예제 #1
0
 static {
   try {
     DefaultBootstrap.bootstrap();
   } catch (ConfigurationException e) {
     throw new IllegalStateException(e);
   }
 }
 @BeforeClass
 public static void initializeOpenSAML() throws Exception {
   DocumentBuilderFactory newFactory = DocumentBuilderFactory.newInstance();
   System.out.println(newFactory.getClass().getName());
   DefaultBootstrap.bootstrap();
   builderFactory = Configuration.getBuilderFactory();
 }
 static {
   try {
     DefaultBootstrap.bootstrap();
   } catch (ConfigurationException e) {
     log.error("SAMLTokenConsumerBootstrapFailure", e);
     throw new RuntimeException(e);
   }
 }
  private void initSAML2()
      throws ConfigurationException, ConfigXMLParsingException, MetadataProviderException {
    if (logger.isDebugEnabled()) {
      logger.debug("initSAML2() - start"); // $NON-NLS-1$
    }

    //
    //		 One-time init code here
    //

    DefaultBootstrap.bootstrap();

    StorageService<String, ReplayCacheEntry> storageEngine =
        new MapBasedStorageService<String, ReplayCacheEntry>();
    ReplayCache replayCache = new ReplayCache(storageEngine, 60 * 1000 * replayMinutes);
    replayRule = new MessageReplayRule(replayCache);

    //		 Get the private key that corresponds to a public key that may
    //		 have been used by other parties for encryption
    Credential decryptionCredential =
        getDecryptionCredential(decryptionKey.getKeystore(), localEntityId);

    List<Credential> localCredentials = new ArrayList<Credential>();
    localCredentials.add(decryptionCredential);

    CollectionCredentialResolver localCredResolver =
        new CollectionCredentialResolver(localCredentials);

    //		Support EncryptedKey/KeyInfo containing decryption key hints via
    //		KeyValue/RSAKeyValue and X509Data/X509Certificate
    List<KeyInfoProvider> kiProviders = new ArrayList<KeyInfoProvider>();
    kiProviders.add(new RSAKeyValueProvider());
    kiProviders.add(new InlineX509DataProvider());

    //		Resolves local credentials by using information in the EncryptedKey/KeyInfo to query the
    // supplied
    //		local credential resolver.
    kekResolver = new LocalKeyInfoCredentialResolver(kiProviders, localCredResolver);

    //		Supports resolution of EncryptedKeys by 3 common placement mechanisms
    encryptedKeyResolver = new ChainingEncryptedKeyResolver();
    encryptedKeyResolver.getResolverChain().add(new InlineEncryptedKeyResolver());
    encryptedKeyResolver.getResolverChain().add(new EncryptedElementTypeEncryptedKeyResolver());
    encryptedKeyResolver.getResolverChain().add(new SimpleRetrievalMethodEncryptedKeyResolver());

    // siginingCredential =
    // getVerificationCredential(signingKey.getKeystore(),signingKey.getEntityId());

    MetadataProvider mdProvider = getMetadataProvider();
    MetadataCredentialResolver mdCredResolver = new MetadataCredentialResolver(mdProvider);
    KeyInfoCredentialResolver keyInfoCredResolver =
        Configuration.getGlobalSecurityConfiguration().getDefaultKeyInfoCredentialResolver();
    trustEngine = new CustomKeySignatureTrustEngine(mdCredResolver, keyInfoCredResolver);

    if (logger.isDebugEnabled()) {
      logger.debug("initSAML2() - end"); // $NON-NLS-1$
    }
  }
 /**
  * Initializes the OpenSAML2 library, if it is not initialized yet.
  *
  * <p>Calls the bootstrap method of {@code DefaultBootstrap}.
  *
  * @throws SSOException if an error occurs when bootstrapping the OpenSAML2 library
  */
 protected static void doBootstrap() throws SSOException {
   if (!isBootStrapped) {
     try {
       DefaultBootstrap.bootstrap();
       isBootStrapped = true;
     } catch (ConfigurationException e) {
       throw new SSOException("Error in bootstrapping the OpenSAML2 library", e);
     }
   }
 }
예제 #6
0
  /**
   * @param args
   * @throws ValidationException
   * @throws IOException
   * @throws MarshallingException
   * @throws BindingException
   * @throws ConfigurationException
   */
  public static void main(final String[] args)
      throws BindingException, MarshallingException, IOException, ValidationException,
          ConfigurationException {

    DefaultBootstrap.bootstrap();

    final AuthnRequestDriver authn = new AuthnRequestDriver();

    final String authnRequest2String = authn.buildAuthnRequest2String();
    System.out.println(authnRequest2String);
  }
예제 #7
0
 /**
  * This method is used to initialize the OpenSAML2 library. It calls the bootstrap method, if it
  * is not initialized yet.
  */
 public static void doBootstrap() {
   if (!bootStrapped) {
     try {
       DefaultBootstrap.bootstrap();
       bootStrapped = true;
     } catch (ConfigurationException e) {
       System.err.println("Error in bootstrapping the OpenSAML2 library");
       e.printStackTrace();
     }
   }
 }
  public static void doBootstrap() {

    /* Initializing the OpenSAML library */
    if (!bootStrapped) {
      try {
        DefaultBootstrap.bootstrap();
        bootStrapped = true;
      } catch (ConfigurationException e) {
        log.error("Error in bootstrapping the OpenSAML2 library", e);
      }
    }
  }
예제 #9
0
  @Override
  protected void internalInit() {

    CommonHelper.assertTrue(
        CommonHelper.isNotBlank(this.idpMetadata) || CommonHelper.isNotBlank(this.idpMetadataPath),
        "Either idpMetadata or idpMetadataPath must be provided");
    CommonHelper.assertNotBlank("callbackUrl", this.callbackUrl);
    if (!this.callbackUrl.startsWith("http")) {
      throw new TechnicalException("SAML callbackUrl must be absolute");
    }

    if (CommonHelper.isNotBlank(this.keystorePath)
        || CommonHelper.isNotBlank(this.keystorePassword)
        || CommonHelper.isNotBlank(this.privateKeyPassword)) {
      CommonHelper.assertNotBlank("keystorePath", this.keystorePath);
      CommonHelper.assertNotBlank("keystorePassword", this.keystorePassword);
      CommonHelper.assertNotBlank("privateKeyPassword", this.privateKeyPassword);

      // load private key from the keystore and provide it as OpenSAML credentials
      this.credentialProvider =
          new CredentialProvider(this.keystorePath, this.keystorePassword, this.privateKeyPassword);
      this.decrypter = new EncryptionProvider(this.credentialProvider).buildDecrypter();
    }

    // Bootsrap OpenSAML
    try {
      DefaultBootstrap.bootstrap();
      NamedKeyInfoGeneratorManager manager =
          Configuration.getGlobalSecurityConfiguration().getKeyInfoGeneratorManager();
      X509KeyInfoGeneratorFactory generator = new X509KeyInfoGeneratorFactory();
      generator.setEmitEntityCertificate(true);
      generator.setEmitEntityCertificateChain(true);
      manager.registerFactory(Saml2Client.SAML_METADATA_KEY_INFO_GENERATOR, generator);
    } catch (ConfigurationException e) {
      throw new SamlException("Error bootstrapping OpenSAML", e);
    }

    // required parserPool for XML processing
    final StaticBasicParserPool parserPool = newStaticBasicParserPool();
    final AbstractMetadataProvider idpMetadataProvider = idpMetadataProvider(parserPool);

    final XMLObject md;
    try {
      md = idpMetadataProvider.getMetadata();
    } catch (MetadataProviderException e) {
      throw new SamlException("Error initializing idpMetadataProvider", e);
    }

    // If no idpEntityId declared, select first EntityDescriptor entityId as our IDP entityId
    if (this.idpEntityId == null) {
      this.idpEntityId = getIdpEntityId(md);
    }

    // Generate our Service Provider metadata
    Saml2MetadataGenerator metadataGenerator = new Saml2MetadataGenerator();
    if (this.credentialProvider != null) {
      metadataGenerator.setCredentialProvider(this.credentialProvider);
      metadataGenerator.setAuthnRequestSigned(true);
    }
    // If the spEntityId is blank, use the callback url
    if (CommonHelper.isBlank(this.spEntityId)) {
      this.spEntityId = getCallbackUrl();
    }
    metadataGenerator.setEntityId(this.spEntityId);
    // Assertion consumer service url is the callback url
    metadataGenerator.setAssertionConsumerServiceUrl(getCallbackUrl());
    // for now same for logout url
    metadataGenerator.setSingleLogoutServiceUrl(getCallbackUrl());
    AbstractMetadataProvider spMetadataProvider = metadataGenerator.buildMetadataProvider();

    // Initialize metadata provider for our SP and get the XML as a String
    try {
      spMetadataProvider.initialize();
      this.spMetadata = metadataGenerator.printMetadata();
    } catch (MetadataProviderException e) {
      throw new TechnicalException("Error initializing spMetadataProvider", e);
    } catch (MarshallingException e) {
      logger.warn("Unable to print SP metadata", e);
    }

    // Put IDP and SP metadata together
    ChainingMetadataProvider metadataManager = new ChainingMetadataProvider();
    try {
      metadataManager.addMetadataProvider(idpMetadataProvider);
      metadataManager.addMetadataProvider(spMetadataProvider);
    } catch (MetadataProviderException e) {
      throw new TechnicalException("Error adding idp or sp metadatas to manager", e);
    }

    // Build the contextProvider
    this.contextProvider =
        new Saml2ContextProvider(metadataManager, this.idpEntityId, this.spEntityId);

    // Get an AuthnRequest builder
    this.authnRequestBuilder =
        new Saml2AuthnRequestBuilder(forceAuth, comparisonType, destinationBindingType);

    // Build the WebSSO handler for sending and receiving SAML2 messages
    MessageEncoder encoder = null;
    if (SAMLConstants.SAML2_POST_BINDING_URI.equals(destinationBindingType)) {
      // Get a velocity engine for the HTTP-POST binding (building of an HTML document)
      VelocityEngine velocityEngine = VelocityEngineFactory.getEngine();
      encoder = new HTTPPostEncoder(velocityEngine, "/templates/saml2-post-binding.vm");
    } else if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(destinationBindingType)) {
      encoder = new HTTPRedirectDeflateEncoder();
    } else {
      throw new UnsupportedOperationException(
          "Binding type - " + destinationBindingType + " is not supported");
    }

    // Do we need binding specific decoder?
    MessageDecoder decoder = new Pac4jHTTPPostDecoder(parserPool);
    this.handler =
        new Saml2WebSSOProfileHandler(
            this.credentialProvider, encoder, decoder, parserPool, destinationBindingType);

    // Build provider for digital signature validation and encryption
    this.signatureTrustEngineProvider = new SignatureTrustEngineProvider(metadataManager);

    // Build the SAML response validator
    this.responseValidator = new Saml2ResponseValidator();
    if (this.maximumAuthenticationLifetime != null) {
      this.responseValidator.setMaximumAuthenticationLifetime(this.maximumAuthenticationLifetime);
    }
  }