Examples with SamlIdPProperties org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties used on opensource projects

Search in sources :

Example 11 with SamlIdPProperties

use of org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties in project cas by apereo.

the class TemplatedMetadataAndCertificatesGenerationService method buildMetadataGeneratorParameters.

/**
     * Build metadata generator parameters by passing the encryption,
     * signing and back-channel certs to the parameter generator.
     *
     * @throws Exception Thrown if cert files are missing, or metadata file inaccessible.
     */
protected void buildMetadataGeneratorParameters() throws Exception {
    final SamlIdPProperties idp = casProperties.getAuthn().getSamlIdp();
    final Resource template = this.resourceLoader.getResource("classpath:/template-idp-metadata.xml");
    String signingKey = FileUtils.readFileToString(idp.getMetadata().getSigningCertFile().getFile(), StandardCharsets.UTF_8);
    signingKey = StringUtils.remove(signingKey, BEGIN_CERTIFICATE);
    signingKey = StringUtils.remove(signingKey, END_CERTIFICATE).trim();
    String encryptionKey = FileUtils.readFileToString(idp.getMetadata().getEncryptionCertFile().getFile(), StandardCharsets.UTF_8);
    encryptionKey = StringUtils.remove(encryptionKey, BEGIN_CERTIFICATE);
    encryptionKey = StringUtils.remove(encryptionKey, END_CERTIFICATE).trim();
    try (StringWriter writer = new StringWriter()) {
        IOUtils.copy(template.getInputStream(), writer, StandardCharsets.UTF_8);
        final String metadata = writer.toString().replace("${entityId}", idp.getEntityId()).replace("${scope}", idp.getScope()).replace("${idpEndpointUrl}", getIdPEndpointUrl()).replace("${encryptionKey}", encryptionKey).replace("${signingKey}", signingKey);
        FileUtils.write(idp.getMetadata().getMetadataFile(), metadata, StandardCharsets.UTF_8);
    }
}
Also used : StringWriter(java.io.StringWriter) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) Resource(org.springframework.core.io.Resource)

Example 12 with SamlIdPProperties

use of org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties in project cas by apereo.

the class SamlIdPObjectSigner method getSignatureSigningConfiguration.

/**
 * Gets signature signing configuration.
 *
 * @param roleDescriptor the role descriptor
 * @param service        the service
 * @return the signature signing configuration
 * @throws Exception the exception
 */
protected SignatureSigningConfiguration getSignatureSigningConfiguration(final RoleDescriptor roleDescriptor, final SamlRegisteredService service) throws Exception {
    final BasicSignatureSigningConfiguration config = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureSigningConfiguration();
    final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
    if (this.overrideBlackListedSignatureAlgorithms != null && !samlIdp.getAlgs().getOverrideBlackListedSignatureSigningAlgorithms().isEmpty()) {
        config.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
    }
    if (this.overrideSignatureAlgorithms != null && !this.overrideSignatureAlgorithms.isEmpty()) {
        config.setSignatureAlgorithms(this.overrideSignatureAlgorithms);
    }
    if (this.overrideSignatureReferenceDigestMethods != null && !this.overrideSignatureReferenceDigestMethods.isEmpty()) {
        config.setSignatureReferenceDigestMethods(this.overrideSignatureReferenceDigestMethods);
    }
    if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
        config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
    }
    if (StringUtils.isNotBlank(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm())) {
        config.setSignatureCanonicalizationAlgorithm(samlIdp.getAlgs().getOverrideSignatureCanonicalizationAlgorithm());
    }
    LOGGER.debug("Signature signing blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
    LOGGER.debug("Signature signing signature algorithms: [{}]", config.getSignatureAlgorithms());
    LOGGER.debug("Signature signing signature canonicalization algorithm: [{}]", config.getSignatureCanonicalizationAlgorithm());
    LOGGER.debug("Signature signing whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
    LOGGER.debug("Signature signing reference digest methods: [{}]", config.getSignatureReferenceDigestMethods());
    final PrivateKey privateKey = getSigningPrivateKey();
    final SamlIdPProperties idp = casProperties.getAuthn().getSamlIdp();
    final MetadataCredentialResolver kekCredentialResolver = new MetadataCredentialResolver();
    kekCredentialResolver.setRoleDescriptorResolver(SamlIdPUtils.getRoleDescriptorResolver(casSamlIdPMetadataResolver, idp.getMetadata().isRequireValidMetadata()));
    kekCredentialResolver.setKeyInfoCredentialResolver(DefaultSecurityConfigurationBootstrap.buildBasicInlineKeyInfoCredentialResolver());
    kekCredentialResolver.initialize();
    final CriteriaSet criteriaSet = new CriteriaSet();
    criteriaSet.add(new SignatureSigningConfigurationCriterion(config));
    criteriaSet.add(new UsageCriterion(UsageType.SIGNING));
    criteriaSet.add(new EntityIdCriterion(casProperties.getAuthn().getSamlIdp().getEntityId()));
    criteriaSet.add(new EntityRoleCriterion(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
    final Set<Credential> credentials = Sets.newLinkedHashSet(kekCredentialResolver.resolve(criteriaSet));
    final List<Credential> creds = new ArrayList<>();
    credentials.forEach(c -> {
        final AbstractCredential cred = getResolvedSigningCredential(c, privateKey, service);
        if (cred != null) {
            creds.add(cred);
        }
    });
    config.setSigningCredentials(creds);
    LOGGER.debug("Signature signing credentials configured with [{}] credentials", creds.size());
    return config;
}
Also used : UsageCriterion(org.opensaml.security.criteria.UsageCriterion) BasicCredential(org.opensaml.security.credential.BasicCredential) BasicX509Credential(org.opensaml.security.x509.BasicX509Credential) AbstractCredential(org.opensaml.security.credential.AbstractCredential) Credential(org.opensaml.security.credential.Credential) PrivateKey(java.security.PrivateKey) EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion) ArrayList(java.util.ArrayList) MetadataCredentialResolver(org.opensaml.saml.security.impl.MetadataCredentialResolver) AbstractCredential(org.opensaml.security.credential.AbstractCredential) SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet) EntityRoleCriterion(org.opensaml.saml.criterion.EntityRoleCriterion) SignatureSigningConfigurationCriterion(org.opensaml.xmlsec.criterion.SignatureSigningConfigurationCriterion) BasicSignatureSigningConfiguration(org.opensaml.xmlsec.impl.BasicSignatureSigningConfiguration)

Example 13 with SamlIdPProperties

use of org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties in project cas by apereo.

the class SamlIdPObjectSigner method getSigningPrivateKey.

/**
 * Gets signing private key.
 *
 * @return the signing private key
 * @throws Exception the exception
 */
protected PrivateKey getSigningPrivateKey() throws Exception {
    final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
    final Resource signingKey = samlIdPMetadataLocator.getSigningKey();
    final PrivateKeyFactoryBean privateKeyFactoryBean = new PrivateKeyFactoryBean();
    privateKeyFactoryBean.setLocation(new FileSystemResource(signingKey.getFile()));
    privateKeyFactoryBean.setAlgorithm(samlIdp.getMetadata().getPrivateKeyAlgName());
    privateKeyFactoryBean.setSingleton(false);
    LOGGER.debug("Locating signature signing key file from [{}]", signingKey);
    return privateKeyFactoryBean.getObject();
}
Also used : SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) PrivateKeyFactoryBean(org.apereo.cas.util.crypto.PrivateKeyFactoryBean) Resource(org.springframework.core.io.Resource) FileSystemResource(org.springframework.core.io.FileSystemResource) FileSystemResource(org.springframework.core.io.FileSystemResource)

Example 14 with SamlIdPProperties

use of org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties in project cas by apereo.

the class SamlObjectSignatureValidator method getSignatureValidationConfiguration.

/**
 * Gets signature validation configuration.
 *
 * @return the signature validation configuration
 */
protected SignatureValidationConfiguration getSignatureValidationConfiguration() {
    final BasicSignatureValidationConfiguration config = DefaultSecurityConfigurationBootstrap.buildDefaultSignatureValidationConfiguration();
    final SamlIdPProperties samlIdp = casProperties.getAuthn().getSamlIdp();
    if (this.overrideBlackListedSignatureAlgorithms != null && !samlIdp.getAlgs().getOverrideBlackListedSignatureSigningAlgorithms().isEmpty()) {
        config.setBlacklistedAlgorithms(this.overrideBlackListedSignatureAlgorithms);
        config.setWhitelistMerge(true);
    }
    if (this.overrideWhiteListedAlgorithms != null && !this.overrideWhiteListedAlgorithms.isEmpty()) {
        config.setWhitelistedAlgorithms(this.overrideWhiteListedAlgorithms);
        config.setBlacklistMerge(true);
    }
    LOGGER.debug("Signature validation blacklisted algorithms: [{}]", config.getBlacklistedAlgorithms());
    LOGGER.debug("Signature validation whitelisted algorithms: [{}]", config.getWhitelistedAlgorithms());
    return config;
}
Also used : SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) BasicSignatureValidationConfiguration(org.opensaml.xmlsec.impl.BasicSignatureValidationConfiguration)

Example 15 with SamlIdPProperties

use of org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties in project cas by apereo.

the class SamlIdPMetadataConfiguration method casSamlIdPMetadataResolver.

@Lazy
@Bean(initMethod = "initialize", destroyMethod = "destroy")
@DependsOn("samlIdPMetadataGenerator")
@SneakyThrows
@Autowired
public MetadataResolver casSamlIdPMetadataResolver(@Qualifier("samlMetadataLocator") final SamlIdPMetadataLocator samlMetadataLocator) {
    final SamlIdPProperties idp = casProperties.getAuthn().getSamlIdp();
    final ResourceBackedMetadataResolver resolver = new ResourceBackedMetadataResolver(ResourceHelper.of(samlMetadataLocator.getMetadata()));
    resolver.setParserPool(this.openSamlConfigBean.getParserPool());
    resolver.setFailFastInitialization(idp.getMetadata().isFailFast());
    resolver.setRequireValidMetadata(idp.getMetadata().isRequireValidMetadata());
    resolver.setId(idp.getEntityId());
    return resolver;
}
Also used : SamlIdPProperties(org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties) ResourceBackedMetadataResolver(org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver) Lazy(org.springframework.context.annotation.Lazy) DependsOn(org.springframework.context.annotation.DependsOn) Autowired(org.springframework.beans.factory.annotation.Autowired) SneakyThrows(lombok.SneakyThrows) ConditionalOnMissingBean(org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean) OpenSamlConfigBean(org.apereo.cas.support.saml.OpenSamlConfigBean) Bean(org.springframework.context.annotation.Bean)

Aggregations

SamlIdPProperties (org.apereo.cas.configuration.model.support.saml.idp.SamlIdPProperties)16 FileSystemResource (org.springframework.core.io.FileSystemResource)5 Resource (org.springframework.core.io.Resource)4 ArrayList (java.util.ArrayList)3 OpenSamlConfigBean (org.apereo.cas.support.saml.OpenSamlConfigBean)3 BasicX509Credential (org.opensaml.security.x509.BasicX509Credential)3 ConditionalOnMissingBean (org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean)3 Bean (org.springframework.context.annotation.Bean)3 PrivateKey (java.security.PrivateKey)2 X509Certificate (java.security.cert.X509Certificate)2 CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)2 SelfSignedCertificateGenerator (net.shibboleth.utilities.java.support.security.SelfSignedCertificateGenerator)2 PrivateKeyFactoryBean (org.apereo.cas.util.crypto.PrivateKeyFactoryBean)2 EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)2 EntityRoleCriterion (org.opensaml.saml.criterion.EntityRoleCriterion)2 ResourceBackedMetadataResolver (org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver)2 MetadataCredentialResolver (org.opensaml.saml.security.impl.MetadataCredentialResolver)2 BasicCredential (org.opensaml.security.credential.BasicCredential)2 Credential (org.opensaml.security.credential.Credential)2 UsageCriterion (org.opensaml.security.criteria.UsageCriterion)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial