Example 11 with BinarySecurityTokenType
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class X509DelegationHandler method isDelegationAllowed.
public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
TokenDelegationResponse response = new TokenDelegationResponse();
ReceivedToken delegateTarget = tokenParameters.getToken();
response.setToken(delegateTarget);
Object token = delegateTarget.getToken();
if (token instanceof BinarySecurityTokenType) {
response.setDelegationAllowed(true);
}
return response;
}
Also used :
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)
Example 12 with BinarySecurityTokenType
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class TestBSTDelegationHandler method testCanNotHandle.
@Test
public void testCanNotHandle() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#WrongType");
binarySecurityTokenType.setValueType(BSTAuthenticationToken.BST_NS + "#" + BSTAuthenticationToken.BST_LN);
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
boolean result = bstDelegationHandler.canHandleToken(receivedToken);
assertEquals(false, result);
}
Also used :
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 13 with BinarySecurityTokenType
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class TestBSTDelegationHandler method testCanHandle.
@Test
public void testCanHandle() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(BSTAuthenticationToken.BST_NS + "#" + BSTAuthenticationToken.BST_LN);
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
boolean result = bstDelegationHandler.canHandleToken(receivedToken);
assertEquals(true, result);
}
Also used :
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 14 with BinarySecurityTokenType
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class TestBSTDelegationHandler method testDelegationAllowed.
@Test
public void testDelegationAllowed() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(BSTAuthenticationToken.BST_NS + "#" + BSTAuthenticationToken.BST_LN);
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenDelegationParameters tokenDelegationParameters = mock(TokenDelegationParameters.class);
when(tokenDelegationParameters.getToken()).thenReturn(receivedToken);
BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
TokenDelegationResponse response = bstDelegationHandler.isDelegationAllowed(tokenDelegationParameters);
assertEquals(true, response.isDelegationAllowed());
}
Also used :
TokenDelegationParameters(org.apache.cxf.sts.token.delegation.TokenDelegationParameters)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)
Test(org.junit.Test)
Example 15 with BinarySecurityTokenType
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class WebSSOTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.debug("Validating SSO Token");
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
LOGGER.debug("Setting validate state to invalid before check.");
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isBinarySecurityToken()) {
LOGGER.debug("Validate target is not a binary security token, returning invalid response.");
return response;
}
LOGGER.debug("Getting binary security token from validate target");
BinarySecurityTokenType binarySecurityToken = (BinarySecurityTokenType) validateTarget.getToken();
//
// Decode the token
//
LOGGER.debug("Decoding binary security token.");
String base64Token = binarySecurityToken.getValue();
String ticket = null;
String service = null;
try {
byte[] token = Base64.getDecoder().decode(base64Token);
if (token == null || token.length == 0) {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
String decodedToken = new String(token, Charset.forName("UTF-8"));
if (StringUtils.isNotBlank(decodedToken)) {
LOGGER.debug("Binary security token successfully decoded: {}", decodedToken);
// Token is in the format ticket|service
String[] parts = StringUtils.split(decodedToken, CAS_BST_SEP);
if (parts.length == 2) {
ticket = parts[0];
service = parts[1];
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Was not able to parse out BST propertly. Should be in ticket|service format.");
}
} else {
throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
}
} catch (WSSecurityException wsse) {
String msg = "Unable to decode BST into ticket and service for validation to CAS.";
LOGGER.info(msg, wsse);
return response;
}
//
try {
LOGGER.debug("Validating ticket [{}] for service [{}].", ticket, service);
// validate either returns an assertion or throws an exception
Assertion assertion = validate(ticket, service);
AttributePrincipal principal = assertion.getPrincipal();
LOGGER.debug("User name retrieved from CAS: {}", principal.getName());
response.setPrincipal(principal);
LOGGER.debug("CAS ticket successfully validated, setting state to valid.");
validateTarget.setState(STATE.VALID);
} catch (TicketValidationException e) {
LOGGER.debug("Unable to validate CAS token.", e);
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
Assertion(org.jasig.cas.client.validation.Assertion)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
RequestData(org.apache.wss4j.dom.handler.RequestData)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal)
TicketValidationException(org.jasig.cas.client.validation.TicketValidationException)
Aggregations
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)27
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)21
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)13
Test (org.junit.Test)13
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)9
Crypto (org.apache.wss4j.common.crypto.Crypto)9
RequestData (org.apache.wss4j.dom.handler.RequestData)9
PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)9
Credential (org.apache.wss4j.dom.validate.Credential)8
X509Certificate (java.security.cert.X509Certificate)7
X500Principal (javax.security.auth.x500.X500Principal)7
PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)6
CallbackHandler (javax.security.auth.callback.CallbackHandler)4
Document (org.w3c.dom.Document)4
JAXBElement (javax.xml.bind.JAXBElement)3
QName (javax.xml.namespace.QName)3
TokenDelegationResponse (org.apache.cxf.sts.token.delegation.TokenDelegationResponse)3
BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)3
