@Override public Object toJson(String value) { try { return Base64.encode(value.getBytes("UTF-8")); } catch (UnsupportedEncodingException e) { throw new IllegalStateException("Script encoding failed", e); } }
/** * Gets a random string * * @return random string */ private static String getRandomString() { StringBuilder sb = new StringBuilder(30); byte[] keyRandom = new byte[5]; random.nextBytes(keyRandom); sb.append(System.currentTimeMillis()); sb.append(Base64.encode(keyRandom)); return (sb.toString()); }
/** * Returns Hex encoded source ID based on the input Base64 source ID. <br> * Usage: java com.sun.identity.saml.common.Base64ToHex <Base64_encoded_id><br> * This method will print out Hex encoded source ID to the standard output. * * @param args Hex encoded source ID. */ public static void main(String args[]) throws Exception { if (args.length != 1) { System.out.println("Usage: java Base64ToHex <Base64_encoded_id>"); return; } String inputString = args[0]; Base64 decoder = new Base64(); byte[] byteArray = decoder.decode(inputString); int readBytes = byteArray.length; StringBuffer hexData = new StringBuffer(); int onebyte; for (int i = 0; i < readBytes; i++) { onebyte = ((0x000000ff & byteArray[i]) | 0xffffff00); hexData.append(Integer.toHexString(onebyte).substring(6)); } System.out.println(hexData.toString()); }
public static String buildX509Certificate(String certAlias) throws SAML2MetaException { if ((certAlias == null) || (certAlias.trim().length() == 0)) { return null; } X509Certificate cert = KeyUtil.getKeyProviderInstance().getX509Certificate(certAlias); if (cert != null) { try { return Base64.encode(cert.getEncoded(), true); } catch (Exception ex) { if (debug.messageEnabled()) { debug.message("SAML2MetaSecurityUtils.buildX509Certificate:", ex); } } } Object[] objs = {certAlias}; throw new SAML2MetaException("invalid_cert_alias", objs); }
/** * Helper function to retrieve a field from the provided request's query parameters. This exists * for the old-style interfaces, and takes the parameter name as an argument also. * * <p>If the queryParameters contain the "encoded" parameter, then the result is Base64 decoded * before being returned. * * @param request Request containing the parameters to retrieve. * @param paramName The name of the parameter whose value to (possibly decode) return. * @return The (possibly decoded) value of the paramName's key within the requests's query * parameters. */ public String getAndDecodeParameter(HttpServletRequest request, String paramName) { String value = request.getParameter(paramName); if (value == null) { return null; } String encoded = request.getParameter("encoded"); if (Boolean.parseBoolean(encoded)) { String decodedParameterValue = Base64.decodeAsUTF8String(value); if (decodedParameterValue == null && DEBUG.warningEnabled()) { DEBUG.warning( "As parameter 'encoded' is true, parameter ['{}']='{}' should be base64 encoded", paramName, value); } return decodedParameterValue; } else { return value; } }
/** {@inheritDoc} */ public DeviceCode createDeviceCode( Set<String> scope, String clientId, String nonce, String responseType, String state, String acrValues, String prompt, String uiLocales, String loginHint, Integer maxAge, String claims, OAuth2Request request, String codeChallenge, String codeChallengeMethod) throws ServerException, NotFoundException { logger.message("DefaultOAuthTokenStoreImpl::Creating Authorization code"); final OAuth2ProviderSettings providerSettings = providerSettingsFactory.get(request); final String deviceCode = UUID.randomUUID().toString(); String userCode = null; int i; for (i = 0; userCode == null && i < 10; i++) { // A 6-byte array will result in an 8-char Base64 user code. byte[] randomBytes = new byte[6]; secureRandom.nextBytes(randomBytes); userCode = Base64.encode(randomBytes); try { readDeviceCode(userCode, request); // code can be found - try again } catch (InvalidGrantException e) { // Good, it doesn't exist yet. break; } catch (ServerException e) { logger.message("Could not query CTS, assume duplicate to be safe", e); } userCode = null; } if (i == 10) { throw new ServerException("Could not generate a unique user code"); } long expiryTime = System.currentTimeMillis() + (1000 * providerSettings.getDeviceCodeLifetime()); final DeviceCode code = new DeviceCode( deviceCode, userCode, clientId, nonce, responseType, state, acrValues, prompt, uiLocales, loginHint, maxAge, claims, expiryTime, scope, realmNormaliser.normalise(request.<String>getParameter(REALM)), codeChallenge, codeChallengeMethod); // Store in CTS try { tokenStore.create(code); if (auditLogger.isAuditLogEnabled()) { String[] obs = {"CREATED_DEVICE_CODE", code.toString()}; auditLogger.logAccessMessage("CREATED_DEVICE_CODE", obs, null); } } catch (CoreTokenException e) { if (auditLogger.isAuditLogEnabled()) { String[] obs = {"FAILED_CREATE_DEVICE_CODE", code.toString()}; auditLogger.logErrorMessage("FAILED_CREATE_DEVICE_CODE", obs, null); } logger.error("Unable to create device code " + code, e); throw new ServerException("Could not create token in CTS"); } request.setToken(DeviceCode.class, code); return code; }
@Override public String fromJson(Object json) { String decodedValue = Base64.decodeAsUTF8String((String) json); return decodedValue == null ? "" : decodedValue; }
/** * Initiates <code>SAML</code> web browser POST profile. This method takes in a TARGET in the * request, creates a SAMLResponse, then redirects user to the destination site. * * @param request <code>HttpServletRequest</code> instance * @param response <code>HttpServletResponse</code> instance * @throws ServletException if there is an error. * @throws IOException if there is an error. */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { if ((request == null) || (response == null)) { String[] data = {SAMLUtils.bundle.getString("nullInputParameter")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter")); return; } SAMLUtils.checkHTTPContentLength(request); // get Session Object token = getSession(request); if (token == null) { response.sendRedirect(SAMLUtils.getLoginRedirectURL(request)); return; } // obtain TARGET String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM); if (target == null || target.length() == 0) { String[] data = {SAMLUtils.bundle.getString("missingTargetSite")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data, token); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite")); return; } // Get the Destination site Entry // find the destSite POST URL, which is the Receipient SAMLServiceManager.SiteEntry destSite = getDestSite(target); String destSiteUrl = null; if ((destSite == null) || ((destSiteUrl = destSite.getPOSTUrl()) == null)) { String[] data = {SAMLUtils.bundle.getString("targetForbidden"), target}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.TARGET_FORBIDDEN, data, token); SAMLUtils.sendError( request, response, response.SC_BAD_REQUEST, "targetForbidden", SAMLUtils.bundle.getString("targetForbidden") + " " + target); return; } Response samlResponse = null; try { String version = destSite.getVersion(); int majorVersion = SAMLConstants.PROTOCOL_MAJOR_VERSION; int minorVersion = SAMLConstants.PROTOCOL_MINOR_VERSION; if (version != null) { StringTokenizer st = new StringTokenizer(version, "."); if (st.countTokens() == 2) { majorVersion = Integer.parseInt(st.nextToken().trim()); minorVersion = Integer.parseInt(st.nextToken().trim()); } } // create assertion AssertionManager am = AssertionManager.getInstance(); SessionProvider sessionProvider = SessionManager.getProvider(); Assertion assertion = am.createSSOAssertion( sessionProvider.getSessionID(token), null, request, response, destSite.getSourceID(), target, majorVersion + "." + minorVersion); // create SAMLResponse StatusCode statusCode = new StatusCode(SAMLConstants.STATUS_CODE_SUCCESS); Status status = new Status(statusCode); List contents = new ArrayList(); contents.add(assertion); samlResponse = new Response(null, status, destSiteUrl, contents); samlResponse.setMajorVersion(majorVersion); samlResponse.setMinorVersion(minorVersion); } catch (SessionException sse) { SAMLUtils.debug.error( "SAMLPOSTProfileServlet.doGet: Exception " + "Couldn't get SessionProvider:", sse); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", sse.getMessage()); return; } catch (NumberFormatException ne) { SAMLUtils.debug.error( "SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", ne); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", ne.getMessage()); return; } catch (SAMLException se) { SAMLUtils.debug.error( "SAMLPOSTProfileServlet.doGet: Exception " + "when creating Response: ", se); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "couldNotCreateResponse", se.getMessage()); return; } // sign the samlResponse byte signedBytes[] = null; try { samlResponse.signXML(); if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message( "SAMLPOSTProfileServlet.doGet: " + "signed samlResponse is" + samlResponse.toString(true, true, true)); } signedBytes = SAMLUtils.getResponseBytes(samlResponse); } catch (Exception e) { SAMLUtils.debug.error( "SAMLPOSTProfileServlet.doGet: Exception " + "when signing the response:", e); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorSigningResponse", SAMLUtils.bundle.getString("errorSigningResponse")); return; } // base64 encode the signed samlResponse String encodedResponse = null; try { encodedResponse = Base64.encode(signedBytes, true).trim(); } catch (Exception e) { SAMLUtils.debug.error( "SAMLPOSTProfileServlet.doGet: Exception " + "when encoding the response:", e); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "errorEncodeResponse", SAMLUtils.bundle.getString("errorEncodeResponse")); return; } if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) { String[] data = { SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl, new String(signedBytes, "UTF-8") }; LogUtils.access(java.util.logging.Level.FINE, LogUtils.REDIRECT_TO_URL, data, token); } else { String[] data = {SAMLUtils.bundle.getString("redirectTo"), target, destSiteUrl}; LogUtils.access(java.util.logging.Level.INFO, LogUtils.REDIRECT_TO_URL, data, token); } response.setContentType("text/html; charset=UTF-8"); PrintWriter out = response.getWriter(); out.println("<HTML>"); out.println("<BODY Onload=\"document.forms[0].submit()\">"); out.println("<FORM METHOD=\"POST\" ACTION=\"" + destSiteUrl + "\">"); out.println("<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_SAML_RESPONSE_PARAM + "\" "); out.println("VALUE=\"" + encodedResponse + "\">"); out.println( "<INPUT TYPE=\"HIDDEN\" NAME=\"" + SAMLConstants.POST_TARGET_PARAM + "\" VALUE=\"" + target + "\"> </FORM>"); out.println("</BODY></HTML>"); out.close(); }
/** * This method processes TARGET and SAMLResponse info from the request, validates the * response/assertion(s), then redirects user to the TARGET resource if all are valid. * * @param request <code>HttpServletRequest</code> instance * @param response <code>HttpServletResponse</code> instance * @throws ServletException if there is an error. * @throws IOException if there is an error. */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html; charset=UTF-8"); if ((request == null) || (response == null)) { String[] data = {SAMLUtils.bundle.getString("nullInputParameter")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.NULL_PARAMETER, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "nullInputParameter", SAMLUtils.bundle.getString("nullInputParameter")); return; } SAMLUtils.checkHTTPContentLength(request); // obtain TARGET String target = request.getParameter(SAMLConstants.POST_TARGET_PARAM); if (target == null || target.length() == 0) { String[] data = {SAMLUtils.bundle.getString("missingTargetSite")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_TARGET, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "missingTargetSite", SAMLUtils.bundle.getString("missingTargetSite")); return; } // obtain SAMLResponse String samlResponse = request.getParameter(SAMLConstants.POST_SAML_RESPONSE_PARAM); if (samlResponse == null) { String[] data = {SAMLUtils.bundle.getString("missingSAMLResponse")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.MISSING_RESPONSE, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "missingSAMLResponse", SAMLUtils.bundle.getString("missingSAMLResponse")); return; } // decode the Response byte raw[] = null; try { raw = Base64.decode(samlResponse); } catch (Exception e) { SAMLUtils.debug.error( "SAMLPOSTProfileServlet.doPost: Exception " + "when decoding SAMLResponse:", e); SAMLUtils.sendError( request, response, response.SC_INTERNAL_SERVER_ERROR, "errorDecodeResponse", SAMLUtils.bundle.getString("errorDecodeResponse")); return; } // Get Response back Response sResponse = SAMLUtils.getResponse(raw); if (sResponse == null) { String[] data = {SAMLUtils.bundle.getString("errorObtainResponse")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.RESPONSE_MESSAGE_ERROR, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "errorObtainResponse", SAMLUtils.bundle.getString("errorObtainResponse")); return; } if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: Received " + sResponse.toString()); } // verify that Response is correct StringBuffer requestUrl = request.getRequestURL(); if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("SAMLPOSTProfileServlet.doPost: " + "requestUrl=" + requestUrl); } boolean valid = SAMLUtils.verifyResponse(sResponse, requestUrl.toString(), request); if (!valid) { String[] data = {SAMLUtils.bundle.getString("invalidResponse")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.INVALID_RESPONSE, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_BAD_REQUEST, "invalidResponse", SAMLUtils.bundle.getString("invalidResponse")); return; } Map attrMap = null; List assertions = null; javax.security.auth.Subject authSubject = null; try { Map sessionAttr = SAMLUtils.processResponse(sResponse, target); Object token = SAMLUtils.generateSession(request, response, sessionAttr); } catch (Exception ex) { SAMLUtils.debug.error("generateSession: ", ex); String[] data = {SAMLUtils.bundle.getString("failedCreateSSOToken")}; LogUtils.error(java.util.logging.Level.INFO, LogUtils.FAILED_TO_CREATE_SSO_TOKEN, data); SAMLUtils.sendError( request, response, HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "failedCreateSSOToken", ex.getMessage()); ; return; } if (LogUtils.isAccessLoggable(java.util.logging.Level.FINE)) { String[] data = {SAMLUtils.bundle.getString("accessGranted"), new String(raw, "UTF-8")}; LogUtils.access(java.util.logging.Level.FINE, LogUtils.ACCESS_GRANTED, data); } else { String[] data = {SAMLUtils.bundle.getString("accessGranted")}; LogUtils.access(java.util.logging.Level.INFO, LogUtils.ACCESS_GRANTED, data); } if (SAMLUtils.postYN(target)) { if (SAMLUtils.debug.messageEnabled()) { SAMLUtils.debug.message("POST to target:" + target); } SAMLUtils.postToTarget(response, assertions, target, attrMap); } else { response.setHeader("Location", target); response.sendRedirect(target); } }