Example 6 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class GuestHandlerTest method testGetNormalizedToken.
/**
* This test ensures the proper functionality of GuestHandler's method,
* getNormalizedToken().
*/
@Test
public void testGetNormalizedToken() throws WSSecurityException {
GuestHandler handler = new GuestHandler();
PKIAuthenticationTokenFactory tokenFactory = new PKIAuthenticationTokenFactory();
handler.setTokenFactory(tokenFactory);
HttpServletRequest request = mock(HttpServletRequest.class);
HttpServletResponse response = mock(HttpServletResponse.class);
FilterChain chain = mock(FilterChain.class);
/**
* Note that the parameters are insignificant as GuestHandler
* does not use them.
*/
HandlerResult result = handler.getNormalizedToken(request, response, chain, true);
assertNotNull(result);
assertEquals(HandlerResult.Status.COMPLETED, result.getStatus());
assertTrue(result.getToken() instanceof GuestAuthenticationToken);
assertEquals("Guest", result.getToken().getCredentials());
assertEquals(null, result.getToken().getRealm());
assertEquals("null-GuestHandler", result.getSource());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
Test(org.junit.Test)
Example 7 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class GuestHandlerTest method testHandleError.
@Test
public void testHandleError() throws ServletException, IOException {
GuestHandler handler = new GuestHandler();
PKIAuthenticationTokenFactory tokenFactory = new PKIAuthenticationTokenFactory();
handler.setTokenFactory(tokenFactory);
StringWriter writer = new StringWriter(1024);
PrintWriter printWriter = new PrintWriter(writer);
HttpServletRequest request = mock(HttpServletRequest.class);
when(request.getAttribute(anyString())).thenReturn("DDF");
HttpServletResponse response = mock(HttpServletResponse.class);
when(response.getWriter()).thenReturn(printWriter);
FilterChain chain = mock(FilterChain.class);
/**
* Note that the parameters are insignificant as GuestHandler
* does not use them.
*/
HandlerResult result = handler.handleError(request, response, chain);
assertNotNull(result);
assertEquals(HandlerResult.Status.REDIRECTED, result.getStatus());
assertNull(result.getToken());
assertEquals("DDF-GuestHandler", result.getSource());
assertEquals(GuestHandler.INVALID_MESSAGE, writer.toString());
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
StringWriter(java.io.StringWriter)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HandlerResult(org.codice.ddf.security.handler.api.HandlerResult)
PrintWriter(java.io.PrintWriter)
Test(org.junit.Test)
Example 8 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class PKIHandlerTest method getPKIHandlerWithMockedCrl.
/**
* Creates a PKIHandler with a mocked CrlChecker that always returns true or false
*
* @param returnedValue Boolean value that the mocked CrlChecker will always return
* @return A PKIHandler with a mocked CrlChecker
*/
private PKIHandler getPKIHandlerWithMockedCrl(String signatureProperties, boolean returnedValue) {
PKIHandler handler = new PKIHandler();
PKIAuthenticationTokenFactory tokenFactory = new PKIAuthenticationTokenFactory();
tokenFactory.setSignaturePropertiesPath(signatureProperties);
tokenFactory.init();
handler.setTokenFactory(tokenFactory);
CrlChecker crlChecker = mock(CrlChecker.class);
when(crlChecker.passesCrlCheck(any())).thenReturn(returnedValue);
handler.crlChecker = crlChecker;
return handler;
}
Also used :
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
Example 9 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class WssPKIHandlerTest method getWssHandlerWithMockedCrl.
/**
* Creates a WssPKIHandler with a mocked CrlChecker that always returns true or false
*
* @param returnedValue Boolean value that the mocked CrlChecker will always return
* @return A WssPKIHandler with a mocked CrlChecker
*/
private WssPKIHandler getWssHandlerWithMockedCrl(String signatureProperties, boolean returnedValue) {
WssPKIHandler handler = new WssPKIHandler();
PKIAuthenticationTokenFactory tokenFactory = new PKIAuthenticationTokenFactory();
tokenFactory.setSignaturePropertiesPath(signatureProperties);
tokenFactory.init();
handler.setTokenFactory(tokenFactory);
CrlChecker crlChecker = mock(CrlChecker.class);
when(crlChecker.passesCrlCheck(any())).thenReturn(returnedValue);
handler.crlChecker = crlChecker;
return handler;
}
Also used :
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
Example 10 with PKIAuthenticationTokenFactory
use of org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory in project ddf by codice.
the class Security method getSystemSubject.
/**
* Gets the {@link Subject} associated with this system. Uses a cached subject since the subject
* will not change between calls.
*
* @return system's {@link Subject}
*/
public synchronized Subject getSystemSubject() {
if (!javaSubjectHasAdminRole()) {
SecurityLogger.audit("Unable to retrieve system subject.");
return null;
}
if (!tokenAboutToExpire(cachedSystemSubject)) {
return cachedSystemSubject;
}
KeyStore keyStore = getSystemKeyStore();
String alias = null;
Certificate cert = null;
try {
if (keyStore != null) {
if (keyStore.size() == 1) {
alias = keyStore.aliases().nextElement();
} else if (keyStore.size() > 1) {
alias = getCertificateAlias();
}
cert = keyStore.getCertificate(alias);
}
} catch (KeyStoreException e) {
LOGGER.warn("Unable to get certificate for alias [{}]", alias, e);
return null;
}
if (cert == null) {
LOGGER.warn("Unable to get certificate for alias [{}]", alias);
return null;
}
PKIAuthenticationTokenFactory pkiTokenFactory = createPKITokenFactory();
PKIAuthenticationToken pkiToken = pkiTokenFactory.getTokenFromCerts(new X509Certificate[] { (X509Certificate) cert }, PKIAuthenticationToken.DEFAULT_REALM);
if (pkiToken != null) {
SecurityManager securityManager = getSecurityManager();
if (securityManager != null) {
try {
cachedSystemSubject = securityManager.getSubject(pkiToken);
} catch (SecurityServiceException sse) {
LOGGER.warn("Unable to request subject for system user.", sse);
}
}
}
return cachedSystemSubject;
}
Also used :
PKIAuthenticationToken(org.codice.ddf.security.handler.api.PKIAuthenticationToken)
SecurityServiceException(ddf.security.service.SecurityServiceException)
SecurityManager(ddf.security.service.SecurityManager)
PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)
KeyStoreException(java.security.KeyStoreException)
KeyStore(java.security.KeyStore)
X509Certificate(java.security.cert.X509Certificate)
Certificate(java.security.cert.Certificate)
Aggregations
PKIAuthenticationTokenFactory (org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory)13
Test (org.junit.Test)8
PKIAuthenticationToken (org.codice.ddf.security.handler.api.PKIAuthenticationToken)7
ReceivedToken (org.apache.cxf.sts.request.ReceivedToken)6
BinarySecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.secext.BinarySecurityTokenType)6
STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)3
TokenValidatorParameters (org.apache.cxf.sts.token.validator.TokenValidatorParameters)3
TokenValidatorResponse (org.apache.cxf.sts.token.validator.TokenValidatorResponse)3
SecurityManager (ddf.security.service.SecurityManager)2
FilterChain (javax.servlet.FilterChain)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2
Subject (ddf.security.Subject)1
SecurityAssertion (ddf.security.assertion.SecurityAssertion)1
EncryptionService (ddf.security.encryption.EncryptionService)1
SecurityServiceException (ddf.security.service.SecurityServiceException)1
ByteArrayInputStream (java.io.ByteArrayInputStream)1
File (java.io.File)1
FileOutputStream (java.io.FileOutputStream)1
