Examples with Crypto org.apache.wss4j.common.crypto.Crypto used on opensource projects

Search in sources :

Example 1 with Crypto

use of org.apache.wss4j.common.crypto.Crypto in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            if (conditions != null) {
                callback.setConditions(conditions);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);
            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 2 with Crypto

use of org.apache.wss4j.common.crypto.Crypto in project cxf by apache.

the class SamlCallbackHandler method createKeyInfo.

protected KeyInfoBean createKeyInfo() throws Exception {
    Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(cryptoAlias);
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    KeyInfoBean keyInfo = new KeyInfoBean();
    keyInfo.setCertIdentifer(keyInfoIdentifier);
    if (keyInfoIdentifier == CERT_IDENTIFIER.X509_CERT) {
        keyInfo.setCertificate(certs[0]);
    } else if (keyInfoIdentifier == CERT_IDENTIFIER.KEY_VALUE) {
        keyInfo.setPublicKey(certs[0].getPublicKey());
    }
    return keyInfo;
}
Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate)

Example 3 with Crypto

use of org.apache.wss4j.common.crypto.Crypto in project cxf by apache.

the class SamlRoleCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            if (saml2) {
                attributeBean.setQualifiedName(ROLE_URI);
                attributeBean.setNameFormat(SAML2Constants.ATTRNAME_FORMAT_UNSPECIFIED);
            } else {
                String uri = ROLE_URI.toString();
                int lastSlash = uri.lastIndexOf("/");
                if (lastSlash == (uri.length() - 1)) {
                    uri = uri.substring(0, lastSlash);
                    lastSlash = uri.lastIndexOf("/");
                }
                String namespace = uri.substring(0, lastSlash);
                String name = uri.substring(lastSlash + 1, uri.length());
                attributeBean.setSimpleName(name);
                attributeBean.setQualifiedName(namespace);
            }
            attributeBean.addAttributeValue(roleName);
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (Exception ex) {
                throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException)

Example 4 with Crypto

use of org.apache.wss4j.common.crypto.Crypto in project cxf by apache.

the class SamlRoleCallbackHandler method createKeyInfo.

protected KeyInfoBean createKeyInfo() throws Exception {
    Crypto crypto = CryptoFactory.getInstance("alice.properties");
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("alice");
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    KeyInfoBean keyInfo = new KeyInfoBean();
    keyInfo.setCertIdentifer(keyInfoIdentifier);
    if (keyInfoIdentifier == CERT_IDENTIFIER.X509_CERT) {
        keyInfo.setCertificate(certs[0]);
    } else if (keyInfoIdentifier == CERT_IDENTIFIER.KEY_VALUE) {
        keyInfo.setPublicKey(certs[0].getPublicKey());
    }
    return keyInfo;
}
Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate)

Example 5 with Crypto

use of org.apache.wss4j.common.crypto.Crypto in project ddf by codice.

the class PKITokenValidator method validateToken.

/**
     * Validate a Token using the given TokenValidatorParameters.
     *
     * @param tokenParameters
     * @return TokenValidatorResponse
     */
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
    LOGGER.trace("Validating PKI Token");
    STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
    Crypto sigCrypto = stsProperties.getSignatureCrypto();
    CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
    RequestData requestData = new RequestData();
    requestData.setSigVerCrypto(sigCrypto);
    requestData.setWssConfig(WSSConfig.getNewInstance());
    requestData.setCallbackHandler(callbackHandler);
    TokenValidatorResponse response = new TokenValidatorResponse();
    ReceivedToken validateTarget = tokenParameters.getToken();
    validateTarget.setState(STATE.INVALID);
    response.setToken(validateTarget);
    PKIAuthenticationToken pkiToken = getPKITokenFromTarget(validateTarget);
    if (pkiToken == null) {
        return response;
    }
    BinarySecurityTokenType binarySecurityType = pkiToken.createBinarySecurityTokenType(pkiToken.getCredentials());
    // Test the encoding type
    String encodingType = binarySecurityType.getEncodingType();
    if (!PKIAuthenticationToken.BASE64_ENCODING.equals(encodingType)) {
        LOGGER.trace("Bad encoding type attribute specified: {}", encodingType);
        return response;
    }
    //
    // Turn the received JAXB object into a DOM element
    //
    Document doc = DOMUtils.createDocument();
    BinarySecurity binarySecurity = new X509Security(doc);
    binarySecurity.setEncodingType(encodingType);
    binarySecurity.setValueType(binarySecurityType.getValueType());
    String data = binarySecurityType.getValue();
    Node textNode = doc.createTextNode(data);
    binarySecurity.getElement().appendChild(textNode);
    //
    try {
        Credential credential = new Credential();
        credential.setBinarySecurityToken(binarySecurity);
        if (merlin != null) {
            byte[] token = binarySecurity.getToken();
            if (token != null) {
                X509Certificate[] certificates = merlin.getCertificatesFromBytes(token);
                if (certificates != null) {
                    if (doPathValidation) {
                        credential.setCertificates(certificates);
                    } else {
                        credential.setCertificates(new X509Certificate[] { certificates[0] });
                    }
                }
            } else {
                LOGGER.debug("Binary Security Token bytes were null.");
            }
        }
        Credential returnedCredential = validator.validate(credential, requestData);
        X500Principal subjectX500Principal = returnedCredential.getCertificates()[0].getSubjectX500Principal();
        response.setPrincipal(subjectX500Principal);
        if (response.getAdditionalProperties() == null) {
            response.setAdditionalProperties(new HashMap<>());
        }
        try {
            String emailAddress = SubjectUtils.getEmailAddress(subjectX500Principal);
            if (emailAddress != null) {
                response.getAdditionalProperties().put(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI, emailAddress);
            }
            String country = SubjectUtils.getCountry(subjectX500Principal);
            if (country != null) {
                response.getAdditionalProperties().put(SubjectUtils.COUNTRY_CLAIM_URI, country);
            }
        } catch (Exception e) {
            LOGGER.debug("Unable to set email address or country from certificate.", e);
        }
        validateTarget.setPrincipal(subjectX500Principal);
        validateTarget.setState(STATE.VALID);
    } catch (WSSecurityException ex) {
        LOGGER.info("Unable to validate credentials.", ex);
    }
    return response;
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) Credential(org.apache.wss4j.dom.validate.Credential) BinarySecurity(org.apache.wss4j.common.token.BinarySecurity) Node(org.w3c.dom.Node) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) X509Certificate(java.security.cert.X509Certificate) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) X509Security(org.apache.wss4j.common.token.X509Security)

Aggregations

Crypto (org.apache.wss4j.common.crypto.Crypto)276 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)148 Element (org.w3c.dom.Element)134 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)113 MessageImpl (org.apache.cxf.message.MessageImpl)113 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)111 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)109 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)88 ArrayList (java.util.ArrayList)86 Document (org.w3c.dom.Document)84 CallbackHandler (javax.security.auth.callback.CallbackHandler)82 JAXBElement (javax.xml.bind.JAXBElement)82 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)77 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)74 TokenRequirements (org.apache.cxf.sts.request.TokenRequirements)67 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)66 Principal (java.security.Principal)63 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)58 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)54 TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)54
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial