Examples with STSClient org.apache.cxf.ws.security.trust.STSClient used on opensource projects

Example 1 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project OpenAM by OpenRock.

the class SoapSTSConsumer method issueTokenInternal.

private SecurityToken issueTokenInternal(EndpointSpecification endpointSpecification, TokenSpecification tokenSpecification, boolean allowRenewing) throws SoapSTSConsumerException {
    try {
        STSClient client = getSTSClient(stsInstanceWsdlUrl, endpointSpecification.serviceQName, endpointSpecification.portQName);
        client.setKeyType(tokenSpecification.keyType);
        client.setTokenType(tokenSpecification.tokenType);
        //for integration with renew tests.
        client.setAllowRenewing(allowRenewing);
        //will be non-null only for SV assertions
        client.setOnBehalfOf(tokenSpecification.onBehalfOf);
        if (TokenSpecification.PUBLIC_KEY_KEYTYPE.equals(tokenSpecification.keyType)) {
            client.setUseCertificateForConfirmationKeyInfo(true);
            client.setUseKeyCertificate(tokenSpecification.holderOfKeyCertificate);
        }
        return client.requestSecurityToken();
    } catch (Exception e) {
        System.out.println("Exception caught in testIssue for wsdlLocation:  " + stsInstanceWsdlUrl + "\nserviceQName: " + endpointSpecification.serviceQName + "\nendpointName: " + endpointSpecification.portQName + "\nkeyType: " + tokenSpecification.keyType + "\ntokenType: " + tokenSpecification.tokenType + "\nException: " + e);
        e.printStackTrace(System.out);
        throw new SoapSTSConsumerException(e.getMessage(), e);
    }
}

Example 2 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project OpenAM by OpenRock.

the class SoapSTSConsumer method getSTSClient.

private STSClient getSTSClient(String wsdlAddress, QName serviceQName, QName portQName) throws SoapSTSConsumerException {
    STSClient stsClient = new STSClient(bus);
    if (logMessages) {
        stsClient.getInInterceptors().add(new LoggingInInterceptor());
        stsClient.getOutInterceptors().add(new LoggingOutInterceptor());
    }
    stsClient.setWsdlLocation(wsdlAddress);
    stsClient.setServiceName(serviceQName.toString());
    stsClient.setEndpointName(portQName.toString());
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.USERNAME, usernameTokenSupportingTokenUsername);
    properties.put(SecurityConstants.CALLBACK_HANDLER, callbackHander);
    /*
        In a asymmetric binding, the client encrypt messages with with the sts' public key.
        Note that this trust (Public Key) keystore entry is not protected by a password, so the SoapSTSConsumerCallbackHandler is
        not asked to provide the password corresponding to this entry.
         */
    properties.put(SecurityConstants.ENCRYPT_USERNAME, stsPublicKeyAlias);
    Crypto crypto;
    try {
        crypto = CryptoFactory.getInstance(getEncryptionProperties());
    } catch (WSSecurityException e) {
        throw new SoapSTSConsumerException(e.getMessage(), e);
    }
    /*
        if the requested key is Public the STS_TOKEN_CRYPTO is used by the STSClient 'to send/process any
        RSA/DSAKeyValue tokens' - from javadocs
         */
    properties.put(SecurityConstants.STS_TOKEN_CRYPTO, crypto);
    properties.put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
    properties.put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
    stsClient.setProperties(properties);
    return stsClient;
}

Example 3 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project OpenAM by OpenRock.

the class SoapSTSConsumer method validateToken.

/**
     * Invokes the soap-sts Validate operation
     * @param endpointSpecification port and service qname of soap-sts instance to be invoked
     * @param toBeValidatedToken the to-be-validated SecurityToken instance returned from the Issue operation
     * @throws SoapSTSConsumerException
     */
public boolean validateToken(EndpointSpecification endpointSpecification, SecurityToken toBeValidatedToken) throws SoapSTSConsumerException {
    STSClient client = getSTSClient(stsInstanceWsdlUrl, endpointSpecification.serviceQName, endpointSpecification.portQName);
    client.setTokenType(STSConstants.STATUS);
    try {
        client.validateSecurityToken(toBeValidatedToken);
        return true;
    } catch (TrustException e) {
        return false;
    } catch (Exception e) {
        throw new SoapSTSConsumerException(e.getMessage(), e);
    }
/*
        No further checks are needed, as the STSClient will throw an exception if the token is not validated successfully.
        Also checking that the type of the SecurityToken returned by the validateSecurityToken call matches that of the
        type passed as a parameter to this call is also not a valid test, as the passed-in token is simply returned if
        the token validated successfully (and if the token was transformed, the type is not set - this may be considered a
        bug in the STSClient class - see around line 1066 - should be parsing out the TokenType element child of
        RequestSecurityTokenResponse. See CXF jira: https://issues.apache.org/jira/browse/CXF-5462).
         */
}

Example 4 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project OpenAM by OpenRock.

the class SoapSTSConsumer method cancelToken.

public boolean cancelToken(EndpointSpecification endpointSpecification, SecurityToken token, String tokenType, String keyType) throws SoapSTSConsumerException {
    STSClient client = getSTSClient(stsInstanceWsdlUrl, endpointSpecification.serviceQName, endpointSpecification.portQName);
    client.setTokenType(tokenType);
    client.setKeyType(keyType);
    try {
        return client.cancelSecurityToken(token);
    } catch (Exception e) {
        throw new SoapSTSConsumerException(e.getMessage(), e);
    }
}

Example 5 with STSClient

use of org.apache.cxf.ws.security.trust.STSClient in project cxf by apache.

the class WSSCTest method testSecureConversation.

@Test
public void testSecureConversation() throws Exception {
    final wssec.wssc.IPingService port = svc.getPort(new QName("http://WSSec/wssc", test.prefix), wssec.wssc.IPingService.class);
    if (PORT2.equals(test.port) || STAX_PORT2.equals(test.port)) {
        ((BindingProvider) port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://localhost:" + test.port + "/" + test.prefix);
    } else {
        ((BindingProvider) port).getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "http://localhost:" + test.port + "/" + test.prefix);
    }
    if (test.prefix.charAt(0) == '_') {
        // MS would like the _ versions to send a cancel
        ((BindingProvider) port).getRequestContext().put(SecurityConstants.STS_TOKEN_DO_CANCEL, Boolean.TRUE);
    }
    if (test.streaming) {
        ((BindingProvider) port).getRequestContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, "true");
        ((BindingProvider) port).getResponseContext().put(SecurityConstants.ENABLE_STREAMING_SECURITY, "true");
    }
    if (test.clearAction) {
        AbstractPhaseInterceptor<Message> clearActionInterceptor = new AbstractPhaseInterceptor<Message>(Phase.POST_LOGICAL) {

            public void handleMessage(Message message) throws Fault {
                STSClient client = STSUtils.getClient(message, "sct");
                client.getOutInterceptors().add(this);
                message.put(SecurityConstants.STS_CLIENT, client);
                String s = (String) message.get(SoapBindingConstants.SOAP_ACTION);
                if (s == null) {
                    s = SoapActionInInterceptor.getSoapAction(message);
                }
                if (s != null && s.contains("RST/SCT")) {
                    message.put(SoapBindingConstants.SOAP_ACTION, "");
                }
            }
        };
        clearActionInterceptor.addBefore(SoapPreProtocolOutInterceptor.class.getName());
        ((Client) port).getOutInterceptors().add(clearActionInterceptor);
    }
    wssec.wssc.PingRequest params = new wssec.wssc.PingRequest();
    org.xmlsoap.ping.Ping ping = new org.xmlsoap.ping.Ping();
    ping.setOrigin("CXF");
    ping.setScenario("Scenario5");
    ping.setText("ping");
    params.setPing(ping);
    try {
        wssec.wssc.PingResponse output = port.ping(params);
        assertEquals(OUT, output.getPingResponse().getText());
    } catch (Exception ex) {
        throw new Exception("Error doing " + test.prefix, ex);
    }
    ((java.io.Closeable) port).close();
}