Example 1 with TokenStore
use of org.apache.cxf.ws.security.tokenstore.TokenStore in project ddf by codice.
the class UPBSTValidatorTest method testValidateBadTokenCache.
@Test
public void testValidateBadTokenCache() {
UPBSTValidator upbstValidator = getUpbstValidator(new XmlParser(), meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(-1432225336);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
TokenValidatorResponse response = upbstValidator.validateToken(tokenParameters);
Assert.assertEquals(ReceivedToken.STATE.INVALID, response.getToken().getState());
verify(failedLoginDelayer, times(1)).delay(anyString());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
XmlParser(org.codice.ddf.parser.xml.XmlParser)
Collection(java.util.Collection)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Test(org.junit.Test)
Example 2 with TokenStore
use of org.apache.cxf.ws.security.tokenstore.TokenStore in project ddf by codice.
the class SecurityAssertionStore method getSecurityAssertion.
/**
* Return the SecurityAssertion wrapper associated with the provided message
*
* @param message Message
* @return SecurityAssertion
*/
public static SecurityAssertion getSecurityAssertion(Message message) {
if (message != null) {
TokenStore tokenStore = getTokenStore(message);
Principal principal = null;
SecurityContext context = message.get(SecurityContext.class);
if (context != null) {
principal = context.getUserPrincipal();
}
if (!(principal instanceof SAMLTokenPrincipal)) {
// Try to find the SAMLTokenPrincipal if it exists
List<?> wsResults = List.class.cast(message.get(WSHandlerConstants.RECV_RESULTS));
if (wsResults != null) {
for (Object wsResult : wsResults) {
if (wsResult instanceof WSHandlerResult) {
List<WSSecurityEngineResult> wsseResults = ((WSHandlerResult) wsResult).getResults();
for (WSSecurityEngineResult wsseResult : wsseResults) {
Object principalResult = wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principalResult instanceof SAMLTokenPrincipal) {
principal = (SAMLTokenPrincipal) principalResult;
break;
}
}
}
}
}
}
if (tokenStore != null && principal != null && principal instanceof SAMLTokenPrincipal) {
String id = ((SAMLTokenPrincipal) principal).getId();
SamlAssertionWrapper samlAssertionWrapper = ((SAMLTokenPrincipal) principal).getToken();
SecurityToken token = tokenStore.getToken(id);
if (token == null) {
if (samlAssertionWrapper.getSaml2().getIssueInstant() != null && samlAssertionWrapper.getSaml2().getConditions() != null && samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter() != null) {
token = new SecurityToken(id, samlAssertionWrapper.getElement(), samlAssertionWrapper.getSaml2().getIssueInstant().toDate(), samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter().toDate());
} else {
// we don't know how long this should last or when it was created, so just
// set it to 1 minute
// This shouldn't happen unless someone sets up a third party STS with weird
// settings.
Date date = new Date();
token = new SecurityToken(id, samlAssertionWrapper.getElement(), date, new Date(date.getTime() + TimeUnit.MINUTES.toMillis(1)));
}
tokenStore.add(token);
}
return new SecurityAssertionImpl(token);
}
}
return new SecurityAssertionImpl();
}
Also used :
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Date(java.util.Date)
SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityContext(org.apache.cxf.security.SecurityContext)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
Principal(java.security.Principal)
Example 3 with TokenStore
use of org.apache.cxf.ws.security.tokenstore.TokenStore in project ddf by codice.
the class UPBSTValidatorTest method testNoParser.
@Test(expected = IllegalStateException.class)
public void testNoParser() {
UPBSTValidator upbstValidator = getUpbstValidator(null, meanValidator);
upbstValidator.addRealm(null);
TokenValidatorParameters tokenParameters = new TokenValidatorParameters();
tokenParameters.setTokenStore(new TokenStore() {
@Override
public void add(SecurityToken token) {
}
@Override
public void add(String identifier, SecurityToken token) {
}
@Override
public void remove(String identifier) {
}
@Override
public Collection<String> getTokenIdentifiers() {
return null;
}
@Override
public SecurityToken getToken(String identifier) {
SecurityToken securityToken = new SecurityToken();
securityToken.setTokenHash(584149325);
return securityToken;
}
});
ReceivedToken validateTarget = new ReceivedToken(upbstToken);
tokenParameters.setToken(validateTarget);
tokenParameters.setStsProperties(stsPropertiesMBean);
upbstValidator.validateToken(tokenParameters);
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Collection(java.util.Collection)
Matchers.anyString(org.mockito.Matchers.anyString)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Test(org.junit.Test)
Example 4 with TokenStore
use of org.apache.cxf.ws.security.tokenstore.TokenStore in project cxf by apache.
the class DefaultSTSTokenCacher method retrieveToken.
public SecurityToken retrieveToken(Message message, Element delegationToken, String cacheKey) throws TokenStoreException {
if (delegationToken == null) {
return null;
}
TokenStore tokenStore = TokenStoreUtils.getTokenStore(message);
// See if the token corresponding to the delegation Token is stored in the cache
// and if it points to an issued token
String id = getIdFromToken(delegationToken);
SecurityToken cachedToken = tokenStore.getToken(id);
if (cachedToken != null) {
Map<String, Object> properties = cachedToken.getProperties();
if (properties != null && properties.containsKey(cacheKey)) {
String associatedToken = (String) properties.get(cacheKey);
SecurityToken issuedToken = tokenStore.getToken(associatedToken);
if (issuedToken != null) {
return issuedToken;
}
}
}
return null;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
Example 5 with TokenStore
use of org.apache.cxf.ws.security.tokenstore.TokenStore in project cxf by apache.
the class STSTokenValidator method validateWithSTS.
public Credential validateWithSTS(Credential credential, Message message) throws WSSecurityException {
try {
SecurityToken token = new SecurityToken();
Element tokenElement = null;
int hash = 0;
if (credential.getSamlAssertion() != null) {
SamlAssertionWrapper assertion = credential.getSamlAssertion();
byte[] signatureValue = assertion.getSignatureValue();
if (signatureValue != null && signatureValue.length > 0) {
hash = Arrays.hashCode(signatureValue);
}
tokenElement = credential.getSamlAssertion().getElement();
} else if (credential.getUsernametoken() != null) {
tokenElement = credential.getUsernametoken().getElement();
hash = credential.getUsernametoken().hashCode();
} else if (credential.getBinarySecurityToken() != null) {
tokenElement = credential.getBinarySecurityToken().getElement();
hash = credential.getBinarySecurityToken().hashCode();
} else if (credential.getSecurityContextToken() != null) {
tokenElement = credential.getSecurityContextToken().getElement();
hash = credential.getSecurityContextToken().hashCode();
}
token.setToken(tokenElement);
TokenStore ts = null;
if (!disableCaching) {
ts = getTokenStore(message);
if (ts == null) {
ts = tokenStore;
}
if (ts != null && hash != 0) {
SecurityToken transformedToken = getTransformedToken(ts, hash);
if (transformedToken != null && !transformedToken.isExpired()) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(transformedToken.getToken());
credential.setPrincipal(new SAMLTokenPrincipalImpl(assertion));
credential.setTransformedToken(assertion);
return credential;
}
}
}
token.setTokenHash(hash);
STSClient c = stsClient;
if (c == null) {
c = STSUtils.getClient(message, "sts");
}
synchronized (c) {
System.setProperty("noprint", "true");
final SecurityToken returnedToken;
if (useIssueBinding && useOnBehalfOf) {
ElementCallbackHandler callbackHandler = new ElementCallbackHandler(tokenElement);
c.setOnBehalfOf(callbackHandler);
returnedToken = c.requestSecurityToken();
c.setOnBehalfOf(null);
} else if (useIssueBinding && !useOnBehalfOf && credential.getUsernametoken() != null) {
c.getProperties().put(SecurityConstants.USERNAME, credential.getUsernametoken().getName());
c.getProperties().put(SecurityConstants.PASSWORD, credential.getUsernametoken().getPassword());
returnedToken = c.requestSecurityToken();
c.getProperties().remove(SecurityConstants.USERNAME);
c.getProperties().remove(SecurityConstants.PASSWORD);
} else {
List<SecurityToken> tokens = c.validateSecurityToken(token);
returnedToken = tokens.get(0);
}
if (returnedToken != token) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(returnedToken.getToken());
credential.setTransformedToken(assertion);
credential.setPrincipal(new SAMLTokenPrincipalImpl(assertion));
if (!disableCaching && hash != 0 && ts != null) {
ts.add(returnedToken);
token.setTransformedTokenIdentifier(returnedToken.getId());
ts.add(Integer.toString(hash), token);
}
}
return credential;
}
} catch (RuntimeException e) {
throw e;
} catch (Exception e) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "invalidSAMLsecurity");
}
}
Also used :
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
IOException(java.io.IOException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
TokenStoreException(org.apache.cxf.ws.security.tokenstore.TokenStoreException)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
List(java.util.List)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
SAMLTokenPrincipalImpl(org.apache.wss4j.common.principal.SAMLTokenPrincipalImpl)
Aggregations
TokenStore (org.apache.cxf.ws.security.tokenstore.TokenStore)26
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)17
URL (java.net.URL)9
QName (javax.xml.namespace.QName)8
Service (javax.xml.ws.Service)8
DoubleItPortType (org.example.contract.doubleit.DoubleItPortType)8
Client (org.apache.cxf.endpoint.Client)7
Element (org.w3c.dom.Element)6
Bus (org.apache.cxf.Bus)5
Endpoint (org.apache.cxf.endpoint.Endpoint)5
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)5
Collection (java.util.Collection)4
SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)4
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)4
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)4
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)4
Test (org.junit.Test)4
Matchers.anyString (org.mockito.Matchers.anyString)4
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)3
MemoryTokenStore (org.apache.cxf.ws.security.tokenstore.MemoryTokenStore)3
