Search in sources :

Example 11 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            if (conditions != null) {
                callback.setConditions(conditions);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);
            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 12 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (!saml2) {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            String subjectConfMethod = confirmationMethod;
            if (subjectConfMethod == null && !saml2) {
                subjectConfMethod = SAML1Constants.CONF_BEARER;
            } else if (subjectConfMethod == null && saml2) {
                subjectConfMethod = SAML2Constants.CONF_BEARER;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(subjectConfMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(subjectConfMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            try {
                String file = "alice.properties";
                Crypto crypto = CryptoFactory.getInstance(file);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName("alice");
                callback.setIssuerKeyPassword("password");
                callback.setSignAssertion(signed);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 13 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class CombinedValidatorTest method createResponse.

private Response createResponse(Document doc) throws Exception {
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    response.setDestination("http://recipient.apache.org");
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
    callbackHandler.setSubjectName("alice");
    SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean();
    subjectConfirmationData.setAddress("http://apache.org");
    subjectConfirmationData.setInResponseTo("12345");
    subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5));
    subjectConfirmationData.setRecipient("http://recipient.apache.org");
    callbackHandler.setSubjectConfirmationData(subjectConfirmationData);
    ConditionsBean conditions = new ConditionsBean();
    conditions.setNotBefore(new DateTime());
    conditions.setNotAfter(new DateTime().plusMinutes(5));
    AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
    audienceRestriction.setAudienceURIs(Collections.singletonList("http://service.apache.org"));
    conditions.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
    callbackHandler.setConditions(conditions);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = new Merlin();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    ClassLoader loader = Loader.getClassLoader(CombinedValidatorTest.class);
    InputStream input = Merlin.loadInputStream(loader, "alice.jks");
    keyStore.load(input, "password".toCharArray());
    ((Merlin) issuerCrypto).setKeyStore(keyStore);
    assertion.signAssertion("alice", "password", issuerCrypto, false);
    response.getAssertions().add(assertion.getSaml2());
    return response;
}
Also used : Status(org.opensaml.saml.saml2.core.Status) AudienceRestrictionBean(org.apache.wss4j.common.saml.bean.AudienceRestrictionBean) InputStream(java.io.InputStream) ConditionsBean(org.apache.wss4j.common.saml.bean.ConditionsBean) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) KeyStore(java.security.KeyStore) DateTime(org.joda.time.DateTime) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) SubjectConfirmationDataBean(org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Merlin(org.apache.wss4j.common.crypto.Merlin)

Example 14 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAML2CallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            callback.setSamlVersion(Version.SAML_20);
            callback.setIssuer(issuer);
            if (conditions != null) {
                callback.setConditions(conditions);
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (subjectNameIDFormat != null) {
                subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
            }
            subjectBean.setSubjectConfirmationData(subjectConfirmationData);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            createAndSetStatement(null, callback);
        } else {
            throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback");
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) IOException(java.io.IOException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException)

Example 15 with SAMLCallback

use of org.apache.wss4j.common.saml.SAMLCallback in project cxf by apache.

the class SAMLResponseValidatorTest method testResponseSignedAssertion.

@org.junit.Test
public void testResponseSignedAssertion() throws Exception {
    Document doc = DOMUtils.createDocument();
    Status status = SAML2PResponseComponentBuilder.createStatus(SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null);
    Response response = SAML2PResponseComponentBuilder.createSAMLResponse("http://cxf.apache.org/saml", "http://cxf.apache.org/issuer", status);
    // Create an AuthenticationAssertion
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
    callbackHandler.setIssuer("http://cxf.apache.org/issuer");
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
    Crypto issuerCrypto = new Merlin();
    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
    ClassLoader loader = Loader.getClassLoader(SAMLResponseValidatorTest.class);
    InputStream input = Merlin.loadInputStream(loader, "alice.jks");
    keyStore.load(input, "password".toCharArray());
    ((Merlin) issuerCrypto).setKeyStore(keyStore);
    assertion.signAssertion("alice", "password", issuerCrypto, false);
    response.getAssertions().add(assertion.getSaml2());
    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);
    assertNotNull(policyElement);
    Response marshalledResponse = (Response) OpenSAMLUtil.fromDom(policyElement);
    // Validate the Response
    SAMLProtocolResponseValidator validator = new SAMLProtocolResponseValidator();
    try {
        validator.validateSamlResponse(marshalledResponse, null, new KeystorePasswordCallback());
        fail("Expected failure on no Signature Crypto");
    } catch (WSSecurityException ex) {
    // expected
    }
    // Validate the Response
    validator.validateSamlResponse(marshalledResponse, issuerCrypto, new KeystorePasswordCallback());
}
Also used : Status(org.opensaml.saml.saml2.core.Status) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) KeyStore(java.security.KeyStore) Response(org.opensaml.saml.saml2.core.Response) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Merlin(org.apache.wss4j.common.crypto.Merlin)

Aggregations

SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)60 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)40 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)25 Document (org.w3c.dom.Document)25 Crypto (org.apache.wss4j.common.crypto.Crypto)23 Element (org.w3c.dom.Element)23 Status (org.opensaml.saml.saml2.core.Status)20 Response (org.opensaml.saml.saml2.core.Response)19 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)18 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)15 IOException (java.io.IOException)13 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)13 AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)13 KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)11 DateTime (org.joda.time.DateTime)11 AudienceRestrictionBean (org.apache.wss4j.common.saml.bean.AudienceRestrictionBean)9 ConditionsBean (org.apache.wss4j.common.saml.bean.ConditionsBean)9 InputStream (java.io.InputStream)8 KeyStore (java.security.KeyStore)8 Merlin (org.apache.wss4j.common.crypto.Merlin)8