Search in sources :

Example 31 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class StaticStsProperties method configureProperties.

/**
     * Load the CallbackHandler, Crypto objects, if necessary.
     */
public void configureProperties() throws STSException {
    if (signatureCrypto == null && signatureCryptoProperties != null) {
        Properties sigProperties = null;
        if (signatureCryptoProperties instanceof Properties) {
            sigProperties = (Properties) signatureCryptoProperties;
        } else {
            ResourceManager resourceManager = getResourceManager();
            URL url = SecurityUtils.loadResource(resourceManager, signatureCryptoProperties);
            sigProperties = SecurityUtils.loadProperties(url);
        }
        if (sigProperties == null) {
            LOG.fine("Cannot load signature properties using: " + signatureCryptoProperties);
            throw new STSException("Configuration error: cannot load signature properties");
        }
        try {
            signatureCrypto = CryptoFactory.getInstance(sigProperties);
        } catch (WSSecurityException ex) {
            LOG.fine("Error in loading the signature Crypto object: " + ex.getMessage());
            throw new STSException(ex.getMessage());
        }
    }
    if (encryptionCrypto == null && encryptionCryptoProperties != null) {
        Properties encrProperties = null;
        if (encryptionCryptoProperties instanceof Properties) {
            encrProperties = (Properties) encryptionCryptoProperties;
        } else {
            ResourceManager resourceManager = getResourceManager();
            URL url = SecurityUtils.loadResource(resourceManager, encryptionCryptoProperties);
            encrProperties = SecurityUtils.loadProperties(url);
        }
        if (encrProperties == null) {
            LOG.fine("Cannot load encryption properties using: " + encryptionCryptoProperties);
            throw new STSException("Configuration error: cannot load encryption properties");
        }
        try {
            encryptionCrypto = CryptoFactory.getInstance(encrProperties);
        } catch (WSSecurityException ex) {
            LOG.fine("Error in loading the encryption Crypto object: " + ex.getMessage());
            throw new STSException(ex.getMessage());
        }
    }
    if (callbackHandler == null && callbackHandlerClass != null) {
        try {
            callbackHandler = SecurityUtils.getCallbackHandler(callbackHandlerClass);
            if (callbackHandler == null) {
                LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass);
                throw new STSException("Configuration error: cannot load callback handler");
            }
        } catch (Exception ex) {
            LOG.fine("Error in loading the callback handler: " + ex.getMessage());
            throw new STSException(ex.getMessage());
        }
    }
    WSSConfig.init();
}
Also used : STSException(org.apache.cxf.ws.security.sts.provider.STSException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) ResourceManager(org.apache.cxf.resource.ResourceManager) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) Properties(java.util.Properties) EncryptionProperties(org.apache.cxf.sts.service.EncryptionProperties) SignatureProperties(org.apache.cxf.sts.SignatureProperties) URL(java.net.URL) STSException(org.apache.cxf.ws.security.sts.provider.STSException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 32 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class StsIssueTest method validateSecurityToken.

private void validateSecurityToken(SecurityToken token) {
    assert (SAML2_TOKEN_TYPE.equals(token.getTokenType()));
    assert (token.getToken() != null);
    // Process the token
    List<WSSecurityEngineResult> results;
    try {
        results = processToken(token);
        assert (results != null && results.size() == 1);
        SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
        assert (assertion != null);
        assert (assertion.getSaml1() == null && assertion.getSaml2() != null);
        assert (assertion.isSigned());
        List<String> methods = assertion.getConfirmationMethods();
        String confirmMethod = null;
        if (methods != null && methods.size() > 0) {
            confirmMethod = methods.get(0);
        }
        assert (confirmMethod != null);
    } catch (WSSecurityException e) {
        LOGGER.info("Error validating the SecurityToken.", e);
    }
}
Also used : SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 33 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class TestX509PathTokenValidator method goodToken.

private void goodToken(String type) {
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(binarySecurityTokenType.getValueType()).thenReturn(type);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) X509Certificate(java.security.cert.X509Certificate) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)

Example 34 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class TestX509PathTokenValidator method testAdditionalPropertyCountry.

@Test
public void testAdditionalPropertyCountry() {
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,C=US");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
    assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) X509Certificate(java.security.cert.X509Certificate) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 35 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class TestX509PathTokenValidator method testValidateBadToken.

@Test
public void testValidateBadToken() {
    X509PathTokenValidator x509PathTokenValidator = new X509PathTokenValidator();
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenThrow(new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValueType()).thenReturn("valuetype");
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) X509Certificate(java.security.cert.X509Certificate) TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) RequestData(org.apache.wss4j.dom.handler.RequestData) X500Principal(javax.security.auth.x500.X500Principal) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Aggregations

WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)44 IOException (java.io.IOException)16 X509Certificate (java.security.cert.X509Certificate)13 RequestData (org.apache.wss4j.dom.handler.RequestData)13 Credential (org.apache.wss4j.dom.validate.Credential)12 Document (org.w3c.dom.Document)12 BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)11 Crypto (org.apache.wss4j.common.crypto.Crypto)11 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)10 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)10 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)10 XMLObject (org.opensaml.core.xml.XMLObject)7 AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7 Element (org.w3c.dom.Element)7 X500Principal (javax.security.auth.x500.X500Principal)6 XMLStreamException (javax.xml.stream.XMLStreamException)6 ByteArrayInputStream (java.io.ByteArrayInputStream)5 CallbackHandler (javax.security.auth.callback.CallbackHandler)5 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)5 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5