Example 36 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecurityManagerImplTest method testAuthToken.
/**
* Creates mock objects and uses those to pass through the system when an authentication token is
* used.
*
* @throws SecurityServiceException
*/
@Test
public void testAuthToken() throws SecurityServiceException {
// mock setup
SimplePrincipalCollection principals = new SimplePrincipalCollection();
SecurityToken secToken = new SecurityToken();
principals.add(secToken, REALM_NAME);
AuthenticationToken authToken = mock(AuthenticationToken.class);
when(authToken.getCredentials()).thenReturn("testUser");
AuthenticationInfo info = mock(AuthenticationInfo.class);
when(info.getPrincipals()).thenReturn(principals);
// realm
Realm realm = mock(Realm.class);
when(realm.getAuthenticationInfo(authToken)).thenReturn(info);
when(realm.supports(authToken)).thenReturn(Boolean.TRUE);
when(realm.getName()).thenReturn(REALM_NAME);
SecurityManagerImpl manager = new SecurityManagerImpl(mock(SecurityLogger.class));
manager.setRealms(Arrays.asList(new Realm[] { realm }));
Subject subject = manager.getSubject(authToken);
assertNotNull(subject);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
AuthenticationToken(org.apache.shiro.authc.AuthenticationToken)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
Realm(org.apache.shiro.realm.Realm)
AuthenticationInfo(org.apache.shiro.authc.AuthenticationInfo)
Subject(ddf.security.Subject)
SecurityLogger(ddf.security.audit.SecurityLogger)
Test(org.junit.Test)
Example 37 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project ddf by codice.
the class SecureCxfClientFactoryTest method setupMockSubject.
private Subject setupMockSubject() throws Exception {
Subject mockSubject = mock(Subject.class);
PrincipalCollection mockPrincipals = mock(PrincipalCollection.class);
SecurityAssertion mockSecurityAssertion = mock(SecurityAssertion.class);
SecurityToken mockToken = mock(SecurityToken.class);
when(mockSubject.getPrincipals()).thenReturn(mockPrincipals);
when(mockPrincipals.asList()).thenReturn(Arrays.asList(mockSecurityAssertion));
when(mockSecurityAssertion.getToken()).thenReturn(mockToken);
when(mockToken.getToken()).thenReturn(getAssertionElement());
return mockSubject;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
DelegatingSubject(org.apache.shiro.subject.support.DelegatingSubject)
Subject(ddf.security.Subject)
Example 38 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class AbstractSTSClient method createSecurityToken.
protected SecurityToken createSecurityToken(Element el, byte[] requestorEntropy) throws WSSecurityException, Base64DecodingException {
if ("RequestSecurityTokenResponseCollection".equals(el.getLocalName())) {
el = DOMUtils.getFirstElement(el);
}
if (!"RequestSecurityTokenResponse".equals(el.getLocalName())) {
throw new Fault("Unexpected element " + el.getLocalName(), LOG);
}
el = DOMUtils.getFirstElement(el);
Element rst = null;
Element rar = null;
Element rur = null;
Element rpt = null;
Element lte = null;
Element entropy = null;
String tt = null;
String retKeySize = null;
while (el != null) {
String ln = el.getLocalName();
if (namespace.equals(el.getNamespaceURI())) {
if ("Lifetime".equals(ln)) {
lte = el;
} else if ("RequestedSecurityToken".equals(ln)) {
rst = DOMUtils.getFirstElement(el);
} else if ("RequestedAttachedReference".equals(ln)) {
rar = DOMUtils.getFirstElement(el);
} else if ("RequestedUnattachedReference".equals(ln)) {
rur = DOMUtils.getFirstElement(el);
} else if ("RequestedProofToken".equals(ln)) {
rpt = el;
} else if ("Entropy".equals(ln)) {
entropy = el;
} else if ("TokenType".equals(ln)) {
tt = DOMUtils.getContent(el);
} else if ("KeySize".equals(ln)) {
retKeySize = DOMUtils.getContent(el);
}
}
el = DOMUtils.getNextElement(el);
}
Element rstDec = rst;
String id = findID(rar, rur, rstDec);
if (StringUtils.isEmpty(id)) {
LOG.fine("No ID extracted from token, so just making one up");
id = WSSConfig.getNewInstance().getIdAllocator().createSecureId("_", null);
}
SecurityToken token = new SecurityToken(id, rstDec, lte);
token.setAttachedReference(rar);
token.setUnattachedReference(rur);
token.setIssuerAddress(location);
token.setTokenType(tt);
byte[] secret = null;
if (rpt != null) {
Element child = DOMUtils.getFirstElement(rpt);
QName childQname = DOMUtils.getElementQName(child);
if (childQname.equals(new QName(namespace, "BinarySecret"))) {
// First check for the binary secret
String b64Secret = DOMUtils.getContent(child);
secret = org.apache.xml.security.utils.XMLUtils.decode(b64Secret);
} else if (childQname.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) {
secret = decryptKey(child);
} else if (childQname.equals(new QName(namespace, "ComputedKey"))) {
// Handle the computed key
Element computedKeyChild = entropy == null ? null : DOMUtils.getFirstElement(entropy);
byte[] serviceEntr = null;
if (computedKeyChild != null) {
QName computedKeyChildQName = DOMUtils.getElementQName(computedKeyChild);
if (computedKeyChildQName.equals(new QName(WSS4JConstants.ENC_NS, WSS4JConstants.ENC_KEY_LN))) {
serviceEntr = decryptKey(computedKeyChild);
} else if (computedKeyChildQName.equals(new QName(namespace, "BinarySecret"))) {
String content = DOMUtils.getContent(computedKeyChild);
serviceEntr = org.apache.xml.security.utils.XMLUtils.decode(content);
}
}
if (serviceEntr != null) {
// Right now we only use PSHA1 as the computed key algo
P_SHA1 psha1 = new P_SHA1();
int length = 0;
if (retKeySize != null) {
try {
length = Integer.parseInt(retKeySize);
} catch (NumberFormatException ex) {
// do nothing
}
} else {
length = keySize;
}
if (length <= 0) {
length = 256;
}
try {
secret = psha1.createKey(requestorEntropy, serviceEntr, 0, length / 8);
} catch (WSSecurityException e) {
throw new TrustException("DERIVED_KEY_ERROR", e, LOG);
}
} else {
// Service entropy missing
throw new TrustException("NO_ENTROPY", LOG);
}
}
} else if (requestorEntropy != null) {
// Use requester entropy as the key
secret = requestorEntropy;
}
token.setSecret(secret);
return token;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
P_SHA1(org.apache.wss4j.common.derivedKey.P_SHA1)
QName(javax.xml.namespace.QName)
ExtensibilityElement(javax.wsdl.extensions.ExtensibilityElement)
Element(org.w3c.dom.Element)
Fault(org.apache.cxf.interceptor.Fault)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Endpoint(org.apache.cxf.endpoint.Endpoint)
Example 39 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class DefaultSTSTokenCacher method retrieveToken.
public SecurityToken retrieveToken(Message message, Element delegationToken, String cacheKey) throws TokenStoreException {
if (delegationToken == null) {
return null;
}
TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
// See if the token corresponding to the delegation Token is stored in the cache
// and if it points to an issued token
String id = getIdFromToken(delegationToken);
SecurityToken cachedToken = tokenStore.getToken(id);
if (cachedToken != null) {
Map<String, Object> properties = cachedToken.getProperties();
if (properties != null && properties.containsKey(cacheKey)) {
String associatedToken = (String) properties.get(cacheKey);
SecurityToken issuedToken = tokenStore.getToken(associatedToken);
if (issuedToken != null) {
return issuedToken;
}
}
}
return null;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Example 40 with SecurityToken
use of org.apache.cxf.ws.security.tokenstore.SecurityToken in project cxf by apache.
the class STSStaxTokenValidator method validateTokenToSTS.
private static void validateTokenToSTS(Element tokenElement, SoapMessage message) throws WSSecurityException {
SecurityToken token = new SecurityToken();
token.setToken(tokenElement);
STSClient c = STSUtils.getClient(message, "sts");
synchronized (c) {
System.setProperty("noprint", "true");
try {
c.validateSecurityToken(token);
} catch (Exception e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
}
}
}
Also used :
UsernameSecurityToken(org.apache.wss4j.stax.securityToken.UsernameSecurityToken)
InboundSecurityToken(org.apache.xml.security.stax.securityToken.InboundSecurityToken)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlSecurityToken(org.apache.wss4j.stax.securityToken.SamlSecurityToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
Aggregations
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)187
Element (org.w3c.dom.Element)57
Test (org.junit.Test)47
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)35
Subject (ddf.security.Subject)32
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)28
SecurityAssertion (ddf.security.assertion.SecurityAssertion)27
QName (javax.xml.namespace.QName)26
Fault (org.apache.cxf.interceptor.Fault)23
SecurityManager (ddf.security.service.SecurityManager)22
TokenStoreException (org.apache.cxf.ws.security.tokenstore.TokenStoreException)18
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)17
SOAPException (javax.xml.soap.SOAPException)16
Message (org.apache.cxf.message.Message)16
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)16
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)15
CollectionPermission (ddf.security.permission.CollectionPermission)14
Bus (org.apache.cxf.Bus)14
Document (org.w3c.dom.Document)14
ArrayList (java.util.ArrayList)13
