Examples with WSSecurityEngineResult org.apache.wss4j.dom.engine.WSSecurityEngineResult used on opensource projects

Example 1 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project ddf by codice.

the class SecurityAssertionStore method getSecurityAssertion.

/**
     * Return the SecurityAssertion wrapper associated with the provided message
     *
     * @param message Message
     * @return SecurityAssertion
     */
public static SecurityAssertion getSecurityAssertion(Message message) {
    if (message != null) {
        TokenStore tokenStore = getTokenStore(message);
        Principal principal = null;
        SecurityContext context = message.get(SecurityContext.class);
        if (context != null) {
            principal = context.getUserPrincipal();
        }
        if (!(principal instanceof SAMLTokenPrincipal)) {
            // Try to find the SAMLTokenPrincipal if it exists
            List<?> wsResults = List.class.cast(message.get(WSHandlerConstants.RECV_RESULTS));
            if (wsResults != null) {
                for (Object wsResult : wsResults) {
                    if (wsResult instanceof WSHandlerResult) {
                        List<WSSecurityEngineResult> wsseResults = ((WSHandlerResult) wsResult).getResults();
                        for (WSSecurityEngineResult wsseResult : wsseResults) {
                            Object principalResult = wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                            if (principalResult instanceof SAMLTokenPrincipal) {
                                principal = (SAMLTokenPrincipal) principalResult;
                                break;
                            }
                        }
                    }
                }
            }
        }
        if (tokenStore != null && principal != null && principal instanceof SAMLTokenPrincipal) {
            String id = ((SAMLTokenPrincipal) principal).getId();
            SamlAssertionWrapper samlAssertionWrapper = ((SAMLTokenPrincipal) principal).getToken();
            SecurityToken token = tokenStore.getToken(id);
            if (token == null) {
                if (samlAssertionWrapper.getSaml2().getIssueInstant() != null && samlAssertionWrapper.getSaml2().getConditions() != null && samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter() != null) {
                    token = new SecurityToken(id, samlAssertionWrapper.getElement(), samlAssertionWrapper.getSaml2().getIssueInstant().toDate(), samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter().toDate());
                } else {
                    // we don't know how long this should last or when it was created, so just
                    // set it to 1 minute
                    // This shouldn't happen unless someone sets up a third party STS with weird
                    // settings.
                    Date date = new Date();
                    token = new SecurityToken(id, samlAssertionWrapper.getElement(), date, new Date(date.getTime() + TimeUnit.MINUTES.toMillis(1)));
                }
                tokenStore.add(token);
            }
            return new SecurityAssertionImpl(token);
        }
    }
    return new SecurityAssertionImpl();
}

Example 2 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class AsymmetricBindingHandler method setupEncryptedKey.

private void setupEncryptedKey(AbstractTokenWrapper wrapper, AbstractToken token) throws WSSecurityException {
    if (!isRequestor() && token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        // If we already have them, simply return
        if (encryptedKeyId != null && encryptedKeyValue != null) {
            return;
        }
        // Use the secret from the incoming EncryptedKey element
        List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
        if (results != null) {
            WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
            if (encryptedKeyResult != null) {
                encryptedKeyId = (String) encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
                encryptedKeyValue = (byte[]) encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET);
            }
            // Therefore we will create a new EncryptedKey
            if (encryptedKeyId == null && encryptedKeyValue == null) {
                createEncryptedKey(wrapper, token);
            }
        } else {
            unassertPolicy(token, "No security results found");
        }
    } else {
        createEncryptedKey(wrapper, token);
    }
}

Example 3 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project testcases by coheigea.

the class EncryptionAlgorithmBenchmark method doEncryption.

private void doEncryption(String keyTransportAlgorithm, Crypto verifyingCrypto) throws Exception {
    Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
    WSSecHeader secHeader = new WSSecHeader(doc);
    secHeader.insertSecurityHeader();
    WSSecEncrypt builder = new WSSecEncrypt(secHeader);
    builder.setUserInfo("myservicekey", "skpass");
    builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
    builder.setKeyEncAlgo(keyTransportAlgorithm);
    Document encryptedDoc = builder.build(serviceCrypto);
    WSSecurityEngine engine = new WSSecurityEngine();
    RequestData data = new RequestData();
    data.setWssConfig(WSSConfig.getNewInstance());
    data.setDecCrypto(verifyingCrypto);
    data.setCallbackHandler(new CommonCallbackHandler());
    if (WSConstants.KEYTRANSPORT_RSA15.equals(keyTransportAlgorithm)) {
        data.setAllowRSA15KeyTransportAlgorithm(true);
    }
    Element securityHeader = WSSecurityUtil.getSecurityHeader(encryptedDoc, "");
    Assert.assertNotNull(securityHeader);
    WSHandlerResult results = engine.processSecurityHeader(securityHeader, data);
    WSSecurityEngineResult actionResult = results.getActionResults().get(WSConstants.ENCR).get(0);
    Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
    Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
}

Example 4 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project testcases by coheigea.

the class SignatureAlgorithmBenchmark method doSignature.

private void doSignature(String c14nAlgo, boolean addInclusivePrefixes, String digestAlgo, String sigAlgo, Crypto verifyingCrypto) throws Exception {
    Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
    WSSecHeader secHeader = new WSSecHeader(doc);
    secHeader.insertSecurityHeader();
    WSSecSignature builder = new WSSecSignature(secHeader);
    builder.setUserInfo("myclientkey", "ckpass");
    builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
    builder.setSigCanonicalization(c14nAlgo);
    builder.setDigestAlgo(digestAlgo);
    builder.setSignatureAlgorithm(sigAlgo);
    builder.setAddInclusivePrefixes(addInclusivePrefixes);
    Document signedDoc = builder.build(clientCrypto);
    WSSecurityEngine engine = new WSSecurityEngine();
    RequestData data = new RequestData();
    data.setWssConfig(WSSConfig.getNewInstance());
    data.setSigVerCrypto(verifyingCrypto);
    data.setSubjectCertConstraints(Collections.singletonList(certConstraint));
    List<BSPRule> ignoredRules = new ArrayList<BSPRule>();
    ignoredRules.add(BSPRule.R5404);
    ignoredRules.add(BSPRule.R5406);
    data.setIgnoredBSPRules(ignoredRules);
    Element securityHeader = WSSecurityUtil.getSecurityHeader(signedDoc, "");
    Assert.assertNotNull(securityHeader);
    WSHandlerResult results = engine.processSecurityHeader(securityHeader, data);
    WSSecurityEngineResult actionResult = results.getActionResults().get(WSConstants.SIGN).get(0);
    Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
    Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
}

Example 5 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class IssueUnitTest method testBearerSaml1Lifetime.

/**
 * Test the Bearer SAML1 case with a Lifetime element
 */
@org.junit.Test
public void testBearerSaml1Lifetime() throws Exception {
    createBus(getClass().getResource("cxf-client.xml").toString());
    // Get a token
    SecurityToken token = requestSecurityTokenTTL(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, DEFAULT_ADDRESS);
    assertEquals(SAML1_TOKEN_TYPE, token.getTokenType());
    assertNotNull(token.getToken());
    // Process the token
    List<WSSecurityEngineResult> results = processToken(token);
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertNotNull(assertion);
    assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
    assertTrue(assertion.isSigned());
    List<String> methods = assertion.getConfirmationMethods();
    String confirmMethod = null;
    if (methods != null && !methods.isEmpty()) {
        confirmMethod = methods.get(0);
    }
    assertTrue(confirmMethod != null && confirmMethod.contains("bearer"));
}