Examples with PKIAuthenticationToken org.codice.ddf.security.handler.api.PKIAuthenticationToken used on opensource projects

Search in sources :

Example 6 with PKIAuthenticationToken

use of org.codice.ddf.security.handler.api.PKIAuthenticationToken in project ddf by codice.

the class TestPKITokenValidator method testCanHandleAnyRealmToken.

@Test
public void testCanHandleAnyRealmToken() {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
    binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
    PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
    pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
    pkiAuthenticationTokenFactory.init();
    PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "*");
    binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    boolean result = pkiTokenValidator.canHandleToken(receivedToken);
    assertEquals(true, result);
}
Also used : PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 7 with PKIAuthenticationToken

use of org.codice.ddf.security.handler.api.PKIAuthenticationToken in project ddf by codice.

the class Security method getSystemSubject.

/**
     * Gets the {@link Subject} associated with this system. Uses a cached subject since the subject
     * will not change between calls.
     *
     * @return system's {@link Subject}
     */
public synchronized Subject getSystemSubject() {
    if (!javaSubjectHasAdminRole()) {
        SecurityLogger.audit("Unable to retrieve system subject.");
        return null;
    }
    if (!tokenAboutToExpire(cachedSystemSubject)) {
        return cachedSystemSubject;
    }
    KeyStore keyStore = getSystemKeyStore();
    String alias = null;
    Certificate cert = null;
    try {
        if (keyStore != null) {
            if (keyStore.size() == 1) {
                alias = keyStore.aliases().nextElement();
            } else if (keyStore.size() > 1) {
                alias = getCertificateAlias();
            }
            cert = keyStore.getCertificate(alias);
        }
    } catch (KeyStoreException e) {
        LOGGER.warn("Unable to get certificate for alias [{}]", alias, e);
        return null;
    }
    if (cert == null) {
        LOGGER.warn("Unable to get certificate for alias [{}]", alias);
        return null;
    }
    PKIAuthenticationTokenFactory pkiTokenFactory = createPKITokenFactory();
    PKIAuthenticationToken pkiToken = pkiTokenFactory.getTokenFromCerts(new X509Certificate[] { (X509Certificate) cert }, PKIAuthenticationToken.DEFAULT_REALM);
    if (pkiToken != null) {
        SecurityManager securityManager = getSecurityManager();
        if (securityManager != null) {
            try {
                cachedSystemSubject = securityManager.getSubject(pkiToken);
            } catch (SecurityServiceException sse) {
                LOGGER.warn("Unable to request subject for system user.", sse);
            }
        }
    }
    return cachedSystemSubject;
}
Also used : PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) SecurityServiceException(ddf.security.service.SecurityServiceException) SecurityManager(ddf.security.service.SecurityManager) PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory) KeyStoreException(java.security.KeyStoreException) KeyStore(java.security.KeyStore) X509Certificate(java.security.cert.X509Certificate) Certificate(java.security.cert.Certificate)

Example 8 with PKIAuthenticationToken

use of org.codice.ddf.security.handler.api.PKIAuthenticationToken in project ddf by codice.

the class PKITokenValidator method getPKITokenFromTarget.

private PKIAuthenticationToken getPKITokenFromTarget(ReceivedToken validateTarget) {
    Object token = validateTarget.getToken();
    if ((token instanceof BinarySecurityTokenType) && PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE.equals(((BinarySecurityTokenType) token).getValueType())) {
        String encodedCredential = ((BinarySecurityTokenType) token).getValue();
        LOGGER.debug("Encoded username/password credential: {}", encodedCredential);
        BaseAuthenticationToken base = null;
        try {
            base = PKIAuthenticationToken.parse(encodedCredential, true);
            return new PKIAuthenticationToken(base.getPrincipal(), base.getCredentials().toString(), base.getRealm());
        } catch (WSSecurityException e) {
            LOGGER.info("Unable to parse {} from encodedToken.", PKIAuthenticationToken.class.getSimpleName(), e);
            return null;
        }
    }
    return null;
}
Also used : PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)

Example 9 with PKIAuthenticationToken

use of org.codice.ddf.security.handler.api.PKIAuthenticationToken in project ddf by codice.

the class TestPKITokenValidator method testValidateToken.

@Test
public void testValidateToken() {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
    binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
    PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
    pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
    pkiAuthenticationTokenFactory.init();
    PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "karaf");
    binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
    STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
    when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(merlin);
    when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
    when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
    doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
    doCallRealMethod().when(receivedToken).getState();
    TokenValidatorResponse tokenValidatorResponse = pkiTokenValidator.validateToken(tokenValidatorParameters);
    assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
    assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
    assertEquals("localhost@example.org", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
Also used : TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters) PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Example 10 with PKIAuthenticationToken

use of org.codice.ddf.security.handler.api.PKIAuthenticationToken in project ddf by codice.

the class TestPKITokenValidator method testCanHandleToken.

@Test
public void testCanHandleToken() {
    BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
    binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
    binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
    PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
    pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
    pkiAuthenticationTokenFactory.init();
    PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "karaf");
    binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
    ReceivedToken receivedToken = mock(ReceivedToken.class);
    when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
    boolean result = pkiTokenValidator.canHandleToken(receivedToken);
    assertEquals(true, result);
}
Also used : PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken) BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType) PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory) ReceivedToken(org.apache.cxf.sts.request.ReceivedToken) Test(org.junit.Test)

Aggregations

PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)10 BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)9 ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)7 PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)7 Test (org.junit.Test)6 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)4 TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)4 TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)3 X509Certificate (java.security.cert.X509Certificate)2 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2 BinarySecurity (org.apache.wss4j.common.token.BinarySecurity)2 X509Security (org.apache.wss4j.common.token.X509Security)2 BaseAuthenticationToken (org.codice.ddf.security.handler.api.BaseAuthenticationToken)2 Document (org.w3c.dom.Document)2 Node (org.w3c.dom.Node)2 SecurityManager (ddf.security.service.SecurityManager)1 SecurityServiceException (ddf.security.service.SecurityServiceException)1 IOException (java.io.IOException)1 KeyStore (java.security.KeyStore)1 KeyStoreException (java.security.KeyStoreException)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial