Exemplo n.º 1
0
  /**
   * Get the system property value if the string is of the format ${sysproperty}
   *
   * <p>You can insert default value when the system property is not set, by separating it at the
   * beginning with ::
   *
   * <p><b>Examples:</b>
   *
   * <p>${idp} should resolve to a value if the system property "idp" is set.
   *
   * <p>${idp::http://localhost:8080} will resolve to http://localhost:8080 if the system property
   * "idp" is not set.
   *
   * @param str
   * @return
   */
  public static String getSystemPropertyAsString(String str) {
    if (str == null) throw logger.nullArgumentError("str");
    if (str.contains("${")) {
      Pattern pattern = Pattern.compile("\\$\\{([^}]+)}");
      Matcher matcher = pattern.matcher(str);

      StringBuffer buffer = new StringBuffer();
      String sysPropertyValue = null;

      while (matcher.find()) {
        String subString = matcher.group(1);
        String defaultValue = "";

        // Look for default value
        if (subString.contains("::")) {
          int index = subString.indexOf("::");
          defaultValue = subString.substring(index + 2);
          subString = subString.substring(0, index);
        }
        sysPropertyValue = SecurityActions.getSystemProperty(subString, defaultValue);
        if (sysPropertyValue.isEmpty()) {
          throw logger.systemPropertyMissingError(matcher.group(1));
        }
        matcher.appendReplacement(buffer, sysPropertyValue);
      }

      matcher.appendTail(buffer);
      str = buffer.toString();
    }
    return str;
  }
Exemplo n.º 2
0
 /**
  * Validate the SAML2 Document
  *
  * @param signedDocument
  * @param publicKey
  * @return
  * @throws ProcessingException
  */
 public boolean validate(Document signedDocument, PublicKey publicKey) throws ProcessingException {
   try {
     configureIdAttribute(signedDocument);
     return XMLSignatureUtil.validate(signedDocument, publicKey);
   } catch (MarshalException me) {
     throw new ProcessingException(logger.signatureError(me));
   } catch (XMLSignatureException xse) {
     throw new ProcessingException(logger.signatureError(xse));
   }
 }
Exemplo n.º 3
0
 /**
  * Create a document with the root element of the form &lt;someElement xmlns="customNamespace"
  *
  * @param baseNamespace
  * @return
  * @throws ProcessingException
  */
 public static Document createDocumentWithBaseNamespace(String baseNamespace, String localPart)
     throws ProcessingException {
   try {
     DocumentBuilderFactory factory = getDocumentBuilderFactory();
     DocumentBuilder builder = factory.newDocumentBuilder();
     return builder.getDOMImplementation().createDocument(baseNamespace, localPart, null);
   } catch (DOMException e) {
     throw logger.processingError(e);
   } catch (ParserConfigurationException e) {
     throw logger.processingError(e);
   }
 }
Exemplo n.º 4
0
 /**
  * Get Document from an inputstream
  *
  * @param is
  * @return
  * @throws ParserConfigurationException
  * @throws IOException
  * @throws SAXException
  */
 public static Document getDocument(InputStream is)
     throws ConfigurationException, ProcessingException, ParsingException {
   DocumentBuilderFactory factory = getDocumentBuilderFactory();
   try {
     DocumentBuilder builder = factory.newDocumentBuilder();
     return builder.parse(is);
   } catch (ParserConfigurationException e) {
     throw logger.configurationError(e);
   } catch (SAXException e) {
     throw logger.parserError(e);
   } catch (IOException e) {
     throw logger.processingError(e);
   }
 }
Exemplo n.º 5
0
 /**
  * Sign a SAML Document
  *
  * @param samlDocument
  * @param keypair
  * @throws ProcessingException
  */
 public void signSAMLDocument(Document samlDocument, KeyPair keypair) throws ProcessingException {
   // Get the ID from the root
   String id = samlDocument.getDocumentElement().getAttribute(ID_ATTRIBUTE_NAME);
   try {
     sign(samlDocument, id, keypair);
   } catch (Exception e) {
     throw new ProcessingException(logger.signatureError(e));
   }
 }
Exemplo n.º 6
0
 public static Document getDocumentFromSource(Source source)
     throws ProcessingException, ConfigurationException {
   try {
     Transformer transformer = TransformerUtil.getTransformer();
     DOMResult result = new DOMResult();
     TransformerUtil.transform(transformer, source, result);
     return (Document) result.getNode();
   } catch (ParsingException te) {
     throw logger.processingError(te);
   }
 }
Exemplo n.º 7
0
  private static void visit(Node node, int level) {
    // Visit each child
    NodeList list = node.getChildNodes();
    for (int i = 0; i < list.getLength(); i++) {
      // Get child node
      Node childNode = list.item(i);

      logger.trace("Node=" + childNode.getNamespaceURI() + "::" + childNode.getLocalName());

      // Visit child node
      visit(childNode, level + 1);
    }
  }
Exemplo n.º 8
0
  /**
   * Get the {@link Source} as an {@link InputStream}
   *
   * @param source
   * @return
   * @throws ConfigurationException
   * @throws ProcessingException
   */
  public static InputStream getSourceAsStream(Source source)
      throws ConfigurationException, ProcessingException {
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    Result streamResult = new StreamResult(baos);
    // Write the DOM document to the stream
    Transformer transformer = TransformerUtil.getTransformer();
    try {
      transformer.transform(source, streamResult);
    } catch (TransformerException e) {
      throw logger.processingError(e);
    }

    return new ByteArrayInputStream(baos.toByteArray());
  }
Exemplo n.º 9
0
  /**
   * Marshall a DOM Element as string
   *
   * @param element
   * @return
   * @throws TransformerFactoryConfigurationError
   * @throws TransformerException
   */
  public static String getDOMElementAsString(Element element)
      throws ProcessingException, ConfigurationException {
    Source source = new DOMSource(element);
    StringWriter sw = new StringWriter();

    Result streamResult = new StreamResult(sw);
    // Write the DOM document to the file
    Transformer xformer = TransformerUtil.getTransformer();
    try {
      xformer.transform(source, streamResult);
    } catch (TransformerException e) {
      throw logger.processingError(e);
    }

    return sw.toString();
  }
 @SuppressWarnings("unchecked")
 @Override
 public boolean commit() throws LoginException {
   boolean result = super.commit();
   if (result) {
     SamlCredential samlCredential = null;
     Set<Object> creds = subject.getPublicCredentials();
     for (Object cred : creds) {
       if (cred instanceof SamlCredential) {
         samlCredential = (SamlCredential) cred;
         break;
       }
     }
     if (samlCredential == null) throw logger.authSAMLCredentialNotAvailable();
     Principal principal = new PicketLinkPrincipal("");
     if (super.isUseFirstPass()) {
       this.sharedState.put("javax.security.auth.login.name", principal);
       super.sharedState.put("javax.security.auth.login.password", samlCredential);
     }
   }
   return result;
 }
Exemplo n.º 11
0
 /**
  * Match two strings else throw a {@link RuntimeException}
  *
  * @param first
  * @param second
  */
 public static void match(String first, String second) {
   if (first.equals(second) == false) throw logger.notEqualError(first, second);
 }
  public void initialize(Map<String, String> properties) {
    this.properties = properties;

    // Check for token registry
    String tokenRegistryOption = this.properties.get(TOKEN_REGISTRY);
    if (tokenRegistryOption == null) {
      logger.stsTokenRegistryNotSpecified();
    } else {
      // if a file is to be used as registry, check if the user has specified the file name.
      if ("FILE".equalsIgnoreCase(tokenRegistryOption)) {
        String tokenRegistryFile = this.properties.get(TOKEN_REGISTRY_FILE);
        if (tokenRegistryFile != null)
          this.tokenRegistry = new FileBasedTokenRegistry(tokenRegistryFile);
        else this.tokenRegistry = new FileBasedTokenRegistry();
      } else if ("JPA".equalsIgnoreCase(tokenRegistryOption)) {
        String tokenRegistryjpa = this.properties.get(TOKEN_REGISTRY_JPA);
        if (tokenRegistryjpa != null)
          this.tokenRegistry = new JPABasedTokenRegistry(tokenRegistryjpa);
        else this.tokenRegistry = new JPABasedTokenRegistry();
      } else if ("JDBC".equalsIgnoreCase(tokenRegistryOption)) {
        String tokenRegistryjdbc = this.properties.get(TOKEN_REGISTRY_JDBC);
        if (tokenRegistryjdbc != null)
          this.tokenRegistry = new JDBCTokenRegistry(tokenRegistryjdbc);
        else this.tokenRegistry = new JDBCTokenRegistry();
      }
      // the user has specified its own registry implementation class.
      else {
        try {
          Class<?> clazz = SecurityActions.loadClass(getClass(), tokenRegistryOption);
          if (clazz != null) {
            Object object = clazz.newInstance();
            if (object instanceof SecurityTokenRegistry)
              this.tokenRegistry = (SecurityTokenRegistry) object;
            else {
              logger.stsTokenRegistryInvalidType(tokenRegistryOption);
            }
          }
        } catch (Exception pae) {
          logger.stsTokenRegistryInstantiationError();
          pae.printStackTrace();
        }
      }
    }
    if (this.tokenRegistry == null) tokenRegistry = new DefaultTokenRegistry();

    // check if a revocation registry option has been set.
    String registryOption = this.properties.get(REVOCATION_REGISTRY);
    if (registryOption == null) {
      logger.stsRevocationRegistryNotSpecified();
    } else {
      // if a file is to be used as registry, check if the user has specified the file name.
      if ("FILE".equalsIgnoreCase(registryOption)) {
        String registryFile = this.properties.get(REVOCATION_REGISTRY_FILE);
        if (registryFile != null)
          this.revocationRegistry = new FileBasedRevocationRegistry(registryFile);
        else this.revocationRegistry = new FileBasedRevocationRegistry();
      }
      // another option is to use the default JPA registry to store the revoked ids.
      else if ("JPA".equalsIgnoreCase(registryOption)) {
        String configuration = this.properties.get(REVOCATION_REGISTRY_JPA_CONFIG);
        if (configuration != null)
          this.revocationRegistry = new JPABasedRevocationRegistry(configuration);
        else this.revocationRegistry = new JPABasedRevocationRegistry();
      } else if ("JDBC".equalsIgnoreCase(registryOption)) {
        String configuration = this.properties.get(REVOCATION_REGISTRY_JDBC_CONFIG);
        if (configuration != null)
          this.revocationRegistry = new JDBCRevocationRegistry(configuration);
        else this.revocationRegistry = new JDBCRevocationRegistry();
      }
      // the user has specified its own registry implementation class.
      else {
        try {
          Class<?> clazz = SecurityActions.loadClass(getClass(), registryOption);
          if (clazz != null) {
            Object object = clazz.newInstance();
            if (object instanceof RevocationRegistry)
              this.revocationRegistry = (RevocationRegistry) object;
            else {
              logger.stsRevocationRegistryInvalidType(registryOption);
            }
          }
        } catch (Exception pae) {
          logger.stsRevocationRegistryInstantiationError();
          pae.printStackTrace();
        }
      }
    }

    if (this.revocationRegistry == null) this.revocationRegistry = new DefaultRevocationRegistry();
  }
Exemplo n.º 13
0
 /**
  * Get the Handlers from the configuration
  *
  * @param is
  * @return
  * @throws ParsingException
  */
 public static Handlers getHandlers(InputStream is) throws ParsingException {
   if (is == null) throw logger.nullArgumentError("inputstream");
   return (Handlers) (new SAMLConfigParser()).parse(is);
 }
Exemplo n.º 14
0
 /**
  * Get the SP Configuration from the passed inputstream
  *
  * @param is
  * @return
  * @throws ParsingException
  */
 public static SPType getSPConfiguration(InputStream is) throws ParsingException {
   if (is == null) throw logger.nullArgumentError("inputstream");
   return (SPType) (new SAMLConfigParser()).parse(is);
 }
Exemplo n.º 15
0
 public static PicketLinkType getConfiguration(InputStream is) throws ParsingException {
   if (is == null) throw logger.nullArgumentError("inputstream");
   PicketLinkConfigParser parser = new PicketLinkConfigParser();
   PicketLinkType picketLinkType = (PicketLinkType) parser.parse(is);
   return picketLinkType;
 }