use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class IssueUnitTest method testSymmetricKeySaml1.
/**
* Test the Symmetric Key SAML1 case
*/
@org.junit.Test
public void testSymmetricKeySaml1() throws Exception {
createBus(getClass().getResource("cxf-client.xml").toString());
// Get a token
SecurityToken token = requestSecurityToken(SAML1_TOKEN_TYPE, SYMMETRIC_KEY_KEYTYPE, bus, DEFAULT_ADDRESS);
assertTrue(token.getSecret() != null && token.getSecret().length > 0);
assertEquals(SAML1_TOKEN_TYPE, token.getTokenType());
assertNotNull(token.getToken());
// Process the token
List<WSSecurityEngineResult> results = processToken(token);
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
assertTrue(assertion.isSigned());
List<String> methods = assertion.getConfirmationMethods();
String confirmMethod = null;
if (methods != null && !methods.isEmpty()) {
confirmMethod = methods.get(0);
}
assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
assertNotNull(subjectKeyInfo.getSecret());
}
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class STSRESTTest method validateSAMLToken.
private static SamlAssertionWrapper validateSAMLToken(Document assertionDoc) throws Exception {
assertNotNull(assertionDoc);
List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
assertTrue(assertion.isSigned());
return assertion;
}
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class STSRESTTest method validateSAMLSecurityTokenResponse.
private static Element validateSAMLSecurityTokenResponse(RequestSecurityTokenResponseType securityResponse, boolean saml2) throws Exception {
RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
// Process the token
List<WSSecurityEngineResult> results = processToken((Element) requestedSecurityToken.getAny());
assertTrue(results != null && results.size() == 1);
SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
assertNotNull(assertion);
if (saml2) {
assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
} else {
assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
}
assertTrue(assertion.isSigned());
return (Element) results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
}
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class AbstractBindingBuilder method addSignatureConfirmation.
protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
Wss10 wss10 = getWss10();
if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
// If we don't require sig confirmation simply go back :-)
return;
}
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
/*
* loop over all results gathered by all handlers in the chain. For each
* handler result get the various actions. After that loop we have all
* signature results in the signatureActions list
*/
List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
for (WSHandlerResult wshResult : results) {
if (wshResult.getActionResults().containsKey(WSConstants.SIGN)) {
signatureActions.addAll(wshResult.getActionResults().get(WSConstants.SIGN));
}
if (wshResult.getActionResults().containsKey(WSConstants.UT_SIGN)) {
signatureActions.addAll(wshResult.getActionResults().get(WSConstants.UT_SIGN));
}
}
sigConfList = new ArrayList<>();
// prepare a SignatureConfirmation token
WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(secHeader);
wsc.setIdAllocator(wssConfig.getIdAllocator());
if (!signatureActions.isEmpty()) {
for (WSSecurityEngineResult wsr : signatureActions) {
byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
wsc.setSignatureValue(sigVal);
wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
part.setElement(wsc.getSignatureConfirmationElement());
sigParts.add(part);
sigConfList.add(part);
}
}
} else {
// No Sig value
wsc.prepare();
addSupportingElement(wsc.getSignatureConfirmationElement());
if (sigParts != null) {
WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
part.setElement(wsc.getSignatureConfirmationElement());
sigParts.add(part);
sigConfList.add(part);
}
}
assertPolicy(new QName(wss10.getName().getNamespaceURI(), SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.
the class SymmetricBindingHandler method getUTDerivedKey.
private SecurityToken getUTDerivedKey() throws WSSecurityException {
List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
for (WSHandlerResult rResult : results) {
List<WSSecurityEngineResult> wsSecEngineResults = rResult.getActionResults().get(WSConstants.UT_NOPASSWORD);
if (wsSecEngineResults != null) {
for (WSSecurityEngineResult wser : wsSecEngineResults) {
String utID = (String) wser.get(WSSecurityEngineResult.TAG_ID);
if (utID == null || utID.length() == 0) {
utID = wssConfig.getIdAllocator().createId("UsernameToken-", null);
}
Instant created = Instant.now();
Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
SecurityToken securityToken = new SecurityToken(utID, created, expires);
byte[] secret = (byte[]) wser.get(WSSecurityEngineResult.TAG_SECRET);
securityToken.setSecret(secret);
return securityToken;
}
}
}
return null;
}
Aggregations