Examples with Merlin org.apache.wss4j.common.crypto.Merlin used on opensource projects

Search in sources :

Example 11 with Merlin

use of org.apache.wss4j.common.crypto.Merlin in project cxf by apache.

the class SAMLResponseValidatorTest method testSignedResponse.

@org.junit.Test
public void testSignedResponse() throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = new Merlin();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class);
    InputStream input = Merlin.loadInputStream(loader, "alice.jks");
    keyStore.load(input, "password".toCharArray());
    ((Merlin) issuerCrypto).setKeyStore(keyStore);
    response.getAssertions().add(assertion.getSaml2());
    signResponse(response, "alice", "password", issuerCrypto, true);
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        validator.validateSamlResponse(marshalledResponse, null, new KeystorePasswordCallback());
        fail("Expected failure on no Signature Crypto");
    } catch (WSSecurityException ex) {
    // expected
    }
    // Validate the Response
    validator.validateSamlResponse(marshalledResponse, issuerCrypto, new KeystorePasswordCallback());
}
Also used : Status(org.opensaml.saml.saml2.core.Status) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Merlin(org.apache.wss4j.common.crypto.Merlin)

Example 12 with Merlin

use of org.apache.wss4j.common.crypto.Merlin in project cxf by apache.

the class SAMLResponseValidatorTest method testResponseModifiedSignedAssertion.

@org.junit.Test
public void testResponseModifiedSignedAssertion() throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = new Merlin();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class);
    InputStream input = Merlin.loadInputStream(loader, "alice.jks");
    keyStore.load(input, "password".toCharArray());
    ((Merlin) issuerCrypto).setKeyStore(keyStore);
    assertion.signAssertion("alice", "password", issuerCrypto, false);
    response.getAssertions().add(assertion.getSaml2());
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    List<Element> assertions = DOMUtils.findAllElementsByTagNameNS(policyElement, SAMLConstants.SAML20_NS, "Assertion");
    assertNotNull(assertions);
    assertTrue(assertions.size() == 1);
    assertions.get(0).setAttributeNS(null, "newattr", "http://apache.org");
    Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        // Validate the Response
        validator.validateSamlResponse(marshalledResponse, issuerCrypto, new KeystorePasswordCallback());
        fail("Expected failure on a bad signature");
    } catch (WSSecurityException ex) {
    // expected
    }
}
Also used : Status(org.opensaml.saml.saml2.core.Status) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Merlin(org.apache.wss4j.common.crypto.Merlin)

Example 13 with Merlin

use of org.apache.wss4j.common.crypto.Merlin in project cxf by apache.

the class JWTTokenProvider method encryptToken.

private String encryptToken(String token, JweHeaders jweHeaders, STSPropertiesMBean stsProperties, EncryptionProperties encryptionProperties, KeyRequirements keyRequirements) throws Exception {
    Properties encProperties = new Properties();
    String name = encryptionProperties.getEncryptionName();
    if (name == null) {
        name = stsProperties.getEncryptionUsername();
    }
    if (name == null) {
        LOG.fine("No encryption alias is configured");
        return token;
    }
    encProperties.put(JoseConstants.RSSEC_KEY_STORE_ALIAS, name);
    // Get the encryption algorithm to use - for now we don't allow the client to ask
    // for a particular encryption algorithm, as with SAML
    String encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
    try {
        ContentAlgorithm.getAlgorithm(encryptionAlgorithm);
    } catch (IllegalArgumentException ex) {
        encryptionAlgorithm = ContentAlgorithm.A128GCM.name();
    }
    encProperties.put(JoseConstants.RSSEC_ENCRYPTION_CONTENT_ALGORITHM, encryptionAlgorithm);
    // Get the key-wrap algorithm to use - for now we don't allow the client to ask
    // for a particular encryption algorithm, as with SAML
    String keyWrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
    try {
        KeyAlgorithm.getAlgorithm(keyWrapAlgorithm);
    } catch (IllegalArgumentException ex) {
        keyWrapAlgorithm = KeyAlgorithm.RSA_OAEP.name();
    }
    encProperties.put(JoseConstants.RSSEC_ENCRYPTION_KEY_ALGORITHM, keyWrapAlgorithm);
    // Initialise encryption objects with defaults of STSPropertiesMBean
    Crypto encryptionCrypto = stsProperties.getEncryptionCrypto();
    if (!(encryptionCrypto instanceof Merlin)) {
        throw new STSException("Can't get the keystore", STSException.REQUEST_FAILED);
    }
    KeyStore keystore = ((Merlin) encryptionCrypto).getKeyStore();
    encProperties.put(JoseConstants.RSSEC_KEY_STORE, keystore);
    JweEncryptionProvider encProvider = JweUtils.loadEncryptionProvider(encProperties, jweHeaders);
    return encProvider.encrypt(StringUtils.toBytesUTF8(token), null);
}
Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) JweEncryptionProvider(org.apache.cxf.rs.security.jose.jwe.JweEncryptionProvider) STSException(org.apache.cxf.ws.security.sts.provider.STSException) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) SignatureProperties(org.apache.cxf.sts.SignatureProperties) Properties(java.util.Properties) RealmProperties(org.apache.cxf.sts.token.realm.RealmProperties) KeyStore(java.security.KeyStore) Merlin(org.apache.wss4j.common.crypto.Merlin)

Example 14 with Merlin

use of org.apache.wss4j.common.crypto.Merlin in project ddf by codice.

the class UPBSTValidatorTest method setup.

@Before
public void setup() {
    niceValidator.setContextName("realm");
    meanValidator.setContextName("realm");
    stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(new Merlin());
    when(stsPropertiesMBean.getCallbackHandler()).thenReturn(callbacks -> {
    });
    UPAuthenticationToken upAuthenticationToken = new UPAuthenticationToken("good", "password", "realm");
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setValueType(UPAuthenticationToken.UP_TOKEN_VALUE_TYPE);
    binarySecurityTokenType.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenType.setId(UPAuthenticationToken.BST_USERNAME_LN);
    binarySecurityTokenType.setValue(upAuthenticationToken.getEncodedCredentials());
    upbstToken = new JAXBElement<>(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken"), BinarySecurityTokenType.class, binarySecurityTokenType);
    failedLoginDelayer = mock(FailedLoginDelayer.class);
}
Also used : STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) QName(javax.xml.namespace.QName) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) Merlin(org.apache.wss4j.common.crypto.Merlin) FailedLoginDelayer(org.codice.ddf.security.common.FailedLoginDelayer) Before(org.junit.Before)

Example 15 with Merlin

use of org.apache.wss4j.common.crypto.Merlin in project syncope by apache.

the class SAML2ReaderWriter method sign.

public String sign(final String request, final String relayState) throws NoSuchAlgorithmException, WSSecurityException, InvalidKeyException, UnsupportedEncodingException, SignatureException {
    Merlin crypto = new Merlin();
    crypto.setKeyStore(loader.getKeyStore());
    PrivateKey privateKey = crypto.getPrivateKey(loader.getCredential().getPublicKey(), callbackHandler);
    java.security.Signature signature = java.security.Signature.getInstance(jceSigAlgo);
    signature.initSign(privateKey);
    String requestToSign = SSOConstants.SAML_REQUEST + "=" + request + "&" + SSOConstants.RELAY_STATE + "=" + relayState + "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(sigAlgo, StandardCharsets.UTF_8.name());
    signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
    return Base64.getEncoder().encodeToString(signature.sign());
}
Also used : PrivateKey(java.security.PrivateKey) Merlin(org.apache.wss4j.common.crypto.Merlin)

Aggregations

Merlin (org.apache.wss4j.common.crypto.Merlin)24 KeyStore (java.security.KeyStore)20 Crypto (org.apache.wss4j.common.crypto.Crypto)20 InputStream (java.io.InputStream)14 Response (org.opensaml.saml.saml2.core.Response)12 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)11 Element (org.w3c.dom.Element)11 Document (org.w3c.dom.Document)10 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)9 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)8 Status (org.opensaml.saml.saml2.core.Status)8 Properties (java.util.Properties)6 SignatureProperties (org.apache.cxf.sts.SignatureProperties)5 EncryptionProperties (org.apache.cxf.sts.service.EncryptionProperties)5 JwsJwtCompactConsumer (org.apache.cxf.rs.security.jose.jws.JwsJwtCompactConsumer)4 JwtToken (org.apache.cxf.rs.security.jose.jwt.JwtToken)4 SubjectConfirmationDataBean (org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean)4 DateTime (org.joda.time.DateTime)4 JweDecryptionOutput (org.apache.cxf.rs.security.jose.jwe.JweDecryptionOutput)3 JweDecryptionProvider (org.apache.cxf.rs.security.jose.jwe.JweDecryptionProvider)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial