protected void initializeHandlerChain(PicketLinkType picketLinkType) throws Exception { SAML2HandlerChain handlerChain; // Get the chain from config if (isNullOrEmpty(samlHandlerChainClass)) { handlerChain = SAML2HandlerChainFactory.createChain(); } else { try { handlerChain = SAML2HandlerChainFactory.createChain(this.samlHandlerChainClass); } catch (ProcessingException e1) { throw new RuntimeException(e1); } } Handlers handlers = picketLinkType.getHandlers(); if (handlers == null) { // Get the handlers String handlerConfigFileName = GeneralConstants.HANDLER_CONFIG_FILE_LOCATION; handlers = ConfigurationUtil.getHandlers(servletContext.getResourceAsStream(handlerConfigFileName)); } picketLinkType.setHandlers(handlers); handlerChain.addAll(HandlerUtil.getHandlers(handlers)); populateChainConfig(picketLinkType); SAML2HandlerChainConfig handlerChainConfig = new DefaultSAML2HandlerChainConfig(chainConfigOptions); Set<SAML2Handler> samlHandlers = handlerChain.handlers(); for (SAML2Handler handler : samlHandlers) { handler.initChainConfig(handlerChainConfig); } chain = handlerChain; }
public IDMType parseIDMConfiguration(InputStream inputStream) { try { PicketLinkConfigParser parser = new PicketLinkConfigParser(); PicketLinkType plType = (PicketLinkType) parser.parse(inputStream); return plType.getIdmType(); } catch (ParsingException pe) { throw new SecurityConfigurationException("Could not parse picketlink configuration", pe); } }
protected void populateChainConfig(PicketLinkType picketLinkType) throws ConfigurationException, ProcessingException { Map<String, Object> chainConfigOptions = new HashMap<String, Object>(); chainConfigOptions.put(GeneralConstants.CONFIGURATION, picketLinkType.getIdpOrSP()); chainConfigOptions.put( GeneralConstants.ROLE_VALIDATOR_IGNORE, "false"); // No validator as tomcat realm does validn if (doSupportSignature()) { chainConfigOptions.put(GeneralConstants.KEYPAIR, keyManager.getSigningKeyPair()); // If there is a need for X509Data in signedinfo String certificateAlias = (String) keyManager.getAdditionalOption(GeneralConstants.X509CERTIFICATE); if (certificateAlias != null) { chainConfigOptions.put( GeneralConstants.X509CERTIFICATE, keyManager.getCertificate(certificateAlias)); } } this.chainConfigOptions = chainConfigOptions; }
protected void processConfiguration(FilterConfig filterConfig) { InputStream is; if (isNullOrEmpty(this.configFile)) { is = servletContext.getResourceAsStream(CONFIG_FILE_LOCATION); } else { try { is = new FileInputStream(this.configFile); } catch (FileNotFoundException e) { throw logger.samlIDPConfigurationError(e); } } PicketLinkType picketLinkType; String configurationProviderName = filterConfig.getInitParameter(CONFIGURATION_PROVIDER); if (configurationProviderName != null) { try { Class<?> clazz = SecurityActions.loadClass(getClass(), configurationProviderName); if (clazz == null) { throw new ClassNotFoundException(ErrorCodes.CLASS_NOT_LOADED + configurationProviderName); } this.configProvider = (SAMLConfigurationProvider) clazz.newInstance(); } catch (Exception e) { throw new RuntimeException( "Could not create configuration provider [" + configurationProviderName + "].", e); } } try { // Work on the IDP Configuration if (configProvider != null) { try { if (is == null) { // Try the older version is = servletContext.getResourceAsStream( GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION); // Additionally parse the deprecated config file if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) { ((AbstractSAMLConfigurationProvider) configProvider).setConfigFile(is); } } else { // Additionally parse the consolidated config file if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) { ((AbstractSAMLConfigurationProvider) configProvider).setConsolidatedConfigFile(is); } } picketLinkType = configProvider.getPicketLinkConfiguration(); picketLinkType.setIdpOrSP(configProvider.getSPConfiguration()); } catch (ProcessingException e) { throw logger.samlSPConfigurationError(e); } catch (ParsingException e) { throw logger.samlSPConfigurationError(e); } } else { if (is != null) { try { picketLinkType = ConfigurationUtil.getConfiguration(is); } catch (ParsingException e) { logger.trace(e); throw logger.samlSPConfigurationError(e); } } else { is = servletContext.getResourceAsStream(GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION); if (is == null) { throw logger.configurationFileMissing(configFile); } picketLinkType = new PicketLinkType(); picketLinkType.setIdpOrSP(ConfigurationUtil.getSPConfiguration(is)); } } // Close the InputStream as we no longer need it if (is != null) { try { is.close(); } catch (IOException e) { // ignore } } Boolean enableAudit = picketLinkType.isEnableAudit(); // See if we have the system property enabled if (!enableAudit) { String sysProp = SecurityActions.getSystemProperty(GeneralConstants.AUDIT_ENABLE, "NULL"); if (!"NULL".equals(sysProp)) { enableAudit = Boolean.parseBoolean(sysProp); } } if (enableAudit) { if (auditHelper == null) { String securityDomainName = PicketLinkAuditHelper.getSecurityDomainName(servletContext); auditHelper = new PicketLinkAuditHelper(securityDomainName); } } SPType spConfiguration = (SPType) picketLinkType.getIdpOrSP(); processIdPMetadata(spConfiguration); this.serviceURL = spConfiguration.getServiceURL(); this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod(); this.picketLinkConfiguration = picketLinkType; this.issuerID = filterConfig.getInitParameter(ISSUER_ID); this.characterEncoding = filterConfig.getInitParameter(CHARACTER_ENCODING); this.samlHandlerChainClass = filterConfig.getInitParameter(SAML_HANDLER_CHAIN_CLASS); logger.samlSPSettingCanonicalizationMethod(canonicalizationMethod); XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod); try { this.initKeyProvider(); this.initializeHandlerChain(picketLinkType); } catch (Exception e) { throw new RuntimeException(e); } logger.trace("Identity Provider URL=" + getConfiguration().getIdentityURL()); } catch (Exception e) { throw new RuntimeException(e); } }