org.apache.wss4j.common.ext.WSPasswordCallback Java Examples

The following examples show how to use org.apache.wss4j.common.ext.WSPasswordCallback. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: RequestedClaimsTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
    throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (sign) {
        assertion.signAssertion(alias, password, crypto, false);
    }
    Document doc = STSUtil.toSOAPPart(rstr);
    Element token = assertion.toDOM(doc);

    Element e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                    FederationConstants.WS_TRUST_13_NS);
    if (e == null) {
        e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                FederationConstants.WS_TRUST_2005_02_NS);
    }
    e.appendChild(token);
    return DOM2Writer.nodeToString(doc);
}
 
Example #2
Source File: AudienceRestrictionTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
    throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (sign) {
        assertion.signAssertion(alias, password, crypto, false);
    }
    Document doc = STSUtil.toSOAPPart(rstr);
    Element token = assertion.toDOM(doc);

    Element e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                    FederationConstants.WS_TRUST_13_NS);
    if (e == null) {
        e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                FederationConstants.WS_TRUST_2005_02_NS);
    }
    e.appendChild(token);
    return DOM2Writer.nodeToString(doc);
}
 
Example #3
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
    throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (sign) {
        assertion.signAssertion(alias, password, crypto, false);
    }
    Document doc = STSUtil.toSOAPPart(rstr);
    Element token = assertion.toDOM(doc);

    Element e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                    FederationConstants.WS_TRUST_13_NS);
    if (e == null) {
        e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                FederationConstants.WS_TRUST_2005_02_NS);
    }
    e.appendChild(token);
    return DOM2Writer.nodeToString(doc);
}
 
Example #4
Source File: ClientCallbackHandler.java    From cxf with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            if (pc.getUsage() == WSPasswordCallback.DECRYPT
                || pc.getUsage() == WSPasswordCallback.SIGNATURE) {
                if ("myclientkey".equals(pc.getIdentifier())) {
                    pc.setPassword("ckpass");
                }
            } else if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
                if ("alice".equals(pc.getIdentifier())) {
                    pc.setPassword("clarinet");
                    break;
                } else if ("bob".equals(pc.getIdentifier())) {
                    pc.setPassword("trombone");
                    break;
                }
            }
        }
    }
}
 
Example #5
Source File: STSCallbackHandler.java    From cxf with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            if (pc.getUsage() == WSPasswordCallback.DECRYPT
                || pc.getUsage() == WSPasswordCallback.SIGNATURE) {
                if ("mystskey".equals(pc.getIdentifier())) {
                    pc.setPassword("stskpass");
                }
            } else if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
                if ("alice".equals(pc.getIdentifier())) {
                    pc.setPassword("clarinet");
                }
            }
        }
    }
}
 
Example #6
Source File: UsernamePasswordCallback.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * Here, we attempt to get the password from the private alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

        // System.out.println("**************** Server checking id: "+pc.getIdentifer());

        String pass = passwords.get(pc.getIdentifier());
        if (pass != null) {
            pc.setPassword(pass);
            return;
        }
    }

    //
    // Password not found
    //
    throw new IOException();
}
 
Example #7
Source File: CustomPasswordHandler.java    From tomee with Apache License 2.0 6 votes vote down vote up
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    WSPasswordCallback pc = (WSPasswordCallback) callbacks[0];

    if (pc.getUsage() == WSPasswordCallback.USERNAME_TOKEN) {
        // TODO get the password from the users.properties if possible
        pc.setPassword("waterfall");

    } else if (pc.getUsage() == WSPasswordCallback.DECRYPT) {
        pc.setPassword("serverPassword");

    } else if (pc.getUsage() == WSPasswordCallback.SIGNATURE) {
        pc.setPassword("serverPassword");

    }
}
 
Example #8
Source File: KeystorePasswordCallback.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * It attempts to get the password from the private
 * alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
        if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
            pc.setPassword("this-is-a-secret");
        } else {
            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
                pc.setPassword(pass);
                return;
            }
            pc.setPassword("password");
        }
    }
}
 
Example #9
Source File: KeystorePasswordCallback.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * It attempts to get the password from the private
 * alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
        if ("alice".equals(pc.getIdentifier())) {
            pc.setPassword("password");
        } else if ("bob".equals(pc.getIdentifier())) {
            pc.setPassword("password");
        } else if ("morpit".equals(pc.getIdentifier())) {
            pc.setPassword("password");
        } else if ("bethal".equals(pc.getIdentifier())) {
            pc.setPassword("password");
        } else {
            pc.setPassword("abcd!1234");
        }
    }
}
 
Example #10
Source File: CallbackHandlerImpl.java    From cxf with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) { // CXF
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            if ("alice".equals(pc.getIdentifier())) {
                pc.setPassword("security");
                break;
            } else if ("bob".equals(pc.getIdentifier())) {
                pc.setPassword("security");
                break;
            } else if (pc.getIdentifier() != null
                && pc.getIdentifier().startsWith("consumer-id")) {
                pc.setPassword("this-is-a-secret");
                break;
            } else if ("service".equals(pc.getIdentifier())) {
                pc.setPassword("service-pass");
                break;
            } else if (dataProvider != null) {
                Client client = dataProvider.getClient(pc.getIdentifier());
                pc.setPassword(client.getClientSecret());
                break;
            }
        }
    }
}
 
Example #11
Source File: KeystorePasswordCallback.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * It attempts to get the password from the private
 * alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
        if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
            pc.setPassword("this-is-a-secret");
        } else {
            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
                pc.setPassword(pass);
                return;
            }
            pc.setPassword("password");
        }
    }
}
 
Example #12
Source File: KeystorePasswordCallback.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * It attempts to get the password from the private
 * alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
        if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
            pc.setPassword("this-is-a-secret");
        } else {
            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
                pc.setPassword(pass);
                return;
            }
            pc.setPassword("password");
        }
    }
}
 
Example #13
Source File: PasswordCallbackHandler.java    From cxf with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) { // CXF
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            if ("alice".equals(pc.getIdentifier())) {
                pc.setPassword("clarinet");
                break;
            } else if ("bob".equals(pc.getIdentifier())) {
                pc.setPassword("trombone");
                break;
            } else if ("mystskey".equals(pc.getIdentifier())) {
                pc.setPassword("stskpass");
                break;
            } else if ("myservicekey".equals(pc.getIdentifier())) {
                pc.setPassword("skpass");
                break;
            }
        }
    }
}
 
Example #14
Source File: KerberosServicePasswordCallback.java    From cxf with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) {
            super.handle(new Callback[]{callbacks[i]});
        } else if (callbacks[i] instanceof KerberosContextAndServiceNameCallback) {
            KerberosContextAndServiceNameCallback pc =
                (KerberosContextAndServiceNameCallback)callbacks[i];
            pc.setContextName("bob");
            pc.setServiceName("bob@service.ws.apache.org");
        } else if (callbacks[i] instanceof NameCallback) {
            NameCallback nameCallback = (NameCallback)callbacks[i];
            nameCallback.setName(username);
        } else if (callbacks[i] instanceof PasswordCallback) {
            PasswordCallback passwordCallback = (PasswordCallback)callbacks[i];
            passwordCallback.setPassword(password.toCharArray());
        }
    }
}
 
Example #15
Source File: SAMLTokenValidatorOldTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
    throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (sign) {
        assertion.signAssertion(alias, password, crypto, false);
    }
    Document doc = STSUtil.toSOAPPart(rstr);
    Element token = assertion.toDOM(doc);

    Element e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                    FederationConstants.WS_TRUST_13_NS);
    if (e == null) {
        e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                FederationConstants.WS_TRUST_2005_02_NS);
    }
    e.appendChild(token);
    return DOM2Writer.nodeToString(doc);
}
 
Example #16
Source File: ClaimsProcessorTest.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
    throws IOException, UnsupportedCallbackException, WSSecurityException, SAXException,
    ParserConfigurationException {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (sign) {
        assertion.signAssertion(alias, password, crypto, false);
    }
    Document doc = STSUtil.toSOAPPart(rstr);
    Element token = assertion.toDOM(doc);

    Element e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                    FederationConstants.WS_TRUST_13_NS);
    if (e == null) {
        e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                FederationConstants.WS_TRUST_2005_02_NS);
    }
    e.appendChild(token);
    return DOM2Writer.nodeToString(doc);
}
 
Example #17
Source File: KeystorePasswordCallback.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
/**
 * It attempts to get the password from the private
 * alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];
        if (pc.getUsage() == WSPasswordCallback.PASSWORD_ENCRYPTOR_PASSWORD) {
            pc.setPassword("this-is-a-secret");
        } else {
            String pass = passwords.get(pc.getIdentifier());
            if (pass != null) {
                pc.setPassword(pass);
                return;
            } else {
                pc.setPassword("password");
            }
        }
    }
}
 
Example #18
Source File: CommonCallbackHandler.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException,
        UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        if (callbacks[i] instanceof WSPasswordCallback) { // CXF
            WSPasswordCallback pc = (WSPasswordCallback) callbacks[i];
            if ("ALICE".equals(pc.getIdentifier())) {
                pc.setPassword("ECILA");
                break;
            } else if ("realmb".equals(pc.getIdentifier())) {
                pc.setPassword("realmb");
                break;
            } else if (pc.getIdentifier() != null
                && pc.getIdentifier().startsWith("consumer-id")) {
                pc.setPassword("this-is-a-secret");
                break;
            }
        }
    }
}
 
Example #19
Source File: RSSecurityUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static String getSignaturePassword(Message message, String userName,
                                          Class<?> callingClass) throws WSSecurityException {
    CallbackHandler handler = getCallbackHandler(message, callingClass);
    if (handler == null) {
        // See if we have a signature password we can use here instead
        return (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message);
    }

    WSPasswordCallback[] cb = {new WSPasswordCallback(userName, WSPasswordCallback.SIGNATURE)};
    try {
        handler.handle(cb);
    } catch (Exception e) {
        return null;
    }

    //get the password
    String password = cb[0].getPassword();
    return password == null ? "" : password;
}
 
Example #20
Source File: AbstractTokenInterceptor.java    From cxf with Apache License 2.0 6 votes vote down vote up
protected String getPassword(String userName, AbstractToken info,
                             int usage, SoapMessage message) {
    //Then try to get the password from the given callback handler
    CallbackHandler handler = null;
    try {
        Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
        handler = SecurityUtils.getCallbackHandler(o);
        if (handler == null) {
            policyNotAsserted(info, "No callback handler and no password available", message);
            return null;
        }
    } catch (Exception ex) {
        policyNotAsserted(info, "No callback handler and no password available", message);
        return null;
    }

    WSPasswordCallback[] cb = {new WSPasswordCallback(userName, usage)};
    try {
        handler.handle(cb);
    } catch (Exception e) {
        policyNotAsserted(info, e, message);
    }

    //get the password
    return cb[0].getPassword();
}
 
Example #21
Source File: TokenStoreCallbackHandler.java    From cxf with Apache License 2.0 6 votes vote down vote up
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (Callback callback : callbacks) {
        if (callback instanceof WSPasswordCallback) {
            WSPasswordCallback pc = (WSPasswordCallback)callback;

            String id = pc.getIdentifier();
            SecurityToken tok = store.getToken(id);
            if (tok != null && !tok.isExpired()) {
                if (tok.getSHA1() == null && pc.getKey() != null) {
                    tok.setSHA1(getSHA1(pc.getKey()));
                    // Create another cache entry with the SHA1 Identifier as the key for easy retrieval
                    store.add(tok.getSHA1(), tok);
                }
                pc.setKey(tok.getSecret());
                pc.setKey(tok.getKey());
                pc.setCustomToken(tok.getToken());
                return;
            }
        }
    }
    if (internal != null) {
        internal.handle(callbacks);
    }
}
 
Example #22
Source File: STSStaxTokenValidator.java    From cxf with Apache License 2.0 6 votes vote down vote up
/**
 * Verify a UsernameToken containing a plaintext password.
 */
private void verifyPlaintextPassword(
    String username,
    PasswordString passwordType,
    TokenContext tokenContext
) throws WSSecurityException {
    WSPasswordCallback pwCb = new WSPasswordCallback(username,
            null,
            passwordType.getType(),
            WSPasswordCallback.USERNAME_TOKEN);
    try {
        WSSUtils.doPasswordCallback(tokenContext.getWssSecurityProperties().getCallbackHandler(), pwCb);
    } catch (WSSecurityException e) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
    }

    if (pwCb.getPassword() == null) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
    }

    if (!passwordType.getValue().equals(pwCb.getPassword())) {
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
    }
    passwordType.setValue(pwCb.getPassword());
}
 
Example #23
Source File: CryptoProviderUtils.java    From cxf with Apache License 2.0 6 votes vote down vote up
public static String getCallbackPwd(String userName, int usage, CallbackHandler handler) {
    if (handler == null) {
        return null;
    }
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(userName, usage)
    };
    try {
        handler.handle(cb);
    } catch (Exception e) {
        throw new CryptoProviderException("Cannot get password from callback: " + e, e);
    }

    // get the password
    return cb[0].getPassword();
}
 
Example #24
Source File: SCTSAMLTokenProvider.java    From cxf with Apache License 2.0 6 votes vote down vote up
private SamlAssertionWrapper createSamlToken(
    TokenProviderParameters tokenParameters, byte[] secret, Document doc
) throws Exception {
    SamlCallbackHandler handler = createCallbackHandler(tokenParameters, secret, doc);

    SAMLCallback samlCallback = new SAMLCallback();
    SAMLUtil.doSAMLCallback(handler, samlCallback);
    SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);

    if (signToken) {
        STSPropertiesMBean stsProperties = tokenParameters.getStsProperties();

        // Get the password
        String alias = stsProperties.getSignatureUsername();
        WSPasswordCallback[] cb = {new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)};
        LOG.fine("Creating SAML Token");
        stsProperties.getCallbackHandler().handle(cb);
        String password = cb[0].getPassword();

        LOG.fine("Signing SAML Token");
        boolean useKeyValue = stsProperties.getSignatureProperties().isUseKeyValue();
        assertion.signAssertion(alias, password, stsProperties.getSignatureCrypto(), useKeyValue);
    }

    return assertion;
}
 
Example #25
Source File: CredentialsOutHandler.java    From rice with Educational Community License v2.0 5 votes vote down vote up
public WSPasswordCallback getPassword(final String username,
		final int doAction, final String clsProp, final String refProp,
		final RequestData reqData) throws WSSecurityException {
	final UsernamePasswordCredentials c = (UsernamePasswordCredentials) this.credentialsSource
			.getCredentials(this.serviceConfiguration.getEndpointUrl().toString());

	return new WSPasswordCallback(c.getUsername(), c.getPassword(), null,
			WSPasswordCallback.USERNAME_TOKEN);
}
 
Example #26
Source File: AbstractBindingBuilder.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected String getPassword(String userName, Assertion info, int usage) {
    //Then try to get the password from the given callback handler
    Object o = SecurityUtils.getSecurityPropertyValue(SecurityConstants.CALLBACK_HANDLER, message);
    CallbackHandler handler = null;
    try {
        handler = SecurityUtils.getCallbackHandler(o);
        if (handler == null) {
            // Don't unassert for signature as we might get the password from the crypto properties
            if (usage == WSPasswordCallback.SIGNATURE) {
                LOG.info("No CallbackHandler available to retrieve a password. We will now try the crypto "
                         + "properties file for a private password");
            } else {
                unassertPolicy(info, "No callback handler and no password available");
            }
            return null;
        }
    } catch (Exception ex) {
        // Don't unassert for signature as we might get the password from the crypto properties
        if (usage == WSPasswordCallback.SIGNATURE) {
            LOG.info("No CallbackHandler available to retrieve a password. We will now try the crypto "
                     + "properties file for a private password");
        } else {
            unassertPolicy(info, "No callback handler and no password available");
        }
        return null;
    }

    WSPasswordCallback[] cb = {new WSPasswordCallback(userName, usage)};
    try {
        handler.handle(cb);
    } catch (Exception e) {
        unassertPolicy(info, e);
    }

    //get the password
    return cb[0].getPassword();
}
 
Example #27
Source File: AbstractBindingBuilder.java    From cxf with Apache License 2.0 5 votes vote down vote up
protected WSSecUsernameToken addDKUsernameToken(UsernameToken token, byte[] salt, boolean useMac) {
    assertToken(token);
    if (!isTokenRequired(token.getIncludeTokenType())) {
        return null;
    }

    String userName = (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.USERNAME, message);
    if (!StringUtils.isEmpty(userName)) {
        WSSecUsernameToken utBuilder = new WSSecUsernameToken(secHeader);
        utBuilder.setIdAllocator(wssConfig.getIdAllocator());
        utBuilder.setWsTimeSource(wssConfig.getCurrentTime());

        String password =
            (String)SecurityUtils.getSecurityPropertyValue(SecurityConstants.PASSWORD, message);
        if (StringUtils.isEmpty(password)) {
            password = getPassword(userName, token, WSPasswordCallback.USERNAME_TOKEN);
        }

        if (!StringUtils.isEmpty(password)) {
            // If the password is available then build the token
            utBuilder.setUserInfo(userName, password);
            utBuilder.addDerivedKey(useMac,  1000);
            utBuilder.prepare(salt);
        } else {
            unassertPolicy(token, "No password available");
            return null;
        }

        return utBuilder;
    }
    unassertPolicy(token, "No username available");
    return null;
}
 
Example #28
Source File: FederationResponseTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
private Element createResponseWithMultipleAssertions(SamlAssertionWrapper assertion1,
                                      boolean signFirstAssertion,
                                      SamlAssertionWrapper assertion2,
                                      boolean signSecondAssertion,
                                      String alias) throws Exception {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (signFirstAssertion) {
        assertion1.signAssertion(alias, password, crypto, false);
    }
    if (signSecondAssertion) {
        assertion2.signAssertion(alias, password, crypto, false);
    }

    Document doc = STSUtil.toSOAPPart(SAMPLE_MULTIPLE_RSTR_COLL_MSG);
    Element token1 = assertion1.toDOM(doc);
    Element token2 = assertion2.toDOM(doc);

    List<Element> requestedTokenElements =
        XMLUtils.findElements(doc, "RequestedSecurityToken", FederationConstants.WS_TRUST_13_NS);
    Assert.assertEquals(2, requestedTokenElements.size());
    requestedTokenElements.get(0).appendChild(token1);
    requestedTokenElements.get(1).appendChild(token2);

    return doc.getDocumentElement();
}
 
Example #29
Source File: SAMLResponseConformanceTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
private Element createSamlResponse(SamlAssertionWrapper assertion, String alias,
                                  boolean sign, String requestID, Issuer issuer)
    throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
    WSPasswordCallback[] cb = {
        new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
    };
    cbPasswordHandler.handle(cb);
    String password = cb[0].getPassword();

    if (sign) {
        assertion.signAssertion(alias, password, crypto, false);
    }

    DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder();
    Document doc = docBuilder.newDocument();

    Status status =
        SAML2PResponseComponentBuilder.createStatus(
            "urn:oasis:names:tc:SAML:2.0:status:Success", null
        );

    Issuer responseIssuer = issuer;
    if (responseIssuer == null) {
        responseIssuer = SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString());
    }
    Response response =
        SAML2PResponseComponentBuilder.createSAMLResponse(requestID,
                                                          responseIssuer,
                                                          status);

    response.getAssertions().add(assertion.getSaml2());

    Element policyElement = OpenSAMLUtil.toDom(response, doc);
    doc.appendChild(policyElement);

    return policyElement;
}
 
Example #30
Source File: UTPasswordCallback.java    From cxf with Apache License 2.0 5 votes vote down vote up
/**
 * Here, we attempt to get the password from the private
 * alias/passwords map.
 */
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for (int i = 0; i < callbacks.length; i++) {
        WSPasswordCallback pc = (WSPasswordCallback)callbacks[i];

        String pass = passwords.get(pc.getIdentifier());
        if (pass != null) {
            pc.setPassword(pass);
            return;
        }
    }
}