Example 1 with VideographerAuthenticationToken
use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.
the class VideographerValidator method getVideographerTokenFromTarget.
private VideographerAuthenticationToken getVideographerTokenFromTarget(ReceivedToken validateTarget) {
LOGGER.debug("get videographer token from target: {}", validateTarget);
Object token = validateTarget.getToken();
if ((token instanceof BinarySecurityTokenType) && VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
String credential = ((BinarySecurityTokenType) token).getValue();
try {
BaseAuthenticationToken base = VideographerAuthenticationToken.parse(credential, true);
return new VideographerAuthenticationToken(base.getRealm(), VideographerPrincipal.parseAddressFromName(base.getPrincipal().toString()));
} catch (WSSecurityException e) {
LOGGER.debug("Unable to parse {} from encodedToken.", VideographerAuthenticationToken.class.getSimpleName(), e);
}
}
return null;
}
Also used :
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Example 2 with VideographerAuthenticationToken
use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.
the class RawUdpDataToMTSPacketDecoder method getSecuritySubject.
private Subject getSecuritySubject(String ipAddress) throws SecurityServiceException {
Subject subject = null;
VideographerAuthenticationToken token = new VideographerAuthenticationToken(BaseAuthenticationToken.DEFAULT_REALM, ipAddress);
LOGGER.debug("Getting new videographer user token for ip address {}: token={}", ipAddress, token);
SecurityManager securityManager = getSecurityManager();
if (securityManager != null) {
subject = securityManager.getSubject(token);
}
return subject;
}
Also used :
SecurityManager(ddf.security.service.SecurityManager)
VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken)
Subject(ddf.security.Subject)
Example 3 with VideographerAuthenticationToken
use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.
the class VideographerValidator method validateToken.
@Override
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(ReceivedToken.STATE.INVALID);
VideographerAuthenticationToken videographerToken = getVideographerTokenFromTarget(validateTarget);
response.setToken(validateTarget);
if (videographerToken != null) {
response.setPrincipal(new VideographerPrincipal(videographerToken.getIpAddress()));
if (videographerToken.getRealm() != null) {
if ((supportedRealms.contains(videographerToken.getRealm()) || WILDCARD.equals(videographerToken.getRealm())) && videographerToken.getCredentials().equals(VideographerAuthenticationToken.VIDEOGRAPHER_CREDENTIALS) && validIpAddress(videographerToken.getIpAddress())) {
validateTarget.setState(ReceivedToken.STATE.VALID);
validateTarget.setPrincipal(new VideographerPrincipal(videographerToken.getIpAddress()));
}
} else if (videographerToken.getCredentials().equals(VideographerAuthenticationToken.VIDEOGRAPHER_CREDENTIALS) && validIpAddress(videographerToken.getIpAddress())) {
validateTarget.setState(ReceivedToken.STATE.VALID);
validateTarget.setPrincipal(new VideographerPrincipal(videographerToken.getIpAddress()));
}
}
return response;
}
Also used :
VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
VideographerPrincipal(org.codice.alliance.video.security.principal.videographer.VideographerPrincipal)
Example 4 with VideographerAuthenticationToken
use of org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken in project alliance by codice.
the class VideographerValidatorTest method setup.
@Before
public void setup() {
validator = new VideographerValidator();
validator.setSupportedRealms(Collections.singletonList("DDF"));
VideographerAuthenticationToken videographerAuthenticationToken = new VideographerAuthenticationToken("DDF", "127.0.0.1");
VideographerAuthenticationToken videographerAuthenticationTokenAnyRealm = new VideographerAuthenticationToken("*", "127.0.0.1");
VideographerAuthenticationToken videographerAuthenticationTokenIpv6 = new VideographerAuthenticationToken("*", "0:0:0:0:0:0:0:1");
VideographerAuthenticationToken videographerAuthenticationTokenBadIp = new VideographerAuthenticationToken("*", "123.abc.45.def");
VideographerAuthenticationToken videographerAuthenticationTokenIpv6Reachability = new VideographerAuthenticationToken("*", "0:0:0:0:0:0:0:1%4");
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
binarySecurityTokenType.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
binarySecurityTokenType.setValue(videographerAuthenticationToken.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType);
BinarySecurityTokenType binarySecurityTokenType2 = new BinarySecurityTokenType();
binarySecurityTokenType2.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
binarySecurityTokenType2.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType2.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
binarySecurityTokenType2.setValue(Base64.getEncoder().encodeToString("NotVideographer".getBytes()));
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement2 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType2);
BinarySecurityTokenType binarySecurityTokenType3 = new BinarySecurityTokenType();
binarySecurityTokenType3.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
binarySecurityTokenType3.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType3.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
binarySecurityTokenType3.setValue(videographerAuthenticationTokenAnyRealm.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement3 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType3);
BinarySecurityTokenType binarySecurityTokenType4 = new BinarySecurityTokenType();
binarySecurityTokenType4.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
binarySecurityTokenType4.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType4.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
binarySecurityTokenType4.setValue(videographerAuthenticationTokenIpv6.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement4 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType4);
BinarySecurityTokenType binarySecurityTokenType5 = new BinarySecurityTokenType();
binarySecurityTokenType5.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
binarySecurityTokenType5.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenType5.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
binarySecurityTokenType5.setValue(videographerAuthenticationTokenBadIp.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElement5 = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenType5);
BinarySecurityTokenType binarySecurityTokenTypeIpv6Reachability = new BinarySecurityTokenType();
binarySecurityTokenTypeIpv6Reachability.setValueType(VideographerAuthenticationToken.VIDEOGRAPHER_TOKEN_VALUE_TYPE);
binarySecurityTokenTypeIpv6Reachability.setEncodingType(BSTAuthenticationToken.BASE64_ENCODING);
binarySecurityTokenTypeIpv6Reachability.setId(VideographerAuthenticationToken.BST_VIDEOGRAPHER_LN);
binarySecurityTokenTypeIpv6Reachability.setValue(videographerAuthenticationTokenIpv6Reachability.getEncodedCredentials());
JAXBElement<BinarySecurityTokenType> binarySecurityTokenElementIpv6Reachability = new JAXBElement<>(new QName(XSD, TOKEN), BinarySecurityTokenType.class, binarySecurityTokenTypeIpv6Reachability);
receivedToken = new ReceivedToken(binarySecurityTokenElement);
receivedAnyRealmToken = new ReceivedToken(binarySecurityTokenElement3);
receivedBadToken = new ReceivedToken(binarySecurityTokenElement2);
receivedTokenIpv6 = new ReceivedToken(binarySecurityTokenElement4);
receivedTokenBadIp = new ReceivedToken(binarySecurityTokenElement5);
receivedTokenIpv6Reachability = new ReceivedToken(binarySecurityTokenElementIpv6Reachability);
parameters = new TokenValidatorParameters();
parameters.setToken(receivedToken);
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
QName(javax.xml.namespace.QName)
VideographerAuthenticationToken(org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken)
JAXBElement(javax.xml.bind.JAXBElement)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Before(org.junit.Before)
Aggregations
VideographerAuthenticationToken (org.codice.alliance.video.security.token.videographer.VideographerAuthenticationToken)4
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)2
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)2
Subject (ddf.security.Subject)1
SecurityManager (ddf.security.service.SecurityManager)1
JAXBElement (javax.xml.bind.JAXBElement)1
QName (javax.xml.namespace.QName)1
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)1
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)1
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)1
VideographerPrincipal (org.codice.alliance.video.security.principal.videographer.VideographerPrincipal)1
BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)1
Before (org.junit.Before)1
