Examples with WSSConfig org.apache.wss4j.dom.engine.WSSConfig used on opensource projects

Search in sources :

Example 16 with WSSConfig

use of org.apache.wss4j.dom.engine.WSSConfig in project cxf by apache.

the class Saml2BearerGrantHandler method validateToken.

protected void validateToken(Message message, SamlAssertionWrapper assertion) {
    try {
        RequestData data = new RequestData();
        if (assertion.isSigned()) {
            WSSConfig cfg = WSSConfig.getNewInstance();
            data.setWssConfig(cfg);
            data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass()));
            try {
                data.setSigVerCrypto(new CryptoLoader().getCrypto(message, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES));
            } catch (IOException ex) {
                throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
            }
            boolean enableRevocation = false;
            String enableRevocationStr = (String) org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, message);
            if (enableRevocationStr != null) {
                enableRevocation = Boolean.parseBoolean(enableRevocationStr);
            }
            data.setEnableRevocation(enableRevocation);
            Signature sig = assertion.getSignature();
            WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
            data.setWsDocInfo(docInfo);
            KeyInfo keyInfo = sig.getKeyInfo();
            SAMLKeyInfo samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto());
            assertion.verifySignature(samlKeyInfo);
            assertion.parseSubject(new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto(), data.getCallbackHandler());
        } else if (getTLSCertificates(message) == null) {
            throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
        }
        if (samlValidator != null) {
            Credential credential = new Credential();
            credential.setSamlAssertion(assertion);
            samlValidator.validate(credential, data);
        }
        samlOAuthValidator.validate(message, assertion);
    } catch (Exception ex) {
        throw new OAuthServiceException(OAuthConstants.INVALID_GRANT, ex);
    }
}
Also used : WSDocInfo(org.apache.wss4j.dom.WSDocInfo) Credential(org.apache.wss4j.dom.validate.Credential) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader) IOException(java.io.IOException) Base64Exception(org.apache.cxf.common.util.Base64Exception) OAuthServiceException(org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException) IOException(java.io.IOException) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) WSSConfig(org.apache.wss4j.dom.engine.WSSConfig) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) RequestData(org.apache.wss4j.dom.handler.RequestData) Signature(org.opensaml.xmlsec.signature.Signature) WSSSAMLKeyInfoProcessor(org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)

Example 17 with WSSConfig

use of org.apache.wss4j.dom.engine.WSSConfig in project cxf by apache.

the class SAMLProtocolResponseValidator method validateAssertion.

/**
 * Validate an internal Assertion
 */
private void validateAssertion(SamlAssertionWrapper assertion, Crypto sigCrypto, CallbackHandler callbackHandler, Document doc, boolean signedResponse) throws WSSecurityException {
    Credential credential = new Credential();
    credential.setSamlAssertion(assertion);
    RequestData requestData = new RequestData();
    requestData.setSigVerCrypto(sigCrypto);
    WSSConfig wssConfig = WSSConfig.getNewInstance();
    requestData.setWssConfig(wssConfig);
    requestData.setCallbackHandler(callbackHandler);
    if (assertion.isSigned()) {
        if (assertion.getSaml1() != null) {
            assertion.getSaml1().getDOM().setIdAttributeNS(null, "AssertionID", true);
        } else {
            assertion.getSaml2().getDOM().setIdAttributeNS(null, "ID", true);
        }
        // Verify the signature
        try {
            Signature sig = assertion.getSignature();
            WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
            requestData.setWsDocInfo(docInfo);
            SAMLKeyInfo samlKeyInfo = null;
            KeyInfo keyInfo = sig.getKeyInfo();
            if (keyInfo != null) {
                samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(requestData), sigCrypto);
            } else if (!keyInfoMustBeAvailable) {
                samlKeyInfo = createKeyInfoFromDefaultAlias(sigCrypto);
            }
            if (samlKeyInfo == null) {
                LOG.fine("No KeyInfo supplied in the SAMLResponse assertion signature");
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
            }
            assertion.verifySignature(samlKeyInfo);
            assertion.parseSubject(new WSSSAMLKeyInfoProcessor(requestData), requestData.getSigVerCrypto(), requestData.getCallbackHandler());
        } catch (WSSecurityException e) {
            LOG.log(Level.FINE, "Assertion failed signature validation", e);
            throw e;
        }
    }
    // Validate the Assertion & verify trust in the signature
    try {
        SamlSSOAssertionValidator assertionValidator = new SamlSSOAssertionValidator(signedResponse);
        assertionValidator.validate(credential, requestData);
    } catch (WSSecurityException ex) {
        LOG.log(Level.FINE, "Assertion validation failed: " + ex.getMessage(), ex);
        throw ex;
    }
}
Also used : WSDocInfo(org.apache.wss4j.dom.WSDocInfo) Credential(org.apache.wss4j.dom.validate.Credential) BasicCredential(org.opensaml.security.credential.BasicCredential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) WSSConfig(org.apache.wss4j.dom.engine.WSSConfig) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) RequestData(org.apache.wss4j.dom.handler.RequestData) Signature(org.opensaml.xmlsec.signature.Signature) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSSSAMLKeyInfoProcessor(org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)

Example 18 with WSSConfig

use of org.apache.wss4j.dom.engine.WSSConfig in project cxf by apache.

the class AbstractSamlInHandler method validateToken.

protected void validateToken(Message message, SamlAssertionWrapper assertion) {
    try {
        RequestData data = new RequestData();
        data.setMsgContext(message);
        // Add Audience Restrictions for SAML
        configureAudienceRestriction(message, data);
        if (assertion.isSigned()) {
            WSSConfig cfg = WSSConfig.getNewInstance();
            data.setWssConfig(cfg);
            data.setCallbackHandler(RSSecurityUtils.getCallbackHandler(message, this.getClass()));
            try {
                data.setSigVerCrypto(new CryptoLoader().getCrypto(message, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES));
            } catch (IOException ex) {
                throwFault("Crypto can not be loaded", ex);
            }
            boolean enableRevocation = false;
            String enableRevocationStr = (String) org.apache.cxf.rt.security.utils.SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENABLE_REVOCATION, message);
            if (enableRevocationStr != null) {
                enableRevocation = Boolean.parseBoolean(enableRevocationStr);
            }
            data.setEnableRevocation(enableRevocation);
            Signature sig = assertion.getSignature();
            WSDocInfo docInfo = new WSDocInfo(sig.getDOM().getOwnerDocument());
            data.setWsDocInfo(docInfo);
            SAMLKeyInfo samlKeyInfo = null;
            KeyInfo keyInfo = sig.getKeyInfo();
            if (keyInfo != null) {
                samlKeyInfo = SAMLUtil.getCredentialFromKeyInfo(keyInfo.getDOM(), new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto());
            } else if (!keyInfoMustBeAvailable) {
                samlKeyInfo = createKeyInfoFromDefaultAlias(data.getSigVerCrypto());
            }
            assertion.verifySignature(samlKeyInfo);
            assertion.parseSubject(new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto(), data.getCallbackHandler());
        } else if (getTLSCertificates(message) == null) {
            throwFault("Assertion must be signed", null);
        }
        if (samlValidator != null) {
            Credential credential = new Credential();
            credential.setSamlAssertion(assertion);
            samlValidator.validate(credential, data);
        }
        checkSubjectConfirmationData(message, assertion);
        setSecurityContext(message, assertion);
    } catch (Exception ex) {
        throwFault("Assertion can not be validated", ex);
    }
}
Also used : WSDocInfo(org.apache.wss4j.dom.WSDocInfo) Credential(org.apache.wss4j.dom.validate.Credential) CryptoLoader(org.apache.cxf.rs.security.common.CryptoLoader) IOException(java.io.IOException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) IOException(java.io.IOException) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) WSSConfig(org.apache.wss4j.dom.engine.WSSConfig) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) RequestData(org.apache.wss4j.dom.handler.RequestData) Signature(org.opensaml.xmlsec.signature.Signature) WSSSAMLKeyInfoProcessor(org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)

Aggregations

WSSConfig (org.apache.wss4j.dom.engine.WSSConfig)18 RequestData (org.apache.wss4j.dom.handler.RequestData)14 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 Credential (org.apache.wss4j.dom.validate.Credential)10 WSDocInfo (org.apache.wss4j.dom.WSDocInfo)9 Crypto (org.apache.wss4j.common.crypto.Crypto)8 WSSSAMLKeyInfoProcessor (org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor)8 SAMLKeyInfo (org.apache.wss4j.common.saml.SAMLKeyInfo)7 Element (org.w3c.dom.Element)7 CallbackHandler (javax.security.auth.callback.CallbackHandler)6 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)6 KeyInfo (org.opensaml.xmlsec.signature.KeyInfo)6 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)5 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5 Document (org.w3c.dom.Document)5 Principal (java.security.Principal)4 Validator (org.apache.wss4j.dom.validate.Validator)4 Map (java.util.Map)3 JAXBElement (javax.xml.bind.JAXBElement)3 Signature (org.opensaml.xmlsec.signature.Signature)3
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial