protected IDPSSODescriptorType getIdpMetadataFromFile(SPType configuration) {
InputStream is = this.servletContext.getResourceAsStream(configuration.getIdpMetadataFile());
if (is == null) {
return null;
}
Object metadata = null;
try {
Document samlDocument = DocumentUtil.getDocument(is);
SAMLParser parser = new SAMLParser();
metadata = parser.parse(DocumentUtil.getNodeAsStream(samlDocument));
} catch (Exception e) {
throw new RuntimeException(e);
}
IDPSSODescriptorType idpSSO = null;
if (metadata instanceof EntitiesDescriptorType) {
EntitiesDescriptorType entities = (EntitiesDescriptorType) metadata;
idpSSO = handleMetadata(entities);
} else {
idpSSO = handleMetadata((EntityDescriptorType) metadata);
}
if (idpSSO == null) {
logger.samlSPUnableToGetIDPDescriptorFromMetadata();
return idpSSO;
}
return idpSSO;
}
/**
* Send a response
*
* @param holder
* @throws GeneralSecurityException
* @throws IOException
*/
public void send(WebRequestUtilHolder holder) throws GeneralSecurityException, IOException {
Document responseDoc = holder.getResponseDoc();
if (responseDoc == null) throw logger.nullValueError("responseType");
String destination = holder.getDestination();
String relayState = holder.getRelayState();
boolean supportSignature = holder.isSupportSignature();
boolean sendRequest = holder.isAreWeSendingRequest();
HttpServletResponse response = holder.getServletResponse();
boolean isErrorResponse = holder.isErrorResponse();
if (holder.isPostBindingRequested() == false && !holder.isStrictPostBinding()) {
String finalDest = null;
// This is the case with whole queryString including signature already generated by
// SAML2SignatureGenerationHandler
if (holder.getDestinationQueryStringWithSignature() != null) {
finalDest = destination + "?" + holder.getDestinationQueryStringWithSignature();
}
// This is the case without signature
else {
byte[] responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(responseBytes);
if (isNotNull(relayState)) relayState = RedirectBindingUtil.urlEncode(relayState);
finalDest =
destination
+ getDestination(
urlEncodedResponse, relayState, supportSignature, sendRequest, isErrorResponse);
}
logger.trace("Destination = " + finalDest);
HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
} else {
if (logger.isTraceEnabled()) {
logger.trace("SAML Response Document: " + DocumentUtil.asString(responseDoc));
}
byte[] responseBytes = DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
String samlResponse = PostBindingUtil.base64Encode(new String(responseBytes));
PostBindingUtil.sendPost(
new DestinationInfoHolder(destination, samlResponse, relayState), response, sendRequest);
}
}
protected void sendHttpRedirectRequest(
String destination,
Document samlDocument,
String relayState,
HttpServletResponse response,
boolean willSendRequest,
String destinationQueryStringWithSignature)
throws IOException, ProcessingException, ConfigurationException {
String destinationQueryString = null;
// We already have queryString with signature from SAML2SignatureGenerationHandler
if (destinationQueryStringWithSignature != null) {
destinationQueryString = destinationQueryStringWithSignature;
} else {
String samlMessage = DocumentUtil.getDocumentAsString(samlDocument);
String base64Request =
RedirectBindingUtil.deflateBase64URLEncode(samlMessage.getBytes("UTF-8"));
destinationQueryString =
RedirectBindingUtil.getDestinationQueryString(base64Request, relayState, willSendRequest);
}
RedirectBindingUtil.RedirectBindingUtilDestHolder holder =
new RedirectBindingUtil.RedirectBindingUtilDestHolder();
holder.setDestination(destination).setDestinationQueryString(destinationQueryString);
HTTPRedirectUtil.sendRedirectForRequestor(
RedirectBindingUtil.getDestinationURL(holder), response);
}
public void testStringConstructor() throws Exception {
final SamlCredential samlPrincipal =
new SamlCredential(DocumentUtil.getNodeAsString(assertionElement));
final InputSource actual =
new InputSource(new StringReader(samlPrincipal.getAssertionAsString()));
XMLAssert.assertXMLEqual(expectedAssertion, actual);
}
public void setUp() throws Exception {
XMLUnit.setIgnoreWhitespace(true);
final Document assertionDoc =
DocumentUtil.getDocument(getClass().getResourceAsStream("/wstrust/assertion.xml"));
assertionElement = (Element) assertionDoc.getFirstChild();
expectedAssertion =
new InputSource(getClass().getResourceAsStream("/wstrust/assertion-expected.xml"));
}
protected void sendHttpPostBindingRequest(
String destination,
Document samlDocument,
String relayState,
HttpServletResponse response,
boolean willSendRequest)
throws ProcessingException, IOException, ConfigurationException {
String samlMessage =
PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
DestinationInfoHolder destinationHolder =
new DestinationInfoHolder(destination, samlMessage, relayState);
PostBindingUtil.sendPost(destinationHolder, response, willSendRequest);
}
private Document toSAMLResponseDocument(String samlResponse, boolean isPostBinding)
throws ParsingException {
InputStream dataStream = null;
if (isPostBinding) {
// deal with SAML response from IDP
dataStream = PostBindingUtil.base64DecodeAsStream(samlResponse);
} else {
// deal with SAML response from IDP
dataStream = RedirectBindingUtil.base64DeflateDecode(samlResponse);
}
try {
return DocumentUtil.getDocument(dataStream);
} catch (Exception e) {
logger.samlResponseFromIDPParsingFailed();
throw new ParsingException("", e);
}
}
protected void sendToDestination(
Document samlDocument,
String relayState,
String destination,
HttpServletResponse response,
boolean request)
throws IOException, SAXException, GeneralSecurityException {
if (!ignoreSignatures) {
SAML2Signature samlSignature = new SAML2Signature();
Node nextSibling = samlSignature.getNextSiblingOfIssuer(samlDocument);
if (nextSibling != null) {
samlSignature.setNextSibling(nextSibling);
}
KeyPair keypair = keyManager.getSigningKeyPair();
samlSignature.signSAMLDocument(samlDocument, keypair);
}
String samlMessage =
PostBindingUtil.base64Encode(DocumentUtil.getDocumentAsString(samlDocument));
PostBindingUtil.sendPost(
new DestinationInfoHolder(destination, samlMessage, relayState), response, request);
}
/**
* Creates a {@code KeyInfoType} that wraps the specified secret. If the {@code encryptionKey}
* parameter is not null, the secret is encrypted using the specified public key before it is set
* in the {@code KeyInfoType}.
*
* @param secret a {@code byte[]} representing the secret (symmetric key).
* @param encryptionKey the {@code PublicKey} that must be used to encrypt the secret.
* @param keyWrapAlgo the key wrap algorithm to be used.
* @return the constructed {@code KeyInfoType} instance.
* @throws WSTrustException if an error occurs while creating the {@code KeyInfoType} object.
*/
public static KeyInfoType createKeyInfo(byte[] secret, PublicKey encryptionKey, URI keyWrapAlgo)
throws WSTrustException {
KeyInfoType keyInfo = null;
// if a public key has been specified, encrypt the secret using the public key.
if (encryptionKey != null) {
try {
Document document = DocumentUtil.createDocument();
// TODO: XMLEncryptionUtil should allow for the specification of the key wrap algorithm.
EncryptedKey key =
XMLEncryptionUtil.encryptKey(
document, new SecretKeySpec(secret, "AES"), encryptionKey, secret.length * 8);
Element encryptedKeyElement = XMLCipher.getInstance().martial(key);
keyInfo = new KeyInfoType();
keyInfo.addContent(encryptedKeyElement);
} catch (Exception e) {
throw logger.stsKeyInfoTypeCreationError(e);
}
} else {
logger.stsSecretKeyNotEncrypted();
}
return keyInfo;
}