private TokenProviderParameters createProviderParameters() throws WSSecurityException {
    TokenProviderParameters parameters = new TokenProviderParameters();

    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(JWTTokenProvider.JWT_TOKEN_TYPE);
    parameters.setTokenRequirements(tokenRequirements);

    KeyRequirements keyRequirements = new KeyRequirements();
    parameters.setKeyRequirements(keyRequirements);

    parameters.setTokenStore(tokenStore);

    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
    parameters.setWebServiceContext(webServiceContext);

    parameters.setAppliesToAddress("http://dummy-service.com/dummy");

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    parameters.setStsProperties(stsProperties);

    parameters.setEncryptionProperties(new EncryptionProperties());

    return parameters;
  }
  /** Test for various options relating to specifying a name for encryption */
  @org.junit.Test
  public void testEncryptionName() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    if (!unrestrictedPoliciesInstalled) {
      encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token - as no encryption name has been specified the token will not be encrypted
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    encryptionProperties.setEncryptionName("myservicekey");
    service.setEncryptionProperties(encryptionProperties);

    // Issue a (encrypted) token
    response = issueOperation.issue(request, null, msgCtx);
    securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
  }
  /** Test for various options relating to configuring an algorithm for encryption */
  @org.junit.Test
  public void testConfiguredEncryptionAlgorithm() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token - this should use a (new) default encryption algorithm as configured
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    encryptionProperties.setEncryptionAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
    try {
      issueOperation.issue(request, null, msgCtx);
      fail("Failure expected on a bad encryption algorithm");
    } catch (STSException ex) {
      // expected
    }
  }
  private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
    TokenValidatorParameters parameters = new TokenValidatorParameters();

    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(STSConstants.STATUS);
    parameters.setTokenRequirements(tokenRequirements);

    KeyRequirements keyRequirements = new KeyRequirements();
    parameters.setKeyRequirements(keyRequirements);

    parameters.setPrincipal(new CustomTokenPrincipal("alice"));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
    parameters.setWebServiceContext(webServiceContext);

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    parameters.setStsProperties(stsProperties);

    return parameters;
  }
Exemple #5
0
  private TokenProviderParameters createProviderParameters(
      String tokenType,
      String keyType,
      Crypto crypto,
      String signatureUsername,
      CallbackHandler callbackHandler,
      String username,
      String issuer)
      throws WSSecurityException {
    TokenProviderParameters parameters = new TokenProviderParameters();

    TokenRequirements tokenRequirements = new TokenRequirements();
    tokenRequirements.setTokenType(tokenType);
    parameters.setTokenRequirements(tokenRequirements);

    KeyRequirements keyRequirements = new KeyRequirements();
    keyRequirements.setKeyType(keyType);
    parameters.setKeyRequirements(keyRequirements);

    parameters.setPrincipal(new CustomTokenPrincipal(username));
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    parameters.setMessageContext(msgCtx);

    parameters.setAppliesToAddress(
        "https://localhost:" + STSPORT + "/SecurityTokenService/b-issuer/Transport");

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setSignatureUsername(signatureUsername);
    stsProperties.setCallbackHandler(callbackHandler);
    stsProperties.setIssuer(issuer);
    parameters.setStsProperties(stsProperties);

    parameters.setEncryptionProperties(new EncryptionProperties());

    return parameters;
  }
  /** Test for various options relating to configuring a key-wrap algorithm */
  @org.junit.Test
  public void testSpecifiedKeyWrapAlgorithm() throws Exception {
    //
    // This test fails (sometimes) with the IBM JDK
    // See https://www-304.ibm.com/support/docview.wss?uid=swg1IZ76737
    //
    if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
      return;
    }

    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    if (!unrestrictedPoliciesInstalled) {
      encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    JAXBElement<String> encryptionAlgorithmType =
        new JAXBElement<String>(
            QNameConstants.KEYWRAP_ALGORITHM, String.class, WSConstants.KEYTRANSPORT_RSAOAEP);
    request.getAny().add(encryptionAlgorithmType);

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    // Now specify a non-supported algorithm
    String aesKw = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
    List<String> acceptedAlgorithms = Collections.singletonList(aesKw);
    encryptionProperties.setAcceptedKeyWrapAlgorithms(acceptedAlgorithms);
    request.getAny().remove(request.getAny().size() - 1);
    encryptionAlgorithmType =
        new JAXBElement<String>(QNameConstants.KEYWRAP_ALGORITHM, String.class, aesKw);
    request.getAny().add(encryptionAlgorithmType);
    try {
      issueOperation.issue(request, null, msgCtx);
      fail("Failure expected on a bad key-wrap algorithm");
    } catch (STSException ex) {
      // expected
    }
  }