Example 1 with UriBuilderImpl
use of org.apache.cxf.jaxrs.impl.UriBuilderImpl in project ddf by codice.
the class SimpleSignTest method testSignUriStringWithDsa.
@Test
public void testSignUriStringWithDsa() throws Exception {
systemCrypto = new SystemCrypto("dsa-encryption.properties", "dsa-signature.properties", encryptionService);
simpleSign = new SimpleSign(systemCrypto);
String deflatedSamlResponse = deflateAndBase64Encode(cannedResponse);
String queryParams = String.format("SAMLResponse=%s&RelayState=%s", URLEncoder.encode(deflatedSamlResponse, "UTF-8"), URLEncoder.encode(RELAY_STATE_VAL, "UTF-8"));
String idpRequest = SINGLE_SIGN_ON_LOCATION + "?" + queryParams;
UriBuilder idpUri = new UriBuilderImpl(new URI(idpRequest));
simpleSign.signUriString(queryParams, idpUri);
String signatureAlgorithm = URLEncodedUtils.parse(idpUri.build(), "UTF-8").get(2).getValue();
String signatureString = URLEncodedUtils.parse(idpUri.build(), "UTF-8").get(3).getValue();
String signedMessage = String.format("%s=%s&%s=%s&%s=%s", SAML_RESPONSE, URLEncoder.encode(deflatedSamlResponse, "UTF-8"), RELAY_STATE, URLEncoder.encode(RELAY_STATE_VAL, "UTF-8"), SIG_ALG, URLEncoder.encode(signatureAlgorithm, "UTF-8"));
boolean valid = simpleSign.validateSignature(signedMessage, signatureString, dsaCert);
assertTrue("Signature was expected to be valid", valid);
}
Also used :
UriBuilder(javax.ws.rs.core.UriBuilder)
UriBuilderImpl(org.apache.cxf.jaxrs.impl.UriBuilderImpl)
URI(java.net.URI)
Test(org.junit.Test)
Example 2 with UriBuilderImpl
use of org.apache.cxf.jaxrs.impl.UriBuilderImpl in project ddf by codice.
the class SimpleSignTest method testSignUriStringAndModifyWithDsa.
@Test(expected = SimpleSign.SignatureException.class)
public void testSignUriStringAndModifyWithDsa() throws Exception {
systemCrypto = new SystemCrypto("dsa-encryption.properties", "dsa-signature.properties", encryptionService);
simpleSign = new SimpleSign(systemCrypto);
String deflatedSamlResponse = deflateAndBase64Encode(cannedResponse);
String queryParams = String.format("SAMLResponse=%s&RelayState=%s", URLEncoder.encode(deflatedSamlResponse, "UTF-8"), URLEncoder.encode(RELAY_STATE_VAL, "UTF-8"));
String idpRequest = SINGLE_SIGN_ON_LOCATION + "?" + queryParams;
UriBuilder idpUri = new UriBuilderImpl(new URI(idpRequest));
simpleSign.signUriString(queryParams, idpUri);
idpUri.queryParam("RelayState", "changedit");
String signatureAlgorithm = URLEncodedUtils.parse(idpUri.build(), "UTF-8").get(2).getValue();
String signatureString = URLEncodedUtils.parse(idpUri.build(), "UTF-8").get(3).getValue();
String signedMessage = String.format("%s=%s&%s=%s&%s=%s", SAML_RESPONSE, URLEncoder.encode(deflatedSamlResponse, "UTF-8"), RELAY_STATE, URLEncoder.encode(RELAY_STATE_VAL, "UTF-8"), SIG_ALG, URLEncoder.encode(signatureAlgorithm, "UTF-8"));
simpleSign.validateSignature(signedMessage, signatureString, dsaCert);
}
Also used :
UriBuilder(javax.ws.rs.core.UriBuilder)
UriBuilderImpl(org.apache.cxf.jaxrs.impl.UriBuilderImpl)
URI(java.net.URI)
Test(org.junit.Test)
Example 3 with UriBuilderImpl
use of org.apache.cxf.jaxrs.impl.UriBuilderImpl in project ddf by codice.
the class IdpHandler method doHttpRedirectBinding.
private void doHttpRedirectBinding(HttpServletRequest request, HttpServletResponse response) throws ServletException {
String redirectUrl;
String idpRequest = null;
String relayState = createRelayState(request);
try {
IDPSSODescriptor idpssoDescriptor = idpMetadata.getDescriptor();
if (idpssoDescriptor == null) {
throw new ServletException("IdP metadata is missing. No IDPSSODescriptor present.");
}
String queryParams = String.format("SAMLRequest=%s&RelayState=%s", encodeAuthnRequest(createAndSignAuthnRequest(false, idpssoDescriptor.getWantAuthnRequestsSigned()), false), URLEncoder.encode(relayState, "UTF-8"));
idpRequest = idpMetadata.getSingleSignOnLocation() + "?" + queryParams;
UriBuilder idpUri = new UriBuilderImpl(new URI(idpRequest));
simpleSign.signUriString(queryParams, idpUri);
redirectUrl = idpUri.build().toString();
} catch (UnsupportedEncodingException e) {
LOGGER.info("Unable to encode relay state: {}", relayState, e);
throw new ServletException("Unable to create return location");
} catch (SimpleSign.SignatureException e) {
String msg = "Unable to sign request";
LOGGER.info(msg, e);
throw new ServletException(msg);
} catch (URISyntaxException e) {
LOGGER.info("Unable to parse IDP request location: {}", idpRequest, e);
throw new ServletException("Unable to determine IDP location.");
}
try {
response.sendRedirect(redirectUrl);
response.flushBuffer();
} catch (IOException e) {
LOGGER.info("Unable to redirect AuthnRequest to {}", redirectUrl, e);
throw new ServletException("Unable to redirect to IdP");
}
}
Also used :
ServletException(javax.servlet.ServletException)
SimpleSign(ddf.security.samlp.SimpleSign)
IDPSSODescriptor(org.opensaml.saml.saml2.metadata.IDPSSODescriptor)
UnsupportedEncodingException(java.io.UnsupportedEncodingException)
URISyntaxException(java.net.URISyntaxException)
IOException(java.io.IOException)
UriBuilder(javax.ws.rs.core.UriBuilder)
UriBuilderImpl(org.apache.cxf.jaxrs.impl.UriBuilderImpl)
URI(java.net.URI)
Aggregations
URI (java.net.URI)3
UriBuilder (javax.ws.rs.core.UriBuilder)3
UriBuilderImpl (org.apache.cxf.jaxrs.impl.UriBuilderImpl)3
Test (org.junit.Test)2
SimpleSign (ddf.security.samlp.SimpleSign)1
IOException (java.io.IOException)1
UnsupportedEncodingException (java.io.UnsupportedEncodingException)1
URISyntaxException (java.net.URISyntaxException)1
ServletException (javax.servlet.ServletException)1
IDPSSODescriptor (org.opensaml.saml.saml2.metadata.IDPSSODescriptor)1
