Examples of org.apache.cxf.sts.request.KeyRequirements

org.apache.cxf.sts.request.KeyRequirements
This class contains values that have been extracted from a RequestSecurityToken corresponding to various key and encryption requirements.

    private byte[] entropyBytes;
    private byte[] secret;
    private boolean computedKey;
    
    public SymmetricKeyHandler(TokenProviderParameters tokenParameters) {
        KeyRequirements keyRequirements = tokenParameters.getKeyRequirements();
        
        keySize = Long.valueOf(keyRequirements.getKeySize()).intValue();
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();
        SignatureProperties signatureProperties = stsProperties.getSignatureProperties();
        
        // Test EncryptWith
        String encryptWith = keyRequirements.getEncryptWith();
        if (encryptWith != null) {
            if ((WSConstants.AES_128.equals(encryptWith) || WSConstants.AES_128_GCM.equals(encryptWith))
                && keySize < 128) {
                keySize = 128;
            } else if ((WSConstants.AES_192.equals(encryptWith) 
                || WSConstants.AES_192_GCM.equals(encryptWith))
                && keySize < 192) {
                keySize = 192;
            } else if ((WSConstants.AES_256.equals(encryptWith) 
                || WSConstants.AES_256_GCM.equals(encryptWith))
                && keySize < 256) {
                keySize = 256;
            } else if (WSConstants.TRIPLE_DES.equals(encryptWith) && keySize < 192) {
                keySize = 192;
            }
        }
        
        // Test KeySize
        if (keySize < signatureProperties.getMinimumKeySize()
            || keySize > signatureProperties.getMaximumKeySize()) {
            keySize = Long.valueOf(signatureProperties.getKeySize()).intValue();
            LOG.log(
                Level.WARNING, "Received KeySize of " + keyRequirements.getKeySize() 
                + " not accepted so defaulting to " + signatureProperties.getKeySize()
            );
        }


        // Test Entropy
        clientEntropy = keyRequirements.getEntropy();
        if (clientEntropy == null) {
            LOG.log(Level.WARNING, "A SymmetricKey KeyType is requested, but no client entropy is provided");
        } else if (clientEntropy.getBinarySecret() != null) {
            BinarySecret binarySecret = clientEntropy.getBinarySecret();
            if (STSConstants.NONCE_TYPE.equals(binarySecret.getBinarySecretType())) {
                byte[] nonce = binarySecret.getBinarySecretValue();
                if (nonce == null || (nonce.length < (keySize / 8))) {
                    LOG.log(Level.WARNING, "User Entropy rejected");
                    clientEntropy = null;
                }
                String computedKeyAlgorithm = keyRequirements.getComputedKeyAlgorithm();
                if (!STSConstants.COMPUTED_KEY_PSHA1.equals(computedKeyAlgorithm)) {
                    LOG.log(
                        Level.WARNING, 
                        "The computed key algorithm of " + computedKeyAlgorithm + " is not supported"
                    );

View Full Code Here

        TokenRenewerParameters renewerParameters = new TokenRenewerParameters();
        
        try {
            RequestParser requestParser = parseRequest(request, context);
    
            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
            
            renewerParameters.setStsProperties(stsProperties);
            renewerParameters.setPrincipal(context.getUserPrincipal());
            renewerParameters.setWebServiceContext(context);

View Full Code Here

        delegationParameters.setWebServiceContext(context);
        delegationParameters.setTokenStore(getTokenStore());
        delegationParameters.setTokenPrincipal(tokenPrincipal);
        delegationParameters.setTokenRoles(tokenRoles);
        
        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        delegationParameters.setKeyRequirements(keyRequirements);
        delegationParameters.setTokenRequirements(tokenRequirements);
        
        // Extract AppliesTo

View Full Code Here

    @org.junit.Test
    public void testDefaultSaml2BearerDifferentC14nAssertion() throws Exception {
        TokenProvider samlTokenProvider = new SAMLTokenProvider();
        TokenProviderParameters providerParameters = 
            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
        
        keyRequirements.setC14nAlgorithm(WSConstants.C14N_EXCL_WITH_COMMENTS);


        // This will fail as the requested c14n algorithm is rejected
        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

View Full Code Here

        }
        
        TokenProvider samlTokenProvider = new SAMLTokenProvider();
        TokenProviderParameters providerParameters = 
            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.BEARER_KEY_KEYTYPE);
        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();
        
        String signatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
        keyRequirements.setSignatureAlgorithm(signatureAlgorithm);
        
        // This will fail as the requested signature algorithm is rejected
        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);

View Full Code Here

    @org.junit.Test
    public void testDefaultSaml2EncryptWith() throws Exception {
        TokenProvider samlTokenProvider = new SAMLTokenProvider();
        TokenProviderParameters providerParameters = 
            createProviderParameters(WSConstants.WSS_SAML2_TOKEN_TYPE, STSConstants.SYMMETRIC_KEY_KEYTYPE);
        KeyRequirements keyRequirements = providerParameters.getKeyRequirements();


        keyRequirements.setEncryptWith(WSConstants.AES_128);
        keyRequirements.setKeySize(92);
        TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
        
        keyRequirements.setKeySize(128);
        keyRequirements.setEncryptWith(WSConstants.AES_256);
        providerResponse = samlTokenProvider.createToken(providerParameters);
        assertTrue(providerResponse != null);
        assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
    }

View Full Code Here

        
        TokenRequirements tokenRequirements = new TokenRequirements();
        tokenRequirements.setTokenType(tokenType);
        parameters.setTokenRequirements(tokenRequirements);
        
        KeyRequirements keyRequirements = new KeyRequirements();
        keyRequirements.setKeyType(keyType);
        parameters.setKeyRequirements(keyRequirements);
        
        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
        // Mock up message context
        MessageImpl msg = new MessageImpl();

View Full Code Here


        TokenRequirements tokenRequirements = new TokenRequirements();
        tokenRequirements.setTokenType(tokenType);
        parameters.setTokenRequirements(tokenRequirements);


        KeyRequirements keyRequirements = new KeyRequirements();
        keyRequirements.setKeyType(keyType);
        parameters.setKeyRequirements(keyRequirements);


        parameters.setPrincipal(new CustomTokenPrincipal("alice"));
        // Mock up message context
        MessageImpl msg = new MessageImpl();

View Full Code Here


        TokenRequirements tokenRequirements = new TokenRequirements();
        tokenRequirements.setTokenType(tokenType);
        parameters.setTokenRequirements(tokenRequirements);


        KeyRequirements keyRequirements = new KeyRequirements();
        keyRequirements.setKeyType(keyType);
        parameters.setKeyRequirements(keyRequirements);


        parameters.setPrincipal(new CustomTokenPrincipal(username));
        // Mock up message context
        MessageImpl msg = new MessageImpl();

View Full Code Here

        TokenCancellerParameters cancellerParameters = new TokenCancellerParameters();
        
        try {
            RequestParser requestParser = parseRequest(request, context);
            
            KeyRequirements keyRequirements = requestParser.getKeyRequirements();
            TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
            
            cancellerParameters.setStsProperties(stsProperties);
            cancellerParameters.setPrincipal(context.getUserPrincipal());
            cancellerParameters.setWebServiceContext(context);

View Full Code Here

0 1 2 3 4 5 6 7 8 9

TOP

Related Classes of org.apache.cxf.sts.request.KeyRequirements

org.apache.cxf.sts.operation.AbstractOperation

org.apache.cxf.sts.operation.CancelSCTUnitTest

org.apache.cxf.sts.operation.IssueOnbehalfofUnitTest

org.apache.cxf.sts.operation.IssueSamlClaimsUnitTest

org.apache.cxf.sts.operation.RenewSamlUnitTest

org.apache.cxf.sts.operation.TokenCancelOperation

org.apache.cxf.sts.operation.TokenIssueOperation

org.apache.cxf.sts.operation.TokenRenewOperation

org.apache.cxf.sts.operation.TokenValidateOperation

org.apache.cxf.sts.operation.ValidateSamlUnitTest

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.