/** Test to validate an invalid X.509 token */
  @org.junit.Test
  public void testValidateInvalidX509Token() throws Exception {
    TokenValidateOperation validateOperation = new TokenValidateOperation();

    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
    validatorList.add(new X509TokenValidator());
    validateOperation.setTokenValidators(validatorList);

    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    validateOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
    request.getAny().add(tokenType);

    // Create a BinarySecurityToken
    CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
    cryptoType.setAlias("eve");
    Crypto eveCrypto = CryptoFactory.getInstance(getEveCryptoProperties());
    X509Certificate[] certs = eveCrypto.getX509Certificates(cryptoType);
    assertTrue(certs != null && certs.length > 0);

    JAXBElement<BinarySecurityTokenType> binarySecurityTokenType =
        createBinarySecurityToken(certs[0]);
    ValidateTargetType validateTarget = new ValidateTargetType();
    validateTarget.setAny(binarySecurityTokenType);

    JAXBElement<ValidateTargetType> validateTargetType =
        new JAXBElement<ValidateTargetType>(
            QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
    request.getAny().add(validateTargetType);

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));

    // Validate a token
    RequestSecurityTokenResponseType response =
        validateOperation.validate(request, principal, msgCtx);
    assertFalse(validateResponse(response));
  }
Esempio n. 2
0
  /** Test for various options relating to specifying a name for encryption */
  @org.junit.Test
  public void testEncryptionName() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    if (!unrestrictedPoliciesInstalled) {
      encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token - as no encryption name has been specified the token will not be encrypted
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    encryptionProperties.setEncryptionName("myservicekey");
    service.setEncryptionProperties(encryptionProperties);

    // Issue a (encrypted) token
    response = issueOperation.issue(request, null, msgCtx);
    securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());
  }
Esempio n. 3
0
  /** Test for various options relating to configuring an algorithm for encryption */
  @org.junit.Test
  public void testConfiguredEncryptionAlgorithm() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token - this should use a (new) default encryption algorithm as configured
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    encryptionProperties.setEncryptionAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
    try {
      issueOperation.issue(request, null, msgCtx);
      fail("Failure expected on a bad encryption algorithm");
    } catch (STSException ex) {
      // expected
    }
  }
Esempio n. 4
0
  /** Test for various options relating to configuring a key-wrap algorithm */
  @org.junit.Test
  public void testSpecifiedKeyWrapAlgorithm() throws Exception {
    //
    // This test fails (sometimes) with the IBM JDK
    // See https://www-304.ibm.com/support/docview.wss?uid=swg1IZ76737
    //
    if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
      return;
    }

    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setEncryptIssuedToken(true);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new DummyTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    EncryptionProperties encryptionProperties = new EncryptionProperties();
    encryptionProperties.setEncryptionName("myservicekey");
    if (!unrestrictedPoliciesInstalled) {
      encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
    }
    service.setEncryptionProperties(encryptionProperties);
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    StaticSTSProperties stsProperties = new StaticSTSProperties();
    Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(encryptionCrypto);
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    JAXBElement<String> encryptionAlgorithmType =
        new JAXBElement<String>(
            QNameConstants.KEYWRAP_ALGORITHM, String.class, WSConstants.KEYTRANSPORT_RSAOAEP);
    request.getAny().add(encryptionAlgorithmType);

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);

    // Issue a token
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, null, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    // Now specify a non-supported algorithm
    String aesKw = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
    List<String> acceptedAlgorithms = Collections.singletonList(aesKw);
    encryptionProperties.setAcceptedKeyWrapAlgorithms(acceptedAlgorithms);
    request.getAny().remove(request.getAny().size() - 1);
    encryptionAlgorithmType =
        new JAXBElement<String>(QNameConstants.KEYWRAP_ALGORITHM, String.class, aesKw);
    request.getAny().add(encryptionAlgorithmType);
    try {
      issueOperation.issue(request, null, msgCtx);
      fail("Failure expected on a bad key-wrap algorithm");
    } catch (STSException ex) {
      // expected
    }
  }
Esempio n. 5
0
  /** Test to successfully issue a JWT Token */
  @org.junit.Test
  public void testIssueJWTToken() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    issueOperation.setTokenStore(tokenStore);

    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<TokenProvider>();
    providerList.add(new JWTTokenProvider());
    issueOperation.setTokenProviders(providerList);

    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));

    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);

    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType =
        new JAXBElement<String>(
            QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));

    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    msgCtx.put(
        SecurityContext.class.getName(), createSecurityContext(new CustomTokenPrincipal("alice")));
    WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);

    // Issue a token
    RequestSecurityTokenResponseCollectionType response =
        issueOperation.issue(request, webServiceContext);
    List<RequestSecurityTokenResponseType> securityTokenResponse =
        response.getRequestSecurityTokenResponse();
    assertTrue(!securityTokenResponse.isEmpty());

    // Test the generated token.
    String jwtToken = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
      if (tokenObject instanceof Element
          && REQUESTED_SECURITY_TOKEN.getLocalPart().equals(((Element) tokenObject).getLocalName())
          && REQUESTED_SECURITY_TOKEN
              .getNamespaceURI()
              .equals(((Element) tokenObject).getNamespaceURI())) {
        jwtToken = ((Element) tokenObject).getTextContent();
        break;
      }
    }

    assertNotNull(jwtToken);

    // Validate the token
    JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(jwtToken);
    JwtToken jwt = jwtConsumer.getJwtToken();
    Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
  }