Example 16 with ParamType
use of com.tremolosecurity.config.xml.ParamType in project OpenUnison by TremoloSecurity.
the class OpenUnisonUtils method exportIdPMetadata.
private static void exportIdPMetadata(Options options, CommandLine cmd, TremoloType tt, KeyStore ks) throws Exception, KeyStoreException, CertificateEncodingException, NoSuchAlgorithmException, UnrecoverableKeyException, SecurityException, MarshallingException, SignatureException {
InitializationService.initialize();
logger.info("Finding IdP...");
String idpName = loadOption(cmd, "idpName", options);
ApplicationType idp = null;
for (ApplicationType app : tt.getApplications().getApplication()) {
if (app.getName().equalsIgnoreCase(idpName)) {
idp = app;
}
}
if (idp == null) {
throw new Exception("IdP '" + idpName + "' not found");
}
logger.info("Loading the base URL");
String baseURL = loadOption(cmd, "urlBase", options);
String url = baseURL + idp.getUrls().getUrl().get(0).getUri();
SecureRandom random = new SecureRandom();
byte[] idBytes = new byte[20];
random.nextBytes(idBytes);
StringBuffer b = new StringBuffer();
b.append('f').append(Hex.encodeHexString(idBytes));
String id = b.toString();
EntityDescriptorBuilder edb = new EntityDescriptorBuilder();
EntityDescriptor ed = edb.buildObject();
ed.setID(id);
ed.setEntityID(url);
IDPSSODescriptorBuilder idpssdb = new IDPSSODescriptorBuilder();
// ed.getSPSSODescriptor("urn:oasis:names:tc:SAML:2.0:protocol");
IDPSSODescriptor sd = idpssdb.buildObject();
sd.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
ed.getRoleDescriptors().add(sd);
HashMap<String, List<String>> params = new HashMap<String, List<String>>();
for (ParamType pt : idp.getUrls().getUrl().get(0).getIdp().getParams()) {
List<String> vals = params.get(pt.getName());
if (vals == null) {
vals = new ArrayList<String>();
params.put(pt.getName(), vals);
}
vals.add(pt.getValue());
}
sd.setWantAuthnRequestsSigned(params.containsKey("requireSignedAuthn") && params.get("requireSignedAuthn").get(0).equalsIgnoreCase("true"));
KeyDescriptorBuilder kdb = new KeyDescriptorBuilder();
if (params.get("encKey") != null && !params.get("encKey").isEmpty() && (ks.getCertificate(params.get("encKey").get(0)) != null)) {
KeyDescriptor kd = kdb.buildObject();
kd.setUse(UsageType.ENCRYPTION);
KeyInfoBuilder kib = new KeyInfoBuilder();
KeyInfo ki = kib.buildObject();
X509DataBuilder x509b = new X509DataBuilder();
X509Data x509 = x509b.buildObject();
X509CertificateBuilder certb = new X509CertificateBuilder();
org.opensaml.xmlsec.signature.X509Certificate cert = certb.buildObject();
cert.setValue(Base64.encode(ks.getCertificate(params.get("encKey").get(0)).getEncoded()));
x509.getX509Certificates().add(cert);
ki.getX509Datas().add(x509);
kd.setKeyInfo(ki);
sd.getKeyDescriptors().add(kd);
}
if (params.get("sigKey") != null && !params.get("sigKey").isEmpty() && (ks.getCertificate(params.get("sigKey").get(0)) != null)) {
KeyDescriptor kd = kdb.buildObject();
kd.setUse(UsageType.SIGNING);
KeyInfoBuilder kib = new KeyInfoBuilder();
KeyInfo ki = kib.buildObject();
X509DataBuilder x509b = new X509DataBuilder();
X509Data x509 = x509b.buildObject();
X509CertificateBuilder certb = new X509CertificateBuilder();
org.opensaml.xmlsec.signature.X509Certificate cert = certb.buildObject();
cert.setValue(Base64.encode(ks.getCertificate(params.get("sigKey").get(0)).getEncoded()));
x509.getX509Certificates().add(cert);
ki.getX509Datas().add(x509);
kd.setKeyInfo(ki);
sd.getKeyDescriptors().add(kd);
}
HashSet<String> nameids = new HashSet<String>();
for (TrustType trustType : idp.getUrls().getUrl().get(0).getIdp().getTrusts().getTrust()) {
for (ParamType pt : trustType.getParam()) {
if (pt.getName().equalsIgnoreCase("nameIdMap")) {
String val = pt.getValue().substring(0, pt.getValue().indexOf('='));
if (!nameids.contains(val)) {
nameids.add(val);
}
}
}
}
NameIDFormatBuilder nifb = new NameIDFormatBuilder();
for (String nidf : nameids) {
NameIDFormat nif = nifb.buildObject();
nif.setFormat(nidf);
sd.getNameIDFormats().add(nif);
}
SingleSignOnServiceBuilder ssosb = new SingleSignOnServiceBuilder();
SingleSignOnService sso = ssosb.buildObject();
sso.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
sso.setLocation(url + "/httpPost");
sd.getSingleSignOnServices().add(sso);
sso = ssosb.buildObject();
sso.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
sso.setLocation(url + "/httpRedirect");
sd.getSingleSignOnServices().add(sso);
String signingKey = loadOptional(cmd, "signMetadataWithKey", options);
if (signingKey != null && ks.getCertificate(signingKey) != null) {
BasicX509Credential signingCredential = new BasicX509Credential((X509Certificate) ks.getCertificate(signingKey), (PrivateKey) ks.getKey(signingKey, tt.getKeyStorePassword().toCharArray()));
Signature signature = OpenSAMLUtils.buildSAMLObject(Signature.class);
signature.setSigningCredential(signingCredential);
signature.setSignatureAlgorithm(SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1);
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
ed.setSignature(signature);
try {
XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(ed).marshall(ed);
} catch (MarshallingException e) {
throw new RuntimeException(e);
}
Signer.signObject(signature);
}
// Get the Subject marshaller
EntityDescriptorMarshaller marshaller = new EntityDescriptorMarshaller();
// Marshall the Subject
Element assertionElement = marshaller.marshall(ed);
logger.info(net.shibboleth.utilities.java.support.xml.SerializeSupport.nodeToString(assertionElement));
}
Also used :
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
HashMap(java.util.HashMap)
KeyInfoBuilder(org.opensaml.xmlsec.signature.impl.KeyInfoBuilder)
KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor)
JAXBElement(javax.xml.bind.JAXBElement)
Element(org.w3c.dom.Element)
SingleSignOnService(org.opensaml.saml.saml2.metadata.SingleSignOnService)
NameIDFormatBuilder(org.opensaml.saml.saml2.metadata.impl.NameIDFormatBuilder)
EntityDescriptorMarshaller(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorMarshaller)
X509Data(org.opensaml.xmlsec.signature.X509Data)
SingleSignOnServiceBuilder(org.opensaml.saml.saml2.metadata.impl.SingleSignOnServiceBuilder)
EntityDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder)
X509DataBuilder(org.opensaml.xmlsec.signature.impl.X509DataBuilder)
MarshallingException(org.opensaml.core.xml.io.MarshallingException)
KeyInfo(org.opensaml.xmlsec.signature.KeyInfo)
ArrayList(java.util.ArrayList)
List(java.util.List)
HashSet(java.util.HashSet)
X509CertificateBuilder(org.opensaml.xmlsec.signature.impl.X509CertificateBuilder)
SecureRandom(java.security.SecureRandom)
TrustType(com.tremolosecurity.config.xml.TrustType)
KeyStoreException(java.security.KeyStoreException)
SignatureException(org.opensaml.xmlsec.signature.support.SignatureException)
SecurityException(org.opensaml.security.SecurityException)
UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException)
NoSuchAlgorithmException(java.security.NoSuchAlgorithmException)
CertificateEncodingException(java.security.cert.CertificateEncodingException)
MarshallingException(org.opensaml.core.xml.io.MarshallingException)
IOException(java.io.IOException)
Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException)
ServletException(javax.servlet.ServletException)
PropertyException(javax.xml.bind.PropertyException)
JAXBException(javax.xml.bind.JAXBException)
FileNotFoundException(java.io.FileNotFoundException)
SAXException(org.xml.sax.SAXException)
UnrecoverableKeyException(java.security.UnrecoverableKeyException)
CertificateException(java.security.cert.CertificateException)
ParserConfigurationException(javax.xml.parsers.ParserConfigurationException)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
ApplicationType(com.tremolosecurity.config.xml.ApplicationType)
EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor)
NameIDFormat(org.opensaml.saml.saml2.metadata.NameIDFormat)
BasicX509Credential(org.opensaml.security.x509.BasicX509Credential)
Signature(org.opensaml.xmlsec.signature.Signature)
KeyDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.KeyDescriptorBuilder)
IDPSSODescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorBuilder)
Example 17 with ParamType
use of com.tremolosecurity.config.xml.ParamType in project OpenUnison by TremoloSecurity.
the class ListWorkflows method doGet.
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
try {
String uuid = req.getParameter("uuid");
ConfigManager cfgMgr = GlobalEntries.getGlobalEntries().getConfigManager();
List<WorkflowType> wfs = GlobalEntries.getGlobalEntries().getConfigManager().getCfg().getProvisioning().getWorkflows().getWorkflow();
ArrayList<WFDescription> workflows = new ArrayList<WFDescription>();
for (WorkflowType wf : wfs) {
if (wf.isInList() != null && wf.isInList().booleanValue()) {
if (wf.getOrgid() == null || wf.getOrgid().equalsIgnoreCase(uuid)) {
if (wf.getDynamicConfiguration() != null && wf.getDynamicConfiguration().isDynamic()) {
HashMap<String, Attribute> params = new HashMap<String, Attribute>();
if (wf.getDynamicConfiguration().getParam() != null) {
for (ParamType p : wf.getDynamicConfiguration().getParam()) {
Attribute attr = params.get(p.getName());
if (attr == null) {
attr = new Attribute(p.getName());
params.put(p.getName(), attr);
}
attr.getValues().add(p.getValue());
}
}
DynamicWorkflow dwf = (DynamicWorkflow) Class.forName(wf.getDynamicConfiguration().getClassName()).newInstance();
List<Map<String, String>> wfParams = dwf.generateWorkflows(wf, GlobalEntries.getGlobalEntries().getConfigManager(), params);
StringBuffer b = new StringBuffer();
b.append('/').append(URLEncoder.encode(wf.getName(), "UTF-8"));
String uri = b.toString();
for (Map<String, String> wfParamSet : wfParams) {
DateTime now = new DateTime();
DateTime expires = now.plusHours(1);
LastMile lm = new LastMile(uri, now, expires, 0, "");
for (String key : wfParamSet.keySet()) {
String val = wfParamSet.get(key);
Attribute attr = new Attribute(key, val);
lm.getAttributes().add(attr);
}
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
ST st = new ST(wf.getLabel(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setLabel(st.render());
st = new ST(wf.getDescription(), '$', '$');
for (String key : wfParamSet.keySet()) {
st.add(key.replaceAll("[.]", "_"), wfParamSet.get(key));
}
desc.setDescription(st.render());
desc.setEncryptedParams(lm.generateLastMileToken(cfgMgr.getSecretKey(cfgMgr.getCfg().getProvisioning().getApprovalDB().getEncryptionKey())));
workflows.add(desc);
}
} else {
WFDescription desc = new WFDescription();
desc.setUuid(UUID.randomUUID().toString());
desc.setName(wf.getName());
desc.setLabel(wf.getLabel());
desc.setDescription(wf.getDescription());
workflows.add(desc);
}
}
}
}
WFDescriptions descs = new WFDescriptions();
descs.setWorkflows(workflows);
Gson gson = new Gson();
ProvisioningResult pres = new ProvisioningResult();
pres.setSuccess(true);
pres.setWfDescriptions(descs);
resp.getOutputStream().print(gson.toJson(pres));
} catch (Exception e) {
logger.error("Could not load workflows", e);
Gson gson = new Gson();
ProvisioningResult pres = new ProvisioningResult();
pres.setSuccess(false);
pres.setError(new ProvisioningError("Could not load workflows"));
resp.getOutputStream().print(gson.toJson(pres));
}
}
Also used :
ST(org.stringtemplate.v4.ST)
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
ProvisioningResult(com.tremolosecurity.provisioning.service.util.ProvisioningResult)
ArrayList(java.util.ArrayList)
Gson(com.google.gson.Gson)
ConfigManager(com.tremolosecurity.config.util.ConfigManager)
ParamType(com.tremolosecurity.config.xml.ParamType)
DateTime(org.joda.time.DateTime)
ServletException(javax.servlet.ServletException)
IOException(java.io.IOException)
LastMile(com.tremolosecurity.lastmile.LastMile)
WFDescription(com.tremolosecurity.provisioning.service.util.WFDescription)
ProvisioningError(com.tremolosecurity.provisioning.service.util.ProvisioningError)
WorkflowType(com.tremolosecurity.config.xml.WorkflowType)
DynamicWorkflow(com.tremolosecurity.provisioning.util.DynamicWorkflow)
HashMap(java.util.HashMap)
Map(java.util.Map)
WFDescriptions(com.tremolosecurity.provisioning.service.util.WFDescriptions)
Example 18 with ParamType
use of com.tremolosecurity.config.xml.ParamType in project OpenUnison by TremoloSecurity.
the class SendMessageThread method addMessageListener.
@Override
public void addMessageListener(MessageListenerType mlt) throws InstantiationException, IllegalAccessException, ClassNotFoundException, ProvisioningException, JMSException {
UnisonMessageListener uml = (UnisonMessageListener) Class.forName(mlt.getClassName()).newInstance();
HashMap<String, Attribute> attrs = new HashMap<String, Attribute>();
for (ParamType pt : mlt.getParams()) {
Attribute attr = attrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
attrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
uml.init(this.cfgMgr, attrs);
JMSSessionHolder session = JMSConnectionFactory.getConnectionFactory().getSession(mlt.getQueueName());
session.setMessageListener(uml);
this.listenerSessions.put(mlt.getQueueName(), session);
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
JMSSessionHolder(com.tremolosecurity.provisioning.jms.JMSSessionHolder)
ParamType(com.tremolosecurity.config.xml.ParamType)
Example 19 with ParamType
use of com.tremolosecurity.config.xml.ParamType in project OpenUnison by TremoloSecurity.
the class SendMessageThread method initReports.
@Override
public void initReports() throws ProvisioningException {
try {
if (cfgMgr.getCfg().getProvisioning() != null && cfgMgr.getCfg().getProvisioning().getReports() != null && cfgMgr.getCfg().getProvisioning().getReports().getDynamicReports() != null && cfgMgr.getCfg().getProvisioning().getReports().getDynamicReports().isEnabled()) {
DynamicPortalUrlsType dynamicReports = cfgMgr.getCfg().getProvisioning().getReports().getDynamicReports();
String className = dynamicReports.getClassName();
HashMap<String, Attribute> cfgAttrs = new HashMap<String, Attribute>();
for (ParamType pt : dynamicReports.getParams()) {
Attribute attr = cfgAttrs.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
cfgAttrs.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
DynamicReports dynamicReport = (DynamicReports) Class.forName(className).newInstance();
dynamicReport.loadDynamicReports(cfgMgr, this, cfgAttrs);
}
} catch (InstantiationException | IllegalAccessException | ClassNotFoundException e) {
throw new ProvisioningException("Could not initialize dynamic targets", e);
}
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
LDAPAttribute(com.novell.ldap.LDAPAttribute)
HashMap(java.util.HashMap)
DynamicReports(com.tremolosecurity.provisioning.reports.DynamicReports)
DynamicPortalUrlsType(com.tremolosecurity.config.xml.DynamicPortalUrlsType)
ParamType(com.tremolosecurity.config.xml.ParamType)
Example 20 with ParamType
use of com.tremolosecurity.config.xml.ParamType in project OpenUnison by TremoloSecurity.
the class UnisonConfigManagerImpl method createCustomAuthorizationRule.
private void createCustomAuthorizationRule(CustomAzRuleType azrule) throws InstantiationException, IllegalAccessException, ClassNotFoundException, AzException {
HashMap<String, Attribute> azCfg = new HashMap<String, Attribute>();
for (ParamType pt : azrule.getParams()) {
Attribute attr = azCfg.get(pt.getName());
if (attr == null) {
attr = new Attribute(pt.getName());
azCfg.put(pt.getName(), attr);
}
attr.getValues().add(pt.getValue());
}
CustomAuthorization cuz = (CustomAuthorization) Class.forName(azrule.getClassName()).newInstance();
cuz.init(azCfg);
this.customAzRules.put(azrule.getName(), cuz);
}
Also used :
Attribute(com.tremolosecurity.saml.Attribute)
HashMap(java.util.HashMap)
AuthMechParamType(com.tremolosecurity.config.xml.AuthMechParamType)
ParamType(com.tremolosecurity.config.xml.ParamType)
CustomAuthorization(com.tremolosecurity.proxy.az.CustomAuthorization)
Aggregations
ParamType (com.tremolosecurity.config.xml.ParamType)27
HashMap (java.util.HashMap)17
Attribute (com.tremolosecurity.saml.Attribute)14
IOException (java.io.IOException)12
LDAPAttribute (com.novell.ldap.LDAPAttribute)8
AuthMechParamType (com.tremolosecurity.config.xml.AuthMechParamType)7
DynamicPortalUrlsType (com.tremolosecurity.config.xml.DynamicPortalUrlsType)7
ProvisioningException (com.tremolosecurity.provisioning.core.ProvisioningException)7
FileNotFoundException (java.io.FileNotFoundException)7
NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)7
JAXBException (javax.xml.bind.JAXBException)7
JSONObject (org.json.simple.JSONObject)7
JSONArray (org.json.simple.JSONArray)6
ApplicationType (com.tremolosecurity.config.xml.ApplicationType)5
TrustType (com.tremolosecurity.config.xml.TrustType)5
ServletException (javax.servlet.ServletException)5
LDAPException (com.novell.ldap.LDAPException)4
HttpCon (com.tremolosecurity.provisioning.util.HttpCon)4
KeyStoreException (java.security.KeyStoreException)4
UnrecoverableKeyException (java.security.UnrecoverableKeyException)4
