use of org.opensaml.saml2.metadata.impl.SPSSODescriptorImpl in project OpenUnison by TremoloSecurity.
the class OpenUnisonUtils method exportSPMetaData.
private static void exportSPMetaData(Options options, CommandLine cmd, TremoloType tt, KeyStore ks) throws Exception, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, CertificateEncodingException, MarshallingException {
logger.info("Finding mechanism...");
String mechanismName = loadOption(cmd, "mechanismName", options);
MechanismType saml2Mech = loadMechanismType(mechanismName, tt);
logger.info("...found");
logger.info("Finding chain...");
String chainName = loadOption(cmd, "chainName", options);
AuthChainType act = loadChainType(chainName, tt);
logger.info("Looking for correct mechanism on the chain...");
AuthMechType currentMechanism = null;
for (AuthMechType amt : act.getAuthMech()) {
if (amt.getName().equalsIgnoreCase(mechanismName)) {
currentMechanism = amt;
break;
}
}
if (currentMechanism == null) {
System.err.println("Unknown chain on mechanism");
System.exit(1);
}
InitializationService.initialize();
logger.info("loading url base");
String urlBase = loadOption(cmd, "urlBase", options);
String url = urlBase + saml2Mech.getUri();
SecureRandom random = new SecureRandom();
byte[] idBytes = new byte[20];
random.nextBytes(idBytes);
String id = "f" + Hex.encodeHexString(idBytes);
EntityDescriptorBuilder edb = new EntityDescriptorBuilder();
EntityDescriptorImpl ed = (EntityDescriptorImpl) edb.buildObject();
ed.setID(id);
ed.setEntityID(url);
SPSSODescriptorBuilder spb = new SPSSODescriptorBuilder();
SPSSODescriptorImpl sp = (SPSSODescriptorImpl) spb.buildObject();
ed.getRoleDescriptors().add(sp);
HashMap<String, ParamWithValueType> params = new HashMap<String, ParamWithValueType>();
for (ParamWithValueType pt : currentMechanism.getParams().getParam()) {
params.put(pt.getName(), pt);
}
boolean assertionsSigned = params.get("assertionsSigned") != null && params.get("assertionsSigned").getValue().equalsIgnoreCase("true");
sp.setWantAssertionsSigned(assertionsSigned);
sp.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
SingleLogoutServiceBuilder slsb = new SingleLogoutServiceBuilder();
SingleLogoutService sls = slsb.buildObject();
sls.setLocation(url);
sls.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
sp.getSingleLogoutServices().add(sls);
sls = slsb.buildObject();
sls.setLocation(url);
sls.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
sp.getSingleLogoutServices().add(sls);
AssertionConsumerServiceBuilder acsb = new AssertionConsumerServiceBuilder();
AssertionConsumerService acs = acsb.buildObject();
acs.setLocation(url);
acs.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
acs.setIndex(0);
acs.setIsDefault(true);
sp.getAssertionConsumerServices().add(acs);
acs = acsb.buildObject();
acs.setLocation(url);
acs.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
acs.setIndex(1);
sp.getAssertionConsumerServices().add(acs);
if (params.get("spSigKey") != null && !params.get("spSigKey").getValue().isEmpty()) {
String alias = params.get("spSigKey").getValue();
X509Certificate certFromKS = (X509Certificate) ks.getCertificate(alias);
if (certFromKS == null) {
throw new Exception("Certificate '" + params.get("spSigKey").getValue() + "' not found");
}
PrivateKey keyFromKS = (PrivateKey) ks.getKey(alias, tt.getKeyStorePassword().toCharArray());
KeyDescriptorBuilder kdb = new KeyDescriptorBuilder();
KeyDescriptor kd = kdb.buildObject();
kd.setUse(UsageType.SIGNING);
KeyInfoBuilder kib = new KeyInfoBuilder();
KeyInfo ki = kib.buildObject();
X509DataBuilder x509b = new X509DataBuilder();
X509Data x509 = x509b.buildObject();
X509CertificateBuilder certb = new X509CertificateBuilder();
org.opensaml.xmlsec.signature.X509Certificate cert = certb.buildObject();
cert.setValue(new String(Base64.encode(certFromKS.getEncoded())));
x509.getX509Certificates().add(cert);
ki.getX509Datas().add(x509);
kd.setKeyInfo(ki);
sp.getKeyDescriptors().add(kd);
}
if (params.get("spEncKey") != null && !params.get("spEncKey").getValue().isEmpty()) {
String alias = params.get("spEncKey").getValue();
X509Certificate certFromKS = (X509Certificate) ks.getCertificate(alias);
if (certFromKS == null) {
throw new Exception("Certificate '" + params.get("spEncKey").getValue() + "' not found");
}
PrivateKey keyFromKS = (PrivateKey) ks.getKey(alias, tt.getKeyStorePassword().toCharArray());
KeyDescriptorBuilder kdb = new KeyDescriptorBuilder();
KeyDescriptor kd = kdb.buildObject();
kd.setUse(UsageType.ENCRYPTION);
KeyInfoBuilder kib = new KeyInfoBuilder();
KeyInfo ki = kib.buildObject();
X509DataBuilder x509b = new X509DataBuilder();
X509Data x509 = x509b.buildObject();
X509CertificateBuilder certb = new X509CertificateBuilder();
org.opensaml.xmlsec.signature.X509Certificate cert = certb.buildObject();
cert.setValue(new String(Base64.encode(certFromKS.getEncoded())));
x509.getX509Certificates().add(cert);
ki.getX509Datas().add(x509);
kd.setKeyInfo(ki);
sp.getKeyDescriptors().add(kd);
}
EntityDescriptorMarshaller marshaller = new EntityDescriptorMarshaller();
// Marshall the Subject
Element assertionElement = marshaller.marshall(ed);
String xml = net.shibboleth.utilities.java.support.xml.SerializeSupport.prettyPrintXML(assertionElement);
logger.info(xml);
}
use of org.opensaml.saml2.metadata.impl.SPSSODescriptorImpl in project MaxKey by dromara.
the class MetadataDescriptorUtil method main.
/**
* @param args
* @throws Exception
* @throws ConfigurationException
* @throws FileNotFoundException
*/
public static void main(String[] args) throws Exception, ConfigurationException, FileNotFoundException {
//
File file = new File("d:\\SAMLSP-00D90000000hf9n.xml");
org.opensaml.DefaultBootstrap.bootstrap();
EntityDescriptor entityDescriptor = MetadataDescriptorUtil.getInstance().getEntityDescriptor(file);
// System.out.println("2 : "+entityDescriptor.getRoleDescriptors());
// System.out.println("3 : "+idpEntityDescriptor.);
// System.out.println("+"+ entityDescriptor.getOrganization());
List<RoleDescriptor> listRoleDescriptor = entityDescriptor.getRoleDescriptors();
for (RoleDescriptor roleDescriptor : listRoleDescriptor) {
// sPSSODescriptor1=idpEntityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
if (roleDescriptor instanceof IDPSSODescriptorImpl) {
IDPSSODescriptor iDPSSODescriptor = (IDPSSODescriptorImpl) roleDescriptor;
System.out.println("3 : " + iDPSSODescriptor.getSingleSignOnServices().get(0).getLocation());
// System.out.println("- : "+iDPSSODescriptor.getNameIDFormats().get(0).getFormat());
// System.out.println("- : "+iDPSSODescriptor.getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0));
} else {
SPSSODescriptor sPSSODescriptor = (SPSSODescriptorImpl) roleDescriptor;
System.out.println("- : " + sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
// System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getBinding());
}
// System.out.println("===============================================");
}
// //two
InputStream in = new FileInputStream(file);
EntityDescriptor entityDescriptor1 = MetadataDescriptorUtil.getInstance().getEntityDescriptor(in);
SPSSODescriptor sPSSODescriptor = entityDescriptor1.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
System.out.println("ok :" + sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
// System.out.println("ok :"+sPSSODescriptor.getAssertionConsumerServices().get(0).getBinding());
// System.out.println("ok :"+sPSSODescriptor.getNameIDFormats().get(0).getFormat());
// System.out.println("ok :"+sPSSODescriptor.getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0));
}
Aggregations