Search in sources :

Example 31 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class IssueUnitTest method testSymmetricKeySaml1.

/**
 * Test the Symmetric Key SAML1 case
 */
@org.junit.Test
public void testSymmetricKeySaml1() throws Exception {
    createBus(getClass().getResource("cxf-client.xml").toString());
    // Get a token
    SecurityToken token = requestSecurityToken(SAML1_TOKEN_TYPE, SYMMETRIC_KEY_KEYTYPE, bus, DEFAULT_ADDRESS);
    assertTrue(token.getSecret() != null && token.getSecret().length > 0);
    assertEquals(SAML1_TOKEN_TYPE, token.getTokenType());
    assertNotNull(token.getToken());
    // Process the token
    List<WSSecurityEngineResult> results = processToken(token);
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertNotNull(assertion);
    assertTrue(assertion.getSaml1() != null && assertion.getSaml2() == null);
    assertTrue(assertion.isSigned());
    List<String> methods = assertion.getConfirmationMethods();
    String confirmMethod = null;
    if (methods != null && !methods.isEmpty()) {
        confirmMethod = methods.get(0);
    }
    assertTrue(OpenSAMLUtil.isMethodHolderOfKey(confirmMethod));
    SAMLKeyInfo subjectKeyInfo = assertion.getSubjectKeyInfo();
    assertNotNull(subjectKeyInfo.getSecret());
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) SAMLKeyInfo(org.apache.wss4j.common.saml.SAMLKeyInfo) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 32 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class STSRESTTest method validateSAMLToken.

private static SamlAssertionWrapper validateSAMLToken(Document assertionDoc) throws Exception {
    assertNotNull(assertionDoc);
    List<WSSecurityEngineResult> results = processToken(assertionDoc.getDocumentElement());
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertNotNull(assertion);
    assertTrue(assertion.isSigned());
    return assertion;
}
Also used : SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 33 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class STSRESTTest method validateSAMLSecurityTokenResponse.

private static Element validateSAMLSecurityTokenResponse(RequestSecurityTokenResponseType securityResponse, boolean saml2) throws Exception {
    RequestedSecurityTokenType requestedSecurityToken = getRequestedSecurityToken(securityResponse);
    // Process the token
    List<WSSecurityEngineResult> results = processToken((Element) requestedSecurityToken.getAny());
    assertTrue(results != null && results.size() == 1);
    SamlAssertionWrapper assertion = (SamlAssertionWrapper) results.get(0).get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
    assertNotNull(assertion);
    if (saml2) {
        assertTrue(assertion.getSaml2() != null && assertion.getSaml1() == null);
    } else {
        assertTrue(assertion.getSaml2() == null && assertion.getSaml1() != null);
    }
    assertTrue(assertion.isSigned());
    return (Element) results.get(0).get(WSSecurityEngineResult.TAG_TOKEN_ELEMENT);
}
Also used : JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) SamlAssertionWrapper(org.apache.wss4j.common.saml.SamlAssertionWrapper) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 34 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class AbstractBindingBuilder method addSignatureConfirmation.

protected void addSignatureConfirmation(List<WSEncryptionPart> sigParts) {
    Wss10 wss10 = getWss10();
    if (!(wss10 instanceof Wss11) || !((Wss11) wss10).isRequireSignatureConfirmation()) {
        // If we don't require sig confirmation simply go back :-)
        return;
    }
    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
    /*
         * loop over all results gathered by all handlers in the chain. For each
         * handler result get the various actions. After that loop we have all
         * signature results in the signatureActions list
         */
    List<WSSecurityEngineResult> signatureActions = new ArrayList<>();
    for (WSHandlerResult wshResult : results) {
        if (wshResult.getActionResults().containsKey(WSConstants.SIGN)) {
            signatureActions.addAll(wshResult.getActionResults().get(WSConstants.SIGN));
        }
        if (wshResult.getActionResults().containsKey(WSConstants.UT_SIGN)) {
            signatureActions.addAll(wshResult.getActionResults().get(WSConstants.UT_SIGN));
        }
    }
    sigConfList = new ArrayList<>();
    // prepare a SignatureConfirmation token
    WSSecSignatureConfirmation wsc = new WSSecSignatureConfirmation(secHeader);
    wsc.setIdAllocator(wssConfig.getIdAllocator());
    if (!signatureActions.isEmpty()) {
        for (WSSecurityEngineResult wsr : signatureActions) {
            byte[] sigVal = (byte[]) wsr.get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE);
            wsc.setSignatureValue(sigVal);
            wsc.prepare();
            addSupportingElement(wsc.getSignatureConfirmationElement());
            if (sigParts != null) {
                WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
                part.setElement(wsc.getSignatureConfirmationElement());
                sigParts.add(part);
                sigConfList.add(part);
            }
        }
    } else {
        // No Sig value
        wsc.prepare();
        addSupportingElement(wsc.getSignatureConfirmationElement());
        if (sigParts != null) {
            WSEncryptionPart part = new WSEncryptionPart(wsc.getId(), "Element");
            part.setElement(wsc.getSignatureConfirmationElement());
            sigParts.add(part);
            sigConfList.add(part);
        }
    }
    assertPolicy(new QName(wss10.getName().getNamespaceURI(), SPConstants.REQUIRE_SIGNATURE_CONFIRMATION));
}
Also used : WSEncryptionPart(org.apache.wss4j.common.WSEncryptionPart) QName(javax.xml.namespace.QName) WSSecSignatureConfirmation(org.apache.wss4j.dom.message.WSSecSignatureConfirmation) Wss11(org.apache.wss4j.policy.model.Wss11) ArrayList(java.util.ArrayList) Wss10(org.apache.wss4j.policy.model.Wss10) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Example 35 with WSSecurityEngineResult

use of org.apache.wss4j.dom.engine.WSSecurityEngineResult in project cxf by apache.

the class SymmetricBindingHandler method getUTDerivedKey.

private SecurityToken getUTDerivedKey() throws WSSecurityException {
    List<WSHandlerResult> results = CastUtils.cast((List<?>) message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS));
    for (WSHandlerResult rResult : results) {
        List<WSSecurityEngineResult> wsSecEngineResults = rResult.getActionResults().get(WSConstants.UT_NOPASSWORD);
        if (wsSecEngineResults != null) {
            for (WSSecurityEngineResult wser : wsSecEngineResults) {
                String utID = (String) wser.get(WSSecurityEngineResult.TAG_ID);
                if (utID == null || utID.length() == 0) {
                    utID = wssConfig.getIdAllocator().createId("UsernameToken-", null);
                }
                Instant created = Instant.now();
                Instant expires = created.plusSeconds(WSS4JUtils.getSecurityTokenLifetime(message) / 1000L);
                SecurityToken securityToken = new SecurityToken(utID, created, expires);
                byte[] secret = (byte[]) wser.get(WSSecurityEngineResult.TAG_SECRET);
                securityToken.setSecret(secret);
                return securityToken;
            }
        }
    }
    return null;
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Instant(java.time.Instant) WSHandlerResult(org.apache.wss4j.dom.handler.WSHandlerResult) WSSecurityEngineResult(org.apache.wss4j.dom.engine.WSSecurityEngineResult)

Aggregations

WSSecurityEngineResult (org.apache.wss4j.dom.engine.WSSecurityEngineResult)89 WSHandlerResult (org.apache.wss4j.dom.handler.WSHandlerResult)42 SamlAssertionWrapper (org.apache.wss4j.common.saml.SamlAssertionWrapper)35 Element (org.w3c.dom.Element)23 HashMap (java.util.HashMap)19 ArrayList (java.util.ArrayList)18 Test (org.junit.Test)18 QName (javax.xml.namespace.QName)17 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)16 X509Certificate (java.security.cert.X509Certificate)12 SOAPMessage (javax.xml.soap.SOAPMessage)12 SoapMessage (org.apache.cxf.binding.soap.SoapMessage)12 SecurityContext (org.apache.cxf.security.SecurityContext)12 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)12 Message (org.apache.cxf.message.Message)9 WSDataRef (org.apache.wss4j.dom.WSDataRef)9 Document (org.w3c.dom.Document)9 AbstractSecurityTest (org.apache.cxf.ws.security.wss4j.AbstractSecurityTest)8 BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)8 RequestData (org.apache.wss4j.dom.handler.RequestData)8