Example 91 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class IdpEndpoint method hasValidCookie.
private boolean hasValidCookie(HttpServletRequest request, boolean forceAuthn) {
Cookie cookie = getCookie(request);
if (cookie != null) {
LOGGER.debug("Retrieving cookie {}:{} from cache.", cookie.getValue(), cookie.getName());
String key = cookie.getValue();
LOGGER.debug("Retrieving SAML Token from cookie.");
Element samlToken = cookieCache.getSamlAssertion(key);
if (samlToken != null) {
String assertionId = samlToken.getAttribute("ID");
SecurityToken securityToken = new SecurityToken(assertionId, samlToken, null);
SecurityAssertionImpl assertion = new SecurityAssertionImpl(securityToken);
if (forceAuthn || !assertion.isPresentlyValid()) {
cookieCache.removeSamlAssertion(key);
return false;
}
return true;
}
}
return false;
}
Also used :
NewCookie(javax.ws.rs.core.NewCookie)
Cookie(javax.servlet.http.Cookie)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SOAPElement(javax.xml.soap.SOAPElement)
SOAPHeaderElement(javax.xml.soap.SOAPHeaderElement)
Element(org.w3c.dom.Element)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
Example 92 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class IdpEndpointTest method testPassiveLoginPkiUnsupportedPost.
@Test
public void testPassiveLoginPkiUnsupportedPost() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
String samlRequest = authNRequestPassivePkiPost;
HttpServletRequest request = mock(HttpServletRequest.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
Subject subject = mock(Subject.class);
PrincipalCollection principalCollection = mock(PrincipalCollection.class);
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
SecurityToken securityToken = mock(SecurityToken.class);
SecurityManager securityManager = mock(SecurityManager.class);
when(subject.getPrincipals()).thenReturn(principalCollection);
when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
//this mock element is what will cause the signature error
when(securityToken.getToken()).thenReturn(mock(Element.class));
when(securityManager.getSubject(anyObject())).thenReturn(subject);
idpEndpoint.setSecurityManager(securityManager);
idpEndpoint.setStrictSignature(false);
when(request.isSecure()).thenReturn(true);
when(request.getRequestURL()).thenReturn(requestURL);
when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
//dummy cert
when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
Response response = idpEndpoint.showPostLogin(samlRequest, relayState, request);
String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse\" value=\"", "\" />");
responseStr = new String(Base64.getDecoder().decode(responseStr));
//the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
assertThat(responseStr, containsString("status:RequestUnsupported"));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Response(javax.ws.rs.core.Response)
SecurityManager(ddf.security.service.SecurityManager)
Element(org.w3c.dom.Element)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Matchers.anyString(org.mockito.Matchers.anyString)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
X509Certificate(java.security.cert.X509Certificate)
Subject(ddf.security.Subject)
Test(org.junit.Test)
Example 93 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class UPBSTValidatorTest method testValidateGoodTokenCache.
@Test
public void testValidateGoodTokenCache() {
UPBSTValidator upbstValidator = getUpbstValidator(new XmlParser(), meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(584149325);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
TokenValidatorResponse response = upbstValidator.validateToken(tokenParameters);
Assert.assertEquals(ReceivedToken.STATE.VALID, response.getToken().getState());
verify(failedLoginDelayer, never()).delay(anyString());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Collection(java.util.Collection)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Test(org.junit.Test)
Example 94 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class UPBSTValidatorTest method testNoFailedDelayer.
@Test(expected = IllegalStateException.class)
public void testNoFailedDelayer() {
UPBSTValidator upbstValidator = new UPBSTValidator(new XmlParser(), null) {
public void addRealm(ServiceReference<JaasRealm> serviceReference) {
validators.put("realm", meanValidator);
}
};
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(584149325);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
upbstValidator.validateToken(tokenParameters);
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Collection(java.util.Collection)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
ServiceReference(org.osgi.framework.ServiceReference)
Test(org.junit.Test)
Example 95 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class StsIssueTest method testBearerWebSsoTokenSaml2.
/**
* Test the Web SSO Token
*/
public void testBearerWebSsoTokenSaml2(StsPortTypes portType) throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = StsIssueTest.class.getResource("/cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.newDocument();
// Create a Username Token
UsernameToken oboToken = new UsernameToken(false, doc, WSConstants.PASSWORD_TEXT);
// Workout the details of how to fill out the username token
// ID - the Key that tells the validator its an SSO token
// Name - the SSO ticket
oboToken.setID(CAS_ID);
oboToken.setName("ST-098ASDF13245WERT");
// Build the Claims object
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement(WST, CLAIMS, STSUtils.WST_NS_05_12);
writer.writeNamespace(WST, STSUtils.WST_NS_05_12);
writer.writeNamespace(IC, IDENTITY_URI);
writer.writeAttribute(DIALECT, IDENTITY_URI);
// Add the Role claim
writer.writeStartElement(IC, CLAIM_TYPE, IDENTITY_URI);
// writer.writeAttribute("Uri",
// "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
writer.writeAttribute(URI, "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/uid");
writer.writeEndElement();
Element claims = writer.getDocument().getDocumentElement();
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, oboToken.getElement(), bus, StsAddresses.valueOf(portType.toString()).toString(), WsdlLocations.valueOf(portType.toString()).toString(), EndPoints.valueOf(portType.toString()).toString(), claims);
if (token != null) {
validateSecurityToken(token);
}
bus.shutdown(true);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Bus(org.apache.cxf.Bus)
W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
Element(org.w3c.dom.Element)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Document(org.w3c.dom.Document)
URL(java.net.URL)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)177
Element (org.w3c.dom.Element)56
Bus (org.apache.cxf.Bus)41
Test (org.junit.Test)39
URL (java.net.URL)35
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)34
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)34
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)27
Subject (ddf.security.Subject)24
SecurityAssertion (ddf.security.assertion.SecurityAssertion)24
QName (javax.xml.namespace.QName)21
Fault (org.apache.cxf.interceptor.Fault)19
SOAPException (javax.xml.soap.SOAPException)16
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)16
SecurityManager (ddf.security.service.SecurityManager)15
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)15
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
Instant (java.time.Instant)12
