Search in sources :

Example 6 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class TestPKITokenValidator method testCanHandleAnyRealmToken.

@Test
public void testCanHandleAnyRealmToken() {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
    binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
    PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
    pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
    pkiAuthenticationTokenFactory.init();
    PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "*");
    binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    boolean result = pkiTokenValidator.canHandleToken(receivedToken);
    assertEquals(true, result);
}
Also used : PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 7 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class GuestValidatorTest method setup.

@Before
public void setup() {
    validator = new GuestValidator();
    validator.setSupportedRealm(Arrays.asList("DDF"));
    GuestAuthenticationToken guestAuthenticationToken = new GuestAuthenticationToken("DDF", "127.0.0.1");
    GuestAuthenticationToken guestAuthenticationTokenAnyRealm = new GuestAuthenticationToken("*", "127.0.0.1");
    GuestAuthenticationToken guestAuthenticationTokenIpv6 = new GuestAuthenticationToken("*", "0:0:0:0:0:0:0:1");
    GuestAuthenticationToken guestAuthenticationTokenIpv6Reachability = new GuestAuthenticationToken("*", "0:0:0:0:0:0:0:1%4");
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
    binarySecurityTokenType.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenType.setId(GuestAuthenticationToken.BST_GUEST_LN);
    binarySecurityTokenType.setValue(guestAuthenticationToken.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenType);
    BinarySecurityTokenType binarySecurityTokenTypeBadToken = new BinarySecurityTokenType();
    binarySecurityTokenTypeBadToken.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
    binarySecurityTokenTypeBadToken.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenTypeBadToken.setId(GuestAuthenticationToken.BST_GUEST_LN);
    binarySecurityTokenTypeBadToken.setValue(Base64.getEncoder().encodeToString("NotGuest".getBytes()));
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementBadToken = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeBadToken);
    BinarySecurityTokenType binarySecurityTokenTypeAnyRealm = new BinarySecurityTokenType();
    binarySecurityTokenTypeAnyRealm.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
    binarySecurityTokenTypeAnyRealm.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenTypeAnyRealm.setId(GuestAuthenticationToken.BST_GUEST_LN);
    binarySecurityTokenTypeAnyRealm.setValue(guestAuthenticationTokenAnyRealm.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementAnyRealm = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeAnyRealm);
    BinarySecurityTokenType binarySecurityTokenTypeIpv6 = new BinarySecurityTokenType();
    binarySecurityTokenTypeIpv6.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
    binarySecurityTokenTypeIpv6.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenTypeIpv6.setId(GuestAuthenticationToken.BST_GUEST_LN);
    binarySecurityTokenTypeIpv6.setValue(guestAuthenticationTokenIpv6.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6 = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6);
    BinarySecurityTokenType binarySecurityTokenTypeIpv6Reachability = new BinarySecurityTokenType();
    binarySecurityTokenTypeIpv6Reachability.setValueType(GuestAuthenticationToken.GUEST_TOKEN_VALUE_TYPE);
    binarySecurityTokenTypeIpv6Reachability.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenTypeIpv6Reachability.setId(GuestAuthenticationToken.BST_GUEST_LN);
    binarySecurityTokenTypeIpv6Reachability.setValue(guestAuthenticationTokenIpv6Reachability.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6Reachability = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6Reachability);
    receivedToken = new ReceivedToken(binarySecurityTokenElement);
    receivedAnyRealmToken = new ReceivedToken(binarySecurityTokenElementAnyRealm);
    receivedBadToken = new ReceivedToken(binarySecurityTokenElementBadToken);
    receivedTokenIpv6 = new ReceivedToken(binarySecurityTokenElementIpv6);
    receivedTokenIpv6Reachability = new ReceivedToken(binarySecurityTokenElementIpv6Reachability);
    parameters = new TokenValidatorParameters();
    parameters.setToken(receivedToken);
}
Also used : TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) QName(javax.xml.namespace.QName) JAXBElement(javax.xml.bind.JAXBElement) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Before(org.junit.Before)

Example 8 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class BSTDelegationHandler method isDelegationAllowed.

public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
    TokenDelegationResponse response = new TokenDelegationResponse();
    ReceivedToken delegateTarget = tokenParameters.getToken();
    response.setToken(delegateTarget);
    Object token = delegateTarget.getToken();
    if (token instanceof BinarySecurityTokenType) {
        response.setDelegationAllowed(true);
    }
    return response;
}
Also used : BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)

Example 9 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class BSTAuthenticationToken method getBinarySecurityToken.

/**
     * Creates a binary security token based on the provided credential.
     */
private synchronized String getBinarySecurityToken(String credential) {
    Writer writer = new StringWriter();
    Marshaller marshaller = null;
    BinarySecurityTokenType binarySecurityTokenType = createBinarySecurityTokenType(credential);
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement = new JAXBElement<BinarySecurityTokenType>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenType);
    if (BINARY_TOKEN_CONTEXT != null) {
        try {
            marshaller = BINARY_TOKEN_CONTEXT.createMarshaller();
            marshaller.setProperty(Marshaller.JAXB_FRAGMENT, Boolean.TRUE);
        } catch (JAXBException e) {
            LOGGER.debug("Exception while creating UsernameToken marshaller.", e);
        }
        if (marshaller != null) {
            try {
                marshaller.marshal(binarySecurityTokenElement, writer);
            } catch (JAXBException e) {
                LOGGER.debug("Exception while writing username token.", e);
            }
        }
    }
    String binarySecurityToken = writer.toString();
    if (LOGGER.isDebugEnabled()) {
        LOGGER.debug("Binary Security Token: {}", binarySecurityToken);
    }
    return binarySecurityToken;
}
Also used : Marshaller(javax.xml.bind.Marshaller) StringWriter(java.io.StringWriter) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) QName(javax.xml.namespace.QName) JAXBException(javax.xml.bind.JAXBException) JAXBElement(javax.xml.bind.JAXBElement) StringWriter(java.io.StringWriter) Writer(java.io.Writer)

Example 10 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class WssPKIHandler method extractAuthenticationInfo.

@Override
protected BaseAuthenticationToken extractAuthenticationInfo(String realm, X509Certificate[] certs) {
    PKIAuthenticationToken pkiToken = tokenFactory.getTokenFromCerts(certs, realm);
    BinarySecurityTokenType binarySecurityType = pkiToken.createBinarySecurityTokenType(pkiToken.getCredentials());
    //
    // Turn the received JAXB object into a DOM element
    //
    Document doc = DOMUtils.createDocument();
    BinarySecurity binarySecurity = new X509Security(doc);
    binarySecurity.setEncodingType(binarySecurityType.getEncodingType());
    binarySecurity.setValueType(X509Security.X509_V3_TYPE);
    String data = binarySecurityType.getValue();
    Node textNode = doc.createTextNode(data);
    binarySecurity.getElement().appendChild(textNode);
    BaseAuthenticationToken baseAuthenticationToken = new BaseAuthenticationToken(null, "", binarySecurity.toString());
    baseAuthenticationToken.setUseWssSts(true);
    return baseAuthenticationToken;
}
Also used : PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) BinarySecurity(org.apache.wss4j.common.token.BinarySecurity) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) Node(org.w3c.dom.Node) BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken) Document(org.w3c.dom.Document) X509Security(org.apache.wss4j.common.token.X509Security)

Aggregations

BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)27 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)21 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)13 Test (org.junit.Test)13 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)12 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)9 Crypto (org.apache.wss4j.common.crypto.Crypto)9 RequestData (org.apache.wss4j.dom.handler.RequestData)9 PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)9 Credential (org.apache.wss4j.dom.validate.Credential)8 X509Certificate (java.security.cert.X509Certificate)7 X500Principal (javax.security.auth.x500.X500Principal)7 PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)6 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 Document (org.w3c.dom.Document)4 JAXBElement (javax.xml.bind.JAXBElement)3 QName (javax.xml.namespace.QName)3 TokenDelegationResponse (org.apache.cxf.sts.token.delegation.TokenDelegationResponse)3 BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)3