use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class StaxToDOMRoundTripTest method testEncryptUsernameToken.
@Test
public void testEncryptUsernameToken() throws Exception {
// Create + configure service
Service service = createService();
Map<String, Object> inProperties = new HashMap<>();
inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPT);
inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
service.getInInterceptors().add(inInterceptor);
// Create + configure client
Echo echo = createClientProxy();
Client client = ClientProxy.getClient(echo);
client.getInInterceptors().add(new LoggingInInterceptor());
client.getOutInterceptors().add(new LoggingOutInterceptor());
WSSSecurityProperties properties = new WSSSecurityProperties();
List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
actions.add(WSSConstants.USERNAMETOKEN);
actions.add(XMLSecurityConstants.ENCRYPT);
properties.setActions(actions);
properties.addEncryptionPart(new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element));
properties.setEncryptionUser("myalias");
properties.setTokenUser("username");
properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128);
Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
properties.setEncryptionCryptoProperties(cryptoProperties);
properties.setCallbackHandler(new TestPwdCallback());
WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
client.getOutInterceptors().add(ohandler);
assertEquals("test", echo.echo("test"));
}
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addIssuedToken.
protected SecurePart addIssuedToken(AbstractToken token, SecurityToken secToken, boolean signed, boolean endorsing) {
assertToken(token);
if (isTokenRequired(token.getIncludeTokenType())) {
final Element el = secToken.getToken();
if (el != null && "Assertion".equals(el.getLocalName()) && (WSSConstants.NS_SAML.equals(el.getNamespaceURI()) || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
if (endorsing) {
actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
}
properties.addAction(actionToPerform);
// Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
final SubjectBean subjectBean;
if (signed || endorsing) {
KeyInfoBean keyInfo = new KeyInfoBean();
keyInfo.setCertificate(secToken.getX509Certificate());
keyInfo.setEphemeralKey(secToken.getSecret());
subjectBean = new SubjectBean("", "", "");
subjectBean.setKeyInfo(keyInfo);
} else {
subjectBean = null;
}
CallbackHandler callbackHandler = new CallbackHandler() {
@Override
public void handle(Callback[] callbacks) {
for (Callback callback : callbacks) {
if (callback instanceof SAMLCallback) {
SAMLCallback samlCallback = (SAMLCallback) callback;
samlCallback.setAssertionElement(el);
samlCallback.setSubject(subjectBean);
if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
samlCallback.setSamlVersion(Version.SAML_11);
} else {
samlCallback.setSamlVersion(Version.SAML_20);
}
}
}
}
};
properties.setSamlCallbackHandler(callbackHandler);
QName qname = WSSConstants.TAG_SAML2_ASSERTION;
if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
qname = WSSConstants.TAG_SAML_ASSERTION;
}
return new SecurePart(qname, Modifier.Element);
} else if (isRequestor()) {
// An Encrypted Token...just include it as is
properties.addAction(WSSConstants.CUSTOM_TOKEN);
}
}
return null;
}
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addSignatureParts.
protected void addSignatureParts(Map<AbstractToken, SecurePart> tokenMap) {
if (tokenMap != null) {
for (Map.Entry<AbstractToken, SecurePart> entry : tokenMap.entrySet()) {
SecurePart part = entry.getValue();
QName name = part.getName();
List<WSSConstants.Action> actionList = properties.getActions();
// Don't add a signed SAML Token as a part, as it will be automatically signed by WSS4J
if (!((WSSConstants.TAG_SAML_ASSERTION.equals(name) || WSSConstants.TAG_SAML2_ASSERTION.equals(name)) && actionList != null && actionList.contains(WSSConstants.SAML_TOKEN_SIGNED))) {
properties.addSignaturePart(part);
}
}
}
}
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addUsernameToken.
protected SecurePart addUsernameToken(UsernameToken usernameToken) {
assertToken(usernameToken);
IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
return null;
}
// Action
properties.addAction(WSSConstants.USERNAMETOKEN);
// Password Type
PasswordType passwordType = usernameToken.getPasswordType();
if (passwordType == PasswordType.HashPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
} else if (passwordType == PasswordType.NoPassword) {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
} else {
properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
}
// Nonce + Created
if (usernameToken.isNonce()) {
properties.setAddUsernameTokenNonce(true);
}
if (usernameToken.isCreated()) {
properties.setAddUsernameTokenCreated(true);
}
// Check if a CallbackHandler was specified
if (properties.getCallbackHandler() == null) {
String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
if (password != null) {
String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
properties.setCallbackHandler(callbackHandler);
}
}
return new SecurePart(WSSConstants.TAG_WSSE_USERNAME_TOKEN, Modifier.Element);
}
use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.
the class AbstractStaxBindingHandler method addSamlToken.
protected SecurePart addSamlToken(SamlToken token, boolean signed, boolean endorsing) throws WSSecurityException {
assertToken(token);
IncludeTokenType includeToken = token.getIncludeTokenType();
if (!isTokenRequired(includeToken)) {
return null;
}
//
// Get the SAML CallbackHandler
//
Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
try {
CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
if (handler == null) {
unassertPolicy(token, "No SAML CallbackHandler available");
return null;
}
properties.setSamlCallbackHandler(handler);
} catch (Exception ex) {
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
}
// Action
WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
if (signed || endorsing) {
actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
}
properties.addAction(actionToPerform);
QName qname = WSSConstants.TAG_SAML2_ASSERTION;
SamlTokenType tokenType = token.getSamlTokenType();
if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
qname = WSSConstants.TAG_SAML_ASSERTION;
}
return new SecurePart(qname, Modifier.Element);
}
Aggregations