Search in sources :

Example 1 with Crypto

use of org.apache.ws.security.components.crypto.Crypto in project OpenAM by OpenRock.

the class SoapSTSInstanceModule method getProperties.

/*
     */
/**
     * These properties configure the web-service deployment, and are primarily referenced by the ws-security interceptors
     * deployed as part of CXF. These interceptors are responsible for enforcing the security-policy bindings protecting
     * the STS. To this end, various crypto objects are required, and the TokenValidators for the configured validated
     * token types are plugged-in.
     * @param wssValidatorFactory the factory class which will produce the wss Validator instances to enforce SecurityPolicy bindings
     * @param logger for error state logging
     * @return the Map that serves to configure the web-service deployment
     * @throws WSSecurityException In case an unexpected TokenType is encountered, or a TokenValidator could not be created.
     */
@Provides
@Named(AMSTSConstants.STS_WEB_SERVICE_PROPERTIES)
@Inject
Map<String, Object> getProperties(WSSValidatorFactory wssValidatorFactory, Logger logger) throws WSSecurityException {
    Map<String, Object> properties = new HashMap<>();
    // KeystoreConfig may be null for a TLS-based SecurityPolicy binding, or for the AM-bare binding.
    if (stsInstanceConfig.getKeystoreConfig() != null) {
        properties.put(SecurityConstants.CALLBACK_HANDLER, new SoapSTSCallbackHandler(stsInstanceConfig.getKeystoreConfig(), logger));
        Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
        properties.put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
        properties.put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
        properties.put(SecurityConstants.SIGNATURE_USERNAME, stsInstanceConfig.getKeystoreConfig().getSignatureKeyAlias());
    }
    properties.put("faultStackTraceEnabled", "true");
    properties.put("exceptionMessageCauseEnabled", "true");
    processSecurityPolicyTokenValidatorConfiguration(properties, wssValidatorFactory, logger);
    return properties;
}
Also used : Crypto(org.apache.ws.security.components.crypto.Crypto) HashMap(java.util.HashMap) SoapSTSCallbackHandler(org.forgerock.openam.sts.soap.SoapSTSCallbackHandler) Inject(javax.inject.Inject) Named(javax.inject.Named) Provides(com.google.inject.Provides)

Example 2 with Crypto

use of org.apache.ws.security.components.crypto.Crypto in project OpenAM by OpenRock.

the class SoapSTSConsumer method getSTSClient.

private STSClient getSTSClient(String wsdlAddress, QName serviceQName, QName portQName) throws SoapSTSConsumerException {
    STSClient stsClient = new STSClient(bus);
    if (logMessages) {
        stsClient.getInInterceptors().add(new LoggingInInterceptor());
        stsClient.getOutInterceptors().add(new LoggingOutInterceptor());
    }
    stsClient.setWsdlLocation(wsdlAddress);
    stsClient.setServiceName(serviceQName.toString());
    stsClient.setEndpointName(portQName.toString());
    Map<String, Object> properties = new HashMap<>();
    properties.put(SecurityConstants.USERNAME, usernameTokenSupportingTokenUsername);
    properties.put(SecurityConstants.CALLBACK_HANDLER, callbackHander);
    /*
        In a asymmetric binding, the client encrypt messages with with the sts' public key.
        Note that this trust (Public Key) keystore entry is not protected by a password, so the SoapSTSConsumerCallbackHandler is
        not asked to provide the password corresponding to this entry.
         */
    properties.put(SecurityConstants.ENCRYPT_USERNAME, stsPublicKeyAlias);
    Crypto crypto;
    try {
        crypto = CryptoFactory.getInstance(getEncryptionProperties());
    } catch (WSSecurityException e) {
        throw new SoapSTSConsumerException(e.getMessage(), e);
    }
    /*
        if the requested key is Public the STS_TOKEN_CRYPTO is used by the STSClient 'to send/process any
        RSA/DSAKeyValue tokens' - from javadocs
         */
    properties.put(SecurityConstants.STS_TOKEN_CRYPTO, crypto);
    properties.put(SecurityConstants.ENCRYPT_CRYPTO, crypto);
    properties.put(SecurityConstants.SIGNATURE_CRYPTO, crypto);
    stsClient.setProperties(properties);
    return stsClient;
}
Also used : STSClient(org.apache.cxf.ws.security.trust.STSClient) Crypto(org.apache.ws.security.components.crypto.Crypto) HashMap(java.util.HashMap) LoggingOutInterceptor(org.apache.cxf.interceptor.LoggingOutInterceptor) LoggingInInterceptor(org.apache.cxf.interceptor.LoggingInInterceptor) WSSecurityException(org.apache.ws.security.WSSecurityException)

Example 3 with Crypto

use of org.apache.ws.security.components.crypto.Crypto in project OpenAM by OpenRock.

the class SoapSTSInstanceModule method getSTSProperties.

/**
     * This method will provide the instance of the STSPropertiesMBean necessary both for the STS proper, and for the
     * CXF interceptor-set which enforces the SecurityPolicy bindings.
     *
     * It should be a singleton because this same instance is shared by all of the token operation instances, as well as
     * by the CXF interceptor-set
     */
@Provides
@Singleton
@Inject
STSPropertiesMBean getSTSProperties(Logger logger) {
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    // KeystoreConfig may be null for a TLS-based SecurityPolicy binding, or for the AM-bare binding.
    if (stsInstanceConfig.getKeystoreConfig() != null) {
        stsProperties.setCallbackHandler(new SoapSTSCallbackHandler(stsInstanceConfig.getKeystoreConfig(), logger));
        Crypto crypto;
        try {
            crypto = CryptoFactory.getInstance(getEncryptionProperties());
        } catch (WSSecurityException e) {
            String message = "Exception caught initializing the CryptoFactory: " + e;
            logger.error(message, e);
            throw new IllegalStateException(message);
        }
        stsProperties.setSignatureCrypto(crypto);
        stsProperties.setEncryptionCrypto(crypto);
        stsProperties.setSignatureUsername(stsInstanceConfig.getKeystoreConfig().getSignatureKeyAlias());
    }
    return stsProperties;
}
Also used : Crypto(org.apache.ws.security.components.crypto.Crypto) SoapSTSCallbackHandler(org.forgerock.openam.sts.soap.SoapSTSCallbackHandler) WSSecurityException(org.apache.ws.security.WSSecurityException) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) Inject(javax.inject.Inject) Singleton(javax.inject.Singleton) Provides(com.google.inject.Provides)

Aggregations

Crypto (org.apache.ws.security.components.crypto.Crypto)3 Provides (com.google.inject.Provides)2 HashMap (java.util.HashMap)2 Inject (javax.inject.Inject)2 WSSecurityException (org.apache.ws.security.WSSecurityException)2 SoapSTSCallbackHandler (org.forgerock.openam.sts.soap.SoapSTSCallbackHandler)2 Named (javax.inject.Named)1 Singleton (javax.inject.Singleton)1 LoggingInInterceptor (org.apache.cxf.interceptor.LoggingInInterceptor)1 LoggingOutInterceptor (org.apache.cxf.interceptor.LoggingOutInterceptor)1 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)1 STSClient (org.apache.cxf.ws.security.trust.STSClient)1