Пример #1
0
  public Policy loadPolicy(String xmlPath, String clientKey) throws Exception {

    StAXOMBuilder builder = new StAXOMBuilder(xmlPath);
    Policy policy = PolicyEngine.getPolicy(builder.getDocumentElement());

    RampartConfig rc = new RampartConfig();

    rc.setUser("admin");
    rc.setUserCertAlias("wso2carbon");
    rc.setEncryptionUser("wso2carbon");
    rc.setPwCbClass(SecurityClient.class.getName());

    CryptoConfig sigCryptoConfig = new CryptoConfig();
    sigCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

    Properties prop1 = new Properties();
    prop1.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
    prop1.put("org.apache.ws.security.crypto.merlin.file", clientKey);
    prop1.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
    sigCryptoConfig.setProp(prop1);

    CryptoConfig encrCryptoConfig = new CryptoConfig();
    encrCryptoConfig.setProvider("org.apache.ws.security.components.crypto.Merlin");

    Properties prop2 = new Properties();
    prop2.put("org.apache.ws.security.crypto.merlin.keystore.type", "JKS");
    prop2.put("org.apache.ws.security.crypto.merlin.file", clientKey);
    prop2.put("org.apache.ws.security.crypto.merlin.keystore.password", "wso2carbon");
    encrCryptoConfig.setProp(prop2);

    rc.setSigCryptoConfig(sigCryptoConfig);
    rc.setEncrCryptoConfig(encrCryptoConfig);

    policy.addAssertion(rc);
    return policy;
  }
Пример #2
0
  private void run() {
    try {
      loadConfigurations();

      // set the trust store as a system property for communication over
      // TLS.
      System.setProperty("javax.net.ssl.trustStore", keystorePath);
      System.setProperty("javax.net.ssl.trustStorePassword", keystorePwd);

      // create configuration context
      ConfigurationContext configCtx =
          ConfigurationContextFactory.createConfigurationContextFromFileSystem(repoPath);

      // create STS client
      STSClient stsClient = new STSClient(configCtx);
      stsClient.setRstTemplate(getRSTTemplate());

      String action = null;
      String responseTokenID = null;

      action =
          TrustUtil.getActionValue(RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_ISSUE);
      stsClient.setAction(action);

      // request the security token from STS.
      Token responseToken;

      Policy stsPolicy = loadPolicy(stsPolicyPath);

      // add rampart config assertion to the ws-sec policies
      RampartConfig rampartConfig = buildRampartConfig();
      stsPolicy.addAssertion(rampartConfig);

      responseToken = stsClient.requestSecurityToken(null, stsEPR, stsPolicy, relyingPartyEPR);

      // store the obtained token in token store to be used in future
      // communication.
      TokenStorage store = TrustUtil.getTokenStore(configCtx);
      responseTokenID = responseToken.getId();
      store.add(responseToken);

      // print token
      System.out.println(responseToken.getToken().toString());
      // sending token renew request
      String renewedTokenID = null;
      if (enableRenewing) {
        System.out.println("Renewing " + tokenType);
        String TokenProfile = null;
        if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_11)) {
          TokenProfile = RahasConstants.TOK_TYPE_SAML_10;
        } else if (tokenType.equals(ClientConstants.SAML_TOKEN_TYPE_20)) {
          TokenProfile = RahasConstants.TOK_TYPE_SAML_20;
        }

        stsClient.setRstTemplate(getRSTTemplate());
        boolean tokenRenewed =
            stsClient.renewToken(responseTokenID, TokenProfile, stsEPR, stsPolicy, store);
        System.out.println("tokenRenewed : " + tokenRenewed);

        Token renewedToken = store.getRenewedTokens()[0];
        renewedTokenID = renewedToken.getId();
        System.out.println("Renewed Token : \n" + renewedToken.getToken().toString());
      }
      // Validate the token
      if (enableValidateBinding) {
        // validating the token.
        stsClient = new STSClient(configCtx);
        action =
            TrustUtil.getActionValue(
                RahasConstants.VERSION_05_02, RahasConstants.RST_ACTION_VALIDATE);
        stsClient.setAction(action);
        String tokenID = null;
        if (renewedTokenID != null) {
          tokenID = renewedTokenID;
        } else {
          tokenID = responseTokenID;
        }
        boolean isValid = stsClient.validateToken(tokenID, stsEPR, stsPolicy);

        if (isValid) {
          if (enableRenewing) {
            System.out.println("Renewed SAML " + tokenType + " Token is valid");
          } else {
            System.out.println("Response SAML " + tokenType + " Token is valid");
          }
        } else {
          if (enableRenewing) {
            System.out.println("Renewed SAML " + tokenType + " Token is invalid");
          } else {
            System.out.println("Response SAML " + tokenType + " Token is invalid");
          }
        }
      }

      // Send the token to relying party
      if (enableRelyingParty) {
        /* Invoke secured service using the obtained token */
        OMElement responseElem = null;

        // create service client
        ServiceClient serClient = new ServiceClient(configCtx, null);

        // engage modules
        serClient.engageModule("addressing");
        serClient.engageModule("rampart");

        // load policy of secured service
        Policy sec_policy = loadPolicy(relyingPartyPolicyPath);

        // add rampart config to the ws-sec policies
        sec_policy.addAssertion(rampartConfig);

        // set in/out security policies in client opts
        serClient.getOptions().setProperty(RampartMessageData.KEY_RAMPART_POLICY, sec_policy);

        // Set the token id as a property in the Axis2 client scope, so
        // that this will be picked up when creating the secure message to
        // invoke
        // the endpoint.
        serClient
            .getOptions()
            .setProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN, renewedTokenID);

        // set action of the Hello Service to be invoked.
        serClient.getOptions().setAction("urn:echoString");
        serClient.getOptions().setTo(new EndpointReference(relyingPartyEPR));

        // invoke the service
        // System.out.println(serClient.sendReceive(getPayload(echoRequestMsg)).toString());
        responseElem = serClient.sendReceive(getPayload(echoRequestMsg));
        // cleanup transports
        serClient.getOptions().setCallTransportCleanup(true);

        System.out.println(responseElem.toString());

        System.exit(0);
      }
    } catch (Exception e) {
      e.printStackTrace();
    } finally {
      System.exit(0);
    }
  }