Search in sources :

Example 6 with DeflateEncoderDecoder

use of org.apache.cxf.rs.security.saml.DeflateEncoderDecoder in project testcases by coheigea.

the class SamlSso method login.

@GET
public javax.ws.rs.core.Response login(@QueryParam("SAMLRequest") String samlRequest, @QueryParam("RelayState") String relayState) throws Exception {
    byte[] deflatedToken = Base64Utility.decode(samlRequest);
    InputStream tokenStream = new DeflateEncoderDecoder().inflateToken(deflatedToken);
    Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, "UTF-8"));
    AuthnRequest request = (AuthnRequest) OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
    System.out.println(DOM2Writer.nodeToString(responseDoc));
    String racs = request.getAssertionConsumerServiceURL();
    String requestIssuer = request.getIssuer().getValue();
    // Match the RACS + Issuer against known values
    boolean match = false;
    if (serviceProviders != null) {
        for (ServiceProvider sp : serviceProviders) {
            if (sp.getIssuer() != null && sp.getIssuer().equals(requestIssuer) && ((sp.getRacs() != null && sp.getRacs().equals(racs)) || sp.getRacs() == null)) {
                match = true;
            }
        }
    }
    if (!match) {
        throw new BadRequestException();
    }
    // Create the response
    Element response = createResponse(request.getID(), racs, requestIssuer);
    String responseStr = encodeResponse(response);
    // Perform Redirect to RACS
    UriBuilder ub = UriBuilder.fromUri(racs);
    ub.queryParam("SAMLResponse", responseStr);
    ub.queryParam("RelayState", relayState);
    return javax.ws.rs.core.Response.seeOther(ub.build()).build();
}
Also used : InputStreamReader(java.io.InputStreamReader) AuthnRequest(org.opensaml.saml.saml2.core.AuthnRequest) InputStream(java.io.InputStream) Element(org.w3c.dom.Element) BadRequestException(javax.ws.rs.BadRequestException) Document(org.w3c.dom.Document) UriBuilder(javax.ws.rs.core.UriBuilder) DeflateEncoderDecoder(org.apache.cxf.rs.security.saml.DeflateEncoderDecoder) GET(javax.ws.rs.GET)

Example 7 with DeflateEncoderDecoder

use of org.apache.cxf.rs.security.saml.DeflateEncoderDecoder in project testcases by coheigea.

the class SamlSso method encodeResponse.

private String encodeResponse(Element response) throws IOException {
    String responseMessage = DOM2Writer.nodeToString(response);
    System.out.println("RESP: " + responseMessage);
    DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
    byte[] deflatedBytes = encoder.deflateToken(responseMessage.getBytes("UTF-8"));
    return Base64Utility.encode(deflatedBytes);
}
Also used : DeflateEncoderDecoder(org.apache.cxf.rs.security.saml.DeflateEncoderDecoder)

Example 8 with DeflateEncoderDecoder

use of org.apache.cxf.rs.security.saml.DeflateEncoderDecoder in project syncope by apache.

the class SAML2ReaderWriter method encode.

public String encode(final RequestAbstractType request, final boolean useDeflateEncoding) throws WSSecurityException, TransformerException, IOException {
    StringWriter writer = new StringWriter();
    write(writer, request, true);
    writer.close();
    String requestMessage = writer.toString();
    byte[] deflatedBytes;
    // not correct according to the spec but required by some IdPs.
    if (useDeflateEncoding) {
        deflatedBytes = new DeflateEncoderDecoder().deflateToken(requestMessage.getBytes(StandardCharsets.UTF_8));
    } else {
        deflatedBytes = requestMessage.getBytes(StandardCharsets.UTF_8);
    }
    return Base64.getEncoder().encodeToString(deflatedBytes);
}
Also used : StringWriter(java.io.StringWriter) DeflateEncoderDecoder(org.apache.cxf.rs.security.saml.DeflateEncoderDecoder)

Example 9 with DeflateEncoderDecoder

use of org.apache.cxf.rs.security.saml.DeflateEncoderDecoder in project syncope by apache.

the class SAML2ReaderWriter method read.

public XMLObject read(final boolean useDeflateEncoding, final String response) throws DataFormatException, UnsupportedEncodingException, XMLStreamException, WSSecurityException {
    InputStream tokenStream;
    byte[] deflatedToken = Base64.getDecoder().decode(response);
    tokenStream = useDeflateEncoding ? new DeflateEncoderDecoder().inflateToken(deflatedToken) : new ByteArrayInputStream(deflatedToken);
    // parse the provided SAML response
    Document responseDoc = StaxUtils.read(new InputStreamReader(tokenStream, StandardCharsets.UTF_8));
    XMLObject responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
    if (LOG.isDebugEnabled()) {
        try {
            StringWriter writer = new StringWriter();
            write(writer, responseObject, false);
            writer.close();
            LOG.debug("Parsed SAML response: {}", writer.toString());
        } catch (Exception e) {
            LOG.error("Could not log the received SAML response", e);
        }
    }
    return responseObject;
}
Also used : InputStreamReader(java.io.InputStreamReader) StringWriter(java.io.StringWriter) ByteArrayInputStream(java.io.ByteArrayInputStream) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) XMLObject(org.opensaml.core.xml.XMLObject) Document(org.w3c.dom.Document) DeflateEncoderDecoder(org.apache.cxf.rs.security.saml.DeflateEncoderDecoder) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) XMLStreamException(javax.xml.stream.XMLStreamException) SecurityException(org.opensaml.security.SecurityException) SignatureException(java.security.SignatureException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) InvalidKeyException(java.security.InvalidKeyException) UnsupportedEncodingException(java.io.UnsupportedEncodingException) TransformerException(javax.xml.transform.TransformerException) DataFormatException(java.util.zip.DataFormatException) TransformerConfigurationException(javax.xml.transform.TransformerConfigurationException) IOException(java.io.IOException)

Example 10 with DeflateEncoderDecoder

use of org.apache.cxf.rs.security.saml.DeflateEncoderDecoder in project cxf by apache.

the class AbstractRequestAssertionConsumerHandler method readSAMLResponse.

private org.opensaml.saml.saml2.core.Response readSAMLResponse(boolean postBinding, String samlResponse) {
    if (StringUtils.isEmpty(samlResponse)) {
        reportError("MISSING_SAML_RESPONSE");
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    String samlResponseDecoded = samlResponse;
    /*
        // URL Decoding only applies for the re-direct binding
        if (!postBinding) {
            try {
                samlResponseDecoded = URLDecoder.decode(samlResponse, StandardCharsets.UTF_8);
            } catch (UnsupportedEncodingException e) {
                throw ExceptionUtils.toBadRequestException(null, null);
            }
        }
        */
    final Reader reader;
    if (isSupportBase64Encoding()) {
        try {
            byte[] deflatedToken = Base64Utility.decode(samlResponseDecoded);
            final InputStream tokenStream = !postBinding && isSupportDeflateEncoding() ? new DeflateEncoderDecoder().inflateToken(deflatedToken) : new ByteArrayInputStream(deflatedToken);
            reader = new InputStreamReader(tokenStream, StandardCharsets.UTF_8);
        } catch (Base64Exception | DataFormatException ex) {
            throw ExceptionUtils.toBadRequestException(ex, null);
        }
    } else {
        reader = new StringReader(samlResponseDecoded);
    }
    final Document responseDoc;
    try {
        responseDoc = StaxUtils.read(reader);
    } catch (Exception ex) {
        throw new WebApplicationException(400);
    }
    if (LOG.isLoggable(Level.FINE)) {
        LOG.fine("Received response: " + DOM2Writer.nodeToString(responseDoc.getDocumentElement()));
    }
    final XMLObject responseObject;
    try {
        responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
    } catch (WSSecurityException ex) {
        throw ExceptionUtils.toBadRequestException(ex, null);
    }
    if (!(responseObject instanceof org.opensaml.saml.saml2.core.Response)) {
        throw ExceptionUtils.toBadRequestException(null, null);
    }
    return (org.opensaml.saml.saml2.core.Response) responseObject;
}
Also used : InputStreamReader(java.io.InputStreamReader) WebApplicationException(javax.ws.rs.WebApplicationException) ByteArrayInputStream(java.io.ByteArrayInputStream) InputStream(java.io.InputStream) Reader(java.io.Reader) InputStreamReader(java.io.InputStreamReader) StringReader(java.io.StringReader) XMLObject(org.opensaml.core.xml.XMLObject) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) Document(org.w3c.dom.Document) DeflateEncoderDecoder(org.apache.cxf.rs.security.saml.DeflateEncoderDecoder) WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException) DataFormatException(java.util.zip.DataFormatException) IOException(java.io.IOException) Base64Exception(org.apache.cxf.common.util.Base64Exception) WebApplicationException(javax.ws.rs.WebApplicationException) Response(javax.ws.rs.core.Response) DataFormatException(java.util.zip.DataFormatException) ByteArrayInputStream(java.io.ByteArrayInputStream) Base64Exception(org.apache.cxf.common.util.Base64Exception) StringReader(java.io.StringReader)

Aggregations

DeflateEncoderDecoder (org.apache.cxf.rs.security.saml.DeflateEncoderDecoder)10 ByteArrayInputStream (java.io.ByteArrayInputStream)4 InputStream (java.io.InputStream)3 InputStreamReader (java.io.InputStreamReader)3 StringWriter (java.io.StringWriter)3 Document (org.w3c.dom.Document)3 IOException (java.io.IOException)2 DataFormatException (java.util.zip.DataFormatException)2 Inflater (java.util.zip.Inflater)2 InflaterInputStream (java.util.zip.InflaterInputStream)2 WSSecurityException (org.apache.wss4j.common.ext.WSSecurityException)2 Test (org.junit.Test)2 XMLObject (org.opensaml.core.xml.XMLObject)2 Reader (java.io.Reader)1 StringReader (java.io.StringReader)1 UnsupportedEncodingException (java.io.UnsupportedEncodingException)1 InvalidKeyException (java.security.InvalidKeyException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 SignatureException (java.security.SignatureException)1 BadRequestException (javax.ws.rs.BadRequestException)1