Example 56 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSTokenOutInterceptorTest method testBasicAsymmetricBinding.
@Test
public void testBasicAsymmetricBinding() throws Exception {
Bus bus = BusFactory.getThreadDefaultBus();
STSAuthParams authParams = new STSAuthParams(AuthMode.X509_ASSYMETRIC, null, "org.apache.cxf.systest.sts.common.CommonCallbackHandler", "mystskey", "clientKeystore.properties");
STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(authParams, "http://localhost:" + STSPORT2 + STS_X509_WSDL_LOCATION_RELATIVE, bus);
MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC);
interceptor.handleMessage(message);
SecurityToken token = (SecurityToken) message.getExchange().get(SecurityConstants.TOKEN);
validateSecurityToken(token);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Bus(org.apache.cxf.Bus)
STSTokenOutInterceptor(org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor)
STSAuthParams(org.apache.cxf.ws.security.trust.STSAuthParams)
MessageImpl(org.apache.cxf.message.MessageImpl)
Test(org.junit.Test)
Example 57 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSTokenOutInterceptorTest method testSTSClientAsymmetricBinding.
@Test
public void testSTSClientAsymmetricBinding() throws Exception {
Bus bus = BusFactory.getThreadDefaultBus();
STSClient stsClient = initStsClientAsymmeticBinding(bus);
STSTokenOutInterceptor interceptor = new STSTokenOutInterceptor(stsClient);
MessageImpl message = prepareMessage(bus, null, SERVICE_ENDPOINT_ASSYMETRIC);
interceptor.handleMessage(message);
SecurityToken token = (SecurityToken) message.getExchange().get(SecurityConstants.TOKEN);
validateSecurityToken(token);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Bus(org.apache.cxf.Bus)
STSClient(org.apache.cxf.ws.security.trust.STSClient)
STSTokenOutInterceptor(org.apache.cxf.ws.security.policy.interceptors.STSTokenOutInterceptor)
MessageImpl(org.apache.cxf.message.MessageImpl)
Test(org.junit.Test)
Example 58 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class WSS4JUtils method parseAndStoreStreamingSecurityToken.
public static String parseAndStoreStreamingSecurityToken(org.apache.xml.security.stax.securityToken.SecurityToken securityToken, Message message) throws XMLSecurityException {
if (securityToken == null) {
return null;
}
SecurityToken existingToken = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId());
if (existingToken == null || existingToken.isExpired()) {
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
SecurityToken cachedTok = new SecurityToken(securityToken.getId(), created, expires);
cachedTok.setSHA1(securityToken.getSha1Identifier());
if (securityToken.getTokenType() != null) {
if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken) {
cachedTok.setTokenType(WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.KERBEROS_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_GSS_KERBEROS5_AP_REQ);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_11_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_SAML11_TOKEN_PROFILE_TYPE);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_20_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_SAML20_TOKEN_PROFILE_TYPE);
} else if (securityToken.getTokenType() == WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN || securityToken.getTokenType() == WSSecurityTokenConstants.SECURITY_CONTEXT_TOKEN) {
cachedTok.setTokenType(WSSConstants.NS_WSC_05_02);
}
}
for (Map.Entry<String, Key> entry : securityToken.getSecretKey().entrySet()) {
if (entry.getValue() != null) {
cachedTok.setKey(entry.getValue());
if (entry.getValue() instanceof SecretKey) {
cachedTok.setSecret(entry.getValue().getEncoded());
}
break;
}
}
TokenStoreUtils.getTokenStore(message).add(cachedTok);
return cachedTok.getId();
}
return existingToken.getId();
}Example 59 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class AbstractBindingBuilder method storeAssertionAsSecurityToken.
/**
* Store a SAML Assertion as a SecurityToken
*/
protected void storeAssertionAsSecurityToken(SamlAssertionWrapper assertion) {
String id = findIDFromSamlToken(assertion.getElement());
if (id == null) {
return;
}
SecurityToken secToken = new SecurityToken(id);
if (assertion.getSaml2() != null) {
secToken.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
} else {
secToken.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE);
}
secToken.setToken(assertion.getElement());
getTokenStore().add(secToken);
message.put(SecurityConstants.TOKEN_ID, secToken.getId());
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Example 60 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class AbstractBindingBuilder method doEndorsedSignatures.
protected void doEndorsedSignatures(List<SupportingToken> tokenList, boolean isTokenProtection, boolean isSigProtect) {
for (SupportingToken supportingToken : tokenList) {
Object tempTok = supportingToken.getTokenImplementation();
List<WSEncryptionPart> sigParts = new ArrayList<>();
WSEncryptionPart sigPart = new WSEncryptionPart(mainSigId);
sigPart.setElement(bottomUpElement);
sigParts.add(sigPart);
if (supportingToken.getSignedParts() != null) {
for (WSEncryptionPart signedPart : supportingToken.getSignedParts()) {
sigParts.add(signedPart);
}
}
if (tempTok instanceof WSSecSignature) {
WSSecSignature sig = (WSSecSignature) tempTok;
if (isTokenProtection && sig.getBSTTokenId() != null) {
WSEncryptionPart bstPart = new WSEncryptionPart(sig.getBSTTokenId());
bstPart.setElement(sig.getBinarySecurityTokenElement());
sigParts.add(bstPart);
}
try {
List<Reference> referenceList = sig.addReferencesToSign(sigParts);
sig.computeSignature(referenceList, false, null);
addSig(sig.getSignatureValue());
if (isSigProtect) {
WSEncryptionPart part = new WSEncryptionPart(sig.getId(), "Element");
encryptedTokensList.add(part);
}
} catch (WSSecurityException e) {
unassertPolicy(supportingToken.getToken(), e);
}
} else if (tempTok instanceof WSSecurityTokenHolder) {
SecurityToken token = ((WSSecurityTokenHolder) tempTok).getToken();
if (isTokenProtection) {
sigParts.add(new WSEncryptionPart(token.getId()));
}
try {
if (supportingToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
doSymmSignatureDerived(supportingToken.getToken(), token, sigParts, isTokenProtection, isSigProtect);
} else {
doSymmSignature(supportingToken.getToken(), token, sigParts, isTokenProtection, isSigProtect);
}
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
}
} else if (tempTok instanceof WSSecUsernameToken) {
WSSecUsernameToken utBuilder = (WSSecUsernameToken) tempTok;
String id = utBuilder.getId();
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
SecurityToken secToken = new SecurityToken(id, utBuilder.getUsernameTokenElement(), created, expires);
if (isTokenProtection) {
sigParts.add(new WSEncryptionPart(secToken.getId()));
}
try {
byte[] secret = utBuilder.getDerivedKey();
secToken.setSecret(secret);
if (supportingToken.getToken().getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
doSymmSignatureDerived(supportingToken.getToken(), secToken, sigParts, isTokenProtection, isSigProtect);
} else {
doSymmSignature(supportingToken.getToken(), secToken, sigParts, isTokenProtection, isSigProtect);
}
} catch (Exception e) {
LOG.log(Level.FINE, e.getMessage(), e);
}
}
}
}
Also used :
WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart)
Reference(javax.xml.crypto.dsig.Reference)
SecurityTokenReference(org.apache.wss4j.common.token.SecurityTokenReference)
WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature)
Instant(java.time.Instant)
ArrayList(java.util.ArrayList)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SOAPException(javax.xml.soap.SOAPException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLStreamException(javax.xml.stream.XMLStreamException)
XPathExpressionException(javax.xml.xpath.XPathExpressionException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
WSSecUsernameToken(org.apache.wss4j.dom.message.WSSecUsernameToken)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)177
Element (org.w3c.dom.Element)56
Bus (org.apache.cxf.Bus)41
Test (org.junit.Test)39
URL (java.net.URL)35
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)34
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)34
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27
Subject (ddf.security.Subject)24
SecurityAssertion (ddf.security.assertion.SecurityAssertion)24
QName (javax.xml.namespace.QName)21
Fault (org.apache.cxf.interceptor.Fault)19
SOAPException (javax.xml.soap.SOAPException)16
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)16
SecurityManager (ddf.security.service.SecurityManager)15
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)15
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
Instant (java.time.Instant)12
