Example 16 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class PaosInInterceptor method checkAuthnRequest.
private void checkAuthnRequest(SOAPPart soapRequest) throws IOException {
XMLObject authnXmlObj = null;
try {
Node node = soapRequest.getEnvelope().getBody().getFirstChild();
authnXmlObj = SamlProtocol.getXmlObjectFromNode(node);
} catch (WSSecurityException | SOAPException | XMLStreamException ex) {
throw new IOException("Unable to convert AuthnRequest document to XMLObject.");
}
if (authnXmlObj == null) {
throw new IOException("AuthnRequest object is not Found.");
}
if (!(authnXmlObj instanceof AuthnRequest)) {
throw new IOException("SAMLRequest object is not AuthnRequest.");
}
}
Also used :
XMLStreamException(javax.xml.stream.XMLStreamException)
AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest)
Node(org.w3c.dom.Node)
SOAPException(javax.xml.soap.SOAPException)
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
Example 17 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class UsernameTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.debug("Validating UsernameToken");
if (parser == null) {
throw new IllegalStateException("XMLParser must be configured.");
}
if (failedLoginDelayer == null) {
throw new IllegalStateException("Failed Login Delayer must be configured");
}
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(ReceivedToken.STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isUsernameToken()) {
return response;
}
//
// Turn the JAXB UsernameTokenType into a DOM Element for validation
//
UsernameTokenType usernameTokenType = (UsernameTokenType) validateTarget.getToken();
JAXBElement<UsernameTokenType> tokenType = new JAXBElement<>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType);
Document doc = DOMUtils.createDocument();
Element rootElement = doc.createElement("root-element");
List<String> ctxPath = new ArrayList<>(1);
ctxPath.add(UsernameTokenType.class.getPackage().getName());
Element usernameTokenElement = null;
ParserConfigurator configurator = parser.configureParser(ctxPath, UsernameTokenValidator.class.getClassLoader());
try {
parser.marshal(configurator, tokenType, rootElement);
usernameTokenElement = (Element) rootElement.getFirstChild();
} catch (ParserException ex) {
LOGGER.info("Unable to parse username token", ex);
return response;
}
//
try {
boolean allowNamespaceQualifiedPasswordTypes = requestData.isAllowNamespaceQualifiedPasswordTypes();
UsernameToken ut = new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, new BSPEnforcer());
// The parsed principal is set independent whether validation is successful or not
response.setPrincipal(new CustomTokenPrincipal(ut.getName()));
if (ut.getPassword() == null) {
failedLoginDelayer.delay(ut.getName());
return response;
}
Credential credential = new Credential();
credential.setUsernametoken(ut);
//Only this section is new, the rest is copied from the apache class
Set<Map.Entry<String, Validator>> entries = validators.entrySet();
for (Map.Entry<String, Validator> entry : entries) {
try {
entry.getValue().validate(credential, requestData);
validateTarget.setState(ReceivedToken.STATE.VALID);
break;
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate user against {}" + entry.getKey(), ex);
}
}
if (ReceivedToken.STATE.INVALID.equals(validateTarget.getState())) {
failedLoginDelayer.delay(ut.getName());
return response;
}
//end new section
Principal principal = createPrincipal(ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated());
response.setPrincipal(principal);
response.setTokenRealm(null);
validateTarget.setState(ReceivedToken.STATE.VALID);
validateTarget.setPrincipal(principal);
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate token.", ex);
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Document(org.w3c.dom.Document)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)
RequestData(org.apache.wss4j.dom.handler.RequestData)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
ParserException(org.codice.ddf.parser.ParserException)
Credential(org.apache.wss4j.dom.validate.Credential)
UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)
BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
JAXBElement(javax.xml.bind.JAXBElement)
ParserConfigurator(org.codice.ddf.parser.ParserConfigurator)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Validator(org.apache.wss4j.dom.validate.Validator)
JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)
TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 18 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class TestUsernameTokenValidator method setup.
@Before
public void setup() {
try {
Credential credential = mock(Credential.class);
when(niceValidator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
} catch (WSSecurityException ignore) {
//do nothing
}
failedLoginDelayer = mock(FailedLoginDelayer.class);
}
Also used :
Credential(org.apache.wss4j.dom.validate.Credential)
RequestData(org.apache.wss4j.dom.handler.RequestData)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
FailedLoginDelayer(org.codice.ddf.security.common.FailedLoginDelayer)
Before(org.junit.Before)
Example 19 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class TestX509PathTokenValidator method setUp.
@Before
public void setUp() {
x509PathTokenValidator = new X509PathTokenValidator();
x509PathTokenValidator.merlin = mock(Merlin.class);
try {
X509Certificate mockCert = mock(X509Certificate.class);
X509Certificate[] x509Certificates = new X509Certificate[] { mockCert };
when(x509PathTokenValidator.merlin.getCertificatesFromBytes(any(byte[].class))).thenReturn(x509Certificates);
when(x509PathTokenValidator.merlin.loadCertificate(any(InputStream.class))).thenReturn(mockCert);
} catch (WSSecurityException e) {
//ignore
}
validator = mock(Validator.class);
}
Also used :
InputStream(java.io.InputStream)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Merlin(org.apache.wss4j.common.crypto.Merlin)
X509Certificate(java.security.cert.X509Certificate)
Validator(org.apache.wss4j.dom.validate.Validator)
X509TokenValidator(org.apache.cxf.sts.token.validator.X509TokenValidator)
Before(org.junit.Before)
Example 20 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project midpoint by Evolveum.
the class ModelWebService method throwFault.
public void throwFault(Throwable ex, OperationResult result) throws FaultMessage {
if (result != null) {
result.recordFatalError(ex.getMessage(), ex);
}
FaultType faultType;
if (ex instanceof ObjectNotFoundException) {
faultType = new ObjectNotFoundFaultType();
} else if (ex instanceof IllegalArgumentException) {
faultType = new IllegalArgumentFaultType();
} else if (ex instanceof ObjectAlreadyExistsException) {
faultType = new ObjectAlreadyExistsFaultType();
} else if (ex instanceof CommunicationException) {
faultType = new CommunicationFaultType();
} else if (ex instanceof ConfigurationException) {
faultType = new ConfigurationFaultType();
} else if (ex instanceof ExpressionEvaluationException) {
faultType = new SystemFaultType();
} else if (ex instanceof SchemaException) {
faultType = new SchemaViolationFaultType();
} else if (ex instanceof PolicyViolationException) {
faultType = new PolicyViolationFaultType();
} else if (ex instanceof AuthorizationException) {
throw new Fault(new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION), WSSecurityException.ErrorCode.FAILED_AUTHENTICATION.getQName());
} else if (ex instanceof SecurityViolationException) {
throw new Fault(new WSSecurityException(WSSecurityException.ErrorCode.FAILURE), WSSecurityException.ErrorCode.FAILURE.getQName());
} else {
faultType = new SystemFaultType();
}
faultType.setMessage(ex.getMessage());
if (result != null) {
faultType.setOperationResult(result.createOperationResultType());
}
FaultMessage fault = new FaultMessage(ex.getMessage(), faultType, ex);
LOGGER.trace("Throwing fault message type: {}", faultType.getClass(), fault);
throw fault;
}
Also used :
Fault(org.apache.cxf.interceptor.Fault)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Aggregations
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)44
IOException (java.io.IOException)16
X509Certificate (java.security.cert.X509Certificate)13
RequestData (org.apache.wss4j.dom.handler.RequestData)13
Credential (org.apache.wss4j.dom.validate.Credential)12
Document (org.w3c.dom.Document)12
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)11
Crypto (org.apache.wss4j.common.crypto.Crypto)11
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)10
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)10
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)10
XMLObject (org.opensaml.core.xml.XMLObject)7
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7
Element (org.w3c.dom.Element)7
X500Principal (javax.security.auth.x500.X500Principal)6
XMLStreamException (javax.xml.stream.XMLStreamException)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
CallbackHandler (javax.security.auth.callback.CallbackHandler)5
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)5
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5
