Example 46 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class AsymmetricBindingPolicyValidator method checkInitiatorTokens.
private boolean checkInitiatorTokens(AbstractTokenWrapper wrapper, AsymmetricBinding binding, AssertionInfo ai, AssertionInfoMap aim, boolean hasDerivedKeys, List<WSSecurityEngineResult> signedResults, List<WSSecurityEngineResult> encryptedResults) {
AbstractToken token = wrapper.getToken();
if (token instanceof X509Token) {
boolean foundCert = false;
for (WSSecurityEngineResult result : signedResults) {
X509Certificate cert = (X509Certificate) result.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
if (cert != null) {
foundCert = true;
break;
}
}
if (!foundCert && !signedResults.isEmpty()) {
String error = "An X.509 certificate was not used for the " + wrapper.getName();
unassertPolicy(aim, wrapper.getName(), error);
ai.setNotAsserted(error);
return false;
}
}
PolicyUtils.assertPolicy(aim, wrapper.getName());
if (!checkDerivedKeys(wrapper, hasDerivedKeys, signedResults, encryptedResults)) {
ai.setNotAsserted("Message fails the DerivedKeys requirement");
return false;
}
assertDerivedKeys(wrapper.getToken(), aim);
return true;
}
Also used :
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
X509Token(org.apache.wss4j.policy.model.X509Token)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
X509Certificate(java.security.cert.X509Certificate)
Example 47 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project testcases by coheigea.
the class EncryptionSerializerBenchmark method doDecryption.
private void doDecryption(Document encryptedDoc, Serializer serializer) throws Exception {
WSSecurityEngine engine = new WSSecurityEngine();
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(serviceCrypto);
data.setCallbackHandler(new CommonCallbackHandler());
data.setEncryptionSerializer(serializer);
Element securityHeader = WSSecurityUtil.getSecurityHeader(encryptedDoc, "");
Assert.assertNotNull(securityHeader);
WSHandlerResult results = engine.processSecurityHeader(securityHeader, data);
WSSecurityEngineResult actionResult = results.getActionResults().get(WSConstants.ENCR).get(0);
Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
}
Also used :
RequestData(org.apache.wss4j.dom.handler.RequestData)
Element(org.w3c.dom.Element)
WSSecurityEngine(org.apache.wss4j.dom.engine.WSSecurityEngine)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 48 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project testcases by coheigea.
the class EncryptionReferenceBenchmark method doEncryption.
private void doEncryption(int identifier, REFERENCE_TYPE referenceType, Crypto verifyingCrypto) throws Exception {
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
WSSecEncrypt builder = new WSSecEncrypt(secHeader);
builder.setUserInfo("myservicekey", "skpass");
builder.setKeyIdentifierType(identifier);
Document encryptedDoc = builder.build(serviceCrypto);
WSSecurityEngine engine = new WSSecurityEngine();
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setDecCrypto(verifyingCrypto);
data.setCallbackHandler(new CommonCallbackHandler());
Element securityHeader = WSSecurityUtil.getSecurityHeader(encryptedDoc, "");
Assert.assertNotNull(securityHeader);
WSHandlerResult results = engine.processSecurityHeader(securityHeader, data);
WSSecurityEngineResult actionResult = results.getActionResults().get(WSConstants.ENCR).get(0);
Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
REFERENCE_TYPE refType = (REFERENCE_TYPE) actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
Assert.assertTrue(refType == referenceType);
}
Also used :
WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader)
WSSecEncrypt(org.apache.wss4j.dom.message.WSSecEncrypt)
RequestData(org.apache.wss4j.dom.handler.RequestData)
REFERENCE_TYPE(org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE)
Element(org.w3c.dom.Element)
WSSecurityEngine(org.apache.wss4j.dom.engine.WSSecurityEngine)
Document(org.w3c.dom.Document)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 49 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project testcases by coheigea.
the class SignatureReferenceBenchmark method doSignature.
private void doSignature(int identifier, REFERENCE_TYPE referenceType, Crypto verifyingCrypto) throws Exception {
Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
WSSecHeader secHeader = new WSSecHeader(doc);
secHeader.insertSecurityHeader();
WSSecSignature builder = new WSSecSignature(secHeader);
builder.setUserInfo("myclientkey", "ckpass");
builder.setKeyIdentifierType(identifier);
Document signedDoc = builder.build(clientCrypto);
WSSecurityEngine engine = new WSSecurityEngine();
RequestData data = new RequestData();
data.setWssConfig(WSSConfig.getNewInstance());
data.setSigVerCrypto(verifyingCrypto);
data.setSubjectCertConstraints(Collections.singletonList(certConstraint));
Element securityHeader = WSSecurityUtil.getSecurityHeader(signedDoc, "");
Assert.assertNotNull(securityHeader);
WSHandlerResult results = engine.processSecurityHeader(securityHeader, data);
WSSecurityEngineResult actionResult = results.getActionResults().get(WSConstants.SIGN).get(0);
Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE));
Assert.assertNotNull(actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE));
REFERENCE_TYPE refType = (REFERENCE_TYPE) actionResult.get(WSSecurityEngineResult.TAG_X509_REFERENCE_TYPE);
Assert.assertTrue(refType == referenceType);
}
Also used :
WSSecHeader(org.apache.wss4j.dom.message.WSSecHeader)
RequestData(org.apache.wss4j.dom.handler.RequestData)
REFERENCE_TYPE(org.apache.wss4j.dom.str.STRParser.REFERENCE_TYPE)
WSSecSignature(org.apache.wss4j.dom.message.WSSecSignature)
Element(org.w3c.dom.Element)
WSSecurityEngine(org.apache.wss4j.dom.engine.WSSecurityEngine)
Document(org.w3c.dom.Document)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 50 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project ddf by codice.
the class SecurityAssertionStore method getSecurityAssertion.
/**
* Return the SecurityAssertion wrapper associated with the provided message
*
* @param message Message
* @return SecurityAssertion
*/
public static SecurityAssertion getSecurityAssertion(Message message) {
if (message != null) {
TokenStore tokenStore = getTokenStore(message);
Principal principal = null;
SecurityContext context = message.get(SecurityContext.class);
if (context != null) {
principal = context.getUserPrincipal();
}
if (!(principal instanceof SAMLTokenPrincipal)) {
// Try to find the SAMLTokenPrincipal if it exists
List<?> wsResults = List.class.cast(message.get(WSHandlerConstants.RECV_RESULTS));
if (wsResults != null) {
for (Object wsResult : wsResults) {
if (wsResult instanceof WSHandlerResult) {
List<WSSecurityEngineResult> wsseResults = ((WSHandlerResult) wsResult).getResults();
for (WSSecurityEngineResult wsseResult : wsseResults) {
Object principalResult = wsseResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
if (principalResult instanceof SAMLTokenPrincipal) {
principal = (SAMLTokenPrincipal) principalResult;
break;
}
}
}
}
}
}
if (tokenStore != null && principal instanceof SAMLTokenPrincipal) {
String id = ((SAMLTokenPrincipal) principal).getId();
SamlAssertionWrapper samlAssertionWrapper = ((SAMLTokenPrincipal) principal).getToken();
SecurityToken token = tokenStore.getToken(id);
if (token == null) {
if (samlAssertionWrapper.getSaml2().getIssueInstant() != null && samlAssertionWrapper.getSaml2().getConditions() != null && samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter() != null) {
token = new SecurityToken(id, samlAssertionWrapper.getElement(), Instant.ofEpochMilli(samlAssertionWrapper.getSaml2().getIssueInstant().getMillis()), Instant.ofEpochMilli(samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter().getMillis()));
} else {
// we don't know how long this should last or when it was created, so just
// set it to 1 minute
// This shouldn't happen unless someone sets up a third party STS with weird
// settings.
Instant now = Instant.now();
token = new SecurityToken(id, samlAssertionWrapper.getElement(), now, now.plus(Duration.ofMinutes(1L)));
}
tokenStore.add(token);
}
return new SecurityAssertionSaml(samlAssertionWrapper.getElement());
} else if (principal instanceof SecurityAssertionPrincipal) {
return ((SecurityAssertionPrincipal) principal).getAssertion();
}
}
return new SecurityAssertionSaml();
}
Also used :
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
SecurityAssertionPrincipal(ddf.security.assertion.SecurityAssertionPrincipal)
Instant(java.time.Instant)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityContext(org.apache.cxf.security.SecurityContext)
TokenStore(org.apache.cxf.ws.security.tokenstore.TokenStore)
SAMLTokenPrincipal(org.apache.wss4j.common.principal.SAMLTokenPrincipal)
Principal(java.security.Principal)
SecurityAssertionPrincipal(ddf.security.assertion.SecurityAssertionPrincipal)
SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml)
Aggregations
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)89
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)42
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)35
Element (org.w3c.dom.Element)23
HashMap (java.util.HashMap)19
ArrayList (java.util.ArrayList)18
Test (org.junit.Test)18
QName (javax.xml.namespace.QName)17
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)16
X509Certificate (java.security.cert.X509Certificate)12
SOAPMessage (javax.xml.soap.SOAPMessage)12
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12
SecurityContext (org.apache.cxf.security.SecurityContext)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
Message (org.apache.cxf.message.Message)9
WSDataRef (org.apache.wss4j.dom.WSDataRef)9
Document (org.w3c.dom.Document)9
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)8
BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)8
RequestData (org.apache.wss4j.dom.handler.RequestData)8
