예제 #1
0
  protected IDPSSODescriptorType getIdpMetadataFromFile(SPType configuration) {
    InputStream is = this.servletContext.getResourceAsStream(configuration.getIdpMetadataFile());
    if (is == null) {
      return null;
    }

    Object metadata = null;
    try {
      Document samlDocument = DocumentUtil.getDocument(is);
      SAMLParser parser = new SAMLParser();
      metadata = parser.parse(DocumentUtil.getNodeAsStream(samlDocument));
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
    IDPSSODescriptorType idpSSO = null;
    if (metadata instanceof EntitiesDescriptorType) {
      EntitiesDescriptorType entities = (EntitiesDescriptorType) metadata;
      idpSSO = handleMetadata(entities);
    } else {
      idpSSO = handleMetadata((EntityDescriptorType) metadata);
    }
    if (idpSSO == null) {
      logger.samlSPUnableToGetIDPDescriptorFromMetadata();
      return idpSSO;
    }

    return idpSSO;
  }
예제 #2
0
  /**
   * Send a response
   *
   * @param holder
   * @throws GeneralSecurityException
   * @throws IOException
   */
  public void send(WebRequestUtilHolder holder) throws GeneralSecurityException, IOException {
    Document responseDoc = holder.getResponseDoc();

    if (responseDoc == null) throw logger.nullValueError("responseType");

    String destination = holder.getDestination();
    String relayState = holder.getRelayState();
    boolean supportSignature = holder.isSupportSignature();
    boolean sendRequest = holder.isAreWeSendingRequest();
    HttpServletResponse response = holder.getServletResponse();
    boolean isErrorResponse = holder.isErrorResponse();

    if (holder.isPostBindingRequested() == false && !holder.isStrictPostBinding()) {
      String finalDest = null;

      // This is the case with whole queryString including signature already generated by
      // SAML2SignatureGenerationHandler
      if (holder.getDestinationQueryStringWithSignature() != null) {
        finalDest = destination + "?" + holder.getDestinationQueryStringWithSignature();
      }
      // This is the case without signature
      else {
        byte[] responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");

        String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseBytes);

        if (isNotNull(relayState)) relayState = RedirectBindingUtil.urlEncode(relayState);

        finalDest =
            destination
                + getDestination(
                    urlEncodedResponse, relayState, supportSignature, sendRequest, isErrorResponse);
      }

      logger.trace("Destination = " + finalDest);
      HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
    } else {
      if (logger.isTraceEnabled()) {
        logger.trace("SAML Response Document: " + DocumentUtil.asString(responseDoc));
      }

      byte[] responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");

      String samlResponse = PostBindingUtil.base64Encode(new String(responseBytes));

      PostBindingUtil.sendPost(
          new DestinationInfoHolder(destination, samlResponse, relayState), response, sendRequest);
    }
  }
예제 #3
0
  protected void sendHttpRedirectRequest(
      String destination,
      Document samlDocument,
      String relayState,
      HttpServletResponse response,
      boolean willSendRequest,
      String destinationQueryStringWithSignature)
      throws IOException, ProcessingException, ConfigurationException {
    String destinationQueryString = null;

    // We already have queryString with signature from SAML2SignatureGenerationHandler
    if (destinationQueryStringWithSignature != null) {
      destinationQueryString = destinationQueryStringWithSignature;
    } else {
      String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
      String base64Request =
          RedirectBindingUtil.deflateBase64URLEncode(samlMessage.getBytes("UTF-8"));
      destinationQueryString =
          RedirectBindingUtil.getDestinationQueryString(base64Request, relayState, willSendRequest);
    }

    RedirectBindingUtil.RedirectBindingUtilDestHolder holder =
        new RedirectBindingUtil.RedirectBindingUtilDestHolder();

    holder.setDestination(destination).setDestinationQueryString(destinationQueryString);

    HTTPRedirectUtil.sendRedirectForRequestor(
        RedirectBindingUtil.getDestinationURL(holder), response);
  }
예제 #4
0
  public void testStringConstructor() throws Exception {
    final SamlCredential samlPrincipal =
        new SamlCredential(DocumentUtil.getNodeAsString(assertionElement));

    final InputSource actual =
        new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
    XMLAssert.assertXMLEqual(expectedAssertion, actual);
  }
예제 #5
0
 public void setUp() throws Exception {
   XMLUnit.setIgnoreWhitespace(true);
   final Document assertionDoc =
       DocumentUtil.getDocument(getClass().getResourceAsStream("/wstrust/assertion.xml"));
   assertionElement = (Element) assertionDoc.getFirstChild();
   expectedAssertion =
       new InputSource(getClass().getResourceAsStream("/wstrust/assertion-expected.xml"));
 }
예제 #6
0
  protected void sendHttpPostBindingRequest(
      String destination,
      Document samlDocument,
      String relayState,
      HttpServletResponse response,
      boolean willSendRequest)
      throws ProcessingException, IOException, ConfigurationException {
    String samlMessage =
        PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));

    DestinationInfoHolder destinationHolder =
        new DestinationInfoHolder(destination, samlMessage, relayState);

    PostBindingUtil.sendPost(destinationHolder, response, willSendRequest);
  }
예제 #7
0
  private Document toSAMLResponseDocument(String samlResponse, boolean isPostBinding)
      throws ParsingException {
    InputStream dataStream = null;

    if (isPostBinding) {
      // deal with SAML response from IDP
      dataStream = PostBindingUtil.base64DecodeAsStream(samlResponse);
    } else {
      // deal with SAML response from IDP
      dataStream = RedirectBindingUtil.base64DeflateDecode(samlResponse);
    }

    try {
      return DocumentUtil.getDocument(dataStream);
    } catch (Exception e) {
      logger.samlResponseFromIDPParsingFailed();
      throw new ParsingException("", e);
    }
  }
예제 #8
0
  protected void sendToDestination(
      Document samlDocument,
      String relayState,
      String destination,
      HttpServletResponse response,
      boolean request)
      throws IOException, SAXException, GeneralSecurityException {
    if (!ignoreSignatures) {
      SAML2Signature samlSignature = new SAML2Signature();

      Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument);
      if (nextSibling != null) {
        samlSignature.setNextSibling(nextSibling);
      }
      KeyPair keypair = keyManager.getSigningKeyPair();
      samlSignature.signSAMLDocument(samlDocument, keypair);
    }
    String samlMessage =
        PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
    PostBindingUtil.sendPost(
        new DestinationInfoHolder(destination, samlMessage, relayState), response, request);
  }
예제 #9
0
  /**
   * Creates a {@code KeyInfoType} that wraps the specified secret. If the {@code encryptionKey}
   * parameter is not null, the secret is encrypted using the specified public key before it is set
   * in the {@code KeyInfoType}.
   *
   * @param secret a {@code byte[]} representing the secret (symmetric key).
   * @param encryptionKey the {@code PublicKey} that must be used to encrypt the secret.
   * @param keyWrapAlgo the key wrap algorithm to be used.
   * @return the constructed {@code KeyInfoType} instance.
   * @throws WSTrustException if an error occurs while creating the {@code KeyInfoType} object.
   */
  public static KeyInfoType createKeyInfo(byte[] secret, PublicKey encryptionKey, URI keyWrapAlgo)
      throws WSTrustException {
    KeyInfoType keyInfo = null;

    // if a public key has been specified, encrypt the secret using the public key.
    if (encryptionKey != null) {
      try {
        Document document = DocumentUtil.createDocument();
        // TODO: XMLEncryptionUtil should allow for the specification of the key wrap algorithm.
        EncryptedKey key =
            XMLEncryptionUtil.encryptKey(
                document, new SecretKeySpec(secret, "AES"), encryptionKey, secret.length * 8);
        Element encryptedKeyElement = XMLCipher.getInstance().martial(key);
        keyInfo = new KeyInfoType();
        keyInfo.addContent(encryptedKeyElement);
      } catch (Exception e) {
        throw logger.stsKeyInfoTypeCreationError(e);
      }
    } else {
      logger.stsSecretKeyNotEncrypted();
    }
    return keyInfo;
  }