Example 26 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class TestLogoutService method initialize.
@BeforeClass
public static void initialize() {
Map<String, SecurityToken> realmTokenMap = new HashMap<>();
realmTokenMap.put("karaf", new SecurityToken());
realmTokenMap.put("ldap", new SecurityToken());
sessionFactory = mock(SessionFactory.class);
HttpSession httpSession = mock(HttpSession.class);
SecurityTokenHolder securityTokenHolder = mock(SecurityTokenHolder.class);
sm = mock(SecurityManager.class);
when(sessionFactory.getOrCreateSession(null)).thenReturn(httpSession);
when(httpSession.getAttribute(SecurityConstants.SAML_ASSERTION)).thenReturn(securityTokenHolder);
when(securityTokenHolder.getRealmTokenMap()).thenReturn(realmTokenMap);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SessionFactory(ddf.security.http.SessionFactory)
SecurityTokenHolder(ddf.security.common.SecurityTokenHolder)
SecurityManager(ddf.security.service.SecurityManager)
HashMap(java.util.HashMap)
HttpSession(javax.servlet.http.HttpSession)
BeforeClass(org.junit.BeforeClass)
Example 27 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecurityAssertionStore method getSecurityAssertion.
/**
* Return the SecurityAssertion wrapper associated with the provided message
*
* @param message Message
* @return SecurityAssertion
*/
public static SecurityAssertion getSecurityAssertion(Message message) {
if (message != null) {
TokenStore tokenStore = getTokenStore(message);
Principal principal = null;
SecurityContext context = message.get(SecurityContext.class);
if (context != null) {
principal = context.getUserPrincipal();
}
if (!(principal instanceof SAMLTokenPrincipal)) {
// Try to find the SAMLTokenPrincipal if it exists
List<?> wsResults = List.class.cast(message.get(WSHandlerConstants.RECV_RESULTS));
if (wsResults != null) {
for (Object wsResult : wsResults) {
if (wsResult instanceof WSHandlerResult) {
List<WSSecurityEngineResult> wsseResults = ((WSHandlerResult) wsResult).getResults();
for (WSSecurityEngineResult wsseResult : wsseResults) {
Object principalResult = wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principalResult instanceof SAMLTokenPrincipal) {
principal = (SAMLTokenPrincipal) principalResult;
break;
}
}
}
}
}
}
if (tokenStore != null && principal != null && principal instanceof SAMLTokenPrincipal) {
String id = ((SAMLTokenPrincipal) principal).getId();
SamlAssertionWrapper samlAssertionWrapper = ((SAMLTokenPrincipal) principal).getToken();
SecurityToken token = tokenStore.getToken(id);
if (token == null) {
if (samlAssertionWrapper.getSaml2().getIssueInstant() != null && samlAssertionWrapper.getSaml2().getConditions() != null && samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter() != null) {
token = new SecurityToken(id, samlAssertionWrapper.getElement(), samlAssertionWrapper.getSaml2().getIssueInstant().toDate(), samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter().toDate());
} else {
// we don't know how long this should last or when it was created, so just
// set it to 1 minute
// This shouldn't happen unless someone sets up a third party STS with weird
// settings.
Date date = new Date();
token = new SecurityToken(id, samlAssertionWrapper.getElement(), date, new Date(date.getTime() + TimeUnit.MINUTES.toMillis(1)));
}
tokenStore.add(token);
}
return new SecurityAssertionImpl(token);
}
}
return new SecurityAssertionImpl();
}
Also used :
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Date(java.util.Date)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityContext(org.apache.cxf.security.SecurityContext)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
Principal(java.security.Principal)
Example 28 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecureProxyServiceFactoryImpl method create.
/**
* Creates a service proxy object that implements the specified Service Endpoing Interface.
* This accepts a boolean indicating whether the proxy should be configured to communicate
* securely using an STS and SAML assertions.
*
* @param requiresCredentials Indicates that security should be configured for this service proxy
* @param serviceClass The Java class object representing the interface to be proxied
* @param serviceName The name of the service being proxied
* @param endpointName The name corresponding to the endpoint
* @param endpointAddress The url for the service being proxied
* @return the proxy that implements the specified SEI
*/
@Override
public <ProxyServiceType> ProxyServiceType create(boolean requiresCredentials, Class<ProxyServiceType> serviceClass, QName serviceName, QName endpointName, String endpointAddress, Serializable securityAssertion) throws UnsupportedOperationException {
LOGGER.debug("Creating proxy service");
WebServiceProperties<ProxyServiceType> wsp = new WebServiceProperties<>(serviceClass, serviceName, endpointName, endpointAddress);
SecurityToken securityToken = getSecurityToken(wsp, securityAssertion);
ProxyServiceType proxyServiceType = createSecureClientFactory(wsp, securityToken);
LOGGER.debug("Finished creating proxy service");
return proxyServiceType;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Example 29 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class UPBSTValidatorTest method testNoParser.
@Test(expected = IllegalStateException.class)
public void testNoParser() {
UPBSTValidator upbstValidator = getUpbstValidator(null, meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(584149325);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
upbstValidator.validateToken(tokenParameters);
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Collection(java.util.Collection)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Test(org.junit.Test)
Example 30 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class StaxSymmetricBindingHandler method setupEncryptedKey.
private String setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken sigToken) throws WSSecurityException {
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
SecurityToken tempTok = new SecurityToken(IDGenerator.generateID(null), created, expires);
KeyGenerator keyGenerator = KeyUtils.getKeyGenerator(sbinding.getAlgorithmSuite().getAlgorithmSuiteType().getEncryption());
SecretKey symmetricKey = keyGenerator.generateKey();
tempTok.setKey(symmetricKey);
tempTok.setSecret(symmetricKey.getEncoded());
TokenStoreUtils.getTokenStore(message).add(tempTok);
return tempTok.getId();
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecretKey(javax.crypto.SecretKey)
Instant(java.time.Instant)
KeyGenerator(javax.crypto.KeyGenerator)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)187
Element (org.w3c.dom.Element)57
Test (org.junit.Test)47
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)35
Subject (ddf.security.Subject)32
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)28
SecurityAssertion (ddf.security.assertion.SecurityAssertion)27
QName (javax.xml.namespace.QName)26
Fault (org.apache.cxf.interceptor.Fault)23
SecurityManager (ddf.security.service.SecurityManager)22
TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)18
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)17
SOAPException (javax.xml.soap.SOAPException)16
Message (org.apache.cxf.message.Message)16
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)16
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
CollectionPermission (ddf.security.permission.CollectionPermission)14
Bus (org.apache.cxf.Bus)14
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
