Search in sources :

Example 21 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class TestX509PathTokenValidator method testValidateBadToken.

@Test
public void testValidateBadToken() {
    X509PathTokenValidator x509PathTokenValidator = new X509PathTokenValidator();
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenThrow(new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValueType()).thenReturn("valuetype");
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) X509Certificate(java.security.cert.X509Certificate) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 22 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class TestX509PathTokenValidator method testAdditionalPropertyEmail.

@Test
public void testAdditionalPropertyEmail() {
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,EMAILADDRESS=name@example.com");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
    assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) X509Certificate(java.security.cert.X509Certificate) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 23 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class TestX509PathTokenValidator method testAdditionalPropertyBoth.

@Test
public void testAdditionalPropertyBoth() {
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,C=US,EMAILADDRESS=name@example.com");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
    assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
    assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) X509Certificate(java.security.cert.X509Certificate) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 24 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class BSTAuthenticationToken method createBinarySecurityTokenType.

public BinarySecurityTokenType createBinarySecurityTokenType(String credentials) {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setValueType(tokenValueType);
    binarySecurityTokenType.setEncodingType(BASE64_ENCODING);
    binarySecurityTokenType.setId(tokenId);
    binarySecurityTokenType.setValue(credentials);
    return binarySecurityTokenType;
}
Also used : BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)

Example 25 with BinarySecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType in project ddf by codice.

the class PKITokenValidator method getPKITokenFromTarget.

private PKIAuthenticationToken getPKITokenFromTarget(ReceivedToken validateTarget) {
    Object token = validateTarget.getToken();
    if ((token instanceof BinarySecurityTokenType) && PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
        String encodedCredential = ((BinarySecurityTokenType) token).getValue();
        LOGGER.debug("Encoded username/password credential: {}", encodedCredential);
        BaseAuthenticationToken base = null;
        try {
            base = PKIAuthenticationToken.parse(encodedCredential, true);
            return new PKIAuthenticationToken(base.getPrincipal(), base.getCredentials().toString(), base.getRealm());
        } catch (WSSecurityException e) {
            LOGGER.info("Unable to parse {} from encodedToken.", PKIAuthenticationToken.class.getSimpleName(), e);
            return null;
        }
    }
    return null;
}
Also used : PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Aggregations

BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)27 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)21 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)13 Test (org.junit.Test)13 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)12 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)11 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)9 Crypto (org.apache.wss4j.common.crypto.Crypto)9 RequestData (org.apache.wss4j.dom.handler.RequestData)9 PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)9 Credential (org.apache.wss4j.dom.validate.Credential)8 X509Certificate (java.security.cert.X509Certificate)7 X500Principal (javax.security.auth.x500.X500Principal)7 PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)6 CallbackHandler (javax.security.auth.callback.CallbackHandler)4 Document (org.w3c.dom.Document)4 JAXBElement (javax.xml.bind.JAXBElement)3 QName (javax.xml.namespace.QName)3 TokenDelegationResponse (org.apache.cxf.sts.token.delegation.TokenDelegationResponse)3 BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)3