Search in sources :

Example 11 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class X509DelegationHandler method isDelegationAllowed.

public TokenDelegationResponse isDelegationAllowed(TokenDelegationParameters tokenParameters) {
    TokenDelegationResponse response = new TokenDelegationResponse();
    ReceivedToken delegateTarget = tokenParameters.getToken();
    response.setToken(delegateTarget);
    Object token = delegateTarget.getToken();
    if (token instanceof BinarySecurityTokenType) {
        response.setDelegationAllowed(true);
    }
    return response;
}
Also used : BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse)

Example 12 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class TestBSTDelegationHandler method testCanNotHandle.

@Test
public void testCanNotHandle() {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#WrongType");
    binarySecurityTokenType.setValueType(BSTAuthenticationToken.BST_NS + "#" + BSTAuthenticationToken.BST_LN);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
    boolean result = bstDelegationHandler.canHandleToken(receivedToken);
    assertEquals(false, result);
}
Also used : BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 13 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class TestBSTDelegationHandler method testCanHandle.

@Test
public void testCanHandle() {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
    binarySecurityTokenType.setValueType(BSTAuthenticationToken.BST_NS + "#" + BSTAuthenticationToken.BST_LN);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
    boolean result = bstDelegationHandler.canHandleToken(receivedToken);
    assertEquals(true, result);
}
Also used : BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 14 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class TestBSTDelegationHandler method testDelegationAllowed.

@Test
public void testDelegationAllowed() {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
    binarySecurityTokenType.setValueType(BSTAuthenticationToken.BST_NS + "#" + BSTAuthenticationToken.BST_LN);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    TokenDelegationParameters tokenDelegationParameters = mock(TokenDelegationParameters.class);
    when(tokenDelegationParameters.getToken()).thenReturn(receivedToken);
    BSTDelegationHandler bstDelegationHandler = new BSTDelegationHandler();
    TokenDelegationResponse response = bstDelegationHandler.isDelegationAllowed(tokenDelegationParameters);
    assertEquals(true, response.isDelegationAllowed());
}
Also used : TokenDelegationParameters(org.apache.cxf.sts.token.delegation.TokenDelegationParameters) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) TokenDelegationResponse(org.apache.cxf.sts.token.delegation.TokenDelegationResponse) Test(org.junit.Test)

Example 15 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class WebSSOTokenValidator method validateToken.

/**
     * Validate a Token using the given TokenValidatorParameters.
     */
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
    LOGGER.debug("Validating SSO Token");
    STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
    Crypto sigCrypto = stsProperties.getSignatureCrypto();
    CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
    RequestData requestData = new RequestData();
    requestData.setSigVerCrypto(sigCrypto);
    WSSConfig wssConfig = WSSConfig.getNewInstance();
    requestData.setWssConfig(wssConfig);
    requestData.setCallbackHandler(callbackHandler);
    LOGGER.debug("Setting validate state to invalid before check.");
    TokenValidatorResponse response = new TokenValidatorResponse();
    ReceivedToken validateTarget = tokenParameters.getToken();
    validateTarget.setState(STATE.INVALID);
    response.setToken(validateTarget);
    if (!validateTarget.isBinarySecurityToken()) {
        LOGGER.debug("Validate target is not a binary security token, returning invalid response.");
        return response;
    }
    LOGGER.debug("Getting binary security token from validate target");
    BinarySecurityTokenType binarySecurityToken = (BinarySecurityTokenType) validateTarget.getToken();
    //
    // Decode the token
    //
    LOGGER.debug("Decoding binary security token.");
    String base64Token = binarySecurityToken.getValue();
    String ticket = null;
    String service = null;
    try {
        byte[] token = Base64.getDecoder().decode(base64Token);
        if (token == null || token.length == 0) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
        }
        String decodedToken = new String(token, Charset.forName("UTF-8"));
        if (StringUtils.isNotBlank(decodedToken)) {
            LOGGER.debug("Binary security token successfully decoded: {}", decodedToken);
            // Token is in the format ticket|service
            String[] parts = StringUtils.split(decodedToken, CAS_BST_SEP);
            if (parts.length == 2) {
                ticket = parts[0];
                service = parts[1];
            } else {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Was not able to parse out BST propertly. Should be in ticket|service format.");
            }
        } else {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "Binary security token NOT successfully decoded, is empty or null.");
        }
    } catch (WSSecurityException wsse) {
        String msg = "Unable to decode BST into ticket and service for validation to CAS.";
        LOGGER.info(msg, wsse);
        return response;
    }
    //
    try {
        LOGGER.debug("Validating ticket [{}] for service [{}].", ticket, service);
        // validate either returns an assertion or throws an exception
        Assertion assertion = validate(ticket, service);
        AttributePrincipal principal = assertion.getPrincipal();
        LOGGER.debug("User name retrieved from CAS: {}", principal.getName());
        response.setPrincipal(principal);
        LOGGER.debug("CAS ticket successfully validated, setting state to valid.");
        validateTarget.setState(STATE.VALID);
    } catch (TicketValidationException e) {
        LOGGER.debug("Unable to validate CAS token.", e);
    }
    return response;
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) Assertion(org.jasig.cas.client.validation.Assertion) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) WSSConfig(org.apache.wss4j.dom.engine.WSSConfig) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) AttributePrincipal(org.jasig.cas.client.authentication.AttributePrincipal) TicketValidationException(org.jasig.cas.client.validation.TicketValidationException)

Aggregations

BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)27 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)21 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)13 Test (org.junit.Test)13 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)12 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)9 Crypto (org.apache.wss4j.common.crypto.Crypto)9 RequestData (org.apache.wss4j.dom.handler.RequestData)9 PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)9 Credential (org.apache.wss4j.dom.validate.Credential)8 X509Certificate (java.security.cert.X509Certificate)7 X500Principal (javax.security.auth.x500.X500Principal)7 PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)6 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 Document (org.w3c.dom.Document)4 JAXBElement (javax.xml.bind.JAXBElement)3 QName (javax.xml.namespace.QName)3 TokenDelegationResponse (org.apache.cxf.sts.token.delegation.TokenDelegationResponse)3 BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)3