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(wrapper);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Validate a token
RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
}
use of org.apache.cxf.ws.security.sts.provider.model.ValidateTargetType in project cxf by apache.
the class ValidateSCTUnitTest method testValidateSCT.
/**
* Test to successfully validate a SecurityContextToken
*/
@org.junit.Test
public void testValidateSCT() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
validateOperation.setTokenStore(tokenStore);
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<>();
validatorList.add(new SCTValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
request.getAny().add(tokenType);
// Get a SecurityContextToken via the SCTProvider
TokenProviderResponse providerResponse = createSCT();
Element sct = (Element) providerResponse.getToken();
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(sct);
JAXBElement<ValidateTargetType> validateTargetType = new JAXBElement<ValidateTargetType>(QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Validate a token
RequestSecurityTokenResponseType response = validateOperation.validate(request, principal, msgCtx);
assertTrue(validateResponse(response));
// Now remove the token from the cache before validating again
tokenStore.remove(tokenStore.getToken(providerResponse.getTokenId()).getId());
assertNull(tokenStore.getToken(providerResponse.getTokenId()));
response = validateOperation.validate(request, principal, msgCtx);
assertFalse(validateResponse(response));
}
Aggregations