Search in sources :

Example 1 with SPSSODescriptorImpl

use of org.opensaml.saml2.metadata.impl.SPSSODescriptorImpl in project OpenUnison by TremoloSecurity.

the class OpenUnisonUtils method exportSPMetaData.

private static void exportSPMetaData(Options options, CommandLine cmd, TremoloType tt, KeyStore ks) throws Exception, KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, CertificateEncodingException, MarshallingException {
    logger.info("Finding mechanism...");
    String mechanismName = loadOption(cmd, "mechanismName", options);
    MechanismType saml2Mech = loadMechanismType(mechanismName, tt);
    logger.info("...found");
    logger.info("Finding chain...");
    String chainName = loadOption(cmd, "chainName", options);
    AuthChainType act = loadChainType(chainName, tt);
    logger.info("Looking for correct mechanism on the chain...");
    AuthMechType currentMechanism = null;
    for (AuthMechType amt : act.getAuthMech()) {
        if (amt.getName().equalsIgnoreCase(mechanismName)) {
            currentMechanism = amt;
            break;
        }
    }
    if (currentMechanism == null) {
        System.err.println("Unknown chain on mechanism");
        System.exit(1);
    }
    InitializationService.initialize();
    logger.info("loading url base");
    String urlBase = loadOption(cmd, "urlBase", options);
    String url = urlBase + saml2Mech.getUri();
    SecureRandom random = new SecureRandom();
    byte[] idBytes = new byte[20];
    random.nextBytes(idBytes);
    String id = "f" + Hex.encodeHexString(idBytes);
    EntityDescriptorBuilder edb = new EntityDescriptorBuilder();
    EntityDescriptorImpl ed = (EntityDescriptorImpl) edb.buildObject();
    ed.setID(id);
    ed.setEntityID(url);
    SPSSODescriptorBuilder spb = new SPSSODescriptorBuilder();
    SPSSODescriptorImpl sp = (SPSSODescriptorImpl) spb.buildObject();
    ed.getRoleDescriptors().add(sp);
    HashMap<String, ParamWithValueType> params = new HashMap<String, ParamWithValueType>();
    for (ParamWithValueType pt : currentMechanism.getParams().getParam()) {
        params.put(pt.getName(), pt);
    }
    boolean assertionsSigned = params.get("assertionsSigned") != null && params.get("assertionsSigned").getValue().equalsIgnoreCase("true");
    sp.setWantAssertionsSigned(assertionsSigned);
    sp.addSupportedProtocol("urn:oasis:names:tc:SAML:2.0:protocol");
    SingleLogoutServiceBuilder slsb = new SingleLogoutServiceBuilder();
    SingleLogoutService sls = slsb.buildObject();
    sls.setLocation(url);
    sls.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
    sp.getSingleLogoutServices().add(sls);
    sls = slsb.buildObject();
    sls.setLocation(url);
    sls.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
    sp.getSingleLogoutServices().add(sls);
    AssertionConsumerServiceBuilder acsb = new AssertionConsumerServiceBuilder();
    AssertionConsumerService acs = acsb.buildObject();
    acs.setLocation(url);
    acs.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
    acs.setIndex(0);
    acs.setIsDefault(true);
    sp.getAssertionConsumerServices().add(acs);
    acs = acsb.buildObject();
    acs.setLocation(url);
    acs.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect");
    acs.setIndex(1);
    sp.getAssertionConsumerServices().add(acs);
    if (params.get("spSigKey") != null && !params.get("spSigKey").getValue().isEmpty()) {
        String alias = params.get("spSigKey").getValue();
        X509Certificate certFromKS = (X509Certificate) ks.getCertificate(alias);
        if (certFromKS == null) {
            throw new Exception("Certificate '" + params.get("spSigKey").getValue() + "' not found");
        }
        PrivateKey keyFromKS = (PrivateKey) ks.getKey(alias, tt.getKeyStorePassword().toCharArray());
        KeyDescriptorBuilder kdb = new KeyDescriptorBuilder();
        KeyDescriptor kd = kdb.buildObject();
        kd.setUse(UsageType.SIGNING);
        KeyInfoBuilder kib = new KeyInfoBuilder();
        KeyInfo ki = kib.buildObject();
        X509DataBuilder x509b = new X509DataBuilder();
        X509Data x509 = x509b.buildObject();
        X509CertificateBuilder certb = new X509CertificateBuilder();
        org.opensaml.xmlsec.signature.X509Certificate cert = certb.buildObject();
        cert.setValue(new String(Base64.encode(certFromKS.getEncoded())));
        x509.getX509Certificates().add(cert);
        ki.getX509Datas().add(x509);
        kd.setKeyInfo(ki);
        sp.getKeyDescriptors().add(kd);
    }
    if (params.get("spEncKey") != null && !params.get("spEncKey").getValue().isEmpty()) {
        String alias = params.get("spEncKey").getValue();
        X509Certificate certFromKS = (X509Certificate) ks.getCertificate(alias);
        if (certFromKS == null) {
            throw new Exception("Certificate '" + params.get("spEncKey").getValue() + "' not found");
        }
        PrivateKey keyFromKS = (PrivateKey) ks.getKey(alias, tt.getKeyStorePassword().toCharArray());
        KeyDescriptorBuilder kdb = new KeyDescriptorBuilder();
        KeyDescriptor kd = kdb.buildObject();
        kd.setUse(UsageType.ENCRYPTION);
        KeyInfoBuilder kib = new KeyInfoBuilder();
        KeyInfo ki = kib.buildObject();
        X509DataBuilder x509b = new X509DataBuilder();
        X509Data x509 = x509b.buildObject();
        X509CertificateBuilder certb = new X509CertificateBuilder();
        org.opensaml.xmlsec.signature.X509Certificate cert = certb.buildObject();
        cert.setValue(new String(Base64.encode(certFromKS.getEncoded())));
        x509.getX509Certificates().add(cert);
        ki.getX509Datas().add(x509);
        kd.setKeyInfo(ki);
        sp.getKeyDescriptors().add(kd);
    }
    EntityDescriptorMarshaller marshaller = new EntityDescriptorMarshaller();
    // Marshall the Subject
    Element assertionElement = marshaller.marshall(ed);
    String xml = net.shibboleth.utilities.java.support.xml.SerializeSupport.prettyPrintXML(assertionElement);
    logger.info(xml);
}
Also used : PrivateKey(java.security.PrivateKey) SPSSODescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorBuilder) HashMap(java.util.HashMap) KeyInfoBuilder(org.opensaml.xmlsec.signature.impl.KeyInfoBuilder) KeyDescriptor(org.opensaml.saml.saml2.metadata.KeyDescriptor) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) EntityDescriptorMarshaller(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorMarshaller) X509Data(org.opensaml.xmlsec.signature.X509Data) EntityDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorBuilder) X509DataBuilder(org.opensaml.xmlsec.signature.impl.X509DataBuilder) KeyInfo(org.opensaml.xmlsec.signature.KeyInfo) SingleLogoutServiceBuilder(org.opensaml.saml.saml2.metadata.impl.SingleLogoutServiceBuilder) MechanismType(com.tremolosecurity.config.xml.MechanismType) AssertionConsumerService(org.opensaml.saml.saml2.metadata.AssertionConsumerService) ParamWithValueType(com.tremolosecurity.config.xml.ParamWithValueType) AuthChainType(com.tremolosecurity.config.xml.AuthChainType) EntityDescriptorImpl(org.opensaml.saml.saml2.metadata.impl.EntityDescriptorImpl) SingleLogoutService(org.opensaml.saml.saml2.metadata.SingleLogoutService) AssertionConsumerServiceBuilder(org.opensaml.saml.saml2.metadata.impl.AssertionConsumerServiceBuilder) X509CertificateBuilder(org.opensaml.xmlsec.signature.impl.X509CertificateBuilder) AuthMechType(com.tremolosecurity.config.xml.AuthMechType) SecureRandom(java.security.SecureRandom) X509Certificate(java.security.cert.X509Certificate) KeyStoreException(java.security.KeyStoreException) SignatureException(org.opensaml.xmlsec.signature.support.SignatureException) SecurityException(org.opensaml.security.SecurityException) UnmarshallingException(org.opensaml.core.xml.io.UnmarshallingException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) CertificateEncodingException(java.security.cert.CertificateEncodingException) MarshallingException(org.opensaml.core.xml.io.MarshallingException) IOException(java.io.IOException) Base64DecodingException(org.apache.xml.security.exceptions.Base64DecodingException) ServletException(javax.servlet.ServletException) PropertyException(javax.xml.bind.PropertyException) JAXBException(javax.xml.bind.JAXBException) FileNotFoundException(java.io.FileNotFoundException) SAXException(org.xml.sax.SAXException) UnrecoverableKeyException(java.security.UnrecoverableKeyException) CertificateException(java.security.cert.CertificateException) ParserConfigurationException(javax.xml.parsers.ParserConfigurationException) SPSSODescriptorImpl(org.opensaml.saml.saml2.metadata.impl.SPSSODescriptorImpl) KeyDescriptorBuilder(org.opensaml.saml.saml2.metadata.impl.KeyDescriptorBuilder)

Example 2 with SPSSODescriptorImpl

use of org.opensaml.saml2.metadata.impl.SPSSODescriptorImpl in project MaxKey by dromara.

the class MetadataDescriptorUtil method main.

/**
 * @param args
 * @throws Exception
 * @throws ConfigurationException
 * @throws FileNotFoundException
 */
public static void main(String[] args) throws Exception, ConfigurationException, FileNotFoundException {
    // 
    File file = new File("d:\\SAMLSP-00D90000000hf9n.xml");
    org.opensaml.DefaultBootstrap.bootstrap();
    EntityDescriptor entityDescriptor = MetadataDescriptorUtil.getInstance().getEntityDescriptor(file);
    // System.out.println("2 : "+entityDescriptor.getRoleDescriptors());
    // System.out.println("3 : "+idpEntityDescriptor.);
    // System.out.println("+"+ entityDescriptor.getOrganization());
    List<RoleDescriptor> listRoleDescriptor = entityDescriptor.getRoleDescriptors();
    for (RoleDescriptor roleDescriptor : listRoleDescriptor) {
        // sPSSODescriptor1=idpEntityDescriptor.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
        if (roleDescriptor instanceof IDPSSODescriptorImpl) {
            IDPSSODescriptor iDPSSODescriptor = (IDPSSODescriptorImpl) roleDescriptor;
            System.out.println("3 : " + iDPSSODescriptor.getSingleSignOnServices().get(0).getLocation());
        // System.out.println("- : "+iDPSSODescriptor.getNameIDFormats().get(0).getFormat());
        // System.out.println("- : "+iDPSSODescriptor.getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0));
        } else {
            SPSSODescriptor sPSSODescriptor = (SPSSODescriptorImpl) roleDescriptor;
            System.out.println("- : " + sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
        // System.out.println("- : "+sPSSODescriptor.getAssertionConsumerServices().get(0).getBinding());
        }
    // System.out.println("===============================================");
    }
    // //two
    InputStream in = new FileInputStream(file);
    EntityDescriptor entityDescriptor1 = MetadataDescriptorUtil.getInstance().getEntityDescriptor(in);
    SPSSODescriptor sPSSODescriptor = entityDescriptor1.getSPSSODescriptor(SAMLConstants.SAML20P_NS);
    System.out.println("ok :" + sPSSODescriptor.getAssertionConsumerServices().get(0).getLocation());
// System.out.println("ok :"+sPSSODescriptor.getAssertionConsumerServices().get(0).getBinding());
// System.out.println("ok :"+sPSSODescriptor.getNameIDFormats().get(0).getFormat());
// System.out.println("ok :"+sPSSODescriptor.getKeyDescriptors().get(0).getKeyInfo().getX509Datas().get(0));
}
Also used : SPSSODescriptorImpl(org.opensaml.saml2.metadata.impl.SPSSODescriptorImpl) EntityDescriptor(org.opensaml.saml2.metadata.EntityDescriptor) SPSSODescriptor(org.opensaml.saml2.metadata.SPSSODescriptor) IDPSSODescriptorImpl(org.opensaml.saml2.metadata.impl.IDPSSODescriptorImpl) IDPSSODescriptor(org.opensaml.saml2.metadata.IDPSSODescriptor) FileInputStream(java.io.FileInputStream) InputStream(java.io.InputStream) RoleDescriptor(org.opensaml.saml2.metadata.RoleDescriptor) File(java.io.File) FileInputStream(java.io.FileInputStream)

Aggregations

AuthChainType (com.tremolosecurity.config.xml.AuthChainType)1 AuthMechType (com.tremolosecurity.config.xml.AuthMechType)1 MechanismType (com.tremolosecurity.config.xml.MechanismType)1 ParamWithValueType (com.tremolosecurity.config.xml.ParamWithValueType)1 File (java.io.File)1 FileInputStream (java.io.FileInputStream)1 FileNotFoundException (java.io.FileNotFoundException)1 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 PrivateKey (java.security.PrivateKey)1 SecureRandom (java.security.SecureRandom)1 UnrecoverableKeyException (java.security.UnrecoverableKeyException)1 CertificateEncodingException (java.security.cert.CertificateEncodingException)1 CertificateException (java.security.cert.CertificateException)1 X509Certificate (java.security.cert.X509Certificate)1 HashMap (java.util.HashMap)1 ServletException (javax.servlet.ServletException)1 JAXBElement (javax.xml.bind.JAXBElement)1