Search in sources :

Example 16 with SecurePart

use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.

the class StaxToDOMRoundTripTest method testEncryptUsernameToken.

@Test
public void testEncryptUsernameToken() throws Exception {
    // Create + configure service
    Service service = createService();
    Map<String, Object> inProperties = new HashMap<>();
    inProperties.put(ConfigurationConstants.ACTION, ConfigurationConstants.USERNAME_TOKEN + " " + ConfigurationConstants.ENCRYPT);
    inProperties.put(ConfigurationConstants.PW_CALLBACK_REF, new TestPwdCallback());
    inProperties.put(ConfigurationConstants.DEC_PROP_FILE, "insecurity.properties");
    WSS4JInInterceptor inInterceptor = new WSS4JInInterceptor(inProperties);
    service.getInInterceptors().add(inInterceptor);
    // Create + configure client
    Echo echo = createClientProxy();
    Client client = ClientProxy.getClient(echo);
    client.getInInterceptors().add(new LoggingInInterceptor());
    client.getOutInterceptors().add(new LoggingOutInterceptor());
    WSSSecurityProperties properties = new WSSSecurityProperties();
    List<WSSConstants.Action> actions = new ArrayList<WSSConstants.Action>();
    actions.add(WSSConstants.USERNAMETOKEN);
    actions.add(XMLSecurityConstants.ENCRYPT);
    properties.setActions(actions);
    properties.addEncryptionPart(new SecurePart(new QName(WSSConstants.NS_WSSE10, "UsernameToken"), SecurePart.Modifier.Element));
    properties.setEncryptionUser("myalias");
    properties.setTokenUser("username");
    properties.setEncryptionSymAlgorithm(XMLSecurityConstants.NS_XENC_AES128);
    Properties cryptoProperties = CryptoFactory.getProperties("outsecurity.properties", this.getClass().getClassLoader());
    properties.setEncryptionCryptoProperties(cryptoProperties);
    properties.setCallbackHandler(new TestPwdCallback());
    WSS4JStaxOutInterceptor ohandler = new WSS4JStaxOutInterceptor(properties);
    client.getOutInterceptors().add(ohandler);
    assertEquals("test", echo.echo("test"));
}
Also used : WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) HashMap(java.util.HashMap) QName(javax.xml.namespace.QName) ArrayList(java.util.ArrayList) Service(org.apache.cxf.service.Service) Properties(java.util.Properties) WSSSecurityProperties(org.apache.wss4j.stax.ext.WSSSecurityProperties) SecurePart(org.apache.xml.security.stax.ext.SecurePart) LoggingOutInterceptor(org.apache.cxf.ext.logging.LoggingOutInterceptor) LoggingInInterceptor(org.apache.cxf.ext.logging.LoggingInInterceptor) Client(org.apache.cxf.endpoint.Client) Test(org.junit.Test)

Example 17 with SecurePart

use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.

the class AbstractStaxBindingHandler method addIssuedToken.

protected SecurePart addIssuedToken(AbstractToken token, SecurityToken secToken, boolean signed, boolean endorsing) {
    assertToken(token);
    if (isTokenRequired(token.getIncludeTokenType())) {
        final Element el = secToken.getToken();
        if (el != null && "Assertion".equals(el.getLocalName()) && (WSSConstants.NS_SAML.equals(el.getNamespaceURI()) || WSSConstants.NS_SAML2.equals(el.getNamespaceURI()))) {
            WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
            if (endorsing) {
                actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
            }
            properties.addAction(actionToPerform);
            // Mock up a Subject so that the SAMLTokenOutProcessor can get access to the certificate
            final SubjectBean subjectBean;
            if (signed || endorsing) {
                KeyInfoBean keyInfo = new KeyInfoBean();
                keyInfo.setCertificate(secToken.getX509Certificate());
                keyInfo.setEphemeralKey(secToken.getSecret());
                subjectBean = new SubjectBean("", "", "");
                subjectBean.setKeyInfo(keyInfo);
            } else {
                subjectBean = null;
            }
            CallbackHandler callbackHandler = new CallbackHandler() {

                @Override
                public void handle(Callback[] callbacks) {
                    for (Callback callback : callbacks) {
                        if (callback instanceof SAMLCallback) {
                            SAMLCallback samlCallback = (SAMLCallback) callback;
                            samlCallback.setAssertionElement(el);
                            samlCallback.setSubject(subjectBean);
                            if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
                                samlCallback.setSamlVersion(Version.SAML_11);
                            } else {
                                samlCallback.setSamlVersion(Version.SAML_20);
                            }
                        }
                    }
                }
            };
            properties.setSamlCallbackHandler(callbackHandler);
            QName qname = WSSConstants.TAG_SAML2_ASSERTION;
            if (WSS4JConstants.SAML_NS.equals(el.getNamespaceURI())) {
                qname = WSSConstants.TAG_SAML_ASSERTION;
            }
            return new SecurePart(qname, Modifier.Element);
        } else if (isRequestor()) {
            // An Encrypted Token...just include it as is
            properties.addAction(WSSConstants.CUSTOM_TOKEN);
        }
    }
    return null;
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) SubjectBean(org.apache.wss4j.common.saml.bean.SubjectBean) KeyInfoBean(org.apache.wss4j.common.saml.bean.KeyInfoBean) CallbackHandler(javax.security.auth.callback.CallbackHandler) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) WSPasswordCallback(org.apache.wss4j.common.ext.WSPasswordCallback) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback) Callback(javax.security.auth.callback.Callback) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) SAMLCallback(org.apache.wss4j.common.saml.SAMLCallback)

Example 18 with SecurePart

use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.

the class AbstractStaxBindingHandler method addSignatureParts.

protected void addSignatureParts(Map<AbstractToken, SecurePart> tokenMap) {
    if (tokenMap != null) {
        for (Map.Entry<AbstractToken, SecurePart> entry : tokenMap.entrySet()) {
            SecurePart part = entry.getValue();
            QName name = part.getName();
            List<WSSConstants.Action> actionList = properties.getActions();
            // Don't add a signed SAML Token as a part, as it will be automatically signed by WSS4J
            if (!((WSSConstants.TAG_SAML_ASSERTION.equals(name) || WSSConstants.TAG_SAML2_ASSERTION.equals(name)) && actionList != null && actionList.contains(WSSConstants.SAML_TOKEN_SIGNED))) {
                properties.addSignaturePart(part);
            }
        }
    }
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) AbstractToken(org.apache.wss4j.policy.model.AbstractToken) QName(javax.xml.namespace.QName) Map(java.util.Map) HashMap(java.util.HashMap) AssertionInfoMap(org.apache.cxf.ws.policy.AssertionInfoMap)

Example 19 with SecurePart

use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.

the class AbstractStaxBindingHandler method addUsernameToken.

protected SecurePart addUsernameToken(UsernameToken usernameToken) {
    assertToken(usernameToken);
    IncludeTokenType includeToken = usernameToken.getIncludeTokenType();
    if (!isTokenRequired(includeToken)) {
        return null;
    }
    // Action
    properties.addAction(WSSConstants.USERNAMETOKEN);
    // Password Type
    PasswordType passwordType = usernameToken.getPasswordType();
    if (passwordType == PasswordType.HashPassword) {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_DIGEST);
    } else if (passwordType == PasswordType.NoPassword) {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_NONE);
    } else {
        properties.setUsernameTokenPasswordType(UsernameTokenPasswordType.PASSWORD_TEXT);
    }
    // Nonce + Created
    if (usernameToken.isNonce()) {
        properties.setAddUsernameTokenNonce(true);
    }
    if (usernameToken.isCreated()) {
        properties.setAddUsernameTokenCreated(true);
    }
    // Check if a CallbackHandler was specified
    if (properties.getCallbackHandler() == null) {
        String password = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
        if (password != null) {
            String username = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
            UTCallbackHandler callbackHandler = new UTCallbackHandler(username, password);
            properties.setCallbackHandler(callbackHandler);
        }
    }
    return new SecurePart(WSSConstants.TAG_WSSE_USERNAME_TOKEN, Modifier.Element);
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType) UsernameTokenPasswordType(org.apache.wss4j.stax.ext.WSSConstants.UsernameTokenPasswordType) PasswordType(org.apache.wss4j.policy.model.UsernameToken.PasswordType)

Example 20 with SecurePart

use of org.apache.xml.security.stax.ext.SecurePart in project cxf by apache.

the class AbstractStaxBindingHandler method addSamlToken.

protected SecurePart addSamlToken(SamlToken token, boolean signed, boolean endorsing) throws WSSecurityException {
    assertToken(token);
    IncludeTokenType includeToken = token.getIncludeTokenType();
    if (!isTokenRequired(includeToken)) {
        return null;
    }
    // 
    // Get the SAML CallbackHandler
    // 
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SAML_CALLBACK_HANDLER, message);
    try {
        CallbackHandler handler = SecurityUtils.getCallbackHandler(o);
        if (handler == null) {
            unassertPolicy(token, "No SAML CallbackHandler available");
            return null;
        }
        properties.setSamlCallbackHandler(handler);
    } catch (Exception ex) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, ex);
    }
    // Action
    WSSConstants.Action actionToPerform = WSSConstants.SAML_TOKEN_UNSIGNED;
    if (signed || endorsing) {
        actionToPerform = WSSConstants.SAML_TOKEN_SIGNED;
    }
    properties.addAction(actionToPerform);
    QName qname = WSSConstants.TAG_SAML2_ASSERTION;
    SamlTokenType tokenType = token.getSamlTokenType();
    if (tokenType == SamlTokenType.WssSamlV11Token10 || tokenType == SamlTokenType.WssSamlV11Token11) {
        qname = WSSConstants.TAG_SAML_ASSERTION;
    }
    return new SecurePart(qname, Modifier.Element);
}
Also used : SecurePart(org.apache.xml.security.stax.ext.SecurePart) SamlTokenType(org.apache.wss4j.policy.model.SamlToken.SamlTokenType) CallbackHandler(javax.security.auth.callback.CallbackHandler) WSSConstants(org.apache.wss4j.stax.ext.WSSConstants) QName(javax.xml.namespace.QName) IncludeTokenType(org.apache.wss4j.policy.SPConstants.IncludeTokenType) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) SOAPException(javax.xml.soap.SOAPException) UnsupportedCallbackException(javax.security.auth.callback.UnsupportedCallbackException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLSecurityException(org.apache.xml.security.exceptions.XMLSecurityException) IOException(java.io.IOException)

Aggregations

SecurePart (org.apache.xml.security.stax.ext.SecurePart)30 QName (javax.xml.namespace.QName)26 WSSSecurityProperties (org.apache.wss4j.stax.ext.WSSSecurityProperties)19 WSSConstants (org.apache.wss4j.stax.ext.WSSConstants)18 ArrayList (java.util.ArrayList)17 Properties (java.util.Properties)12 Client (org.apache.cxf.endpoint.Client)12 LoggingInInterceptor (org.apache.cxf.ext.logging.LoggingInInterceptor)12 LoggingOutInterceptor (org.apache.cxf.ext.logging.LoggingOutInterceptor)12 Service (org.apache.cxf.service.Service)12 Test (org.junit.Test)12 AbstractToken (org.apache.wss4j.policy.model.AbstractToken)8 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)7 HashMap (java.util.HashMap)6 IssuedToken (org.apache.wss4j.policy.model.IssuedToken)6 SOAPException (javax.xml.soap.SOAPException)5 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)5 Fault (org.apache.cxf.interceptor.Fault)4 AbstractTokenWrapper (org.apache.wss4j.policy.model.AbstractTokenWrapper)4 SecureConversationToken (org.apache.wss4j.policy.model.SecureConversationToken)4