示例#1
0
  private void processIdPMetadata(SPType spConfiguration) {
    IDPSSODescriptorType idpssoDescriptorType = null;

    if (isNotNull(spConfiguration.getIdpMetadataFile())) {
      idpssoDescriptorType = getIdpMetadataFromFile(spConfiguration);
    } else {
      idpssoDescriptorType = getIdpMetadataFromProvider(spConfiguration);
    }

    if (idpssoDescriptorType != null) {
      List<EndpointType> endpoints = idpssoDescriptorType.getSingleSignOnService();
      for (EndpointType endpoint : endpoints) {
        String endpointBinding = endpoint.getBinding().toString();
        if (endpointBinding.contains("HTTP-POST")) {
          endpointBinding = "POST";
        } else if (endpointBinding.contains("HTTP-Redirect")) {
          endpointBinding = "REDIRECT";
        }
        if (spConfiguration.getBindingType().equals(endpointBinding)) {
          spConfiguration.setIdentityURL(endpoint.getLocation().toString());
          break;
        }
      }

      this.idpMetadata = idpssoDescriptorType;
    }
  }
示例#2
0
  protected void initKeyProvider() {
    if (!doSupportSignature()) {
      return;
    }

    SPType configuration = getConfiguration();
    KeyProviderType keyProvider = configuration.getKeyProvider();

    if (keyProvider == null && doSupportSignature()) {
      throw new RuntimeException(
          ErrorCodes.NULL_VALUE + "KeyProvider is null for context=" + getContextPath());
    }

    try {
      String keyManagerClassName = keyProvider.getClassName();
      if (keyManagerClassName == null) {
        throw new RuntimeException(ErrorCodes.NULL_VALUE + "KeyManager class name");
      }

      Class<?> clazz = SecurityActions.loadClass(getClass(), keyManagerClassName);

      if (clazz == null) {
        throw new ClassNotFoundException(ErrorCodes.CLASS_NOT_LOADED + keyManagerClassName);
      }

      TrustKeyManager keyManager = (TrustKeyManager) clazz.newInstance();

      List<AuthPropertyType> authProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);

      keyManager.setAuthProperties(authProperties);
      keyManager.setValidatingAlias(keyProvider.getValidatingAlias());

      String identityURL = configuration.getIdentityURL();

      // Special case when you need X509Data in SignedInfo
      if (authProperties != null) {
        for (AuthPropertyType authPropertyType : authProperties) {
          String key = authPropertyType.getKey();
          if (GeneralConstants.X509CERTIFICATE.equals(key)) {
            // we need X509Certificate in SignedInfo. The value is the alias name
            keyManager.addAdditionalOption(
                GeneralConstants.X509CERTIFICATE, authPropertyType.getValue());
            break;
          }
        }
      }
      keyManager.addAdditionalOption(
          ServiceProviderBaseProcessor.IDP_KEY, new URL(identityURL).getHost());
      this.keyManager = keyManager;
    } catch (Exception e) {
      logger.trustKeyManagerCreationError(e);
      throw new RuntimeException(e.getLocalizedMessage());
    }

    logger.trace("Key Provider=" + keyProvider.getClassName());
  }
示例#3
0
  protected IDPSSODescriptorType getIdpMetadataFromFile(SPType configuration) {
    InputStream is = this.servletContext.getResourceAsStream(configuration.getIdpMetadataFile());
    if (is == null) {
      return null;
    }

    Object metadata = null;
    try {
      Document samlDocument = DocumentUtil.getDocument(is);
      SAMLParser parser = new SAMLParser();
      metadata = parser.parse(DocumentUtil.getNodeAsStream(samlDocument));
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
    IDPSSODescriptorType idpSSO = null;
    if (metadata instanceof EntitiesDescriptorType) {
      EntitiesDescriptorType entities = (EntitiesDescriptorType) metadata;
      idpSSO = handleMetadata(entities);
    } else {
      idpSSO = handleMetadata((EntityDescriptorType) metadata);
    }
    if (idpSSO == null) {
      logger.samlSPUnableToGetIDPDescriptorFromMetadata();
      return idpSSO;
    }

    return idpSSO;
  }
  /** @see SAMLConfigurationProvider#getSPConfiguration() */
  public SPType getSPConfiguration() throws ProcessingException {
    SPType spType = null;
    if (fileAvailable()) {
      try {
        EntitiesDescriptorType entities = parseMDFile();
        spType = CoreConfigUtil.getSPConfiguration(entities, bindingURI);
      } catch (ParsingException e) {
        throw logger.processingError(e);
      }
    } else {
      throw logger.nullValueError(SP_MD_FILE);
    }

    if (configParsedSPType != null) {
      spType.importFrom(configParsedSPType);
    }
    return spType;
  }
示例#5
0
  protected void processConfiguration(FilterConfig filterConfig) {
    InputStream is;

    if (isNullOrEmpty(this.configFile)) {
      is = servletContext.getResourceAsStream(CONFIG_FILE_LOCATION);
    } else {
      try {
        is = new FileInputStream(this.configFile);
      } catch (FileNotFoundException e) {
        throw logger.samlIDPConfigurationError(e);
      }
    }

    PicketLinkType picketLinkType;

    String configurationProviderName = filterConfig.getInitParameter(CONFIGURATION_PROVIDER);

    if (configurationProviderName != null) {
      try {
        Class<?> clazz = SecurityActions.loadClass(getClass(), configurationProviderName);

        if (clazz == null) {
          throw new ClassNotFoundException(ErrorCodes.CLASS_NOT_LOADED + configurationProviderName);
        }

        this.configProvider = (SAMLConfigurationProvider) clazz.newInstance();
      } catch (Exception e) {
        throw new RuntimeException(
            "Could not create configuration provider [" + configurationProviderName + "].", e);
      }
    }

    try {
      // Work on the IDP Configuration
      if (configProvider != null) {
        try {
          if (is == null) {
            // Try the older version
            is =
                servletContext.getResourceAsStream(
                    GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);

            // Additionally parse the deprecated config file
            if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) {
              ((AbstractSAMLConfigurationProvider) configProvider).setConfigFile(is);
            }
          } else {
            // Additionally parse the consolidated config file
            if (is != null && configProvider instanceof AbstractSAMLConfigurationProvider) {
              ((AbstractSAMLConfigurationProvider) configProvider).setConsolidatedConfigFile(is);
            }
          }

          picketLinkType = configProvider.getPicketLinkConfiguration();
          picketLinkType.setIdpOrSP(configProvider.getSPConfiguration());
        } catch (ProcessingException e) {
          throw logger.samlSPConfigurationError(e);
        } catch (ParsingException e) {
          throw logger.samlSPConfigurationError(e);
        }
      } else {
        if (is != null) {
          try {
            picketLinkType = ConfigurationUtil.getConfiguration(is);
          } catch (ParsingException e) {
            logger.trace(e);
            throw logger.samlSPConfigurationError(e);
          }
        } else {
          is = servletContext.getResourceAsStream(GeneralConstants.DEPRECATED_CONFIG_FILE_LOCATION);
          if (is == null) {
            throw logger.configurationFileMissing(configFile);
          }

          picketLinkType = new PicketLinkType();

          picketLinkType.setIdpOrSP(ConfigurationUtil.getSPConfiguration(is));
        }
      }

      // Close the InputStream as we no longer need it
      if (is != null) {
        try {
          is.close();
        } catch (IOException e) {
          // ignore
        }
      }

      Boolean enableAudit = picketLinkType.isEnableAudit();

      // See if we have the system property enabled
      if (!enableAudit) {
        String sysProp = SecurityActions.getSystemProperty(GeneralConstants.AUDIT_ENABLE, "NULL");
        if (!"NULL".equals(sysProp)) {
          enableAudit = Boolean.parseBoolean(sysProp);
        }
      }

      if (enableAudit) {
        if (auditHelper == null) {
          String securityDomainName = PicketLinkAuditHelper.getSecurityDomainName(servletContext);

          auditHelper = new PicketLinkAuditHelper(securityDomainName);
        }
      }

      SPType spConfiguration = (SPType) picketLinkType.getIdpOrSP();
      processIdPMetadata(spConfiguration);

      this.serviceURL = spConfiguration.getServiceURL();
      this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod();
      this.picketLinkConfiguration = picketLinkType;

      this.issuerID = filterConfig.getInitParameter(ISSUER_ID);
      this.characterEncoding = filterConfig.getInitParameter(CHARACTER_ENCODING);
      this.samlHandlerChainClass = filterConfig.getInitParameter(SAML_HANDLER_CHAIN_CLASS);

      logger.samlSPSettingCanonicalizationMethod(canonicalizationMethod);
      XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);

      try {
        this.initKeyProvider();
        this.initializeHandlerChain(picketLinkType);
      } catch (Exception e) {
        throw new RuntimeException(e);
      }

      logger.trace("Identity Provider URL=" + getConfiguration().getIdentityURL());
    } catch (Exception e) {
      throw new RuntimeException(e);
    }
  }