private TokenValidatorParameters createValidatorParameters() throws WSSecurityException { TokenValidatorParameters parameters = new TokenValidatorParameters(); TokenRequirements tokenRequirements = new TokenRequirements(); tokenRequirements.setTokenType(STSConstants.STATUS); parameters.setTokenRequirements(tokenRequirements); KeyRequirements keyRequirements = new KeyRequirements(); parameters.setKeyRequirements(keyRequirements); parameters.setPrincipal(new CustomTokenPrincipal("alice")); // Mock up message context MessageImpl msg = new MessageImpl(); WrappedMessageContext msgCtx = new WrappedMessageContext(msg); WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx); parameters.setWebServiceContext(webServiceContext); // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties()); stsProperties.setEncryptionCrypto(crypto); stsProperties.setSignatureCrypto(crypto); stsProperties.setEncryptionUsername("myservicekey"); stsProperties.setSignatureUsername("mystskey"); stsProperties.setCallbackHandler(new PasswordCallbackHandler()); stsProperties.setIssuer("STS"); parameters.setStsProperties(stsProperties); return parameters; }
/** Test for various options relating to specifying a name for encryption */ @org.junit.Test public void testEncryptionName() throws Exception { TokenIssueOperation issueOperation = new TokenIssueOperation(); issueOperation.setEncryptIssuedToken(true); // Add Token Provider List<TokenProvider> providerList = new ArrayList<TokenProvider>(); providerList.add(new DummyTokenProvider()); issueOperation.setTokenProviders(providerList); // Add Service ServiceMBean service = new StaticService(); service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); if (!unrestrictedPoliciesInstalled) { encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128); } service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties()); stsProperties.setEncryptionCrypto(encryptionCrypto); stsProperties.setCallbackHandler(new PasswordCallbackHandler()); issueOperation.setStsProperties(stsProperties); // Mock up a request RequestSecurityTokenType request = new RequestSecurityTokenType(); JAXBElement<String> tokenType = new JAXBElement<String>( QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE); request.getAny().add(tokenType); request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy")); // Mock up message context MessageImpl msg = new MessageImpl(); WrappedMessageContext msgCtx = new WrappedMessageContext(msg); // Issue a token - as no encryption name has been specified the token will not be encrypted RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx); List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse(); assertTrue(!securityTokenResponse.isEmpty()); encryptionProperties.setEncryptionName("myservicekey"); service.setEncryptionProperties(encryptionProperties); // Issue a (encrypted) token response = issueOperation.issue(request, null, msgCtx); securityTokenResponse = response.getRequestSecurityTokenResponse(); assertTrue(!securityTokenResponse.isEmpty()); }
/** Test for various options relating to configuring an algorithm for encryption */ @org.junit.Test public void testConfiguredEncryptionAlgorithm() throws Exception { TokenIssueOperation issueOperation = new TokenIssueOperation(); issueOperation.setEncryptIssuedToken(true); // Add Token Provider List<TokenProvider> providerList = new ArrayList<TokenProvider>(); providerList.add(new DummyTokenProvider()); issueOperation.setTokenProviders(providerList); // Add Service ServiceMBean service = new StaticService(); service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128); service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties()); stsProperties.setEncryptionCrypto(encryptionCrypto); stsProperties.setCallbackHandler(new PasswordCallbackHandler()); issueOperation.setStsProperties(stsProperties); // Mock up a request RequestSecurityTokenType request = new RequestSecurityTokenType(); JAXBElement<String> tokenType = new JAXBElement<String>( QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE); request.getAny().add(tokenType); request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy")); // Mock up message context MessageImpl msg = new MessageImpl(); WrappedMessageContext msgCtx = new WrappedMessageContext(msg); // Issue a token - this should use a (new) default encryption algorithm as configured RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx); List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse(); assertTrue(!securityTokenResponse.isEmpty()); encryptionProperties.setEncryptionAlgorithm(WSConstants.KEYTRANSPORT_RSA15); try { issueOperation.issue(request, null, msgCtx); fail("Failure expected on a bad encryption algorithm"); } catch (STSException ex) { // expected } }
/** Test for various options relating to configuring a key-wrap algorithm */ @org.junit.Test public void testSpecifiedKeyWrapAlgorithm() throws Exception { // // This test fails (sometimes) with the IBM JDK // See https://www-304.ibm.com/support/docview.wss?uid=swg1IZ76737 // if ("IBM Corporation".equals(System.getProperty("java.vendor"))) { return; } TokenIssueOperation issueOperation = new TokenIssueOperation(); issueOperation.setEncryptIssuedToken(true); // Add Token Provider List<TokenProvider> providerList = new ArrayList<TokenProvider>(); providerList.add(new DummyTokenProvider()); issueOperation.setTokenProviders(providerList); // Add Service ServiceMBean service = new StaticService(); service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy")); EncryptionProperties encryptionProperties = new EncryptionProperties(); encryptionProperties.setEncryptionName("myservicekey"); if (!unrestrictedPoliciesInstalled) { encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128); } service.setEncryptionProperties(encryptionProperties); issueOperation.setServices(Collections.singletonList(service)); // Add STSProperties object StaticSTSProperties stsProperties = new StaticSTSProperties(); Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties()); stsProperties.setEncryptionCrypto(encryptionCrypto); stsProperties.setCallbackHandler(new PasswordCallbackHandler()); issueOperation.setStsProperties(stsProperties); // Mock up a request RequestSecurityTokenType request = new RequestSecurityTokenType(); JAXBElement<String> tokenType = new JAXBElement<String>( QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE); request.getAny().add(tokenType); request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy")); JAXBElement<String> encryptionAlgorithmType = new JAXBElement<String>( QNameConstants.KEYWRAP_ALGORITHM, String.class, WSConstants.KEYTRANSPORT_RSAOAEP); request.getAny().add(encryptionAlgorithmType); // Mock up message context MessageImpl msg = new MessageImpl(); WrappedMessageContext msgCtx = new WrappedMessageContext(msg); // Issue a token RequestSecurityTokenResponseCollectionType response = issueOperation.issue(request, null, msgCtx); List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse(); assertTrue(!securityTokenResponse.isEmpty()); // Now specify a non-supported algorithm String aesKw = "http://www.w3.org/2001/04/xmlenc#kw-aes128"; List<String> acceptedAlgorithms = Collections.singletonList(aesKw); encryptionProperties.setAcceptedKeyWrapAlgorithms(acceptedAlgorithms); request.getAny().remove(request.getAny().size() - 1); encryptionAlgorithmType = new JAXBElement<String>(QNameConstants.KEYWRAP_ALGORITHM, String.class, aesKw); request.getAny().add(encryptionAlgorithmType); try { issueOperation.issue(request, null, msgCtx); fail("Failure expected on a bad key-wrap algorithm"); } catch (STSException ex) { // expected } }