Search in sources :

Example 1 with KeyInfoBean

use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project jbossws-cxf by jbossws.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=jbws-cxf-sts.com";
            String subjectQualifier = "www.jbws-cxf-sts.org";
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            try {
                String file = "META-INF/alice.properties";
                Crypto crypto = CryptoFactory.getInstance(file);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName("alice");
                callback.setIssuerKeyPassword("password");
                callback.setSignAssertion(signed);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 2 with KeyInfoBean

use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project testcases by coheigea.

the class SamlCallbackHandler method createKeyInfo.

protected KeyInfoBean createKeyInfo() throws Exception {
    Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias(cryptoAlias);
    X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
    KeyInfoBean keyInfo = new KeyInfoBean();
    keyInfo.setCertIdentifer(keyInfoIdentifier);
    if (keyInfoIdentifier == CERT_IDENTIFIER.X509_CERT) {
        keyInfo.setCertificate(certs[0]);
    } else if (keyInfoIdentifier == CERT_IDENTIFIER.KEY_VALUE) {
        keyInfo.setPublicKey(certs[0].getPublicKey());
    }
    return keyInfo;
}
Also used : Crypto(org.apache.wss4j.common.crypto.Crypto) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) CryptoType(org.apache.wss4j.common.crypto.CryptoType) X509Certificate(java.security.cert.X509Certificate)

Example 3 with KeyInfoBean

use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project cxf by apache.

the class AbstractSAMLCallbackHandler method createKeyInfo.

protected KeyInfoBean createKeyInfo() throws Exception {
    KeyInfoBean keyInfo = new KeyInfoBean();
    if (statement == Statement.AUTHN) {
        keyInfo.setCertificate(certs[0]);
        keyInfo.setCertIdentifer(certIdentifier);
    } else if (statement == Statement.ATTR) {
        // Build a new Document
        DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
        docBuilderFactory.setNamespaceAware(true);
        DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
        Document doc = docBuilder.newDocument();
        // Create an Encrypted Key
        WSSecEncryptedKey encrKey = new WSSecEncryptedKey(doc);
        encrKey.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
        encrKey.setUseThisCert(certs[0]);
        KeyGenerator keyGen = KeyUtils.getKeyGenerator(WSConstants.AES_128);
        SecretKey symmetricKey = keyGen.generateKey();
        encrKey.prepare(null, symmetricKey);
        Element encryptedKeyElement = encrKey.getEncryptedKeyElement();
        // Append the EncryptedKey to a KeyInfo element
        Element keyInfoElement = doc.createElementNS(WSS4JConstants.SIG_NS, WSS4JConstants.SIG_PREFIX + ":" + WSS4JConstants.KEYINFO_LN);
        keyInfoElement.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns:" + WSS4JConstants.SIG_PREFIX, WSS4JConstants.SIG_NS);
        keyInfoElement.appendChild(encryptedKeyElement);
        keyInfo.setElement(keyInfoElement);
    }
    return keyInfo;
}
Also used : KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) SecretKey(javax.crypto.SecretKey) DocumentBuilderFactory(javax.xml.parsers.DocumentBuilderFactory) WSSecEncryptedKey(org.apache.wss4j.dom.message.WSSecEncryptedKey) DocumentBuilder(javax.xml.parsers.DocumentBuilder) Element(org.w3c.dom.Element) Document(org.w3c.dom.Document) KeyGenerator(javax.crypto.KeyGenerator)

Example 4 with KeyInfoBean

use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (saml2) {
                callback.setSamlVersion(Version.SAML_20);
            } else {
                callback.setSamlVersion(Version.SAML_11);
            }
            if (conditions != null) {
                callback.setConditions(conditions);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            if (!saml2 && SAML2Constants.CONF_SENDER_VOUCHES.equals(confirmationMethod)) {
                confirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, confirmationMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            callback.setSignatureAlgorithm(signatureAlgorithm);
            callback.setSignatureDigestAlgorithm(digestAlgorithm);
            try {
                Crypto crypto = CryptoFactory.getInstance(cryptoPropertiesFile);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName(cryptoAlias);
                callback.setIssuerKeyPassword(cryptoPassword);
                callback.setSignAssertion(signAssertion);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 5 with KeyInfoBean

use of org.apache.wss4j.common.saml.bean.KeyInfoBean in project cxf by apache.

the class SamlCallbackHandler method handle.

public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof SAMLCallback) {
            SAMLCallback callback = (SAMLCallback) callbacks[i];
            if (!saml2) {
                callback.setSamlVersion(Version.SAML_11);
            }
            callback.setIssuer("sts");
            String subjectName = "uid=sts-client,o=mock-sts.com";
            String subjectQualifier = "www.mock-sts.com";
            String subjectConfMethod = confirmationMethod;
            if (subjectConfMethod == null && !saml2) {
                subjectConfMethod = SAML1Constants.CONF_BEARER;
            } else if (subjectConfMethod == null && saml2) {
                subjectConfMethod = SAML2Constants.CONF_BEARER;
            }
            SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfMethod);
            if (SAML2Constants.CONF_HOLDER_KEY.equals(subjectConfMethod) || SAML1Constants.CONF_HOLDER_KEY.equals(subjectConfMethod)) {
                try {
                    KeyInfoBean keyInfo = createKeyInfo();
                    subjectBean.setKeyInfo(keyInfo);
                } catch (Exception ex) {
                    throw new IOException("Problem creating KeyInfo: " + ex.getMessage());
                }
            }
            callback.setSubject(subjectBean);
            AttributeStatementBean attrBean = new AttributeStatementBean();
            attrBean.setSubject(subjectBean);
            AttributeBean attributeBean = new AttributeBean();
            if (saml2) {
                attributeBean.setQualifiedName("subject-role");
            } else {
                attributeBean.setSimpleName("subject-role");
                attributeBean.setQualifiedName("http://custom-ns");
            }
            attributeBean.addAttributeValue("system-user");
            attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
            callback.setAttributeStatementData(Collections.singletonList(attrBean));
            try {
                String file = "alice.properties";
                Crypto crypto = CryptoFactory.getInstance(file);
                callback.setIssuerCrypto(crypto);
                callback.setIssuerKeyName("alice");
                callback.setIssuerKeyPassword("password");
                callback.setSignAssertion(signed);
            } catch (WSSecurityException e) {
                throw new IOException(e);
            }
        }
    }
}
Also used : SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) AttributeStatementBean(org.apache.wss4j.common.saml.bean.AttributeStatementBean) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) AttributeBean(org.apache.wss4j.common.saml.bean.AttributeBean) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Aggregations

KeyInfoBean (org.apache.wss4j.common.saml.bean.KeyInfoBean)22 Crypto (org.apache.wss4j.common.crypto.Crypto)15 SubjectBean (org.apache.wss4j.common.saml.bean.SubjectBean)12 SAMLCallback (org.apache.wss4j.common.saml.SAMLCallback)11 IOException (java.io.IOException)10 UnsupportedCallbackException (javax.security.auth.callback.UnsupportedCallbackException)10 X509Certificate (java.security.cert.X509Certificate)7 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7 AttributeBean (org.apache.wss4j.common.saml.bean.AttributeBean)7 AttributeStatementBean (org.apache.wss4j.common.saml.bean.AttributeStatementBean)7 CryptoType (org.apache.wss4j.common.crypto.CryptoType)6 Element (org.w3c.dom.Element)4 KeyGenerator (javax.crypto.KeyGenerator)3 SecretKey (javax.crypto.SecretKey)3 WSSecEncryptedKey (org.apache.wss4j.dom.message.WSSecEncryptedKey)3 DocumentBuilder (javax.xml.parsers.DocumentBuilder)2 DocumentBuilderFactory (javax.xml.parsers.DocumentBuilderFactory)2 Document (org.w3c.dom.Document)2 InputStream (java.io.InputStream)1 Principal (java.security.Principal)1