Search in sources :

Example 1 with VideographerAuthenticationToken

use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.

the class VideographerValidator method getVideographerTokenFromTarget.

private VideographerAuthenticationToken getVideographerTokenFromTarget(ReceivedToken validateTarget) {
    LOGGER.debug("get videographer token from target: {}", validateTarget);
    Object token = validateTarget.getToken();
    if ((token instanceof BinarySecurityTokenType) && VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
        String credential = ((BinarySecurityTokenType) token).getValue();
        try {
            BaseAuthenticationToken base = VideographerAuthenticationToken.parse(credential, true);
            return new VideographerAuthenticationToken(base.getRealm(), VideographerPrincipal.parseAddressFromName(base.getPrincipal().toString()));
        } catch (WSSecurityException e) {
            LOGGER.debug("Unable to parse {} from encodedToken.", VideographerAuthenticationToken.class.getSimpleName(), e);
        }
    }
    return null;
}
Also used : BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken) VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 2 with VideographerAuthenticationToken

use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.

the class RawUdpDataToMTSPacketDecoder method getSecuritySubject.

private Subject getSecuritySubject(String ipAddress) throws SecurityServiceException {
    Subject subject = null;
    VideographerAuthenticationToken token = new VideographerAuthenticationToken(BaseAuthenticationToken.DEFAULT_REALM, ipAddress);
    LOGGER.debug("Getting new videographer user token for ip address {}: token={}", ipAddress, token);
    SecurityManager securityManager = getSecurityManager();
    if (securityManager != null) {
        subject = securityManager.getSubject(token);
    }
    return subject;
}
Also used : SecurityManager(ddf.security.service.SecurityManager) VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken) Subject(ddf.security.Subject)

Example 3 with VideographerAuthenticationToken

use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.

the class VideographerValidator method validateToken.

@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
    TokenValidatorResponse response = new TokenValidatorResponse();
    ReceivedToken validateTarget = tokenParameters.getToken();
    validateTarget.setState(ReceivedToken.STATE.INVALID);
    VideographerAuthenticationToken videographerToken = getVideographerTokenFromTarget(validateTarget);
    response.setToken(validateTarget);
    if (videographerToken != null) {
        response.setPrincipal(new VideographerPrincipal(videographerToken.getIpAddress()));
        if (videographerToken.getRealm() != null) {
            if ((supportedRealms.contains(videographerToken.getRealm()) || WILDCARD.equals(videographerToken.getRealm())) && videographerToken.getCredentials().equals(VideographerAuthenticationToken.VIDEOGRAPHER_CREDENTIALS) && validIpAddress(videographerToken.getIpAddress())) {
                validateTarget.setState(ReceivedToken.STATE.VALID);
                validateTarget.setPrincipal(new VideographerPrincipal(videographerToken.getIpAddress()));
            }
        } else if (videographerToken.getCredentials().equals(VideographerAuthenticationToken.VIDEOGRAPHER_CREDENTIALS) && validIpAddress(videographerToken.getIpAddress())) {
            validateTarget.setState(ReceivedToken.STATE.VALID);
            validateTarget.setPrincipal(new VideographerPrincipal(videographerToken.getIpAddress()));
        }
    }
    return response;
}
Also used : VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) VideographerPrincipal(org.codice.alliance.video.security.principal.videographer.VideographerPrincipal)

Example 4 with VideographerAuthenticationToken

use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.

the class VideographerValidatorTest method setup.

@Before
public void setup() {
    validator = new VideographerValidator();
    validator.setSupportedRealms(Collections.singletonList("DDF"));
    VideographerAuthenticationToken videographerAuthenticationToken = new VideographerAuthenticationToken("DDF", "127.0.0.1");
    VideographerAuthenticationToken videographerAuthenticationTokenAnyRealm = new VideographerAuthenticationToken("*", "127.0.0.1");
    VideographerAuthenticationToken videographerAuthenticationTokenIpv6 = new VideographerAuthenticationToken("*", "0:0:0:0:0:0:0:1");
    VideographerAuthenticationToken videographerAuthenticationTokenBadIp = new VideographerAuthenticationToken("*", "123.abc.45.def");
    VideographerAuthenticationToken videographerAuthenticationTokenIpv6Reachability = new VideographerAuthenticationToken("*", "0:0:0:0:0:0:0:1%4");
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
    binarySecurityTokenType.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenType.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
    binarySecurityTokenType.setValue(videographerAuthenticationToken.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType);
    BinarySecurityTokenType binarySecurityTokenType2 = new BinarySecurityTokenType();
    binarySecurityTokenType2.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
    binarySecurityTokenType2.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenType2.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
    binarySecurityTokenType2.setValue(Base64.getEncoder().encodeToString("NotVideographer".getBytes()));
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement2 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType2);
    BinarySecurityTokenType binarySecurityTokenType3 = new BinarySecurityTokenType();
    binarySecurityTokenType3.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
    binarySecurityTokenType3.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenType3.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
    binarySecurityTokenType3.setValue(videographerAuthenticationTokenAnyRealm.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement3 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType3);
    BinarySecurityTokenType binarySecurityTokenType4 = new BinarySecurityTokenType();
    binarySecurityTokenType4.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
    binarySecurityTokenType4.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenType4.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
    binarySecurityTokenType4.setValue(videographerAuthenticationTokenIpv6.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement4 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType4);
    BinarySecurityTokenType binarySecurityTokenType5 = new BinarySecurityTokenType();
    binarySecurityTokenType5.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
    binarySecurityTokenType5.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenType5.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
    binarySecurityTokenType5.setValue(videographerAuthenticationTokenBadIp.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement5 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType5);
    BinarySecurityTokenType binarySecurityTokenTypeIpv6Reachability = new BinarySecurityTokenType();
    binarySecurityTokenTypeIpv6Reachability.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
    binarySecurityTokenTypeIpv6Reachability.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
    binarySecurityTokenTypeIpv6Reachability.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
    binarySecurityTokenTypeIpv6Reachability.setValue(videographerAuthenticationTokenIpv6Reachability.getEncodedCredentials());
    JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6Reachability = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6Reachability);
    receivedToken = new ReceivedToken(binarySecurityTokenElement);
    receivedAnyRealmToken = new ReceivedToken(binarySecurityTokenElement3);
    receivedBadToken = new ReceivedToken(binarySecurityTokenElement2);
    receivedTokenIpv6 = new ReceivedToken(binarySecurityTokenElement4);
    receivedTokenBadIp = new ReceivedToken(binarySecurityTokenElement5);
    receivedTokenIpv6Reachability = new ReceivedToken(binarySecurityTokenElementIpv6Reachability);
    parameters = new TokenValidatorParameters();
    parameters.setToken(receivedToken);
}
Also used : TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) QName(javax.xml.namespace.QName) VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken) JAXBElement(javax.xml.bind.JAXBElement) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Before(org.junit.Before)

Aggregations

VideographerAuthenticationToken (org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken)4 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)2 BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)2 Subject (ddf.security.Subject)1 SecurityManager (ddf.security.service.SecurityManager)1 JAXBElement (javax.xml.bind.JAXBElement)1 QName (javax.xml.namespace.QName)1 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)1 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)1 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1 VideographerPrincipal (org.codice.alliance.video.security.principal.videographer.VideographerPrincipal)1 BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)1 Before (org.junit.Before)1