Examples with WSSecurityEngineResult org.apache.wss4j.dom.engine.WSSecurityEngineResult used on opensource projects

Example 81 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class SecurityActionTokenTest method testEncryption.

@Test
public void testEncryption() throws Exception {
    EncryptionActionToken actionToken = new EncryptionActionToken();
    actionToken.setCryptoProperties("outsecurity.properties");
    actionToken.setUser("myalias");
    List<HandlerAction> actions = Collections.singletonList(new HandlerAction(WSConstants.ENCR, actionToken));
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(WSHandlerConstants.HANDLER_ACTIONS, actions);
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.ENCRYPTION);
    inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
    inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//s:Body/xenc:EncryptedData");
    List<WSHandlerResult> handlerResults = getResults(makeInvocation(outProperties, xpaths, inProperties));
    assertNotNull(handlerResults);
    assertSame(handlerResults.size(), 1);
    // 
    // This should contain exactly 1 protection result
    // 
    final java.util.List<WSSecurityEngineResult> protectionResults = handlerResults.get(0).getResults();
    assertNotNull(protectionResults);
    assertSame(protectionResults.size(), 1);
    // 
    // This result should contain a reference to the decrypted element,
    // which should contain the soap:Body Qname
    // 
    final java.util.Map<String, Object> result = protectionResults.get(0);
    final java.util.List<WSDataRef> protectedElements = CastUtils.cast((List<?>) result.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
    assertNotNull(protectedElements);
    assertSame(protectedElements.size(), 1);
    assertEquals(protectedElements.get(0).getName(), new javax.xml.namespace.QName("http://schemas.xmlsoap.org/soap/envelope/", "Body"));
}

Example 82 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class SecurityActionTokenTest method testSignature.

@Test
public void testSignature() throws Exception {
    SignatureActionToken actionToken = new SignatureActionToken();
    actionToken.setCryptoProperties("outsecurity.properties");
    actionToken.setUser("myalias");
    List<HandlerAction> actions = Collections.singletonList(new HandlerAction(WSConstants.SIGN, actionToken));
    Map<String, Object> outProperties = new HashMap<>();
    outProperties.put(WSHandlerConstants.HANDLER_ACTIONS, actions);
    outProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.SIGNATURE);
    inProperties.put(ConfigurationConstants.SIG_VER_PROP_FILE, "insecurity.properties");
    List<String> xpaths = new ArrayList<>();
    xpaths.add("//wsse:Security");
    xpaths.add("//wsse:Security/ds:Signature");
    List<WSHandlerResult> handlerResults = getResults(makeInvocation(outProperties, xpaths, inProperties));
    WSSecurityEngineResult actionResult = handlerResults.get(0).getActionResults().get(WSConstants.SIGN).get(0);
    X509Certificate certificate = (X509Certificate) actionResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
    assertNotNull(certificate);
}

Example 83 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class SAMLTokenRenewerPOPTest method renewValidSAML1AssertionWrongPOP.

/**
 * Renew a valid SAML1 Assertion
 */
@org.junit.Test
public void renewValidSAML1AssertionWrongPOP() throws Exception {
    // Create the Assertion
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50000, true, false);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    // Validate the Assertion
    TokenValidator samlTokenValidator = new SAMLTokenValidator();
    TokenValidatorParameters validatorParameters = createValidatorParameters();
    TokenRequirements tokenRequirements = validatorParameters.getTokenRequirements();
    ReceivedToken validateTarget = new ReceivedToken(samlToken);
    tokenRequirements.setValidateTarget(validateTarget);
    validatorParameters.setToken(validateTarget);
    assertTrue(samlTokenValidator.canHandleToken(validateTarget));
    TokenValidatorResponse validatorResponse = samlTokenValidator.validateToken(validatorParameters);
    assertNotNull(validatorResponse);
    assertNotNull(validatorResponse.getToken());
    assertTrue(validatorResponse.getToken().getState() == STATE.VALID);
    // Renew the Assertion
    TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
    renewerParameters.setAppliesToAddress("http://dummy-service.com/dummy");
    renewerParameters.setStsProperties(validatorParameters.getStsProperties());
    renewerParameters.setPrincipal(new CustomTokenPrincipal("alice"));
    renewerParameters.setMessageContext(validatorParameters.getMessageContext());
    renewerParameters.setKeyRequirements(validatorParameters.getKeyRequirements());
    renewerParameters.setTokenRequirements(validatorParameters.getTokenRequirements());
    renewerParameters.setTokenStore(validatorParameters.getTokenStore());
    renewerParameters.setToken(validatorResponse.getToken());
    TokenRenewer samlTokenRenewer = new SAMLTokenRenewer();
    assertTrue(samlTokenRenewer.canHandleToken(validatorResponse.getToken()));
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Expected failure on lack of proof of possession");
    } catch (Exception ex) {
    // expected
    }
    WSSecurityEngineResult signedResult = new WSSecurityEngineResult(WSConstants.SIGN);
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("myservicekey");
    signedResult.put(WSSecurityEngineResult.TAG_X509_CERTIFICATES, crypto.getX509Certificates(cryptoType));
    List<WSSecurityEngineResult> signedResults = Collections.singletonList(signedResult);
    WSHandlerResult handlerResult = new WSHandlerResult(null, signedResults, Collections.singletonMap(WSConstants.SIGN, signedResults));
    Map<String, Object> messageContext = validatorParameters.getMessageContext();
    messageContext.put(WSHandlerConstants.RECV_RESULTS, Collections.singleton(handlerResult));
    try {
        samlTokenRenewer.renewToken(renewerParameters);
        fail("Expected failure on wrong signature key");
    } catch (Exception ex) {
    // expected
    }
}

Example 84 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class TokenIssueOperation method fetchSAMLAssertionFromWSSecuritySAMLToken.

/**
 * Method to fetch SAML assertion from the WS-Security header
 */
private static SamlAssertionWrapper fetchSAMLAssertionFromWSSecuritySAMLToken(Map<String, Object> messageContext) {
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS));
    // Try DOM results first
    if (handlerResults != null && !handlerResults.isEmpty()) {
        WSHandlerResult handlerResult = handlerResults.get(0);
        List<WSSecurityEngineResult> engineResults = handlerResult.getResults();
        for (WSSecurityEngineResult engineResult : engineResults) {
            Object token = engineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
            if (token instanceof SamlAssertionWrapper) {
                return (SamlAssertionWrapper) token;
            }
        }
    }
    // Now try steaming results
    try {
        org.apache.xml.security.stax.securityToken.SecurityToken securityToken = findInboundSecurityToken(WSSecurityEventConstants.SAML_TOKEN, messageContext);
        if (securityToken instanceof SamlSecurityToken && ((SamlSecurityToken) securityToken).getSamlAssertionWrapper() != null) {
            return ((SamlSecurityToken) securityToken).getSamlAssertionWrapper();
        }
    } catch (XMLSecurityException e) {
        LOG.log(Level.FINE, e.getMessage(), e);
        return null;
    }
    return null;
}

Example 85 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class RequestParser method fetchTokenElementFromReference.

/**
 * Method to fetch token from the SecurityTokenReference
 */
private static Element fetchTokenElementFromReference(Object targetToken, Map<String, Object> messageContext) {
    // Get the reference URI
    String referenceURI = null;
    if (targetToken instanceof Element) {
        Element tokenElement = (Element) targetToken;
        NodeList refList = tokenElement.getElementsByTagNameNS(STSConstants.WSSE_EXT_04_01, "Reference");
        if (refList.getLength() == 0) {
            throw new STSException("Cannot find Reference element in the SecurityTokenReference.", STSException.REQUEST_FAILED);
        }
        referenceURI = refList.item(0).getNodeValue();
    } else if (targetToken instanceof SecurityTokenReferenceType) {
        Iterator<?> iterator = ((SecurityTokenReferenceType) targetToken).getAny().iterator();
        while (iterator.hasNext()) {
            JAXBElement<?> jaxbElement = (JAXBElement<?>) iterator.next();
            if (jaxbElement.getValue() instanceof ReferenceType) {
                referenceURI = ((ReferenceType) jaxbElement.getValue()).getURI();
            }
        }
    }
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Reference URI found " + referenceURI);
    }
    if (referenceURI == null) {
        LOG.log(Level.WARNING, "No Reference URI was received");
        throw new STSException("An unknown element was received", STSException.BAD_REQUEST);
    }
    // Find processed token corresponding to the URI
    referenceURI = XMLUtils.getIDFromReference(referenceURI);
    final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS));
    if (handlerResults != null && !handlerResults.isEmpty()) {
        WSHandlerResult handlerResult = handlerResults.get(0);
        List<WSSecurityEngineResult> engineResults = handlerResult.getResults();
        for (WSSecurityEngineResult engineResult : engineResults) {
            Integer actInt = (Integer) engineResult.get(WSSecurityEngineResult.TAG_ACTION);
            String id = (String) engineResult.get(WSSecurityEngineResult.TAG_ID);
            if (referenceURI.equals(id)) {
                Element tokenElement = (Element) engineResult.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
                if (tokenElement == null) {
                    throw new STSException("Cannot retrieve token from reference", STSException.INVALID_REQUEST);
                }
                return tokenElement;
            } else if (actInt == WSConstants.SCT) {
                // Need to check special case of SecurityContextToken Identifier separately
                SecurityContextToken sct = (SecurityContextToken) engineResult.get(WSSecurityEngineResult.TAG_SECURITY_CONTEXT_TOKEN);
                if (referenceURI.equals(sct.getIdentifier())) {
                    return sct.getElement();
                }
            }
        }
    }
    throw new STSException("Cannot retreive token from reference", STSException.REQUEST_FAILED);
}