Example 41 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class RestSecurity method createSamlHeader.
/**
* Creates an authorization header to be returned to the browser if the token was successfully
* exchanged for a SAML assertion
*
* @param subject - {@link ddf.security.Subject} to create the header from
*/
private static String createSamlHeader(Subject subject) {
String encodedSamlHeader = null;
org.w3c.dom.Element samlToken = null;
try {
for (Object principal : subject.getPrincipals().asList()) {
if (principal instanceof SecurityAssertion) {
SecurityToken securityToken = ((SecurityAssertion) principal).getSecurityToken();
samlToken = securityToken.getToken();
}
}
if (samlToken != null) {
SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlToken);
String saml = assertion.assertionToString();
encodedSamlHeader = SAML_HEADER_PREFIX + deflateAndBase64Encode(saml);
}
} catch (WSSecurityException | ArithmeticException | IOException e) {
LOGGER.info("Unable to parse SAML assertion from subject.", e);
}
return encodedSamlHeader;
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
Example 42 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class LogoutRequestService method getLogoutRequest.
@GET
public Response getLogoutRequest(@QueryParam(SAML_REQUEST) String deflatedSamlRequest, @QueryParam(SAML_RESPONSE) String deflatedSamlResponse, @QueryParam(RELAY_STATE) String relayState, @QueryParam(SIG_ALG) String signatureAlgorithm, @QueryParam(SIGNATURE) String signature) {
if (deflatedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(RestSecurity.inflateBase64(deflatedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlRequest, relayState, signatureAlgorithm, signature, logoutRequest);
logout();
String entityId = getEntityId();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(entityId, StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (IOException e) {
String msg = "Unable to decode and inflate logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(RestSecurity.inflateBase64(deflatedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
buildAndValidateSaml(deflatedSamlResponse, relayState, signatureAlgorithm, signature, logoutResponse);
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
} catch (IOException e) {
String msg = "Unable to decode and inflate logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
}
}
Also used :
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
IOException(java.io.IOException)
GET(javax.ws.rs.GET)
Example 43 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class LogoutRequestService method postLogoutRequest.
@POST
@Produces(MediaType.APPLICATION_FORM_URLENCODED)
public Response postLogoutRequest(@FormParam(SAML_REQUEST) String encodedSamlRequest, @FormParam(SAML_REQUEST) String encodedSamlResponse, @FormParam(RELAY_STATE) String relayState) {
if (encodedSamlRequest != null) {
try {
LogoutRequest logoutRequest = logoutMessage.extractSamlLogoutRequest(decodeBase64(encodedSamlRequest));
if (logoutRequest == null) {
String msg = "Unable to parse logout request.";
LOGGER.debug(msg);
return buildLogoutResponse(msg);
}
new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutRequest);
logout();
LogoutResponse logoutResponse = logoutMessage.buildLogoutResponse(logoutRequest.getIssuer().getValue(), StatusCode.SUCCESS, logoutRequest.getID());
return getLogoutResponse(relayState, logoutResponse);
} catch (WSSecurityException e) {
String msg = "Failed to sign logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (XMLStreamException e) {
String msg = "Unable to parse logout request.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
} else {
try {
LogoutResponse logoutResponse = logoutMessage.extractSamlLogoutResponse(decodeBase64(encodedSamlResponse));
if (logoutResponse == null) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg);
return buildLogoutResponse(msg);
}
new SamlValidator.Builder(simpleSign).buildAndValidate(request.getRequestURL().toString(), SamlProtocol.Binding.HTTP_POST, logoutResponse);
} catch (ValidationException e) {
String msg = "Unable to validate";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
} catch (WSSecurityException | XMLStreamException e) {
String msg = "Unable to parse logout response.";
LOGGER.info(msg, e);
return buildLogoutResponse(msg);
}
String nameId = "You";
String decodedValue;
if (relayState != null && (decodedValue = relayStates.decode(relayState)) != null) {
nameId = decodedValue;
}
return buildLogoutResponse(nameId + " logged out successfully.");
}
}
Also used :
ValidationException(ddf.security.samlp.ValidationException)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
XMLStreamException(javax.xml.stream.XMLStreamException)
SamlValidator(ddf.security.samlp.impl.SamlValidator)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
POST(javax.ws.rs.POST)
Produces(javax.ws.rs.Produces)
Example 44 with WSSecurityException
use of org.apache.wss4j.common.ext.WSSecurityException in project ddf by codice.
the class PKITokenValidator method getPKITokenFromTarget.
private PKIAuthenticationToken getPKITokenFromTarget(ReceivedToken validateTarget) {
Object token = validateTarget.getToken();
if ((token instanceof BinarySecurityTokenType) && PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
String encodedCredential = ((BinarySecurityTokenType) token).getValue();
LOGGER.debug("Encoded username/password credential: {}", encodedCredential);
BaseAuthenticationToken base = null;
try {
base = PKIAuthenticationToken.parse(encodedCredential, true);
return new PKIAuthenticationToken(base.getPrincipal(), base.getCredentials().toString(), base.getRealm());
} catch (WSSecurityException e) {
LOGGER.info("Unable to parse {} from encodedToken.", PKIAuthenticationToken.class.getSimpleName(), e);
return null;
}
}
return null;
}
Also used :
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Aggregations
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)44
IOException (java.io.IOException)16
X509Certificate (java.security.cert.X509Certificate)13
RequestData (org.apache.wss4j.dom.handler.RequestData)13
Credential (org.apache.wss4j.dom.validate.Credential)12
Document (org.w3c.dom.Document)12
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)11
Crypto (org.apache.wss4j.common.crypto.Crypto)11
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)10
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)10
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)10
XMLObject (org.opensaml.core.xml.XMLObject)7
AuthnRequest (org.opensaml.saml.saml2.core.AuthnRequest)7
Element (org.w3c.dom.Element)7
X500Principal (javax.security.auth.x500.X500Principal)6
XMLStreamException (javax.xml.stream.XMLStreamException)6
ByteArrayInputStream (java.io.ByteArrayInputStream)5
CallbackHandler (javax.security.auth.callback.CallbackHandler)5
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)5
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5
