Example 1 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class IdpEndpointTest method setup.
@Before
public void setup() throws IOException, SecurityServiceException, ParserConfigurationException, SAXException {
System.setProperty("org.codice.ddf.system.hostname", "localhost");
System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
File jksFile = temporaryFolder.newFile("serverKeystore.jks");
FileOutputStream jksOutStream = new FileOutputStream(jksFile);
InputStream jksStream = IdpEndpointTest.class.getResourceAsStream("/serverKeystore.jks");
IOUtils.copy(jksStream, jksOutStream);
IOUtils.closeQuietly(jksStream);
IOUtils.closeQuietly(jksOutStream);
File signatureFile = temporaryFolder.newFile("signature.properties");
FileOutputStream signatureOutStream = new FileOutputStream(signatureFile);
InputStream signatureStream = IdpEndpointTest.class.getResourceAsStream("/signature.properties");
IOUtils.copy(signatureStream, signatureOutStream);
IOUtils.closeQuietly(signatureStream);
IOUtils.closeQuietly(signatureOutStream);
File encryptionFile = temporaryFolder.newFile("encryption.properties");
FileOutputStream encryptionOutStream = new FileOutputStream(encryptionFile);
InputStream encryptionStream = IdpEndpointTest.class.getResourceAsStream("/encryption.properties");
IOUtils.copy(encryptionStream, encryptionOutStream);
IOUtils.closeQuietly(encryptionStream);
IOUtils.closeQuietly(encryptionOutStream);
EncryptionService encryptionService = mock(EncryptionService.class);
when(encryptionService.decrypt(anyString())).thenReturn("changeit");
when(encryptionService.encrypt(anyString())).thenReturn("changeit");
SecurityManager securityManager = mock(SecurityManager.class);
Subject subject = mock(Subject.class);
PrincipalCollection principalCollection = mock(PrincipalCollection.class);
SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
SecurityToken securityToken = mock(SecurityToken.class);
when(subject.getPrincipals()).thenReturn(principalCollection);
when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
when(securityToken.getToken()).thenReturn(readDocument("/saml.xml").getDocumentElement());
when(securityManager.getSubject(anyObject())).thenReturn(subject);
System.setProperty("javax.net.ssl.keyStore", jksFile.getAbsolutePath());
idpEndpoint = new IdpEndpoint(signatureFile.getAbsolutePath(), encryptionFile.getAbsolutePath(), encryptionService);
idpEndpoint.setStrictSignature(true);
idpEndpoint.init();
idpEndpoint.setSpMetadata(Collections.singletonList(spMetadata));
idpEndpoint.setSecurityManager(securityManager);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(signatureFile.getAbsolutePath());
pkiAuthenticationTokenFactory.init();
idpEndpoint.setTokenFactory(pkiAuthenticationTokenFactory);
idpEndpoint.cookieCache.cacheSamlAssertion("1", readDocument("/saml.xml").getDocumentElement());
idpEndpoint.setExpirationTime(30);
relayState = "ef95c04b-6c05-4d12-b65f-dd32fed8811e";
requestCertificateAttributeName = "javax.servlet.request.X509Certificate";
requestURL = new StringBuffer("https://www.example.com");
samlConditionDateFormat = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";
signature = authNRequestGetSignature;
signatureAlgorithm = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
ssoSAMLResponse = "https://localhost:8993/services/saml/sso?SAMLResponse=";
}
Also used :
SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken)
SecurityManager(ddf.security.service.SecurityManager)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
ByteArrayInputStream(java.io.ByteArrayInputStream)
InputStream(java.io.InputStream)
EncryptionService(ddf.security.encryption.EncryptionService)
FileOutputStream(java.io.FileOutputStream)
PrincipalCollection(org.apache.shiro.subject.PrincipalCollection)
SecurityAssertion(ddf.security.assertion.SecurityAssertion)
File(java.io.File)
Subject(ddf.security.Subject)
Before(org.junit.Before)
Example 2 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class TestPKITokenValidator method testValidateAnyRealmToken.
@Test
public void testValidateAnyRealmToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "*");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(merlin);
when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
TokenValidatorResponse tokenValidatorResponse = pkiTokenValidator.validateToken(tokenValidatorParameters);
assertEquals(ReceivedToken.STATE.VALID, tokenValidatorResponse.getToken().getState());
assertEquals("US", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.COUNTRY_CLAIM_URI));
assertEquals("localhost@example.org", tokenValidatorResponse.getAdditionalProperties().get(SubjectUtils.EMAIL_ADDRESS_CLAIM_URI));
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 3 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class TestPKITokenValidator method testCanNotHandleToken.
@Test
public void testCanNotHandleToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType("randomvaluetype");
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "karaf");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
boolean result = pkiTokenValidator.canHandleToken(receivedToken);
assertEquals(false, result);
}
Also used :
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 4 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class TestPKITokenValidator method testNoValidateToken.
@Test
public void testNoValidateToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/badSignature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(badCertificates, "karaf");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
TokenValidatorParameters tokenValidatorParameters = mock(TokenValidatorParameters.class);
STSPropertiesMBean stsPropertiesMBean = mock(STSPropertiesMBean.class);
when(stsPropertiesMBean.getSignatureCrypto()).thenReturn(merlin);
when(tokenValidatorParameters.getStsProperties()).thenReturn(stsPropertiesMBean);
when(tokenValidatorParameters.getToken()).thenReturn(receivedToken);
doCallRealMethod().when(receivedToken).setState(any(ReceivedToken.STATE.class));
doCallRealMethod().when(receivedToken).getState();
TokenValidatorResponse tokenValidatorResponse = pkiTokenValidator.validateToken(tokenValidatorParameters);
assertEquals(ReceivedToken.STATE.INVALID, tokenValidatorResponse.getToken().getState());
}
Also used :
TokenValidatorParameters(org.apache.cxf.sts.token.validator.TokenValidatorParameters)
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean)
TokenValidatorResponse(org.apache.cxf.sts.token.validator.TokenValidatorResponse)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Example 5 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class TestPKITokenValidator method testCanHandleAnyRealmToken.
@Test
public void testCanHandleAnyRealmToken() {
BinarySecurityTokenType binarySecurityTokenType = new BinarySecurityTokenType();
binarySecurityTokenType.setEncodingType(WSConstants.SOAPMESSAGE_NS + "#Base64Binary");
binarySecurityTokenType.setValueType(PKIAuthenticationToken.PKI_TOKEN_VALUE_TYPE);
PKIAuthenticationTokenFactory pkiAuthenticationTokenFactory = new PKIAuthenticationTokenFactory();
pkiAuthenticationTokenFactory.setSignaturePropertiesPath(TestPKITokenValidator.class.getResource("/signature.properties").getPath());
pkiAuthenticationTokenFactory.init();
PKIAuthenticationToken pkiAuthenticationToken = pkiAuthenticationTokenFactory.getTokenFromCerts(certificates, "*");
binarySecurityTokenType.setValue(pkiAuthenticationToken.getEncodedCredentials());
ReceivedToken receivedToken = mock(ReceivedToken.class);
when(receivedToken.getToken()).thenReturn(binarySecurityTokenType);
boolean result = pkiTokenValidator.canHandleToken(receivedToken);
assertEquals(true, result);
}
Also used :
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
BinarySecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
ReceivedToken(org.apache.cxf.sts.request.ReceivedToken)
Test(org.junit.Test)
Aggregations
PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)13
Test (org.junit.Test)8
PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)7
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)6
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)6
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)3
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)3
SecurityManager (ddf.security.service.SecurityManager)2
FilterChain (javax.servlet.FilterChain)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2
Subject (ddf.security.Subject)1
SecurityAssertion (ddf.security.assertion.SecurityAssertion)1
EncryptionService (ddf.security.encryption.EncryptionService)1
SecurityServiceException (ddf.security.service.SecurityServiceException)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
File (java.io.File)1
FileOutputStream (java.io.FileOutputStream)1
