Java源码示例:org.apache.wss4j.common.crypto.Crypto
示例1
public void sign(AbstractWsSecurityHandler.SignedParts... parts) throws TechnicalConnectorException {
try {
if (this.cred instanceof SAMLHolderOfKeyToken && StringUtils.isNotEmpty(this.assertionId)) {
this.sign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
this.sign.setKeyIdentifierType(12);
this.sign.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
this.sign.setCustomTokenId(this.assertionId);
} else {
this.sign.setKeyIdentifierType(1);
}
Crypto crypto = new WSSecurityCrypto(this.cred.getPrivateKey(), this.cred.getCertificate());
this.sign.prepare(this.soapPart, crypto, this.wsSecHeader);
if (!(this.cred instanceof SAMLHolderOfKeyToken) || !StringUtils.isNotEmpty(this.assertionId)) {
this.sign.appendBSTElementToHeader(this.wsSecHeader);
}
List<Reference> referenceList = this.sign.addReferencesToSign(this.generateReferencesToSign(parts), this.wsSecHeader);
if (!referenceList.isEmpty()) {
this.sign.computeSignature(referenceList, false, (Element)null);
}
} catch (WSSecurityException var4) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.HANDLER_ERROR, new Object[]{"unable to insert security header.", var4});
}
}
示例2
public void sign(AbstractWsSecurityHandler.SignedParts... parts) throws TechnicalConnectorException {
try {
if (StringUtils.isNotEmpty(this.assertionId)) {
this.sign.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
this.sign.setKeyIdentifierType(12);
this.sign.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
this.sign.setCustomTokenId(this.assertionId);
} else {
this.sign.setKeyIdentifierType(1);
}
Crypto crypto = new WSSecurityCrypto(this.cred.getPrivateKey(), this.cred.getCertificate());
this.sign.prepare(this.soapPart, crypto, this.wsSecHeader);
if (StringUtils.isEmpty(this.assertionId)) {
this.sign.appendBSTElementToHeader(this.wsSecHeader);
}
List<Reference> referenceList = this.sign.addReferencesToSign(this.generateReferencesToSign(parts), this.wsSecHeader);
if (!referenceList.isEmpty()) {
this.sign.computeSignature(referenceList, false, (Element)null);
}
} catch (WSSecurityException var4) {
throw new TechnicalConnectorException(TechnicalConnectorExceptionValues.HANDLER_ERROR, new Object[]{"unable to insert security header.", var4});
}
}
示例3
private Element createSAMLAssertion(
String tokenType, String keyType, Crypto crypto, String signatureUsername,
CallbackHandler callbackHandler, String user, String issuer
) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters =
createProviderParameters(
tokenType, keyType, crypto, signatureUsername, callbackHandler, user, issuer
);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例4
protected X509Certificate getCert(Crypto crypto) throws Exception {
String alias = (String)getProperty(SecurityConstants.STS_TOKEN_USERNAME);
if (alias == null) {
alias = crypto.getDefaultX509Identifier();
}
if (alias == null) {
throw new Fault("No alias specified for retrieving PublicKey", LOG);
}
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs == null || certs.length == 0) {
throw new Fault("Could not get X509Certificate for alias " + alias, LOG);
}
return certs[0];
}
示例5
protected X509Certificate getCert(Crypto crypto) throws Exception {
if (crypto == null) {
throw new Fault("No Crypto token properties are available to retrieve a certificate",
LOG);
}
String alias = (String)getProperty(SecurityConstants.STS_TOKEN_USERNAME);
if (alias == null) {
alias = crypto.getDefaultX509Identifier();
}
if (alias == null) {
throw new Fault("No alias specified for retrieving PublicKey", LOG);
}
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs == null || certs.length == 0) {
throw new Fault("Could not get X509Certificate for alias " + alias, LOG);
}
return certs[0];
}
示例6
private Element createSAMLAssertion(
String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler,
Map<String, RealmProperties> realms, String keyType
) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
samlTokenProvider.setRealmMap(realms);
TokenProviderParameters providerParameters =
createProviderParameters(
tokenType, keyType, crypto, signatureUsername, callbackHandler
);
if (realms != null) {
providerParameters.setRealm("A");
}
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例7
private X509Certificate getEncryptCert(Crypto crypto, String encrUser) throws WSSecurityException {
// Check for prepared encryption certificate
X509Certificate encrCert =
(X509Certificate)SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CERT, message);
if (encrCert != null) {
return encrCert;
}
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(encrUser);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
if (certs != null && certs.length > 0) {
return certs[0];
}
return null;
}
示例8
private UseKeyType createUseKey(Crypto crypto, String alias) throws Exception {
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias(alias);
X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
Document doc = DOMUtils.getEmptyDocument();
Element x509Data = doc.createElementNS(WSS4JConstants.SIG_NS, "ds:X509Data");
x509Data.setAttributeNS(WSS4JConstants.XMLNS_NS, "xmlns:ds", WSS4JConstants.SIG_NS);
Element x509Cert = doc.createElementNS(WSS4JConstants.SIG_NS, "ds:X509Certificate");
Text certText = doc.createTextNode(Base64.getMimeEncoder().encodeToString(certs[0].getEncoded()));
x509Cert.appendChild(certText);
x509Data.appendChild(x509Cert);
UseKeyType useKey = new UseKeyType();
useKey.setAny(x509Data);
return useKey;
}
示例9
private Element createSAMLAssertion(
String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler,
Map<String, RealmProperties> realms, String keyType
) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
samlTokenProvider.setRealmMap(realms);
TokenProviderParameters providerParameters =
createProviderParameters(
tokenType, keyType, crypto, signatureUsername, callbackHandler
);
if (realms != null) {
providerParameters.setRealm("A");
}
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例10
private Element createSAMLAssertion(
String subjectName, String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler
) throws WSSecurityException {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters =
createProviderParameters(
subjectName, tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例11
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(STSConstants.STATUS);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS-2");
parameters.setStsProperties(stsProperties);
parameters.setTokenStore(tokenStore);
return parameters;
}
示例12
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(STSConstants.STATUS);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS-2");
parameters.setStsProperties(stsProperties);
return parameters;
}
示例13
protected SAMLKeyInfo createKeyInfoFromDefaultAlias(Crypto sigCrypto) throws WSSecurityException {
try {
X509Certificate[] certs = RSSecurityUtils.getCertificates(sigCrypto,
sigCrypto.getDefaultX509Identifier());
SAMLKeyInfo samlKeyInfo = new SAMLKeyInfo(new X509Certificate[]{certs[0]});
samlKeyInfo.setPublicKey(certs[0].getPublicKey());
return samlKeyInfo;
} catch (Exception ex) {
LOG.log(Level.FINE, "Error in loading the certificates: " + ex.getMessage(), ex);
throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_SIGNATURE, ex);
}
}
示例14
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(STSConstants.STATUS);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setTokenStore(tokenStore);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
return parameters;
}
示例15
@Test
public void testSAML2BearerAuthenticationDirect() throws Exception {
String address = "https://localhost:" + port + "/oauth2-auth/token";
WebClient wc = createWebClient(address);
Crypto crypto = new CryptoLoader().loadCrypto(CRYPTO_RESOURCE_PROPERTIES);
SelfSignInfo signInfo = new SelfSignInfo(crypto, "alice", "password");
SamlCallbackHandler samlCallbackHandler = new SamlCallbackHandler(true);
samlCallbackHandler.setIssuer("alice");
String audienceURI = "https://localhost:" + port + "/oauth2-auth/token";
samlCallbackHandler.setAudience(audienceURI);
SamlAssertionWrapper assertionWrapper = SAMLUtils.createAssertion(samlCallbackHandler,
signInfo);
Document doc = DOMUtils.newDocument();
Element assertionElement = assertionWrapper.toDOM(doc);
String assertion = DOM2Writer.nodeToString(assertionElement);
String encodedAssertion = Base64UrlUtility.encode(assertion);
Map<String, String> extraParams = new HashMap<>();
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_TYPE, Constants.CLIENT_AUTH_SAML2_BEARER);
extraParams.put(Constants.CLIENT_AUTH_ASSERTION_PARAM, encodedAssertion);
ClientAccessToken at = OAuthClientUtils.getAccessToken(wc,
new CustomGrant(),
extraParams);
assertNotNull(at.getTokenKey());
}
示例16
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof SAMLCallback) {
SAMLCallback callback = (SAMLCallback) callbacks[i];
callback.setSamlVersion(Version.SAML_20);
callback.setIssuer("intermediary");
String subjectName = "uid=" + principal.getName();
String confirmationMethod = SAML2Constants.CONF_SENDER_VOUCHES;
SubjectBean subjectBean =
new SubjectBean(subjectName, null, confirmationMethod);
callback.setSubject(subjectBean);
AttributeStatementBean attrBean = new AttributeStatementBean();
if (subjectBean != null) {
attrBean.setSubject(subjectBean);
}
AttributeBean attributeBean = new AttributeBean();
attributeBean.setQualifiedName("role");
attributeBean.addAttributeValue("user");
attrBean.setSamlAttributes(Collections.singletonList(attributeBean));
callback.setAttributeStatementData(Collections.singletonList(attrBean));
try {
String file = "serviceKeystore.properties";
Crypto crypto = CryptoFactory.getInstance(file);
callback.setIssuerCrypto(crypto);
callback.setIssuerKeyName("myservicekey");
callback.setIssuerKeyPassword("skpass");
callback.setSignAssertion(true);
} catch (WSSecurityException e) {
throw new IOException(e);
}
}
}
}
示例17
private TokenValidatorParameters createValidatorParameters() throws WSSecurityException {
TokenValidatorParameters parameters = new TokenValidatorParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(STSConstants.STATUS);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setTokenStore(tokenStore);
return parameters;
}
示例18
private TokenProviderParameters createProviderParameters(
String tokenType, String keyType, Crypto crypto,
String signatureUsername, CallbackHandler callbackHandler,
String username, String issuer
) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal(username));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress(
"https://localhost:" + STSPORT + "/SecurityTokenService/b-issuer/Transport");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer(issuer);
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
return parameters;
}
示例19
private List<WSSecurityEngineResult> processToken(SecurityToken token) throws Exception {
RequestData requestData = new RequestData();
requestData.setDisableBSPEnforcement(true);
CallbackHandler callbackHandler = new org.apache.cxf.systest.sts.common.CommonCallbackHandler();
requestData.setCallbackHandler(callbackHandler);
Crypto crypto = CryptoFactory.getInstance("serviceKeystore.properties");
requestData.setDecCrypto(crypto);
requestData.setSigVerCrypto(crypto);
requestData.setWsDocInfo(new WSDocInfo(token.getToken().getOwnerDocument()));
Processor processor = new SAMLTokenProcessor();
return processor.handleToken(token.getToken(), requestData);
}
示例20
private void checkAsymmetricBinding(
SoapMessage message, WSSSecurityProperties securityProperties
) throws WSSecurityException {
Object s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_CRYPTO, message);
if (s == null) {
s = SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message);
}
Object e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_CRYPTO, message);
if (e == null) {
e = SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message);
}
Crypto encrCrypto = getEncryptionCrypto(e, message, securityProperties);
Crypto signCrypto = null;
if (e != null && e.equals(s)) {
signCrypto = encrCrypto;
} else {
signCrypto = getSignatureCrypto(s, message, securityProperties);
}
if (signCrypto != null) {
securityProperties.setSignatureCrypto(signCrypto);
}
if (encrCrypto != null) {
securityProperties.setEncryptionCrypto(encrCrypto);
} else if (signCrypto != null) {
securityProperties.setEncryptionCrypto(signCrypto);
}
}
示例21
protected String getUserName(Crypto crypto, Message message) {
SecurityContext sc = message.get(SecurityContext.class);
if (sc != null && sc.getUserPrincipal() != null) {
return sc.getUserPrincipal().getName();
}
return RSSecurityUtils.getUserName(crypto, null);
}
示例22
private void prepareMessage(Message inMsg) throws Fault {
XMLStreamReader originalXmlStreamReader = inMsg.getContent(XMLStreamReader.class);
if (originalXmlStreamReader == null) {
InputStream is = inMsg.getContent(InputStream.class);
if (is != null) {
originalXmlStreamReader = StaxUtils.createXMLStreamReader(is);
}
}
try {
XMLSecurityProperties properties = new XMLSecurityProperties();
configureDecryptionKeys(inMsg, properties);
Crypto signatureCrypto = getSignatureCrypto(inMsg);
configureSignatureKeys(signatureCrypto, inMsg, properties);
SecurityEventListener securityEventListener =
configureSecurityEventListener(signatureCrypto, inMsg, properties);
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
XMLStreamReader newXmlStreamReader =
inboundXMLSec.processInMessage(originalXmlStreamReader, null, securityEventListener);
inMsg.setContent(XMLStreamReader.class, newXmlStreamReader);
} catch (XMLStreamException | XMLSecurityException | IOException | UnsupportedCallbackException e) {
throwFault(e.getMessage(), e);
}
}
示例23
private STSPropertiesMBean createSTSPropertiesMBean(Crypto crypto) throws WSSecurityException {
STSPropertiesMBean stsProperties = new StaticSTSProperties();
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
return stsProperties;
}
示例24
/**
* Validate the received SAML Response as per the protocol
*/
private void validateSamlResponseProtocol(
org.opensaml.saml.saml2.core.Response samlResponse, Crypto crypto, TrustedIdp trustedIdp
) {
try {
SAMLProtocolResponseValidator protocolValidator = new SAMLProtocolResponseValidator();
protocolValidator.setKeyInfoMustBeAvailable(
isBooleanPropertyConfigured(trustedIdp, REQUIRE_KEYINFO, true));
protocolValidator.validateSamlResponse(samlResponse, crypto, null);
} catch (WSSecurityException ex) {
LOG.debug(ex.getMessage(), ex);
throw ExceptionUtils.toBadRequestException(null, null);
}
}
示例25
private Element createSAMLAssertion(
String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler
) throws WSSecurityException {
TokenProvider samlTokenProvider = new SAMLTokenProvider();
TokenProviderParameters providerParameters =
createProviderParameters(
tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例26
private Element createSAMLAssertion(
String tokenType, Crypto crypto, String signatureUsername,
CallbackHandler callbackHandler, long ttlMs, boolean allowRenewing,
boolean allowRenewingAfterExpiry
) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(
tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
);
Renewing renewing = new Renewing();
renewing.setAllowRenewing(allowRenewing);
renewing.setAllowRenewingAfterExpiry(allowRenewingAfterExpiry);
providerParameters.getTokenRequirements().setRenewing(renewing);
if (ttlMs != 0) {
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
Lifetime lifetime = new Lifetime();
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
}
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例27
/**
* @param issueOperation
* @throws WSSecurityException
*/
private void addSTSProperties(TokenIssueOperation issueOperation) throws WSSecurityException {
STSPropertiesMBean stsProperties = new StaticSTSProperties();
Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
stsProperties.setEncryptionCrypto(crypto);
stsProperties.setSignatureCrypto(crypto);
stsProperties.setEncryptionUsername("myservicekey");
stsProperties.setSignatureUsername("mystskey");
stsProperties.setCallbackHandler(new PasswordCallbackHandler());
stsProperties.setIssuer("STS");
issueOperation.setStsProperties(stsProperties);
}
示例28
private Element createSAMLAssertion(
String tokenType, Crypto crypto, String signatureUsername, CallbackHandler callbackHandler,
Map<String, RealmProperties> realms
) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
samlTokenProvider.setRealmMap(realms);
List<AttributeStatementProvider> customProviderList =
new ArrayList<>();
customProviderList.add(new ClaimsAttributeStatementProvider());
samlTokenProvider.setAttributeStatementProviders(customProviderList);
TokenProviderParameters providerParameters =
createProviderParameters(
tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
);
if (realms != null) {
providerParameters.setRealm("A");
}
// Set the ClaimsManager
ClaimsManager claimsManager = new ClaimsManager();
ClaimsHandler claimsHandler = new CustomClaimsHandler();
claimsManager.setClaimHandlers(Collections.singletonList(claimsHandler));
providerParameters.setClaimsManager(claimsManager);
ClaimCollection requestedClaims = new ClaimCollection();
Claim requestClaim = new Claim();
requestClaim.setClaimType(ClaimTypes.LASTNAME);
requestClaim.setOptional(false);
requestedClaims.add(requestClaim);
providerParameters.setRequestedSecondaryClaims(requestedClaims);
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例29
private Element createSAMLAssertion(
String tokenType, Crypto crypto, String signatureUsername,
CallbackHandler callbackHandler, long ttlMs, boolean allowRenewing,
boolean allowRenewingAfterExpiry
) throws WSSecurityException {
SAMLTokenProvider samlTokenProvider = new SAMLTokenProvider();
DefaultConditionsProvider conditionsProvider = new DefaultConditionsProvider();
conditionsProvider.setAcceptClientLifetime(true);
samlTokenProvider.setConditionsProvider(conditionsProvider);
TokenProviderParameters providerParameters =
createProviderParameters(
tokenType, STSConstants.BEARER_KEY_KEYTYPE, crypto, signatureUsername, callbackHandler
);
Renewing renewing = new Renewing();
renewing.setAllowRenewing(allowRenewing);
renewing.setAllowRenewingAfterExpiry(allowRenewingAfterExpiry);
providerParameters.getTokenRequirements().setRenewing(renewing);
if (ttlMs != 0) {
Lifetime lifetime = new Lifetime();
Instant creationTime = Instant.now();
Instant expirationTime = creationTime.plusNanos(ttlMs * 1000000L);
lifetime.setCreated(creationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
lifetime.setExpires(expirationTime.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
providerParameters.getTokenRequirements().setLifetime(lifetime);
}
TokenProviderResponse providerResponse = samlTokenProvider.createToken(providerParameters);
assertNotNull(providerResponse);
assertTrue(providerResponse.getToken() != null && providerResponse.getTokenId() != null);
return (Element)providerResponse.getToken();
}
示例30
private TokenProviderParameters createProviderParameters(
String tokenType, String keyType, Crypto crypto,
String signatureUsername, CallbackHandler callbackHandler
) throws WSSecurityException {
TokenProviderParameters parameters = new TokenProviderParameters();
TokenRequirements tokenRequirements = new TokenRequirements();
tokenRequirements.setTokenType(tokenType);
parameters.setTokenRequirements(tokenRequirements);
KeyRequirements keyRequirements = new KeyRequirements();
keyRequirements.setKeyType(keyType);
parameters.setKeyRequirements(keyRequirements);
parameters.setPrincipal(new CustomTokenPrincipal("alice"));
// Mock up message context
MessageImpl msg = new MessageImpl();
WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
parameters.setMessageContext(msgCtx);
parameters.setAppliesToAddress("http://dummy-service.com/dummy");
// Add STSProperties object
StaticSTSProperties stsProperties = new StaticSTSProperties();
stsProperties.setSignatureCrypto(crypto);
stsProperties.setSignatureUsername(signatureUsername);
stsProperties.setCallbackHandler(callbackHandler);
stsProperties.setIssuer("STS");
parameters.setStsProperties(stsProperties);
parameters.setEncryptionProperties(new EncryptionProperties());
parameters.setTokenStore(tokenStore);
return parameters;
}
