Example 26 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class SCTCanceller method matchDOMSignatureSecret.
private boolean matchDOMSignatureSecret(Map<String, Object> messageContext, byte[] secretToMatch) {
final List<WSHandlerResult> handlerResults = CastUtils.cast((List<?>) messageContext.get(WSHandlerConstants.RECV_RESULTS));
if (handlerResults != null && !handlerResults.isEmpty()) {
WSHandlerResult handlerResult = handlerResults.get(0);
List<WSSecurityEngineResult> signedResults = handlerResult.getActionResults().get(WSConstants.SIGN);
if (signedResults != null) {
for (WSSecurityEngineResult engineResult : signedResults) {
byte[] receivedKey = (byte[]) engineResult.get(WSSecurityEngineResult.TAG_SECRET);
if (MessageDigest.isEqual(secretToMatch, receivedKey)) {
LOG.log(Level.FINE, "Verification of the proof of possession of the key associated with " + "the security context successful.");
return true;
}
}
}
}
return false;
}
Also used :
WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 27 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class IssueUnitTest method testBearerSaml1Lifetime.
/**
* Test the Bearer SAML1 case with a Lifetime element
*/
@org.junit.Test
public void testBearerSaml1Lifetime() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
// Get a token
SecurityToken token = requestSecurityTokenTTL(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, DEFAULT_ADDRESS);
assertEquals(SAML1_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
// Process the token
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertTrue(confirmMethod != null && confirmMethod.contains("bearer"));
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 28 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class IssueUnitTest method testSAMLinWSSecToOtherRealm.
@org.junit.Test
public void testSAMLinWSSecToOtherRealm() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
CallbackHandler callbackHandler = new CommonCallbackHandler();
// Create SAML token
Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, null, "alice", "a-issuer");
String id = null;
QName elName = DOMUtils.getElementQName(samlToken);
if (elName.equals(new QName(WSS4JConstants.SAML_NS, "Assertion")) && samlToken.hasAttributeNS(null, "AssertionID")) {
id = samlToken.getAttributeNS(null, "AssertionID");
} else if (elName.equals(new QName(WSS4JConstants.SAML2_NS, "Assertion")) && samlToken.hasAttributeNS(null, "ID")) {
id = samlToken.getAttributeNS(null, "ID");
}
if (id == null) {
id = samlToken.getAttributeNS(WSS4JConstants.WSU_NS, "Id");
}
SecurityToken wstoken = new SecurityToken(id, samlToken, null, null);
Map<String, Object> properties = new HashMap<>();
properties.put(SecurityConstants.TOKEN, wstoken);
properties.put(SecurityConstants.TOKEN_ID, wstoken.getId());
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null, bus, DEFAULT_ADDRESS, null, properties, "b-issuer", "Transport_SAML_Port");
/*
SecurityToken token =
requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null,
bus, DEFAULT_ADDRESS, null, properties, "b-issuer", null);
*/
assertEquals(SAML2_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertTrue(confirmMethod != null && confirmMethod.contains("bearer"));
assertEquals("b-issuer", assertion.getIssuerString());
String subjectName = assertion.getSaml2().getSubject().getNameID().getValue();
assertEquals("Subject must be ALICE instead of " + subjectName, "ALICE", subjectName);
}
Also used :
CommonCallbackHandler(org.apache.cxf.systest.sts.common.CommonCallbackHandler)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
CommonCallbackHandler(org.apache.cxf.systest.sts.common.CommonCallbackHandler)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
Crypto(org.apache.wss4j.common.crypto.Crypto)
Example 29 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class IssueUnitTest method testBearerSVSaml2.
/**
* Test the Bearer Sender Vouches SAML2 case
*/
@org.junit.Test
public void testBearerSVSaml2() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
// Get a token
SecurityToken token = requestSecurityToken(SAML2_TOKEN_TYPE, BEARER_KEYTYPE, null, bus, DEFAULT_ADDRESS, null, null, null, null);
assertEquals(SAML2_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
// Process the token
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.getSaml1() == null && assertion.getSaml2() != null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertNotNull(confirmMethod);
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Example 30 with WSSecurityEngineResult
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class IssueUnitTest method testBearerSaml1.
/**
* Test the Bearer SAML1 case
*/
@org.junit.Test
public void testBearerSaml1() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
// Get a token
SecurityToken token = requestSecurityToken(SAML1_TOKEN_TYPE, BEARER_KEYTYPE, bus, DEFAULT_ADDRESS);
assertEquals(SAML1_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
// Process the token
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertTrue(confirmMethod != null && confirmMethod.contains("bearer"));
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper)
WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)
Aggregations
WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)89
WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)42
SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)35
Element (org.w3c.dom.Element)23
HashMap (java.util.HashMap)19
ArrayList (java.util.ArrayList)18
Test (org.junit.Test)18
QName (javax.xml.namespace.QName)17
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)16
X509Certificate (java.security.cert.X509Certificate)12
SOAPMessage (javax.xml.soap.SOAPMessage)12
SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12
SecurityContext (org.apache.cxf.security.SecurityContext)12
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12
Message (org.apache.cxf.message.Message)9
WSDataRef (org.apache.wss4j.dom.WSDataRef)9
Document (org.w3c.dom.Document)9
AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)8
BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)8
RequestData (org.apache.wss4j.dom.handler.RequestData)8
