/** * Get the system property value if the string is of the format ${sysproperty} * * <p>You can insert default value when the system property is not set, by separating it at the * beginning with :: * * <p><b>Examples:</b> * * <p>${idp} should resolve to a value if the system property "idp" is set. * * <p>${idp::http://localhost:8080} will resolve to http://localhost:8080 if the system property * "idp" is not set. * * @param str * @return */ public static String getSystemPropertyAsString(String str) { if (str == null) throw logger.nullArgumentError("str"); if (str.contains("${")) { Pattern pattern = Pattern.compile("\\$\\{([^}]+)}"); Matcher matcher = pattern.matcher(str); StringBuffer buffer = new StringBuffer(); String sysPropertyValue = null; while (matcher.find()) { String subString = matcher.group(1); String defaultValue = ""; // Look for default value if (subString.contains("::")) { int index = subString.indexOf("::"); defaultValue = subString.substring(index + 2); subString = subString.substring(0, index); } sysPropertyValue = SecurityActions.getSystemProperty(subString, defaultValue); if (sysPropertyValue.isEmpty()) { throw logger.systemPropertyMissingError(matcher.group(1)); } matcher.appendReplacement(buffer, sysPropertyValue); } matcher.appendTail(buffer); str = buffer.toString(); } return str; }
/** * Validate the SAML2 Document * * @param signedDocument * @param publicKey * @return * @throws ProcessingException */ public boolean validate(Document signedDocument, PublicKey publicKey) throws ProcessingException { try { configureIdAttribute(signedDocument); return XMLSignatureUtil.validate(signedDocument, publicKey); } catch (MarshalException me) { throw new ProcessingException(logger.signatureError(me)); } catch (XMLSignatureException xse) { throw new ProcessingException(logger.signatureError(xse)); } }
/** * Create a document with the root element of the form <someElement xmlns="customNamespace" * * @param baseNamespace * @return * @throws ProcessingException */ public static Document createDocumentWithBaseNamespace(String baseNamespace, String localPart) throws ProcessingException { try { DocumentBuilderFactory factory = getDocumentBuilderFactory(); DocumentBuilder builder = factory.newDocumentBuilder(); return builder.getDOMImplementation().createDocument(baseNamespace, localPart, null); } catch (DOMException e) { throw logger.processingError(e); } catch (ParserConfigurationException e) { throw logger.processingError(e); } }
/** * Get Document from an inputstream * * @param is * @return * @throws ParserConfigurationException * @throws IOException * @throws SAXException */ public static Document getDocument(InputStream is) throws ConfigurationException, ProcessingException, ParsingException { DocumentBuilderFactory factory = getDocumentBuilderFactory(); try { DocumentBuilder builder = factory.newDocumentBuilder(); return builder.parse(is); } catch (ParserConfigurationException e) { throw logger.configurationError(e); } catch (SAXException e) { throw logger.parserError(e); } catch (IOException e) { throw logger.processingError(e); } }
/** * Sign a SAML Document * * @param samlDocument * @param keypair * @throws ProcessingException */ public void signSAMLDocument(Document samlDocument, KeyPair keypair) throws ProcessingException { // Get the ID from the root String id = samlDocument.getDocumentElement().getAttribute(ID_ATTRIBUTE_NAME); try { sign(samlDocument, id, keypair); } catch (Exception e) { throw new ProcessingException(logger.signatureError(e)); } }
public static Document getDocumentFromSource(Source source) throws ProcessingException, ConfigurationException { try { Transformer transformer = TransformerUtil.getTransformer(); DOMResult result = new DOMResult(); TransformerUtil.transform(transformer, source, result); return (Document) result.getNode(); } catch (ParsingException te) { throw logger.processingError(te); } }
private static void visit(Node node, int level) { // Visit each child NodeList list = node.getChildNodes(); for (int i = 0; i < list.getLength(); i++) { // Get child node Node childNode = list.item(i); logger.trace("Node=" + childNode.getNamespaceURI() + "::" + childNode.getLocalName()); // Visit child node visit(childNode, level + 1); } }
/** * Get the {@link Source} as an {@link InputStream} * * @param source * @return * @throws ConfigurationException * @throws ProcessingException */ public static InputStream getSourceAsStream(Source source) throws ConfigurationException, ProcessingException { ByteArrayOutputStream baos = new ByteArrayOutputStream(); Result streamResult = new StreamResult(baos); // Write the DOM document to the stream Transformer transformer = TransformerUtil.getTransformer(); try { transformer.transform(source, streamResult); } catch (TransformerException e) { throw logger.processingError(e); } return new ByteArrayInputStream(baos.toByteArray()); }
/** * Marshall a DOM Element as string * * @param element * @return * @throws TransformerFactoryConfigurationError * @throws TransformerException */ public static String getDOMElementAsString(Element element) throws ProcessingException, ConfigurationException { Source source = new DOMSource(element); StringWriter sw = new StringWriter(); Result streamResult = new StreamResult(sw); // Write the DOM document to the file Transformer xformer = TransformerUtil.getTransformer(); try { xformer.transform(source, streamResult); } catch (TransformerException e) { throw logger.processingError(e); } return sw.toString(); }
@SuppressWarnings("unchecked") @Override public boolean commit() throws LoginException { boolean result = super.commit(); if (result) { SamlCredential samlCredential = null; Set<Object> creds = subject.getPublicCredentials(); for (Object cred : creds) { if (cred instanceof SamlCredential) { samlCredential = (SamlCredential) cred; break; } } if (samlCredential == null) throw logger.authSAMLCredentialNotAvailable(); Principal principal = new PicketLinkPrincipal(""); if (super.isUseFirstPass()) { this.sharedState.put("javax.security.auth.login.name", principal); super.sharedState.put("javax.security.auth.login.password", samlCredential); } } return result; }
/** * Match two strings else throw a {@link RuntimeException} * * @param first * @param second */ public static void match(String first, String second) { if (first.equals(second) == false) throw logger.notEqualError(first, second); }
public void initialize(Map<String, String> properties) { this.properties = properties; // Check for token registry String tokenRegistryOption = this.properties.get(TOKEN_REGISTRY); if (tokenRegistryOption == null) { logger.stsTokenRegistryNotSpecified(); } else { // if a file is to be used as registry, check if the user has specified the file name. if ("FILE".equalsIgnoreCase(tokenRegistryOption)) { String tokenRegistryFile = this.properties.get(TOKEN_REGISTRY_FILE); if (tokenRegistryFile != null) this.tokenRegistry = new FileBasedTokenRegistry(tokenRegistryFile); else this.tokenRegistry = new FileBasedTokenRegistry(); } else if ("JPA".equalsIgnoreCase(tokenRegistryOption)) { String tokenRegistryjpa = this.properties.get(TOKEN_REGISTRY_JPA); if (tokenRegistryjpa != null) this.tokenRegistry = new JPABasedTokenRegistry(tokenRegistryjpa); else this.tokenRegistry = new JPABasedTokenRegistry(); } else if ("JDBC".equalsIgnoreCase(tokenRegistryOption)) { String tokenRegistryjdbc = this.properties.get(TOKEN_REGISTRY_JDBC); if (tokenRegistryjdbc != null) this.tokenRegistry = new JDBCTokenRegistry(tokenRegistryjdbc); else this.tokenRegistry = new JDBCTokenRegistry(); } // the user has specified its own registry implementation class. else { try { Class<?> clazz = SecurityActions.loadClass(getClass(), tokenRegistryOption); if (clazz != null) { Object object = clazz.newInstance(); if (object instanceof SecurityTokenRegistry) this.tokenRegistry = (SecurityTokenRegistry) object; else { logger.stsTokenRegistryInvalidType(tokenRegistryOption); } } } catch (Exception pae) { logger.stsTokenRegistryInstantiationError(); pae.printStackTrace(); } } } if (this.tokenRegistry == null) tokenRegistry = new DefaultTokenRegistry(); // check if a revocation registry option has been set. String registryOption = this.properties.get(REVOCATION_REGISTRY); if (registryOption == null) { logger.stsRevocationRegistryNotSpecified(); } else { // if a file is to be used as registry, check if the user has specified the file name. if ("FILE".equalsIgnoreCase(registryOption)) { String registryFile = this.properties.get(REVOCATION_REGISTRY_FILE); if (registryFile != null) this.revocationRegistry = new FileBasedRevocationRegistry(registryFile); else this.revocationRegistry = new FileBasedRevocationRegistry(); } // another option is to use the default JPA registry to store the revoked ids. else if ("JPA".equalsIgnoreCase(registryOption)) { String configuration = this.properties.get(REVOCATION_REGISTRY_JPA_CONFIG); if (configuration != null) this.revocationRegistry = new JPABasedRevocationRegistry(configuration); else this.revocationRegistry = new JPABasedRevocationRegistry(); } else if ("JDBC".equalsIgnoreCase(registryOption)) { String configuration = this.properties.get(REVOCATION_REGISTRY_JDBC_CONFIG); if (configuration != null) this.revocationRegistry = new JDBCRevocationRegistry(configuration); else this.revocationRegistry = new JDBCRevocationRegistry(); } // the user has specified its own registry implementation class. else { try { Class<?> clazz = SecurityActions.loadClass(getClass(), registryOption); if (clazz != null) { Object object = clazz.newInstance(); if (object instanceof RevocationRegistry) this.revocationRegistry = (RevocationRegistry) object; else { logger.stsRevocationRegistryInvalidType(registryOption); } } } catch (Exception pae) { logger.stsRevocationRegistryInstantiationError(); pae.printStackTrace(); } } } if (this.revocationRegistry == null) this.revocationRegistry = new DefaultRevocationRegistry(); }
/** * Get the Handlers from the configuration * * @param is * @return * @throws ParsingException */ public static Handlers getHandlers(InputStream is) throws ParsingException { if (is == null) throw logger.nullArgumentError("inputstream"); return (Handlers) (new SAMLConfigParser()).parse(is); }
/** * Get the SP Configuration from the passed inputstream * * @param is * @return * @throws ParsingException */ public static SPType getSPConfiguration(InputStream is) throws ParsingException { if (is == null) throw logger.nullArgumentError("inputstream"); return (SPType) (new SAMLConfigParser()).parse(is); }
public static PicketLinkType getConfiguration(InputStream is) throws ParsingException { if (is == null) throw logger.nullArgumentError("inputstream"); PicketLinkConfigParser parser = new PicketLinkConfigParser(); PicketLinkType picketLinkType = (PicketLinkType) parser.parse(is); return picketLinkType; }