private TokenProviderParameters createProviderParameters() throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(JWTTokenProvider.JWT_TOKEN_TYPE);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setTokenStore(tokenStore);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
parameters.setWebServiceContext(webServiceContext);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(STSConstants.STATUS);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
parameters.setWebServiceContext(webServiceContext);
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
return parameters;
}
/** Test for various options relating to specifying a name for encryption */
@org.junit.Test
public void testEncryptionName() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setEncryptIssuedToken(true);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<TokenProvider>();
providerList.add(new DummyTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
EncryptionProperties encryptionProperties = new EncryptionProperties();
if (!unrestrictedPoliciesInstalled) {
encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
}
service.setEncryptionProperties(encryptionProperties);
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(encryptionCrypto);
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Issue a token - as no encryption name has been specified the token will not be encrypted
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
encryptionProperties.setEncryptionName("myservicekey");
service.setEncryptionProperties(encryptionProperties);
// Issue a (encrypted) token
response = issueOperation.issue(request, null, msgCtx);
securityTokenResponse = response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
}
/** Test for various options relating to configuring an algorithm for encryption */
@org.junit.Test
public void testConfiguredEncryptionAlgorithm() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setEncryptIssuedToken(true);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<TokenProvider>();
providerList.add(new DummyTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionName("myservicekey");
encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
service.setEncryptionProperties(encryptionProperties);
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(encryptionCrypto);
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Issue a token - this should use a (new) default encryption algorithm as configured
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
encryptionProperties.setEncryptionAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
try {
issueOperation.issue(request, null, msgCtx);
fail("Failure expected on a bad encryption algorithm");
} catch (STSException ex) {
// expected
}
}
private TokenProviderParameters createProviderParameters(
String tokenType,
String keyType,
Crypto crypto,
String signatureUsername,
CallbackHandler callbackHandler,
String username,
String issuer)
throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal(username));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress(
"https://localhost:" + STSPORT + "/SecurityTokenService/b-issuer/Transport");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer(issuer);
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
/** Test for various options relating to configuring a key-wrap algorithm */
@org.junit.Test
public void testSpecifiedKeyWrapAlgorithm() throws Exception {
//
// This test fails (sometimes) with the IBM JDK
// See https://www-304.ibm.com/support/docview.wss?uid=swg1IZ76737
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setEncryptIssuedToken(true);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<TokenProvider>();
providerList.add(new DummyTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionName("myservicekey");
if (!unrestrictedPoliciesInstalled) {
encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
}
service.setEncryptionProperties(encryptionProperties);
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(encryptionCrypto);
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
JAXBElement<String> encryptionAlgorithmType =
new JAXBElement<String>(
QNameConstants.KEYWRAP_ALGORITHM, String.class, WSConstants.KEYTRANSPORT_RSAOAEP);
request.getAny().add(encryptionAlgorithmType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Issue a token
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
// Now specify a non-supported algorithm
String aesKw = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
List<String> acceptedAlgorithms = Collections.singletonList(aesKw);
encryptionProperties.setAcceptedKeyWrapAlgorithms(acceptedAlgorithms);
request.getAny().remove(request.getAny().size() - 1);
encryptionAlgorithmType =
new JAXBElement<String>(QNameConstants.KEYWRAP_ALGORITHM, String.class, aesKw);
request.getAny().add(encryptionAlgorithmType);
try {
issueOperation.issue(request, null, msgCtx);
fail("Failure expected on a bad key-wrap algorithm");
} catch (STSException ex) {
// expected
}
}