Example 11 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class IdpEndpointTest method testPassiveLoginPkiUnsupported.
@Test
public void testPassiveLoginPkiUnsupported() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
String samlRequest = authNRequestPassivePkiGet;
HttpServletRequest request = mock(HttpServletRequest.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
Subject subject = mock(Subject.class);
PrincipalCollection principalCollection = mock(PrincipalCollection.class);
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
SecurityToken securityToken = mock(SecurityToken.class);
SecurityManager securityManager = mock(SecurityManager.class);
when(subject.getPrincipals()).thenReturn(principalCollection);
when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
//this mock element is what will cause the signature error
when(securityToken.getToken()).thenReturn(mock(Element.class));
when(securityManager.getSubject(anyObject())).thenReturn(subject);
idpEndpoint.setSecurityManager(securityManager);
idpEndpoint.setStrictSignature(false);
when(request.isSecure()).thenReturn(true);
when(request.getRequestURL()).thenReturn(requestURL);
when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
//dummy cert
when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
Response response = idpEndpoint.showGetLogin(samlRequest, relayState, signatureAlgorithm, signature, request);
String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse=", "&RelayState");
responseStr = URLDecoder.decode(responseStr, "UTF-8");
responseStr = RestSecurity.inflateBase64(responseStr);
//the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
assertThat(responseStr, containsString("status:RequestUnsupported"));
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Response(javax.ws.rs.core.Response)
SecurityManager(ddf.security.service.SecurityManager)
Element(org.w3c.dom.Element)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
Matchers.containsString(org.hamcrest.Matchers.containsString)
Matchers.anyString(org.mockito.Matchers.anyString)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
X509Certificate(java.security.cert.X509Certificate)
Subject(ddf.security.Subject)
Test(org.junit.Test)
Example 12 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecurityTest method testTokenAboutToExpire.
@Test
public void testTokenAboutToExpire() throws Exception {
Subject subject = mock(Subject.class);
SecurityAssertion assertion = mock(SecurityAssertion.class);
PrincipalCollection pc = mock(PrincipalCollection.class);
SecurityToken st = mock(SecurityToken.class);
when(st.isAboutToExpire(anyLong())).thenReturn(true);
assertThat(security.tokenAboutToExpire(null), equalTo(true));
assertThat(security.tokenAboutToExpire(subject), equalTo(true));
when(subject.getPrincipals()).thenReturn(pc);
assertThat(security.tokenAboutToExpire(subject), equalTo(true));
when(pc.oneByType(any(Class.class))).thenReturn(assertion);
when(assertion.getSecurityToken()).thenReturn(st);
assertThat(security.tokenAboutToExpire(subject), equalTo(true));
when(st.isAboutToExpire(anyLong())).thenReturn(false);
assertThat(security.tokenAboutToExpire(subject), equalTo(false));
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Subject(ddf.security.Subject)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 13 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class RestSecurityTest method testSetSubjectOnClient.
@Test
public void testSetSubjectOnClient() throws Exception {
Element samlToken = readDocument("/saml.xml").getDocumentElement();
Subject subject = mock(Subject.class);
SecurityAssertion assertion = mock(SecurityAssertion.class);
SecurityToken token = new SecurityToken(UUID.randomUUID().toString(), samlToken, new Date(), new Date());
when(assertion.getSecurityToken()).thenReturn(token);
when(subject.getPrincipals()).thenReturn(new SimplePrincipalCollection(assertion, "sts"));
WebClient client = WebClient.create("https://example.org");
RestSecurity.setSubjectOnClient(subject, client);
assertNotNull(client.getHeaders().get(RestSecurity.AUTH_HEADER));
ArrayList headers = (ArrayList) client.getHeaders().get(RestSecurity.AUTH_HEADER);
boolean containsSaml = false;
for (Object header : headers) {
if (StringUtils.contains(header.toString(), RestSecurity.SAML_HEADER_PREFIX)) {
containsSaml = true;
}
}
assertTrue(containsSaml);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
WebClient(org.apache.cxf.jaxrs.client.WebClient)
Subject(ddf.security.Subject)
Date(java.util.Date)
Test(org.junit.Test)
Example 14 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecurityTokenHolderTest method testRemoveAllSecurityTokens.
@Test
public void testRemoveAllSecurityTokens() {
// given
SecurityTokenHolder securityTokenHolder = new SecurityTokenHolder();
SecurityToken securityTokenOne = new SecurityToken();
SecurityToken securityTokenTwo = new SecurityToken();
String realmOne = "realmOne";
String realmTwo = "realmTwo";
securityTokenHolder.addSecurityToken(realmOne, securityTokenOne);
securityTokenHolder.addSecurityToken(realmTwo, securityTokenTwo);
// when
securityTokenHolder.removeAll();
// then
assertThat(securityTokenHolder.getSecurityToken(realmOne), is(nullValue()));
assertThat(securityTokenHolder.getSecurityToken(realmTwo), is(nullValue()));
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Test(org.junit.Test)
Example 15 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class StsIssueTest method testBearerPkiTokenSaml2.
/**
* Test the User PKI Token
*/
public void testBearerPkiTokenSaml2(StsPortTypes portType) throws Exception {
SpringBusFactory bf = new SpringBusFactory();
URL busFile = StsIssueTest.class.getResource("/cxf-client.xml");
Bus bus = bf.createBus(busFile.toString());
SpringBusFactory.setDefaultBus(bus);
SpringBusFactory.setThreadDefaultBus(bus);
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
Document doc = builder.newDocument();
// Build the Claims object
W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
writer.writeStartElement(WST, CLAIMS, STSUtils.WST_NS_05_12);
writer.writeNamespace(WST, STSUtils.WST_NS_05_12);
writer.writeNamespace(IC, IDENTITY_URI);
writer.writeAttribute(DIALECT, IDENTITY_URI);
// Add the Role claim
writer.writeStartElement(IC, CLAIM_TYPE, IDENTITY_URI);
writer.writeAttribute("URI", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
writer.writeEndElement();
Element claims = writer.getDocument().getDocumentElement();
// Alerternatively we can use a certificate to request a SAML
X509Security oboToken = new X509Security(doc);
Crypto crypto = CryptoFactory.getInstance("clientKeystore.properties");
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("client");
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (null != certs) {
oboToken.setX509Certificate(certs[0]);
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, oboToken.getElement(), bus, StsAddresses.valueOf(portType.toString()).toString(), WsdlLocations.valueOf(portType.toString()).toString(), EndPoints.valueOf(portType.toString()).toString(), claims);
if (token != null) {
validateSecurityToken(token);
}
}
bus.shutdown(true);
}
Also used :
Bus(org.apache.cxf.Bus)
W3CDOMStreamWriter(org.apache.cxf.staxutils.W3CDOMStreamWriter)
DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory)
Element(org.w3c.dom.Element)
CryptoType(org.apache.wss4j.common.crypto.CryptoType)
Document(org.w3c.dom.Document)
URL(java.net.URL)
X509Certificate(java.security.cert.X509Certificate)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Crypto(org.apache.wss4j.common.crypto.Crypto)
SpringBusFactory(org.apache.cxf.bus.spring.SpringBusFactory)
DocumentBuilder(javax.xml.parsers.DocumentBuilder)
X509Security(org.apache.wss4j.common.token.X509Security)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)187
Element (org.w3c.dom.Element)57
Test (org.junit.Test)47
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)35
Subject (ddf.security.Subject)32
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)28
SecurityAssertion (ddf.security.assertion.SecurityAssertion)27
QName (javax.xml.namespace.QName)26
Fault (org.apache.cxf.interceptor.Fault)23
SecurityManager (ddf.security.service.SecurityManager)22
TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)18
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)17
SOAPException (javax.xml.soap.SOAPException)16
Message (org.apache.cxf.message.Message)16
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)16
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
CollectionPermission (ddf.security.permission.CollectionPermission)14
Bus (org.apache.cxf.Bus)14
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
