use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class TestX509PathTokenValidator method testValidateBadToken.
@Test
public void testValidateBadToken() {
X509PathTokenValidator x509PathTokenValidator = new X509PathTokenValidator();
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenThrow(new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValueType()).thenReturn("valuetype");
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
}
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class TestX509PathTokenValidator method testAdditionalPropertyEmail.
@Test
public void testAdditionalPropertyEmail() {
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,EMAILADDRESS=name@example.com");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class TestX509PathTokenValidator method testAdditionalPropertyBoth.
@Test
public void testAdditionalPropertyBoth() {
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,C=US,EMAILADDRESS=name@example.com");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class BSTAuthenticationToken method createBinarySecurityTokenType.
public BinarySecurityTokenType createBinarySecurityTokenType(String credentials) {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setValueType(tokenValueType);
binarySecurityTokenType.setEncodingType(BASE64_ENCODING);
binarySecurityTokenType.setId(tokenId);
binarySecurityTokenType.setValue(credentials);
return binarySecurityTokenType;
}
use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.
the class PKITokenValidator method getPKITokenFromTarget.
private PKIAuthenticationToken getPKITokenFromTarget(ReceivedToken validateTarget) {
Object token = validateTarget.getToken();
if ((token instanceof BinarySecurityTokenType) && PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
String encodedCredential = ((BinarySecurityTokenType) token).getValue();
LOGGER.debug("Encoded username/password credential: {}", encodedCredential);
BaseAuthenticationToken base = null;
try {
base = PKIAuthenticationToken.parse(encodedCredential, true);
return new PKIAuthenticationToken(base.getPrincipal(), base.getCredentials().toString(), base.getRealm());
} catch (WSSecurityException e) {
LOGGER.info("Unable to parse {} from encodedToken.", PKIAuthenticationToken.class.getSimpleName(), e);
return null;
}
}
return null;
}
Aggregations