/** Test to validate an invalid X.509 token */
@org.junit.Test
public void testValidateInvalidX509Token() throws Exception {
TokenValidateOperation validateOperation = new TokenValidateOperation();
// Add Token Validator
List<TokenValidator> validatorList = new ArrayList<TokenValidator>();
validatorList.add(new X509TokenValidator());
validateOperation.setTokenValidators(validatorList);
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
validateOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.STATUS);
request.getAny().add(tokenType);
// Create a BinarySecurityToken
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("eve");
Crypto eveCrypto = CryptoFactory.getInstance(getEveCryptoProperties());
X509Certificate[] certs = eveCrypto.getX509Certificates(cryptoType);
assertTrue(certs != null && certs.length > 0);
JAXBElement<BinarySecurityTokenType> binarySecurityTokenType =
createBinarySecurityToken(certs[0]);
ValidateTargetType validateTarget = new ValidateTargetType();
validateTarget.setAny(binarySecurityTokenType);
JAXBElement<ValidateTargetType> validateTargetType =
new JAXBElement<ValidateTargetType>(
QNameConstants.VALIDATE_TARGET, ValidateTargetType.class, validateTarget);
request.getAny().add(validateTargetType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
Principal principal = new CustomTokenPrincipal("alice");
msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
// Validate a token
RequestSecurityTokenResponseType response =
validateOperation.validate(request, principal, msgCtx);
assertFalse(validateResponse(response));
}
/** Test for various options relating to specifying a name for encryption */
@org.junit.Test
public void testEncryptionName() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setEncryptIssuedToken(true);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<TokenProvider>();
providerList.add(new DummyTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
EncryptionProperties encryptionProperties = new EncryptionProperties();
if (!unrestrictedPoliciesInstalled) {
encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
}
service.setEncryptionProperties(encryptionProperties);
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(encryptionCrypto);
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Issue a token - as no encryption name has been specified the token will not be encrypted
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
encryptionProperties.setEncryptionName("myservicekey");
service.setEncryptionProperties(encryptionProperties);
// Issue a (encrypted) token
response = issueOperation.issue(request, null, msgCtx);
securityTokenResponse = response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
}
/** Test for various options relating to configuring an algorithm for encryption */
@org.junit.Test
public void testConfiguredEncryptionAlgorithm() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setEncryptIssuedToken(true);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<TokenProvider>();
providerList.add(new DummyTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionName("myservicekey");
encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
service.setEncryptionProperties(encryptionProperties);
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(encryptionCrypto);
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Issue a token - this should use a (new) default encryption algorithm as configured
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
encryptionProperties.setEncryptionAlgorithm(WSConstants.KEYTRANSPORT_RSA15);
try {
issueOperation.issue(request, null, msgCtx);
fail("Failure expected on a bad encryption algorithm");
} catch (STSException ex) {
// expected
}
}
/** Test for various options relating to configuring a key-wrap algorithm */
@org.junit.Test
public void testSpecifiedKeyWrapAlgorithm() throws Exception {
//
// This test fails (sometimes) with the IBM JDK
// See https://www-304.ibm.com/support/docview.wss?uid=swg1IZ76737
//
if ("IBM Corporation".equals(System.getProperty("java.vendor"))) {
return;
}
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setEncryptIssuedToken(true);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<TokenProvider>();
providerList.add(new DummyTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
EncryptionProperties encryptionProperties = new EncryptionProperties();
encryptionProperties.setEncryptionName("myservicekey");
if (!unrestrictedPoliciesInstalled) {
encryptionProperties.setEncryptionAlgorithm(WSConstants.AES_128);
}
service.setEncryptionProperties(encryptionProperties);
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto encryptionCrypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(encryptionCrypto);
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, DummyTokenProvider.TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
JAXBElement<String> encryptionAlgorithmType =
new JAXBElement<String>(
QNameConstants.KEYWRAP_ALGORITHM, String.class, WSConstants.KEYTRANSPORT_RSAOAEP);
request.getAny().add(encryptionAlgorithmType);
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
// Issue a token
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, null, msgCtx);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
// Now specify a non-supported algorithm
String aesKw = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
List<String> acceptedAlgorithms = Collections.singletonList(aesKw);
encryptionProperties.setAcceptedKeyWrapAlgorithms(acceptedAlgorithms);
request.getAny().remove(request.getAny().size() - 1);
encryptionAlgorithmType =
new JAXBElement<String>(QNameConstants.KEYWRAP_ALGORITHM, String.class, aesKw);
request.getAny().add(encryptionAlgorithmType);
try {
issueOperation.issue(request, null, msgCtx);
fail("Failure expected on a bad key-wrap algorithm");
} catch (STSException ex) {
// expected
}
}
/** Test to successfully issue a JWT Token */
@org.junit.Test
public void testIssueJWTToken() throws Exception {
TokenIssueOperation issueOperation = new TokenIssueOperation();
issueOperation.setTokenStore(tokenStore);
// Add Token Provider
List<TokenProvider> providerList = new ArrayList<TokenProvider>();
providerList.add(new JWTTokenProvider());
issueOperation.setTokenProviders(providerList);
// Add Service
ServiceMBean service = new StaticService();
service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
issueOperation.setServices(Collections.singletonList(service));
// Add STSProperties object
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
// Mock up a request
RequestSecurityTokenType request = new RequestSecurityTokenType();
JAXBElement<String> tokenType =
new JAXBElement<String>(
QNameConstants.TOKEN_TYPE, String.class, JWTTokenProvider.JWT_TOKEN_TYPE);
request.getAny().add(tokenType);
request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
msgCtx.put(
SecurityContext.class.getName(), createSecurityContext(new CustomTokenPrincipal("alice")));
WebServiceContextImpl webServiceContext = new WebServiceContextImpl(msgCtx);
// Issue a token
RequestSecurityTokenResponseCollectionType response =
issueOperation.issue(request, webServiceContext);
List<RequestSecurityTokenResponseType> securityTokenResponse =
response.getRequestSecurityTokenResponse();
assertTrue(!securityTokenResponse.isEmpty());
// Test the generated token.
String jwtToken = null;
for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
if (tokenObject instanceof Element
&& REQUESTED_SECURITY_TOKEN.getLocalPart().equals(((Element) tokenObject).getLocalName())
&& REQUESTED_SECURITY_TOKEN
.getNamespaceURI()
.equals(((Element) tokenObject).getNamespaceURI())) {
jwtToken = ((Element) tokenObject).getTextContent();
break;
}
}
assertNotNull(jwtToken);
// Validate the token
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(jwtToken);
JwtToken jwt = jwtConsumer.getJwtToken();
Assert.assertEquals("alice", jwt.getClaim(JwtConstants.CLAIM_SUBJECT));
}