Example 1 with KeyStoreCredentialResolver
use of org.opensaml.security.credential.impl.KeyStoreCredentialResolver in project syncope by apache.
the class SAML2SPLoader method load.
@Override
public void load() {
EntitlementsHolder.getInstance().init(SAML2SPEntitlement.values());
Pair<Properties, String> init = PropertyUtils.read(getClass(), SAML2SP_LOGIC_PROPERTIES, "conf.directory");
Properties props = init.getLeft();
String confDirectory = init.getRight();
assertNotNull(confDirectory, "<conf.directory>");
String name = props.getProperty("keystore.name");
assertNotNull(name, "<keystore.name>");
String type = props.getProperty("keystore.type");
assertNotNull(type, "<keystore.type>");
String storePass = props.getProperty("keystore.storepass");
assertNotNull(storePass, "<keystore.storepass>");
keyPass = props.getProperty("keystore.keypass");
assertNotNull(keyPass, "<keystore.keypass>");
String certAlias = props.getProperty("sp.cert.alias");
assertNotNull(certAlias, "<sp.cert.alias>");
signatureAlgorithm = props.getProperty("signature.algorithm");
LOG.debug("Attempting to load the provided keystore...");
try {
ResourceWithFallbackLoader loader = new ResourceWithFallbackLoader();
loader.setResourceLoader(ApplicationContextProvider.getApplicationContext());
loader.setPrimary(StringUtils.appendIfMissing("file:" + confDirectory, "/") + name);
loader.setFallback("classpath:" + name);
keystore = KeyStore.getInstance(type);
try (InputStream inputStream = loader.getResource().getInputStream()) {
keystore.load(inputStream, storePass.toCharArray());
LOG.debug("Keystore loaded");
}
Map<String, String> passwordMap = new HashMap<>();
passwordMap.put(certAlias, keyPass);
KeyStoreCredentialResolver resolver = new KeyStoreCredentialResolver(keystore, passwordMap);
this.credential = resolver.resolveSingle(new CriteriaSet(new EntityIdCriterion(certAlias)));
LOG.debug("SAML 2.0 Service Provider certificate loaded");
saml2rw.init();
inited = true;
} catch (Exception e) {
LOG.error("Could not initialize the SAML 2.0 Service Provider certificate", e);
inited = false;
}
domainsHolder.getDomains().keySet().forEach(domain -> {
AuthContextUtils.execWithAuthContext(domain, () -> {
idpDAO.findAll().forEach(idp -> {
try {
cache.put(idp);
} catch (Exception e) {
LOG.error("Could not cache the SAML 2.0 IdP with key ", idp.getEntityID(), e);
}
});
return null;
});
});
}
Also used :
HashMap(java.util.HashMap)
InputStream(java.io.InputStream)
ResourceWithFallbackLoader(org.apache.syncope.core.spring.ResourceWithFallbackLoader)
CriteriaSet(net.shibboleth.utilities.java.support.resolver.CriteriaSet)
EntityIdCriterion(org.opensaml.core.criterion.EntityIdCriterion)
Properties(java.util.Properties)
KeyStoreCredentialResolver(org.opensaml.security.credential.impl.KeyStoreCredentialResolver)
Aggregations
InputStream (java.io.InputStream)1
HashMap (java.util.HashMap)1
Properties (java.util.Properties)1
CriteriaSet (net.shibboleth.utilities.java.support.resolver.CriteriaSet)1
ResourceWithFallbackLoader (org.apache.syncope.core.spring.ResourceWithFallbackLoader)1
EntityIdCriterion (org.opensaml.core.criterion.EntityIdCriterion)1
KeyStoreCredentialResolver (org.opensaml.security.credential.impl.KeyStoreCredentialResolver)1
