Examples with SupportingTokens org.apache.wss4j.policy.model.SupportingTokens used on opensource projects

Search in sources :

Example 1 with SupportingTokens

use of org.apache.wss4j.policy.model.SupportingTokens in project cxf by apache.

the class TransportBindingHandler method handleEndorsingSupportingTokens.

/**
 * Handle the endorsing supporting tokens
 */
private void handleEndorsingSupportingTokens() throws Exception {
    Collection<AssertionInfo> ais;
    ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens sgndSuppTokens = null;
        for (AssertionInfo ai : ais) {
            sgndSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (sgndSuppTokens != null) {
            for (AbstractToken token : sgndSuppTokens.getTokens()) {
                handleEndorsingToken(token, sgndSuppTokens);
            }
        }
    }
    ais = getAllAssertionsByLocalname(SPConstants.ENDORSING_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
    ais = getAllAssertionsByLocalname(SPConstants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
    ais = getAllAssertionsByLocalname(SPConstants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS);
    if (!ais.isEmpty()) {
        SupportingTokens endSuppTokens = null;
        for (AssertionInfo ai : ais) {
            endSuppTokens = (SupportingTokens) ai.getAssertion();
            ai.setAsserted(true);
        }
        if (endSuppTokens != null) {
            for (AbstractToken token : endSuppTokens.getTokens()) {
                handleEndorsingToken(token, endSuppTokens);
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken)

Example 2 with SupportingTokens

use of org.apache.wss4j.policy.model.SupportingTokens in project cxf by apache.

the class SignedTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                continue;
            }
            boolean processingFailed = false;
            if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken) {
                if (!processSCTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, false)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the signed supporting token requirement");
                continue;
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) SamlToken(org.apache.wss4j.policy.model.SamlToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken)

Example 3 with SupportingTokens

use of org.apache.wss4j.policy.model.SupportingTokens in project cxf by apache.

the class EndorsingTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
                assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
                continue;
            }
            DerivedKeys derivedKeys = token.getDerivedKeys();
            boolean derived = derivedKeys == DerivedKeys.RequireDerivedKeys;
            boolean processingFailed = false;
            if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
                if (!processSCTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the endorsing supporting token requirement");
                continue;
            }
            if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) DerivedKeys(org.apache.wss4j.policy.model.AbstractToken.DerivedKeys)

Example 4 with SupportingTokens

use of org.apache.wss4j.policy.model.SupportingTokens in project cxf by apache.

the class SignedEndorsingTokenPolicyValidator method validatePolicies.

/**
 * Validate policies.
 */
public void validatePolicies(PolicyValidatorParameters parameters, Collection<AssertionInfo> ais) {
    for (AssertionInfo ai : ais) {
        SupportingTokens binding = (SupportingTokens) ai.getAssertion();
        ai.setAsserted(true);
        setSignedParts(binding.getSignedParts());
        setEncryptedParts(binding.getEncryptedParts());
        setSignedElements(binding.getSignedElements());
        setEncryptedElements(binding.getEncryptedElements());
        List<AbstractToken> tokens = binding.getTokens();
        for (AbstractToken token : tokens) {
            if (!isTokenRequired(token, parameters.getMessage())) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
                assertSecurePartsIfTokenNotRequired(binding, parameters.getAssertionInfoMap());
                continue;
            }
            DerivedKeys derivedKeys = token.getDerivedKeys();
            boolean derived = derivedKeys == DerivedKeys.RequireDerivedKeys;
            boolean processingFailed = false;
            if (token instanceof KerberosToken) {
                if (!processKerberosTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SamlToken) {
                if (!processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof X509Token) {
                if (!processX509Tokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof KeyValueToken) {
                if (!processKeyValueTokens(parameters)) {
                    processingFailed = true;
                }
            } else if (token instanceof UsernameToken) {
                if (!processUsernameTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof SecurityContextToken || token instanceof SpnegoContextToken) {
                if (!processSCTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else if (token instanceof IssuedToken) {
                IssuedToken issuedToken = (IssuedToken) token;
                if (isSamlTokenRequiredForIssuedToken(issuedToken) && !processSAMLTokens(parameters, derived)) {
                    processingFailed = true;
                }
            } else {
                processingFailed = true;
            }
            if (processingFailed) {
                ai.setNotAsserted("The received token does not match the signed endorsing supporting token requirement");
                continue;
            }
            if (derived && parameters.getResults().getActionResults().containsKey(WSConstants.DKT)) {
                assertDerivedKeys(token, parameters.getAssertionInfoMap());
            }
        }
    }
}
Also used : SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) SamlToken(org.apache.wss4j.policy.model.SamlToken) KerberosToken(org.apache.wss4j.policy.model.KerberosToken) IssuedToken(org.apache.wss4j.policy.model.IssuedToken) UsernameToken(org.apache.wss4j.policy.model.UsernameToken) SpnegoContextToken(org.apache.wss4j.policy.model.SpnegoContextToken) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) X509Token(org.apache.wss4j.policy.model.X509Token) SecurityContextToken(org.apache.wss4j.policy.model.SecurityContextToken) KeyValueToken(org.apache.wss4j.policy.model.KeyValueToken) DerivedKeys(org.apache.wss4j.policy.model.AbstractToken.DerivedKeys)

Example 5 with SupportingTokens

use of org.apache.wss4j.policy.model.SupportingTokens in project cxf by apache.

the class AbstractStaxBindingHandler method handleSupportingTokens.

protected Map<AbstractToken, SecurePart> handleSupportingTokens(Collection<AssertionInfo> tokenAssertions, boolean signed, boolean endorse) throws Exception {
    if (tokenAssertions != null && !tokenAssertions.isEmpty()) {
        Map<AbstractToken, SecurePart> ret = new HashMap<>();
        for (AssertionInfo assertionInfo : tokenAssertions) {
            if (assertionInfo.getAssertion() instanceof SupportingTokens) {
                assertionInfo.setAsserted(true);
                handleSupportingTokens((SupportingTokens) assertionInfo.getAssertion(), signed, endorse, ret);
            }
        }
        return ret;
    }
    return Collections.emptyMap();
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) SupportingTokens(org.apache.wss4j.policy.model.SupportingTokens) AssertionInfo(org.apache.cxf.ws.policy.AssertionInfo) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) HashMap(java.util.HashMap)

Aggregations

SupportingTokens (org.apache.wss4j.policy.model.SupportingTokens)16 AssertionInfo (org.apache.cxf.ws.policy.AssertionInfo)14 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)11 SamlToken (org.apache.wss4j.policy.model.SamlToken)9 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)8 KerberosToken (org.apache.wss4j.policy.model.KerberosToken)8 KeyValueToken (org.apache.wss4j.policy.model.KeyValueToken)8 SecurityContextToken (org.apache.wss4j.policy.model.SecurityContextToken)8 UsernameToken (org.apache.wss4j.policy.model.UsernameToken)8 X509Token (org.apache.wss4j.policy.model.X509Token)8 SpnegoContextToken (org.apache.wss4j.policy.model.SpnegoContextToken)7 DerivedKeys (org.apache.wss4j.policy.model.AbstractToken.DerivedKeys)4 AbstractSecurityAssertion (org.apache.wss4j.policy.model.AbstractSecurityAssertion)2 ArrayList (java.util.ArrayList)1 HashMap (java.util.HashMap)1 Fault (org.apache.cxf.interceptor.Fault)1 All (org.apache.neethi.All)1 ExactlyOne (org.apache.neethi.ExactlyOne)1 Policy (org.apache.neethi.Policy)1 AlgorithmSuite (org.apache.wss4j.common.crypto.AlgorithmSuite)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial