Examples with SamlAssertionWrapper org.apache.wss4j.common.saml.SamlAssertionWrapper used on opensource projects

Search in sources :

Example 61 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class AbstractPolicySecurityTest method runOutInterceptorAndValidateSamlTokenAttached.

protected void runOutInterceptorAndValidateSamlTokenAttached(String policyDoc) throws Exception {
    // create the request message
    final Document document = this.readDocument("wsse-request-clean.xml");
    final Element outPolicyElement = this.readDocument(policyDoc).getDocumentElement();
    final Policy policy = this.policyBuilder.getPolicy(outPolicyElement);
    AssertionInfoMap aim = new AssertionInfoMap(policy);
    SoapMessage msg = this.getOutSoapMessageForDom(document, aim);
    // add an "issued" assertion into the message exchange
    Element issuedAssertion = this.readDocument("example-sts-issued-saml-assertion.xml").getDocumentElement();
    Properties cryptoProps = new Properties();
    URL url = ClassLoader.getSystemResource("outsecurity.properties");
    cryptoProps.load(url.openStream());
    Crypto crypto = CryptoFactory.getInstance(cryptoProps);
    // Sign the "issued" assertion
    SamlAssertionWrapper assertionWrapper = new SamlAssertionWrapper(issuedAssertion);
    assertionWrapper.signAssertion("myalias", "myAliasPassword", crypto, false);
    Document doc = DOMUtils.newDocument();
    issuedAssertion = OpenSAMLUtil.toDom(assertionWrapper.getSaml1(), doc);
    String assertionId = issuedAssertion.getAttributeNodeNS(null, "AssertionID").getNodeValue();
    SecurityToken issuedToken = new SecurityToken(assertionId, issuedAssertion, null);
    String alias = cryptoProps.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(alias);
    issuedToken.setX509Certificate(crypto.getX509Certificates(cryptoType)[0], crypto);
    msg.getExchange().getEndpoint().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
    msg.getExchange().put(SecurityConstants.TOKEN_ID, issuedToken.getId());
    TokenStore tokenStore = new MemoryTokenStore();
    msg.getExchange().getEndpoint().getEndpointInfo().setProperty(TokenStore.class.getName(), tokenStore);
    tokenStore.add(issuedToken);
    // fire the interceptor and verify results
    final Document signedDoc = this.runOutInterceptorAndValidate(msg, policy, aim, null, null);
    this.runInInterceptorAndValidate(signedDoc, policy, Collections.singletonList(SP12Constants.ISSUED_TOKEN), null, Collections.singletonList(CoverageType.SIGNED));
}
Also used : Policy(org.apache.neethi.Policy) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) CryptoType(org.apache.wss4j.common.crypto.CryptoType) Document(org.w3c.dom.Document) Properties(java.util.Properties) URL(java.net.URL) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) MemoryTokenStore(org.apache.cxf.ws.security.tokenstore.MemoryTokenStore) Crypto(org.apache.wss4j.common.crypto.Crypto) TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore) MemoryTokenStore(org.apache.cxf.ws.security.tokenstore.MemoryTokenStore)

Example 62 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class CustomSamlValidator method validate.

@Override
public Credential validate(Credential credential, RequestData data) throws WSSecurityException {
    Credential returnedCredential = super.validate(credential, data);
    // 
    // Do some custom validation on the assertion
    // 
    SamlAssertionWrapper assertion = credential.getSamlAssertion();
    if (!"www.example.com".equals(assertion.getIssuerString())) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    if (requireSAML1Assertion && assertion.getSaml1() == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    } else if (!requireSAML1Assertion && assertion.getSaml2() == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    String confirmationMethod = assertion.getConfirmationMethods().get(0);
    if (confirmationMethod == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    if (requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(confirmationMethod)) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    } else if (requireBearer && !(SAML2Constants.CONF_BEARER.equals(confirmationMethod) || SAML1Constants.CONF_BEARER.equals(confirmationMethod))) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    } else if (!requireBearer && !requireSenderVouches && !OpenSAMLUtil.isMethodHolderOfKey(confirmationMethod)) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
    }
    return returnedCredential;
}
Also used : Credential(org.apache.wss4j.dom.validate.Credential) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 63 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SamlTokenTest method testSaml1TokenSignedSenderVouches.

@Test
public void testSaml1TokenSignedSenderVouches() throws Exception {
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, new SAML1CallbackHandler());
    outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    outProperties.put(ConfigurationConstants.USER, "alice");
    outProperties.put("password", "password");
    outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_UNSIGNED + " " + ConfigurationConstants.SIGNATURE);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/saml1:Assertion");
    Map<String, String> inMessageProperties = new HashMap<>();
    Message message = makeInvocation(outProperties, xpaths, inProperties, inMessageProperties);
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
    SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
    assert !receivedAssertion.isSigned();
}
Also used : Message(org.apache.cxf.message.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SOAPMessage(javax.xml.soap.SOAPMessage) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 64 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SamlTokenTest method testSaml2TokenHOK.

/**
 * This test creates a holder-of-key SAML2 Assertion, and sends it in the security header
 * to the provider.
 */
@Test
public void testSaml2TokenHOK() throws Exception {
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    outProperties.put(ConfigurationConstants.USER, "alice");
    outProperties.put("password", "password");
    outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
    callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
    callbackHandler.setSignAssertion(true);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/saml2:Assertion");
    try {
        makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
        fail("Failure expected in SAML Validator");
    } catch (Fault ex) {
    // expected
    }
    validator.setRequireSenderVouches(false);
    try {
        makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
        fail("Failure expected in SAML Validator");
    } catch (Fault ex) {
    // expected
    }
    validator.setRequireSAML1Assertion(false);
    Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
    SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(receivedAssertion != null && receivedAssertion.getSaml2() != null);
    assert receivedAssertion.isSigned();
    actionResult = handlerResults.get(0).getActionResults().get(WSConstants.SIGN).get(0);
    assertTrue(actionResult != null);
}
Also used : Message(org.apache.cxf.message.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SOAPMessage(javax.xml.soap.SOAPMessage) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Fault(org.apache.cxf.interceptor.Fault) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Example 65 with SamlAssertionWrapper

use of org.apache.wss4j.common.saml.SamlAssertionWrapper in project cxf by apache.

the class SamlTokenTest method testSaml1TokenHOK.

/**
 * This test creates a holder-of-key SAML1 Assertion, and sends it in the security header
 * to the provider.
 */
@Test
public void testSaml1TokenHOK() throws Exception {
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED);
    outProperties.put(ConfigurationConstants.SIG_KEY_ID, "DirectReference");
    outProperties.put(ConfigurationConstants.USER, "alice");
    outProperties.put("password", "password");
    outProperties.put(ConfigurationConstants.SIG_PROP_FILE, "alice.properties");
    SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
    callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
    callbackHandler.setSignAssertion(true);
    outProperties.put(ConfigurationConstants.SAML_CALLBACK_REF, callbackHandler);
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SAML_TOKEN_SIGNED + " " + ConfigurationConstants.SIGNATURE);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    final Map<QName, Object> customMap = new HashMap<>();
    CustomSamlValidator validator = new CustomSamlValidator();
    customMap.put(WSConstants.SAML_TOKEN, validator);
    customMap.put(WSConstants.SAML2_TOKEN, validator);
    inProperties.put(WSS4JInInterceptor.VALIDATOR_MAP, customMap);
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/saml1:Assertion");
    try {
        makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
        fail("Failure expected in SAML Validator");
    } catch (Fault ex) {
    // expected
    }
    validator.setRequireSenderVouches(false);
    Message message = makeInvocation(outProperties, xpaths, inProperties, Collections.emptyMap());
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) message.get(WSHandlerConstants.RECV_RESULTS));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.ST_SIGNED).get(0);
    SamlAssertionWrapper receivedAssertion = (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertTrue(receivedAssertion != null && receivedAssertion.getSaml1() != null);
    assert receivedAssertion.isSigned();
    actionResult = handlerResults.get(0).getActionResults().get(WSConstants.SIGN).get(0);
    assertTrue(actionResult != null);
}
Also used : Message(org.apache.cxf.message.Message) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) SOAPMessage(javax.xml.soap.SOAPMessage) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) Fault(org.apache.cxf.interceptor.Fault) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) AbstractSecurityTest(org.apache.cxf.ws.security.wss4j.AbstractSecurityTest) Test(org.junit.Test)

Aggregations

SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)141 Element (org.w3c.dom.Element)68 Document (org.w3c.dom.Document)55 WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)44 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)40 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)35 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)27 Crypto (org.apache.wss4j.common.crypto.Crypto)26 Response (org.opensaml.saml.saml2.core.Response)23 URL (java.net.URL)22 Bus (org.apache.cxf.Bus)20 SpringBusFactory (org.apache.cxf.bus.spring.SpringBusFactory)19 ArrayList (java.util.ArrayList)18 WebClient (org.apache.cxf.jaxrs.client.WebClient)18 Status (org.opensaml.saml.saml2.core.Status)18 HashMap (java.util.HashMap)16 Test (org.junit.Test)16 Principal (java.security.Principal)15 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)14 Response (javax.ws.rs.core.Response)13
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial