Java Code Examples for org.apache.cxf.staxutils.W3CDOMStreamWriter#writeEndElement()

private Element createClaimsElement(List<RequestClaim> realmClaims)
    throws ParserConfigurationException, XMLStreamException {
    if (realmClaims == null || realmClaims.isEmpty()) {
        return null;
    }

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "Claims", STSUtils.WST_NS_05_12);
    writer.writeNamespace("wst", STSUtils.WST_NS_05_12);
    writer.writeNamespace("ic", HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
    writer.writeAttribute("Dialect", HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);

    if (!realmClaims.isEmpty()) {
        for (RequestClaim item : realmClaims) {
            LOG.debug("  {}", item.getClaimType().toString());
            writer.writeStartElement("ic", "ClaimType", HTTP_SCHEMAS_XMLSOAP_ORG_WS_2005_05_IDENTITY);
            writer.writeAttribute("Uri", item.getClaimType().toString());
            writer.writeAttribute("Optional", Boolean.toString(item.isOptional()));
            writer.writeEndElement();
        }
    }

    writer.writeEndElement();

    return writer.getDocument().getDocumentElement();
}
 

protected String writeKeyType(W3CDOMStreamWriter writer, String keyTypeToWrite) 
    throws XMLStreamException {
    if (isSecureConv) {
        if (keyTypeToWrite == null) {
            writer.writeStartElement("wst", "TokenType", namespace);
            writer.writeCharacters(STSUtils.getTokenTypeSCT(namespace));
            writer.writeEndElement();
            keyTypeToWrite = namespace + "/SymmetricKey";
        }
    } else if (keyTypeToWrite == null && sendKeyType) {
        writer.writeStartElement("wst", "KeyType", namespace);
        writer.writeCharacters(namespace + "/SymmetricKey");
        writer.writeEndElement();
        keyTypeToWrite = namespace + "/SymmetricKey";
    } else if (keyTypeToWrite != null) {
        writer.writeStartElement("wst", "KeyType", namespace);
        writer.writeCharacters(keyTypeToWrite);
        writer.writeEndElement();
    }
    return keyTypeToWrite;
}
 

protected String writeKeyType(W3CDOMStreamWriter writer, String keyTypeToWrite)
    throws XMLStreamException {
    if (isSecureConv) {
        if (keyTypeToWrite == null) {
            writer.writeStartElement("wst", "TokenType", namespace);
            writer.writeCharacters(STSUtils.getTokenTypeSCT(namespace));
            writer.writeEndElement();
            keyTypeToWrite = namespace + "/SymmetricKey";
        }
    } else if (keyTypeToWrite == null && sendKeyType) {
        writer.writeStartElement("wst", "KeyType", namespace);
        writer.writeCharacters(namespace + "/SymmetricKey");
        writer.writeEndElement();
        keyTypeToWrite = namespace + "/SymmetricKey";
    } else if (keyTypeToWrite != null) {
        writer.writeStartElement("wst", "KeyType", namespace);
        writer.writeCharacters(keyTypeToWrite);
        writer.writeEndElement();
    }
    return keyTypeToWrite;
}
 

protected String writeKeyType(W3CDOMStreamWriter writer, String keyTypeToWrite) 
    throws XMLStreamException {
    if (isSecureConv) {
        if (keyTypeToWrite == null) {
            writer.writeStartElement("wst", "TokenType", namespace);
            writer.writeCharacters(STSUtils.getTokenTypeSCT(namespace));
            writer.writeEndElement();
            keyTypeToWrite = namespace + "/SymmetricKey";
        }
    } else if (keyTypeToWrite == null && sendKeyType) {
        writer.writeStartElement("wst", "KeyType", namespace);
        writer.writeCharacters(namespace + "/SymmetricKey");
        writer.writeEndElement();
        keyTypeToWrite = namespace + "/SymmetricKey";
    } else if (keyTypeToWrite != null) {
        writer.writeStartElement("wst", "KeyType", namespace);
        writer.writeCharacters(keyTypeToWrite);
        writer.writeEndElement();
    }
    return keyTypeToWrite;
}
 

void writeLifetime(
    W3CDOMStreamWriter writer,
    Date created,
    Date expires,
    String prefix,
    String namespace
) throws Exception {
    XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
    writer.writeStartElement(prefix, "Lifetime", namespace);
    writer.writeNamespace("wsu", WSConstants.WSU_NS);
    writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
    writer.writeCharacters(fmt.format(created.getTime()));
    writer.writeEndElement();
    
    writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
    writer.writeCharacters(fmt.format(expires.getTime()));
    writer.writeEndElement();
    writer.writeEndElement();
}
 

void writeLifetime(
    W3CDOMStreamWriter writer,
    Date created,
    Date expires,
    String prefix,
    String namespace
) throws Exception {
    XmlSchemaDateFormat fmt = new XmlSchemaDateFormat();
    writer.writeStartElement(prefix, "Lifetime", namespace);
    writer.writeNamespace("wsu", WSConstants.WSU_NS);
    writer.writeStartElement("wsu", "Created", WSConstants.WSU_NS);
    writer.writeCharacters(fmt.format(created.getTime()));
    writer.writeEndElement();
    
    writer.writeStartElement("wsu", "Expires", WSConstants.WSU_NS);
    writer.writeCharacters(fmt.format(expires.getTime()));
    writer.writeEndElement();
    writer.writeEndElement();
}
 

void writeLifetime(
    W3CDOMStreamWriter writer,
    Instant created,
    Instant expires,
    String prefix,
    String namespace
) throws Exception {
    writer.writeStartElement(prefix, "Lifetime", namespace);
    writer.writeNamespace("wsu", WSS4JConstants.WSU_NS);
    writer.writeStartElement("wsu", "Created", WSS4JConstants.WSU_NS);
    writer.writeCharacters(created.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    writer.writeEndElement();

    writer.writeStartElement("wsu", "Expires", WSS4JConstants.WSU_NS);
    writer.writeCharacters(expires.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    writer.writeEndElement();
    writer.writeEndElement();
}
 

private void doCancel(
    Exchange exchange,
    SecurityToken cancelToken,
    W3CDOMStreamWriter writer,
    String prefix,
    String namespace
) throws Exception {
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
    }
    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);

    TokenStore store = (TokenStore)exchange.getEndpoint().getEndpointInfo()
            .getProperty(TokenStore.class.getName());
    store.remove(cancelToken.getId());
    // Put the token on the out message so that we can sign the response
    exchange.put(SecurityConstants.TOKEN, cancelToken);
    writer.writeEmptyElement(prefix, "RequestedTokenCancelled", namespace);

    writer.writeEndElement();
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeEndElement();
    }
}
 

@org.junit.Test
public void testLifetimeNoCreated() throws Exception {
    String key = "key";
    Element tokenElement = DOMUtils.createDocument().createElement("token");

    // Create Lifetime
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    Instant created = Instant.now().truncatedTo(ChronoUnit.MILLIS);
    Instant expires = created.plusSeconds(20L);

    writer.writeStartElement("wst", "Lifetime", WST_NS_05_12);

    writer.writeStartElement("wsu", "Expires", WSU_NS);
    writer.writeCharacters(expires.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
    writer.writeEndElement();
    writer.writeEndElement();

    SecurityToken token = new SecurityToken(key, tokenElement, writer.getDocument().getDocumentElement());
    assertEquals(key, token.getId());
    // It should default to the current time
    assertNotNull(token.getCreated());
    assertEquals(expires, token.getExpires());
}
 

protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter writer,
        X509Certificate cert) throws Exception {
    writer.writeStartElement("wst", "UseKey", namespace);
    writer.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
    writer.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");

    boolean useCert = useCertificateForConfirmationKeyInfo;
    String useCertStr = (String)getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
    if (useCertStr != null) {
        useCert = Boolean.parseBoolean(useCertStr);
    }
    if (useCert) {
        X509Data certElem = new X509Data(writer.getDocument());
        certElem.addCertificate(cert);
        writer.getCurrentNode().appendChild(certElem.getElement());
    } else {
        writer.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
        PublicKey key = cert.getPublicKey();
        String pubKeyAlgo = key.getAlgorithm();
        if ("DSA".equalsIgnoreCase(pubKeyAlgo)) {
            DSAKeyValue dsaKeyValue = new DSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(dsaKeyValue.getElement());
        } else if ("RSA".equalsIgnoreCase(pubKeyAlgo)) {
            RSAKeyValue rsaKeyValue = new RSAKeyValue(writer.getDocument(), key);
            writer.getCurrentNode().appendChild(rsaKeyValue.getElement());
        }
        writer.writeEndElement();
    }

    writer.writeEndElement();
    writer.writeEndElement();
}
 

protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter writer,
        boolean wroteKeySize) throws Exception {
    byte[] requestorEntropy = null;

    if (!wroteKeySize && (!isSecureConv || keySize != 256)) {
        addKeySize(keySize, writer);
    }

    if (requiresEntropy) {
        writer.writeStartElement("wst", "Entropy", namespace);
        writer.writeStartElement("wst", "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        if (algorithmSuite == null) {
            requestorEntropy = WSSecurityUtil.generateNonce(keySize / 8);
        } else {
            requestorEntropy = WSSecurityUtil
                .generateNonce(algorithmSuite.getMaximumSymmetricKeyLength() / 8);
        }
        writer.writeCharacters(Base64.encode(requestorEntropy));

        writer.writeEndElement();
        writer.writeEndElement();
        writer.writeStartElement("wst", "ComputedKeyAlgorithm", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");
        writer.writeEndElement();
    }
    return requestorEntropy;
}
 

byte[] writeProofToken(String prefix, 
    String namespace,
    W3CDOMStreamWriter writer,
    byte[] clientEntropy,
    int keySize
) throws NoSuchAlgorithmException, WSSecurityException, ConversationException, XMLStreamException {
    byte secret[] = null; 
    writer.writeStartElement(prefix, "RequestedProofToken", namespace);
    if (clientEntropy == null) {
        secret = WSSecurityUtil.generateNonce(keySize / 8);

        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(secret));
        writer.writeEndElement();
    } else {
        byte entropy[] = WSSecurityUtil.generateNonce(keySize / 8);
        P_SHA1 psha1 = new P_SHA1();
        secret = psha1.createKey(clientEntropy, entropy, 0, keySize / 8);

        writer.writeStartElement(prefix, "ComputedKey", namespace);
        writer.writeCharacters(namespace + "/CK/PSHA1");            
        writer.writeEndElement();
        writer.writeEndElement();

        writer.writeStartElement(prefix, "Entropy", namespace);
        writer.writeStartElement(prefix, "BinarySecret", namespace);
        writer.writeAttribute("Type", namespace + "/Nonce");
        writer.writeCharacters(Base64.encode(entropy));
        writer.writeEndElement();

    }
    writer.writeEndElement();
    return secret;
}
 

protected void addBinaryExchange(
    String binaryExchange, 
    W3CDOMStreamWriter writer
) throws XMLStreamException {
    writer.writeStartElement("wst", "BinaryExchange", namespace);
    writer.writeAttribute("EncodingType", BinarySecurity.BASE64_ENCODING);
    writer.writeAttribute("ValueType", namespace + "/spnego");
    writer.writeCharacters(binaryExchange);
    writer.writeEndElement();
}
 

protected void addRequestType(String requestType, W3CDOMStreamWriter writer) throws XMLStreamException {
    writer.writeStartElement("wst", "RequestType", namespace);
    writer.writeCharacters(requestType);
    writer.writeEndElement();
}
 

@org.junit.Test
public void testValidateJWTAndIssueSAML() throws Exception {
    WebClient client = webClient()
        .path("jwt")
        .accept(MediaType.TEXT_PLAIN);

    // 1. Get a token via GET
    String token = client.get(String.class);
    assertNotNull(token);

    // 2. Now validate it in the STS using POST
    client = webClient()
        .query("action", "validate")
        .type(MediaType.APPLICATION_XML)
        .accept(MediaType.APPLICATION_XML);

    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);

    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Validate");
    writer.writeEndElement();

    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    writer.writeCharacters(SAML2_TOKEN_TYPE);
    writer.writeEndElement();

    writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
    writer.writeStartElement("TokenWrapper");
    writer.writeCharacters(token);
    writer.writeEndElement();
    writer.writeEndElement();

    writer.writeEndElement();

    RequestSecurityTokenResponseType securityResponse = client.post(
        new DOMSource(writer.getDocument().getDocumentElement()),
        RequestSecurityTokenResponseType.class);

    assertTrue(getValidationStatus(securityResponse));

    // Check the token
    validateSAMLSecurityTokenResponse(securityResponse, true);
}
 

void doIssue(
    Element requestEl,
    Exchange exchange,
    Element binaryExchange,
    W3CDOMStreamWriter writer,
    String prefix, 
    String namespace
) throws Exception {
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeStartElement(prefix, "RequestSecurityTokenResponseCollection", namespace);
    }
    writer.writeStartElement(prefix, "RequestSecurityTokenResponse", namespace);
    
    byte clientEntropy[] = null;
    int keySize = 256;
    long ttl = 300000L;
    String tokenType = null;
    Element el = DOMUtils.getFirstElement(requestEl);
    while (el != null) {
        String localName = el.getLocalName();
        if (namespace.equals(el.getNamespaceURI())) {
            if ("Entropy".equals(localName)) {
                Element bs = DOMUtils.getFirstElement(el);
                if (bs != null) {
                    clientEntropy = Base64.decode(bs.getTextContent());
                }
            } else if ("KeySize".equals(localName)) {
                keySize = Integer.parseInt(el.getTextContent());
            } else if ("TokenType".equals(localName)) {
                tokenType = el.getTextContent();
            }
        }
        
        el = DOMUtils.getNextElement(el);
    }
    
    // Check received KeySize
    if (keySize < 128 || keySize > 512) {
        keySize = 256;
    }
    
    writer.writeStartElement(prefix, "RequestedSecurityToken", namespace);
    SecurityContextToken sct =
        new SecurityContextToken(NegotiationUtils.getWSCVersion(tokenType), writer.getDocument());
    
    Date created = new Date();
    Date expires = new Date();
    expires.setTime(created.getTime() + ttl);
    
    SecurityToken token = new SecurityToken(sct.getIdentifier(), created, expires);
    token.setToken(sct.getElement());
    token.setTokenType(sct.getTokenType());
    
    writer.getCurrentNode().appendChild(sct.getElement());
    writer.writeEndElement();        
    
    writer.writeStartElement(prefix, "RequestedAttachedReference", namespace);
    token.setAttachedReference(
        writeSecurityTokenReference(writer, "#" + sct.getID(), tokenType)
    );
    writer.writeEndElement();
    
    writer.writeStartElement(prefix, "RequestedUnattachedReference", namespace);
    token.setUnattachedReference(
        writeSecurityTokenReference(writer, sct.getIdentifier(), tokenType)
    );
    writer.writeEndElement();
    
    writeLifetime(writer, created, expires, prefix, namespace);

    byte[] secret = writeProofToken(prefix, namespace, writer, clientEntropy, keySize);
    
    token.setSecret(secret);
    ((TokenStore)exchange.get(Endpoint.class).getEndpointInfo()
            .getProperty(TokenStore.class.getName())).add(token);
    
    writer.writeEndElement();
    if (STSUtils.WST_NS_05_12.equals(namespace)) {
        writer.writeEndElement();
    }
}
 

@org.junit.Test
public void testValidateSAML2Token() throws Exception {
    WebClient client = webClient()
        .path("saml2.0")
        .accept(MediaType.APPLICATION_XML);

    // 1. Get a token via GET
    Document assertionDoc = client.get(Document.class);
    assertNotNull(assertionDoc);

    // 2. Now validate it in the STS using POST
    client = webClient()
        .query("action", "validate")
        .type(MediaType.APPLICATION_XML)
        .accept(MediaType.APPLICATION_XML);

    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", WST_NS_05_12);

    writer.writeStartElement("wst", "RequestType", WST_NS_05_12);
    writer.writeCharacters(WST_NS_05_12 + "/Validate");
    writer.writeEndElement();

    writer.writeStartElement("wst", "TokenType", WST_NS_05_12);
    String tokenType = WST_NS_05_12 + "/RSTR/Status";
    writer.writeCharacters(tokenType);
    writer.writeEndElement();

    writer.writeStartElement("wst", "ValidateTarget", WST_NS_05_12);
    StaxUtils.copy(assertionDoc.getDocumentElement(), writer);
    writer.writeEndElement();

    writer.writeEndElement();

    RequestSecurityTokenResponseType securityResponse = client.post(
        new DOMSource(writer.getDocument().getDocumentElement()),
        RequestSecurityTokenResponseType.class);

    assertTrue(getValidationStatus(securityResponse));
}
 

/**
 * Make an "Renew" invocation and return the response as a STSResponse Object
 */
public STSResponse renew(SecurityToken tok) throws Exception {
    createClient();
    BindingOperationInfo boi = findOperation("/RST/Renew");

    client.getRequestContext().putAll(ctx);
    if (isSecureConv) {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/SCT/Renew");
    } else {
        client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, namespace + "/RST/Renew");
    }

    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);
    if (context != null) {
        writer.writeAttribute(null, "Context", context);
    }
    
    String sptt = null;
    if (template != null && DOMUtils.getFirstElement(template) != null) {
        if (this.useSecondaryParameters()) {
            writer.writeStartElement("wst", "SecondaryParameters", namespace);
        }
        
        Element tl = DOMUtils.getFirstElement(template);
        while (tl != null) {
            StaxUtils.copy(tl, writer);
            if ("TokenType".equals(tl.getLocalName())) {
                sptt = DOMUtils.getContent(tl);
            }
            tl = DOMUtils.getNextElement(tl);
        }
        
        if (this.useSecondaryParameters()) {
            writer.writeEndElement();
        }
    }
    
    if (isSpnego) {
        tokenType = STSUtils.getTokenTypeSCT(namespace);
    }

    addRequestType("/Renew", writer);
    if (enableAppliesTo) {
        addAppliesTo(writer, tok.getIssuerAddress());
    }
    
    if (sptt == null) {
        addTokenType(writer);
    }
    if (isSecureConv || enableLifetime) {
        addLifetime(writer);
    }

    writer.writeStartElement("wst", "RenewTarget", namespace);
    client.getRequestContext().put(SecurityConstants.TOKEN, tok);
    StaxUtils.copy(tok.getToken(), writer);
    writer.writeEndElement();
    
    writer.writeEndElement();

    Object obj[] = client.invoke(boi, new DOMSource(writer.getDocument().getDocumentElement()));

    return new STSResponse((DOMSource)obj[0], null);
}
 

@org.junit.Test
public void testCustomParameterToRESTInterface() throws Exception {

    SpringBusFactory bf = new SpringBusFactory();
    URL busFile = CustomParameterTest.class.getResource("cxf-client.xml");

    Bus bus = bf.createBus(busFile.toString());
    BusFactory.setDefaultBus(bus);
    BusFactory.setThreadDefaultBus(bus);

    String address = "https://localhost:" + STSPORT + "/SecurityTokenServiceREST/token";
    WebClient client = WebClient.create(address, busFile.toString());

    client.type("application/xml").accept("application/xml");

    // Create RequestSecurityToken
    W3CDOMStreamWriter writer = new W3CDOMStreamWriter();
    String namespace = STSUtils.WST_NS_05_12;
    writer.writeStartElement("wst", "RequestSecurityToken", namespace);
    writer.writeNamespace("wst", namespace);

    writer.writeStartElement("wst", "RequestType", namespace);
    writer.writeCharacters(namespace + "/Issue");
    writer.writeEndElement();

    writer.writeStartElement("wst", "TokenType", namespace);
    writer.writeCharacters(SAML2_TOKEN_TYPE);
    writer.writeEndElement();

    writer.writeStartElement("wst", "Claims", namespace);
    writer.writeAttribute("Dialect", "http://schemas.xmlsoap.org/ws/2005/05/identity");
    writer.writeStartElement("ic", "ClaimType", "http://schemas.xmlsoap.org/ws/2005/05/identity");
    writer.writeAttribute("Uri", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role");
    writer.writeEndElement();
    writer.writeEndElement();

    // Add custom content to the RST
    writer.writeStartElement("", "realm", "http://cxf.apache.org/custom");
    writer.writeCharacters("custom-realm");
    writer.writeEndElement();

    writer.writeEndElement();

    Response response = client.post(new DOMSource(writer.getDocument().getDocumentElement()));

    RequestSecurityTokenResponseType securityResponse =
        response.readEntity(RequestSecurityTokenResponseType.class);

    Element assertion = validateSAMLSecurityTokenResponse(securityResponse, true);
    assertTrue(DOM2Writer.nodeToString(assertion).contains("admin-user"));

    bus.shutdown(true);
}
 

protected void addRequestType(String requestType, W3CDOMStreamWriter writer) throws XMLStreamException {
    writer.writeStartElement("wst", "RequestType", namespace);
    writer.writeCharacters(namespace + requestType);
    writer.writeEndElement();
}