Examples with PrincipalCollection org.apache.shiro.subject.PrincipalCollection used on opensource projects

Example 6 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class IdpEndpointTest method setup.

@Before
public void setup() throws IOException, SecurityServiceException, ParserConfigurationException, SAXException {
    System.setProperty("org.codice.ddf.system.hostname", "localhost");
    System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
    File jksFile = temporaryFolder.newFile("serverKeystore.jks");
    FileOutputStream jksOutStream = new FileOutputStream(jksFile);
    InputStream jksStream = IdpEndpointTest.class.getResourceAsStream("/serverKeystore.jks");
    IOUtils.copy(jksStream, jksOutStream);
    IOUtils.closeQuietly(jksStream);
    IOUtils.closeQuietly(jksOutStream);
    File signatureFile = temporaryFolder.newFile("signature.properties");
    FileOutputStream signatureOutStream = new FileOutputStream(signatureFile);
    InputStream signatureStream = IdpEndpointTest.class.getResourceAsStream("/signature.properties");
    IOUtils.copy(signatureStream, signatureOutStream);
    IOUtils.closeQuietly(signatureStream);
    IOUtils.closeQuietly(signatureOutStream);
    File encryptionFile = temporaryFolder.newFile("encryption.properties");
    FileOutputStream encryptionOutStream = new FileOutputStream(encryptionFile);
    InputStream encryptionStream = IdpEndpointTest.class.getResourceAsStream("/encryption.properties");
    IOUtils.copy(encryptionStream, encryptionOutStream);
    IOUtils.closeQuietly(encryptionStream);
    IOUtils.closeQuietly(encryptionOutStream);
    EncryptionService encryptionService = mock(EncryptionService.class);
    when(encryptionService.decrypt(anyString())).thenReturn("changeit");
    when(encryptionService.encrypt(anyString())).thenReturn("changeit");
    SecurityManager securityManager = mock(SecurityManager.class);
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    when(securityToken.getToken()).thenReturn(readDocument("/saml.xml").getDocumentElement());
    when(securityManager.getSubject(anyObject())).thenReturn(subject);
    System.setProperty("javax.net.ssl.keyStore", jksFile.getAbsolutePath());
    idpEndpoint = new IdpEndpoint(signatureFile.getAbsolutePath(), encryptionFile.getAbsolutePath(), encryptionService);
    idpEndpoint.setStrictSignature(true);
    idpEndpoint.init();
    idpEndpoint.setSpMetadata(Collections.singletonList(spMetadata));
    idpEndpoint.setSecurityManager(securityManager);
    PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
    pkiAuthenticationTokenFactory.setSignaturePropertiesPath(signatureFile.getAbsolutePath());
    pkiAuthenticationTokenFactory.init();
    idpEndpoint.setTokenFactory(pkiAuthenticationTokenFactory);
    idpEndpoint.cookieCache.cacheSamlAssertion("1", readDocument("/saml.xml").getDocumentElement());
    idpEndpoint.setExpirationTime(30);
    relayState = "ef95c04b-6c05-4d12-b65f-dd32fed8811e";
    requestCertificateAttributeName = "javax.servlet.request.X509Certificate";
    requestURL = new StringBuffer("https://www.example.com");
    samlConditionDateFormat = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
    signature = authNRequestGetSignature;
    signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
    ssoSAMLResponse = "https://localhost:8993/services/saml/sso?SAMLResponse=";
}

Example 7 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class IdpEndpointTest method testPassiveLoginPkiUnsupported.

@Test
public void testPassiveLoginPkiUnsupported() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
    String samlRequest = authNRequestPassivePkiGet;
    HttpServletRequest request = mock(HttpServletRequest.class);
    X509Certificate x509Certificate = mock(X509Certificate.class);
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    SecurityManager securityManager = mock(SecurityManager.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    //this mock element is what will cause the signature error
    when(securityToken.getToken()).thenReturn(mock(Element.class));
    when(securityManager.getSubject(anyObject())).thenReturn(subject);
    idpEndpoint.setSecurityManager(securityManager);
    idpEndpoint.setStrictSignature(false);
    when(request.isSecure()).thenReturn(true);
    when(request.getRequestURL()).thenReturn(requestURL);
    when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
    //dummy cert
    when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
    when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
    Response response = idpEndpoint.showGetLogin(samlRequest, relayState, signatureAlgorithm, signature, request);
    String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse=", "&RelayState");
    responseStr = URLDecoder.decode(responseStr, "UTF-8");
    responseStr = RestSecurity.inflateBase64(responseStr);
    //the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
    assertThat(responseStr, containsString("status:RequestUnsupported"));
}

Example 8 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class SecurityTest method testTokenAboutToExpire.

@Test
public void testTokenAboutToExpire() throws Exception {
    Subject subject = mock(Subject.class);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    PrincipalCollection pc = mock(PrincipalCollection.class);
    SecurityToken st = mock(SecurityToken.class);
    when(st.isAboutToExpire(anyLong())).thenReturn(true);
    assertThat(security.tokenAboutToExpire(null), equalTo(true));
    assertThat(security.tokenAboutToExpire(subject), equalTo(true));
    when(subject.getPrincipals()).thenReturn(pc);
    assertThat(security.tokenAboutToExpire(subject), equalTo(true));
    when(pc.oneByType(any(Class.class))).thenReturn(assertion);
    when(assertion.getSecurityToken()).thenReturn(st);
    assertThat(security.tokenAboutToExpire(subject), equalTo(true));
    when(st.isAboutToExpire(anyLong())).thenReturn(false);
    assertThat(security.tokenAboutToExpire(subject), equalTo(false));
}

Example 9 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class GuestInterceptor method createSecurityToken.

private SecurityToken createSecurityToken(String ipAddress) {
    SecurityToken securityToken = null;
    Subject subject = getSubject(ipAddress);
    LOGGER.trace("Attempting to create Security token.");
    if (subject != null) {
        PrincipalCollection principals = subject.getPrincipals();
        if (principals != null) {
            SecurityAssertion securityAssertion = principals.oneByType(SecurityAssertion.class);
            if (securityAssertion != null) {
                securityToken = securityAssertion.getSecurityToken();
            } else {
                LOGGER.info("Subject did not contain a security assertion, could not add assertion to the security header.");
            }
        } else {
            LOGGER.info("Subject did not contain any principals, could not create security token.");
        }
    }
    return securityToken;
}

Example 10 with PrincipalCollection

use of org.apache.shiro.subject.PrincipalCollection in project ddf by codice.

the class SubjectUtils method getAttribute.

/**
     * Get any attribute from a subject by key.
     *
     * @param subject
     * @param key
     * @return attribute values or an empty list if not found.
     */
public static List<String> getAttribute(@Nullable Subject subject, String key) {
    Validate.notNull(key);
    if (subject == null) {
        LOGGER.debug("Incoming subject was null, cannot look up {}.", key);
        return Collections.emptyList();
    }
    PrincipalCollection principals = subject.getPrincipals();
    if (principals == null) {
        LOGGER.debug("No principals located in the incoming subject, cannot look up {}.", key);
        return Collections.emptyList();
    }
    SecurityAssertion assertion = principals.oneByType(SecurityAssertion.class);
    if (assertion == null) {
        LOGGER.debug("Could not find Security Assertion, cannot look up {}.", key);
        return Collections.emptyList();
    }
    return assertion.getAttributeStatements().stream().flatMap(as -> as.getAttributes().stream()).filter(a -> a.getName().equals(key)).flatMap(a -> a.getAttributeValues().stream()).filter(o -> o instanceof XSString).map(o -> (XSString) o).map(XSString::getValue).collect(Collectors.toList());
}