Example 16 with SecurePart
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class StaxToDOMRoundTripTest method testEncryptUsernameToken.
@Test
public void testEncryptUsernameToken() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPT);
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
WSSSecurityProperties properties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
actions.add(WSSConstants.USERNAMETOKEN);
actions.add(XMLSecurityConstants.ENCRYPT);
properties.setActions(actions);
properties.addEncryptionPart(new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element));
properties.setEncryptionUser("myalias");
properties.setTokenUser("username");
properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128);
Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
properties.setEncryptionCryptoProperties(cryptoProperties);
properties.setCallbackHandler(new TestPwdCallback());
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
Also used :
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
HashMap(java.util.HashMap)
QName(javax.xml.namespace.QName)
ArrayList(java.util.ArrayList)
Service(org.apache.cxf.service.Service)
Properties(java.util.Properties)
WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties)
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor)
LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor)
Client(org.apache.cxf.endpoint.Client)
Test(org.junit.Test)
Example 17 with SecurePart
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addIssuedToken.
protected SecurePart addIssuedToken(AbstractToken token, SecurityToken secToken, boolean signed, boolean endorsing) {
assertToken(token);
if (isTokenRequired(token.getIncludeTokenType())) {
final Element el = secToken.getToken();
if (el != null && "Assertion".equals(el.getLocalName()) && (WSSConstants.NS_SAML.equals(el.getNamespaceURI()) || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
if (endorsing) {
actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
}
properties.addAction(actionToPerform);
// Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
final SubjectBean subjectBean;
if (signed || endorsing) {
KeyInfoBean keyInfo = new KeyInfoBean();
keyInfo.setCertificate(secToken.getX509Certificate());
keyInfo.setEphemeralKey(secToken.getSecret());
subjectBean = new SubjectBean("", "", "");
subjectBean.setKeyInfo(keyInfo);
} else {
subjectBean = null;
}
CallbackHandler callbackHandler = new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
SAMLCallback samlCallback = (SAMLCallback) callback;
samlCallback.setAssertionElement(el);
samlCallback.setSubject(subjectBean);
if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
samlCallback.setSamlVersion(Version.SAML_11);
} else {
samlCallback.setSamlVersion(Version.SAML_20);
}
}
}
}
};
properties.setSamlCallbackHandler(callbackHandler);
QName qname = WSSConstants.TAG_SAML2_ASSERTION;
if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
qname = WSSConstants.TAG_SAML_ASSERTION;
}
return new SecurePart(qname, Modifier.Element);
} else if (isRequestor()) {
// An Encrypted Token...just include it as is
properties.addAction(WSSConstants.CUSTOM_TOKEN);
}
}
return null;
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean)
KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Callback(javax.security.auth.callback.Callback)
QName(javax.xml.namespace.QName)
Element(org.w3c.dom.Element)
SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)
Example 18 with SecurePart
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addSignatureParts.
protected void addSignatureParts(Map<AbstractToken, SecurePart> tokenMap) {
if (tokenMap != null) {
for (Map.Entry<AbstractToken, SecurePart> entry : tokenMap.entrySet()) {
SecurePart part = entry.getValue();
QName name = part.getName();
List<WSSConstants.Action> actionList = properties.getActions();
// Don't add a signed SAML Token as a part, as it will be automatically signed by WSS4J
if (!((WSSConstants.TAG_SAML_ASSERTION.equals(name) || WSSConstants.TAG_SAML2_ASSERTION.equals(name)) && actionList != null && actionList.contains(WSSConstants.SAML_TOKEN_SIGNED))) {
properties.addSignaturePart(part);
}
}
}
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
AbstractToken(org.apache.wss4j.policy.model.AbstractToken)
QName(javax.xml.namespace.QName)
Map(java.util.Map)
HashMap(java.util.HashMap)
AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)
Example 19 with SecurePart
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addUsernameToken.
protected SecurePart addUsernameToken(UsernameToken usernameToken) {
assertToken(usernameToken);
IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
return null;
}
// Action
properties.addAction(WSSConstants.USERNAMETOKEN);
// Password Type
PasswordType passwordType = usernameToken.getPasswordType();
if (passwordType == PasswordType.HashPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
} else if (passwordType == PasswordType.NoPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
} else {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
}
// Nonce + Created
if (usernameToken.isNonce()) {
properties.setAddUsernameTokenNonce(true);
}
if (usernameToken.isCreated()) {
properties.setAddUsernameTokenCreated(true);
}
// Check if a CallbackHandler was specified
if (properties.getCallbackHandler() == null) {
String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (password != null) {
String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
properties.setCallbackHandler(callbackHandler);
}
}
return new SecurePart(WSSConstants.TAG_WSSE_USERNAME_TOKEN, Modifier.Element);
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType)
UsernameTokenPasswordType(org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType)
PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)
Example 20 with SecurePart
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addSamlToken.
protected SecurePart addSamlToken(SamlToken token, boolean signed, boolean endorsing) throws WSSecurityException {
assertToken(token);
IncludeTokenType includeToken = token.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
return null;
}
//
// Get the SAML CallbackHandler
//
Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
try {
CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
if (handler == null) {
unassertPolicy(token, "No SAML CallbackHandler available");
return null;
}
properties.setSamlCallbackHandler(handler);
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
}
// Action
WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
if (signed || endorsing) {
actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
}
properties.addAction(actionToPerform);
QName qname = WSSConstants.TAG_SAML2_ASSERTION;
SamlTokenType tokenType = token.getSamlTokenType();
if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
qname = WSSConstants.TAG_SAML_ASSERTION;
}
return new SecurePart(qname, Modifier.Element);
}
Also used :
SecurePart(org.apache.xml.security.stax.ext.SecurePart)
SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType)
CallbackHandler(javax.security.auth.callback.CallbackHandler)
WSSConstants(org.apache.wss4j.stax.ext.WSSConstants)
QName(javax.xml.namespace.QName)
IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
SOAPException(javax.xml.soap.SOAPException)
UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException)
IOException(java.io.IOException)
Aggregations
SecurePart (org.apache.xml.security.stax.ext.SecurePart)30
QName (javax.xml.namespace.QName)26
WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)19
WSSConstants (org.apache.wss4j.stax.ext.WSSConstants)18
ArrayList (java.util.ArrayList)17
Properties (java.util.Properties)12
Client (org.apache.cxf.endpoint.Client)12
LoggingInInterceptor (org.apache.cxf.ext.logging.LoggingInInterceptor)12
LoggingOutInterceptor (org.apache.cxf.ext.logging.LoggingOutInterceptor)12
Service (org.apache.cxf.service.Service)12
Test (org.junit.Test)12
AbstractToken (org.apache.wss4j.policy.model.AbstractToken)8
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7
HashMap (java.util.HashMap)6
IssuedToken (org.apache.wss4j.policy.model.IssuedToken)6
SOAPException (javax.xml.soap.SOAPException)5
SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5
Fault (org.apache.cxf.interceptor.Fault)4
AbstractTokenWrapper (org.apache.wss4j.policy.model.AbstractTokenWrapper)4
SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)4
