Example 1 with ParserConfigurator
use of org.codice.ddf.parser.ParserConfigurator in project ddf by codice.
the class WssBasicAuthenticationHandler method getBaseAuthenticationToken.
protected BaseAuthenticationToken getBaseAuthenticationToken(String realm, String username, String password) {
if (null == parser) {
throw new IllegalStateException("XMLParser must be configured.");
}
UsernameTokenType usernameTokenType = new UsernameTokenType();
AttributedString user = new AttributedString();
user.setValue(username);
usernameTokenType.setUsername(user);
String usernameToken = null;
// Add a password
PasswordString pass = new PasswordString();
pass.setValue(password);
pass.setType(WSConstants.PASSWORD_TEXT);
JAXBElement<PasswordString> passwordType = new JAXBElement<>(QNameConstants.PASSWORD, PasswordString.class, pass);
usernameTokenType.getAny().add(passwordType);
// Marshall the received JAXB object into a DOM Element
List<String> ctxPath = new ArrayList<>(2);
ctxPath.add(ObjectFactory.class.getPackage().getName());
ctxPath.add(org.apache.cxf.ws.security.sts.provider.model.wstrust14.ObjectFactory.class.getPackage().getName());
ParserConfigurator configurator = parser.configureParser(ctxPath, WssBasicAuthenticationHandler.class.getClassLoader());
ByteArrayOutputStream os = new ByteArrayOutputStream();
JAXBElement<UsernameTokenType> tokenType = new JAXBElement<>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType);
try {
parser.marshal(configurator, tokenType, os);
usernameToken = os.toString("UTF-8");
} catch (ParserException | UnsupportedEncodingException ex) {
LOGGER.info("Unable to parse username token.", ex);
}
BaseAuthenticationToken baseAuthenticationToken = new BaseAuthenticationToken(null, "", usernameToken);
baseAuthenticationToken.setUseWssSts(true);
return baseAuthenticationToken;
}
Also used :
ParserException(org.codice.ddf.parser.ParserException)
UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)
ArrayList(java.util.ArrayList)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)
PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)
JAXBElement(javax.xml.bind.JAXBElement)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)
ParserConfigurator(org.codice.ddf.parser.ParserConfigurator)
AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)
BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken)
Example 2 with ParserConfigurator
use of org.codice.ddf.parser.ParserConfigurator in project ddf by codice.
the class UPBSTValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*
* @param tokenParameters
* @return TokenValidatorResponse
*/
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.trace("Validating UPBST Token");
if (parser == null) {
throw new IllegalStateException("XMLParser must be configured.");
}
if (failedLoginDelayer == null) {
throw new IllegalStateException("Failed Login Delayer must be configured");
}
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
requestData.setWssConfig(WSSConfig.getNewInstance());
requestData.setCallbackHandler(callbackHandler);
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isBinarySecurityToken()) {
return response;
}
BinarySecurityTokenType binarySecurityType = (BinarySecurityTokenType) validateTarget.getToken();
// Test the encoding type
String encodingType = binarySecurityType.getEncodingType();
if (!UPAuthenticationToken.BASE64_ENCODING.equals(encodingType)) {
LOGGER.trace("Bad encoding type attribute specified: {}", encodingType);
return response;
}
UPAuthenticationToken usernameToken = getUsernameTokenFromTarget(validateTarget);
if (usernameToken == null) {
return response;
}
UsernameTokenType usernameTokenType = getUsernameTokenType(usernameToken);
// Marshall the received JAXB object into a DOM Element
Element usernameTokenElement = null;
JAXBElement<UsernameTokenType> tokenType = new JAXBElement<>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType);
Document doc = DOMUtils.createDocument();
Element rootElement = doc.createElement("root-element");
List<String> ctxPath = new ArrayList<>(1);
ctxPath.add(UsernameTokenType.class.getPackage().getName());
ParserConfigurator configurator = parser.configureParser(ctxPath, UPBSTValidator.class.getClassLoader());
try {
parser.marshal(configurator, tokenType, rootElement);
} catch (ParserException ex) {
LOGGER.info("Unable to parse username token", ex);
return response;
}
usernameTokenElement = (Element) rootElement.getFirstChild();
//
// Validate the token
//
WSSConfig wssConfig = WSSConfig.getNewInstance();
try {
boolean allowNamespaceQualifiedPasswordTypes = requestData.isAllowNamespaceQualifiedPasswordTypes();
UsernameToken ut = new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, new BSPEnforcer());
// The parsed principal is set independent whether validation is successful or not
response.setPrincipal(new CustomTokenPrincipal(ut.getName()));
if (ut.getPassword() == null) {
return response;
}
String tokenId = String.format("%s:%s:%s", usernameToken.getUsername(), usernameToken.getPassword(), usernameToken.getRealm());
// See if the UsernameToken is stored in the cache
int hash = tokenId.hashCode();
SecurityToken secToken = null;
if (tokenParameters.getTokenStore() != null) {
secToken = tokenParameters.getTokenStore().getToken(Integer.toString(hash));
if (secToken != null && secToken.getTokenHash() != hash) {
secToken = null;
} else if (secToken != null) {
validateTarget.setState(STATE.VALID);
}
}
if (secToken == null) {
Credential credential = new Credential();
credential.setUsernametoken(ut);
if (usernameToken.getRealm() != null && !"*".equals(usernameToken.getRealm())) {
Validator validator = validators.get(usernameToken.getRealm());
if (validator != null) {
try {
validator.validate(credential, requestData);
validateTarget.setState(STATE.VALID);
LOGGER.debug("Validated user against realm {}", usernameToken.getRealm());
} catch (WSSecurityException ex) {
LOGGER.debug("Not able to validate user against realm {}", usernameToken.getRealm());
}
}
} else {
Set<Map.Entry<String, Validator>> entries = validators.entrySet();
for (Map.Entry<String, Validator> entry : entries) {
try {
entry.getValue().validate(credential, requestData);
validateTarget.setState(STATE.VALID);
LOGGER.debug("Validated user against realm {}", entry.getKey());
break;
} catch (WSSecurityException ex) {
LOGGER.debug("Not able to validate user against realm {}", entry.getKey());
}
}
}
}
Principal principal = createPrincipal(ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated());
// Store the successfully validated token in the cache
if (tokenParameters.getTokenStore() != null && secToken == null && STATE.VALID.equals(validateTarget.getState())) {
secToken = new SecurityToken(ut.getID());
secToken.setToken(ut.getElement());
int hashCode = tokenId.hashCode();
String identifier = Integer.toString(hashCode);
secToken.setTokenHash(hashCode);
tokenParameters.getTokenStore().add(identifier, secToken);
}
response.setPrincipal(principal);
response.setTokenRealm(null);
validateTarget.setPrincipal(principal);
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate token.", ex);
}
if (response.getToken().getState() != STATE.VALID) {
failedLoginDelayer.delay(response.getToken().getPrincipal().getName());
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
AttributedString(org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)
PasswordString(org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)
Document(org.w3c.dom.Document)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
RequestData(org.apache.wss4j.dom.handler.RequestData)
UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
ParserException(org.codice.ddf.parser.ParserException)
Credential(org.apache.wss4j.dom.validate.Credential)
UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)
BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
JAXBElement(javax.xml.bind.JAXBElement)
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
ParserConfigurator(org.codice.ddf.parser.ParserConfigurator)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Validator(org.apache.wss4j.dom.validate.Validator)
JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)
TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 3 with ParserConfigurator
use of org.codice.ddf.parser.ParserConfigurator in project ddf by codice.
the class UsernameTokenValidator method validateToken.
/**
* Validate a Token using the given TokenValidatorParameters.
*/
public TokenValidatorResponse validateToken(TokenValidatorParameters tokenParameters) {
LOGGER.debug("Validating UsernameToken");
if (parser == null) {
throw new IllegalStateException("XMLParser must be configured.");
}
if (failedLoginDelayer == null) {
throw new IllegalStateException("Failed Login Delayer must be configured");
}
STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
Crypto sigCrypto = stsProperties.getSignatureCrypto();
CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
RequestData requestData = new RequestData();
requestData.setSigVerCrypto(sigCrypto);
WSSConfig wssConfig = WSSConfig.getNewInstance();
requestData.setWssConfig(wssConfig);
requestData.setCallbackHandler(callbackHandler);
TokenValidatorResponse response = new TokenValidatorResponse();
ReceivedToken validateTarget = tokenParameters.getToken();
validateTarget.setState(ReceivedToken.STATE.INVALID);
response.setToken(validateTarget);
if (!validateTarget.isUsernameToken()) {
return response;
}
//
// Turn the JAXB UsernameTokenType into a DOM Element for validation
//
UsernameTokenType usernameTokenType = (UsernameTokenType) validateTarget.getToken();
JAXBElement<UsernameTokenType> tokenType = new JAXBElement<>(QNameConstants.USERNAME_TOKEN, UsernameTokenType.class, usernameTokenType);
Document doc = DOMUtils.createDocument();
Element rootElement = doc.createElement("root-element");
List<String> ctxPath = new ArrayList<>(1);
ctxPath.add(UsernameTokenType.class.getPackage().getName());
Element usernameTokenElement = null;
ParserConfigurator configurator = parser.configureParser(ctxPath, UsernameTokenValidator.class.getClassLoader());
try {
parser.marshal(configurator, tokenType, rootElement);
usernameTokenElement = (Element) rootElement.getFirstChild();
} catch (ParserException ex) {
LOGGER.info("Unable to parse username token", ex);
return response;
}
//
try {
boolean allowNamespaceQualifiedPasswordTypes = requestData.isAllowNamespaceQualifiedPasswordTypes();
UsernameToken ut = new UsernameToken(usernameTokenElement, allowNamespaceQualifiedPasswordTypes, new BSPEnforcer());
// The parsed principal is set independent whether validation is successful or not
response.setPrincipal(new CustomTokenPrincipal(ut.getName()));
if (ut.getPassword() == null) {
failedLoginDelayer.delay(ut.getName());
return response;
}
Credential credential = new Credential();
credential.setUsernametoken(ut);
//Only this section is new, the rest is copied from the apache class
Set<Map.Entry<String, Validator>> entries = validators.entrySet();
for (Map.Entry<String, Validator> entry : entries) {
try {
entry.getValue().validate(credential, requestData);
validateTarget.setState(ReceivedToken.STATE.VALID);
break;
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate user against {}" + entry.getKey(), ex);
}
}
if (ReceivedToken.STATE.INVALID.equals(validateTarget.getState())) {
failedLoginDelayer.delay(ut.getName());
return response;
}
//end new section
Principal principal = createPrincipal(ut.getName(), ut.getPassword(), ut.getPasswordType(), ut.getNonce(), ut.getCreated());
response.setPrincipal(principal);
response.setTokenRealm(null);
validateTarget.setState(ReceivedToken.STATE.VALID);
validateTarget.setPrincipal(principal);
} catch (WSSecurityException ex) {
LOGGER.debug("Unable to validate token.", ex);
}
return response;
}
Also used :
CallbackHandler(javax.security.auth.callback.CallbackHandler)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
ArrayList(java.util.ArrayList)
UsernameToken(org.apache.wss4j.dom.message.token.UsernameToken)
Document(org.w3c.dom.Document)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
WSSConfig(org.apache.wss4j.dom.engine.WSSConfig)
JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)
RequestData(org.apache.wss4j.dom.handler.RequestData)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
ParserException(org.codice.ddf.parser.ParserException)
Credential(org.apache.wss4j.dom.validate.Credential)
UsernameTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)
BSPEnforcer(org.apache.wss4j.common.bsp.BSPEnforcer)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
JAXBElement(javax.xml.bind.JAXBElement)
ParserConfigurator(org.codice.ddf.parser.ParserConfigurator)
Crypto(org.apache.wss4j.common.crypto.Crypto)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
Map(java.util.Map)
ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap)
Validator(org.apache.wss4j.dom.validate.Validator)
JAASUsernameTokenValidator(org.apache.wss4j.dom.validate.JAASUsernameTokenValidator)
TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator)
CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal)
Principal(java.security.Principal)
Example 4 with ParserConfigurator
use of org.codice.ddf.parser.ParserConfigurator in project ddf by codice.
the class XacmlClient method marshal.
/**
* Marshalls the XACML request to a string.
*
* @param xacmlRequestType The XACML request to marshal.
* @return A string representation of the XACML request.
*/
private String marshal(RequestType xacmlRequestType) throws PdpException {
if (null == parser) {
throw new IllegalStateException("XMLParser must be configured.");
}
String xacmlRequest = null;
try {
List<String> ctxPath = new ArrayList<>(1);
ctxPath.add(ResponseType.class.getPackage().getName());
ParserConfigurator configurator = parser.configureParser(ctxPath, XacmlClient.class.getClassLoader());
configurator.addProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
ByteArrayOutputStream os = new ByteArrayOutputStream();
ObjectFactory objectFactory = new ObjectFactory();
parser.marshal(configurator, objectFactory.createRequest(xacmlRequestType), os);
xacmlRequest = os.toString("UTF-8");
} catch (ParserException | UnsupportedEncodingException e) {
String message = "Unable to marshal XACML request.";
LOGGER.info(message, e);
throw new PdpException(message, e);
}
LOGGER.debug("\nXACML 3.0 Request:\n{}", xacmlRequest);
return xacmlRequest;
}
Also used :
ParserConfigurator(org.codice.ddf.parser.ParserConfigurator)
ParserException(org.codice.ddf.parser.ParserException)
ObjectFactory(oasis.names.tc.xacml._3_0.core.schema.wd_17.ObjectFactory)
ArrayList(java.util.ArrayList)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
ByteArrayOutputStream(java.io.ByteArrayOutputStream)
Example 5 with ParserConfigurator
use of org.codice.ddf.parser.ParserConfigurator in project ddf by codice.
the class XacmlClient method unmarshal.
/**
* Unmarshalls the XACML response.
*
* @param xacmlResponse The XACML response with all namespaces and namespace prefixes added.
* @return The XACML response.
* @throws PdpException
*/
@SuppressWarnings("unchecked")
private ResponseType unmarshal(DOMResult xacmlResponse) throws PdpException {
List<String> ctxPath = ImmutableList.of(ResponseType.class.getPackage().getName());
if (null == parser) {
throw new IllegalStateException("XMLParser must be configured.");
}
ParserConfigurator configurator = parser.configureParser(ctxPath, XacmlClient.class.getClassLoader());
try {
JAXBElement<ResponseType> xacmlResponseTypeElement = parser.unmarshal(configurator, JAXBElement.class, xacmlResponse.getNode());
return xacmlResponseTypeElement.getValue();
} catch (ParserException e) {
String message = "Unable to unmarshal XACML response.";
LOGGER.info(message);
throw new PdpException(message, e);
}
}
Also used :
ParserConfigurator(org.codice.ddf.parser.ParserConfigurator)
ParserException(org.codice.ddf.parser.ParserException)
ResponseType(oasis.names.tc.xacml._3_0.core.schema.wd_17.ResponseType)
Aggregations
ParserConfigurator (org.codice.ddf.parser.ParserConfigurator)6
ParserException (org.codice.ddf.parser.ParserException)6
ArrayList (java.util.ArrayList)4
ByteArrayOutputStream (java.io.ByteArrayOutputStream)3
JAXBElement (javax.xml.bind.JAXBElement)3
UsernameTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.UsernameTokenType)3
UnsupportedEncodingException (java.io.UnsupportedEncodingException)2
Principal (java.security.Principal)2
Map (java.util.Map)2
ConcurrentHashMap (java.util.concurrent.ConcurrentHashMap)2
CallbackHandler (javax.security.auth.callback.CallbackHandler)2
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)2
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)2
TokenValidator (org.apache.cxf.sts.token.validator.TokenValidator)2
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)2
AttributedString (org.apache.cxf.ws.security.sts.provider.model.secext.AttributedString)2
PasswordString (org.apache.cxf.ws.security.sts.provider.model.secext.PasswordString)2
BSPEnforcer (org.apache.wss4j.common.bsp.BSPEnforcer)2
Crypto (org.apache.wss4j.common.crypto.Crypto)2
WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2
