Examples with WSSecurityEngineResult org.apache.wss4j.dom.engine.WSSecurityEngineResult used on opensource projects

Search in sources :

Example 51 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class AsymmetricBindingHandler method setupEncryptedKey.

private void setupEncryptedKey(AbstractToken token) throws WSSecurityException {
    if (!isRequestor() && token.getDerivedKeys() == DerivedKeys.RequireDerivedKeys) {
        // If we already have them, simply return
        if (encryptedKeyId != null && encryptedKeyValue != null) {
            return;
        }
        // Use the secret from the incoming EncryptedKey element
        List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
        if (results != null) {
            WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
            if (encryptedKeyResult != null) {
                encryptedKeyId = (String) encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
                encryptedKeyValue = (byte[]) encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET);
            }
            // Therefore we will create a new EncryptedKey
            if (encryptedKeyId == null && encryptedKeyValue == null) {
                createEncryptedKey(token);
            }
        } else {
            unassertPolicy(token, "No security results found");
        }
    } else {
        createEncryptedKey(token);
    }
}
Also used : WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 52 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class AsymmetricBindingHandler method getSAMLToken.

private String getSAMLToken() {
    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
    for (WSHandlerResult rResult : results) {
        List<WSSecurityEngineResult> wsSecEngineResults = rResult.getResults();
        for (WSSecurityEngineResult wser : wsSecEngineResults) {
            Integer actInt = (Integer) wser.get(WSSecurityEngineResult.TAG_ACTION);
            if (actInt.intValue() == WSConstants.ST_SIGNED || actInt.intValue() == WSConstants.ST_UNSIGNED) {
                Instant created = Instant.now();
                Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
                String id = (String) wser.get(WSSecurityEngineResult.TAG_ID);
                SecurityToken tempTok = new SecurityToken(id, created, expires);
                tempTok.setSecret((byte[]) wser.get(WSSecurityEngineResult.TAG_SECRET));
                tempTok.setX509Certificate((X509Certificate) wser.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE), null);
                SamlAssertionWrapper samlAssertion = (SamlAssertionWrapper) wser.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
                if (samlAssertion.getSamlVersion() == SAMLVersion.VERSION_20) {
                    tempTok.setTokenType(WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
                } else {
                    tempTok.setTokenType(WSS4JConstants.WSS_SAML_TOKEN_TYPE);
                }
                message.put(SecurityConstants.TOKEN, tempTok);
                return id;
            }
        }
    }
    return null;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Instant(java.time.Instant) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 53 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class SymmetricBindingHandler method getEncryptedKey.

private SecurityToken getEncryptedKey() {
    WSSecurityEngineResult encryptedKeyResult = getEncryptedKeyResult();
    if (encryptedKeyResult != null) {
        // Store it in the cache
        Instant created = Instant.now();
        Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
        String encryptedKeyID = (String) encryptedKeyResult.get(WSSecurityEngineResult.TAG_ID);
        SecurityToken securityToken = new SecurityToken(encryptedKeyID, created, expires);
        securityToken.setSecret((byte[]) encryptedKeyResult.get(WSSecurityEngineResult.TAG_SECRET));
        securityToken.setSHA1(getSHA1((byte[]) encryptedKeyResult.get(WSSecurityEngineResult.TAG_ENCRYPTED_EPHEMERAL_KEY)));
        return securityToken;
    }
    return null;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Instant(java.time.Instant) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 54 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class UsernameTokenInterceptor method processToken.

protected void processToken(SoapMessage message) {
    Header h = findSecurityHeader(message, false);
    if (h == null) {
        return;
    }
    boolean utWithCallbacks = MessageUtils.getContextualBoolean(message, SecurityConstants.VALIDATE_TOKEN, true);
    Element el = (Element) h.getObject();
    Element child = DOMUtils.getFirstElement(el);
    while (child != null) {
        if (SPConstants.USERNAME_TOKEN.equals(child.getLocalName()) && WSS4JConstants.WSSE_NS.equals(child.getNamespaceURI())) {
            try {
                boolean bspCompliant = isWsiBSPCompliant(message);
                boolean allowNSPasswdTypes = allowNamespaceQualifiedPWDTypes(message);
                Principal principal;
                Subject subject = null;
                Object transformedToken = null;
                if (utWithCallbacks) {
                    final WSSecurityEngineResult result = validateToken(child, message);
                    subject = (Subject) result.get(WSSecurityEngineResult.TAG_SUBJECT);
                    transformedToken = result.get(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN);
                    principal = (Principal) result.get(WSSecurityEngineResult.TAG_PRINCIPAL);
                    if (principal == null) {
                        principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
                    }
                } else {
                    principal = parseTokenAndCreatePrincipal(child, bspCompliant, allowNSPasswdTypes);
                    WSS4JTokenConverter.convertToken(message, principal);
                }
                SecurityContext sc = message.get(SecurityContext.class);
                if (sc == null || sc.getUserPrincipal() == null) {
                    if (transformedToken instanceof SamlAssertionWrapper) {
                        message.put(SecurityContext.class, createSecurityContext(message, (SamlAssertionWrapper) transformedToken));
                    } else if (subject != null && principal != null) {
                        message.put(SecurityContext.class, createSecurityContext(principal, subject));
                    } else {
                        UsernameTokenPrincipal utPrincipal = (UsernameTokenPrincipal) principal;
                        String nonce = null;
                        if (utPrincipal.getNonce() != null) {
                            nonce = XMLUtils.encodeToString(utPrincipal.getNonce());
                        }
                        subject = createSubject(utPrincipal.getName(), utPrincipal.getPassword(), utPrincipal.isPasswordDigest(), nonce, utPrincipal.getCreatedTime());
                        message.put(SecurityContext.class, createSecurityContext(utPrincipal, subject));
                    }
                }
                if (principal instanceof UsernameTokenPrincipal) {
                    storeResults((UsernameTokenPrincipal) principal, subject, message);
                }
            } catch (WSSecurityException | Base64DecodingException ex) {
                throw new Fault(ex);
            }
        }
        child = DOMUtils.getNextElement(child);
    }
}
Also used : Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Fault(org.apache.cxf.interceptor.Fault) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) Subject(javax.security.auth.Subject) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) Header(org.apache.cxf.headers.Header) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal) SAMLSecurityContext(org.apache.cxf.rt.security.saml.claims.SAMLSecurityContext) DefaultSecurityContext(org.apache.cxf.interceptor.security.DefaultSecurityContext) SecurityContext(org.apache.cxf.security.SecurityContext) Principal(java.security.Principal) UsernameTokenPrincipal(org.apache.wss4j.common.principal.UsernameTokenPrincipal)

Example 55 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class UsernameTokenInterceptor method validateToken.

protected WSSecurityEngineResult validateToken(Element tokenElement, final SoapMessage message) throws WSSecurityException, Base64DecodingException {
    boolean bspCompliant = isWsiBSPCompliant(message);
    boolean allowNoPassword = isAllowNoPassword(message.get(AssertionInfoMap.class));
    UsernameTokenProcessor p = new UsernameTokenProcessor();
    RequestData data = new CXFRequestData();
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
    try {
        data.setCallbackHandler(SecurityUtils.getCallbackHandler(o));
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    data.setMsgContext(message);
    // Configure replay caching
    ReplayCache nonceCache = WSS4JUtils.getReplayCache(message, SecurityConstants.ENABLE_NONCE_CACHE, SecurityConstants.NONCE_CACHE_INSTANCE);
    data.setNonceReplayCache(nonceCache);
    data.setAllowUsernameTokenNoPassword(allowNoPassword);
    data.setWssConfig(WSSConfig.getNewInstance());
    if (!bspCompliant) {
        data.setDisableBSPEnforcement(true);
    }
    data.setMsgContext(message);
    WSDocInfo wsDocInfo = new WSDocInfo(tokenElement.getOwnerDocument());
    data.setWsDocInfo(wsDocInfo);
    try {
        List<WSSecurityEngineResult> results = p.handleToken(tokenElement, data);
        return results.get(0);
    } catch (WSSecurityException ex) {
        throw WSS4JUtils.createSoapFault(message, message.getVersion(), ex);
    }
}
Also used : UsernameTokenProcessor(org.apache.wss4j.dom.processor.UsernameTokenProcessor) WSDocInfo(org.apache.wss4j.dom.WSDocInfo) ReplayCache(org.apache.wss4j.common.cache.ReplayCache) RequestData(org.apache.wss4j.dom.handler.RequestData) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Aggregations

WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)89 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)42 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)35 Element (org.w3c.dom.Element)23 HashMap (java.util.HashMap)19 ArrayList (java.util.ArrayList)18 Test (org.junit.Test)18 QName (javax.xml.namespace.QName)17 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)16 X509Certificate (java.security.cert.X509Certificate)12 SOAPMessage (javax.xml.soap.SOAPMessage)12 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12 SecurityContext (org.apache.cxf.security.SecurityContext)12 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 Message (org.apache.cxf.message.Message)9 WSDataRef (org.apache.wss4j.dom.WSDataRef)9 Document (org.w3c.dom.Document)9 AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)8 BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)8 RequestData (org.apache.wss4j.dom.handler.RequestData)8
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial