use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class StaticStsProperties method configureProperties.
/**
* Load the CallbackHandler, Crypto objects, if necessary.
*/
public void configureProperties() throws STSException {
if (signatureCrypto == null && signatureCryptoProperties != null) {
Properties sigProperties = null;
if (signatureCryptoProperties instanceof Properties) {
sigProperties = (Properties) signatureCryptoProperties;
} else {
ResourceManager resourceManager = getResourceManager();
URL url = SecurityUtils.loadResource(resourceManager, signatureCryptoProperties);
sigProperties = SecurityUtils.loadProperties(url);
}
if (sigProperties == null) {
LOG.fine("Cannot load signature properties using: " + signatureCryptoProperties);
throw new STSException("Configuration error: cannot load signature properties");
}
try {
signatureCrypto = CryptoFactory.getInstance(sigProperties);
} catch (WSSecurityException ex) {
LOG.fine("Error in loading the signature Crypto object: " + ex.getMessage());
throw new STSException(ex.getMessage());
}
}
if (encryptionCrypto == null && encryptionCryptoProperties != null) {
Properties encrProperties = null;
if (encryptionCryptoProperties instanceof Properties) {
encrProperties = (Properties) encryptionCryptoProperties;
} else {
ResourceManager resourceManager = getResourceManager();
URL url = SecurityUtils.loadResource(resourceManager, encryptionCryptoProperties);
encrProperties = SecurityUtils.loadProperties(url);
}
if (encrProperties == null) {
LOG.fine("Cannot load encryption properties using: " + encryptionCryptoProperties);
throw new STSException("Configuration error: cannot load encryption properties");
}
try {
encryptionCrypto = CryptoFactory.getInstance(encrProperties);
} catch (WSSecurityException ex) {
LOG.fine("Error in loading the encryption Crypto object: " + ex.getMessage());
throw new STSException(ex.getMessage());
}
}
if (callbackHandler == null && callbackHandlerClass != null) {
try {
callbackHandler = SecurityUtils.getCallbackHandler(callbackHandlerClass);
if (callbackHandler == null) {
LOG.fine("Cannot load CallbackHandler using: " + callbackHandlerClass);
throw new STSException("Configuration error: cannot load callback handler");
}
} catch (Exception ex) {
LOG.fine("Error in loading the callback handler: " + ex.getMessage());
throw new STSException(ex.getMessage());
}
}
WSSConfig.init();
}
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class StsIssueTest method validateSecurityToken.
private void validateSecurityToken(SecurityToken token) {
assert (SAML2_TOKEN_TYPE.equals(token.getTokenType()));
assert (token.getToken() != null);
// Process the token
List<WSSecurityEngineResult> results;
try {
results = processToken(token);
assert (results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assert (assertion != null);
assert (assertion.getSaml1() == null && assertion.getSaml2() != null);
assert (assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && methods.size() > 0) {
confirmMethod = methods.get(0);
}
assert (confirmMethod != null);
} catch (WSSecurityException e) {
LOGGER.info("Error validating the SecurityToken.", e);
}
}
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class TestX509PathTokenValidator method goodToken.
private void goodToken(String type) {
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(binarySecurityTokenType.getValueType()).thenReturn(type);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
}
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class TestX509PathTokenValidator method testAdditionalPropertyCountry.
@Test
public void testAdditionalPropertyCountry() {
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,C=US");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
}
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class TestX509PathTokenValidator method testValidateBadToken.
@Test
public void testValidateBadToken() {
X509PathTokenValidator x509PathTokenValidator = new X509PathTokenValidator();
try {
Credential credential = mock(Credential.class);
X509Certificate x509Certificate = mock(X509Certificate.class);
X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg");
when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
when(credential.getCertificates()).thenReturn(x509Certificates);
when(validator.validate(any(Credential.class), any(RequestData.class))).thenThrow(new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR));
} catch (WSSecurityException e) {
//ignore
}
x509PathTokenValidator.setValidator(validator);
TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
Crypto crypto = mock(Crypto.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
ReceivedToken receivedToken = mock(ReceivedToken.class);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
when(tokenParameters.getToken()).thenReturn(receivedToken);
when(receivedToken.isBinarySecurityToken()).thenReturn(true);
BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
when(binarySecurityTokenType.getValueType()).thenReturn("valuetype");
when(binarySecurityTokenType.getValue()).thenReturn("data");
TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
}
Aggregations