protected void initializeHandlerChain(PicketLinkType picketLinkType) throws Exception {
SAML2HandlerChain handlerChain;
// Get the chain from config
if (isNullOrEmpty(samlHandlerChainClass)) {
handlerChain = SAML2HandlerChainFactory.createChain();
} else {
try {
handlerChain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass);
} catch (ProcessingException e1) {
throw new RuntimeException(e1);
}
}
Handlers handlers = picketLinkType.getHandlers();
if (handlers == null) {
// Get the handlers
String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
handlers =
ConfigurationUtil.getHandlers(servletContext.getResourceAsStream(handlerConfigFileName));
}
picketLinkType.setHandlers(handlers);
handlerChain.addAll(HandlerUtil.getHandlers(handlers));
populateChainConfig(picketLinkType);
SAML2HandlerChainConfig handlerChainConfig =
new DefaultSAML2HandlerChainConfig(chainConfigOptions);
Set<SAML2Handler> samlHandlers = handlerChain.handlers();
for (SAML2Handler handler : samlHandlers) {
handler.initChainConfig(handlerChainConfig);
}
chain = handlerChain;
}
public IDMType parseIDMConfiguration(InputStream inputStream) {
try {
PicketLinkConfigParser parser = new PicketLinkConfigParser();
PicketLinkType plType = (PicketLinkType) parser.parse(inputStream);
return plType.getIdmType();
} catch (ParsingException pe) {
throw new SecurityConfigurationException("Could not parse picketlink configuration", pe);
}
}
protected void populateChainConfig(PicketLinkType picketLinkType)
throws ConfigurationException, ProcessingException {
Map<String, Object> chainConfigOptions = new HashMap<String, Object>();
chainConfigOptions.put(GeneralConstants.CONFIGURATION, picketLinkType.getIdpOrSP());
chainConfigOptions.put(
GeneralConstants.ROLE_VALIDATOR_IGNORE,
"false"); // No validator as tomcat realm does validn
if (doSupportSignature()) {
chainConfigOptions.put(GeneralConstants.KEYPAIR, keyManager.getSigningKeyPair());
// If there is a need for X509Data in signedinfo
String certificateAlias =
(String) keyManager.getAdditionalOption(GeneralConstants.X509CERTIFICATE);
if (certificateAlias != null) {
chainConfigOptions.put(
GeneralConstants.X509CERTIFICATE, keyManager.getCertificate(certificateAlias));
}
}
this.chainConfigOptions = chainConfigOptions;
}
protected void processConfiguration(FilterConfig filterConfig) {
InputStream is;
if (isNullOrEmpty(this.configFile)) {
is = servletContext.getResourceAsStream(CONFIG_FILE_LOCATION);
} else {
try {
is = new FileInputStream(this.configFile);
} catch (FileNotFoundException e) {
throw logger.samlIDPConfigurationError(e);
}
}
PicketLinkType picketLinkType;
String configurationProviderName = filterConfig.getInitParameter(CONFIGURATION_PROVIDER);
if (configurationProviderName != null) {
try {
Class<?> clazz = SecurityActions.loadClass(getClass(), configurationProviderName);
if (clazz == null) {
throw new ClassNotFoundException(ErrorCodes.CLASS_NOT_LOADED + configurationProviderName);
}
this.configProvider = (SAMLConfigurationProvider) clazz.newInstance();
} catch (Exception e) {
throw new RuntimeException(
"Could not create configuration provider [" + configurationProviderName + "].", e);
}
}
try {
// Work on the IDP Configuration
if (configProvider != null) {
try {
if (is == null) {
// Try the older version
is =
servletContext.getResourceAsStream(
GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);
// Additionally parse the deprecated config file
if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) {
((AbstractSAMLConfigurationProvider) configProvider).setConfigFile(is);
}
} else {
// Additionally parse the consolidated config file
if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) {
((AbstractSAMLConfigurationProvider) configProvider).setConsolidatedConfigFile(is);
}
}
picketLinkType = configProvider.getPicketLinkConfiguration();
picketLinkType.setIdpOrSP(configProvider.getSPConfiguration());
} catch (ProcessingException e) {
throw logger.samlSPConfigurationError(e);
} catch (ParsingException e) {
throw logger.samlSPConfigurationError(e);
}
} else {
if (is != null) {
try {
picketLinkType = ConfigurationUtil.getConfiguration(is);
} catch (ParsingException e) {
logger.trace(e);
throw logger.samlSPConfigurationError(e);
}
} else {
is = servletContext.getResourceAsStream(GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);
if (is == null) {
throw logger.configurationFileMissing(configFile);
}
picketLinkType = new PicketLinkType();
picketLinkType.setIdpOrSP(ConfigurationUtil.getSPConfiguration(is));
}
}
// Close the InputStream as we no longer need it
if (is != null) {
try {
is.close();
} catch (IOException e) {
// ignore
}
}
Boolean enableAudit = picketLinkType.isEnableAudit();
// See if we have the system property enabled
if (!enableAudit) {
String sysProp = SecurityActions.getSystemProperty(GeneralConstants.AUDIT_ENABLE, "NULL");
if (!"NULL".equals(sysProp)) {
enableAudit = Boolean.parseBoolean(sysProp);
}
}
if (enableAudit) {
if (auditHelper == null) {
String securityDomainName = PicketLinkAuditHelper.getSecurityDomainName(servletContext);
auditHelper = new PicketLinkAuditHelper(securityDomainName);
}
}
SPType spConfiguration = (SPType) picketLinkType.getIdpOrSP();
processIdPMetadata(spConfiguration);
this.serviceURL = spConfiguration.getServiceURL();
this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod();
this.picketLinkConfiguration = picketLinkType;
this.issuerID = filterConfig.getInitParameter(ISSUER_ID);
this.characterEncoding = filterConfig.getInitParameter(CHARACTER_ENCODING);
this.samlHandlerChainClass = filterConfig.getInitParameter(SAML_HANDLER_CHAIN_CLASS);
logger.samlSPSettingCanonicalizationMethod(canonicalizationMethod);
XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
try {
this.initKeyProvider();
this.initializeHandlerChain(picketLinkType);
} catch (Exception e) {
throw new RuntimeException(e);
}
logger.trace("Identity Provider URL=" + getConfiguration().getIdentityURL());
} catch (Exception e) {
throw new RuntimeException(e);
}
}
