예제 #1
2
  protected void initializeHandlerChain(PicketLinkType picketLinkType) throws Exception {
    SAML2HandlerChain handlerChain;

    // Get the chain from config
    if (isNullOrEmpty(samlHandlerChainClass)) {
      handlerChain = SAML2HandlerChainFactory.createChain();
    } else {
      try {
        handlerChain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass);
      } catch (ProcessingException e1) {
        throw new RuntimeException(e1);
      }
    }

    Handlers handlers = picketLinkType.getHandlers();

    if (handlers == null) {
      // Get the handlers
      String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION;
      handlers =
          ConfigurationUtil.getHandlers(servletContext.getResourceAsStream(handlerConfigFileName));
    }

    picketLinkType.setHandlers(handlers);

    handlerChain.addAll(HandlerUtil.getHandlers(handlers));

    populateChainConfig(picketLinkType);
    SAML2HandlerChainConfig handlerChainConfig =
        new DefaultSAML2HandlerChainConfig(chainConfigOptions);

    Set<SAML2Handler> samlHandlers = handlerChain.handlers();

    for (SAML2Handler handler : samlHandlers) {
      handler.initChainConfig(handlerChainConfig);
    }

    chain = handlerChain;
  }
 public IDMType parseIDMConfiguration(InputStream inputStream) {
   try {
     PicketLinkConfigParser parser = new PicketLinkConfigParser();
     PicketLinkType plType = (PicketLinkType) parser.parse(inputStream);
     return plType.getIdmType();
   } catch (ParsingException pe) {
     throw new SecurityConfigurationException("Could not parse picketlink configuration", pe);
   }
 }
예제 #3
0
  protected void populateChainConfig(PicketLinkType picketLinkType)
      throws ConfigurationException, ProcessingException {
    Map<String, Object> chainConfigOptions = new HashMap<String, Object>();

    chainConfigOptions.put(GeneralConstants.CONFIGURATION, picketLinkType.getIdpOrSP());
    chainConfigOptions.put(
        GeneralConstants.ROLE_VALIDATOR_IGNORE,
        "false"); // No validator as tomcat realm does validn

    if (doSupportSignature()) {
      chainConfigOptions.put(GeneralConstants.KEYPAIR, keyManager.getSigningKeyPair());
      // If there is a need for X509Data in signedinfo
      String certificateAlias =
          (String) keyManager.getAdditionalOption(GeneralConstants.X509CERTIFICATE);
      if (certificateAlias != null) {
        chainConfigOptions.put(
            GeneralConstants.X509CERTIFICATE, keyManager.getCertificate(certificateAlias));
      }
    }

    this.chainConfigOptions = chainConfigOptions;
  }
예제 #4
0
  protected void processConfiguration(FilterConfig filterConfig) {
    InputStream is;

    if (isNullOrEmpty(this.configFile)) {
      is = servletContext.getResourceAsStream(CONFIG_FILE_LOCATION);
    } else {
      try {
        is = new FileInputStream(this.configFile);
      } catch (FileNotFoundException e) {
        throw logger.samlIDPConfigurationError(e);
      }
    }

    PicketLinkType picketLinkType;

    String configurationProviderName = filterConfig.getInitParameter(CONFIGURATION_PROVIDER);

    if (configurationProviderName != null) {
      try {
        Class<?> clazz = SecurityActions.loadClass(getClass(), configurationProviderName);

        if (clazz == null) {
          throw new ClassNotFoundException(ErrorCodes.CLASS_NOT_LOADED + configurationProviderName);
        }

        this.configProvider = (SAMLConfigurationProvider) clazz.newInstance();
      } catch (Exception e) {
        throw new RuntimeException(
            "Could not create configuration provider [" + configurationProviderName + "].", e);
      }
    }

    try {
      // Work on the IDP Configuration
      if (configProvider != null) {
        try {
          if (is == null) {
            // Try the older version
            is =
                servletContext.getResourceAsStream(
                    GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);

            // Additionally parse the deprecated config file
            if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) {
              ((AbstractSAMLConfigurationProvider) configProvider).setConfigFile(is);
            }
          } else {
            // Additionally parse the consolidated config file
            if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) {
              ((AbstractSAMLConfigurationProvider) configProvider).setConsolidatedConfigFile(is);
            }
          }

          picketLinkType = configProvider.getPicketLinkConfiguration();
          picketLinkType.setIdpOrSP(configProvider.getSPConfiguration());
        } catch (ProcessingException e) {
          throw logger.samlSPConfigurationError(e);
        } catch (ParsingException e) {
          throw logger.samlSPConfigurationError(e);
        }
      } else {
        if (is != null) {
          try {
            picketLinkType = ConfigurationUtil.getConfiguration(is);
          } catch (ParsingException e) {
            logger.trace(e);
            throw logger.samlSPConfigurationError(e);
          }
        } else {
          is = servletContext.getResourceAsStream(GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);
          if (is == null) {
            throw logger.configurationFileMissing(configFile);
          }

          picketLinkType = new PicketLinkType();

          picketLinkType.setIdpOrSP(ConfigurationUtil.getSPConfiguration(is));
        }
      }

      // Close the InputStream as we no longer need it
      if (is != null) {
        try {
          is.close();
        } catch (IOException e) {
          // ignore
        }
      }

      Boolean enableAudit = picketLinkType.isEnableAudit();

      // See if we have the system property enabled
      if (!enableAudit) {
        String sysProp = SecurityActions.getSystemProperty(GeneralConstants.AUDIT_ENABLE, "NULL");
        if (!"NULL".equals(sysProp)) {
          enableAudit = Boolean.parseBoolean(sysProp);
        }
      }

      if (enableAudit) {
        if (auditHelper == null) {
          String securityDomainName = PicketLinkAuditHelper.getSecurityDomainName(servletContext);

          auditHelper = new PicketLinkAuditHelper(securityDomainName);
        }
      }

      SPType spConfiguration = (SPType) picketLinkType.getIdpOrSP();
      processIdPMetadata(spConfiguration);

      this.serviceURL = spConfiguration.getServiceURL();
      this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod();
      this.picketLinkConfiguration = picketLinkType;

      this.issuerID = filterConfig.getInitParameter(ISSUER_ID);
      this.characterEncoding = filterConfig.getInitParameter(CHARACTER_ENCODING);
      this.samlHandlerChainClass = filterConfig.getInitParameter(SAML_HANDLER_CHAIN_CLASS);

      logger.samlSPSettingCanonicalizationMethod(canonicalizationMethod);
      XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);

      try {
        this.initKeyProvider();
        this.initializeHandlerChain(picketLinkType);
      } catch (Exception e) {
        throw new RuntimeException(e);
      }

      logger.trace("Identity Provider URL=" + getConfiguration().getIdentityURL());
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }