Package org.apache.cxf.sts

Examples of org.apache.cxf.sts.SignatureProperties


        assertTrue(tokenString.contains("alice"));
        assertTrue(tokenString.contains(SAML1Constants.CONF_HOLDER_KEY));
        assertFalse(tokenString.contains(SAML1Constants.CONF_BEARER));
       
        // Test custom keySize
        SignatureProperties signatureProperties =
            providerParameters.getStsProperties().getSignatureProperties();
        signatureProperties.setMinimumKeySize(-8);
        providerParameters.getKeyRequirements().setKeySize(-8);
        try {
            samlTokenProvider.createToken(providerParameters);
            fail("Failure expected on a bad KeySize");
        } catch (STSException ex) {
            // expected on a bad KeySize
        }
       
        signatureProperties.setMinimumKeySize(128);
        providerParameters.getKeyRequirements().setKeySize(192);
        samlTokenProvider.createToken(providerParameters);
    }
View Full Code Here


        assertTrue(tokenString.contains("alice"));
        assertTrue(tokenString.contains(SAML2Constants.CONF_HOLDER_KEY));
        assertFalse(tokenString.contains(SAML2Constants.CONF_BEARER));
       
        // Test custom keySize
        SignatureProperties signatureProperties =
            providerParameters.getStsProperties().getSignatureProperties();
        signatureProperties.setMinimumKeySize(-8);
        providerParameters.getKeyRequirements().setKeySize(-8);
        try {
            samlTokenProvider.createToken(providerParameters);
            fail("Failure expected on a bad KeySize");
        } catch (STSException ex) {
            // expected on a bad KeySize
        }
       
        signatureProperties.setMinimumKeySize(128);
        providerParameters.getKeyRequirements().setKeySize(192);
        samlTokenProvider.createToken(providerParameters);
    }
View Full Code Here

        String tokenString = DOM2Writer.nodeToString(token);
        assertFalse(tokenString.contains(WSConstants.C14N_EXCL_WITH_COMMENTS));
        assertTrue(tokenString.contains(WSConstants.C14N_EXCL_OMIT_COMMENTS));
       
        STSPropertiesMBean stsProperties = providerParameters.getStsProperties();
        SignatureProperties sigProperties = new SignatureProperties();
        List<String> acceptedC14nAlgorithms = new ArrayList<String>();
        acceptedC14nAlgorithms.add(WSConstants.C14N_EXCL_OMIT_COMMENTS);
        acceptedC14nAlgorithms.add(WSConstants.C14N_EXCL_WITH_COMMENTS);
        sigProperties.setAcceptedC14nAlgorithms(acceptedC14nAlgorithms);
        stsProperties.setSignatureProperties(sigProperties);
       
        // This will succeed as the requested c14n algorithm is accepted
        providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
View Full Code Here

        String tokenString = DOM2Writer.nodeToString(token);
        assertFalse(tokenString.contains(signatureAlgorithm));
        assertTrue(tokenString.contains(WSConstants.RSA_SHA1));
       
        STSPropertiesMBean stsProperties = providerParameters.getStsProperties();
        SignatureProperties sigProperties = new SignatureProperties();
        List<String> acceptedSignatureAlgorithms = new ArrayList<String>();
        acceptedSignatureAlgorithms.add(signatureAlgorithm);
        acceptedSignatureAlgorithms.add(WSConstants.RSA_SHA1);
        sigProperties.setAcceptedSignatureAlgorithms(acceptedSignatureAlgorithms);
        stsProperties.setSignatureProperties(sigProperties);
       
        // This will succeed as the requested signature algorithm is accepted
        providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
View Full Code Here

    @org.junit.Test
    public void testDefaultSaml2BearerDifferentSignatureDigestAlgorithm() throws Exception {
        TokenProvider samlTokenProvider = new SAMLTokenProvider();
        TokenProviderParameters providerParameters =
            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
        SignatureProperties signatureProperties =
                providerParameters.getStsProperties().getSignatureProperties();
        signatureProperties.setDigestAlgorithm(WSConstants.SHA256);
       
        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
       
View Full Code Here

    public SymmetricKeyHandler(TokenProviderParameters tokenParameters) {
        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
       
        keySize = Long.valueOf(keyRequirements.getKeySize()).intValue();
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
        SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
       
        // Test EncryptWith
        String encryptWith = keyRequirements.getEncryptWith();
        if (encryptWith != null) {
            if ((WSConstants.AES_128.equals(encryptWith) || WSConstants.AES_128_GCM.equals(encryptWith))
                && keySize < 128) {
                keySize = 128;
            } else if ((WSConstants.AES_192.equals(encryptWith)
                || WSConstants.AES_192_GCM.equals(encryptWith))
                && keySize < 192) {
                keySize = 192;
            } else if ((WSConstants.AES_256.equals(encryptWith)
                || WSConstants.AES_256_GCM.equals(encryptWith))
                && keySize < 256) {
                keySize = 256;
            } else if (WSConstants.TRIPLE_DES.equals(encryptWith) && keySize < 192) {
                keySize = 192;
            }
        }
       
        // Test KeySize
        if (keySize < signatureProperties.getMinimumKeySize()
            || keySize > signatureProperties.getMaximumKeySize()) {
            keySize = Long.valueOf(signatureProperties.getKeySize()).intValue();
            LOG.log(
                Level.WARNING, "Received KeySize of " + keyRequirements.getKeySize()
                + " not accepted so defaulting to " + signatureProperties.getKeySize()
            );
        }

        // Test Entropy
        clientEntropy = keyRequirements.getEntropy();
        if (clientEntropy == null) {
            LOG.log(Level.WARNING, "A SymmetricKey KeyType is requested, but no client entropy is provided");
        } else if (clientEntropy.getBinarySecret() != null) {
            BinarySecret binarySecret = clientEntropy.getBinarySecret();
            if (STSConstants.NONCE_TYPE.equals(binarySecret.getBinarySecretType())) {
                byte[] nonce = binarySecret.getBinarySecretValue();
                if (nonce == null || (nonce.length < (keySize / 8))) {
                    LOG.log(Level.WARNING, "User Entropy rejected");
                    clientEntropy = null;
                }
                String computedKeyAlgorithm = keyRequirements.getComputedKeyAlgorithm();
                if (!STSConstants.COMPUTED_KEY_PSHA1.equals(computedKeyAlgorithm)) {
                    LOG.log(
                        Level.WARNING,
                        "The computed key algorithm of " + computedKeyAlgorithm + " is not supported"
                    );
                    throw new STSException(
                        "Computed Key Algorithm not supported", STSException.INVALID_REQUEST
                    );
                }
            } else if (STSConstants.SYMMETRIC_KEY_TYPE.equals(binarySecret.getBinarySecretType())
                || binarySecret.getBinarySecretType() == null) {
                byte[] secretValue = binarySecret.getBinarySecretValue();
                if (((long)secretValue.length * 8L) < signatureProperties.getMinimumKeySize()
                    || ((long)secretValue.length * 8L) > signatureProperties.getMaximumKeySize()) {
                    LOG.log(
                        Level.WARNING, "Received secret of length " + secretValue.length
                        + " bits is not accepted"
                    );
                    LOG.log(Level.WARNING, "User Entropy rejected");
                    clientEntropy = null;
                }
            } else {
                LOG.log(
                    Level.WARNING, "The type " + binarySecret.getBinarySecretType() + " is not supported"
                );
                throw new STSException(
                    "No user supplied entropy for SymmetricKey case", STSException.INVALID_REQUEST
                );
            }
        } else if (clientEntropy.getDecryptedKey() != null) {
            byte[] secretValue = clientEntropy.getDecryptedKey();
            if (((long)secretValue.length * 8L) < signatureProperties.getMinimumKeySize()
                || ((long)secretValue.length * 8L) > signatureProperties.getMaximumKeySize()) {
                LOG.log(
                    Level.WARNING, "Received secret of length " + secretValue.length
                    + " bits is not accepted"
                );
                LOG.log(Level.WARNING, "User Entropy rejected");
View Full Code Here

            STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
           
            // Initialise signature objects with defaults of STSPropertiesMBean
            Crypto signatureCrypto = stsProperties.getSignatureCrypto();
            CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
            SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
            String alias = stsProperties.getSignatureUsername();
           
            if (samlRealm != null) {
                // If SignatureCrypto configured in realm then
                // callbackhandler and alias of STSPropertiesMBean is ignored
                if (samlRealm.getSignatureCrypto() != null) {
                    LOG.fine("SAMLRealm signature keystore used");
                    signatureCrypto = samlRealm.getSignatureCrypto();
                    callbackHandler = samlRealm.getCallbackHandler();
                    alias = samlRealm.getSignatureAlias();
                }
                // SignatureProperties can be defined independently of SignatureCrypto
                if (samlRealm.getSignatureProperties() != null) {
                    signatureProperties = samlRealm.getSignatureProperties();
                }
            }
           
            // Get the signature algorithm to use
            String signatureAlgorithm = tokenParameters.getKeyRequirements().getSignatureAlgorithm();
            if (signatureAlgorithm == null) {
                // If none then default to what is configured
                signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
            } else {
                List<String> supportedAlgorithms =
                    signatureProperties.getAcceptedSignatureAlgorithms();
                if (!supportedAlgorithms.contains(signatureAlgorithm)) {
                    signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
                    LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
                }
            }
           
            // Get the c14n algorithm to use
            String c14nAlgorithm = tokenParameters.getKeyRequirements().getC14nAlgorithm();
            if (c14nAlgorithm == null) {
                // If none then default to what is configured
                c14nAlgorithm = signatureProperties.getC14nAlgorithm();
            } else {
                List<String> supportedAlgorithms =
                    signatureProperties.getAcceptedC14nAlgorithms();
                if (!supportedAlgorithms.contains(c14nAlgorithm)) {
                    c14nAlgorithm = signatureProperties.getC14nAlgorithm();
                    LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
                }
            }
           
            // If alias not defined, get the default of the SignatureCrypto
            if ((alias == null || "".equals(alias)) && (signatureCrypto != null)) {
                alias = signatureCrypto.getDefaultX509Identifier();
                LOG.fine("Signature alias is null so using default alias: " + alias);
            }
            // Get the password
            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
            LOG.fine("Creating SAML Token");
            callbackHandler.handle(cb);
            String password = cb[0].getPassword();
   
            LOG.fine("Signing SAML Token");
            boolean useKeyValue = signatureProperties.isUseKeyValue();
            assertion.signAssertion(
                alias, password, signatureCrypto, useKeyValue, c14nAlgorithm, signatureAlgorithm,
                signatureProperties.getDigestAlgorithm()
            );
        }
       
        return assertion;
    }
View Full Code Here

            STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
           
            // Initialise signature objects with defaults of STSPropertiesMBean
            Crypto signatureCrypto = stsProperties.getSignatureCrypto();
            CallbackHandler callbackHandler = stsProperties.getCallbackHandler();
            SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
            String alias = stsProperties.getSignatureUsername();
           
            if (samlRealm != null) {
                // If SignatureCrypto configured in realm then
                // callbackhandler and alias of STSPropertiesMBean is ignored
                if (samlRealm.getSignatureCrypto() != null) {
                    LOG.fine("SAMLRealm signature keystore used");
                    signatureCrypto = samlRealm.getSignatureCrypto();
                    callbackHandler = samlRealm.getCallbackHandler();
                    alias = samlRealm.getSignatureAlias();
                }
                // SignatureProperties can be defined independently of SignatureCrypto
                if (samlRealm.getSignatureProperties() != null) {
                    signatureProperties = samlRealm.getSignatureProperties();
                }
            }
           
            // Get the signature algorithm to use
            String signatureAlgorithm = tokenParameters.getKeyRequirements().getSignatureAlgorithm();
            if (signatureAlgorithm == null) {
                // If none then default to what is configured
                signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
            } else {
                List<String> supportedAlgorithms =
                    signatureProperties.getAcceptedSignatureAlgorithms();
                if (!supportedAlgorithms.contains(signatureAlgorithm)) {
                    signatureAlgorithm = signatureProperties.getSignatureAlgorithm();
                    LOG.fine("SignatureAlgorithm not supported, defaulting to: " + signatureAlgorithm);
                }
            }
           
            // Get the c14n algorithm to use
            String c14nAlgorithm = tokenParameters.getKeyRequirements().getC14nAlgorithm();
            if (c14nAlgorithm == null) {
                // If none then default to what is configured
                c14nAlgorithm = signatureProperties.getC14nAlgorithm();
            } else {
                List<String> supportedAlgorithms =
                    signatureProperties.getAcceptedC14nAlgorithms();
                if (!supportedAlgorithms.contains(c14nAlgorithm)) {
                    c14nAlgorithm = signatureProperties.getC14nAlgorithm();
                    LOG.fine("C14nAlgorithm not supported, defaulting to: " + c14nAlgorithm);
                }
            }
           
            // If alias not defined, get the default of the SignatureCrypto
            if ((alias == null || "".equals(alias)) && (signatureCrypto != null)) {
                alias = signatureCrypto.getDefaultX509Identifier();
                LOG.fine("Signature alias is null so using default alias: " + alias);
            }
            // Get the password
            WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
            LOG.fine("Creating SAML Token");
            callbackHandler.handle(cb);
            String password = cb[0].getPassword();
   
            LOG.fine("Signing SAML Token");
            boolean useKeyValue = signatureProperties.isUseKeyValue();
            assertion.signAssertion(
                alias, password, signatureCrypto, useKeyValue, c14nAlgorithm, signatureAlgorithm
            );
        }
       
View Full Code Here

        stsProperties.setEncryptionUsername("myservicekey");
        stsProperties.setSignatureUsername("mystskey");
        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
        stsProperties.setIssuer("STS");
       
        SignatureProperties sigProperties = new SignatureProperties();
        List<String> acceptedC14nAlgorithms = new ArrayList<String>();
        acceptedC14nAlgorithms.add(WSConstants.C14N_EXCL_OMIT_COMMENTS);
        acceptedC14nAlgorithms.add(WSConstants.C14N_EXCL_WITH_COMMENTS);
        sigProperties.setAcceptedC14nAlgorithms(acceptedC14nAlgorithms);
        stsProperties.setSignatureProperties(sigProperties);
       
        issueOperation.setStsProperties(stsProperties);
       
        // Mock up a request
View Full Code Here

        stsProperties.setEncryptionUsername("myservicekey");
        stsProperties.setSignatureUsername("mystskey");
        stsProperties.setCallbackHandler(new PasswordCallbackHandler());
        stsProperties.setIssuer("STS");
       
        SignatureProperties sigProperties = new SignatureProperties();
        List<String> acceptedSignatureAlgorithms = new ArrayList<String>();
        String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        acceptedSignatureAlgorithms.add(signatureAlgorithm);
        acceptedSignatureAlgorithms.add(WSConstants.RSA_SHA1);
        sigProperties.setAcceptedSignatureAlgorithms(acceptedSignatureAlgorithms);
        stsProperties.setSignatureProperties(sigProperties);
       
        issueOperation.setStsProperties(stsProperties);
       
        // Mock up a request
View Full Code Here

TOP

Related Classes of org.apache.cxf.sts.SignatureProperties

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.