Exemple #1
0
  private OMElement getRSTTemplate() throws TrustException {
    OMFactory omFac = OMAbstractFactory.getOMFactory();
    OMElement element = omFac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);

    if (ClientConstants.SAML_TOKEN_TYPE_20.equals(tokenType)) {
      TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, element)
          .setText(RahasConstants.TOK_TYPE_SAML_20);
    } else if (ClientConstants.SAML_TOKEN_TYPE_11.equals(tokenType)) {
      TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, element)
          .setText(RahasConstants.TOK_TYPE_SAML_10);
    }

    if (ClientConstants.SUBJECT_CONFIRMATION_BEARER.equals(subjectConfirmationMethod)) {
      TrustUtil.createKeyTypeElement(
          RahasConstants.VERSION_05_02, element, RahasConstants.KEY_TYPE_BEARER);
    } else if (ClientConstants.SUBJECT_CONFIRMATION_HOLDER_OF_KEY.equals(
        subjectConfirmationMethod)) {
      TrustUtil.createKeyTypeElement(
          RahasConstants.VERSION_05_02, element, RahasConstants.KEY_TYPE_SYMM_KEY);
    }

    // request claims in the token.
    OMElement claimElement =
        TrustUtil.createClaims(RahasConstants.VERSION_05_02, element, claimDialect);
    // Populate the <Claims/> element with the <ClaimType/> elements
    addClaimType(claimElement, claimUris);

    return element;
  }
Exemple #2
0
 private static OMElement getRSTTemplate() throws Exception {
   OMFactory fac = OMAbstractFactory.getOMFactory();
   OMElement elem = fac.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
   TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, elem)
       .setText(RahasConstants.TOK_TYPE_SAML_10);
   TrustUtil.createKeyTypeElement(
       RahasConstants.VERSION_05_02, elem, RahasConstants.KEY_TYPE_SYMM_KEY);
   TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem, 256);
   return elem;
 }
Exemple #3
0
  public static void main(String[] args) throws Exception {

    if (args.length != 3) {
      System.out.println("Usage: $java Client endpoint_address client_repo_path policy_xml_path");
    }

    ConfigurationContext ctx =
        ConfigurationContextFactory.createConfigurationContextFromFileSystem(args[1], null);

    STSClient stsClient = new STSClient(ctx);

    stsClient.setRstTemplate(getRSTTemplate());
    String action =
        TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
    stsClient.setAction(action);

    Token responseToken =
        stsClient.requestSecurityToken(
            loadPolicy("sample05/policy.xml"),
            "http://localhost:8080/axis2/services/STS",
            loadPolicy("sample05/sts_policy.xml"),
            null);

    System.out.println(
        "\n############################# Requested Token ###################################\n");
    System.out.println(responseToken.getToken().toString());

    TokenStorage store = TrustUtil.getTokenStore(ctx);
    store.add(responseToken);

    ServiceClient client = new ServiceClient(ctx, null);

    Options options = new Options();
    options.setAction("urn:echo");
    options.setTo(new EndpointReference(args[0]));
    options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, loadPolicy("sample05/policy.xml"));
    options.setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, responseToken.getId());
    client.setOptions(options);

    client.engageModule("addressing");
    client.engageModule("rampart");

    OMElement response = client.sendReceive(getPayload("Hello world1"));
    System.out.println("Response  : " + response);
  }
Exemple #4
0
  private void run() {
    try {
      loadConfigurations();

      // set the trust store as a system property for communication over
      // TLS.
      System.setProperty("javax.net.ssl.trustStore", keystorePath);
      System.setProperty("javax.net.ssl.trustStorePassword", keystorePwd);

      // create configuration context
      ConfigurationContext configCtx =
          ConfigurationContextFactory.createConfigurationContextFromFileSystem(repoPath);

      // create STS client
      STSClient stsClient = new STSClient(configCtx);
      stsClient.setRstTemplate(getRSTTemplate());

      String action = null;
      String responseTokenID = null;

      action =
          TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
      stsClient.setAction(action);

      // request the security token from STS.
      Token responseToken;

      Policy stsPolicy = loadPolicy(stsPolicyPath);

      // add rampart config assertion to the ws-sec policies
      RampartConfig rampartConfig = buildRampartConfig();
      stsPolicy.addAssertion(rampartConfig);

      responseToken = stsClient.requestSecurityToken(null, stsEPR, stsPolicy, relyingPartyEPR);

      // store the obtained token in token store to be used in future
      // communication.
      TokenStorage store = TrustUtil.getTokenStore(configCtx);
      responseTokenID = responseToken.getId();
      store.add(responseToken);

      // print token
      System.out.println(responseToken.getToken().toString());
      // sending token renew request
      String renewedTokenID = null;
      if (enableRenewing) {
        System.out.println("Renewing " + tokenType);
        String TokenProfile = null;
        if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_11)) {
          TokenProfile = RahasConstants.TOK_TYPE_SAML_10;
        } else if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_20)) {
          TokenProfile = RahasConstants.TOK_TYPE_SAML_20;
        }

        stsClient.setRstTemplate(getRSTTemplate());
        boolean tokenRenewed =
            stsClient.renewToken(responseTokenID, TokenProfile, stsEPR, stsPolicy, store);
        System.out.println("tokenRenewed : " + tokenRenewed);

        Token renewedToken = store.getRenewedTokens()[0];
        renewedTokenID = renewedToken.getId();
        System.out.println("Renewed Token : \n" + renewedToken.getToken().toString());
      }
      // Validate the token
      if (enableValidateBinding) {
        // validating the token.
        stsClient = new STSClient(configCtx);
        action =
            TrustUtil.getActionValue(
                RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_VALIDATE);
        stsClient.setAction(action);
        String tokenID = null;
        if (renewedTokenID != null) {
          tokenID = renewedTokenID;
        } else {
          tokenID = responseTokenID;
        }
        boolean isValid = stsClient.validateToken(tokenID, stsEPR, stsPolicy);

        if (isValid) {
          if (enableRenewing) {
            System.out.println("Renewed SAML " + tokenType + " Token is valid");
          } else {
            System.out.println("Response SAML " + tokenType + " Token is valid");
          }
        } else {
          if (enableRenewing) {
            System.out.println("Renewed SAML " + tokenType + " Token is invalid");
          } else {
            System.out.println("Response SAML " + tokenType + " Token is invalid");
          }
        }
      }

      // Send the token to relying party
      if (enableRelyingParty) {
        /* Invoke secured service using the obtained token */
        OMElement responseElem = null;

        // create service client
        ServiceClient serClient = new ServiceClient(configCtx, null);

        // engage modules
        serClient.engageModule("addressing");
        serClient.engageModule("rampart");

        // load policy of secured service
        Policy sec_policy = loadPolicy(relyingPartyPolicyPath);

        // add rampart config to the ws-sec policies
        sec_policy.addAssertion(rampartConfig);

        // set in/out security policies in client opts
        serClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLICY, sec_policy);

        // Set the token id as a property in the Axis2 client scope, so
        // that this will be picked up when creating the secure message to
        // invoke
        // the endpoint.
        serClient
            .getOptions()
            .setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, renewedTokenID);

        // set action of the Hello Service to be invoked.
        serClient.getOptions().setAction("urn:echoString");
        serClient.getOptions().setTo(new EndpointReference(relyingPartyEPR));

        // invoke the service
        // System.out.println(serClient.sendReceive(getPayload(echoRequestMsg)).toString());
        responseElem = serClient.sendReceive(getPayload(echoRequestMsg));
        // cleanup transports
        serClient.getOptions().setCallTransportCleanup(true);

        System.out.println(responseElem.toString());

        System.exit(0);
      }
    } catch (Exception e) {
      e.printStackTrace();
    } finally {
      System.exit(0);
    }
  }