Examples with WSSecurityException org.apache.wss4j.common.ext.WSSecurityException used on opensource projects

Example 36 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class TestX509PathTokenValidator method testAdditionalPropertyEmail.

@Test
public void testAdditionalPropertyEmail() {
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,EMAILADDRESS=name@example.com");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
    assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}

Example 37 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class TestX509PathTokenValidator method testAdditionalPropertyBoth.

@Test
public void testAdditionalPropertyBoth() {
    try {
        Credential credential = mock(Credential.class);
        X509Certificate x509Certificate = mock(X509Certificate.class);
        X500Principal x500Principal = new X500Principal("cn=myxman,ou=someunit,o=someorg,C=US,EMAILADDRESS=name@example.com");
        when(x509Certificate.getSubjectX500Principal()).thenReturn(x500Principal);
        X509Certificate[] x509Certificates = new X509Certificate[] { x509Certificate };
        when(credential.getCertificates()).thenReturn(x509Certificates);
        when(validator.validate(any(Credential.class), any(RequestData.class))).thenReturn(credential);
    } catch (WSSecurityException e) {
    //ignore
    }
    x509PathTokenValidator.setValidator(validator);
    TokenValidatorParameters tokenParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(tokenParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    Crypto crypto = mock(Crypto.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(crypto);
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    when(tokenParameters.getToken()).thenReturn(receivedToken);
    when(receivedToken.isBinarySecurityToken()).thenReturn(true);
    BinarySecurityTokenType binarySecurityTokenType = mock(BinarySecurityTokenType.class);
    when(binarySecurityTokenType.getValueType()).thenReturn(X509TokenValidator.X509_V3_TYPE);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    when(binarySecurityTokenType.getEncodingType()).thenReturn(X509PathTokenValidator.BASE64_ENCODING);
    when(binarySecurityTokenType.getValue()).thenReturn("data");
    TokenValidatorResponse tokenValidatorResponse = x509PathTokenValidator.validateToken(tokenParameters);
    assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
    assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
    assertEquals("name@example.com", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}

Example 38 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class IdpHandler method doPaosRequest.

private HandlerResult doPaosRequest(ServletRequest request, ServletResponse response) {
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    HandlerResult handlerResult = new HandlerResult(HandlerResult.Status.REDIRECTED, null);
    handlerResult.setSource("idp-" + SOURCE);
    String paosHeader = ((HttpServletRequest) request).getHeader(PAOS);
    //some of these options aren't currently used, leaving these here as a marker for what
    //isn't implemented
    boolean wantChannelBind = paosHeader.contains("urn:oasis:names:tc:SAML:protocol:ext:channel-binding");
    boolean wantHok = paosHeader.contains("urn:oasis:names:tc:SAML:2.0:cm:holder-of-key");
    boolean wantSigned = paosHeader.contains("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp:2.0:WantAuthnRequestsSigned");
    boolean wantDelegation = paosHeader.contains("urn:oasis:names:tc:SAML:2.0:conditions:delegation");
    LOGGER.trace("ECP Client requested: channel bind {}, holder of key {}, signatures {}, delegation {}", wantChannelBind, wantHok, wantSigned, wantDelegation);
    LOGGER.trace("Configuring SAML Response for POST.");
    Document doc = DOMUtils.createDocument();
    doc.appendChild(doc.createElement("root"));
    LOGGER.trace("Signing SAML POST Response.");
    String authnRequest;
    String paosRequest;
    String ecpRequest;
    String ecpRelayState;
    try {
        IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
        if (idpssoDescriptor == null) {
            throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
        }
        authnRequest = createAndSignAuthnRequest(true, wantSigned && idpssoDescriptor.getWantAuthnRequestsSigned());
        paosRequest = createPaosRequest((HttpServletRequest) request);
        ecpRequest = createEcpRequest();
        ecpRelayState = createEcpRelayState((HttpServletRequest) request);
    } catch (ServletException | WSSecurityException e) {
        LOGGER.debug("Unable to create and sign AuthnRequest.", e);
        httpServletResponse.setStatus(HttpServletResponse.SC_INTERNAL_SERVER_ERROR);
        try {
            httpServletResponse.flushBuffer();
        } catch (IOException e1) {
            LOGGER.debug("Failed to send error response: {}", e1);
        }
        return handlerResult;
    }
    LOGGER.trace("Converting SAML Response to DOM");
    String soapMessage = soapMessageTemplate.replace("{{" + PAOS_REQUEST + "}}", paosRequest);
    soapMessage = soapMessage.replace("{{" + ECP_REQUEST + "}}", ecpRequest);
    soapMessage = soapMessage.replace("{{" + SAML_REQUEST + "}}", authnRequest);
    soapMessage = soapMessage.replace("{{" + ECP_RELAY_STATE + "}}", ecpRelayState);
    soapMessage = soapMessage.replace("{{" + PAOS_RESPONSE + "}}", "");
    try {
        httpServletResponse.setStatus(HttpServletResponse.SC_OK);
        httpServletResponse.setContentType("application/vnd.paos+xml");
        httpServletResponse.getOutputStream().print(soapMessage);
        httpServletResponse.flushBuffer();
    } catch (IOException ioe) {
        LOGGER.debug("Failed to send auth response: {}", ioe);
    }
    return handlerResult;
}

Example 39 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class AssertionConsumerService method extractSamlResponse.

private org.opensaml.saml.saml2.core.Response extractSamlResponse(String samlResponse) {
    org.opensaml.saml.saml2.core.Response response = null;
    try {
        Document responseDoc = StaxUtils.read(new ByteArrayInputStream(samlResponse.getBytes(StandardCharsets.UTF_8)));
        XMLObject responseXmlObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
        if (responseXmlObject instanceof org.opensaml.saml.saml2.core.Response) {
            response = (org.opensaml.saml.saml2.core.Response) responseXmlObject;
        }
    } catch (XMLStreamException | WSSecurityException e) {
        LOGGER.debug("Failed to convert AuthN response string to object.", e);
    }
    return response;
}

Example 40 with WSSecurityException

use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.

the class PaosInInterceptor method checkSamlpResponse.

private void checkSamlpResponse(SOAPPart soapRequest) throws IOException {
    XMLObject responseXmlObj = null;
    try {
        Node node = soapRequest.getEnvelope().getBody().getFirstChild();
        responseXmlObj = SamlProtocol.getXmlObjectFromNode(node);
    } catch (WSSecurityException | SOAPException | XMLStreamException ex) {
        throw new IOException("Unable to convert Response document to XMLObject.");
    }
    if (responseXmlObj == null) {
        throw new IOException("Response object is not Found.");
    }
    if (!(responseXmlObj instanceof org.opensaml.saml.saml2.core.Response)) {
        throw new IOException("SAMLRequest object is not org.opensaml.saml.saml2.core.Response.");
    }
}