Example 16 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class STSUnitTest method testBearerSAML2Token.
@Test
public void testBearerSAML2Token() throws URISyntaxException, Exception {
Bus bus = BusFactory.getDefaultBus();
String stsEndpoint = "http://localhost:" + System.getProperty("BasicSTSIntegrationTest.PORT") + "/cxf/X509";
// sts could take a second or two to fully startup, make sure we can get the wsdl
waitForWSDL(stsEndpoint);
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, bus, stsEndpoint);
assertEquals(SAML2_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
// Process the token
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.getSaml1() == null && assertion.getSaml2() != null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertTrue(confirmMethod.contains("bearer"));
bus.shutdown(true);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Bus(org.apache.cxf.Bus)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
BasicSTSIntegrationTest(org.apache.cxf.systest.sts.itests.BasicSTSIntegrationTest)
Test(org.junit.Test)
Example 17 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class DoubleItBSTImpl method doubleIt.
public int doubleIt(int numberToDouble) throws DoubleItFault {
if (numberToDouble == 0) {
throw new DoubleItFault("0 can't be doubled!");
}
List<WSHandlerResult> results = CastUtils.cast((List<?>) wsContext.getMessageContext().get(WSHandlerConstants.RECV_RESULTS));
Assert.assertNotNull("Security Results cannot be null", results);
Assert.assertFalse(results.isEmpty());
WSHandlerResult result = results.get(0);
List<WSSecurityEngineResult> securityResults = result.getResults();
Assert.assertNotNull("Security Results cannot be null", securityResults);
Assert.assertFalse(securityResults.isEmpty());
WSSecurityEngineResult securityResult = securityResults.get(0);
BinarySecurity binarySecurityToken = (BinarySecurity) securityResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN);
Assert.assertNotNull(binarySecurityToken);
Assert.assertArrayEquals(binarySecurityToken.getToken(), "This is a token".getBytes());
return numberToDouble * 2;
}
Also used :
BinarySecurity(org.apache.wss4j.common.token.BinarySecurity)
DoubleItFault(org.example.contract.doubleit.DoubleItFault)
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 18 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class CustomParameterTest method validateSAMLSecurityTokenResponse.
private Element validateSAMLSecurityTokenResponse(RequestSecurityTokenResponseType securityResponse, boolean saml2) throws Exception {
RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
assertNotNull(requestedSecurityToken);
// Process the token
List<WSSecurityEngineResult> results = processToken((Element) requestedSecurityToken.getAny());
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
if (saml2) {
assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
} else {
assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
}
assertTrue(assertion.isSigned());
return (Element) results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
}
Also used :
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 19 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class LayoutPolicyValidator method validateStrictSignatureTokenPlacement.
private boolean validateStrictSignatureTokenPlacement(List<WSSecurityEngineResult> results) {
// Go through each Signature and check that the Signing Token appears before the Signature
for (int i = 0; i < results.size(); i++) {
WSSecurityEngineResult result = results.get(i);
Integer actInt = (Integer) result.get(WSSecurityEngineResult.TAG_ACTION);
if (actInt == WSConstants.SIGN) {
int correspondingIndex = findCorrespondingTokenIndex(result, results);
if (correspondingIndex > 0 && correspondingIndex < i) {
return false;
}
}
}
return true;
}
Also used :
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 20 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class LayoutPolicyValidator method validateStrictSignaturePlacement.
private boolean validateStrictSignaturePlacement(List<WSSecurityEngineResult> results, List<WSSecurityEngineResult> signedResults) {
// Go through each Signature and check any security header token is before the Signature
for (WSSecurityEngineResult signedResult : signedResults) {
List<WSDataRef> sl = CastUtils.cast((List<?>) signedResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS));
Integer actInt = (Integer) signedResult.get(WSSecurityEngineResult.TAG_ACTION);
if (sl == null || WSConstants.ST_SIGNED == actInt) {
continue;
}
for (WSDataRef r : sl) {
String xpath = r.getXpath();
if (xpath != null) {
String[] nodes = xpath.split("/");
// envelope/Header/wsse:Security/header
if (nodes.length == 5) {
Element protectedElement = r.getProtectedElement();
boolean tokenFound = false;
// Results are stored in reverse order
for (WSSecurityEngineResult result : results) {
Element resultElement = (Element) result.get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
if (resultElement == protectedElement) {
tokenFound = true;
}
if (tokenFound && result == signedResult) {
return false;
} else if (resultElement != null && result == signedResult) {
break;
}
}
}
}
}
}
return true;
}
Also used :
Element(org.w3c.dom.Element)
WSDataRef(org.apache.wss4j.dom.WSDataRef)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Aggregations
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)89
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)42
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)35
Element (org.w3c.dom.Element)23
HashMap (java.util.HashMap)19
ArrayList (java.util.ArrayList)18
Test (org.junit.Test)18
QName (javax.xml.namespace.QName)17
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)16
X509Certificate (java.security.cert.X509Certificate)12
SOAPMessage (javax.xml.soap.SOAPMessage)12
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12
SecurityContext (org.apache.cxf.security.SecurityContext)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
Message (org.apache.cxf.message.Message)9
WSDataRef (org.apache.wss4j.dom.WSDataRef)9
Document (org.w3c.dom.Document)9
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)8
BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)8
RequestData (org.apache.wss4j.dom.handler.RequestData)8
