Examples with EntityInformation ddf.security.samlp.impl.EntityInformation used on opensource projects

Search in sources :

Example 1 with EntityInformation

use of ddf.security.samlp.impl.EntityInformation in project ddf by codice.

the class IdpEndpoint method parseServiceProviderMetadata.

private void parseServiceProviderMetadata(List<String> serviceProviderMetadata) {
    if (serviceProviderMetadata != null) {
        try {
            MetadataConfigurationParser metadataConfigurationParser = new MetadataConfigurationParser(serviceProviderMetadata, ed -> {
                EntityInformation entityInfo = new EntityInformation.Builder(ed, SUPPORTED_BINDINGS).build();
                if (entityInfo != null) {
                    serviceProviders.put(ed.getEntityID(), entityInfo);
                }
            });
            serviceProviders.putAll(metadataConfigurationParser.getEntryDescriptions().entrySet().stream().map(e -> Maps.immutableEntry(e.getKey(), new EntityInformation.Builder(e.getValue(), SUPPORTED_BINDINGS).build())).filter(e -> nonNull(e.getValue())).collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue)));
        } catch (IOException e) {
            LOGGER.warn("Unable to parse SP metadata configuration. Check the configuration for SP metadata.", e);
        }
    }
}
Also used : RedirectBinding(org.codice.ddf.security.idp.binding.redirect.RedirectBinding) Encoded(javax.ws.rs.Encoded) Produces(javax.ws.rs.Produces) SOAPException(javax.xml.soap.SOAPException) SSOConstants(org.apache.cxf.rs.security.saml.sso.SSOConstants) DOM2Writer(org.apache.wss4j.common.util.DOM2Writer) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) EntityInformation(ddf.security.samlp.impl.EntityInformation) BasicAuthenticationHandler(org.codice.ddf.security.handler.basic.BasicAuthenticationHandler) SamlProtocol(ddf.security.samlp.SamlProtocol) ConstraintViolationException(net.shibboleth.utilities.java.support.logic.ConstraintViolationException) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) Map(java.util.Map) XMLStreamException(javax.xml.stream.XMLStreamException) RequestedAuthnContext(org.opensaml.saml.saml2.core.RequestedAuthnContext) UriBuilder(javax.ws.rs.core.UriBuilder) UsageType(org.opensaml.security.credential.UsageType) SignableSAMLObject(org.opensaml.saml.common.SignableSAMLObject) Set(java.util.Set) ResponseCreator(org.codice.ddf.security.idp.binding.api.ResponseCreator) StandardCharsets(java.nio.charset.StandardCharsets) SignableXMLObject(org.opensaml.xmlsec.signature.SignableXMLObject) IOUtils(org.apache.commons.io.IOUtils) ResponseUnmarshaller(ddf.security.liberty.paos.impl.ResponseUnmarshaller) HttpUtils(org.codice.ddf.security.common.HttpUtils) CertificateEncodingException(java.security.cert.CertificateEncodingException) GET(javax.ws.rs.GET) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) CookieCache(org.codice.ddf.security.idp.cache.CookieCache) ArrayList(java.util.ArrayList) RequestBuilder(ddf.security.liberty.paos.impl.RequestBuilder) SOAPElement(javax.xml.soap.SOAPElement) SecurityServiceException(ddf.security.service.SecurityServiceException) HttpServletRequest(javax.servlet.http.HttpServletRequest) OpenSAMLUtil(org.apache.wss4j.common.saml.OpenSAMLUtil) BaseAuthenticationToken(org.codice.ddf.security.handler.api.BaseAuthenticationToken) HandlerResult(org.codice.ddf.security.handler.api.HandlerResult) Boon(org.boon.Boon) Request(ddf.security.liberty.paos.Request) IOException(java.io.IOException) ConfigurationService(org.opensaml.core.config.ConfigurationService) Subject(ddf.security.Subject) SimpleSign(ddf.security.samlp.SimpleSign) SAMLAuthenticationToken(org.codice.ddf.security.handler.api.SAMLAuthenticationToken) StringReader(java.io.StringReader) Soap11(org.apache.cxf.binding.soap.Soap11) X509Certificate(java.security.cert.X509Certificate) ServletException(javax.servlet.ServletException) URL(java.net.URL) SOAPHeaderElement(javax.xml.soap.SOAPHeaderElement) XMLInputFactory(javax.xml.stream.XMLInputFactory) DOMUtils(org.apache.cxf.helpers.DOMUtils) SecurityAssertionImpl(ddf.security.assertion.impl.SecurityAssertionImpl) Path(javax.ws.rs.Path) CryptoType(org.apache.wss4j.common.crypto.CryptoType) LoggerFactory(org.slf4j.LoggerFactory) NewCookie(javax.ws.rs.core.NewCookie) SoapRequestDecoder(org.codice.ddf.security.idp.binding.soap.SoapRequestDecoder) XMLObjectProviderRegistry(org.opensaml.core.xml.config.XMLObjectProviderRegistry) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) QueryParam(javax.ws.rs.QueryParam) Consumes(javax.ws.rs.Consumes) SoapBinding(org.codice.ddf.security.idp.binding.soap.SoapBinding) XMLStreamReader(javax.xml.stream.XMLStreamReader) Binding(org.codice.ddf.security.idp.binding.api.Binding) SAAJInInterceptor(org.apache.cxf.binding.soap.saaj.SAAJInInterceptor) PKIAuthenticationTokenFactory(org.codice.ddf.security.handler.api.PKIAuthenticationTokenFactory) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Context(javax.ws.rs.core.Context) ImmutableSet(com.google.common.collect.ImmutableSet) StringUtils.isEmpty(org.apache.commons.lang.StringUtils.isEmpty) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) ValidationException(ddf.security.samlp.ValidationException) UUID(java.util.UUID) AuthnContextClassRef(org.opensaml.saml.saml2.core.AuthnContextClassRef) Collectors(java.util.stream.Collectors) SoapMessage(org.apache.cxf.binding.soap.SoapMessage) RequestUnmarshaller(ddf.security.liberty.paos.impl.RequestUnmarshaller) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Base64(java.util.Base64) List(java.util.List) PKIHandler(org.codice.ddf.security.handler.pki.PKIHandler) RequestMarshaller(ddf.security.liberty.paos.impl.RequestMarshaller) Response(javax.ws.rs.core.Response) Optional(java.util.Optional) ResponseMarshaller(ddf.security.liberty.paos.impl.ResponseMarshaller) Objects.nonNull(java.util.Objects.nonNull) EntityDescriptor(org.opensaml.saml.saml2.metadata.EntityDescriptor) MetadataConfigurationParser(ddf.security.samlp.MetadataConfigurationParser) RestSecurity(org.codice.ddf.security.common.jaxrs.RestSecurity) PostBinding(org.codice.ddf.security.idp.binding.post.PostBinding) ContextPolicy(org.codice.ddf.security.policy.context.ContextPolicy) ResponseBuilder(ddf.security.liberty.paos.impl.ResponseBuilder) HashMap(java.util.HashMap) StatusCode(org.opensaml.saml.saml2.core.StatusCode) XMLInputFactory2(org.codehaus.stax2.XMLInputFactory2) Node(org.w3c.dom.Node) SAML2Constants(org.apache.wss4j.common.saml.builder.SAML2Constants) Assertion(org.opensaml.saml.saml2.core.Assertion) EncryptionService(ddf.security.encryption.EncryptionService) HtmlResponseTemplate(ddf.security.samlp.impl.HtmlResponseTemplate) Cookie(javax.servlet.http.Cookie) XMLObject(org.opensaml.core.xml.XMLObject) GuestAuthenticationToken(org.codice.ddf.security.handler.api.GuestAuthenticationToken) FormParam(javax.ws.rs.FormParam) POST(javax.ws.rs.POST) Logger(org.slf4j.Logger) Iterator(java.util.Iterator) SystemBaseUrl(org.codice.ddf.configuration.SystemBaseUrl) MalformedURLException(java.net.MalformedURLException) ResponseCreatorImpl(org.codice.ddf.security.idp.binding.api.impl.ResponseCreatorImpl) SamlValidator(ddf.security.samlp.impl.SamlValidator) Maps(com.google.common.collect.Maps) URLEncoder(java.net.URLEncoder) SOAPPart(javax.xml.soap.SOAPPart) Element(org.w3c.dom.Element) SystemCrypto(ddf.security.samlp.SystemCrypto) RelayStates(ddf.security.samlp.impl.RelayStates) SecurityManager(ddf.security.service.SecurityManager) Collections(java.util.Collections) UPAuthenticationToken(org.codice.ddf.security.handler.api.UPAuthenticationToken) InputStream(java.io.InputStream) LogoutMessage(ddf.security.samlp.LogoutMessage) MetadataConfigurationParser(ddf.security.samlp.MetadataConfigurationParser) UriBuilder(javax.ws.rs.core.UriBuilder) RequestBuilder(ddf.security.liberty.paos.impl.RequestBuilder) ResponseBuilder(ddf.security.liberty.paos.impl.ResponseBuilder) EntityInformation(ddf.security.samlp.impl.EntityInformation) IOException(java.io.IOException)

Example 2 with EntityInformation

use of ddf.security.samlp.impl.EntityInformation in project ddf by codice.

the class RedirectValidator method validateAuthnRequest.

@Override
public void validateAuthnRequest(AuthnRequest authnRequest, String samlRequest, String relayState, String signatureAlgorithm, String signature, boolean strictSignature) throws SimpleSign.SignatureException, ValidationException {
    LOGGER.debug("Validating AuthnRequest required attributes and signature");
    if (strictSignature) {
        if (!StringUtils.isEmpty(signature) && !StringUtils.isEmpty(signatureAlgorithm)) {
            String signedParts;
            try {
                signedParts = String.format("SAMLRequest=%s&RelayState=%s&SigAlg=%s", URLEncoder.encode(samlRequest, "UTF-8"), relayState, URLEncoder.encode(signatureAlgorithm, "UTF-8"));
            } catch (UnsupportedEncodingException e) {
                throw new SimpleSign.SignatureException("Unable to construct signed query parts.", e);
            }
            EntityInformation entityInformation = getServiceProviders().get(authnRequest.getIssuer().getValue());
            if (entityInformation == null) {
                throw new ValidationException(String.format("Unable to find metadata for %s", authnRequest.getIssuer().getValue()));
            }
            String encryptionCertificate = entityInformation.getEncryptionCertificate();
            String signingCertificate = entityInformation.getSigningCertificate();
            if (signingCertificate == null) {
                throw new ValidationException("Unable to find signing certificate in metadata. Please check metadata.");
            }
            boolean result = getSimpleSign().validateSignature(signedParts, signature, signingCertificate);
            if (!result) {
                throw new ValidationException("Signature verification failed for redirect binding.");
            }
        } else {
            throw new SimpleSign.SignatureException("No signature present for AuthnRequest.");
        }
    }
    super.validateAuthnRequest(authnRequest, samlRequest, relayState, signatureAlgorithm, signature, strictSignature);
}
Also used : SimpleSign(ddf.security.samlp.SimpleSign) ValidationException(ddf.security.samlp.ValidationException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) EntityInformation(ddf.security.samlp.impl.EntityInformation)

Aggregations

SimpleSign (ddf.security.samlp.SimpleSign)2 ValidationException (ddf.security.samlp.ValidationException)2 EntityInformation (ddf.security.samlp.impl.EntityInformation)2 ImmutableSet (com.google.common.collect.ImmutableSet)1 Maps (com.google.common.collect.Maps)1 Subject (ddf.security.Subject)1 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 SecurityAssertionImpl (ddf.security.assertion.impl.SecurityAssertionImpl)1 EncryptionService (ddf.security.encryption.EncryptionService)1 Request (ddf.security.liberty.paos.Request)1 RequestBuilder (ddf.security.liberty.paos.impl.RequestBuilder)1 RequestMarshaller (ddf.security.liberty.paos.impl.RequestMarshaller)1 RequestUnmarshaller (ddf.security.liberty.paos.impl.RequestUnmarshaller)1 ResponseBuilder (ddf.security.liberty.paos.impl.ResponseBuilder)1 ResponseMarshaller (ddf.security.liberty.paos.impl.ResponseMarshaller)1 ResponseUnmarshaller (ddf.security.liberty.paos.impl.ResponseUnmarshaller)1 LogoutMessage (ddf.security.samlp.LogoutMessage)1 MetadataConfigurationParser (ddf.security.samlp.MetadataConfigurationParser)1 SamlProtocol (ddf.security.samlp.SamlProtocol)1 SystemCrypto (ddf.security.samlp.SystemCrypto)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial